FeatherDuster> Help: analyze - Analyze/decode samples autopwn - Analyze samples and run all attacks console - Opens an interactive prompt export - Export current results to file import - Import samples for analysis modules - Show all available modules options - Show the current option values results - Show the results from the last module run run - Run the currently selected module samples - Show samples search - Search module names and descriptions by keyword set - Set an option (i.e., "set num_answers=3" unset - Revert an option to its default value use - Select the module to use
[+] Suggested modules: alpha_shift - A brute force attack against an alphabetic shift cipher. base_n_solver - A solver for silly base-N encoding obfuscation. single_byte_xor - A brute force attack against single-byte XOR encrypted ciphertext. multi_byte_xor - A brute force attack against multi-byte XOR encrypted ciphertext. many_time_pad - A statistical attack against keystream reuse in various stream ciphers, and the one-time pad. vigenere - A module to break vigenere ciphers using index of coincidence for key length detection and frequency analysis.
根据分析的结果,载入指定的模块,进行破解
1 2 3 4
# use 命令可以载入指定模块,用 tab 键可以自动补全,这里是载入 many_time_pad use many_time_pad # 如果不记得模块的名称,可以使用 search 指令按名称或描述搜索 search your_keyword
使用上述指定的模块进行破解
run
查看结果
1 2 3 4
# 查看结果 results # 导出结果到文件,输入后根据提示输入文件名 export
破解后的结果是这样的,但是这道题目的 flag 其实是 Many Time Pad 加密的 key,因此还需要手动处理一下。现在已经知道了密文对应的明文,只需要选择一行对密文和明文异或一下就能得到 key。
1 2 3 4 5 6 7 8 9 10 11 12 13 14
FeatherDuster> results Last results (long values may be truncated): -------------------------------------------------------------------------------- 0: 'Edvc Fri1nr, Tnie tome I u' 1: 'oercstoo0 {y mosbakc and u' 2: 'rds1One i{e pgd6eneryptio' 3: 'o!drhemex _ hegrr tnat it ' 4: 'hr7ehe o:lo eneroptoon met' 5: 'ins1thattie marhsmarically' 6: '!qe~ven o6be hob ctacked ' 7: 'dwrc if hs ke\x7f \x7fs mept se' 8: 'btet, Le [e khoa i` you a' 9: 'fsrt wit< {e ti cse&this e' 10: 'obehptio: echeke6alqays.'
使用异或还原出 Many Time Pad 的 key
1 2 3 4 5
# XORs two string defstr_xor(a, b): returnb''.join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)])