欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

CRC32碰撞脚本(1-5字节)

程序员文章站 2022-03-14 21:22:10
由于做ctf题经常需要crc32碰撞,老是复制运行太麻烦,改来改去的,于是就组合写了一个超级垃圾的脚本简单的:例如三字节的import binasciiimport string dic = string.printablecrc = 0x40e61be5for i in dic: for j in dic: for k in dic: s = i+j+k if hex(binascii.crc32(s.encode())...

由于做ctf题经常需要crc32碰撞,老是复制运行太麻烦,改来改去的,于是就组合写了一个超级垃圾的脚本
简单的:例如三字节的

import binascii
import string 

dic = string.printable
crc = 0x40e61be5
for i in dic:
    for j in dic:
        for k in dic:
            s = i+j+k
            if hex(binascii.crc32(s.encode())) == hex(crc):
                print (crc+'  : '+s)

然后是我写的垃圾玩意,不会优化,等学会了再改,五个字节的太久了

# coding:utf-8

"""
Author:spaceman
"""

import binascii
import string 
from time import sleep

def is_number(s):
    try:
        float(s)
        return True
    except ValueError:
        pass

    try:
        import unicodedata
        unicodedata.numeric(s)
        return True
    except (TypeError, ValueError):
        pass
 
    return False

# 进度条
def progress(percent=0, width=40):
    left = width * percent // 95
    right = width - left
    print ('\r[', '#' * left, ' ' * right, ']',f' {percent:.0f}%',sep='', end='', flush=True)

# 一位字节
def crc1(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    for i in dic:
        s = i
        if hex(binascii.crc32(s.encode())) == strs:
            rs += s
            print (strs+'  : '+s)
    return rs

# 两位字节
def crc2(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    for i in dic:
        for j in dic:
            s = i + j
            if hex(binascii.crc32(s.encode())) == strs:
                rs += s
                print (strs+'  : '+s)
    return rs

# 三位字节
def crc3(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    for i in dic:
        for j in dic:
            for k in dic:
                s = i+j+k
                if hex(binascii.crc32(s.encode())) == strs:
                    rs += s
                    print (strs+'  : '+s)
    return rs

# 四位字节
def crc4(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    it = 1
    for i in dic:
        for j in dic:
            for k in dic:
                for m in dic:
                    s = i+j+k+m
                    if hex(binascii.crc32(s.encode())) == strs:
                        rs += s
                        print ()
                        print (strs+'  : '+s)
                        print ('\n')
        progress(it)
        sleep(0.1)
        it += 1
    return rs
    

# 五位字节
def crc5(strs,dic):
    strs = hex(int(strs,16))
    rs = ''
    it = 1
    for i in dic:
        progress(it)
        for j in dic:
            for k in dic:
                for m in dic:
                    for n in dic:
                        s = i+j+k+m+n
                        if hex(binascii.crc32(s.encode())) == strs:
                            rs += s
                            print ()
                            print (strs+'  : '+s)
                            print ('\n')
        sleep(0.1)
        it += 1
    return rs

# 计算碰撞 crc 
def CrackCrc(crclist,length):
    print ()
    print ("正在计算...")
    print ()
    dic = ''' !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~''' # 碰撞需要的字符字典
    dic = dic[::-1]
    text = ''
    for i in crclist:
        if length == '1':
            text += crc1(i,dic)
        if length == '2':
            text += crc2(i,dic)
        if length == '3':
            text += crc3(i,dic)
        if length == '4':
            text += crc4(i,dic)
        if length == '5':
            text += crc5(i,dic)
    print ('\n')
    if text == '':
        print ("碰撞失败,无结果")
        exit()
    print ("字符顺序组合:",end=' ')
    print ()
    print (text)
    print ()
    input("回车确认结束程序...")

# 主函数
print ('''
##############################

###### Author:spaceman ######

### Thank you for your use ###

##############################
''')
listcrc = [] # 用于存储crc值
length = (input("请输入文本字节大小(1-5):")) # 即文本内容大小,如文本内容为flag,大小即为4
if is_number(length) == False or length not in ("1,2,3,4,5"):
    exit("非指定数字,退出")
print ()
while 1:
    crc = input('请输入crc值(例如:d1f4eb9a,输入n完成输入):')
    if crc == 'n':
        break
    crc = '0x'+crc
    if len(crc) != 10:
        print ("rcr长度不对,请重新输入")
        continue
    listcrc.append(crc)

CrackCrc(listcrc,length)

本文地址:https://blog.csdn.net/WFC1006848997/article/details/110295708

相关标签: python CTF