ctfshow密码学做题笔记及代码整理

喝茶我喜欢喝大杯的

已于 2024-02-26 20:39:39 修改

阅读量21

点赞数

分类专栏：网络安全类文章标签：密码学

于 2023-07-11 16:40:25 首次发布

本文链接：https://blog.csdn.net/P5093/article/details/131663751

版权

网络安全类专栏收录该内容

5 篇文章 0 订阅

订阅专栏

1.颜文字解密

2.RSA——Python

3.U2FsdGVkX1开头——rabbit，AES，DES

4.暴力破解压缩包密码

5.serpent压缩包名即为解密方式，ECB不需要偏移

6.解码整理:

（1）一个%：utf8：urllib库里的unquote函数

（2）两个%：gb

（3）&#x:UTF8,&#:Unicode

（4）MD5码解密不一定需要32位或者16位

（5）仅有小写字母与数字组成的密文，我们可以想到MD5，hex，键盘密码等等

10.rot移位密码解密：(hou_mian_shi_flag)b%&(@f!&@$%f%e^#

11.内部赛签到

因为包含有大小写字母，数字，最后有等号，所以首先base64解码

因为包含有很多百分号，且联想到所有的空格符、标点符号、特殊字符以及其他非ASCII字符都将被转化成**%xx格式**的字符编码，所以使用escape解密

因为多了许多特殊符号，所以使用base92解密

得到一串数字，所以十进制转十六进制，再url解码

得到一堆星座，所以根据星座顺序得到12进制数字串，转十六进制，再转ASCII

得到数字和大写字母，再base16解密

12.内部赛密码2

因为只有ctf和show，所以联想到摩斯密码

转化后得到：

..-.
.-..
.-
--.
----- ----- --... -...
--... ...-- -.-. -..
-.... ----- -.. -.-.
--... --... ...-- -.-.
..... ..--- ....- -..
....- . -... .-
----- ----- --... -..
1
2
3
4
5
6
7
8
9
10
11
..-./.-../.-/--./-----/-----/--.../-.../--.../...--/-.-./-../-..../-----/-../-.-./--.../--.../...--/-.-./...../..---/....-/-../....-/./-.../.-/-----/-----/--.../-../
1
F L A G 0 0 7 B 7 3 C D 6 0 D C 7 7 3 C 5 2 4 D 4 E B A 0 0 7 D
1
13.BJDCTF2020 编码与调制

首先了解曼彻斯特编码，10为1,01为0

将密文转化为2进制，再两位进行一个划分进行曼彻斯特编码，再转化为十六进制，再转ASCII

脚本：

x='2559659965656A9A65656996696965A6695669A9695A699569666A5A6A6569666A59695A69AA696569666AA6'
strr=bin(int(x,16))[2:]
print(strr)

step = 2
str2 = [strr[i:i+step] for i in range(0,len(strr),step)]
print(str2)
flag = []
final = ""
for i in str2:
flag.append(i)
for i in flag:
if(i=="10"):
final += "1"
if(i=="01"):
final += "0"
print(hex(int(final,2)))
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
14.BJDCTF2020 Polybius

波利比奥斯方阵密码Polybius：一般解密出来是14位

由于不知道aeiou的顺序所以分类

引用代码：

import itertools
ciper = 'ouauuuoooeeaaiaeauieuooeeiea'
head = 'aeoiu'
headlist = []
num_headlist = []

# 先列举处aeiou五种的不同排序
x = itertools.permutations(head,5)
for i in x:
temp = "".join(i)
headlist.append(temp)
print(headlist)

# 根据aeiou对应的12345修改ciper的对应值，便于后续的遍历得到结果
for i in headlist:
temp = ''
for j in ciper:
temp += str(i.index(j) + 1)
num_headlist.append(temp)
print(num_headlist)

# 将ciper对应的数字乘上比例加上96再转为ASCII码，即可得到对应的字母
for i in num_headlist:
temp = ''
for j in range(0,len(i),2):
xx = (int(i[j]) - 1)*5 + int(i[j+1]) + 96 # 前一个为乘上5加上后一个就正好对应了表格中的字母
if xx>ord('i'):
xx+=1
temp += chr(xx)
print(temp)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
15.BJDCTF2020 这是base？

该题即是修改了base64的顺序

引用脚本：

import base64
#dict={0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h',33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
dict='JKLMNOxyUVzABCDEFGH789PQIabcdefghijklmWXYZ0123456RSTnopqrstuvw+/='
base64_list = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P','Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f','g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v','w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/']
cipher='FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw'
res=''
for i in range(len(cipher)):
for j in range(64):
if(dict[j]==cipher[i]):
res+=base64_list[j]
print(res)
flag=base64.b64decode(res)
print(flag)
#b'BJD{D0_Y0u_kNoW_Th1s_b4se_map}'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
16.BJDCTF2020 伏羲六十四卦

打开压缩包得到一个脚本和一个文本

17.BJDCTF2020 easyrsa

拿到这道题首先看代码，整体思路是根据output倒推回flag

再了解不认识的函数

from Crypto.Util.number import getPrime,bytes_to_long
from sympy import Derivative
from fractions import Fraction
#from secret import flag

p=getPrime(1024)
q=getPrime(1024)
e=65537
n=p*q
z=Fraction(1,Derivative(arctan(p),p))-Fraction(1,Derivative(arth(q),q))
m=bytes_to_long(flag)
c=pow(m,e,n)
print(c,z,n)
1
2
3
4
5
6
7
8
9
10
11
12
13
首先getprime即取一定位数范围下的素数，这里可以认为取p,q两个较大素数

z是与p,q有关系的变量，Derivative()是求导函数,Fraction(a,b)相等于a/b，这里有三个参数，第一个是分子，第二个是分母，p代表参数

经过计算可知z = p2-q2

所以p,q可用z,n表示

引用脚本：

import gmpy2
from Crypto.Util.number import *

c = 7922547866857761459807491502654216283012776177789511549350672958101810281348402284098310147796549430689253803510994877420135537268549410652654479620858691324110367182025648788407041599943091386227543182157746202947099572389676084392706406084307657000104665696654409155006313203957292885743791715198781974205578654792123191584957665293208390453748369182333152809882312453359706147808198922916762773721726681588977103877454119043744889164529383188077499194932909643918696646876907327364751380953182517883134591810800848971719184808713694342985458103006676013451912221080252735948993692674899399826084848622145815461035
z = 32115748677623209667471622872185275070257924766015020072805267359839059393284316595882933372289732127274076434587519333300142473010344694803885168557548801202495933226215437763329280242113556524498457559562872900811602056944423967403777623306961880757613246328729616643032628964072931272085866928045973799374711846825157781056965164178505232524245809179235607571567174228822561697888645968559343608375331988097157145264357626738141646556353500994924115875748198318036296898604097000938272195903056733565880150540275369239637793975923329598716003350308259321436752579291000355560431542229699759955141152914708362494482
n = 15310745161336895413406690009324766200789179248896951942047235448901612351128459309145825547569298479821101249094161867207686537607047447968708758990950136380924747359052570549594098569970632854351825950729752563502284849263730127586382522703959893392329333760927637353052250274195821469023401443841395096410231843592101426591882573405934188675124326997277775238287928403743324297705151732524641213516306585297722190780088180705070359469719869343939106529204798285957516860774384001892777525916167743272419958572055332232056095979448155082465977781482598371994798871917514767508394730447974770329967681767625495394441

x = gmpy2.iroot(z + 2 * n, 2)[0]
y = gmpy2.iroot(z - 2 * n, 2)[0]
e = 65537
p = (x + y) // 2
q = x - p
d = gmpy2.invert(e, (p - 1) * (q - 1))
print(long_to_bytes(pow(c, d, n)))
1
2
3
4
5
6
7
8
9
10
11
12
13
14
18.36D杯签到

根据提示rot47解码-将符号对应改为键盘数字-base解码

19.36D杯 rsaEZ

压缩包包含三个加密后的密文文件和一个公钥文件，所以解析出e,n，再解出明文即可

引用脚本：

from Crypto.PublicKey import RSA
from Crypto.Util.number import *
import gmpy2

publickey = RSA.importKey(open(r'F:\ctf comp\Crypto\题目\flag\fujian\public.key','rb').read())
e = publickey.e
n = publickey.n
p = 302825536744096741518546212761194311477
q = 325045504186436346209877301320131277983
c1 = bytes_to_long(open(r'F:\ctf comp\Crypto\题目\flag\fujian\encrypted.message1','rb').read())
c2 = bytes_to_long(open(r'F:\ctf comp\Crypto\题目\flag\fujian\encrypted.message2','rb').read())
c3 = bytes_to_long(open(r'F:\ctf comp\Crypto\题目\flag\fujian\encrypted.message3','rb').read())

d = gmpy2.invert(e,(p-1)*(q-1))
m1 = pow(c1,d,n)
m2 = pow(c2,d,n)
m3 = pow(c3,d,n)
print(long_to_bytes(m1))
print(long_to_bytes(m2))
print(long_to_bytes(m3))
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
20.36D杯 justshow

观察26个字母向后移了一位，所以变换密文

得到gkbfnxeripjmxhemoc

再使用playfair密码解密得到明文

flagisctfshowicome

21.36D杯飞鸽传书

打开文本文件，看到了大小写字母，数字，等号，base64，解密完之后还是大小写字母数字，再解密一次，得到包含许多%0A的数据，所以URL解码，得到八个32位字符串，所以MD5解密得到flag

22.密码学AK赛加法

键盘位置向左移一位得到flag

23.密码学AK赛乘法

3%20%6%19%8%15%23%6%12%1%7%9%19%8%5%18%5%

%5%18%5%8%19%9%7%1%12%6%23%15%8%19%6%20%3

24.月饼杯中秋月

拿到题看提示，提示说该古典密码的密钥形式：keyword+plaintext (+plaintext…+plaintext)

猜测是自动密钥加密，所以思路就是由密文还原得到明文，因为提示说古典密码加密之后密文全是大写，所以需要得到全是大写字母的密文，所以再根据题目自动钥匙有异或的标志，所以将

fsskryenvkm~jl{ejs}jwflzsnpgmifq{{j{|suhzrjppnx|qvixt~whu
1
由异或换为全是大写字母

脚本：

s='fsskryenvkm~jl{ejs}jwflzsnpgmifq{{j{|suhzrjppnx|qvixt~whu'
for i in range(255):
   res=''
   for j in range(0,len(s)):
       temp = ord(s[j])^i
       if 65<=temp<=90 or 97<=temp<=122:   #由大小写字母构成
           res += (chr(temp))
   if len(res)==len(s):
       print(res)
1
2
3
4
5
6
7
8
9
ylltmfzqitrausdzulbuhyselqoxrvynddudcljwemuooqgcnivgkahwj
YLLTMFZQITRAUSDZULBUHYSELQOXRVYNDDUDCLJWEMUOOQGCNIVGKAHWJ
1
2
再用自动密钥解密：

脚本：

from ngram_score import ngram_score
from pycipher import Autokey
import re
from itertools import permutations

qgram = ngram_score('quadgrams.txt')
trigram = ngram_score('trigrams.txt')
ctext = 'YLLTMFZQITRAUSDZULBUHYSELQOXRVYNDDUDCLJWEMUOOQGCNIVGKAHWJ'
ctext = re.sub(r'[^A-Z]', '', ctext.upper())

# keep a list of the N best things we have seen, discard anything else
class nbest(object):
def __init__(self, N=1000):
self.store = []
self.N = N

def add(self, item):
self.store.append(item)
self.store.sort(reverse=True)
self.store = self.store[:self.N]

def __getitem__(self, k):
return self.store[k]

def __len__(self):
return len(self.store)

# init
N = 100
for KLEN in range(8, 20):
rec = nbest(N)

for i in permutations('ABCDEFGHIJKLMNOPQRSTUVWXYZ', 3):
key = ''.join(i) + 'A' * (KLEN - len(i))
pt = Autokey(key).decipher(ctext)
score = 0
for j in range(0, len(ctext), KLEN):
score += trigram.score(pt[j:j + 3])
rec.add((score, ''.join(i), pt[:30]))

next_rec = nbest(N)
for i in range(0, KLEN - 3):
for k in range(N):
for c in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ':
key = rec[k][1] + c
fullkey = key + 'A' * (KLEN - len(key))
pt = Autokey(fullkey).decipher(ctext)
score = 0
for j in range(0, len(ctext), KLEN):
score += qgram.score(pt[j:j + len(key)])
next_rec.add((score, key, pt[:30]))
rec = next_rec
next_rec = nbest(N)
bestkey = rec[0][1]
pt = Autokey(bestkey).decipher(ctext)
bestscore = qgram.score(pt)
for i in range(N):
pt = Autokey(rec[i][1]).decipher(ctext)
score = qgram.score(pt)
if score > bestscore:
bestkey = rec[i][1]
bestscore = score
print(bestscore, 'autokey, klen', KLEN, ':"' + bestkey + '",', Autokey(bestkey).decipher(ctext).lower())
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
这里需要的是要配置文件和修改代码，将以下文件放同一目录下

ngram_score.py,quadgrams.txt,trigrams.txt

由于Python3已经不支持itervalues()了，所以把iter去掉。

24.月饼杯月自圆

拿到题目给出的代码，可以知道明文长度为71位，加密后为142位。a是一个50到100的随机数，salt是随机的四位大写字母，这里我不是很明白cycle函数，所以需要去学习itertools库及循环迭代器。
这里由于a不大，salt长度也不长，且明文m中存在flag，正好可以用这几位去爆破出a和salt。
flag在明文m中的位置是53，对应密文c中的位置是105，根据代码下方的注释，可以知道第105位开始是1c29，

引用脚本进行爆破：

from random import *
from string import *
from itertools import *

def decrypt(m, a, si):
   c=""
   for i in range(len(m)):
       c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2)
   return c

if __name__ == "__main__":
   for i in range(50,100):
       for j in ascii_uppercase:
           si = cycle(j.lower())
           # if encrypt('f', i, si)=='1c':
           #    print('i =',i,'\tj =',j)

if decrypt('l', i, si)=='29':
print('i =',i,'\tj =',j)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
根据运行结果发下a=67，

继续爆破salt的后两位：

if decrypt('a', 67, si)=='56':
print('j =',j)

if decrypt('g', 67, si)=='66':
print('j =',j)
1
2
3
4
5
解密：

from random import *
from string import *
from itertools import *

def decrypt(m, a, si):
   c=""
   for i in range(len(m)):
       c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2)
   return c

if __name__ == "__main__":
a=67
salt = 'JESQ'
si = cycle(salt.lower())
c = '3472184e657e50561c481f5c1c4e1938163e154431015e13062c1b073d4e3a444f4a5c5c7a071919167b034e1c29566647600c4e1c2956661b6c1f50622f0016317e563546202a'
q=len(c)//2
s=''
for i in range(q):
b=c[:2]
c=c[2:]
sm=next(si)
for k in range(1,126):
m=chr(k)
c1=hex(((ord(m)) * a + ord(sm)) % 128)[2:].zfill(2)
#print(m,c1,int(c1,base=16)==int(b,base=16))
if(int(c1,base=16)==int(b,base=16)):
s+=m
break
print(s)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
得到

now_is_7fad9fcb-d361-4964-821c-177c906b8d20_flag_is_flag{md5(now-salt)}

得到now，所以md5加密now-salt，salt是JESQ

25.月饼杯多少离怀

伽马函数Γ(x)和阶乘x!的关系式
gamma(n)=(n-1)!

威尔逊定理
当且仅当p为素数时：(p-1)! ≡ -1 (mod p)
推论：(p-2)! ≡ 1 (mod p)

欧拉函数
若n是质数p的k次幂，phi = p^k - p^(k-1)

需要求gamma(B+2)%A，根据伽马函数Γ(x)和阶乘x!的关系式可知(B+1)! % A。
而根据威尔逊定理可知(A-2)! % A = 1。
令x = (A-2)!/(B+1)!``，y = (B+1)!，所以x * y ≡ 1 (mod A)。
而我们需要求的是y % A，y是x关于A的逆元。所以求x % A的逆元即可,用欧几里得法求逆.

引用脚本：

import random
import gmpy2
from math import gamma
from Crypto.Util.number import getPrime, isPrime
#参考大佬的exp完善了一下，2333

def getNewPrime():
A = getPrime(512)
B = nextPrime(A - random.randint(1e4, 1e5))
return nextPrime(gamma(B + 2) % A)

def nextPrime(n):
n += 2 if n & 1 else 1
while not isPrime(n):
n += 2
return n

def getNewPrime2(A, B):
return nextPrime(gamma2(B, A))

def gcd(a, b):
while a != 0:
a, b = b % a, a
return b

def findModReverse(a, m): # 这个扩展欧几里得算法求模逆
if gcd(a, m) != 1:
return None
u1, u2, u3 = 1, 0, a
v1, v2, v3 = 0, 1, m
while v3 != 0:
q = u3 // v3
v1, v2, v3, u1, u2, u3 = (u1 - q * v1), (u2 - q * v2), (u3 - q * v3), v1, v2, v3
return u1 % m

def gamma2(b, a):
res = 1
# print("final: "+str(a-2+1))
for i in range(b + 2, a - 2 + 1):
res = (res * findModReverse(i, a)) % a
# print(i)
return res

e = 0x10001
pA = 6814157460586876042804041951834304833424062437744287469257313954502540797027261340622077218188033865281590529907571701131297782609357118357982463723982789
pB = 6814157460586876042804041951834304833424062437744287469257313954502540797027261340622077218188033865281590529907571701131297782609357118357982463723922147
qA = 7145646366857234331692232566211321498245533826533958883943688415057871253511271731661019642050252046201115975396366275083424623329930477623781348477881291
qB = 7145646366857234331692232566211321498245533826533958883943688415057871253511271731661019642050252046201115975396366275083424623329930477623781348477807457
n = 4451906216583258787166698210560165433649728830889954633721198623488802305844782492171757604711145165920462286487680020347239300947225371917344589502941576734875830871998499135120227347066586066943289430156378296665669974728569678779668142712266780949126509440672273927433367293606776081254094682033167575930701870261219046464773708974194213798032346187463443317770758989273370488582862531630356263732232300508706676725203199729764016766683870925164232508407363688370458877688991733322055785233669885166225464068579486683574954699370175267031949720967812902215635630884502987094547523361027411501285252862476410213277925430392164226297316310465146003494714018456407793759170649913180823814850170639706664167149612984905056804131124522209409607977589884632999710708045656852149371030046919242039957767777840304466948549383597755811307383659188216421501912831203089570725388153416013596114462069777713822433178099904907224119
c = 1996198968748552041728429851810599627895157160099076033250854211280074825148767841655949210593646824507865483166496070951130337321360509148527292165245205219296211294789087358959553387392928560150390604911087085313000622842025416521494799132969818997182731021267942464323979261593380113740152841984062184326431879167516288834455296913822921806893572566867611541664848820247889274979245086440402996661226884320574824077910315143756471444347386795428338020162169391827182914043434253974549636668126789355991920452920806351939782281969098470635517019120996509180703896707990501216102290302162705699788457579330150149320348175742131887213742989509004374645723471497302400169849858253644606818874098604333865973357374444445825761600866472906771935670261641342221394488068630591190697667016958881530367047928341661857241378511420562236766886349565409774340321441504290366223243635878057759623855735794209219474650425139791831374

#求 ((pA-2)!/(pB+1)!)%pA 的逆元，等于((pB+1)!)%pA ，等于gamma(pB+2)%pA
p = 1
max = (pA-2) - (pB+1)
for i in range(0,max):
p = p * gmpy2.invert((pA-i-2),pA) % pA
p = nextPrime(p)
#print(p)
#求 ((qA-2)!/(qB+1)!)%qA 的逆元，等于((qB+1)!)%qA ，等于gamma(qB+2)%qA
q = 1
max = (qA-2) - (qB+1)
for i in range(0,max):
q = q * gmpy2.invert((qA-i-2),qA) % qA
q = nextPrime(q)
#print(q)
#p = 721295413363782943575290202453254405609384962866760177823574558139524613289380285395875654962467791028293949737699221240830187032744030384932819874799211
#q = 3112046822677655775872849946553212669700408142233774149727014153992463597788397754366224491840784669131576610049264423785236897140841668817147645049635999

fn = getNewPrime2(p,q)
#print(fn)
#fn = 3
r = gmpy2.iroot(gmpy2.mpz(n//(p*q*q)),3)[0]
#print(r)
#r = 8605581006163978513558138296576032102733660218879126657600237911024254611499452345790192297532366960817162346945271546520036031830535178172751208076290109

phi = (p - 1) * (q * q - q) * (r * r * r - r * r)
d = gmpy2.invert(e,phi)
#print(d)
#d=3893796118845369439235581551299559681130294433914324573287346480568253612056224380636546037500153379857589128641230243165297526124111655151656456885394718320571011164662139031101601805935834789093718455506105414382703229813895443438508544153175032701351201540968823002419519523214390287666578730407931246445871807183537209694071828922295499346083880163169003198594519162159452952535381034048239423912932288087394862004236172433929593269810986943713662824358214779552898877881697861535560993274391395357266197384454357803117633435524780866783488594161973423232638616086772861225974312225600055495130373828730995856136891951667049900975798958834487417185610258985145585210434281769923883162243531194314167637519779543778335295761192135358383400455687647479329697758466764046259467201396085554561420952266156396111233306174055533779858729332820780458072338771340688204365931674201918683102590056383442579221021315973279544753
m = pow(c, d, n)

import binascii
print(binascii.unhexlify(hex(m)[2:]))

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
25.1024杯麻辣兔头第七锅

查看题目文本文件，一堆字母，再看一遍题目发现栅栏，直接引用暴力栅栏脚本

def zhalan(s):
   for i in range(1,len(s)):
       f = i   #栅栏的栏数
       elen = len(s)
       b = elen // f
       result = {x:'' for x in range(b)}
       for i in range(elen):
           a = i % b
           result.update({a: result[a] + s[i]})
       d = ''
       for i in range(b):
           d = d + result[i]
       f = open('a.txt','a+')
       f.write(d+'\n')
       f.close()

s ='''Csoe lnno,pdsad u l tr srietaetust ht hce teiteh bomoh oe neppfcdw uroiitcrimstoasnesh uucso wsii lahetpnvnis leeoc oec thwfseth h shetiHaserhcana ,ehpdrp p oaLiiolnamnridwpegt sesait lsncoo .ia ftfzla hli sNeanbsamggout { nmut8iderocts e 5s a t6 wmahdphone4oind awcg sbeh oe3r tfpesh ad eNr8i aa4nPttf oui8swroeueenbcr'.7hssWd e2foG bofohcr do7mt l3,hed6 en 7a tt2seih8 ate1trls4oteed h 5t,tt}h hrTeteuhmhmta e,hts s hsa tae tolpdo lae s rcbesaeecen uetsrm ee rl meftos-hspeetevs cieltd i erktnieotgl ,hyt t htsteh,o a otGep ofiavfnleeilrco ntnmm seet nnho tefasi r rmea a rSnceakr fieienantdtsy et rdiae tnqeuduqt iueHradael ps,ap mittonhhneaagstt s M.tte hhnPee,ry u ddaeerrneic veei,nn dgio nwtdehedee idbr,y jwtuihsletli rpd oiCwcreteraastt eof rrt ohwmai ttt hhG eoc vecerortnnasmieennn ttu sno afll oitnehgne a ebgsloteva ebRrlinigeshdht.eshd,a tst hhwoahutel ndae mvnoeonrtg abtnehy e csfheoa rnamgr eeod f L fiGoforev elringmhetn ta nbde ctormaenss ideenstt rcuacutsievse; oafn dt haecsceo rednidnsg,l yi ta lils etxhpee rRiiegnhcte ohfa st hseh oPweno,p lteh atto maalntkeirn do ra rteo maobroel idsihs piots,e da ntdo tsou fifnesrt,i twuhtiel en eewv iGlosv earrnem esnutf,f elraaybilneg, itthsa n to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object, evinces a design to reduce them under absolute Despotism, it is their ri'''
zhalan(s)
print('success')
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
得到文本文件，搜索flag，{，}，猜测是32位的md5值

ECB模式攻击

ECB加密

ecb模式使用相同的key分块对明文分别进行加密，相同的明文获得相同的密文输出。

加密条件

1、明文分块长度一般为16,或16的倍数
2、明文长度不满16，或16的倍数，使用填充(具体看算法。默认是\x00)

加密过程
Plaintext：待加密的数据。
Key ：被一些如AES的对称加密算法使用。
Ciphertext：加密后的数据。
首先将明文进行分块成Plaintext = Plaintext0+Plaintext1+…Plaintextn.

Ciphertext0 = Encrypt(Plaintext0)
Ciphertext1 = Encrypt(Plaintext1)
.....
Ciphertextn = Encrypt(Plaintextn)
1
2
3
4
Ciphertext = Ciphertext0+Ciphertext1+…+Ciphertextn

解密过程

Plaintext0= Decrypt(Ciphertext0)
Plaintext1= Decrypt(Ciphertext1)
.....
Plaintextn= Decrypt(Ciphertextn)
1
2
3
4
ss’)

得到文本文件，搜索flag，{，}，猜测是32位的md5值

26.

ECB模式攻击

ECB加密

ecb模式使用相同的key分块对明文分别进行加密，相同的明文获得相同的密文输出。

加密条件

1、明文分块长度一般为16,或16的倍数
2、明文长度不满16，或16的倍数，使用填充(具体看算法。默认是\x00)

加密过程
Plaintext：待加密的数据。
Key ：被一些如AES的对称加密算法使用。
Ciphertext：加密后的数据。
首先将明文进行分块成Plaintext = Plaintext0+Plaintext1+...Plaintextn.

```c
Ciphertext0 = Encrypt(Plaintext0)
Ciphertext1 = Encrypt(Plaintext1)
.....
Ciphertextn = Encrypt(Plaintextn)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Ciphertext = Ciphertext0+Ciphertext1+…+Ciphertextn

解密过程

Plaintext0= Decrypt(Ciphertext0)
Plaintext1= Decrypt(Ciphertext1)
.....
Plaintextn= Decrypt(Ciphertextn)
1
2
3
4
Plaintext = Plaintext0 + Plaintext1 +… +Plaintextn
————————————————
版权声明：本文为CSDN博主「LLL_0516」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/qq_51352283/article/details/127803033

喝茶我喜欢喝大杯的

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ctfshow密码学做题笔记及代码整理

c1 = bytes_to_long(open(r'F:\ctf comp\Crypto\题目\flag\fujian\encrypted.message1','rb').read())c2 = bytes_to_long(open(r'F:\ctf comp\Crypto\题目\flag\fujian\encrypted.message2','rb').read()))%pA 的逆元，等于((pB+1)!)%pA ，等于gamma(pB+2)%pA。)%qA 的逆元，等于((qB+1)!
复制链接

扫一扫