p = getPrime(1024) q = getPrime(1024) N = p*q Phi = (p-1)*(q-1) with open("flag", 'r') as fr: flag = bytes_to_long(fr.read().strip()) def get_enc_key(BitLen, Phi): e = getPrime(BitLen) if Phi % e == 0: return get_enc_key(BitLen, Phi) else: return e def sprint(message): print(message) sys.stdout.flush() def communicate(): sprint("This is a message distribute system. Please tell me your name: ") user = raw_input() bakcdoor(user) e = get_enc_key(randint(13, 13 + (len(user) % 4)), Phi) ct = powmod(flag, e, N) sprint("Hi %s, your N is: %d\nAnd your exponent is: %d\nLast but not least, your secret is: %d" % (user, N, e, ct)) sprint("You will know the secret after I give you P,Q.\nSee you next time!")
我是用python打开的另一份文件,一大堆的乱码但是比较关键性的数据还是能看到的,一共共有六组,而第一组和第六组的模数n正好相等,就用共模攻击求出了:FLAG{g00d_Luck_&_Hav3_Fun}