| 描述: |
import os, random, hashlib
from itertools import cycle
pt = [i%230 for i in os.urandom(500000)]
klen = random.randint(1000,10000)
key = random.getrandbits(klen*8).to_bytes(klen, 'big')
open('ct', 'wb').write(bytes(c^i for c,i in zip(pt, cycle(key))))
flag = "greyhats{%s}"%hashlib.sha256(key).hexdigest()
print(flag)
JuliaPoo
Hint: Gotten the key length but there's too many possibilities? That's great! Now you can ignore the non-uniform distribution of the plaintext and focus entirely on exploiting python's random module.
Mini technicality: Please assume that klen and key are generated independently. This is because the challenge file was generated 2 years ago and I can no longer guarantee that they are generated with the same random internal state given that I have the memory of a goldfish. Regardless, the intended solution doesn't require klen to be generated with the same random internal state. |
