题目信息
解题思路
三个关键点:
密文:UUyFTj8PCzF6geFn6xgBOYSvVTrbpNU4OF9db9wMcPD1yDbaJw==
Key:welcometoicqedu
提示:使用 RC4 算法
在第一次尝试用普通 RC4 解密时,得到的是乱码或不可读数据或无法解码。
CTF 常用“随机 salt + hash key + RC4/Stream cipher + Base64”模式
看到密文是 Base64,并且普通 RC4 失败 → 很可能有 salt 或 key 派生
[Python] 纯文本查看 复制代码 # -*- coding: utf-8 -*-
import base64
from hashlib import sha1
def rc4(data: bytes, key: bytes) -> bytes:
"""RC4 algorithm, works with bytes"""
S = list(range(256))
j = 0
# KSA
for i in range(256):
j = (j + S[i] + key[i % len(key)]) % 256
S[i], S[j] = S[j], S[i]
# PRGA
i = j = 0
out = bytearray()
for byte in data:
i = (i + 1) % 256
j = (j + S[i]) % 256
S[i], S[j] = S[j], S[i]
K = S[(S[i] + S[j]) % 256]
out.append(byte ^ K)
return bytes(out)
def tdecode(data: str, key: str, salt_length: int = 16) -> bytes:
"""
RC4 decryption for data encrypted with random salt + Base64
"""
# Base64 decode
data_bytes = base64.b64decode(data)
# Extract salt
salt = data_bytes[:salt_length]
# RC4 key: sha1(key + salt)
rc4_key = sha1(key.encode('utf-8') + salt).digest()
# Decrypt
plaintext = rc4(data_bytes[salt_length:], rc4_key)
return plaintext
if __name__ == "__main__":
# 待解密 Base64 密文
cipher_b64 = "UUyFTj8PCzF6geFn6xgBOYSvVTrbpNU4OF9db9wMcPD1yDbaJw=="
# 密钥
key = "welcometoicqedu"
# 解密
plaintext = tdecode(cipher_b64, key)
print("明文(HEX):", plaintext.hex())
try:
print("明文(ASCII):", plaintext.decode('utf-8'))
except UnicodeDecodeError:
print("明文无法直接用 UTF-8 显示,可能是二进制数据")
| 
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜