DASCTF Sept X 浙江工业大学秋季挑战赛rsa1

最新推荐文章于 2023-02-09 09:18:27 发布
最新推荐文章于 2023-02-09 09:18:27 发布
阅读量878 收藏 1
点赞数 1
分类专栏: Crypto 文章标签: python rsa
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/a5555678744/article/details/120479747
版权

RSA Wiener攻击 n分解 公钥加密 私钥解密
关键词由CSDN通过智能技术生成

这道题其实比较经典,最早应该是出现在2016年的HCTF,出题的思路可以参照这篇博客

2016 HCTF Crypto 出题总结

#! /usr/bin/env python
# -*- coding: utf-8 -*-

# from flag import get_flag
from hashlib import sha512
import random
from Crypto.Util.number import long_to_bytes, getPrime, bytes_to_long
from libnum import invmod, gcd
from pwn import process, context, remote
import itertools
import time


def m_exit(n):
	print ("==============Game Over!=================")
	exit(n)
def isqrt(n):
    x = n
    y = (x + 1) // 2
    while y < x:
        x = y
        y = (x + n // x) // 2
    if pow(x, 2) == n:
    	return x
    else:
    	return False
def cal_bit(num):
	num = int(num)
	l = len(bin(num))
	return l-2

def pi_b(x):
	bt = 536380958350616057242691418634880594502192106332317228051967064327642091297687630174183636288378234177476435270519631690543765125295554448698898712393467267006465045949611180821007306678935181142803069337672948471202242891010188677287454504933695082327796243976863378333980923047411230913909715527759877351702062345876337256220760223926254773346698839492268265110546383782370744599490250832085044856878026833181982756791595730336514399767134613980006467147592898197961789187070786602534602178082726728869941829230655559180178594489856595304902790182697751195581218334712892008282605180395912026326384913562290014629187579128041030500771670510157597682826798117937852656884106597180126028398398087318119586692935386069677459788971114075941533740462978961436933215446347246886948166247617422293043364968298176007659058279518552847235689217185712791081965260495815179909242072310545078116020998113413517429654328367707069941427368374644442366092232916196726067387582032505389946398237261580350780769275427857010543262176468343294217258086275244086292475394366278211528621216522312552812343261375050388129743012932727654986046774759567950981007877856194574274373776538888953502272879816420369255752871177234736347325263320696917012616273
	return invmod(x, bt)
def con_fra(a, b):
	r = []
	while True:
		if a == 1:
			break
		tmp = a//b
		if tmp != 0:
			r.append(tmp)
		a, b = b, (a-tmp*b)
	return r

def wiener_attack(e, n):
	cf = con_fra(e, n)
	for x in range(len(cf)):
		k, d = 0, 1
		while x >= 0:
			k, d = d, d*cf[x] + k
			x -= 1
		# print "k: %s\nd: %s\n" %(k, d)
		phi_n = (e*d - 1)//k
		B = n - phi_n + 1
		C = n
		dt = pow(B, 2) - 4*C    # b^2 - 4*a*c
		if dt >= 0 and isqrt(dt) and (B+isqrt(dt)) % 2 == 0:
			print ("phi_n: ", hex(phi_n))
			return phi_n
	print ("wiener attack fail!")
def get_ed(p, q):
	k = cal_bit(q*p)          #length
	phi_n = (p-1)*(q-1)
	r = random.randint(10, 99)
	while True:
		u = getPrime(k//4 - r)
		if gcd(u, phi_n) != 1:
			continue
		t = invmod(u, phi_n)
		e = pi_b(t)
		if gcd(e, phi_n) == 1:
			break
	d = invmod(e, phi_n)
	return (e, d)



# def main():
# 	flag = get_flag()
#
# 	p=getPrime(2048)
# 	q=getPrime(2048)
# 	n = p * q
# 	e, d = get_ed(p, q)
# 	print ("n: ", hex(n))
# 	print ("e: ", hex(e))
#
# 	flag = bytes_to_long(flag)
# 	enc_flag = pow(flag, e, n)
# 	print ("Your flag is: ", hex(enc_flag))
	

# if __name__ == '__main__':
# main()
def divide_pq(ed, n):
	# ed = e*d
	k = ed - 1
	while True:
		g = random.randint(3, n-2)
		t = k
		while True:
			if t % 2 != 0:
				break
			t //= 2
			x = pow(g, t, n)
			if x > 1 and gcd(x-1, n) > 1:
				p = gcd(x-1, n)
				return (p, n//p)
import gmpy2
def main():
	n = 0xd1c2e3f292275f19d32508646e0d688214b9262b902aa17abe3b5083e13aaa82cc571c47dce2131f6a46184388eae0496a259e69c577ab593fe41677dbc22b6620bfc9c8608cf0f95360fe760338d7466dea625a416b6b4bb156d1f7d3afe75af1e9b3d38aca9340455e37a260f29ff5836a89729bc6ddf0d3e8f80733f5ce3c8be1200acad645ce8efa958af0e70008e9db567d5d5c7213466236723c9ea36938de81d6e607391cbc1fcc94dbf08f94c9a67d0ab8f2761d64283dea44ad0a6b6f861e1825a7a0820358fbdf7e4c6bd41ad4ffca4ea74cc9985b3474ba767e2c698edf68963a7c9860b0a76965638c6b936844bf6d6559c41ef2ade450c6eba0b4e11dbbcfb6ade6ac67355a8b744fb65b0db2d50f92719dd32f332ec909acf858f82b98d6df1904d82b436b9496a43f4be8e6975d5952177c620ae0bc4381453be7e267792664b3a6a37e603903ef16295e2c69eb6e1059c225f993c97b881c1dbcc1e0d8ab88699403d089f7500d55ed1de381936475186aa6d7ebd149915a65f24d44c64a3f1d868f12ab262df433abab6b9f49a0eb6ca72bd9df90c6e6a5588c593d1deef609e74d42ebbb3afc6bb38306903bdf3c62f6faf379bdad85ccbdcdca72d2d5ef269ae8a28d9ba80b4cb9ca1dc22023cf324196fefe8f7720b7804db438ba52db3f3489050c689f324abdcd3445609fbe37b17ba253c20939f1
	e = 0x78fed22328c65d24ad7578778c2aae728bf65b88a807e47da31941f9efe04d80cd3377389b45e797a2b84165f9b3b77655f52ed3d787a7c89ad8533e28c418e95c324cdfc3a7b1401ea0e7e9d6f7f16542800069fc5d3da23b39441f6a33ace440c07ab18ae40f334e5b7bf7acb44645bcaccae26d0b8087934d45a29b1ccc6c8ff122ab9c7d736741b1c313b0773f77913cc14f7d381985f1a96477c65e2cc28f8865ff1e9a5171ae41fcbc620332caf95faa4c9e6c4016c4d90613c06e848bdd0e5f1b50d4547ee84e116077b38a48549992764700c9cf29d674c8a50aac9b3729ea58fdf80674bc084d72dc9d0e2a96819e268819ae00682b6089a7a4fa6421a00bf182d823487e0400828c8ecb783844a3f630a0a0bcfa6c50402bbfd6151bdd86337e24953b3b60b68c638454f55dcb8dc3335d9a6155f32336fface5a7c992ab8049b8d776515d57a76e4b3c235ec648e7d7e58a98e362f6bbc26679a1fa3623ae15ce7dd677acf56c2665e28bd2ac42f2f3d3dd2d58cf85b3c07262ed5e14122b900b327fe9be62b00c4c2d23a4ba7ffc68d6ada291c4d8b5b95ee062be0840ee5f00bd2c0c69591d071a1fdda8fadaced1f9c5fa85590e89c0e1b12848103a3e47b20d6b7cc8d0005f246c44cd6345397b6ecd8bdb80c788f811f2c9d0d22c81abd0d076cfafed9c41d192f3e16ae8f9de5da059aa4a84e3ac0277fd
	c = 0x24a78c84f2eb33c076614aea25b77bce5f9acc33fe312a4f59f2a9a7eb582df11a8f57610cda565c76929c0ff08eaaee2b3b68bacd20874d389bb859b1d18cabef8e83c855376ef3b3523bbab27e6e80a7c8e2d2dbfe83fd4d3a1e1a0d212ebef1e93fe9d63d298fcd02d2b832c05febe86163b19bb675560ceafa56858491160c539d6087aca55fc1fa7fd6fc7628f78de906b3ac073242edef23e263573488c3ef359a03f06b649d7def9b2ab01faf78e3008a9de44e56970a99216f51979c2cc0a3e37297d27b1a6a95cf829724479dfea29f1751cce5e3ba2ed35716886415f1dfb11f33a7f9dbbbb4d77f34ccd29f889b8f0381c3c18fbec5d5bfe9785a8c49d0bbe7bfc2754d2a8ca911948b0b7551656d421abcbdcaca7515dd7d851787f068aa1a6e86c3921f0c852483ac19c7a263f0d585824ba8226dacfa6520731de00c0517870e7602a3179600fb580f876b045faf48d107f36c48da5e68a7213e23e78b3e1d526b769e295bfb1d571592e403140303fc55a66b305c44de42084a9600cc17fc1426df7181022b65abfc27076037115a186494858b782f07835171786a0449d0fa9b8b49879a95c555b5bc0639e5fefb85897506b3cccfb4a941f83055b649fdf789203b0cc27f09a5160009638dfe9e515bb2bbc349a6d8bc35ccdd7a8a7e5fe84c59cd13ce1a5ba83e2f57f28cc8bd819219e8ad5348746e4b
	bt = 536380958350616057242691418634880594502192106332317228051967064327642091297687630174183636288378234177476435270519631690543765125295554448698898712393467267006465045949611180821007306678935181142803069337672948471202242891010188677287454504933695082327796243976863378333980923047411230913909715527759877351702062345876337256220760223926254773346698839492268265110546383782370744599490250832085044856878026833181982756791595730336514399767134613980006467147592898197961789187070786602534602178082726728869941829230655559180178594489856595304902790182697751195581218334712892008282605180395912026326384913562290014629187579128041030500771670510157597682826798117937852656884106597180126028398398087318119586692935386069677459788971114075941533740462978961436933215446347246886948166247617422293043364968298176007659058279518552847235689217185712791081965260495815179909242072310545078116020998113413517429654328367707069941427368374644442366092232916196726067387582032505389946398237261580350780769275427857010543262176468343294217258086275244086292475394366278211528621216522312552812343261375050388129743012932727654986046774759567950981007877856194574274373776538888953502272879816420369255752871177234736347325263320696917012616273
	t = pi_b(e)
	print("get t = ", hex(t))
	phi_n = wiener_attack(t, n)
	try:
		u = invmod(t, phi_n)
	except:
		return False
	print("get u = ", hex(u))
	qq, pp = divide_pq(u * t, n)
	print("get p = ", hex(pp))
	print("get q = ", hex(qq))
	d = invmod(e, (qq - 1) * (pp - 1))
	print("get d = ", hex(d))
	flag = pow(c, d, n)
	print("get flag: ", long_to_bytes(flag))
if __name__ == '__main__':
	main()

整个脚本很长,大概流程如下:

1.先通过 e 和 bt 直接求 t

2.再通过 t 和 n 求 phi_n (这里的t符合wiener_attack的条件),wiener_attack其实是个求逆元的函数(上面这个只需要多求一步就能得到u了),在这里得到的就是 u(这里我很不理解,为什么要重新求个pp和qq出来,而不能直接求d,似乎是因为我们用 t 和 n 求出来的phi_n似乎不等同与原来的phi_n,有个大佬就没做这一步,好像是非预期解https://github.com/Hcamael/ctf-library/blob/master/RSA1/rsa_s.py

3.下一步的原理是,u 和 t 是关于 phi_n 的逆元,所以两者包含有n的分解的信息,用 u 和 t 代替 e 和 d 辅助进行 n 的分解,即可得解。

mortal15
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
python isodd奇偶_2020DASCTF七月赛-ezrsa
weixin_39657444的博客
12-16 281
from Crypto.Util.number import getPrime,inverse,bytes_to_long,long_to_bytesfrom sympy import isprimem = bytes_to_long(flag)i=0p=getPrime(1024)r=getPrime(1024)while True:i+=1q = 5*p+iif isprime(q) :bre...
DASCTF Sept X 浙江工业大学秋季挑战赛
zylxixixi的博客
10-17 417
hehepwn 首先check一下安全防护机制,全红。 分析程序,程序逻辑非常简单。 思路首先通过strdup泄露栈地址,后面控制返回地址到栈上,执行shellcode。 from pwn import * sh = process('./bypwn') context(os='linux',arch='amd64',log_level='DEBUG') #sh = remote('node4.buuoj.cn',25111) pop_rdi = 0x000000000040092..
2021 DASCTF Sept X 浙江工业大学秋季挑战赛 pwn datasystem
yongbaoii的博客
09-27 330
开了沙箱。 看到两个特征数的时候显然知道是md5了,密码需要md5.
DASCTF Sept X 浙江工业大学秋季挑战赛 hellounser
Tajang的大千世界
02-09 238
我傻逼,当时没做出来,赛后看wp才理解,正则也要复习复习了
[DASCTF Sept X 浙江工业大学秋季挑战赛]hellounser
cosmoslin的博客
09-28 591
hellounser <?php class A { public $var; public function show(){ echo $this->var; } public function __invoke(){ $this->show(); } } class B{ public $func; public $arg; public function show(){
通信安全-L5-Sept. 15 - 对称加密1
08-03
通 信 安 全• 教师:崔爱娇• 编号:ELEC3019• 学时:32学时L5—对称加密算法概 要加密算法DES加密算法对称加密算法AES加密算法小结概 要加密
ED_Sept_Oct.5f75f1ff8bab7_Journal_
10-02
ELECTRONIC ENJINEER JOURNAL 3
Visual Assist X_10.9.2237.0
10-31
Windows 10 Build 15063.608, issued Sept 12th, broke a hook mechanism. Windows Version 1709 (Fall Creators Update), released Oct 17th, broke also CreateWindow(). Microsoft is actively seeking ...
microtca_short_form_sept_2006
07-20
标题“microtca_short_form_sept_2006”和描述中的信息表明,这是一个关于MicroTCA(微型电信计算联盟)技术的标准文档,发布时间为2006年9月。MicroTCA是一种开放标准,它扩展了原有的AdvancedTCA(ATCA)规范,...
chicodes-sept2020-week_5-in_class_hw_1_blog_app
02-12
【标题】"chicodes-sept2020-week_5-in_class_hw_1_blog_app" 是一个关于Python编程的课堂作业项目,旨在构建一个博客应用程序。这个项目的目的是让学生掌握Python语言的基础知识,并通过实际操作来提升编程技能。 ...
DASCTF Sept X 浙江工业大学秋季挑战赛 Misc Girlfriend‘s account
Le1a's Blog
09-26 301
Girlfriend’s account 下载附件,得到一个excel表格,打开得到 flag{账单总金额四舍五入保留至小数点后两位},例如总金额为 543.21 元时,你需要提交 flag{543.21} 也就是说这个excel是个账单,不仅有商品单价,还有购买商品的数量,flag就是计算账单的总额,也就是算他女朋友花了多少钱,然后保留两位小数。 excel有函数可以计算乘法跟求和,但是这里并不是阿拉伯数字,所以我们接下来要做的就是把这个人民币的中文大写数字给转为阿拉伯数字 。百度上查阅一下 百度知道链
2021 DASCTF Sept X 浙江工业大学秋季挑战赛 pwn hahapwn
yongbaoii的博客
09-27 251
有个strdup要注意一下。 有溢出。 通过strdup泄露栈地址,栈上布置shellcode,跳过去就好啦 exp from pwn import* context.log_level='debug' context.arch='amd64' context.os = "linux" context.terminal = ["tmux", "splitw", "-h"] local = 1 if local: r = process('./1111111') else: r = re
DASCTF Sept X 浙江工业大学秋季挑战赛 web
weixin_43610673的博客
09-26 841
hellounser <?php class A { public $var; public function show(){ echo $this->var; } public function __invoke(){ $this->show(); } } class B{ public $func; public $arg; public function __toString(
菜鸡的DASCTF Sept X 浙江工业大学秋季挑战赛WP
克格莫
09-25 1299
1.签到 题目: #!/usr/bin/env python # -*- coding: utf-8 -*- from Crypto.Util.number import * import random flag=b'flag{******************}' n = 2 ** 256 e=bytes_to_long(flag) m = random.randint(2, n-1) | 1 c = pow(m, e, n) #m mod(e)n print('m = ' + str(m)) prin
DASCTF Sept X 浙江工业大学秋季挑战赛 部分wp
Airwooh的博客
09-25 1642
排名28,还是太菜了,web就出了一道,eur1ka yyds MISC Girlfriend’s account import re import xlrd data=xlrd.open_workbook("D:\webtest\information.xls") table = data.sheets()[0] nrows = table.nrows price=table.col_values(0, start_rowx=1, end_rowx=5001) number=table.col.
[DASCTF-Sept-X] 双目失明,身残志坚
西电卢本伟的博客
04-28 1069
MISC、盲水印攻击
python xlrd对excel文件的读取
xu19950525的博客
10-09 545
XLRD库主要是对文件进行读取,写文件一般用xlwt库,该库遵循 ”读取修改覆盖“ 的原则。 import xlrd # 打开文件 workbook = xlrd.open_workbook('C:/Users/Administrator/Desktop/s4.xlsx') sheet2_name = workbook.sheet_names() # 获取所有sheet名称 prin...
2020五月赛DASCTF
cwr1499640048的博客
07-01 1026
bbcrypto # -*- coding:utf-8 -*- import A,SALT from itertools import * def encrypt(m, a, si): c="" for i in range(len(m)): c+=hex(((ord(m[i])) * a + ord(next(si))) % 128)[2:].zfill(2) return c if __name__ == "__main__": m = 'flag{**
HCTF 2016 fheap 做题笔记
fa1c4的blog
08-21 501
前言 一道UAF题, HCTF 2016 - fheap ctfhub搜fheap 过程 __int64 __fastcall main(int a1, char **a2, char **a3) { char buf[1032]; // [rsp+0h] [rbp-410h] BYREF unsigned __int64 v5; // [rsp+408h] [rbp-8h] v5 = __readfsqword(0x28u); setbuf(stdout, 0LL); setbu
轩禹ctf rsa工具
最新发布
12-02
轩禹ctf rsa工具是一款专门用于解密和加密RSA算法的软件工具。RSA算法是一种非对称加密算法,广泛用于安全通信和数字签名领域。这款工具可以帮助安全研究人员、网络管理员以及CTF比赛选手在RSA算法相关的问题上快速解决难题。 轩禹ctf rsa工具提供了一系列功能,包括生成RSA密钥对、加密和解密数据、签名和验证数据等。用户可以方便地使用这些功能来进行RSA算法的相关操作,无需手动编写复杂的算法代码,极大地简化了工作流程。 与此同时,轩禹ctf rsa工具还提供了丰富的文档和教程,帮助用户快速上手并掌握相关知识。用户可以通过阅读文档和教程,了解RSA算法的原理和应用,提高自己在RSA算法领域的能力。 总的来说,轩禹ctf rsa工具是一款功能齐全、易用便捷的RSA算法工具,可以帮助用户解决RSA算法相关的问题,并提高在安全通信和数字签名领域的能力。它不仅适用于安全研究人员和网络管理员,也适合CTF比赛选手在比赛中应对RSA算法相关的挑战。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值