题目需要我们理解Git Hash的本质,同时复现出整个哈希过程,从而实现对答案的爆破。
可以参考这篇文章
下面上脚本。
'''commit ff26e028a3faebd461c4cc0265d0f7b9ca049feb
Author: John J. Johnson <[email protected]>
Date: Wed Jan 27 12:45:00 2021 +0000
Proceedings of the flag-deciding committee: 22, 23, 25
commit a23b600c786b05623b765b4f0d7a3f52df63cdd5
Author: Peter G. Anderson <[email protected]>
Date: Fri Dec 18 12:30:00 2020 +0000
Proceedings of the flag-deciding committee: 7, 9, 13
commit 6c35a04d1fdb8eedbbc9821b4c23b610bd3b4488
Author: Christopher L. Hatch <[email protected]>
Date: Fri Nov 27 12:00:00 2020 +0000
Proceedings of the flag-deciding committee: 44, 45, 46
commit 8984f8eac466cbf86a6aa6b0480be53a86d8108c
Author: Pamela W. Mathews <[email protected]>
Date: Thu Oct 29 12:00:00 2020 +0000
Proceedings of the flag-deciding committee: 38, 39, 40
commit 9b5ee533d17a9c0ff87d22bf0a433a621fbd55bf
Author: Robert J. Lawful <[email protected]>
Date: Mon Oct 19 12:30:00 2020 +0000
Proceedings of the flag-deciding committee: 41, 42, 43
commit 8a951bd3e56432dd689e83034c1ee7e21ae6ee56
Author: Robert S. Storms <[email protected]>
Date: Fri Sep 11 11:45:00 2020 +0000
Proceedings of the flag-deciding committee: 1, 3, 4
commit 59c9f723bff0952f6589157f3ef8e1858d01bfdc
Author: John J. Johnson <[email protected]>
Date: Fri Aug 28 12:45:00 2020 +0000
Proceedings of the flag-deciding committee: 19, 20, 21
commit 45ec9aba969782c72d18018126c2d9aeffde28b7
Author: Peter G. Anderson <[email protected]>
Date: Wed Aug 12 12:30:00 2020 +0000
Proceedings of the flag-deciding committee: 17, 24, 37
commit 30240b427e09aa75f034527e91aaa1fbc1b243ee
Author: Christopher L. Hatch <[email protected]>
Date: Tue Jul 28 12:00:00 2020 +0000
Proceedings of the flag-deciding committee: 28, 30, 35
commit 6356e3d17ca6b7515c67cfe0a8712d1e8b57d713
Author: Pamela W. Mathews <[email protected]>
Date: Wed Jul 1 12:45:00 2020 +0000
Proceedings of the flag-deciding committee: 10, 11, 12
commit a6880ed0c8bb30263bd0a2a631eb9bf50dc72344
Author: Robert J. Lawful <[email protected]>
Date: Thu Jun 11 12:00:00 2020 +0000
Proceedings of the flag-deciding committee: 2, 5, 6
commit 9dbf985598f5ef000ba2e8856c6bec12435f0ef8
Author: Robert S. Storms <[email protected]>
Date: Tue May 12 12:30:00 2020 +0000
Proceedings of the flag-deciding committee: 14, 15, 16
commit d9af34e8a8ca6a24790d20262dafac71c3ddc980
Author: John J. Johnson <[email protected]>
Date: Fri May 1 12:00:00 2020 +0000
Proceedings of the flag-deciding committee: 26, 27, 29
commit cb18d2984f9e99e69044d18fd3786c2bf6425733
Author: Peter G. Anderson <[email protected]>
Date: Tue Apr 14 12:00:00 2020 +0000
Proceedings of the flag-deciding committee: 32, 33, 34
commit dca4ca5150b82e541e2f5c42d00493ba8d4aa84a
Author: Christopher L. Hatch <[email protected]>
Date: Mon Mar 23 12:30:00 2020 +0000
Proceedings of the flag-deciding committee: 8, 31, 36
commit c3e6c8ea777d50595a8b288cbbbd7a675c43b5df
Author: Pamela W. Mathews <[email protected]>
Date: Fri Mar 13 12:30:00 2020 +0000
Proceedings of the flag-deciding committee: 18
commit 08e1f0dd3b9d710b1eea81f6b8f76c455f634e87
Author: Robert J. Lawful <[email protected]>
Date: Wed Mar 4 12:00:00 2020 +0000
Initial formation of the flag-deciding committee.'''
import hashlib
import binascii
import time
import string
position = [[32, 33, 34],[26, 27, 29],[14, 15, 16],[2, 5, 6],
[10, 11, 12],[28, 30, 35],[17, 24, 37],[19, 20, 21],[1, 3, 4],
[41, 42, 43],[38, 39, 40],[44, 45, 46],[7, 9, 13],[22, 23, 25]]
hashes = [
'cb18d2984f9e99e69044d18fd3786c2bf6425733',
'd9af34e8a8ca6a24790d20262dafac71c3ddc980',
'9dbf985598f5ef000ba2e8856c6bec12435f0ef8',
'a6880ed0c8bb30263bd0a2a631eb9bf50dc72344',
'6356e3d17ca6b7515c67cfe0a8712d1e8b57d713',
'30240b427e09aa75f034527e91aaa1fbc1b243ee',
'45ec9aba969782c72d18018126c2d9aeffde28b7',
'59c9f723bff0952f6589157f3ef8e1858d01bfdc',
'8a951bd3e56432dd689e83034c1ee7e21ae6ee56',
'9b5ee533d17a9c0ff87d22bf0a433a621fbd55bf',
'8984f8eac466cbf86a6aa6b0480be53a86d8108c',
'6c35a04d1fdb8eedbbc9821b4c23b610bd3b4488',
'a23b600c786b05623b765b4f0d7a3f52df63cdd5',
'ff26e028a3faebd461c4cc0265d0f7b9ca049feb'
]
authors = [
'Peter G. Anderson <[email protected]>',
'John J. Johnson <[email protected]>',
'Robert S. Storms <[email protected]>',
'Robert J. Lawful <[email protected]>',
'Pamela W. Mathews <[email protected]>',
'Christopher L. Hatch <[email protected]>',
'Peter G. Anderson <[email protected]>',
'John J. Johnson <[email protected]>',
'Robert S. Storms <[email protected]>',
'Robert J. Lawful <[email protected]>',
'Pamela W. Mathews <[email protected]>',
'Christopher L. Hatch <[email protected]>',
'Peter G. Anderson <[email protected]>',
'John J. Johnson <[email protected]>'
]
committer = 'Flag-deciding Committee <[email protected]>'
times = [
'Tue Apr 14 12:00:00 2020 +0000',
'Fri May 1 12:00:00 2020 +0000',
'Tue May 12 12:30:00 2020 +0000',
'Thu Jun 11 12:00:00 2020 +0000',
'Wed Jul 1 12:45:00 2020 +0000',
'Tue Jul 28 12:00:00 2020 +0000',
'Wed Aug 12 12:30:00 2020 +0000',
'Fri Aug 28 12:45:00 2020 +0000',
'Fri Sep 11 11:45:00 2020 +0000',
'Mon Oct 19 12:30:00 2020 +0000',
'Thu Oct 29 12:00:00 2020 +0000',
'Fri Nov 27 12:00:00 2020 +0000',
'Fri Dec 18 12:30:00 2020 +0000',
'Wed Jan 27 12:45:00 2021 +0000'
]
commitdesc = [
'Proceedings of the flag-deciding committee: 32, 33, 34',
'Proceedings of the flag-deciding committee: 26, 27, 29',
'Proceedings of the flag-deciding committee: 14, 15, 16',
'Proceedings of the flag-deciding committee: 2, 5, 6',
'Proceedings of the flag-deciding committee: 10, 11, 12',
'Proceedings of the flag-deciding committee: 28, 30, 35',
'Proceedings of the flag-deciding committee: 17, 24, 37',
'Proceedings of the flag-deciding committee: 19, 20, 21',
'Proceedings of the flag-deciding committee: 1, 3, 4',
'Proceedings of the flag-deciding committee: 41, 42, 43',
'Proceedings of the flag-deciding committee: 38, 39, 40',
'Proceedings of the flag-deciding committee: 44, 45, 46',
'Proceedings of the flag-deciding committee: 7, 9, 13',
'Proceedings of the flag-deciding committee: 22, 23, 25'
]
#flag = 'union{*******3*********_************r****d**********}n'
flag = 'union{*0**1t*3*_d3*1de*_*******_d*t*rm1n*d**********}n'
strpool = string.printable
#parent = 'dca4ca5150b82e541e2f5c42d00493ba8d4aa84a'
parent = '6356e3d17ca6b7515c67cfe0a8712d1e8b57d713'
def sha_utf8(s):
return hashlib.sha1(s).hexdigest()
def make_file(s):
return 'blob 54x00'.encode('UTF-8') + s.encode('UTF-8')
def make_tree(s):
return 'tree 36x00100644 flag.txtx00'.encode('UTF-8') + binascii.unhexlify(s)
def convert_time(s):
return int(str(time.mktime(time.strptime(s, "%a %b %d %X %Y %z")))[0:-2])+28800
def make_commit(real_flag,parent_sha,real_time,real_author,real_committer,commits):
flag_sha = sha_utf8(make_file(real_flag))
#print(flag_sha)
tree_sha = sha_utf8(make_tree(flag_sha))
time_real = convert_time(real_time)
author_line = 'author {0} {1} +0000'.format(real_author,time_real)
committer_line = 'committer {0} {1} +0000'.format(real_committer,time_real)
commit_str = 'tree {0}nparent {1}n{2}n{3}nn{4}n'.format(tree_sha,parent_sha,author_line,committer_line,commits)
commit = 'commit {0}x00{1}'.format(len(commit_str),commit_str)
return commit
def modify_str(s,x,y):
l = list(s)
l[x] = y
return ''.join(l)
'''test_commit = make_commit('union{*****************_****************************}n',
'08e1f0dd3b9d710b1eea81f6b8f76c455f634e87',
'Fri Mar 13 12:30:00 2020 +0000','Pamela W. Mathews <[email protected]>',
committer,'Proceedings of the flag-deciding committee: 18')
print(test_commit)
print(sha_utf8(test_commit.encode('UTF-8')))
'''
if __name__ == '__main__':
for i in range(5,14):
pos = position[i]
nowflag = flag
ok = False
for p1 in strpool:
for p2 in strpool:
for p3 in strpool:
nowflag = modify_str(nowflag,pos[0]+5,p1)
nowflag = modify_str(nowflag,pos[1]+5,p2)
nowflag = modify_str(nowflag,pos[2]+5,p3)
if sha_utf8(make_commit(nowflag,parent,times[i],authors[i],committer,commitdesc[i]).encode('UTF-8')) == hashes[i]:
print('flag = {0}'.format(nowflag))
print('parent = {0}'.format(parent))
parent = hashes[i]
flag = nowflag
ok = True
break
#else:
#print('[BAD]:{0}'.format(nowflag))
if ok:
break
if ok:
break最终爆破出结果union{c0mm1tt33_d3c1deD_bu7_SHA_d3t3rm1n3d_6a7c2619a}
Comments NOTHING