(Written by okas832)
Encrypt input with wasm binary.
By analyzing with breakpoint on call_indirect
s, it encrypts the input with 5 block/stream cipher in random order.
List of ciphers.
- camellia with key [17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255, 0]
- AES-CBC with key [167, 65, 190, 20, 49, 221, 130, 73, 99, 87, 186, 241, 49, 174, 207, 213], iv [201, 25, 40, 200, 79, 198, 27, 232, 93, 121, 207, 131, 253, 149, 193, 133]
- Triple DES with key (b"HELPME!\x00", b"THANKS!\x00", [16, 32, 48, 64, 80, 96, 112, 128])
- SEED with key [255, 4, 40, 97, 33, 234, 27, 232, 109, 113, 204, 177, 253, 167, 67, 130]
- rc4 with key [71, 6, 72, 8, 81, 230, 27, 232, 93, 116, 191, 179, 253, 149, 97, 133]
import camellia
from Crypto.Cipher import AES
from Crypto.Cipher import DES3
from seed128 import decrypt as seed_decrypt
from arc4 import ARC4
from base64 import b64decode
import itertools
def camellia_dec(ipt):
camellia_key = bytes([17, 34, 51, 68, 85, 102, 119, 136, 153, 170, 187, 204, 221, 238, 255, 0])
cipher = camellia.CamelliaCipher(key=camellia_key, mode=camellia.MODE_ECB)
return cipher.decrypt(ipt)
def aes_dec(ipt):
aes_key = bytes([167, 65, 190, 20, 49, 221, 130, 73, 99, 87, 186, 241, 49, 174, 207, 213])
aes_iv = bytes([201, 25, 40, 200, 79, 198, 27, 232, 93, 121, 207, 131, 253, 149, 193, 133])
cipher = AES.new(aes_key, AES.MODE_CBC, iv = aes_iv)
return cipher.decrypt(ipt)
def des_dec(ipt):
des_key = bytes([72, 69, 76, 80, 77, 69, 33, 0, 84, 72, 65, 78, 75, 83, 33, 0, 16, 32, 48, 64, 80, 96, 112, 128])
cipher = DES3.new(des_key, DES3.MODE_ECB)
return cipher.decrypt(ipt)
def seed_dec(ipt):
seed_key = bytes([255, 4, 40, 97, 33, 234, 27, 232, 109, 113, 204, 177, 253, 167, 67, 130])
return seed_decrypt(seed_key, ipt)
def rc4_dec(ipt):
rc4_key = bytes([71, 6, 72, 8, 81, 230, 27, 232, 93, 116, 191, 179, 253, 149, 97, 133])
arc4 = ARC4(rc4_key)
return arc4.encrypt(ipt)
func_lst = [camellia_dec, aes_dec, des_dec, seed_dec, rc4_dec]
for pf in itertools.permutations(func_lst):
enc = b64decode(b"N9Nb2sPYFl6sEbVORzuK1kUXMvs+/LbyrTpJaxQj3fdDhXyKN8mBELPRTX5904o9")
for f in pf:
enc = f(enc)
if enc.startswith(b"LINECTF{"):
print(enc.replace(b"\x00", b""))