## EN | ZH¶

typora-root-url: ../../

# DES¶

## basic introduction¶

Data Encryption Standard (DES), a data encryption standard, is a typical block encryption. The basic information is as follows:

• Enter 64 bits.
• Output 64 bits.
• The key is 64 bits, using 56 bits of the 64-bit key, and the remaining 8 bits are either discarded or used as parity bits.
• Feistel iterative structure
• The plaintext is ciphered after 16 iterations.
• The ciphertext is plaintext after a similar 16 iterations.

## Basic Process¶

Give a simple [DES Flowchart] (http://homepage.usask.ca/~dtr467/400/).

### Encryption¶

We can consider each round of encryption process

$L_{i+1}=R_i$

$R_{i+1}=L_i\oplus F(R_i,K_i)$

Then before the last Permutation, the corresponding ciphertext is $(R_{n+1}, L_{n+1})$.

### Decryption¶

So how does decryption decrypt it? First, we can reverse the ciphertext first, then we can get the final round of output. We will consider each round at this time.

$R_i=L_{i+1}$

$L_i=R_{i+1}\oplus F(L_{i+1},K_i)$

Therefore, $(L_0,R_0)$ is the plaintext after the first replacement when encrypting. We only need to perform the inverse permutation to get the plaintext.

It can be seen that DES encryption and decryption uses the same set of logic, except that the order in which the keys are used is inconsistent.

## Core components¶

The core components in DES mainly include (only the encryption process is given here)

• initial replacement
• F function
• E extension function
• S box, design criteria not given.
• P replacement
• Last replacement

Where the F function is as follows

If you are more interested in DES, you can study it more closely. Welcome to PR.

## derivative¶

Based on DES, the following two encryption methods are derived.

• Double DES
• Three DES

### Dual DES¶

Dual DES uses two keys and is 112 bits long. Encryption method is as follows

$C = E_ {k2} (E_ {k1} (P))$

But dual DES can't resist the middle encounter attack, we can construct the following two sets

$I = {E_ {k1} (P)}$

$J=D_{k2}(C)$

That is, respectively enumerate K1 and K2 to encrypt P and decrypt C respectively.

After we encrypt P, we can sort the encryption results. The complexity is $2^nlog(2^n)=O(n2^n)$

When we decrypt C, we can go to the corresponding table for each decryption.

The total complexity is still $O(n2^n)$.

### Triple DES¶

Triple DES encryption and decryption methods are as follows

$C=E_{k3}(D_{k2}(E_{k1}(P)))$

$P=D_{k1}(E_{k2}(D_{k3}(C)))$

There are two ways to choose a key.

• 3 different keys, k1, k2, k3 are independent of each other, a total of 168 bits.
• 2 different keys, k1 and k2 are independent, k3 = k1, 112 bits.

## Attack method¶

• Differential attack
• Linear attack

## 2018 N1CTF N1ES¶

The basic code is as follows

# -*- coding: utf-8 -*-

f = lambda x, y: x + y - 2 * (x & y)

true = &#39;&#39;
for i in range(len(a)):

res + = chr (f (words (a [i]), words (b [i])))
return res

def permutate(table, block):

return list(map(lambda x: block[x], table))

def string_to_bits(data):

data = [ord(c) for c in data]

l = len (data) * 8
result = [0] * l
post = 0
for ch in data:

for i in range(0,8):

result[(pos<<3)+i] = (ch>>i) & 1

post + = 1
return result

s_box = [54, 132, 138, 83, 16, 73, 187, 84, 146, 30, 95, 21, 148, 63, 65, 189, 188, 151, 72, 161, 116, 63, 161, 91, 37, 24, 126, 107, 87, 30, 117, 185, 98, 90, 0, 42, 140, 70, 86, 0, 42, 150, 54, 22, 144, 153, 36, 90, 149, 54, 156, 8, 59, 40, 110, 56,1, 84, 103, 22, 65, 17, 190, 41, 99, 151, 119, 124, 68, 17, 166, 125, 95, 65, 105, 133, 49, 19, 138, 29, 110, 7, 81, 134, 70, 87, 180, 78, 175, 108, 26, 121, 74, 29, 68, 162, 142, 177, 143, 86, 129, 101, 117, 41, 57, 34, 177, 103, 61, 135, 191, 74, 69, 147, 90, 49, 135, 124, 106, 19, 8

9, 38, 21, 41, 17, 155, 83, 38, 159, 179, 19, 157, 68, 105, 151, 166, 171, 122, 179, 114, 52, 183, 89, 107, 113, 65, 161, 141, 18, 121, 95, 4, 95, 101, 81, 156,

17, 190, 38, 84, 9, 171, 180, 59, 45, 15, 34, 89, 75, 164, 190, 140, 6, 41, 188, 77, 165, 105, 5, 107, 31, 183, 107, 141, 66, 63, 10, 9, 125, 50, 2, 153, 156, 162, 186, 76, 158, 153, 117, 9, 77, 156, 11, 145, 12, 169, 52, 57, 161, 7, 158, 110, 191, 43, 82, 186, 49, 102, 166, 31, 41, 5, 189, 27]

def generate(o):

k = permutate (s_box, o)
b = []

for i in range(0, len(k), 7):

b.append(k[i:i+7] + [1])

c = []

for i in range(32):

post = 0
x = 0

for j in b[i]:

x += (j<<pos)

post + = 1
c.append((0x10001**x) % (0x7f))

return c

class N1ES:

def __init__(self, key):

if (len(key) != 24 or isinstance(key, bytes) == False ):

raise Exception("key must be 24 bytes long")

self.key = key

self.gen_subkey()

def gen_subkey(self):

o = string_to_bits(self.key)

k = []
for i in range(8):

o = generate (o)
k.extend(o)

o = string_to_bits([chr(c) for c in o[0:24]])

self.Kn = []

for i in range(32):

self.Kn.append(map(chr, k[i * 8: i * 8 + 8]))

return

def encrypt(self, plaintext):

if (len(plaintext) % 16 != 0 or isinstance(plaintext, bytes) == False):

raise Exception("plaintext must be a multiple of 16 in length")

true = &#39;&#39;
for i in range(len(plaintext) / 16):

block = plaintext[i * 16:(i + 1) * 16]

L = block[:8]

R = block[8:]

for round_cnt in range(32):

L, R = R, (round_add(L, self.Kn[round_cnt]))

L, R = R, L

res += L + R

return res


Obviously, we can think of it as a way of Feistel encryption, the decryption function is as follows

    def decrypt(self,ciphertext):

true = &#39;&#39;
for i in range(len(ciphertext) / 16):

block = ciphertext[i * 16:(i + 1) * 16]

L = block[:8]

R = block[8:]

for round_cnt in range(32):

L,R=R,L

res += L + R

return res


The final result is

➜  baby_N1ES cat challenge.py

from N1ES import N1ES

import base64

key = "wxy191iss00000000000cute"

n1es = N1ES(key)

flag = "N1CTF{*****************************************}"

cipher = n1es.encrypt(flag)

#print base64.b64encode(cipher)  # HRlgC2ReHW1/WRk2DikfNBo1dl1XZBJrRR9qECMNOjNHDktBJSxcI1hZIz07YjVx

cipher = 'HRlgC2ReHW1/WRk2DikfNBo1dl1XZBJrRR9qECMNOjNHDktBJSxcI1hZIz07YjVx'

cipher = base64.b64decode(cipher)

print n1es.decrypt(cipher)

➜  baby_N1ES python challenge.py

N1CTF {F3istel_n3tw0rk_c4n_b3_ea5i1y_s0lv3d _ / - /}


## 2019 CISCN part_des¶

The title only gave one file:

Round n part_encode-> 0x92d915250119e12b



Considering the title name and data characteristics, Round n part_encode is the intermediate result of executing n rounds of des, and Key map should be the subkey of des. To restore the plaintext, only the reverse process of n rounds of des encryption can be performed. Pay attention to the following three points when decrypting.

• Subkey selection, for only n rounds of encryption results, the decryption should use the keys n, n-1..., 1 in sequence.
• des After the last round of operations, the unfinished des does not exchange the left and right parts and the inverse initial permutation, so we should perform these two steps on the ciphertext first.
• n choice, in this question, we don't know n, but it doesn't matter, we can try all possible values (0-15) flag should be ascii string.

??? note "Solution code"  python

kkk = 16 def bit_rot_left(lst, pos):

    return lst[pos:] + lst[:pos]

class DES:

IP = [

58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,

62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,

57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,

61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7

]

IP_re = [

40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31,
38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,

36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,

34,2,42,10,50,18,58,26,33,1,41,9,49,17,57,25

]

Pbox = [

16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,

2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25

]


E = [ 32,1,2,3,4,5,4,5,6,7,8,9,

            8,9,10,11,12,13,12,13,14,15,16,17,

16,17,18,19,20,21,20,21,22,23,24,25,

24,25,26,27,28,29,28,29,30,31,32,1

]

PC1 = [

57,49,41,33,25,17,9,1,58,50,42,34,26,18,

10,2,59,51,43,35,27,19,11,3,60,52,44,36,

63,55,47,39,31,23,15,7,62,54,46,38,30,22,

14,6,61,53,45,37,29,21,13,5,28,20,12,4

]

PC2 = [

14,17,11,24,1,5,3,28,15,6,21,10,

23,19,12,4,26,8,16,7,27,20,13,2,

41,52,31,37,47,55,30,40,51,45,33,48,

44,49,39,56,34,53,46,42,50,36,29,32

]


Sbox = [ [

                [14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7],

[0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8],

[4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0],

[15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13],

],

[

[15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10],

[3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5],

[0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15],

[13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9],

],

[

[10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8],

[13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1],

[13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7],

[1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12],

],

[

[7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15],

[13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9],

[10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4],

[3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14],

],

[

[2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9],

[14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6],

[4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14],

[11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3],

],

[

[12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11],

[10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8],

[9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6],

[4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13],

],

[

[4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1],

[13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6],

[1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2],

[6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12],

],

[

[13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7],

[1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2],

[7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8],

[2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11],

]

]

rout = [1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1]

def __init__(self):

self.subkey = [[[1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1], [1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1], [1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1], [1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0], [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1], [0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0], [0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0], [1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0], [1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0]], [[1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0], [1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0], [1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0], [0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1], [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0], [1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1], [1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1], [1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1], [1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1]]]

def permute(self, lst, tb):

return [lst[i-1] for i in tb]

def f(self,riti,subkeyi):

tmp = [i^j for i,j in zip(subkeyi,self.permute(riti,DES.E))]

return  self.permute(sum([[int(l) for l in str(bin(DES.Sbox[i][int(str(tmp[6*i])+str(tmp[6*i+5]),2)][int("".join(str(j) for j in tmp[6*i+1:6*i+5]),2)])[2:].zfill(4))] for i in range(8)],[]),DES.Pbox)

def des_main(self,m,mark):

sbkey = self.subkey[0]

#if mark == 'e' else self.subkey[1]

# tmp =  self.permute([int(i) for i in list((m).ljust(64,"0"))],self.IP)

tmp =  [int(i) for i in list((m).ljust(64,"0"))]


global kkk print (kkk) for i in range(kkk):

            tmp = tmp[32:] + [j^k for j,k in zip(tmp[:32],self.f(tmp[32:],sbkey[i if mark != 'd' else kkk-1-i]))]

return "".join([str(i) for i in self.permute(tmp[32:]+tmp[:32],self.IP_re)])

def des_encipher(self,m):

m = "".join([bin(ord(i))[2:].zfill(8) for i in m])


des_en = self.des_main (m, 'e') return "".join([chr(int(des_en[i8:i8+8],2)) for i in range(8)])

    def des_decipher(self,c):

c = "".join([bin(ord(i))[2:].zfill(8) for i in c])


des_de = self.des_main (c, 'd') return "".join([chr(int(des_de[i8:i8+8],2)) for i in range(8)])

def test():

import base64


global kkk while kkk >=0:

desobj = DES () # cipher = desobj.des_encipher("12345678")

        cipher = '\x01\x19\xe1+\x92\xd9\x15%'

message1 = desobj.des_decipher(cipher)

print(message1)


kkk = 1 if name=='main':

    test()




Decryption result (partial):

14
t-ÏEÏx§

13

y0ur9Ood
12

μp ^ Ûé = ¹
11

) ÁrûÕû


It can be seen that n is 13, and flag is flag{y0ur9Ood}`

## Reference¶

Tsinghua University graduate data security courseware - https://en.wikipedia.org/wiki/Data_Encryption_Standard