题目内容如下:
题目介绍:
RSA roll!roll!roll!
Only number and a-z
(don’t use editor
which MS provide)
{920139713,19}
704796792
752211152
274704164
18414022
368270835
483295235
263072905
459788476
483295235
459788476
663551792
475206804
459788476
428313374
475206804
459788476
425392137
704796792
458265677
341524652
483295235
534149509
425392137
428313374
425392137
341524652
458265677
263072905
483295235
828509797
341524652
425392137
475206804
428313374
483295235
475206804
459788476
306220148
发现这些数字中前面两个是n,e
,后面是拆分的密文 c
。原来题目的 roll
是滚动拼接 flag
的意思。类似于2022 年HGAME中CRYPTO的Easy RSA。
.
import libnum
from Crypto.Util.number import long_to_bytes
list1=[704796792,
752211152,
274704164,
18414022,
368270835,
483295235,
263072905,
459788476,
483295235,
459788476,
663551792,
475206804,
459788476,
428313374,
475206804,
459788476,
425392137,
704796792,
458265677,
341524652,
483295235,
534149509,
425392137,
428313374,
425392137,
341524652,
458265677,
263072905,
483295235,
828509797,
341524652,
425392137,
475206804,
428313374,
483295235,
475206804,
459788476,
306220148]
flag=""
n=920139713
q=18443
p=49891
e=19
for i in list1:
c=i
d = libnum.invmod(e, (p - 1) * (q - 1)) #invmod(a, n) - 求a对于n的模逆,这里逆向加密过程中计算ψ(n)=(p-1)(q-1),对ψ(n)保密,也就是对应根据ed=1modψ(n),求出d
m = pow(c, d, n) # pow(x, y[, z])--函数是计算 x 的 y 次方,如果 z 在存在,则再对结果进行取模,其结果等效于 pow(x,y) %z,对应前面解密算法中M=D(C)=C^d(mod n)
#print(m) #明文的十进制格式
string = long_to_bytes(m) # m明文,用长字节划范围
flag+=string.decode()
print(flag)
得到flag{13212je2ue28fy71w8u87y31r78eu1e2}