@@ -58,6 +58,114 @@ excerpt: 通过自定义AES换S盒加密登录验证、利用`/log`泄露libc和
5858
5959## EXPLOIT
6060
61+ ``` python aes.py
62+ from pwn import u64
63+ # ========================================================
64+ # 纯 Python 实现 AES-128 加密 (支持自定义 S-box)
65+ # ========================================================
66+
67+ # 默认 AES S-box,可自行修改实现「换表 AES」
68+ S_BOX = [
69+ 0x 290x 400x 570x 6e0x 850x 9c0x b30x ca0x e10x f80x f0x 260x 3d0x 540x 6b0x 82
70+ 0x 990x b00x c70x de0x f50x c0x 230x 3a0x 510x 680x 7f0x 960x ad0x c40x db0x f2
71+ 0x 90x 200x 370x 4e0x 650x 7c0x 930x aa0x c10x d80x ef0x 60x 1d0x 340x 4b0x 62
72+ 0x 790x 900x a70x be0x d50x ec0x 30x 1a0x 310x 480x 5f0x 760x 8d0x a40x bb0x d2
73+ 0x e90x 00x 170x 2e0x 450x 5c0x 730x 8a0x a10x b80x cf0x e60x fd0x 140x 2b0x 42
74+ 0x 590x 700x 870x 9e0x b50x cc0x e30x fa0x 110x 280x 3f0x 560x 6d0x 840x 9b0x b2
75+ 0x c90x e00x f70x e0x 250x 3c0x 530x 6a0x 810x 980x af0x c60x dd0x f40x b0x 22
76+ 0x 390x 500x 670x 7e0x 950x ac0x c30x da0x f10x 80x 1f0x 360x 4d0x 640x 7b0x 92
77+ 0x a90x c00x d70x ee0x 50x 1c0x 330x 4a0x 610x 780x 8f0x a60x bd0x d40x eb0x 2
78+ 0x 190x 300x 470x 5e0x 750x 8c0x a30x ba0x d10x e80x ff0x 160x 2d0x 440x 5b0x 72
79+ 0x 890x a00x b70x ce0x e50x fc0x 130x 2a0x 410x 580x 6f0x 860x 9d0x b40x cb0x e2
80+ 0x f90x 100x 270x 3e0x 550x 6c0x 830x 9a0x b10x c80x df0x f60x d0x 240x 3b0x 52
81+ 0x 690x 800x 970x ae0x c50x dc0x f30x a0x 210x 380x 4f0x 660x 7d0x 940x ab0x c2
82+ 0x d90x f00x 70x 1e0x 350x 4c0x 630x 7a0x 910x a80x bf0x d60x ed0x 40x 1b0x 32
83+ 0x 490x 600x 770x 8e0x a50x bc0x d30x ea0x 10x 180x 2f0x 460x 5d0x 740x 8b0x a2
84+ 0x b90x d00x e70x fe0x 150x 2c0x 430x 5a0x 710x 880x 9f0x b60x cd0x e40x fb0x 12
85+ ]
86+
87+ R_CON = [
88+ 0x 000x 010x 020x 040x 080x 100x 200x 400x 800x 1B0x 36
89+ ]
90+
91+
92+ def sub_bytes (state ):
93+ return [S_BOX [b] for b in state]
94+
95+
96+ def shift_rows (s ):
97+ return [
98+ s[0 ], s[5 ], s[10 ], s[15 ],
99+ s[4 ], s[9 ], s[14 ], s[3 ],
100+ s[8 ], s[13 ], s[2 ], s[7 ],
101+ s[12 ], s[1 ], s[6 ], s[11 ]
102+ ]
103+
104+
105+ def xtime (a ):
106+ return ((a << 1 ) ^ 0x 1B& 0x FFif a & 0x 80else (a << 1 )
107+
108+
109+ def mix_single_column (a ):
110+ t = a[0 ] ^ a[1 ] ^ a[2 ] ^ a[3 ]
111+ u = a[0 ]
112+ a[0 ] ^= t ^ xtime(a[0 ] ^ a[1 ])
113+ a[1 ] ^= t ^ xtime(a[1 ] ^ a[2 ])
114+ a[2 ] ^= t ^ xtime(a[2 ] ^ a[3 ])
115+ a[3 ] ^= t ^ xtime(a[3 ] ^ u)
116+ return a
117+
118+
119+ def mix_columns (s ):
120+ for i in range (4 ):
121+ col = s[i * 4 :(i + 1 ) * 4 ]
122+ s[i * 4 :(i + 1 ) * 4 ] = mix_single_column(col)
123+ return s
124+
125+
126+ def add_round_key (s , k ):
127+ return [a ^ b for a, b in zip (s, k)]
128+
129+
130+ def key_expansion (key ):
131+ key_symbols = list (key)
132+ assert len (key_symbols) == 16
133+ expanded = key_symbols[:]
134+ for i in range (4 , 44 ):
135+ t = expanded[(i - 1 ) * 4 :i * 4 ]
136+ if i % 4 == 0 :
137+ t = t[1 :] + t[:1 ]
138+ t = [S_BOX [b] for b in t]
139+ t[0 ] ^= R_CON [i // 4 ]
140+ for j in range (4 ):
141+ expanded.append(expanded[(i - 4 ) * 4 + j] ^ t[j])
142+ return expanded
143+
144+
145+ def aes_encrypt_block (block , key ):
146+ state = list (block)
147+ w = key_expansion(key)
148+ state = add_round_key(state, w[:16 ])
149+ for round in range (1 , 10 ):
150+ state = sub_bytes(state)
151+ state = shift_rows(state)
152+ state = mix_columns(state)
153+ state = add_round_key(state, w[round * 16 :(round + 1 ) * 16 ])
154+ state = sub_bytes(state)
155+ state = shift_rows(state)
156+ state = add_round_key(state, w[160 :176 ])
157+ return bytes (state)
158+
159+
160+ # ====== 示例 ======
161+ if __name__ == " __main__"
162+ key = b " 0123456789ABCDEF"
163+ plaintext = b " A" * 16
164+ ciphertext = aes_encrypt_block(plaintext, key)
165+ print (" Plain :"
166+ print (" Cipher:" hex (u64(ciphertext[:8 ])), hex (u64(ciphertext[8 :])))
167+ ```
168+
61169``` python
62170from pwn import *
63171from aes import aes_encrypt_block
0 commit comments