2025第一届“湾区杯”网络安全大赛决赛 - GiveMeCoin - WriteUp

碎碎念

很荣幸能在百万天才少年中（雾）脱颖而出参加咱们得湾区杯线下决赛，不得不说湾区杯的阵仗是真大，线下的布置也非常的齐全，甚至还有能量零食袋（虽然我一点没吃）。也是第一次在这种线下大赛中小小的为团队做出了一点点贡献，做了一道题，十分感谢队友xrntkk和changkaishen的付出，希望咱们仨以后还能有更多的机会去线下玩qwq

正文

不难发现这是一道很传统的应急响应题，整道大题分为了四个小部分，完成四个部分即可获得对应的flag

四小题分别为：

• 攻击者的IP
• 攻击者维权后计划使用的账户
• 勒索软件的加密算法
• 被加密文件的原始的MD5（全小写）

题目附件如下：

分别为一个勒索说明文档、恶意程序、被勒索程序加密后的xlsx文件、注册表文件以及windows系统事件记录

根据给出的附件，很容易可以明确我们的解题思路：

• 通过日志记录确定ip和账户
• 通过勒索程序确认加密算法
• 分析程序及注册表，写脚本恢复被加密文件

攻击者的IP

既然附件给出了windows事件日志，那直接对其进行分析，找到是否有恶意ip登录系统即可，简单分析一下Security事件，过滤4648显式登录事件，看看有没有可疑ip即可，不难发现只有一个可疑ip

攻击者维权后计划使用的账户

打开Security事件文件，在不进行任何排序的情况下，简单从头开始往下分析，很快就能发现有这么一条事件，他枚举了用户的本地组成员身份，其中有一个administratr$一看就是影子用户，尝试提交可以发现是对的，这就是攻击者维权后计划使用的账户

勒索软件的加密算法

前面两题其实都是小试牛刀，到这开始上正餐了，当时线下的时候因为不能出网，所以后续解题很多地方都不那么方便

第三问其实真的不难，但是我当时一直到做到下午才做出来，为什么呢，因为我麻麻的没发现附件给了我恶意程序我服了啊啊啊啊啊啊啊啊啊啊，直到后面莫名其妙的我看到目录里怎么有个程序啊一看发现不对劲呜呜

首先这个程序一看就是python打包编译的，所以明显就是考解包+反编译

还好我恰好有对应的工具，不然炸了

用pyinstxtractor.py解包，然后用pycdc进行反编译，最终成功得到了 一个不完整的源码

也许是受限于工具水平，只能得到部分的源码（在线工具 https://pylingual.io/ 可以直接解完整的）

但是也够用了，可以看到里面用到了Fernet加密，这就是勒索软件的加密算法

# Source Generated with Decompyle++
# File: RansomWare.pyc (Python 3.13)

import winreg
from cryptography.fernet import Fernet
import os
import webbrowser
import ctypes
import requests
import datetime
import base64

class RansomWare:
    __firstlineno__ = 11
    file_exts = [
        'txt',
        'xlsx',
        'xls',
        'jpg',
        'png',
        'doc',
        'docx',
        'ppt',
        'pptx',
        'db']
    
    def __init__(self):
        self.key = None
        self.crypter = None
        self.public_key = None
        self.sysRoot = None(os.path.expanduser, '~')
        self.localRoot = None(os.path.join, self.sysRoot, 'Documents')

    
    def generate_key(self):
        self.key = Fernet.generate_key()
        self.crypter = None(Fernet, self.key)
        XOR_KEY = [
            0,
            1,
            2,
            3,
            4]
        enc_key = None(bytes, (lambda .0: pass# WARNING: Decompyle incomplete
)(None(range, None(len, self.key))))
        enc_key = None(base64.b64encode(enc_key).decode, 'utf-8')
        reg_path = 'Software\\Microsoft\\Windows\\CurrentVersion\\Run'
        reg_key = winreg.CreateKey(winreg.HKEY_CURRENT_USER, reg_path)
        winreg.SetValueEx(reg_key, 'WindowsUpdate', 0, winreg.REG_SZ, enc_key)
        winreg.CloseKey(reg_key)
        return None
    # WARNING: Decompyle incomplete

    
    def crypt_file(self, file_path, encrypted):
        pass
    # WARNING: Decompyle incomplete

    
    def crypt_system(self, encrypted):
        system = os.walk(self.localRoot, topdown = True)
    # WARNING: Decompyle incomplete

    what_is_bitcoin = staticmethod((lambda : url = 'https://bitcoin.org'webbrowser.open(url)))
    
    def ransom_note(self):
        date = None(None(datetime.date.today).strftime, '%d-%B-Y')
    # WARNING: Decompyle incomplete

    __static_attributes__ = ('crypter', 'key', 'localRoot', 'public_key', 'sysRoot')


def main():
    rw = None(RansomWare)
    None(rw.generate_key)
    None(rw.crypt_system)
    None(rw.what_is_bitcoin)
    None(rw.ransom_note)

if __name__ == '__main__':
    main()
return None

被加密文件的原始的MD5（全小写）

接下来就是分析上面的源码去解密文件了，虽然不完整，但关键逻辑其实都在，可以看到勒索软件在注册表里藏了一个key，并且对key进行了一些异或处理

先去找到注册表中的密钥，然后根据里面的加密逻辑去还原原key

但关键的加密逻辑也没保留，所以我这里只能自己猜测他的加密逻辑是什么，如果他这里对fernet算法进行了魔改的话就没招了，幸运的是，出题人只是按照fernet本身的加密逻辑，自己照着写了一套程序而已，也就是说我们在有fernet库的情况下，照着里面的加解密函数来编写解密脚本即可

当时现场一点点搓出，最后写出的解密脚本如下：

（要特别注意，加密后的文件要用记事本打开，直接打开xlsx里面复制数据会有缺失，从而导致恢复出来的文件不对）

import base64
from time import time

from cryptography.fernet import Fernet
from Crypto.Cipher import AES

encrypted_data = '80000000006897b20d63c18791bba544e004a4d2657972e5730cbcecaaa7055c1e64f0b69cb0cfd6f4b8daa0ab76b51420809b56b9bf1f0628457256150b6ec69fbd1bb3c2249e97703602f96d4d0b761f8e0fd66d573fd6afaa4e552742f3ba05a8bd147442d78b4305c3e55b6817d3886103809878dc591f6d5dccff6adb232fa7d89780da88cbccdd1d44843bb017956d82c9421c3021e1831463e26e71679c38c5f38f475b4e51c6ccc383ae615dcf4c2db1c50f91d0987f1244ee98bc0bccd9e5b8359d9824184c84cc72af17a3886780090ae26dcf303279f833496aada51be0ba36ebb24987c6e035bc65bae475553220c2d9d829a443130d30418dfdb382021dfc7cf0386220642be0824b2bd7b95812faa2e4677599a48b12ca54bbe9d14e23141ac0662b435d89fc0c6a57ed1ad1e3d6d65f15dceb168af017ed69c3f50ad595683b5b1b2e93f33318a72daf44506c6dd20a3190a81c3f23a86d57fb34bd5d6390ae4563d04609356cb6ee86bb1d681dc898b30b219e9409833cf629e27c535c9063904844d80ce46f86d7fbadebb5ba433becedbef0db227c0f7fe7310f2b627fd8c2fd6754e4ff7a012f00722e5e350f3724359fec4e9ea408e124bd6cc280d6e93a6778cb7548fe43154220b83a7f55eccc6958d775fdc68d3f2bbc0e34324a73a70920fcc56aaeb70cfda7bd0f5f01bd4265d6b38dbabcadcf484787611df15784c0334ba79a9d1547a73996fcb5c181f1e71b95f48bd01bcf66aaf680c62511f1ac2524ab2a9cee980867b8266961aaa401ac7235790ee4b9288b281b7d92fa4be0fd2432c010748c87e8bff1f0b1a9aef8bd1754bbacb1df65b21685f3421394ab303b783a76bacd0e41de743d161c83b622a5312dd7bc1e73f070a1143cbe1da22b05649d0af9db280746d0e73d58c549b768d18add506606b1488382fb258da018f4eecab92f765b8f93fa417e851296b2807aa7cfd6a423dbfc5e92de2a723b1a1b379250185c6ef4082be9ca4bbdb28f31cb1cc54dbf3c7c42483bb1e8adc33d0d50d2150a9a6aa59db27e301a03b8da9073307a25d1d6ea43da8707c3b7bd86c04c3764195d487a44638825aa1976cd5d58e0d340b7512c37d0b452545fa2c0fccad098d5ca3f27906c34308760f1c4085d49b6bd4f00cab982bbb2778b8c5070e94ce16f3917fc18bfa3e0f52bad2bd291406294236faf86d901765ae2b104ed95419956bb243626f4ef0ebacdf388d4c46d19d9938d5e78c0cb1ec4b868cb62ee911923f7801d515600073ca2458cdea66f91999aea6ed866c37f3c5fdef7921bbcc7f468d4cb16062268894788d6c09873ff2891986ba0d182a82a75c313210612bc47ac664a64d480abba92e06d558054d597beb85b86edad4724014b630b498cc9d0093a05d30a0b15a03a36eebdadf1821e2b3c6a864a18a9a4ca99a332a07e4765e29d5908e61eb4a8f95622ba3704d5104a4629716a365f156d5252c4d9206a0383cead5de3b0274dd687854a3fc6ade9227d619090b052ae413f66e1ff419ae16981e2113f64af758d8554427f3046db2eca34fe1b5a95976208b70aff683843051fbd43c6d4c1af32f650772b75edf1e556de7e896e285e37f3f4e6d137408235ba39be5e73bf5de7f90bd79a2383f2f4187c2444eae66a18caa322530583d53757d8a3c1d317cfef0c17424f5f5b63a95f01c64eb5c9592a48b4448def84427e43d1b8ac572b7a456aa6e2bd8986b2591063800c15465c876be4abeae39784eb0bd4d519bd5b93eaeccd95ca9a5ad2d8b2ca6a07e4a7441a9c4f1d8b46ee95390ffb1c02e2d53027bc56144ca7fd0be0a12d0a89bfe1f78ea6abdb28af1b10412f3d93f9ca17fcc3985700f77487dc5fc64dbe8602aa9445df7745ff6141c55752b454a6cf175e4c29dbc7ab910a8dac871d382b07ceb8f7c5f8e366485ab8d3868dd24509bb4a048595660eddf615ff1e1cf189e56acd1581b477e18d54cfc3e59b7a53df11da8f2b050b89e554a270477bc216ad7ecf4d58272e806e4e534d8303a3f87cebdd37e3e01c74401c10d5eb1ff5a404da8b690652d3c0682e8aae6fa66a4212ae84d3e0a913477d98c3cbafce38f6f5a2087fc0e18c0a29841a4b0293ac420b72debac2dde39de3cdeaf6887d6e607d52a92ca4fbc88b57aad165a4237e3194dbb1513b258d6e1efb6472dbed959a875ef43d2338b95f36ea58753245b3042c08f9aa7936bf09334a8e2f9669192f95b389b851ca3f414f42bc732fec0ce6bd19e6be7394b5e64a08293290a3b6b49ebc1e1dd958200cd9e3841222bf621ccbbcde87606a3b755a6d486b26563a791a31349555d7431335b19f64be5628f9165adab3ece8b852c01c6b7c3ad87d47a3e4e812f7f36a228185d7f08331b56be4140a6d3614f4f9be93e6c471fd518d84ea09dcecce61249e86489b96b87a5d70b327af6391e3e1a1dc83dab2b0e15511b04c414249020795c3ee57c90adc51b74efb24f96a53566caaf8aa5ceeeb6cf23535cfb5154a7feb45e718c0b06ff883cf3ead4d80e6495efca4afd3e48794de6ec61694ac77412904ca3618435a76c7d79fd9c94cf2402d2e257f33baa72fc7812ccd766dfbf6a2842c2229d3f4b92b008c2830bb41c0c47f32d42bae263504017f5355d54a2951b156433a8893abac3b94841cc975ac66c342976e26b921935876e6009e45bc18cfbb419c1fd209079e1e162c9b9fd15ff3eadda37eacdbada45c4e1baab1b098c66e491116b9935303644cefa19ac13632d0d0851f20623a5804ea2ecad3ff0135f48f2ada0f9134e07e0c1d6e603cad0d8d7bfc028dde5b42a24c479a6c45db52143aac154a8f59931e95679da2be97f1d1607c39b7f6220c98f61ae405ff78f63764141182e46e385035751d04fec9eef3e68c21a6be363f97545cf898fc3c98735b2038d1cffe65084724161155f7ee86bcbcf9ac32f98b368bb351ef93c4e3eb77f41543a463c2eb6097af3efe9f0c95425caaf3a4943a08491cfc926992c230546e89e098c5b3d4f79253a1ba198c24e90eb7f1f0458ae1979c1ba43ae7149dee097cf06c4ef72964415e42b323cb4271208c3be3afbd5e806665c1db273671fe5d5463d8ddac10f9ae042021b6514315b2ef08c37d2bd710d0d21a3c365ac9807097c031236d913f55c9d0b81248838588bdc9675dfd285037e5bdc9677207690068dc8e57be883885a82ab382d79da9445fada7927e306d102eaa10ca05c9c41b02bcfe878656364f01d176e605712ac3797e28989bfced713d567fe1ec75868e9e3d248ea099b77b0d59635918c78498fedd5e0c27b2fb148de8251ca9a4d0ea2781e5a854a8b65603c1f958946cd692448dc308ba192b1731be9b22bc611d6d5e1f383f93fc9aaeb103dde5b84f5aa3b9290be2849c28ab17a3eefa2632056facb476d2c7275c3148742129f207644bbfa7dd0e621bd21263d7445b032768551bc9a42fb4acec7c46397c1ebb75c001664dcdf27dd5686b4e69d7fc0f55bb45a824187e19f189b5246fa42577bba0a2e30ca8ab39db1d1ea4b2eac9160ff01175fe77c234e3b03241185d19e7b858904a4d84b68437d56798bec884cb7d339b70d8cce5534a0807f54972b4b50169a23b8a8fdb31c56171fd8ea2ba6a3470a0cbeab05b99b7437091a55a8db0bd699252310f513101cda6cfe9e860cdaafb71a0fd0b33e98ae294e6b4e017a3f2d53b0460700d63ca410f5e8c4969748ec22f175baff0ca99372666f9c5edfb87ea4e8248c0360dec68e404199c7ec35a95c75e2962ef049ae1cd37cb9aeeb86b2ae23d599ad7bed79cfca52b0231dc16f486968c4e5fbab2f0958891f92c485ee3bb0f0cc485e6398ea3b3da745f2350b8239cd5ecfec7f172fd38b6284fff51174c8a0632499f21a5d1589e6ce768b1867056c984de6c35026dee916fbba37adf182c0321e857bed9d6d8cae93a8b8b51b5e782af59d1851a8aaeb617576b5fe5e19f282fe07b34d04f42c2f181d6a2e64669bcbfdaa7bef3ef4b54464e62f91db7e79252f2016a6d88b649c6dbeb50b48e126a4ac521185fba38727cb8a6667f22d3617809c6cdf76e5be68b5e1ff9989b6c745c35c50117b15aea2676bb3243937126634c6f72d64ae14acc8a7dfee377ca08555de49025be3d24804bf26c5ff1cf2efc7a19a317a83a1af611f4ab8e892d9d2d3acebe257b5c9548a9ef998277310fd1e861c23c6a0ea1b14de4aaf5b7ec17a6c2741fad931fce42d0a465eb2f635b0c1032bfcfb8758e090be71fff5d56c71b53ae464b0bb29753d3d0e7e4aeb2792f8d615aafd2ff33a38473617a50af72b4d12b19fcbfa4cbd78fec82c879cf7551198f3cfa90f0de0ea6724acb739e5214cc7620bf0339422ae05529633c043b738d2c5596c425d91813762bde417609302208009f1ba402a1a51b8a4d7b3f96ffe0058314b4affa1108bed2dffbf64d561471d500a3299b9956ad6f231b0678381850c20e87649dffa3a3b106971a1c774b3b13a85b0a6b00dd042067c21cdf99d9fa576bbe361e7376c1b98d3d60426fea9b4574365bfe1bfd381ad0b8d79922a54ec699312fc2ed8cf35af0b8779bd4878d0af387af6fcf9b56ea2f2e900a549fa5c82cba5fdeb803b0c0a08ccf0f19c79307dd2f3a1f11bde9cb6ae473724be258e2f8d9d133ff81f7ea4e4cb05e679c361de35f39acf8fd1d6d7c9656326e3aafe9429578a6cf931097c1a8bc7390459d13c58c22fb087bd7f8cfc02e4eb8ff6eb6e67421bac4abb1423061a3e7ca9acf7b31a74dcc47ab38f194e29d273b877343fee65e6b0c16f31a312f986e04026a4adf38422aee93c2c732330af9474196d0fa46282f85ce6a743944d4e2cffd2527273df22f071223b328323b4b31dd262cdcdda728a5eda63cc47c7e5e23b7a0005483f957838e72e296202e580baa445dda6db15693e5adf52ecf1e7afeae53087af0793449940b094c44378fb44740bf33c4892e83ecb978ea92fe7b9077a4954b089edca9f1ce7b5e1f227b24c199768396b00966055165b5e5c75951e04069189465efe774c95d12e39dff65df7e97357b0f5c49b80336c09d2e4e04c46584e7be39b41063ce34155613886966f12bec2d84db3c81472e7e66c5e42dd3e7d0e9a601e383a397fc97459eac95693d0e534b16969abb40f7c7187f909f4f6c28bcf36cac8b71e6d6c7e73806646fcc9fafeb022d50d8bc8fbad4a0ba7125cfdb0be8a80ce66fbdf84f0962b09fa6bdd1e56b2bef9112adfa9f7f9dba845108ecd6926949a8d889bdac5ed3ab2a1e06f50fd7195f1207dd8b3c8331e9a9e6bdaa2aaae2b43b894160d5c34d85f64ba24c9734046df93abbb2554bc3500de3abef3cdc9c9e437eaedd56717c2e9701366ecb0894d1a2dbaeabe8a146a1827717c8883905faa490244ce764e901f2d46c214d041acc161edd74dae0d744b82772717e389d147c72f3edd4645eb013be82cd57961788111d55140a93267ccb7c831a6a8e3d14195812569b6a1dec9d67bc3a974f12df03cb2b234ae66c37f50360125540beae3c9cb501c365638c40ac47d0cdeb78f6c1dde4d3bfaa81a6fa0e5688cfd66052aa76c102d69607db49cc1d4712fe801681bcf237a0331bcb82859230149178bcf2125d628e5a466f1553138a5337f790d6124c69d8d481e946265a59278db7744e757602392ec03f1cbdf41d072758108529017cf4d9e0c3b3aacb485e28365abf264ff531738ab53d33f2ce295bd16ef552592c25c3be845dd21a669f894805c9cbf83164c13d670622de222dfd5ef98e391f63e6b10edc9effb2b9e6ce66e95bc38c6c9e82e90d062ce6cf23e0e6734bf5e0c9f77a92162c08765ee601a5aae68079897869231c27c0b15d21b53e51c5aaf7c81aa1612ad3b703b3141b751d0ff9c54d41e74a161ebc495ef307a0835f5bb7ba8af68015c32a0e89a3afe6120e4b2d2a89c82951bd958cc9996fde00327daf796a784cadf81d53252d8ad325f0cd96af167ef47e54b112c66b695ba960a2b417f4a4be9cd57b12e6e40ba3b38407830d2977d5f7ba82654eae420258d59fe86026668c80b6d537376d8c44ce67d0e8a0590241a492a73b274189e060b37a2902f8bc77cb835c629bad9993276f57b69cc15ed67f5ebc745a3cb61356251515cdeaab930ac7e2f798b28fd96b5e8cdb5f412b404a4757de0a88922e9804b2189bb67aa325d2f22c0d1f84e4edbf53ce4a398ddf0705092a93dca1a3996ab082710dfc1c0772257244a1f246c94b97df7e85bc657aaca6d8e73734f9ffab9bc695e2761a3a18eedad48acb9574d7e1bb0a206184dcaa9e6e811876b5c23ef894191777e7ff15ad5da027d09fc804119cad232d35ee5ef7222c14297777753fac3a79c9f5c1cea03057c57c420bf230f73f670e746ccbe1224d0d113454705ad5a2bd9616990e53585e966abb1c4a18961e8afe021ae29f28cb551620913c4e592cbf7b412dd320052bac3a488376a35b2f610743903b38733c010fad5dd7c17d033f9a3aa4873a4cc174e7ac92a7876230c55cd962e63fe627275996b58b6fa7d60729e01499397ba27db022911b941e0a7d27474955d15ea75ea44d4ffa1b414c3f4863d35af26d7fd9058161c5b2e036e0a316b53f00cdfeba020b0ce6d827e854122c7d460f2053f3d4c85408ad9a46be47b2d83bcb57880f7c1f3a3732bea3e3c87336290049a0e8f2932c29d38f69d268c85d167e1c3f036c16722ed10b3038644c4ee52684d0b921190d8c6b3dd5cb6b31f9328b27336e54fbc7b976dc2eb82ad9a844452bc24503262e5688095d120f31e2c4e156226f34e5e51cd27566baf7709e760e088c1a14f0499d5c27127a123b3fb9768dfecdd04356c73728cfcfff98b9968faea4dc91267a40ef73952d72e1f5c2bb5838fe8e3effbd2d42dd616d96cbe2b5b78df93d3f1326c185d2a5b7b3473d26382744d821da42ad8262dcaecffd1586e0c0c6a57908c803100060a2a2d3be16533dd1a9624de1f97115936b9136b93ce06c86bd9dc7299b7b746e8d7138d2f395c4c666d6a8ad6f7c6ab586acbc5176ccb749a24e2ae03d43ec3f11ab5b74dce677fd40fdbe5a29444710ebc9a1d3bf72b2601a9cc971c1db549441d11129b8b6e478265b05e453ccaf60ab037ee9b608b5e4cf62a2e5732d00b607ca4b6ca2d28185cb73c111e8bc4547a29880501baacc99cfc1088e594df8236bf72cac2572f8343aba5acadfbc892237ed502265d9a97276c33f6d2fd830a5301a371588242ae209986108019217f9991afc557388b52cee0f0dd041748b78ecec8471ffc9833ea50413b9bb2fc5266b035bfbc2f50635aa14066b5b21884bc4402bc1f22c6e9216acac0e11e9ee59ec095c2b871bbc461a77d8a637d03434b1bcd0db4988cc727fa9a5732cc603feefe323d35609074e2b83aee32eb9775cdbb80e41d2718489772531be99bdb48ba9874a8cbbbf1e5447f3405568a195662cb6523b660d6f737b7c91aef3144cb399cc828d867f390dbf1d4ce189ca44ee75b432feab308b0801a961b5e1861ccce8e75ef0371ad1e63461d400815527b3fe7a61f0a238eee3ccd17cb4ab2707aa1acb1f2a5180d940daa67d5e493a255a24cd642732582388d108a0ab71613c7e4299c4812e4e4bc08930bd5d0378365952fb66f072d7154175fe68dec0ba15b29a5adf4de15c9294380edb629645a2b9b87a7f0da81732d6e7aad636704471b3d266efe07735c4d3c4c0960e1ddd6141eea322fb18e6b8ec1c482463b9a350b58e0e858c992eb75fc12690a781b15ec966e8f8067b68cf316d4f22ea15036a959e96d95d49e4915368bee25e42c7cd7d83434c4a610d5976101cf6a5295d2b1a72625fc82d0093fe646f0fa689e916df57dce42ea92ddd9d09b3cc4706e9ef48ffa39ce4b3fbad06513d0db7407ed71894af47c21e144825355791420dba36c432a5b207c44f96e1db5cddf0900b0b65f27ce5cdb0a33b017ed76b99a60f884bbc44dcfead8205a099293bb547c46c9c150cc7a2e495754caba88dea3f7890cb1e18b8655f78839ff5686a4069b1ddc89b7a5698aeb11838cc9e12c408c591dae8f67d95fdcd219056af69d79e484b7af54055d8a2e36c008f668f618d13f6c53463954a0347a49d05eb7012d1bb220c57ea7091b927acf01f00930bb2e3ddf37426ed4015ff63234845439813bdea20df08e6949355e9b1de5a58b63d1b40194e4109f0545308c9decfd9649e212425ade530f99673d6dbe09740f4cc048992b648781b8b39356ed3585f9b02cfbd6bdc11bc9c8ec7ecbea6c1397b4b53dba9e1d858200c4daaa55a0499556f6d61fa09e8d907b0244f4cd829e42656200d3f791d54fb142f746d657f286f302c8e062e1cd4dc5c096b8905a2d20d255c5c25f2842ebb36f8ef9a638baa26972c13bcea6618215042c8e7d32cf2b16579d04754771987cc55e1a60b77b2a3043810135f33688ce76dba2ff4f22e4fbc2c913dcf0d3457cd1aee7afafb411c65f5af175271db61688fffe63aa4749e1a1dede9e519f638ead7182d4563e92ed324cc7f70a7a0ce9630e15e1a3df8d8cbc839b4399c1a4d23341ceee22ccb69543879fd921fbb4aa80862f0adc2ed528107bcccd3d578d4af8aaf92c2d65ab6d0d2690e28b7f9577ecafe12fef8f3082e7bd6a9ad3b42eb9a8b52d34c09fdea44513c5237158ee6cc9261efd120af95c93cf21d5aefe0aacb9f1a65acbc2adc14862d785379852bce5060e517e88baaae2e5064be9974b202e1885a44041168f85c6565e84df341b03726fe717ac66be215267b0ec9ccbd24b23635e5fc782e1fdcc41485e9dde6c06c1b11bcc9c54087e937e9528cb7bad2f0d7bf3f34402487991ac9644df6ec7bf5bbf68f3deada68fb4c7429792fe1d1cc72b359a273946151ad8b60bcc942be946fdbe3370acfb60059cfb8fff4d6109ef7be8982cc4aacd547222fcefd7a936d2e716ffef85f45e724445c8d206b3033fdb411b40359f410aa45aa06b47a320b2d8a2e42f835d582d670dffda69307c09bd11fa354c5da4d32355304237748e9ac2d99d4f4f3899ca75477112e2f1b7d352cc17a4e4102f38909bcd55fa8d2449d8b2a13500160f4fff1574e9e00f613efa9966f0fc5b75d79355f1a352d49815a01483fb417c4e9f9e14ac2d495ee834425aa87caf3b89f5ac70a222b57d68b42d9d068ce021608b49a55317d2179d12fb7ad07fcbd9ea745826531963b2337faae54b66aee7a5d01d05561097ca33fdd5acf8341aa36343b90995ca2185734ffc462cfd06b6cfa4f6063c415bd9fc7fc716a36a6ab2acc16e8f6abcd897b2109ac6bd8db888d63b58496bae19c987b968c727e1d24f079a874cb4af4cb4fe97c510cfe338cf1e3ccd1a105934b3175d10da7e1c08f401bb4ca24e4b755b1f2139de63c1de556f5b1ab334d21950396ed0a51c9cf5bf02a41aea46e2d4d93cd81fcbd6bbedd6550bce91cd64c41da6b91677279d2b4c2bbf4997aff71032ef2c98487913051b3f99ac2c642e13d57e82da433ed9cf593858735d7c8fe49dcb140a69bd4b771e9b8c555d67886e125f4dcaaf4edf3d6f4bd5513082febd1d0baa48ac0bb0311c5ea52b4192294c83b9e0d4e48f08002432e373cec003de7a80b26723114f4260ac59445c1445c330f46c4c260a6ab15377f1c35cd031dbe41a7e1fc943acf8c688ace392de5ed9c1c55382c44b860ee5612aa0807ed7d076b82b1eb7e8aefcab99b284cfc7c4a2cce579499ac5f5e6815117529317ae70df0a8d50e130e56a3b5fd7563073e4dfd733ad75e6b7e23c46d786b69ec99e4fb57a503223c4f21774e69be63e2819ab5c16fa1f11c8102a033b3714cd5f377fb28e50c24d3f87d5e71b4dd90500384c89dd44893514ed795456c5ec838836df796d5a26c3be829911a8363932d3f6973dc5fcdfc6f5627ff092fd0ad1bc50d0a91be0800a12078a3e8bc24dff8ccce3ff03443b2446549d3cf051647c7adfe7e80a2be4e56fbc18784d8028efc6d4327356e61445bc1c92d73620ceee741b214a769f2a480f1270ccf7fa967c5a7c2dd46a468ca166a43d69a48d506a96f137875c37a0b63a5c1a719ac43511278dd182e619b97d098959636fec324f92281548ddf70bbdcd11ea1f396e739603c2d14094967cebea13b7730490a54b42890719b4e2fbacf7de91c72b7b00534195a76c06a5fd1c271326f2d6efe0c86180d20b6ba0c109c12b1f8ca3465a20d1530608601abd5929093d0416961b6c48ad70159a0085be0893eb541b42dd9f12d1eb2b3f9758ab3d5b88105fd7052e624545f3aeaecf6abbd50ab26d03833608ff9faaf73fd5821ba6b4802a6bcbe61b7a42282adf1d0343a606d8ff0284ed180afc6cc731c318321f4da90ae8979d785d913e6594d63c81bb2d2dd6d5997af2a21a52c9e6dfd31b389694ecb40232e6dca18597d600efe331793560b162ff68e55d4650ca3e0b35812595bf481e76f19e39fac088542a40262fa939849552dad7838ff0102f2b5878ed02034dd882e10af1eafa0734374354a6c3f23fe30283b248b000dbfbc983464e77e3d92a92cc9f87476f3d4b6a6c4e81b3104bd8d24536fbab0a325a4ec13aceeb3ff571c69961c2cc2b3f28418b070f1ed8667cc580729e4131b64c765a2d96b2c20661fccf3e0ea4bd7e952238eea87332437e02273d7d78ca5e606dbe27a2f34eb5dc6efb4d541cac87c2cd793441cea908a48d5a85910f5fa54efd77f7b283e83adbcf2cc72f0c7746a622254afb3811b7e2246fcd5bd5ae03385ffecca286f3ecfb076de4e842ecc614415bf7e07161a118d21c64cba38dcb304a2d9b3e6426735dde60398f03b3ea98256dd86a90cf68fefb89cc2dbe84d570b3a1e62c44cedbb6049e3c6258b53ad9a4da5ffcb661615a9f8ab5c458ac1d09fe396cac6d3a8ad041381c3ba003831672836e858f6480e27bfe034423fae3a4d797be1897beaebb053d9f9bcee81d2d43b6d71ab82374896eafeffb4ad0e833288c16e5b8e70d65beb99288954bc0bedeb2ca9a66db2011310111f4e38022b6ba4e43a6240124052820d7fe854021fb3b68231cbc6e256dd577654d5f05ca211efdd9da9d369f674c3451a2489abb5cbb6e13ad891a10e2083aeaceebf5ddc67d05514f33f6fb51d2aa485489959b6c69473382dfa8b73d727ce4f8808a822bdcd32d6557862ccf1863501c7d299887c0b9b15b0e89b7191ca2e463631eea93219ce0e807923f5d25e8e0c23d86986305497c37bd499aa406216e7378308e0771aab5eeca9d78e5cf8d246461479f22e6b751da415817cdb0c26fe09d39dab16efc6e192ff2a40e47ebf2a494ffa321c6cdb24d5ad7be14f6997aa439dfb92495eaa2a9d3937fabe9d2ba31ba40c195212b47203f93e5232c373baa2c389d49758149e06b9057ce2a5f35a632d2634a1bd9c20e9ca1a0d3747a1c519cc1311c5281998ee38c82797d9c4eeb8de5026e3ecc011f4522709e428f0ff293dadc19ce6bdb3c83e19fa099827dbf3701cb772339377406a1ee98c331ef69c3946d3a87e2a3a48badee8ef6d287c3f9b2f785199b1d7efcfcc2338f07d1767e1ffbf978f39b9970d6a3b0a6a64b497d6fa441cc464525f49cdef3f8dd95ea79657a665f43da67a739fb6a2bb5ca4669da6e6f1a6edaedd87d256eb1af7cb269ba4172bf943851ff97af0d9bcd56385d21ee6cde4dcca7ce5aabd7f556aba4929eb8cf0d7668631f8f46fe6979c3dc7238d917f3eb10eacc75030154783553aab2f4babca6ca55501ff64a72ed55b74811b59f2cb271a83dc62d9f1283fc4c29f120d8e53cafd28b69639e4e8dae4ea512a9ce8fc0e5da114c4380af525da9a4d905ed1efb4512239b2d4df917e1bad938bbfba989b4485e5053d382706c2df9fdf2fab46edf5db3ec7b36ec71b8efd2f13d4d405029c7f0a730c9f26ab91c0cd24e12676aa72fde957b83f80534fcdd02d91786c211f054420e4478c1587a33e1b028c0e4df64c67ec7f95a230346532265607df0cf170556f02831494d03e82e830bb72da0859a75280794cd22a34c5f27bf1b0d242592777358928f6a583a7ef4a7cf9a78e81d7bd5f3c22e941b7346accac850d0b79af9ab46422d0c1e594457878b31dcdde019b2d96aeec9b5703a856c083eded7938a3f81f0731aa24081769f37572f10101f21723490e2ccfe57a6b0a03bec85562276c19a1beb9fe59d813a39868af85a5adf6c1baaf7042c48fd9a767fadf1c6e1cea8e30509a3eb83d6256d1463e4d979577abbc45d25f0279a5c4c152b021a2ebf11f2a336b242f3d14aec4ac57f61d5b26aa8e38c21b31cc433ea0f21bcd01fd388ef798465e4f5d4e040c3d4700a96cf0cbf069ae8a0986ece715a3e4673ff2aa0b006935d3f76ba47557c0d0ba15393b4b4a4f5b4a3825312a5f18e927a02bd0cf08667f2eec41404f895e6bca289db6f5cb6e91a21c6e23360ac6d87006e3e8d6023f9a44dd318ebff395eb83bf35ee1c95a1c31aca08d2fb05461fd90029825448b22518642953bd66c0c736434b908f155da9b2c7e41d85517447bf8cb8f45fccfd4f978f7dfdcefa3da5fc687502734d394a0ab22388dce8dfbf5aaa4635ff5f41af1ab85191fb2d0088f016bf64fc718fb53943e7be58509913061a60ef1159b2b18eb3033a7953b15236425efece521d3aa2472ef8857e66888665edda8cd58b5fd396140ec21ea111cae2855daef59f039b1f8366b2d381903be46939f014d9c53507ca5758e51a58873b521795ad97a214060b9602a02c0f91c70ef0f53a96a793f7c59ea0b7b07be28eb95a0e2a9d9fbeca7ab58b83d9be6fd30d96324e123a4a8800443a6cc3b627181178b7ccdeda72ee61f5fcec63e2e2873156336c595a67fe78ce84c026dd07bcaf498d0d345be57ad492fde0714899e71e3f0e6d53d99aa8ad85dfba2737f69704f945287c1307973ccd94fb8b2408b111645b467829fcb39da9721b312e2d408312d419bb8209ab846211b67406cb1116ed50e0d87a5603beb218a7d576e31804c2933f53070033cd15af02a29c0af6a8665c45a1a6fed3dacdbb7c85dd8e63a5b52ea8633b9ec2a5f775b5f2eb763bc87caed7d27efa1cef644a94b5063ce9425ec9e6aa6ebf6c5cf9adeb7447b0d0a69288d6abf6101a8c8d65ffd13e2c17a60d844fc79d39374ffbb2ae14d0a2cabdb8e2c0c098c3b01f74e7335a1b1010de7715c249f47da022a173d6be11da081c24d047e60e7f34909ea4e16bf3f0d6fc7ff68fe73cf2c5afe2158cbf7a8a0dd3bdab73e45ce25dbdd360c55ba030b9de265f772876e5076a54e628a26b91a44b43c36609720fc9269bfd456ec163b04b8b29de103b32d8ac5f4f534f1db4b174cf38a43dfa7c1fd5c66517e5cdea81ab495f3642a3e65c2734a6350a3eab7e1e8301f1a59539627a11862fe8db2d52f8d911908f5d1bb524ea15910903151d37c1ee515d5b123ce926359ffb19f6c6bcaec363f5d2147f4d70725f1ac00cd6602684d40ea3ff8602f83ef542c18e3043c4be4b043b8c7e9deed60def82d938450ab0c01ddcbd901407d9c3a8b0cec093c209aac2d7837e708878957bd359d650996669edf713c8b0c7f94bdc08f2eaf0b353057f7fbda1b5db7eeb625948d1a30183af55a4181be157db628542f720c1acce290533a74c51c98953d83015619b50098d932b5b21df5f91a9a825a6bd4d33b3fa6c43d7f5c53894fb2917c459963fd55e1c2729e9a5b4c11debc6837e610bcd9ed16b81eb5d7fc81963bd52652170a8a8a488b5deff971a40852625241da344cafc450aed43c306bd1c6c9735b065a41d8fad850c9888a6827918df85b5363ed34af48a9dda9fd25cbb3652dd59bd7f85a13a8c6bb53643b2cc1b824ed2341c7e2ffcb6c836dce014c93186c64f37afb90ae8470dfad2676f8f473e66490e678869c91f6eaafaa1758cf09511a88ac8f1fcd0a9ed3a764c5b317c736ef66133fc009785236dea05dce9a622885a6da759b02bc17debcb9ae59d36ecd3cb5d96a2c18623783c3d2831ed5c504a236fdd54ef7c861b3ca1643d67867c888c5b43372d42a812a3822ff0557c9c3ffc0357cd8ca8cb1282551aa2825a4bb7b9274f1f1efd7ea3c1ee5cfa66e8ccc699b7a8aff5ebe2028e9298834bd3746ade9e2726e554abe22cf703a6212f853de97b1bb9f60ec04f1306f8089d4a361272f7ccc7b3b0d8b0cf1984d17641f95e60046876b02fbb7b36d5f899e0966026e72fb2367cca8b2e66c68c33c80e931c3a8645e4032f7d09c9f8b402f29ee44ecaa7e5184a9562d513205d63'

base_key = 'd2hNbX1BT05hPUFAWnV8ejI3bEpESDFwTkZlYTUpb2c2Lmc2TDRsbV9DSz4='

decode_key = base64.b64decode(base_key).decode()

print(base64.b64decode(base_key).decode())

new_key = ''
for i in range(len(decode_key)):
    xor_key = [0,1,2,3,4]
    tmp = ord(decode_key[i]) ^ xor_key[i % 5]
    new_key = new_key+chr(tmp)

print(new_key)
iv = encrypted_data[18:50]
ciphertext = encrypted_data[50:-64]
print(ciphertext)

decode_new_key = 'c223a7c8034b6fd0005efc73df9a0d0c8dec24575cebea1fe3e73a33aa22fc12'

print(bytes.fromhex(decode_new_key[32:]))


plaintext = AES.new(bytes.fromhex(decode_new_key[32:]),AES.MODE_CBC,bytes.fromhex(iv))
plain = plaintext.decrypt(bytes.fromhex(ciphertext))
print(plain.hex())