re2

逻辑不复杂，但是这个加密逻辑没见过
题目提示SIMD
不认识，让ai一把梭

from Crypto.Util.strxor import strxor  
import numpy as np  
  
ciphertext = b"cge87k?9<>?@=pss393=>;8@:Cp@DAuH"  
  
shuffle_mask = np.array([  
    0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08,  
    0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00  
], dtype=np.uint8)  
  
add_mask = np.array([  
    0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,  
    0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10  
], dtype=np.uint8)  
  
def decrypt_block(block: bytes) -> bytes:  
    block_array = np.frombuffer(block, dtype=np.uint8).astype(np.int16)  
    add_array = add_mask.astype(np.int16)  
    subtracted = (block_array - add_array) % 256  
    shuffled_back = subtracted[shuffle_mask]  
    return bytes(shuffled_back.astype(np.uint8))  
  
block1 = ciphertext[:16]  
block2 = ciphertext[16:]  
  
plain1 = decrypt_block(block1)  
plain2 = decrypt_block(block2)  
  
flag = plain1 + plain2  
print(f"flag{{{flag.decode()}}}")

re1

伪随机异或算法

  
C = bytes([  
    0x00, 0xA1, 0xFB, 0x53, 0x1C, 0xFA, 0xF0, 0x1B, 0x06, 0x40,  
    0xD4, 0x8C, 0x16, 0xF4, 0x90, 0x27, 0x42, 0xB9, 0x8B, 0x0F,  
    0x02, 0xD7, 0x31, 0xB7, 0x26, 0x12, 0x06, 0x7E, 0xAE, 0xDF,  
    0xDA, 0x68, 0xAF, 0x35, 0xCC, 0xB7, 0xB0, 0xD0, 0x9A, 0x59,  
    0x2B, 0x0B  
])  
  
def gen_masks(seed: int, length: int) -> list[int]:  
    """  
    Given a 16-bit seed and desired length, generate the per-byte masks    exactly as the original obfuscator did.    """    masks = []  
    v29 = seed & 0xFFFF  
    for _ in range(length):  
        hi = ((v29 >> 2) ^ (v29 >> 3) ^ (v29 >> 1)) & 0xFFFF  
        v33 = ((hi << 16) | v29) & 0xFFFFFFFF  
        v29 = v33 >> 1  
        lo = v33 & 0xFF  
        # rol8(lo, 4)  
        v34 = ((lo << 4) | (lo >> 4)) & 0xFF  
        v35 = (4 * (v34 & 0x33)) | ((v34 >> 2) & 0x33)  
        mask = (2 * (v35 & 0x55)) | ((v35 >> 1) & 0x55)  
        masks.append(mask)  
    return masks  
  
def find_flag(cipher: bytes) -> tuple[int, str] | tuple[None, None]:  
    """  
    Brute-force the 16-bit seed and attempt to decrypt. Returns the seed    and recovered flag when found.    """    n = len(cipher)  
    for seed in range(0x10000):  
        masks = gen_masks(seed, n)  
        plain = bytearray(n)  
        for i, c in enumerate(cipher):  
            key = (i + masks[i]) & 0xFF  
            plain[i] = c ^ key  
        try:  
            s = plain.decode('utf-8')  
        except UnicodeDecodeError:  
            continue  
        if s.startswith("flag{") and s.endswith("}"):  
            return seed, s  
    return None, None  
  
if __name__ == "__main__":  
    seed, flag = find_flag(C)  
    if flag:  
        print(f"Found seed: 0x{seed:04X}")  
        print(f"Flag: {flag}")  
    else:  
        print("Failed to recover the flag.")