EasyLFSR
先再一次异或复原到二进制字符串。
f=open("cipher.bin","rb")
byte=f.read()
f.close()
t=open("plain.txt","r")
plain=t.read()
t.close()
lens = len(plain)
s=''
put = open("out","w")
print(len(byte))
print(len(plain))
for i in range(lens):
s+='{:08b}'.format(ord(byte[i])^ord(plain[i]))
put.write(s)
然后因为output长度已经大于N两倍了,所以可以使用使用BM算法求出mask
N = 256
F = GF(2)
with open('out.txt') as f:
output = f.read()
output = list(map(int, output))
R = [vector(F, N) for i in range(N)]
for i in range(N):
for j in range(N):
R[i][j] = output[i+j]
M = Matrix(F, R)
vec = [vector(F, 1) for i in range(N)]
for i in range(N):
vec[i][0] = output[256+i]
N = Matrix(F, vec)
MM = M.inverse() * N
res = []
for i in range(256):
res.append(MM[i][0])
print(int("0b" + "".join(map(str,res[::-1])), 2))
然后通过output前256位逆推可以求出key,即flag的主体部分。
import hashlib
mask2 =
'1010110000011000110111111101111010100110100000010111010100011111011001100001100
10101110001110100001111011100011110000011110010001000000010111110000000010010100
11011100100001101100110110100001111101000010111011110000001001011011001000001111
00011100010010011'
out2 =
'1101001100101110000010001101001011110100111111001000000110011010110000100100010
00011111111110111011011101001101010100101011001111101100100000101111100111011100
11110000000100110111011011001011111101100010110011000101110001011001110101110110
01010010101010110'
r2 = ''
list2=[]
for i in range(256):
if mask2[i] == '1':
list2.append(1)
else:
list2.append(0)
for i in range(256):
output2 = '?' + out2[:255]
ans=int(out2[-1])
for j in range(1,256):
if list2[j] == 1:
ans^=int(output2[j])
r2 = str(ans) + r2
out2 = str(ans) + out2[:255]
flag2 = hex(int(r2,2))
print(flag2)
nFLAG = "l3hctf{"+hashlib.sha256(flag2[2:].rstrip('L')).hexdigest()+"}"
print(nFLAG)