catalogue

. 隐写术

. Substitution cipher

. Transposition cipher

. Bacon's cipher

. LSB-Steganography

1. 隐写术

0x1: 文件Binary拼接隐藏(增加数据)

. 制作一个1.zip,把想要隐藏的东西放进去

. 再需要一张jpg图片2.jpg

. 执行一个命令 copy /b .jpg+.zip output.jpg

. 得到一张隐写图片,这是利用了copy命令,将两个文件已二进制方式连接起来,生成output.jpg的新文件。而在jpg中,是有结束符的,16进制是FF D9,利用winhex可以看到正常的jpg结尾都是FF D9的,图片查看器会忽视jpg结束符之后的内容,所以我们附加的zip,自然也就不会影响到图像的正常显示

0x2: LSB(Least Significant Bit)隐写(修改数据)
LSB也就是最低有效位 (Least Significant Bit)。原理就是图片中的像数一般是由三种颜色组成,即三原色,由这三种原色可以组成其他各种颜色,例如在PNG图片的储存中,每个颜色会有8bit,LSB隐写就是修改了像数中的最低的1bit,在人眼看来是看不出来区别的,也把信息隐藏起来了。譬如我们想把’A’隐藏进来的话,如下图,就可以把A转成16进制的0x61再转成二进制的01100001,再修改为红色通道的最低位为这些二进制串

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbEAAACFCAIAAABaLlHpAAAKrklEQVR4nO3da3MT1xnAcX0KXvVVpx+n30YuIaTMdJJJL9MMYTLTJh0J25iSJm5TQ9qkhpDS0foCGF+KzSW+BBtqjC+ATTHGsiX1hctK0e4eHe3u0XnO6v+bMxmxvuToyepvaUUgVwMAvJGzvQEAEIQmAkAdTQSAOpoIAHU0EQDqaCIA1NFEAKijiQBQRxMBoI4mAkBd/Cbmcu19bbufD1/j6BRjDP2QW2Nva7fdMxZ0UqIzo+nEyv2Q+pOhEBxs1Icaj2Tgwa/ebdeOBZ0U88zIBTR+SOfzo9KZVYoJtPwR0vLBH/rdGv/pipa77c6xoJPiN7HlbfVBxXHUGh666oYqhu/ig1+zid02FnRS0uuJTSef+uwMfjl0tPypE/ohFx/8be22e8aCTkrztbPiyaNawvuQeepnPVEjlf/gb3liqE+PrI4FdiV97Rw8L9V9bPlLBFugGGbTFwZ/6dZ41feua8eCTkrURMXZRhMT8seo/+wpAw/+lrvtzrGgkxK9dvZvN96gianQf0IUlQYXH/yaTVTf9o9kZizopA69dlaLv/3sauvBH3rDxQd/uk0MveHiWNBJSd9j8X8Z+s/Gj6ItyR/8UZ8vWQeaqPkv6gZPf/STrlqaY4lzZjSdT1FPFaM+v+U3RC3ikRz8Zehnuvvg1z9VumoshliPVHaaWP/iH77y1f8ZHvw+SbYhX8urB6GT1BxL8Nm6uw9+9W67diyGWI9UpprYdIbVNN5I0cwBmh66+hOLmrnxHadHsdtuHosh1iOVqSYC3WNrZ+9E38jb/aPvD948MzRVGL4z6C1cnXk48/3m2rNd27uLz3qkaCLgpJ3d/bNX5grDcx9emv7l4K2fnxvPFz1/ffTl9N9uPLj/6NnBYcX2TttjPVI0EciI8mFlc+fVvUfPSnOrv/3rVE+hlC96b/ePXrj23eLadtX29jRZjxRNBLJpb/9gdnnrs9L80VPIM0NTtnekxXqkaCKQTTTRiaU5lvhNNPrOXcfuP5Cig8PKxPz6rwcnPi/Ny7+8aD1SNLENNBHuOqxU80WvMHynKvvKovVIZaqJob8hNsXfb0gT4bRvZx7li96thXXbG1GxHqksNzF4OyHXmxg1CoHH5f8G5tCftS1/DNu9U+WDSk+h9Mdr9y3uoSXrkcpOE6NORJpYi66MtOP+hxpvCBR1jrXcsPV79FbfaO83d+3uQc16pLLTxPoX08QIAp8PBo8En3aFfq1d8Zoo4e7QRGlLcyxpvsdCE31y2hd13JUmNmlqouL1ivW7QxOlLc2xJL2e2PJgPDTR9HEXm6jYcPD5o/W7QxOlLc2xJL2eGHpeJkcTTR93roktXyxH3bCFJkpbmmNJ87yhiT457Ys67lYT9d9RyQWY3104mihtaY6FJhohp31Rxx1qos6FmtA7aHBPGmiitKU5lqTvO/PaOZSc9imO+//5HApi1EtjmhiD9Uhlp4lRr0poYk15sVXU8aaPpjiBdOUCQj+k+KrO7reOJkpbmmNJ4YwJnrXJz0V3mwgcoYnSluZYhD5BoIlwHU2UtjTHQhMBI2iitKU5FpoIGEETpS3NsdBEwAiaKG1pjoUmAkbQRGlLcyw0ETCCJkpbmmOhiYARNFHa0hwLTQSMoInSluZYhDYRcB1NlLY0x0ITASNoorSlORaaCBhBE6UtzbHQRMAImihtaY6FJgJG0ERpS3MsNBEwgiZKW5pjoYmAETRR2tIcC00EjKCJ0pbmWGgiYARNlLY0x0ITASNoorSlORaaCBhBE6UtzbHQRMAImihtaY6FJgJG0ERpS3MsQpv440s/Tb5s3wl0tZPnxgrDc7Z3oWI9UjSxDTQRrvv917Mnz43t7O7b3kgk65GiiW2giXDdw83/vtU3+sEXU09f7NneSzjrkcpaExP+rfZqNBEZML/6/NT5sRP9I8OTK7uvD2xvp5n1SGW2ibmA2N/TRxORATRR1NIcS8x+KcJHEwHfzu7+hWvf9RRKx3tHZ5e3XpcPbe+oznqkMtjEqKeK8b5nI9ebGDUHV467wpX9b2y/Ghpbyhe9473eR5dmvrzx/dTixuOnL8uHFYu7sh6p7DRRnT+a2PijwsXjrnBu//Orzy+OL33wxVRPoZQvevmi11MonRoYf+f8+MmB8Xf6R/11cmD8aBndj/VIZaeJ///K6OuJyX96u9tEIV2LfdwV7u7/+cvX1++vfXhx+iiL6mV0J9YjlakmmnuGeIQm0kQ15/ZfrdUuji/9anDC7927n17/+O+3L0+tjN1bm1zcmFzcuLWwPrGwfnP+ib+Mbsl6pLLTxKYng8GHWfITlCbSRDWH9l8+qJTmVt8fvHm81/vkq9mrMw8XHm+/2rf/NrT1SGWniSHfpSGOXX49UVrjaKJds8tb7356PV/0fvfVv/ckvelco4kRUjuTUrmM6KOJNFFN/v6rtdrXE8v5onfm0szKxgvb2wlhPVJZa2JjAXme6JPWOJpoC02UtjTHEv96Yujt4MF43G1iTUDXEh53hfD935x/ki96n5fmK5Wq7b2Esx6p7DQx8nvxvvMbUT8VXDnuCsn7/82fJ9/77Mah1CDWaGKE1N5jSffsdL2JwPHe0bNX+PMTBS3NsQj9GUsT4Tr+nG1pS3MsNBEwgiZKW5pjoYmAETRR2tIcC00EjKCJ0pbmWGgiYARNlLY0x0ITASNoorSlORahTQRcRxOlLc2x0ETACJoobWmOhSYCRtBEaUtzLDQRMIImSluaY6GJgBE0UdrSHAtNBIygidKW5lhoImAETZS2NMdCEwEjaKK0pTkWmggYQROlLc2x0ETACJoobWmOhSYCRtBEaUtzLDQRMIImSluaY6GJgBE0UdrSHAtNBIyQ30SEoomAETTRUTQRMIImOoomAkbQREfJbWJu4EnyZftOoHvRREclamLwL7lP8a+9p4lwGk10VJyE5fQk3RlNhMtooqN4nggYQRMdxfVEM5uPeKbsynFXSN4/TXRU4le4b87I1E9Nd5sYNRNXjrtC+P5poqNinkzB0zHdi4k1Z5sopGuxj7tC/v5poqPSaaKJn9g00cpxV8jf/8/OejTRRSk00dDZSROtHHeF8P1v7+7ni95fRhZsbwRtS+16YsuDbX9nmmjjuCuE77/3yp2eQml5/YXtjaBt8c+kXLR0dkYTbRx3heT9rz3bzRe9f83+x/ZGEEeiJjbeSP2SIk20ctwVAvdfrdYWH28PfHuvp1C6/WDL9nYkkvCfqSWamD7rXUt43BVC9r+9uz+9tDnoLfziwvV80Ts1MH55csXifiRz4kyjiUZEXUNw5bgrJOyfJmoKFsPENbfk4uwjeGdCJd2Zy01E9lRrtZd75c2dV8vrL24/2CrNrQ6NLf3hH7P5opcveif6R/qu3p1e2jg4rNjeqVChT5vkpNAnbkM+mgghtnb2enpHjtrXtN77041vph8urW2TQrWoZ0s0sQ00EULs7O73Xb17/p/3hsaXLk+ujN59PLu8tfr05evyoe2tuYcmxkcTgYwJFpAmtoEmAlkS9S5f53eiJm5DPpoIZEbUG7A0sQ00Ecg8mtgGmghkHk1sA00EsofXzgBQC15J9I9b2Y+CuA0ByDxD//NbKkRsAgCEoIkAUEcTga5QLpdPnz597Ngx2xuR7n8aPBTodofFfgAAAABJRU5ErkJggg==" alt="" />

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWkAAAC4CAIAAACuDIonAAANQ0lEQVR4nO3d7XPcxB3Acf/PgjSUZgamUybTF7TTKTRTRBycBjKBFlog5aHmSU6c4ICTmODGBhPHCY4dJ87ZPj/fqS/CeK7Sam939duTTvv9TF7Yaz3snaWvdWcZRlIAsDdS9QQADCXaAcAF7QDggnYAcEE7ALigHQBc0A4ALmgHABe+2jEyYrHl3oU1Kyq/ZLUjAFKqaUfmq/p2HI3QDqA+KrvuKOqFsh15R0vSDqASFbdD2YWjOqTarNAOoEJD/H4H7QAqJHPiaS4f8pcSytWVH2u2nNIOoFIVXHfkU8J1BzB06v5+h2abtAOoEL9nAeBiONqh/IB2ABUa4nYY7giAD9W3Q/kuhn5J2gFUrsp70g1P+/xLFdoBVK6a39H2flzm9yxFSwLwjRMPgAvaAcAF7QDgolHt0Lx74vbOyFpr58TZyyffvvanf14f/fTW+PWlheXWwWHHx+SB4dK0dpRcIKPV3os//u7VD26evDB1fHQiipMoTp59PRn9z/e37613uyXmCgy55rTDpAtlfinT6XZXn2xPza387fP/PnfmUhQnL52fmppbISAIU1jtMF9M7+CwMzW/8vt3voni5M/vX//58Vb5bQLDhXa463bTqbmVE2OTx04n0z+uSm0WGArWJ1LRuVf5uOGdY+L3km1s77/y4Y0oTj6/eY/XLwiH3X8ZsOhsrMP4SO521d4Per+kf5gODjvdsfHZKE6+vv1AfONAPTXwuiPTi/ynyu2UdNjp/uWDm8dHJ5Yft31sH6gb2iGm1d77zRuTf3hvmlcuCAHtkPTZjaUoThaWW/52AdREQ9qhj8XA2rG9d/Ds68nY+Ky/XQA1QTuEnbo48+KbV73uAqgD2iHsX1cWojjZOzj0uhegcg1sR6r9Ha1mUyI+nb4bxQm/bUHjudzfofzBXp/xzFeVD8T8Udsav74Uxcn9Ne5SR8M15J50qxzQDqA82iGMdiAQtEMY7UAgaIcw2oFA0A5htAOBoB3CaAcCQTuE0Q4EgnYIox0IBO0QRjsQCJd70otu1qxwvOi+0qKHoBwXQTsQCLuz6Oisy5x+tRrX3Kiu3Igs2oFAuF/q17AXmcVoB+AP7RBGOxAI2iGMdiAQtEMY7UAgaIcw2oFA0A5htAOBaODvaI9GaAfgj/VZVHROVjuevwbplV8lvx0ptAOB8HgWDZJVDmgHUB7tEEY7EAjaIYx2IBC0QxjtQCBohzDagUDQDmG0A4GgHcJoBwJBO4TRDgSCdgijHQhEA+8r1S+f0g5AQgP/nkVzN7pyI7JoBwLB39EKox0IBO0QRjsQCNohjHYgELRDGO1AIGiHMNqBQNAOYbQDgWjg72iPRmgH4I/1WVR0TlY7nr8G6ZVfJb8dKbQDgfB4Fg2SVQ5oB1Ae7RBGOxAI2iGMdiAQtEMY7UAgaIcw2oFA0A5htAOBoB3CaAcCQTuE0Q4EgnYIox0IhMt9pTUcL7onvehWVOWmRNAOBMLux3XRLd6Vj2e+2jvOPemADw287lD+eYvJpkR8cfNeFCeLqxv+dqGU/ysezZVX6vQkmKxiW+rMd8p2Slb7clsyv7xm3cFf51aIdgibml+J4uTW4iN/u1Aq/3zqW6PZlH4x83aY78Jwa2UW1kxM08dhb4fhD55fFnbYeg3H69OOnx9tRXHy72t3/O1Cye26Q7+kZpv5tTTj+mlrPrVlu7r53Io+PhpRPvyR3MFZN30PAN26Djur4fhIbdrR7aa/fevqyQtTXX/7ULF63pQnttVJbjWxoqNT0x233floh3JuRXFUPkDzWRV9s5RPS9FkzBdW7tfikDB8VH03V+14/mkq+lSzKSlP3y6dubPmdS8ZfQ/xzMKZD1Lt02K7ZcPti38jHB5C30eU37LhYqnq4LSdf9Ghqz+ky5xctKPKduzuH75w7spvz1/d2T/0uiM3vU+IyYHSN0DKEeX3xWSzmpkoJ+acAyt9H4hyv1btUC5sGKMy7dCsG1w70p7jUnn0+G5Hmqbf330cxcnrn9zqdLy/drE6hTJPV9/zTXP09z3m8vsq2qzhod+XYCmUz0PfvRie6pp1TZ6Kvhu0bUfv49UfD/+3on4SRfvIPJW1Gs98VflAzB+1s6evXM6Mzx4cdnzva8TsyM4vo1+xdzGTQ0qzWf03YsTghDFhuKLh0zVSfC4ZHlqax67ZXX7c9vkpWkC/cfO1fhnXT2JYWB1tg2lHmqafTt+N4uSP7377sLXjdUf5Y9r5JC/avtWgbTvMZ6Ln0A7NWubTKyqLSDt6d6GfsGaGmnHaUcd2pGk6/ePq8dHLx05f+vibxV1vb3/oz9VBtkO/u77T1k+jL5N1bTuo/zgzkvnAvB361md25K8dmgIqVtRPYljUth1pmj7a3PnrRzNRnDx/dvL9KwvLj9viu1AeeSY/8DPL6H/oKQ8s5ZYzX6p/O5Tj5dvhNivNukXfU4cnPD9otVZKOwZm7v76qYszUZxEcfLShWvvTMxfvf3gzsrGk/beYadb8g3V/I+OzLh++cx430OzaFDTAsMtaOZswvkHsvJLRU9j5e3ou33bdmh+GOi2phwdOvVvx1OrT7Y/+ubOC+cmn0ak6J/VNjPfe4frjswHbu3o+xPSZLMlvzX61a3Konn2NCserWXVjsy3L1P/onNbP5ifg2Y7+nnSDseFBbV3D76Yuffyu9P6cNi2I0N50urP88xg31Na/2NKs5eivhTRb99kjyZfyi+jOev003N7ompLP/lhfVQZNW9He/fgvSsLx89MRHHyu/NT703+eGvx0cb23oDvWwcE0Q6/uml6bX7l+bOTUZyMfvL9D8tP6AWagXZ4tH/YOff57ShOXn53+u7q5mB2CgyGy0vKold6FY4rX1obvij1ZHf/8JUPb0Rx8sHXPw3gznRgwOzOoqK302o4PqJ6x1u5sA+dTvfpPR2Ts8u+9wVUwv1Sv1a96G1Ephf5fAygHZ98ezeKk/HrS753BFSFdshb29g5djo59eEML1TQYLRD3oVkPoqTnx/zn0pHk9EOYfuHnV+/cfnVizP+dqGkfGcnLX6wmvGi7UiNK/frW9F89MvnV6lw/pXsV4N2CFtYbkVx8uXMPX+7yNM8J8qjv++J7e97VMk5UDRPq+UrnH/q+aB1QzuETc4uR3Eyd3/d3y4y9I9Oc31huB2pcf18/LGdgH6BCttXt3zYzaZWvdCPHz3dfU8SWZ/dWIriZOnh4O4Ea2Q7RlRMVlRuqmievQeJ4bVJyYPH7XE1oR3pQF4PO4wrzwTNKvlBKYP/f0o2sh2CNBNQzlkZlKKtDUZD2lFPVk8r7VCOB9iOtOAlrbIvyk8Hg3Z4RDsMP9WM16oduet69SWk4ab0n1pNuOTB4/C4RJ4EH2o0lTJoh+GnmvFatUNQrdrhQHMRVK0aTaWMkNuRFp+3yhHNuHgvzOfjldU8aYehGk2ljMDbkRa/bs9f6+qvgYsujMuPV3vtrZlP/qsOz5vXafdOsj75qMs8SqIdwIDRDmG0A4GgHcJoBwJBO4TRDgTC+izy915amfGi9/yKVskPSqEdCITdWXR01uXfsq7buPL9c+XCsmgHAuF+qV+rXvQ2QvmrNc0DkUU7EAjaIYx2IBC0QxjtQCBohzDagUDQDmG0A4GgHcJoBwLB72iF0Q4EwvosUp6NlY8rA6FZJT8ohXYgEB7PokGyygHtAMqjHcJoBwJBO4TRDgSCdgijHQgE7RBGOxAI2iGMdiAQtEMY7UAgaIcw2oFA0A5htAOB4L5SYbQDgeDvWYTRDgSCv6MVRjsQCNohjHYgELRDGO1AIGiHMNqBQNAOYbQDgaAdwmgHAsHvaIXRDgTC+ixSno2VjysDoVklPyiFdiAQHs+iQbLKAe0AyqMdwmgHAkE7hNEOBIJ2CKMdCATtEEY7EAjaIYx2IBC0QxjtQCBohzDagUDQDmG0A4Fo+H2lRQ9BOS6CdiAQDfx7lpEe+kfhA+1AIBr4d7RFI0UPRNbH3y5GcfJgve1vF0Ad0A5h70zMR3GyubPvbxdAHQTXDq/hSNP05X9Mv/jW1153AdQB7ZD0sLUdxcnfL/3gbxdATTSkHcpPB9+OC8k8b5QiELRDzMKD1jOvfXX2s1lP2wdqpTm/o622Hetbuy++efWFc5Ob27xLiiBYn0iac7La8UxHemWWVzyqctY2dl46P3V8dOLOyob4xuFVt9vd29trtVpVT2T4+P2lwyAZRkG8HbcWH504e/m5M5d+WH4iu2WgzmiHu4etnbHx2ShOTr59jZvBEBraYa3T6d6+t35mfPbZeOLY6eT9qz/tH3ZKbhMYOmG1wyEc3TTdP+istXbm7q9/9d39sfHZE2OTUZwcO33p7Yn5tY0dp8kCQ6857UgN0mDbjoetnWde+yqKk6N/vxq9dOrizOXZ5fbuQYmZAkOvae3oy2qDrfbe2Pjs+S/nLk7dmZxdXlzdOODlCZCmacPaAWBgaAcC1el02u325ubm1tbW1tbW/v7+5ubm0tLS7u7u0wW63W61M6w52gHABe0A4OJ/H5kuWPFp8icAAAAASUVORK5CYII=" alt="" />

如果是要寻找这种LSB隐藏痕迹的话,Stegsolve可以来辅助我们进行分析,http://www.caesum.com/handbook/Stegsolve.jar
打开之后,使用Stegsolve——Analyse——Frame Browser这个可以浏览三个颜色通道中的每一位
在这个过程中,我们要注意到,隐写的载体是PNG的格式,如果是像之前的jpg图片的话就是不行的,原因是jpg图片对像数进行了有损的压缩,你修改的信息可能会被压缩的过程破坏。而PNG图片虽然也有压缩,但却是无损的压缩,这样子可以保持你修改的信息得到正确的表达,不至于丢失。BMP的图片也是一样的,是没有经过压缩的,可以发现BMP图片是特别的大的,因为BMP把所有的像数都按原样储存,没有压缩的过程

0x3: Beacon加密(基于外形形态的编码隐写)

0x4: 载体

数据在隐藏的时候,我们常常是需要先分析是数据隐藏在哪里,也就是他在利用是什么做载体,之后才可以进一步的分析是加密或编码的,例如

. bmp、png的LSB/MSB Bit

. 图片后copy跟上附加数据

. jpg的exif的部分。exif的信息是jpg的头部插入了数码照片的信息

Relevant Link:

http://drops.wooyun.org/tips/4862

https://www.ibm.com/developerworks/cn/web/wa-steganalysis/

http://www.alloyteam.com/2016/03/image-steganography/

http://www.guokr.com/article/3741/

http://bobao.360.cn/learning/detail/441.html

2. Substitution cipher

In cryptography, a substitution cipher is a method of encoding by which units of plaintext are replaced with ciphertext, according to a fixed system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing the inverse substitution.
There are a number of different types of substitution cipher

. simple substitution cipher(单表): If the cipher operates on single letters, it is termed a simple substitution cipher; 单表替代 就是明文的每一个字母用相应的数字代替。代替规律是根据密钥形成的一个新的字母表,与原明文字母有映射关系

    ) 凯撒加密就是一种单表替换

    ) Rot13: 和凯撒加密的区别在于偏移量不同

. 多表替代

a cipher that operates on larger groups of letters is termed polygraphic. A monoalphabetic cipher uses fixed substitution over the entire message, whereas a polyalphabetic cipher uses a number of substitutions at different positions in the message, where a unit from the plaintext is mapped to one of several possibilities in the ciphertext and vice versa.

    ) 维吉尼亚(Vigenere): 由多个单字母密码和替代密码组成,维吉尼亚密码是一种常用的多表替代密码。维吉尼亚密码循环使用有限个字母(密钥字符串)来生成密钥并实现替代。每个密钥字母用来加密一个明文字母。第一个密钥字母用来加密明文的第一个字母。第二个密钥字母加密明文的第二个字母,以此类推

0x1: 凯撒密码

凯撒密码是一种简单的加密方法,即将文本中的每一个字符都位移相同的位置

如选定位移3位:

原文:a b c

密文:d e f

由于出现了字母频度分析,凯撒密码变得很容易破解

//凯撒密码的"全量等长平移"不改变原文的词频

. 计算其中每个字母的出现频率。我们将频率最高的字母标为1号,频率排第2的标为2号,第三标为3号,依次类推,直到数完样品文章中所有字母

. 观察需要破译的密文,同样分类出所有的字母的词频,即也分为1号、2号、3号

. 对比原文和密文的1号、2号、3号..的偏移差值是否都相等,如果相等,则它们的差值即为key

0x2: 凯撒解密

"""

# -*- coding: utf- -*-

# Author: zhenghan <zhenghan.zh@alibaba-inc.com>

# Date: // :

@version: undo

@license: Apache Licence

@site: http://littlehann.cnblogs.com/

@software: PyCharm Community Edition

@file: Crypto.py

"""

def convert(c, key, start = 'a', n = ):

    a = ord(start)

    offset = ((ord(c) - a + key)%n)

    return chr(a + offset)

def caesarEncode(s, key):

    o = ""

    for c in s:

        if c.islower():

            o+= convert(c, key, 'a')

        elif c.isupper():

            o+= convert(c, key, 'A')

        else:

            o+= c

    return o

def caesarDecode(s, key):

    return caesarEncode(s, -key)

def forDecode(source):

    for key in range():

        print "key = ", key

        encoded = caesarEncode(source, key)

        decoded = caesarDecode(encoded, key)

        print "encoded: ", encoded

        print "decoded: ", decoded

        print "----------"

if __name__ == '__main__':

    source = 'LW GUN QTBZAUGW AXD WXR VQC MNQD GUZJ BW YMZNCD Z QB ZBSMNJJND ONMW FNTT DXCN WXRM JXTRGZXC ENW ZJ XBZUQMBMJBCJ GUZJ TZGGTN VUQTTNCAN FQJ CXG GXX UQMD FQJ ZG'

    forDecode(source)

0x3: 维吉尼亚密码

维吉尼亚密码引入了"密钥"的概念,即根据密钥来决定用哪一行的密表来进行替换,以此来对抗字频统计。假如以上面第一行代表明文字母,左面第一列代表密钥字母,对如下明文加密

. 明文: TO BE OR NOT TO BE THAT IS THE QUESTION

. 当选定RELATIONS作为密钥时,加密过程是

    ) 明文一个字母为T,第一个密钥字母为R,因此可以找到在R行中代替T的为K

    ) 依此类推,得出对应关系如下:

密钥:RELAT IONSR ELATI ONSRE LATIO NSREL

明文:TOBEO RNOTT OBETH ATIST HEQUE STION

密文:KSMEH ZBBLK SMEMP OGAJX SEJCS FLZSY

0x4: 维尼吉亚的破解

维吉尼亚密码分解后实则就是多个凯撒密码,只要知道密钥的长度,我们就可以将其分解

. 如密文为:ABCDEFGHIJKLMN

. 如果我们知道密钥长度为3,就可将其分解为三组:

组1:A D G J N

组2:B E H K

组3:C F I M

. 分解后每组就是一个凯撒密码,即组内的位移量是一致的,对每一组即可用频度分析法来解密,每组得到的key最终拼接起来最终得到整个key短语

. 所以破解维吉尼亚密码的关键就是确定密钥的长度

1. 确定密钥长度

确定密钥长度主要有两种方法,Kasiski 测试法相对简单很多,但Friedman 测试法的效果明显优于Kasiski 测试法

. Kasiski 测试法: 在英文中,一些常见的单词如the有几率被密钥的相同部分加密,即原文中的the可能在密文中呈现为相同的三个字母。在这种情况下,相同片段的间距就是密文长度的倍数。所以我们可以通过在密文中找到相同的片段,计算出这些相同片段之间的间距,而密钥长度理论上就是这些间距的公约数

. Friedman 测试法: 首先我们要知道,对于一种特定的自然语言,如果文本足够长,那么各个字母出现的概率是相对稳定的

2. 字母频度分析

在知道了密钥长度n以后,就可将密文分解为n组,每一组都是一个凯撒密码,然后对每一组用字母频度分析进行解密,和在一起就能成功解密凯撒密码

0x5: 基于高频字典是否命中智能判定"替换加密"密码key: 智能推断key的弗尼吉亚解密

"""

# -*- coding: utf- -*-

# Author: zhenghan <zhenghan.zh@alibaba-inc.com>

# Date: // :

@version: undo

@license: Apache Licence

@site: http://littlehann.cnblogs.com/

@software: PyCharm Community Edition

@file: cipher.py

"""

import copy

import re

from itertools import combinations

try:

    from string import maketrans

except ImportError:

    maketrans = str.maketrans

# In decrypt.py set MAX_GOODNESS_LEVEL with number  - , how many word dicts to use(see words/ for wordlists)

# In decrypt.py set MAX_BAD_WORDS_RATE with number 0.0 - 1.0, the max rate of bad words

MAX_GOODNESS_LEVEL =   # -

MAX_BAD_WORDS_RATE = 0.06

ABC = "abcdefghijklmnopqrstuvwxyz"

class WordList:

    MAX_WORD_LENGTH_TO_CACHE = 

    def __init__(self):

        # words struct is

        # {(length,different_chars)}=[words] if len > MAX_WORD_LENGTH_TO_CACHE

        # {(length,different_chars)}=set([words and templates]) else

        self.words = {}

        for goodness in range(MAX_GOODNESS_LEVEL):

            for word in open("words/" + str(goodness) + ".txt"):

                word = word.strip()

                word_len = len(word)

                properties = (word_len, len(set(word)))

                if word_len > WordList.MAX_WORD_LENGTH_TO_CACHE:

                    words = self.words.get(properties, [])

                    words.append(word)

                    self.words[properties] = words

                else:

                    # add all possible combinations of the word and dots

                    words = self.words.get(properties, set([]))

                    for i in range(word_len + ):

                        for dots_positions in combinations(range(word_len), i):

                            adding_word = list(word)

                            for j in dots_positions:

                                adding_word[j] = '.'

                            words.add(''.join(adding_word))

                    self.words[properties] = words

    def find_word_by_template(self, template, different_chars):

        """ Finds the word in the dict by template. Template can contain

        alpha characters and dots only """

        properties = (len(template), different_chars)

        if properties not in self.words:

            return False

        words = self.words[properties]

        if properties[] > WordList.MAX_WORD_LENGTH_TO_CACHE:

            template = re.compile(template)

            for word in words:

                if template.match(word):

                    return True

        else:

            if template in words:

                return True

        return False

class KeyFinder:

    def __init__(self, enc_words):

        self.points_threshhold = int(len(enc_words) * MAX_BAD_WORDS_RATE)

        self.dict_wordlist = WordList()

        self.enc_words = enc_words

        self.different_chars = {}

        self.found_keys = {}  # key => bad words

        for enc_word in enc_words:

            self.different_chars[enc_word] = len(set(enc_word))

    def get_key_points(self, key):

        """ The key is 26 byte alpha string with dots on unknown places """

        trans = maketrans(ABC, key)

        points = 

        for enc_word in self.enc_words:

            different_chars = self.different_chars[enc_word]

            translated_word = enc_word.translate(trans)

            if not self.dict_wordlist.find_word_by_template(translated_word,

                                                            different_chars):

                points +=

        return points

    def recursive_calc_key(self, key, possible_letters, level):

        """ Tries to place a possible letters on places with dots """

        print("Level: %3d, key: %s" % (level, key))

        if '.' not in key:

            points = self.get_key_points(key)

            print("Found: %s, bad words: %d" % (key, points))

            self.found_keys[key] = points

            return

        nextpos = -  # a pos with a minimum length of possible letters

        minlen = len(ABC) + 

        for pos in range(len(ABC)):

            if key[pos] == ".":

                for letter in list(possible_letters[pos]):

                    new_key = key[:pos] + letter + key[pos + :]

                    if self.get_key_points(new_key) > self.points_threshhold:

                        possible_letters[pos].remove(letter)

                        if not possible_letters[pos]:

                            return

                if len(possible_letters[pos]) < minlen:

                    minlen = len(possible_letters[pos])

                    nextpos = pos

        while possible_letters[nextpos]:

            letter = possible_letters[nextpos].pop()

            new_possible_letters = copy.deepcopy(possible_letters)

            for pos in range(len(ABC)):

                new_possible_letters[pos] -= set([letter])

            new_possible_letters[nextpos] = set([letter])

            new_key = key[:nextpos] + letter + key[nextpos + :]

            self.recursive_calc_key(new_key, new_possible_letters, level + )

    def find(self):

        if not self.found_keys:

            possible_letters = [set(ABC) for i in range(len(ABC))]

            self.recursive_calc_key("." * len(ABC), possible_letters, )

        return self.found_keys

def main():

    enc_text = open("encrypted.txt").read().lower()

    enc_words = re.findall(r"[a-z']+", enc_text)

    # skip the words with apostrophs

    enc_words = [word for word in enc_words

                      if "'" not in word and

                         len(word) <= WordList.MAX_WORD_LENGTH_TO_CACHE

                ]

    enc_words = enc_words[:]

    print("Loaded %d words in encrypted.txt, loading dicts" % len(enc_words))

    keys = KeyFinder(enc_words).find()

    if not keys:

        print("Key not founded, try to increase MAX_BAD_WORDS_RATE")

    for key, bad_words in keys.items():

        print("Possible key: %s, bad words:%d" % (key, bad_words))

    best_key = min(keys, key=keys.get)

    print("Best key: %s, bad_words %d" % (best_key, keys[best_key]))

    trans = maketrans(ABC, best_key)

    decrypted = open("encrypted.txt").read().translate(trans)

    try:

        decryptedFile = open("decrypted.txt", "w")

        try:

            decryptedFile.write(decrypted)

        finally:

            decryptedFile.close()

    except IOError:

        print("[*] Decrypted text not saved")

    print(decrypted)

if __name__ == "__main__":

    try:

        #import cProfile

        #cProfile.run('main()')

        main()

    except Exception as E:

        print("Error: %s" % E)

Relevant Link:

http://substitution.webmasters.sk/simple-substitution-cipher.php

http://rumkin.com/tools/cipher/substitution.php

https://www.douban.com/group/topic/13381765/

http://baike.baidu.com/view/541906.htm

https://github.com/alexbers/substitution_cipher_solver

https://github.com/larz258/Crypto

http://www.cnblogs.com/gaopeng527/p/4518070.html

https://en.wikipedia.org/wiki/Substitution_cipher#Simple_substitution

http://lazynight.me/2859.html

http://cizixs.com/2014/11/30/two-encryption-methods-and-cracks

http://crypto.interactive-maths.com/monoalphabetic-substitution-ciphers.html

http://baike.baidu.com/view/270838.htm

http://blog.csdn.net/limisky/article/details/16885959

3. Transposition cipher

https://en.wikipedia.org/wiki/Transposition_cipher

4. Bacon's cipher

Bacon's cipher or the Baconian cipher is a method of steganography (a method of hiding a secret message as opposed to a true cipher) devised by Francis Bacon in 1605. A message is concealed in the presentation of text, rather than its content.

0x1: Cipher details(I=J & U=V)

To encode a message, each letter of the plaintext is replaced by a group of five of the letters 'A' or 'B'. This replacement is a binary encoding and is done according to the alphabet of the Baconian cipher, shown below.

a  AAAAA       g    AABBA       n  ABBAA       t    BAABA

b  AAAAB       h    AABBB       o  ABBAB       u-v  BAABB

c  AAABA       i-j  ABAAA       p  ABBBA       w    BABAA

d  AAABB       k    ABAAB       q  ABBBB       x    BABAB

e  AABAA       l    ABABA       r  BAAAA       y    BABBA

f  AABAB       m    ABABB       s  BAAAB       z    BABBB

0x2: Cipher details(I != J or U != V)

0x3: 使用方式

隐写术的强大之处在于"隐写"后的"密文"在字符内容上可以和原文没有任何关系,它们之间可以以任何的映射关系完成映射,例如

BaCoN's cIphEr or THE bacOnIAN CiPHer iS a meThOD oF sTEGaNOGrapHY (a METhoD Of HidIng A sECRet MeSsaGe as OpPOsEd TO a TRUe CiPHeR) dEVIseD BY francis bAcoN. a MessAge Is coNCeALED in THe pRESenTatIoN OF TexT, ratHer thaN iTs coNteNt. tO enCODe A MEsSaGe, eaCh lETter Of THe pLAInText Is rePLAcED By A groUp oF fIvE OF the LetTeRS 'a' OR 'b'. thIS REplaCEmENT is doNE acCORding tO thE alpHABet oF THe BACOnIAN cIpHeR, sHoWn bElOw. NoTe: A SeCoNd vErSiOn oF BaCoN'S CiPhEr uSeS A UnIqUe cOdE FoR EaCh lEtTeR. iN OtHeR WoRdS, i aNd j eAcH HaS ItS OwN PaTtErN. tHe wRiTeR MuSt mAkE UsE Of tWo dIfFeReNt tYpEfAcEs fOr tHiS CiPhEr. AfTeR PrEpArInG A FaLsE MeSsAgE WiTh tHe sAmE NuMbEr oF LeTtErS As aLl oF ThE As aNd bS In tHe rEaL, sEcReT MeSsAgE, tWo tYpEfAcEs aRe cHoSeN, oNe tO RePrEsEnT As aNd tHe oThEr bS. tHeN EaCh lEtTeR Of tHe fAlSe mEsSaGe mUsT Be pReSeNtEd iN ThE ApPrOpRiAtE TyPeFaCe, AcCoRdInG To wHeThEr iT StAnDs fOr aN A Or a b. To dEcOdE ThE MeSsAgE, tHe rEvErSe mEtHoD Is aPpLiEd. EaCh 'TyPeFaCe 1' LeTtEr iN ThE FaLsE MeSsAgE Is rEpLaCeD WiTh aN A AnD EaCh 'TyPeFaCe 2' LeTtEr iS RePlAcEd wItH A B. tHe bAcOnIaN AlPhAbEt iS ThEn uSeD To rEcOvEr tHe oRiGiNaL MeSsAgE. aNy mEtHoD Of wRiTiNg tHe mEsSaGe tHaT AlLoWs tWo dIsTiNcT RePrEsEnTaTiOnS FoR EaCh cHaRaCtEr cAn bE UsEd fOr tHe bAcOn cIpHeR. bAcOn hImSeLf pRePaReD A BiLiTeRaL AlPhAbEt[] FoR HaNdWrItTeN CaPiTaL AnD SmAlL LeTtErS WiTh eAcH HaViNg tWo aLtErNaTiVe fOrMs, OnE To bE UsEd aS A AnD ThE OtHeR As b. ThIs wAs pUbLiShEd aS An iLlUsTrAtEd pLaTe iN HiS De aUgMeNtIs sCiEnTiArUm (ThE AdVaNcEmEnT Of lEaRnInG). BeCaUsE AnY MeSsAgE Of tHe rIgHt lEnGtH CaN Be uSeD To cArRy tHe eNcOdInG, tHe sEcReT MeSsAgE Is eFfEcTiVeLy hIdDeN In pLaIn sIgHt. ThE FaLsE MeSsAgE CaN Be oN AnY ToPiC AnD ThUs cAn dIsTrAcT A PeRsOn sEeKiNg tO FiNd tHe rEaL MeSsAgE.

/*

1. 定义映射关系: 大写字母代表B、小写字母代表a

2. 对密文进行预处理

    1) 去除空格

    2) 去除标点、单双引号等字符

2. 将字母根据大小写映射关系翻译为AB..的组合

BABABAABAABAAABBBAAABABBBBABBAAABAAABABBABABBBABBBAAABBABBBAABBABAABAABABBBAABABAABAAABABBABABBABBBABABBABABBBAABBBAAAAAAAABAABABAAABAABAAABBABBBBAABBAABBBAABAABABBBBAABAAABAAAAABABAAABAABAABAABBBABBBABABAAABAABBAAABABBAABBBABAAABAAABBBABBBABAAABAABABABBBAAABAABABBABBAAABBBBAAABBABBBAAAABBAABBBAAAAABAABAAABBBAAABBBABBBBABBBABABABABABAABABABABABBABABAABABABAABBABABBBABABAABABBBABABAABABBABBABAABABABABBABABBABABAABAAABABBABBABBABBABABABABAABABABBABAABABBABBAABAABABABABAABABABABAABAABABBABABABABABBABABABABBBABABBABABABBABAABAABABBABABAABBABABABBAABAABBABBAABAABBAABAABABABABABBABABABABAABABABABAABAABABABABAABBABABABABBAABAABAABABAABABABBABAABABABBAABAABABAABABABAABABBAABABABABAABBABBABABABABABBABABABABABABABABBAABABABAABBABABAABAABBBAAABAABABABBABBABABABABAABABABAABABABBAABABABABABABABABABABABABAABBABBABABBABABABBAABABABABBABAABBBABBABABABABABABABABAABBABABABAABABBBABAABABABABBABABABAABBABAABABBAABABABAABAABABABABBABABABABAABABABBAABABABAABAABABABAABABBABABAABAABABABABBABABABABABABABBABBABAABABABABAABAABBABAABAABAABABAABABABABABAABABABAABABABABBBABABABABBABABABABABBABABABABABBABABABBABBABABBABABABBABAABABBABABAABAABABABABABAABABABABBAABBABAABBBABBABBABABBAABABAABAABABABABAABBAABABABABABAABABAABBABBAABABABABAABABABABABABABBABABABABABBAABABABABBABABABBABBABABABBAABAABABAABABABBABBAABABBAABABAABAABABABABABAABABABBABABABBAABABABABABAABABABBAABABAABABABABBABABBABABABBABBAABBABBABABBABBABAABAABABABABBBABABAABABABAABBABAABAABABBABABAB

3. 使用bacon算法进行翻译

veryxwellxdonexfellowxhackerxthexsecretxkeywordxisxclmpdodhashdxxkvfk su  jouw kwwurnw vfnfwjksvewvlkxlk jnjvmtmtevlkuvjfknkZeuvuvskksZktnkwvkvsu soevwvjkkZkvkvjwwvsvu vkvjvjosvvjuwkskwvjlfjfjnjflkvlnfkjuskkvfjk k vnkwvwwvuwusvjkZu wwkjktfkstmvjkvnkwkwvwvskk fsskvfnlfkswkkwwvwnvwskxkktjfv

4. 将x替换为空格

very well done fellow hacker the secret keyword is clmpdodhashd  kvfk su  jouw kwwurnw vfnfwjksvewvlk lk jnjvmtmtevlkuvjfknkZeuvuvskksZktnkwvkvsu soevwvjkkZkvkvjwwvsvu vkvjvjosvvjuwkskwvjlfjfjnjflkvlnfkjuskkvfjk k vnkwvwwvuwusvjkZu wwkjktfkstmvjkvnkwkwvwvskk fsskvfnlfkswkkwwvwnvwsk kktjfv

*/

Relevant Link:

https://github.com/mathiasbynens/bacon-cipher

http://www.geocachingtoolbox.com/index.php?page=baconianCipher

http://rumkin.com/tools/cipher/baconian.php

https://en.wikipedia.org/wiki/Bacon%27s_cipher

5. LSB-Steganography

LSB和Beacon编码不一样,它是另一种隐写思路

. Beacon编码和密文内容无关,它是利用密文的"presentation(外形)"来表示0 1这2种状态码,这里的外形可以是任何的形式,任何图形,甚至声音等物理因素

. LSB的思路某种程度上来说正好相反,LSB的目的是隐藏自身的编码痕迹,利用人眼对颜色对比度的感知能力较弱,将目标明文的binary流分组写入图像像素的低位上(RGB)

LSB隐写解密的难点在于,即使不考虑 alpha 通道,随便勾选 RGB 某一通道的某一位,共有 3*8=24 种单项选择(复合选择暂未考虑)

Relevant Link:

https://github.com/RobinDavid/LSB-Steganography

http://drops.wooyun.org/tips/4862

Copyright (c) 2016 LittleHann All rights reserved

Encryption and decryption、Steganography、Decryption Tools的更多相关文章

  1. AS中的minSdkVersion、compileSdkVersion、targetSdkVersion、buildTools及tools关系和区别

    1.参考文章关于compileSdk.minSdk.targetSdk的文章 http://chinagdg.org/2016/01/picking-your-compilesdkversion-mi ...

  2. 非对称加密RSA、Elgamal、背包算法、Rabin、D-H、ECC(椭圆曲线加密算法)等。使用最广泛的是RSA算法

          非对称加密算法需要两个密钥:公开密钥(publickey)和私有密钥(privatekey).公开密钥与私有密钥是一对,如果用公开密钥对数据进行加密,只有用对应的私有密钥才能解密:如果用私 ...

  3. iOS 第三方库、插件、知名博客总结

    iOS 第三方库.插件.知名博客总结 用到的组件 1.通过CocoaPods安装 项目名称 项目信息 AFNetworking 网络请求组件 FMDB 本地数据库组件 SDWebImage 多个缩略图 ...

  4. iOS开发 非常全的三方库、插件、大牛博客等等

    UI 下拉刷新 EGOTableViewPullRefresh- 最早的下拉刷新控件. SVPullToRefresh- 下拉刷新控件. MJRefresh- 仅需一行代码就可以为UITableVie ...

  5. AES加密CBC模式兼容互通四种编程语言平台【PHP、Javascript、Java、C#】

    原文:AES加密CBC模式兼容互通四种编程语言平台[PHP.Javascript.Java.C#] 由于本人小菜,开始对AES加密并不了解,在网络上花了比较多时间查阅资料整理: 先简单从百度找来介绍: ...

  6. 【转载】HTTP/FTP客户端开发库:libwww、libcurl、libfetch

    网页抓取和ftp访问是目前很常见的一个应用需要,无论是搜索引擎的爬虫,分析程序,资源获取程序,WebService等等都是需 要的,自己开发抓取库当然是最好了,不过开发需要时间和周期,使用现有的Ope ...

  7. Consul 简介、安装、常用命令的使用

    1 Consul简介 Consul 是 HashiCorp 公司推出的开源工具,用于实现分布式系统的服务发现与配置.与其他分布式服务注册与发现的方案,Consul的方案更"一站式" ...

  8. 一问带你区分清楚Authentication,Authorization以及Cookie、Session、Token

    上周写了一个 适合初学者入门 Spring Security With JWT 的 Demo .Demo 地址:https://github.com/Snailclimb/spring-securit ...

  9. 编码、加密、Hash

    今天没有编码,还是属于纯理论的东东,概念也比较多,但是实际真正完全理解它们的人不多,也很重要,这些东东在实际中也经常被用到,但需要真正理解了才能正确的使用它们,这里列一下相关司:MD5.SHA1.RS ...

随机推荐

  1. win10 anaconda+tensorflow+keras

    最近想用python实现下lstm模型,然后看网上教程配置了下环境,中间出现了一些问题,记录下. 1.开始menu中anaconda文件夹下没有ipython的图标了. 我电脑里的anaconda是很 ...

  2. XML详解二XML的解析与创建

    XML用来传输和存储数据,如何解析获取到的XML文本呢? 一.解析XML 创建demo.xml文件: <?xml version="1.0" encoding="U ...

  3. adb.exe 安卓测试桥的使用

    一.android SDK提供了几个工具 (在SDK下build-tools目录下的工具) dx.bat ----------->把java编译器编译生成的.class 文件 ,变成一个文件,让 ...

  4. Jetson TX2(1)ubutu1604--安装Nvidia Linux驱动

    https://www.jianshu.com/p/c8ebe4aaa708 系统开机首次进入的是以nvidia用户登录的Ubuntu 命令行界面.Nvidia 驱动安装 通过sudo su 输入密码 ...

  5. yidiandian

    hzwer libreoj (需要拿新版的打开)

  6. 将List按照指定大小等分的几种实现方式和效率对比及优化

    今天碰到一个需求,定时任务,批量从表里取数据并做一些其他操作然后再存表,每次取1000条,由于计算过程比较耗时所以要起多个线程同时跑,需要将List按照指定大小等分,如每100条数据起一个线程,若最后 ...

  7. UOJ143 万圣节的数列 构造

    传送门 做过这道题,然后这道题告诉你怎么构造数据-- 一种可行的构造方式是:将奇数和偶数分成两半,奇数放在偶数前面,然后除以2,再递归下去处理. 构造的正确性是显然的:如果存在"奇数偶数奇数 ...

  8. 微信公众号开发 [05] 微信支付功能开发(网页JSAPI调用)

    1.微信支付的流程 如下三张手机截图,我们在微信网页端看到的支付,表面上看到的是 "点击支付按钮 - 弹出支付框 - 支付成功后出现提示页面",实际上的核心处理过程是: 点击支付按 ...

  9. python 必学模块collections

    包含的主要功能如下 查看collections 的源码我们可以看到其为我们封装了以下的数据结果供我们调用 __all__ = ['deque', 'defaultdict', 'namedtuple' ...

  10. 6-4 The present perfect

    1 Summary The present perfect is an important verb tense in English. It is used to talk about things ...