CISCN2023-Crypto

PUTAOAO

已于 2023-05-29 13:41:56 修改

阅读量896

点赞数

文章标签： Crypto ctf

于 2023-05-29 13:41:05 首次发布

本文链接：https://blog.csdn.net/PUTAOAO/article/details/130926270

版权

CISCN2023-Crypto

基于国密SM2算法的密钥分发
可信度量
Sign_in_passwd
BB84
badkey1

基于国密SM2算法的密钥分发

非预期，直接search能找到明文

curl -d "name=ha&school=hznu&phone=110" http://123.56.244.196:30817/api/login

curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e&publicKey=B9C9A6E04E9C91F7BA880429273747D7EF5DDEB0BB2FF6317EB00BEF331A83081A6994B8993F3F5D6EADDDB81872266C87C018FB4162F5AF347B483E24620207" http://123.56.244.196:30817/api/allkey

curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e" http://123.56.244.196:30817/api/search

curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e&quantumString=8eaa7070bcf3d39d7b39db030ea81165" http://123.56.244.196:30817/api/check

在这里插入图片描述

可信度量

非预期，之前一次国赛也是差不多，直接查找flag

因为没有权限不能直接grep，提示player.sh是通过root运行，修改player.sh

grep -ra "flag" /

运行player.sh

在这里插入图片描述

Sign_in_passwd

base64变表，表通过url编码解密
在这里插入图片描述

BB84

先把表格里的数据提出来，进行纠错

如果EPC1是1或2，则表示APD1是1或ADP2是1，且ADP只有一个为1

同理如果EPC1是3或4，则表示APD3是1或ADP4是1，且ADP只有一个为1

上述如果成功，则EPC1是1或3则密钥赋值0,2或4则赋值1

得到密钥串，通过线性同余方程（ x_n = (A * x_n-1 + B) % M）得到索引串

M为密钥串长度，A、B、x0已知

得到正确密钥之后跟密文异或得到flag

import binascii

from Crypto.PublicKey import RSA
from gmpy2 import gcd

from math import *
from Crypto.Util.number import *
EPC1=[]
ADP1=[]
ADP2=[]
ADP3=[]
ADP4=[]
strr = '0b'
for i in range(len(EPC1)):
    if EPC1[i] == 1:
        if (APD1[i] == 1 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 0) or (APD1[i] == 0 and APD2[i] == 1 and APD3[i] == 0 and APD4[i] == 0):
            strr += '0'
    elif EPC1[i] == 2:
        if (APD1[i] == 0 and APD2[i] == 1 and APD3[i] == 0 and APD4[i] == 0) or (APD1[i] == 1 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 0):
            strr += '1'
    elif EPC1[i] == 3:
        if (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 1 and APD4[i] == 0) or (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 1):
            strr += '0'
    elif EPC1[i] == 4:
        if (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 1) or (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 1 and APD4[i] == 0):
            strr += '1'
strr = strr[2:]
print(strr)
print(len(strr))
envc = 0xD9F7E0F737D4BF641E83D35D201457272ECB952D31F660E8EA9B5A326C55AF011686ADB8F478D1BD3852
env = str(bin(envc))[2:]
A = 1709
B = 2003

M = len(strr)
x0 = 17
c = strr[x0]
flag = '0b'
for i in range(336):
    f = (A * x0 + B) % M
    x0 = f
    c += strr[f]

for i in range(336):
    flag += str((int(c[i], 2) ^ int(env[i], 2)) % 2)
print(long_to_bytes(int(flag, 2)))

badkey1

~~再来补充~~~

e = 65537

while True:
    p = getPrime(512)
    m = inverse(e, p - 1)
    t = (e * m *p - 1) // (p - 1)  # k(q - 1)
    for k in range(1, e + 1):
        if t % k == 0:
            q = t // k + 1
            if isPrime(q) and q.bit_length() == 512:
                print(p, q)