试图用AES解密文件，但会出错：填充不正确

发布于 2025-02-09 16:04:45 字数 2158 浏览 0 评论 0原文

我得到了此代码，该代码将加密字符串“标志”。

from Crypto.Util.number import getPrime
from Crypto.Util.Padding import pad, unpad
from Crypto.Cipher import AES
import hashlib

prime = getPrime(1024)
privkey = random.randint(2, prime - 1)
key = pow(2, privkey, prime)

sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
pt = cipher.encrypt(pad(flag, 16)).hex()
        
print(f"[+] This encrypted flag : {pt}")

我被告知要解密加密的字符串以获取原始字符串。我被赋予了加密标志和键的值，以及十六进制中的Prime和Prime键（Privkey）的值。我试图使用这些值这样的标志这样：

flag = "8fceb2a29cc2d7abd8ecfc8da5dc1eea6f67f7a0b047749d66ef8886bb33c720dfc5dd4e508bd1e4a811c62b83f98e65"

prime = int("0xf9aecd571c9afadaceae0004000c64fceb6720f717756dab1f12b2ed7fd211a13024735efeb80a8f7982a0787d4a2eb866b18b8e7d62f2b92f6bd0d7ca52b2cd18e7b508d1af3c69eee907ab9bde2cca7f6cea613954d98a3f8e0c52761937636afb2b6776ac7f4ac02af12e72f4f4905dbeac3e4e856c8542bbda24106161d9", 16)

privkey = int("0x3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001", 16)

key= 101752188851588702786663864886064578902654651951985866839003796634186954471878272123772894282171928731095228234190527287304860559135921159182420718259970442394992811637314757293507073993913485850566751318782466533493182193918336800513466736844109978537994535285068729297204514757610248021028835645897421370304

sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
ct = unpad(cipher.decrypt(bytes.fromhex(flag)), 16)

print(f"[+] This decrypted flag : {ct}")

但这似乎不起作用，因为我一直在变得

valueerror：填充不正确。

我在哪一部分错误？

编辑： privkey的描述：

原文

I am given this code that encrypts a string "flag".

from Crypto.Util.number import getPrime
from Crypto.Util.Padding import pad, unpad
from Crypto.Cipher import AES
import hashlib

prime = getPrime(1024)
privkey = random.randint(2, prime - 1)
key = pow(2, privkey, prime)

sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
pt = cipher.encrypt(pad(flag, 16)).hex()
        
print(f"[+] This encrypted flag : {pt}")

And I am told to decrypt the encrypted string to get the original string. I am given the values for the encrypted flag and key plus the values for prime and private key (privkey) in hexadecimal. I tried to use those values to decrypt the flag like so:

flag = "8fceb2a29cc2d7abd8ecfc8da5dc1eea6f67f7a0b047749d66ef8886bb33c720dfc5dd4e508bd1e4a811c62b83f98e65"

prime = int("0xf9aecd571c9afadaceae0004000c64fceb6720f717756dab1f12b2ed7fd211a13024735efeb80a8f7982a0787d4a2eb866b18b8e7d62f2b92f6bd0d7ca52b2cd18e7b508d1af3c69eee907ab9bde2cca7f6cea613954d98a3f8e0c52761937636afb2b6776ac7f4ac02af12e72f4f4905dbeac3e4e856c8542bbda24106161d9", 16)

privkey = int("0x3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001", 16)

key= 101752188851588702786663864886064578902654651951985866839003796634186954471878272123772894282171928731095228234190527287304860559135921159182420718259970442394992811637314757293507073993913485850566751318782466533493182193918336800513466736844109978537994535285068729297204514757610248021028835645897421370304

sk = pow(key, privkey, prime)
aes_key = hashlib.md5(str(sk).encode()).digest()
cipher = AES.new(aes_key, AES.MODE_ECB)
ct = unpad(cipher.decrypt(bytes.fromhex(flag)), 16)

print(f"[+] This decrypted flag : {ct}")

But this doesn't seem to work since I keep getting

ValueError: Padding is incorrect.

Which part am I doing incorrectly?

Edit: Description of privkey:

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

魂归处 2025-02-16 16:04:45

问题不是解密代码，而是不完整的密钥privkey。

屏幕截图中的密钥的描述与 privkey泄露以及两个尾随下划线以及这是黑客马拉松的挑战的信息，使我怀疑钥匙是不完整的，需要补充两个十六进制的数字，全部键要确定。

如果将一个字节添加到循环中从0到255的密钥的末端添加一个字节，并且PKCS＃7填充被用作成功解密的标准，则可以确认此假设。如果完成此操作，则结果是明文：

CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}

privkey：

3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001d6

IE 0xD6作为最终字节

完整代码：

from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES
import hashlib

prime = int("0xf9aecd571c9afadaceae0004000c64fceb6720f717756dab1f12b2ed7fd211a13024735efeb80a8f7982a0787d4a2eb866b18b8e7d62f2b92f6bd0d7ca52b2cd18e7b508d1af3c69eee907ab9bde2cca7f6cea613954d98a3f8e0c52761937636afb2b6776ac7f4ac02af12e72f4f4905dbeac3e4e856c8542bbda24106161d9", 16)
privkey = int("0x3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca1108000100", 16)
key= 101752188851588702786663864886064578902654651951985866839003796634186954471878272123772894282171928731095228234190527287304860559135921159182420718259970442394992811637314757293507073993913485850566751318782466533493182193918336800513466736844109978537994535285068729297204514757610248021028835645897421370304
ct = "8fceb2a29cc2d7abd8ecfc8da5dc1eea6f67f7a0b047749d66ef8886bb33c720dfc5dd4e508bd1e4a811c62b83f98e65"

for val in range(255):

    sk = pow(key, privkey, prime)
    aes_key = hashlib.md5(str(sk).encode()).digest()
    cipher = AES.new(aes_key, AES.MODE_ECB)
    try: 
        ptPadded = cipher.decrypt(bytes.fromhex(ct)) 
        pt = unpad(ptPadded, 16)
        print(f"[+] This decrypted flag (padded)      : {ptPadded}")
        print(f"[+] This decrypted flag (unpadded)    : {pt}")
        print(f"[+] This decrypted flag (UTF8 decoded): {pt.decode('utf8')}")
        print(f"[+] privkey (hex)                     : {(privkey).to_bytes(128, byteorder='big').hex()}")
    except:
        pass
    
    privkey += 1

输出：

[+] This decrypted flag (padded)      : b'CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}\n\x06\x06\x06\x06\x06\x06'
[+] This decrypted flag (unpadded)    : b'CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}\n'
[+] This decrypted flag (UTF8 decoded): CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}

[+] privkey (hex)                     : 3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001d6

The problem is not the decryption code, but an incomplete key privkey.

The description of the key in the screenshot as privkey leaked together with the two trailing underscores and the information that this is a challenge from a hackathon made me suspect that the key is incomplete, needs to be supplemented by two hex digits, and the full key is to be determined.

This assumption is confirmed if a byte is added to the end of the key whose value runs in a loop from 0 to 255, and PKCS#7 padding is used as criterion for a successful decryption. If this is done, the result is the plaintext:

CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}

and the privkey:

3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001d6

i.e. 0xd6 as final byte

Full code:

from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES
import hashlib

prime = int("0xf9aecd571c9afadaceae0004000c64fceb6720f717756dab1f12b2ed7fd211a13024735efeb80a8f7982a0787d4a2eb866b18b8e7d62f2b92f6bd0d7ca52b2cd18e7b508d1af3c69eee907ab9bde2cca7f6cea613954d98a3f8e0c52761937636afb2b6776ac7f4ac02af12e72f4f4905dbeac3e4e856c8542bbda24106161d9", 16)
privkey = int("0x3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca1108000100", 16)
key= 101752188851588702786663864886064578902654651951985866839003796634186954471878272123772894282171928731095228234190527287304860559135921159182420718259970442394992811637314757293507073993913485850566751318782466533493182193918336800513466736844109978537994535285068729297204514757610248021028835645897421370304
ct = "8fceb2a29cc2d7abd8ecfc8da5dc1eea6f67f7a0b047749d66ef8886bb33c720dfc5dd4e508bd1e4a811c62b83f98e65"

for val in range(255):

    sk = pow(key, privkey, prime)
    aes_key = hashlib.md5(str(sk).encode()).digest()
    cipher = AES.new(aes_key, AES.MODE_ECB)
    try: 
        ptPadded = cipher.decrypt(bytes.fromhex(ct)) 
        pt = unpad(ptPadded, 16)
        print(f"[+] This decrypted flag (padded)      : {ptPadded}")
        print(f"[+] This decrypted flag (unpadded)    : {pt}")
        print(f"[+] This decrypted flag (UTF8 decoded): {pt.decode('utf8')}")
        print(f"[+] privkey (hex)                     : {(privkey).to_bytes(128, byteorder='big').hex()}")
    except:
        pass
    
    privkey += 1

Output:

[+] This decrypted flag (padded)      : b'CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}\n\x06\x06\x06\x06\x06\x06'
[+] This decrypted flag (unpadded)    : b'CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}\n'
[+] This decrypted flag (UTF8 decoded): CDDC22{D1ffi3_H3llm4n_k3y_3xch@ng3_D0ne!}

[+] privkey (hex)                     : 3e1591ea4e4eef19c99626ab1d15d442becbbd2b7d7a4150ee8f1af3f0adf9df47a53823ddfe83c6a7fa4b1b5dfa319021b26dec15c385d3869c7a7ce039b8519318563602d846ea242550bbac73dfc20a27c19b119820e45589cc6f54e9bafc50befbe222aa2738a35f5fca17ca7eec71ce24449ed21fd46b92ca11080001d6

回复收藏 0 原文

~没有更多了~