7.6每日三题

最新推荐文章于 2024-06-20 18:33:17 发布
最新推荐文章于 2024-06-20 18:33:17 发布
阅读量288 收藏 2
点赞数 1
分类专栏: 短学期日题
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/PUTAOAO/article/details/118520445
版权
本文介绍了RSA加密算法的原理,并通过具体例子展示了如何使用gmpy2库进行大整数运算,包括求解大素数、模幂运算、中国剩余定理等。此外,还探讨了如何通过已知信息恢复原始数据,涉及逆运算、随机数生成等技术。最后,提供了一个实际的解密挑战及解密过程。
摘要由CSDN通过智能技术生成

Fast

from Crypto.Util.number import *
from secret import flag


p = getPrime(1024)106417460801952098564106499070151038873024911455536068339939244771790540941720274028587207976808157868694798197258813111268537142798255715538795631061310640662123200632946626357221258957037900275496387833531601196435353735799649271157394995634449593246448856875377066127076028119584523015225013672972959211463
q = getPrime(1024)175541146432497750706994831036579922743699110188170130349078711914372625934257198871368005366941949929286673808928975466227805723983786985788458460399280363091838402146937391317438052439989533790389951909401937742849194965413829547962616241584178560041639076246949503118700746929605640733813016659832730773141
N = p * q

g, r1, r2 = [getRandomRange(1, N) for _ in range(3)]
g1 = pow(g, r1 * (p-1), N)
g2 = pow(g, r2 * (q-1), N)


def encrypt(m):
    s1, s2 = [getRandomRange(1, N) for _ in range(2)]
    c1 = (m * pow(g1, s1, N)) % N
    c2 = (m * pow(g2, s2, N)) % N
    return (c1, c2)

def decrypt(c1, c2):
    xp = c1 % p
    xq = c2 % q
    # Chinese Remainder Theorem
    m = (xp*inverse(q, p)*q + xq*inverse(p, q)*p) % N
    return m


c = encrypt(bytes_to_long(flag))

# N = 18680643069610062851842282268594530254220611012409807422663284548187050713427682950720783343430650669361838067625768840896513125210105582070603021732086193955893838077699465426052925750736212977005683541174195320832791835197114668838654054444342903298662698415765898335350206380896849522280206304272801325820946987172164086644949521111058774180676742851681476123338557138770304164634321305204827406522957769478330124484710532963132900017800651579612646041955628867746525508376194147796920773364680264059390497210260540079810501777507814448518995581208169818764701641258963569599247156932381367802991222265241699715283
# g1 = 9143176283300810019842153344177123108612540016879643936458724056602746667157014763960725115919119704406826965726023263657276550779443988565368344040505696950820899770544814163379169539926317676679421275092688200844094929042154854719312788471536324082041360841253720783220459009201882865091829118575721525038404689868986360373373122049951274015083845966946475469982961355934516388706446794517870569063777231434618411404965077775991870069073539415961610645268985004687402050059891500490949250730689691141954694508001895390336750734542724392709744200091587065816283592253967715080611459937165344139809223328071517060208
# g2 = 14068322834597276347776814624877614869834816383564391664570268934537693322688875343215293618493363798985047779057952636529313879548457643220996398640913517182122425631198219387988691569709691279442005545716133131472147592456812502863851227108284027033557263611949365667779259585770738623603814004666845554284808166195201470503432803440754207350347128045893594280079379926676477680556845095378093693409219131090910168117334308781843178748431526974047817218228075136005979538773141427004682344298827618677773735288946271346252828348742296301538573408254015281232250841148556304927266143397565889649305095857756884049430
# c1, c2 = (3976514029543484086411168675941075541422870678409709261442618832911574665848843566949154289825219682094719766762966082440586568781997199077781276145091509192208487682443007457513002005089654365915817414921574344557570444253187757317116858499013550050579856269915915792827620535138057468531410166908365364129001407147467636145589396570815405571923148902993581000542566387654639930651683044853608873583911638108204074537952317056718986683846742909366072461130053275195290631718363272923316002049685111871888148244026652658482359335651889139243735138819453744763293112267738369048641158946411500606588429007794613880534, 18524535479582837341745231233387403662294605513261199630593257391163433751052467785080620993007681605662927226603747560698627838567782891522546977611597418150309028806158429831471152782211111046118637630899456903846057977815397285171313888516791822545633820066408276065732715348834255021260666966934592884548856831383262013360819013814149529393178712576141627031723067564594282618223686778534522328204603249125537258294561872667849498796757523663858312311082034700705599706428944071848443463999351872482644584735305157234751806369172212650596041534643187402820399145288902719434158798638116870325144146218568810928344)

只要求p和q就好了
题目的意思应该是通过g1和g2求
但我分解n直接出来了
emmm

from gmpy2 import *
from Crypto.Util.number import *
c1, c2 = (3976514029543484086411168675941075541422870678409709261442618832911574665848843566949154289825219682094719766762966082440586568781997199077781276145091509192208487682443007457513002005089654365915817414921574344557570444253187757317116858499013550050579856269915915792827620535138057468531410166908365364129001407147467636145589396570815405571923148902993581000542566387654639930651683044853608873583911638108204074537952317056718986683846742909366072461130053275195290631718363272923316002049685111871888148244026652658482359335651889139243735138819453744763293112267738369048641158946411500606588429007794613880534, 18524535479582837341745231233387403662294605513261199630593257391163433751052467785080620993007681605662927226603747560698627838567782891522546977611597418150309028806158429831471152782211111046118637630899456903846057977815397285171313888516791822545633820066408276065732715348834255021260666966934592884548856831383262013360819013814149529393178712576141627031723067564594282618223686778534522328204603249125537258294561872667849498796757523663858312311082034700705599706428944071848443463999351872482644584735305157234751806369172212650596041534643187402820399145288902719434158798638116870325144146218568810928344)
p =106417460801952098564106499070151038873024911455536068339939244771790540941720274028587207976808157868694798197258813111268537142798255715538795631061310640662123200632946626357221258957037900275496387833531601196435353735799649271157394995634449593246448856875377066127076028119584523015225013672972959211463
q =175541146432497750706994831036579922743699110188170130349078711914372625934257198871368005366941949929286673808928975466227805723983786985788458460399280363091838402146937391317438052439989533790389951909401937742849194965413829547962616241584178560041639076246949503118700746929605640733813016659832730773141
N=p*q
def decrypt(c1, c2):
    xp = c1 % p
    xq = c2 % q
    # Chinese Remainder Theorem
    m = (xp*inverse(q, p)*q + xq*inverse(p, q)*p) % N
    return m
print(long_to_bytes(decrypt(c1,c2)))

easy_rsa

from random import randint
from gmpy2 import *
from Crypto.Util.number import *

def getprime(bits):
    while 1:
        n = 1
        while n.bit_length() < bits:
            n *= next_prime(randint(1,1000))
        if isPrime(n - 1):
            return n - 1

m = bytes_to_long(b'flag{************************************}')

p = 102634610559478918970860957918259981057327949366949344137104804864768237961662136189827166317524151288799657758536256924609797810164397005081733039415393
q = 7534810196420932552168708937019691994681052660068275906973480617604535381306041583841106383688654426129050931519275383386503174076258645141589911492908993
r = 10269028767754306217563721664976261924407940883784193817786660413744866184645984238866463711873380072803747092361041245422348883639933712733051005791543841
assert m < q

n = p * q * r
e = 0x10001
d = invert(q ** 2, p ** 2)
c = pow(m, 2, r)
cipher = pow(c, e, n)

print(n)
print(d)
print(cipher)


'''

7941371739956577280160664419383740967516918938781306610817149744988379280561359039016508679365806108722198157199058807892703837558280678711420411242914059658055366348123106473335186505617418956630780649894945233345985279471106888635177256011468979083320605103256178446993230320443790240285158260236926519042413378204298514714890725325831769281505530787739922007367026883959544239568886349070557272869042275528961483412544495589811933856131557221673534170105409
7515987842794170949444517202158067021118454558360145030399453487603693522695746732547224100845570119375977629070702308991221388721952258969752305904378724402002545947182529859604584400048983091861594720299791743887521228492714135449584003054386457751933095902983841246048952155097668245322664318518861440
1618155233923718966393124032999431934705026408748451436388483012584983753140040289666712916510617403356206112730613485227084128314043665913357106301736817062412927135716281544348612150328867226515184078966397180771624148797528036548243343316501503364783092550480439749404301122277056732857399413805293899249313045684662146333448668209567898831091274930053147799756622844119463942087160062353526056879436998061803187343431081504474584816590199768034450005448200

'''

通过cipher求c
分解n得到q p r

c=m^2 mod r

这里通过nthroot_mod 来解m

from gmpy2 import *
from Crypto.Util.number import *
from sympy import nthroot_mod
p = 102634610559478918970860957918259981057327949366949344137104804864768237961662136189827166317524151288799657758536256924609797810164397005081733039415393
q = 7534810196420932552168708937019691994681052660068275906973480617604535381306041583841106383688654426129050931519275383386503174076258645141589911492908993
r = 10269028767754306217563721664976261924407940883784193817786660413744866184645984238866463711873380072803747092361041245422348883639933712733051005791543841
n = p * q * r
e = 0x10001
cipher=1618155233923718966393124032999431934705026408748451436388483012584983753140040289666712916510617403356206112730613485227084128314043665913357106301736817062412927135716281544348612150328867226515184078966397180771624148797528036548243343316501503364783092550480439749404301122277056732857399413805293899249313045684662146333448668209567898831091274930053147799756622844119463942087160062353526056879436998061803187343431081504474584816590199768034450005448200
d=invert(e,(p-1)*(q-1)*(r-1))
c=pow(cipher,d,n)
print(c)
#8081092455112516397361105816900490085355315574087538340788309885334106796325593823678787887569920404814986643819898763828872716522338864714182757065213683
d=7515987842794170949444517202158067021118454558360145030399453487603693522695746732547224100845570119375977629070702308991221388721952258969752305904378724402002545947182529859604584400048983091861594720299791743887521228492714135449584003054386457751933095902983841246048952155097668245322664318518861440
if(invert(q**2,p**2)==d):
    print("TURE") #证明r是r
print(long_to_bytes(nthroot_mod(c,2,r)))

Backtrace

MT
https://www.anquanke.com/post/id/205861#h3-4

# !/usr/bin/env/python3
import random


flag = "flag{" + ''.join(str(random.getrandbits(32)) for _ in range(4)) + "}"

with open('output.txt', 'w') as f:
    for i in range(1000):
        f.write(str(random.getrandbits(32)) + "\n")

print(flag)

利用得到的1000个随机数 猜测之前的4个随机数
大佬的脚本

#!/usr/bin/python3
from random import Random
# right shift inverse
def inverse_right(res,shift,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp >> shift
    return tmp
# right shift with mask inverse
def inverse_right_values(res,shift,mask,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp>>shift & mask
    return tmp
# left shift inverse
def inverse_left(res,shift,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp << shift
    return tmp
# left shift with mask inverse
def inverse_left_values(res,shift,mask,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp << shift & mask
    return tmp


def backtrace(cur):
    high = 0x80000000
    low = 0x7fffffff
    mask = 0x9908b0df
    state = cur
    for i in range(3,-1,-1):
        tmp = state[i+624]^state[i+397]
        # recover Y,tmp = Y
        if tmp & high == high:
            tmp ^= mask
            tmp <<= 1
            tmp |= 1
        else:
            tmp <<=1
        # recover highest bit
        res = tmp&high
        # recover other 31 bits,when i =0,it just use the method again it so beautiful!!!!
        tmp = state[i-1+624]^state[i+396]
        # recover Y,tmp = Y
        if tmp & high == high:
            tmp ^= mask
            tmp <<= 1
            tmp |= 1
        else:
            tmp <<=1
        res |= (tmp)&low
        state[i] = res
    return state

def recover_state(out):
    state = []
    for i in out:
        i = inverse_right(i,18)
        i = inverse_left_values(i,15,0xefc60000)
        i = inverse_left_values(i,7,0x9d2c5680)
        i = inverse_right(i,11)
        state.append(i)
    return state

f = open("output.txt","r").readlines()
c = []
for i in range(1000):
    c.append(int(f[i].strip()))

partS = recover_state(c)
state = backtrace([0]*4+partS)[:624]
# print(state)
prng = Random()
prng.setstate((3,tuple(state+[0]),None))
flag = "flag{" + ''.join(str(prng.getrandbits(32)) for _ in range(4)) + "}"
print(flag)
#flag{140432135132631074143310548253832280152}

emmm交上去是错的?

PUTAOAO
关注
  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
[V&N2020 公开赛]Fast
weixin_44110537的博客
07-18 714
考点 1,费马小定理 2,中国剩余定理 加密脚本 from Crypto.Util.number import * from secret import flag p = getPrime(1024) q = getPrime(1024) N = p * q g, r1, r2 = [getRandomRange(1, N) for _ in range(3)] g1 = pow(g, r1 * (p-1), N) g2 = pow(g, r2 * (q-1), N) def encrypt(m)
BUUCTF——rsa系列(4)
Luiino的博客
07-27 4113
给了c、z、n以及e分析一下,首先是它的作用是进行求导,前一个参数表示求导的内容,后一个参数表示求导的主体,如意思是以p为主体对求导得到1/(1+),同理得到1/(1-)。其次对于如Fraction(1,Derivative(arctan(p),p))是以1为分子,以Derivative(arctan(p),p)为分母,这样一来可以得到关系式z=可以进一步得到下面的关系式=z-2n,=z+2n,敲代码解出p、q。............
密码CTF(3)
最新发布
l2ohvef的博客
06-20 488
2.
[XNUCA2018]Warmup(考点:流量包文件提取,RSA共模攻击)
MikeCoke的博客
02-18 647
题目: from Crypto.Util.number import bytes_to_long, getPrime from random import randint from gmpy2 import powmod import sys p = getPrime(1024) q = getPrime(1024) N = p*q Phi = (p-1)*(q-1) with open("flag", 'r') as fr: flag = bytes_to_long(fr.read().strip(
CTF-Crypto练习
weixin_44770698的博客
12-29 1053
CTF-Crypto练习
2022鹏城杯CTF---Crypto
Luiino的博客
09-18 2298
第一部分,e与phi_n不互素,gcd(e,phi_n) == 4,此时e对phi_n没有逆元,但gcd(e//t,phi_n) == 1。mod n,由上面的for循环可以知道M与初始m的关系:M = m * (p-q-1)!对n进行分解,得到p、q,小的是q。记print(pow(m,e,n))里的m为M,故有c2 =第三部分, 看到M = 2022 * m * 1011 * p,又n = p*q,且c =记两输出结果分别为c1、c2,由print(pow(2,e,n))可以得到:c1 =
java每日一练:面试题集合
不放手,不错过的博客
07-12 5137
工作日每天一个小知识点回顾,加深理解,增强表达能力
四年级口算练习题每天100道10天(2).doc
09-30
这些练习题覆盖了小学四年级数学课程的主要内容,通过持续的每日练习,学生可以巩固基础知识,提升心算技能,为更高年级的数学学习打下坚实的基础。家长和教师可以通过这样的练习评估孩子的计算能力,及时发现并解决...
五年级上册数学第一学月检测题【新课标人教版】精选.doc
09-26
9. **混合运算**:要求学生正确处理乘除法和加减法的顺序,以及括号的作用,如÷× 4÷× 6和[7.6-( 1.8+0.28)] ×× 6。 10. **列式计算**:需要根据问题列出数学表达式并进行计算,如1.中涉及的和除法运算,2.中...
大数据技术之高频面试题
XIAOMO__的博客
11-12 8983
第一章 项目涉及技术 1.1Linux&Shell 1.1.1 Linux常用高级命令 序号 命令 命令解释 1 top 查看内存 2 df -h 查看磁盘存储情况 3 iotop 查看磁盘IO读写(yum install iotop安装) .
高教社杯数模竞赛特辑论文篇-2023年C题:基于历史数据的蔬菜类商品定价与补货决策模型(附获奖论文及R语言和Python代码实现)(中)
getusushu的博客
11-18 363
六、 问题三模型建立与求解六、 问题三模型建立与求解6.1问题三求解思路问题三需要基于问题二中获得的销售量与成本加价定价的关系,进一步探究7月1日各单品蔬菜的进货量与定价策略,以获得最大的利润。此外,商超需要进一步制定单品的补货价格,因此增加了限制条件:即可售单品总数控制在27-33个,而各单品定购量均至少为2.5千克的要求。首先,本节筛选得到2023年6月24-30日的可售蔬菜单品。之后,结合问题二所建立的Prophet。
[指挥官一个小题] ECC
weixin_52640415的博客
11-01 604
sagemath 解一元方程
buu [NPUCTF2020]共 模 攻 击 1
Emmaaaaa's blog
05-23 800
以后遇到e还算小的可以尝试用sympy.nthroot_mod(),感觉这东西还挺🐂的,哈哈哈 以上copper法值得收藏(求m,m位数已知,并且c1 = m^p mod n, c2 = m^q mod n) 以下三个可以互换使用,目前还没看到局限(可能是做题少了吧) PR. = PolynomialRing(Zmod(n)) R. = PolynomialRing(Zmod(n),implementation = 'NTL') R. = Zmod(n)[]
[cryptoverse ctf 2022] cvctf
weixin_52640415的博客
10-25 1821
cryptoverse ctf 2022
BUUCTF 打卡7
qq_52193383的博客
08-27 535
1.[NPUCTF2020]共 模 攻 击 给出两个代码。先解hint.py(毕竟解出来的东西是提示)。可以看出这里面含有共模攻击,解出c之后,我们就掌握了密文c,模数p,指数(256),再利用sympy.nthroot_mod(c,256,p)解出明文m。 import sympy,gmpy2 from Crypto.Util.number import * p = 1073169757712843421083629549450964897089003026337345209439052836552833
BuuCTF_crypto(2021.10.8新-->旧)
zihuocc的博客
10-08 682
题目[GKCTF 2021]XOR 参考文章[GKCTF 2021]XOR_m0_57291352的博客-CSDN博客[GKCTF 2021]XOR题目from Crypto.Util.number import *from hashlib import md5a = getPrime(512)b = getPrime(512)c = getPrime(512)d = getPrime(512)d1 = int(bin(d)[2:][::-1] , 2)n1 = a*bx1 = a^bn2 = c*dx.
CISCN-2018-Quals_MS
M3ng@L的博客
03-07 437
CISCN-2018-Quals_Crypto_MSDescriptionDescriptionDescriptionAnalysisAnalysisAnalysisSolving codeSolving~codeSolving codeReferenceReferenceReference keywords:keywords:keywords: 有限域GF(2)下的矩阵乘法 DescriptionDescriptionDescription from Crypto.Util.numbe
[V&N2020 公开赛]HappyCTFd
weixin_45689999的博客
03-04 1443
[V&N2020 公开赛]HappyCTFd 网站里除了user里面有一个admin有信息,其他页面和F12没有可用信息 所以猜测flag是在admin里面的,就是要登录admin账户 是一个账户接管漏洞,参考大佬bloghttps://www.colabug.com/2020/0204/6940556/amp/ 所以步骤就是 利用添加空格绕过限制来注册一个与受害者用户名相同的账号 生成忘...
【CTF WriteUp】2020全国工业互联网安全技术技能大赛(原护网杯)Crypto题解
cccchhhh6819的博客
10-25 6909
Crypto signsystem 题目中的加密算法很奇怪,所以测试一下加密算法的结果,得到如下结论: 在不模n的情况下,该函数加密结果满足以下数列: f(1) = m, f(2) = m^2-2, f(n+2) = m*f(n+1) - f(n) 列出几项观察: m, m^2-2, m^3-3m, m^4-4m^2+2, m^5-5m^3+5m, ... 暂时没有得到有用结论。再看一看e和d的关系,随便找了100个输入,确认e和d在该算法可逆,原理不明。 继续看代码。代码允许输入一个明文m计算enc(
微积分b2习题7.6答案北京理工大学
11-11
微积分b2习题7.6答案如下: 首先,我们需要计算方程y = x^3 + 2x^2 + 3x + 1在区间[1,3]上的定积分。根据定积分的定义,我们可以使用不定积分的方法来求解。首先对y = x^3 + 2x^2 + 3x + 1关于x进行不定积分,得到F...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值