About-ciscn2024

PH Gao2024-05-192024-06-06

Misc

火锅链观光打卡

安装MetaMost拓展后连上题目的网站然后答对7到题就会出现一张旋转的图片，上面有flag

Power_Trajectory_Diagram

分析npz文件，将数据发给gpt，让gpt写出DPA功耗攻击代码：


import numpy as np
import matplotlib.pyplot as plt
from scipy.stats import pearsonr

# 加载npz文件
data = np.load('power_traces.npz')

# 提取数据
index = data['index']
input_data = data['input']
trace = data['trace']

# 设定密码长度
password_length = 13

# 按index分组
grouped_traces = {}
grouped_inputs = {}

for i in range(len(index)):
    idx = index[i]
    if idx not in grouped_traces:
        grouped_traces[idx] = []
        grouped_inputs[idx] = []
    grouped_traces[idx].append(trace[i])
    grouped_inputs[idx].append(input_data[i])

# 初始化存储推测结果的字典
hypothetical_keys = {}
for idx in range(password_length):
    hypothetical_keys[idx] = []

# 定义一个简单的DPA分析函数
def dpa_analysis(grouped_traces, grouped_inputs):
    for idx in range(password_length):
        traces = np.array(grouped_traces[idx])
        inputs = np.array(grouped_inputs[idx])

        max_corr = -1
        best_guess = None
        
        # 针对每个可能的字符进行假设
        for guess in set(inputs):
            # 假设密钥猜测
            hypothetical = np.array([1 if char == guess else 0 for char in inputs])
            
            # 计算假设的中间值
            mean_hypothetical = hypothetical.mean()
            diff = hypothetical - mean_hypothetical
            
            # 计算每个时间点上的功耗与假设的相关性
            for t in range(traces.shape[1]):
                corr, _ = pearsonr(traces[:, t], diff)
                if abs(corr) > max_corr:
                    max_corr = abs(corr)
                    best_guess = guess
        
        hypothetical_keys[idx].append(best_guess)
        print(f"Best guess for position {idx}: {best_guess}")

# 运行DPA分析
dpa_analysis(grouped_traces, grouped_inputs)![alt text](image-16.png)

# 打印最终推测的密码
cracked_password = ''.join([hypothetical_keys[idx][0] for idx in range(password_length)])
print("Cracked password:", cracked_password)

# 可视化部分密码位的平均功耗轨迹
plt.figure(figsize=(12, 6))
for idx in range(password_length):
    plt.plot(np.mean(grouped_traces[idx], axis=0), label=f'Position {idx}')
plt.legend()
plt.title('Average Power Traces for Different Password Positions')
plt.xlabel('Time')
plt.ylabel('Power Consumption')
plt.show()

神秘文件

part1

Part1:flag{e

part2

part2:675efb

part3

得到vba代码：

Sub crypto(sMessage, strKey)
    Dim kLen, x, y, i, j, temp
    Dim s(256), k(256)
 
    kLen = Len(strKey)
    For i = 0 To 255
        s(i) = i
        k(i) = Asc(Mid(strKey, (i Mod kLen) + 1, 1))
    Next
 
    j = 0
    For i = 0 To 255
        j = (j + k(i) + s(i)) Mod 256
        temp = s(i)
        s(i) = s(j)
        s(j) = temp
    Next
 
    x = 0
    y = 0
 
    For i = 1 To 3072
        x = (x + 1) Mod 256
        y = (y + s(x)) Mod 256
        temp = s(x)
        s(x) = s(y)
        s(y) = temp
    Next
 
    For i = 1 To Len(sMessage)
        x = (x + 1) Mod 256
        y = (y + s(x)) Mod 256
        temp = s(x)
        s(x) = s(y)
        s(y) = temp
 
        crypto = crypto & (s((s(x) + s(y)) Mod 256) Xor Asc(Mid(sMessage, i, 1))) & ","
    Next
    'i13POMdzEAzHfy4dGS+vUA==(After base64)
End Sub