火锅链观光打卡:
签到题,登入网址后被提示需要安装meta钱包,在google浏览器中进行了插件安装以及比较基本的网络安全的知识的答题后得到了flag
flag:flag{y0u_ar3_hotpot_K1ng}
asm_re:
经典的看汇编的逆向题目
具体步骤如下:
读取字符: 从 flag 中读取每个字符。乘以 0x50 (80),加 0x14 (20)
异或 0x4D (77),加 0x1E (30),将结果存储到 result_array 中,比较 result_array 和 expected_array,判断是否匹配
通过以下脚本求得flag
expected_array = [
0x1FD7, 0x21B7, 0x1E47, 0x2027, 0x26E7, 0x10D7, 0x1127, 0x2007, 0x11C7, 0x1E47,
0x1017, 0x1017, 0x11F7, 0x2007, 0x1037, 0x1107, 0x1F17, 0x10D7, 0x1017, 0x1017,
0x1F67, 0x1017, 0x11C7, 0x11C7, 0x1017, 0x1FD7, 0x1F17, 0x1107, 0x0F47, 0x1127,
0x1037, 0x1E47, 0x1037, 0x1FD7, 0x1107, 0x1FD7, 0x1107, 0x2787
]
def reverse_transform(value):
value = (value-0x1E) & 0xFFFFFFFFFFFFFFFF
value ^=0x4D
value = (value-0x14) & 0xFFFFFFFFFFFFFFFF
value //=0x50
return chr(value)
def main():
flag = ''.join(reverse_transform(val) for val in expected_array)
print("Decrypted flag:",flag)
if __name__ == "__main__":
main()
Flag:flag{67e9a228e45b622c2992fb5174a4f5f5}
OvO
首先,根据
得
显然有
因为低200位不受影响,上网站上一查,发现这样算出来的r,比其小的最大质数刚刚好是r-2,从而得到了验证
两边同时乘p得(高中时就很常见的消元思想)
只有p未知,知道e高位,那么就可以求得p高位
随后利用coppersmith解决p高位泄露问题的思想就可以解决问题
#from Crypto.Util.number import long_to_bytes, inverse
from gmpy2 import*
from sage.all import PolynomialRing,Zmod,RealField
n = 111922722351752356094117957341697336848130397712588425954225300832977768690114834703654895285440684751636198779555891692340301590396539921700125219784729325979197290342352480495970455903120265334661588516182848933843212275742914269686197484648288073599387074325226321407600351615258973610780463417788580083967
e = 37059679294843322451875129178470872595128216054082068877693632035071251762179299783152435312052608685562859680569924924133175684413544051218945466380415013172416093939670064185752780945383069447693745538721548393982857225386614608359109463927663728739248286686902750649766277564516226052064304547032760477638585302695605907950461140971727150383104
c = 14999622534973796113769052025256345914577762432817016713135991450161695032250733213228587506601968633155119211807176051329626895125610484405486794783282214597165875393081405999090879096563311452831794796859427268724737377560053552626220191435015101496941337770496898383092414492348672126813183368337602023823
rr =e//n
kk=rr-2
tt=65537+(kk+2)*n+(kk+2)+1
R=PolynomialRing(RealField(1024),'x')
x= R.gen()
f = e*x-(2*(kk+1)*x^2+(kk+2)*n+tt*x)
res =f.roots()
for root in res:
p_gao = int(root[0])
PR= PolynomialRing(Zmod(n),'x')
x= PR.gen()
fl=x+ p_gao
roots =fl.monic().small_roots(X=2^200,beta=0.4)
if roots:
p=int(roots[0])+ p_gao
q = n//p
ee = 65537+kk*p+(kk+2)*((p+1)*(q+1))+1
d= invert(ee,(p-1)*(q-1))
m = pow(c,d,n)
print(int(m))
#56006392793427936249326135903797910465566351628973798796757006478713999781467542218211934319748211581
#print(long_to_bytes(56006392793427936249326135903797910465566351628973798796757006478713999781467542218211934319748211581))
因为今天做其他题的时候刷新过虚拟机的环境
不能用原本的sage模块了,考虑了一下决定分两步走,如下
本来我是打pwn的,但是这次pwn有点看不明白,队伍里的其他题解基本都在这里,有兴趣的师傅们可以移步下方链接