XOR

from struct import pack, unpack

def Y(n):
    return pow(n * 0xdeadbeef, n * 0xcafebabe, 2 ** 32)

def encrypt(block):
    a, b, c, d = unpack("<4I", block)
    for i in range(32):
        a, b, c, d = b ^ Y(a | Y(c ^ Y(d)) ^ Y(a | c) ^ d), c ^ Y(a ^ Y(d) ^ (a | d)), d ^ Y(a | Y(a) ^ a), a ^ 1234
        a, b, c, d = c ^ Y(d | Y(b ^ Y(a)) ^ Y(d | b) ^ a), b ^ Y(d ^ Y(a) ^ (d | a)), a ^ Y(d | Y(d) ^ d), d ^ 2345
    return pack("<4I", a, b, c, d)

flag = 'HackCTF{This_Is_Fake}'

while len(flag) % 16:
    flag += "#"

ct = "".join(encrypt(flag[i:i+16]) for i in range(0, len(flag), 16))
open("flag_enc", "w").write(ct)

그냥 역과정을 계산해주면 된다. 확실히 크립토는 손으로 풀어야 한다.

Exploit Code

from struct import pack, unpack

def Y(n):
    return pow(n * 0xdeadbeef, n * 0xcafebabe, 2 ** 32)

def decrypt(block):
    a_2, b_2, c_2, d_2 = unpack("<4I", block)
    for i in range(32):
        d_1 = d_2 ^ 2345
        a_1 = c_2 ^ Y(d_1 | Y(d_1) ^ d_1)
        b_1 = b_2 ^ Y(d_1 ^ Y(a_1) ^ (d_1 | a_1))
        c_1 = a_2 ^ Y(d_1 | Y(b_1 ^ Y(a_1)) ^ Y(d_1 | b_1) ^ a_1)

        a = d_1 ^ 1234
        d = c_1 ^ Y(a | Y(a) ^ a)
        c = b_1 ^ Y(a ^ Y(d) ^ (a | d))
        b = a_1 ^ Y(a | Y(c ^ Y(d)) ^ Y(a | c) ^ d)
        a_2, b_2, c_2, d_2 = a, b, c, d
    return pack("<4I", a, b, c, d)

flag_enc = '\xa8\xdf\x08\x3e\x42\x25\xd2\xa0\x09\x07\x4e\x4a\x8b\x21\x25\x02'
flag_enc += '\x30\x26\x02\x1e\x31\x92\x1d\x48\x72\x4c\xa6\x12\xb1\xd8\xfe\x6c'
flag_enc += '\x04\x81\xca\x6e\x0a\x60\x71\x01\x53\xcf\x7c\xfe\x83\xc1\x82\xf0'


flag = "".join(decrypt(flag_enc[i:i+16]) for i in range(0, len(flag_enc), 16))
print flag

---