BUUCTF-Writeup11：RSA+

_Day_

已于 2025-05-16 21:29:47 修改

阅读量411

点赞数 10

分类专栏： CTF-Writeup 文章标签：学习安全密码学网络安全

于 2025-05-14 20:47:13 首次发布

本文链接：https://blog.csdn.net/2503_91983454/article/details/147962576

版权

CTF-Writeup 专栏收录该内容

14 篇文章

订阅专栏

题目来源：BUUCTF在线评测BUUCTF 是一个 CTF 竞赛和训练平台，为各位 CTF 选手提供真实赛题在线复现等服务。https://buuoj.cn/challenges

题目内容：

Math is cool! Use the RSA algorithm to decode the secret message, c, p, q, and e are parameters for the RSA algorithm.（数学很酷！使用RSA算法解码秘密消息，c、p、q和e是RSA算法的参数。）Use RSA to find the secret message.（使用RSA来找到秘密消息。）

p=9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q=11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
e=65537
c=83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034

解题思路（近似于BUUCTF-Writeup7：RSA-CSDN博客）：

$N=p*q$

$\Psi (N)=(p-1)(q-1)$

$e*d\equiv 1(mod \Psi (N))$

先求出私钥d：

$d\equiv e^{-1}(mod\Psi(N))$

计算私钥的函数：

代码：

p=9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q=11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
e=65537
 
def compute_private_key(p, q, e):
    phi_n = (p - 1) * (q - 1)
    # 扩展欧几里得算法
    def extended_gcd(a, b):
        old_r, r = a, b
        old_s, s = 1, 0
        old_t, t = 0, 1
        while r != 0:
            quotient = old_r // r
            old_r, r = r, old_r - quotient * r
            old_s, s = s, old_s - quotient * s
            old_t, t = t, old_t - quotient * t
        return old_r, old_s, old_t
    gcd, x, y = extended_gcd(e, phi_n)
    if gcd != 1:
        raise ValueError('模逆不存在，e和φ(n)必须互质')
    # 确保d是正数
    return x % phi_n
d = compute_private_key(p, q, e)
print(d)

运行结果：

所以私钥d：

d=56632047571190660567520341028861194862411428416862507034762587229995138605649836960220619903456392752115943299335385163216233744624623848874235303309636393446736347238627793022725260986466957974753004129210680401432377444984195145009801967391196615524488853620232925992387563270746297909112117451398527453977

解密代码：

def rsa_decrypt(c, d, n):
    return pow(c, d, n)

# 题中的参数
p=9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q=11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
c=83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034
d=56632047571190660567520341028861194862411428416862507034762587229995138605649836960220619903456392752115943299335385163216233744624623848874235303309636393446736347238627793022725260986466957974753004129210680401432377444984195145009801967391196615524488853620232925992387563270746297909112117451398527453977
n=p * q

# 解密
m = rsa_decrypt(c, d, n)
print("解密后的明文:", m)

运行结果：