검증 함수는 sub_405730() 이다.
import json
import re
import sys
from typing import List
def load_tables(path: str) -> dict:
"""Load the dumped JSON file and return it as a dictionary."""
with open(path, "r", encoding="utf-8") as f:
return json.load(f)
def load_ciphertext(path: str) -> bytes:
"""Read the hex string from output.txt and convert to raw bytes."""
with open(path, "r", encoding="utf-8") as f:
hexstr = f.read().strip()
# Validate even length
if len(hexstr) % 2 != 0:
raise ValueError("Ciphertext hex string must have an even number of characters")
return bytes.fromhex(hexstr)
def rc4_decrypt(key: bytes, data: bytes) -> bytes:
"""Standard RC4 stream cipher implementation (encryption/decryption)."""
s = list(range(256))
j = 0
keylen = len(key)
for i in range(256):
j = (j + s[i] + key[i % keylen]) % 256
s[i], s[j] = s[j], s[i]
# Pseudo‑random generation and XOR with data
i = 0
j = 0
out = bytearray(len(data))
for idx, byte in enumerate(data):
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
k = s[(s[i] + s[j]) % 256]
out[idx] = byte ^ k
return bytes(out)
# AES implementation below ----------------------------------------------------
def _xtime(a: int) -> int:
"""Multiply by x (i.e. {02}) in GF(2^8)."""
return ((a << 1) ^ 0x1B) & 0xFF if (a & 0x80) else (a << 1) & 0xFF
def _mul(a: int, b: int) -> int:
"""Multiply two bytes in GF(2^8) using Russian peasant multiplication."""
res = 0
for _ in range(8):
if b & 1:
res ^= a
high_bit = a & 0x80
a = (a << 1) & 0xFF
if high_bit:
a ^= 0x1B
b >>= 1
return res
class AES256:
Nb = 4 # number of columns (32‑bit words) comprising the State (Nb=4 for AES)
Nk = 8 # key length (in 32‑bit words) for AES‑256
Nr = 14 # number of rounds for AES‑256
def __init__(self, key: bytes, sbox: bytes = None, rcon: bytes = None):
if len(key) != 32:
raise ValueError("AES‑256 requires a 32‑byte key")
# Use provided S‑box/Rcon if available, else default to standard values
if sbox is not None:
self.sbox = list(sbox)
# derive inverse S‑box
self.inv_sbox = [0] * 256
for i, v in enumerate(self.sbox):
self.inv_sbox[v] = i
else:
# Standard AES S‑box
self.sbox = [
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
]
# compute inverse S-box
self.inv_sbox = [0] * 256
for i, v in enumerate(self.sbox):
self.inv_sbox[v] = i
# Rcon table: use provided one or compute standard values
if rcon is not None:
self.rcon = list(rcon)
else:
# Standard Rcon values for AES (starting at index 1)
self.rcon = [0x8d] + [1] # rcon[0] unused, rcon[1] = 0x01
# Expand rcon up to needed size
for i in range(1, 15):
self.rcon.append(_xtime(self.rcon[i]))
# Store round keys
self.w = self._key_expansion(key)
def _sub_word(self, word: List[int]) -> List[int]:
return [self.sbox[b] for b in word]
def _rot_word(self, word: List[int]) -> List[int]:
return word[1:] + word[:1]
def _key_expansion(self, key: bytes) -> List[List[int]]:
"""Generate the expanded key schedule (list of 32‑bit words)."""
key_words: List[List[int]] = []
for i in range(self.Nk):
key_words.append([key[4 * i], key[4 * i + 1], key[4 * i + 2], key[4 * i + 3]])
for i in range(self.Nk, self.Nb * (self.Nr + 1)):
temp = key_words[i - 1].copy()
if i % self.Nk == 0:
temp = self._sub_word(self._rot_word(temp))
# XOR first byte with rcon[i//Nk]; rcon indexed from 1
temp[0] ^= self.rcon[i // self.Nk]
elif i % self.Nk == 4:
# AES‑256: extra sub_word on the word after 4 words
temp = self._sub_word(temp)
# XOR with word Nk positions back
word_nk = key_words[i - self.Nk]
new_word = [t ^ w for t, w in zip(temp, word_nk)]
key_words.append(new_word)
return key_words
def _add_round_key(self, state: List[int], round_key: List[List[int]]):
"""XOR the state with the round key words."""
for c in range(self.Nb):
for r in range(4):
state[4 * c + r] ^= round_key[c][r]
def _sub_bytes(self, state: List[int]):
for i in range(len(state)):
state[i] = self.sbox[state[i]]
def _inv_sub_bytes(self, state: List[int]):
for i in range(len(state)):
state[i] = self.inv_sbox[state[i]]
def _shift_rows(self, state: List[int]):
new_state = state.copy()
for r in range(4):
for c in range(4):
new_state[4 * c + r] = state[4 * ((c + r) % 4) + r]
state[:] = new_state
def _inv_shift_rows(self, state: List[int]):
new_state = state.copy()
for r in range(4):
for c in range(4):
new_state[4 * c + r] = state[4 * ((c - r) % 4) + r]
state[:] = new_state
def _mix_columns(self, state: List[int]):
for c in range(4):
i = 4 * c
a0, a1, a2, a3 = state[i], state[i + 1], state[i + 2], state[i + 3]
# mix column: multiply by matrix [2 3 1 1; 1 2 3 1; 1 1 2 3; 3 1 1 2]
state[i] = _mul(a0, 2) ^ _mul(a1, 3) ^ a2 ^ a3
state[i + 1] = a0 ^ _mul(a1, 2) ^ _mul(a2, 3) ^ a3
state[i + 2] = a0 ^ a1 ^ _mul(a2, 2) ^ _mul(a3, 3)
state[i + 3] = _mul(a0, 3) ^ a1 ^ a2 ^ _mul(a3, 2)
def _inv_mix_columns(self, state: List[int]):
for c in range(4):
i = 4 * c
a0, a1, a2, a3 = state[i], state[i + 1], state[i + 2], state[i + 3]
# inverse mix column uses matrix [14 11 13 9; 9 14 11 13; 13 9 14 11; 11 13 9 14]
state[i] = _mul(a0, 14) ^ _mul(a1, 11) ^ _mul(a2, 13) ^ _mul(a3, 9)
state[i + 1] = _mul(a0, 9) ^ _mul(a1, 14) ^ _mul(a2, 11) ^ _mul(a3, 13)
state[i + 2] = _mul(a0, 13) ^ _mul(a1, 9) ^ _mul(a2, 14) ^ _mul(a3, 11)
state[i + 3] = _mul(a0, 11) ^ _mul(a1, 13) ^ _mul(a2, 9) ^ _mul(a3, 14)
def decrypt_block(self, block: bytes) -> bytes:
"""Decrypt a single 16‑byte block using the expanded key."""
if len(block) != 16:
raise ValueError("Block must be exactly 16 bytes")
# state stored column‑major (4 rows, 4 columns)
state = list(block)
# initial AddRoundKey with last round key
round_key_words = self.w[self.Nb * self.Nr : self.Nb * (self.Nr + 1)]
self._add_round_key(state, round_key_words)
# rounds Nr−1 down to 1
for round in range(self.Nr - 1, 0, -1):
self._inv_shift_rows(state)
self._inv_sub_bytes(state)
round_key_words = self.w[self.Nb * round : self.Nb * (round + 1)]
self._add_round_key(state, round_key_words)
self._inv_mix_columns(state)
# final round (no MixColumns)
self._inv_shift_rows(state)
self._inv_sub_bytes(state)
round_key_words = self.w[0 : self.Nb]
self._add_round_key(state, round_key_words)
return bytes(state)
def decrypt_ecb(self, data: bytes) -> bytes:
"""Decrypt data in ECB mode (no padding)."""
if len(data) % 16 != 0:
raise ValueError("ECB data length must be a multiple of 16")
res = bytearray()
for i in range(0, len(data), 16):
res.extend(self.decrypt_block(data[i : i + 16]))
return bytes(res)
def main() -> None:
# Paths are relative to the current working directory
tables = load_tables("dump_encryptor_tables.json")
cipher_bytes = load_ciphertext("output.txt")
# Assemble AES‑256 key (concatenate two 16‑byte halves)
key_half1 = bytes.fromhex(tables["xmmword_47844"]["hex"])
key_half2 = bytes.fromhex(tables["xmmword_47854"]["hex"])
aes_key = key_half1 + key_half2
# Optional: load custom S‑box and Rcon from tables if available
sbox = None
rcon = None
if "byte_47728" in tables:
sbox = bytes.fromhex(tables["byte_47728"]["hex"])
if "byte_47833" in tables:
rcon = bytes.fromhex(tables["byte_47833"]["hex"])
# Initialize AES and decrypt ciphertext
aes = AES256(aes_key, sbox=sbox, rcon=rcon)
aes_plain = aes.decrypt_ecb(cipher_bytes)
# Perform RC4 decryption using 16‑byte key
rc4_key = bytes.fromhex(tables["byte_472C0"]["hex"])
final_plain = rc4_decrypt(rc4_key, aes_plain)
# Decode using latin‑1 to preserve raw bytes in search
text = final_plain.decode('latin1', errors='ignore')
# Extract the flag pattern cce2025{...}
m = re.search(r"cce2025\\{[^}]*\\}", text)
if m:
print(m.group(0))
else:
# If no flag found, output the raw text for inspection
print(text)
if __name__ == "__main__":
main()