85.[ACTF新生赛2020]crypto-rsa3
查看题目
//output.txt
177606504836499246970959030226871608885969321778211051080524634084516973331441644993898029573612290095853069264036530459253652875586267946877831055147546910227100566496658148381834683037366134553848011903251252726474047661274223137727688689535823533046778793131902143444408735610821167838717488859902242863683
1457390378511382354771000540945361168984775052693073641682375071407490851289703070905749525830483035988737117653971428424612332020925926617395558868160380601912498299922825914229510166957910451841730028919883807634489834128830801407228447221775264711349928156290102782374379406719292116047581560530382210049
//rsa3.py
from flag import FLAG
from Cryptodome.Util.number import *
import gmpy2
import random
e=65537
p = getPrime(512)
q = int(gmpy2.next_prime(p))
n = p*q
m = bytes_to_long(FLAG)
c = pow(m,e,n)
print(n)
print(c)
很明显文本里面的一堆数字就是n和c的值
那就很简单了,我们用yafu来分解N,也可以在线分解
factor(177606504836499246970959030226871608885969321778211051080524634084516973331441644993898029573612290095853069264036530459253652875586267946877831055147546910227100566496658148381834683037366134553848011903251252726474047661274223137727688689535823533046778793131902143444408735610821167838717488859902242863683)
fac: factoring 177606504836499246970959030226871608885969321778211051080524634084516973331441644993898029573612290095853069264036530459253652875586267946877831055147546910227100566496658148381834683037366134553848011903251252726474047661274223137727688689535823533046778793131902143444408735610821167838717488859902242863683
fac: using pretesting plan: normal
fac: no tune info: using qs/gnfs crossover of 95 digits
div: primes less than 10000
fmt: 1000000 iterations
Total factoring time = 0.6794 seconds
***factors found***
P155 = 13326909050357447643526585836833969378078147057723054701432842192988717649385731430095055622303549577233495793715580004801634268505725255565021519817179293
P155 = 13326909050357447643526585836833969378078147057723054701432842192988717649385731430095055622303549577233495793715580004801634268505725255565021519817179231
ans = 1
pq的值youlepy文件里面还有e
那么我们直接带入脚本就可以了(前面写了那么多脚本,我觉得你可以创一个文件夹,到时候把这些带入就可以了,而不是每次都要重新敲)
import gmpy2
p = 13326909050357447643526585836833969378078147057723054701432842192988717649385731430095055622303549577233495793715580004801634268505725255565021519817179293
q = 13326909050357447643526585836833969378078147057723054701432842192988717649385731430095055622303549577233495793715580004801634268505725255565021519817179231
c=1457390378511382354771000540945361168984775052693073641682375071407490851289703070905749525830483035988737117653971428424612332020925926617395558868160380601912498299922825914229510166957910451841730028919883807634489834128830801407228447221775264711349928156290102782374379406719292116047581560530382210049
n=177606504836499246970959030226871608885969321778211051080524634084516973331441644993898029573612290095853069264036530459253652875586267946877831055147546910227100566496658148381834683037366134553848011903251252726474047661274223137727688689535823533046778793131902143444408735610821167838717488859902242863683
e=65537
phin = (p-1)*(q-1)
d=gmpy2.invert(e,phin)
print(d)
m = pow(c,d,n)
print(m)
print(hex(m))
print(bytes.fromhex(hex(m)[2:]))
运行得到
114211034069753334213407653232239453818305554069013328909434825806153521279281576615085197039081989621124429727689023600024199258261862403729485816990985486996847830048775714906620288796636212142553235764374111120941140149895595289559560740951667825123772519353303069022288432998660657137564563315041240411393
893441512863695667867454629314548913750576288726628646106246575194731343607717680126106810553506844477056381
0x616374667b705f616e645f715f73686f756c645f6e6f745f62655f736f5f636c6f73655f696e5f76616c75657d
b'actf{p_and_q_should_not_be_so_close_in_value}'
86.[RoarCTF2019]babyRSA
查看题目
import sympy
import random
def myGetPrime():
A= getPrime(513)
print(A)
B=A-random.randint(1e3,1e5)
print(B)
return sympy.nextPrime((B!)%A)
p=myGetPrime()
#A1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467234407
#B1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467140596
q=myGetPrime()
#A2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858418927
#B2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858351026
r=myGetPrime()
n=p*q*r
#n=85492663786275292159831603391083876175149354309327673008716627650718160585639723100793347534649628330416631255660901307533909900431413447524262332232659153047067908693481947121069070451562822417357656432171870951184673132554213690123308042697361969986360375060954702920656364144154145812838558365334172935931441424096270206140691814662318562696925767991937369782627908408239087358033165410020690152067715711112732252038588432896758405898709010342467882264362733
c=pow(flag,e,n)
#e=0x1001
#c=75700883021669577739329316795450706204502635802310731477156998834710820770245219468703245302009998932067080383977560299708060476222089630209972629755965140317526034680452483360917378812244365884527186056341888615564335560765053550155758362271622330017433403027261127561225585912484777829588501213961110690451987625502701331485141639684356427316905122995759825241133872734362716041819819948645662803292418802204430874521342108413623635150475963121220095236776428
#so,what is the flag?
做这题看到阶乘一下想到了 gxzy2020 的一题,也是考到了威尔逊定理(Wilson’s theorem):当且仅当p为素数时:( p -1 )! ≡ -1 ( mod p )。
阶乘只乘到 B ,所以把(B+1)乘到(A-1)这一段也补上就得到了威尔逊公式,反之我们可以由用 -1 乘这一段的模反数,就得到了题目中的 (B!)%A 。
from Crypto.Util.number import *
from sympy import nextprime
A1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467234407
B1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467140596
A2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858418927
B2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858351026
def f(a,b,P):# a*(a+1)*...*b (mod P)
ans=1
for i in range(a,b+1):
ans*=i
ans%=P
return ans%P
inv1=inverse(f(B1+1,A1-1,A1),A1)
ans1=((A1-1)*inv1)%A1
p=nextprime(ans1)
inv2=inverse(f(B2+1,A2-1,A2),A2)
ans2=((A2-1)*inv2)%A2
q=nextprime(ans2)
e=0x1001
c=75700883021669577739329316795450706204502635802310731477156998834710820770245219468703245302009998932067080383977560299708060476222089630209972629755965140317526034680452483360917378812244365884527186056341888615564335560765053550155758362271622330017433403027261127561225585912484777829588501213961110690451987625502701331485141639684356427316905122995759825241133872734362716041819819948645662803292418802204430874521342108413623635150475963121220095236776428
n=85492663786275292159831603391083876175149354309327673008716627650718160585639723100793347534649628330416631255660901307533909900431413447524262332232659153047067908693481947121069070451562822417357656432171870951184673132554213690123308042697361969986360375060954702920656364144154145812838558365334172935931441424096270206140691814662318562696925767991937369782627908408239087358033165410020690152067715711112732252038588432896758405898709010342467882264362733
r=(n//p)//q
assert isPrime(r)
d=inverse(e,(p-1)*(q-1)*(r-1))
m=pow(c,d,n)
print(long_to_bytes(m))
运行得到
b'RoarCTF{wm-CongrAtu1ation4-1t4-ju4t-A-bAby-R4A}'
87.坏蛋是雷宾
查看题目
老牌刺客之王混进了女王的住所。一天,女王得到了一个匿名举报,说她的侍卫里有一个刺客,叫做Rabin,而他的信息就在一份文件里,文件中有附带一个Pk,是523798549,密文是162853095,校验码二进制值是110001,根据说明是放在明文后一起加密的,明文与密文长度相同。加密算法和这位老牌刺客同名。快拯救女王,答案是求得的明文,进行32位md5小写哈希字符串,提交即可。 注意:得到的 flag 请包上 flag{} 提交
n分解然后写脚本
'''// python2'''
from gmpy2 import *
import hashlib
n=523798549
p=10663
q=49123
e=2
c=162853095
inv_p = invert(p, q)
inv_q = invert(q, p)
mp = pow(c, (p + 1) / 4, p)
mq = pow(c, (q + 1) / 4, q)
a = (inv_p * p * mq + inv_q * q * mp) % n
b = n - int(a)
c = (inv_p * p * mq - inv_q * q * mp) % n
d = n - int(c)
for i in (a, b, c, d):
print(bin(i)[2:])
#在得出的四个解中,找到二进制符合题目的解
#10010011100100100101010110001
m='10010011100100100101010'
mc=str(int(m,2))
md=hashlib.md5()
md.update(mc.encode("utf8"))
flag = md.hexdigest()
print("flag{"+str(flag)+'}')
#flag{ca5cec442b2734735406d78c88e90f35}
88.[AFCTF2018]Single
查看题目
Jmqrida rva Lfmz (JRL) eu m uqajemf seny xl enlxdomrexn uajiderc jxoqarerexnu. Rvada mda rvdaa jxooxn rcqau xl JRLu: Paxqmdyc, Mrrmjs-Yalanja mny oekay.
Paxqmdyc-urcfa JRLu vmu m jxiqfa xl giaurexnu (rmusu) en dmnza xl jmrazxdeau. Lxd akmoqfa, Wab, Lxdanuej, Jdcqrx, Benmdc xd uxoarvenz afua. Ramo jmn zmen uxoa qxenru lxd atadc uxftay rmus. Oxda qxenru lxd oxda jxoqfejmray rmusu iuimffc. Rva nakr rmus en jvmen jmn ba xqanay xnfc mlrad uxoa ramo uxfta qdatexiu rmus. Rvan rva zmoa reoa eu xtad uio xl qxenru uvxwu cxi m JRL wenad. Lmoxiu akmoqfa xl uijv JRL eu Yaljxn JRL gimfu.
Waff, mrrmjs-yalanja eu mnxrvad enradaurenz seny xl jxoqarerexnu. Vada atadc ramo vmu xwn narwxds(xd xnfc xna vxur) werv tifnmdmbfa uadtejau. Cxid ramo vmu reoa lxd qmrjvenz cxid uadtejau mny yatafxqenz akqfxeru iuimffc. Ux, rvan xdzmnehadu jxnnajru qmdrejeqmnru xl jxoqarerexn mny rva wmdzmoa urmdru! Cxi uvxify qdxrajr xwn uadtejau lxd yalanja qxenru mny vmjs xqqxnanru lxd mrrmjs qxenru. Veurxdejmffc rveu eu m ledur rcqa xl JRLu, atadcbxyc snxwu mbxir YAL JXN JRL - uxoarvenz fesa m Wxdfy Jiq xl mff xrvad jxoqarerexnu.
Oekay jxoqarerexnu omc tmdc qxuuebfa lxdomru. Er omc ba uxoarvenz fesa wmdzmoa werv uqajemf reoa lxd rmus-bmuay afaoanru (a.z. IJUB eJRL).
JRL zmoau xlran rxijv xn omnc xrvad muqajru xl enlxdomrexn uajiderc: jdcqrxzdmqvc, urazx, benmdc mnmfcueu, datadua anzanaadenz, oxbefa uajiderc mny xrvadu. Zxxy ramou zanadmffc vmta urdxnz useffu mny akqadeanja en mff rvaua euuiau.
Iuimffc, lfmz eu uxoa urdenz xl dmnyxo ymrm xd rakr en uxoa lxdomr. Akmoqfa mljrl{
Xv_I_lxiny_er_neja_rDc}
我看到这我就直接去在线爆破了
爆破结果
0 -1.448 Capture the Flag (CTF) is a special kind of information security competitions. There are three common types of CTFs: Jeopardy, Attack-Defence and mixed. Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over sum of points shows you a CTF winer. Famous example of such CTF is Defcon CTF quals. Well, attack-defence is another interesting kind of competitions. Here every team has own network(or only one host) with vulnarable services. Your team has time for patching your services and developing exploits usually. So, then organizers connects participants of competition and the wargame starts! You should protect own services for defence points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about DEF CON CTF - something like a World Cup of all other competitions. Mixed competitions may vary possible formats. It may be something like wargame with special time for task-based elements (e.g. UCSB iCTF). CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues. Usually, flag is some string of random data or text in some format. Example afctf{
Oh_U_found_it_nice_tRy}
1 -3.331 Capture the Flag (CTF) is a special ?ind of information security competitions. There are three common types of CTFs: ?eopardy, Attac?-Defence and mixed. ?eopardy-style CTFs has a couple of ?uestions (tas?s) in range of categories. For example, ?eb, Forensic, Crypto, Binary or something else. Team can gain some points for every solved tas?. More points for more complicated tas?s usually. The next tas? in chain can be opened only after some team solve previous tas?. Then the game time is over sum of points sho?s you a CTF ?iner. Famous example of such CTF is Defcon CTF ?uals. ?ell, attac?-defence is another interesting ?ind of competitions. Here every team has o?n net?or?(or only one host) ?ith vulnarable services. Your team has time for patching your services and developing exploits usually. So, then organi?ers connects participants of competition and the ?argame starts! You should protect o?n services for defence points and hac? opponents for attac? points. Historically this is a first type of CTFs, everybody ?no?s about DEF CON CTF - something li?e a ?orld Cup of all other competitions. Mixed competitions may vary possible formats. It may be something li?e ?argame ?ith special time for tas?-based elements (e.g. UCSB iCTF). CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong s?ills and experience in all these issues. Usually, flag is some string of random data or text in some format. Example afctf{
Oh_U_found_it_nice_tRy}
2 -3.341 Capture the Flag (CTF) is a special ?in? of information security competitions. There are three common types of CTFs: ?eopar?y, Attac?-?efence an? mixe?. ?eopar?y-style CTFs has a couple of ?uestions (tas?s) in range of categories. For example, ?e?, Forensic, Crypto, ?inary or something else. Team can gain some points for e?ery sol?e? tas?. More points for more complicate? tas?s usually. The next tas? in chain can ?e opene? only after some team sol?e pre?ious tas?. Then the game time is o?er sum of points sho?s you a CTF ?iner. Famous example of such CTF is ?efcon CTF ?uals. ?ell, attac?-?efence is another interesting ?in? of competitions. Here e?ery team has o?n net?or?(or only one host) ?ith ?ulnara?le ser?ices. Your team has time for patching your ser?ices an? ?e?eloping exploits usually. So, then organi?ers connects participants of competition an? the ?argame starts! You shoul? protect o?n ser?ices for ?efence points an? hac? opponents for attac? points. Historically this is a first type of CTFs, e?ery?o?y ?no?s a?out ?EF CON CTF - something li?e a ?orl? Cup of all other competitions. Mixe? competitions may ?ary possi?le formats. It may ?e something li?e ?argame ?ith special time for tas?-?ase? elements (e.g. UCS? iCTF). CTF games often touch on many other aspects of information security: cryptography, stego, ?inary analysis, re?erse engeneering, mo?ile security an? others. Goo? teams generally ha?e strong s?ills an? experience in all these issues. Usually, flag is some string of ran?om ?ata or text in some format. Example afctf{
Oh_U_foun?_it_nice_tRy}
3 -3.344 Capture twe Flag (CTF) is a special ?ind of information security competitions. Twere are twree common types of CTFs: ?eopardy, Attac?-Defence and mixed. ?eopardy-style CTFs was a couple of ?uestions (tas?s) in range of categories. For example, ?eb, Forensic, Crypto, Binary or sometwing else. Team can gain some points for every solved tas?. More points for more complicated tas?s usually. Twe next tas? in cwain can be opened only after some team solve previous tas?. Twen twe game time is over sum of points swo?s you a CTF ?iner. Famous example of sucw CTF is Defcon CTF ?uals. ?ell, attac?-defence is anotwer interesting ?ind of competitions. Were every team was o?n net?or?(or only one wost) ?itw vulnarable services. Your team was time for patcwing your services and developing exploits usually. So, twen organi?ers connects participants of competition and twe ?argame starts! You swould protect o?n services for defence points and wac? opponents for attac? points. Wistorically twis is a first type of CTFs, everybody ?no?s about DEF CON CTF - sometwing li?e a ?orld Cup of all otwer competitions. Mixed competitions may vary possible formats. It may be sometwing li?e ?argame ?itw special time for tas?-based elements (e.g. UCSB iCTF). CTF games often toucw on many otwer aspects of information security: cryptograpwy, stego, binary analysis, reverse engeneering, mobile security and otwers. Good teams generally wave strong s?ills and experience in all twese issues. Usually, flag is some string of random data or text in some format. Example afctf{
Ow_U_found_it_nice_tRy}
4 -3.344 Capture the Flag (CTF) is a special ?ind of information security competitions. There are three common types of CTFs: ?eopardy, Attac?-Defence and mixed. ?eopardy-style CTFs has a couple of ?uestions (tas?s) in range of categories. For example, ?e?, Forensic, Crypto, ?inary or something else. Team can gain some points for e?ery sol?ed tas?. More points for more complicated tas?s usually. The next tas? in chain can ?e opened only after some team sol?e pre?ious tas?. Then the game time is o?er sum of points sho?s you a CTF ?iner. Famous example of such CTF is Defcon CTF ?uals. ?ell, attac?-defence is another interesting ?ind of competitions. Here e?ery team has o?n net?or?(or only one host) ?ith ?ulnara?le ser?ices. Your team has time for patching your ser?ices and de?eloping exploits usually. So, then organi?ers connects participants of competition and the ?argame starts! You should protect o?n ser?ices for defence points and hac? opponents for attac? points. Historically this is a first type of CTFs, e?ery?ody ?no?s a?out DEF CON CTF - something li?e a ?orld Cup of all other competitions. Mixed competitions may ?ary possi?le formats. It may ?e something li?e ?argame ?ith special time for tas?-?ased elements (e.g. UCS? iCTF). CTF games often touch on many other aspects of information security: cryptography, stego, ?inary analysis, re?erse engeneering, mo?ile security and others. Good teams generally ha?e strong s?ills and experience in all these issues. Usually, flag is some string of random data or text in some format. Example afctf{
Oh_U_found_it_nice_tRy}
5 -3.345 Capture the Fla? (CTF) is a special ?ind of information security competitions. There are three common types of CTFs: ?eopardy, Attac?-Defence and mixed. ?eopardy-style CTFs has a couple of ?uestions (tas?s) in ran?e of cate?ories. For example, ?eb, Forensic, Crypto, Binary or somethin? else. Team can ?ain some points for every solved tas?. More points for more complicated tas?s usually. The next tas? in chain can be opened only after some team solve previous tas?. Then the ?ame time is over sum of points sho?s you a CTF ?iner. Famous example of such CTF is Defcon CTF ?uals. ?ell, attac?-defence is another interestin? ?ind of competitions. Here every team has o?n net?or?(or only one host) ?ith vulnarable services. Your team has time for patchin? your services and developin? exploits usually. So, then or?ani?ers connects participants of competition and the ?ar?ame starts! You should protect o?n services for defence points and hac? opponents for attac? points. Historically this is a first type of CTFs, everybody ?no?s about DEF CON CTF - somethin? li?e a ?orld Cup of all other competitions. Mixed competitions may vary possible formats. It may be somethin? li?e ?ar?ame ?ith special time for tas?-based elements (e.?. UCSB iCTF). CTF ?ames often touch on many other aspects of information security: crypto?raphy, ste?o, binary analysis, reverse en?eneerin?, mobile security and others. ?ood teams ?enerally have stron? s?ills and experience in all these issues. Usually, fla? is some strin? of random data or text in some format. Example afctf{
Oh_U_found_it_nice_tRy}
6 -3.345 Capture the Flag (CTF) is a special ?ind of information security competitions. There are three common types of CTFs: ?eopardy, Attac?-Defence and mi?ed. ?eopardy-style CTFs has a couple of ?uestions (tas?s) in range of categories. For e?ample, ?eb, Forensic, Crypto, Binary or something else. Team can gain some points for every solved tas?. More points for more complicated tas?s usually. The ne?t tas? in chain can be opened only after some team solve previous tas?. Then the game time is over sum of points sho?s you a CTF ?iner. Famous e?ample of such CTF is Defcon CTF ?uals. ?ell, attac?-defence is another interesting ?ind of competitions. Here every team has o?n net?or?(or only one host) ?ith vulnarable services. Your team has time for patching your services and developing e?ploits usually. So, then organi?ers connects participants of competition and the ?argame starts! You should protect o?n services for defence points and hac? opponents for attac? points. Historically this is a first type of CTFs, everybody ?no?s about DEF CON CTF - something li?e a ?orld Cup of all other competitions. Mi?ed competitions may vary possible formats. It may be something li?e ?argame ?ith special time for tas?-based elements (e.g. UCSB iCTF). CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong s?ills and e?perience in all these issues. Usually, flag is some string of random data or te?t in some format. E?ample afctf{
Oh_U_found_it_nice_tRy}
7 -3.357 Capture twe Fla? (CTF) is a special ?ind of information security competitions. Twere are twree common types of CTFs: ?eopardy, Attac?-Defence and mixed. ?eopardy-style CTFs was a couple of ?uestions (tas?s) in ran?e of cate?ories. For example, ?eb, Forensic, Crypto, Binary or sometwin? else. Team can ?ain some points for every solved tas?. More points for more complicated tas?s usually. Twe next tas? in cwain can be opened only after some team solve previous tas?. Twen twe ?ame time is over sum of points swo?s you a CTF ?iner. Famous example of sucw CTF is Defcon CTF ?uals. ?ell, attac?-defence is anotwer interestin? ?ind of competitions. Were every team was o?n net?or?(or only one wost) ?itw vulnarable services. Your team was time for patcwin? your services and developin? exploits usually. So, twen or?ani?ers connects participants of competition and twe ?ar?ame starts! You swould protect o?n services for defence points and wac? opponents for attac? points. Wistorically twis is a first type of CTFs, everybody ?no?s about DEF CON CTF - sometwin? li?e a ?orld Cup of all otwer competitions. Mixed competitions may vary possible formats. It may be sometwin? li?e ?ar?ame ?itw special time for tas?-based elements (e.?. UCSB iCTF). CTF ?ames often toucw on many otwer aspects of information security: crypto?rapwy, ste?o, binary analysis, reverse en?eneerin?, mobile security and otwers. ?ood teams ?enerally wave stron? s?ills and experience in all twese issues. Usually, fla? is some strin? of random data or text in some format. Example afctf{
Ow_U_found_it_nice_tRy}
8 -3.357 Capture twe Flag (CTF) is a special ?ind of information security competitions. Twere are twree common types of CTFs: ?eopardy, Attac?-Defence and mi?ed. ?eopardy-style CTFs was a couple of ?uestions (tas?s) in range of categories. For e?ample, ?eb, Forensic, Crypto, Binary or sometwing else. Team can gain some points for every solved tas?. More points for more complicated tas?s usually. Twe ne?t tas? in cwain can be opened only after some team solve previous tas?. Twen twe game time is over sum of points swo?s you a CTF ?iner. Famous e?ample of sucw CTF is Defcon CTF ?uals. ?ell, attac?-defence is anotwer interesting ?ind of competitions. Were every team was o?n net?or?(or only one wost) ?itw vulnarable services. Your team was time for patcwing your services and developing e?ploits usually. So, twen organi?ers connects participants of competition and twe ?argame starts! You swould protect o?n services for defence points and wac? opponents for attac? points. Wistorically twis is a first type of CTFs, everybody ?no?s about DEF CON CTF - sometwing li?e a ?orld Cup of all otwer competitions. Mi?ed competitions may vary possible formats. It may be sometwing li?e ?argame ?itw special time for tas?-based elements (e.g. UCSB iCTF). CTF games often toucw on many otwer aspects of information security: cryptograpwy, stego, binary analysis, reverse engeneering, mobile security and otwers. Good teams generally wave strong s?ills and e?perience in all twese issues. Usually, flag is some string of random data or te?t in some format. E?ample afctf{
Ow_U_found_it_nice_tRy}
9 -3.358 Capture twe Flag (CTF) is a special ?ind of information security competitions. Twere are twree common types of CTFs: ?eopardy, Attac?-Defence and mixed. ?eopardy-style CTFs was a couple of ?uestions (tas?s) in range of categories. For example, ?e?, Forensic, Crypto, ?inary or sometwing else. Team can gain some points for e?ery sol?ed tas?. More points for more complicated tas?s usually. Twe next tas? in cwain can ?e opened only after some team sol?e pre?ious tas?. Twen twe game time is o?er sum of points swo?s you a CTF ?iner. Famous example of sucw CTF is Defcon CTF ?uals. ?ell, attac?-defence is anotwer interesting ?ind of competitions. Were e?ery team was o?n net?or?(or only one wost) ?itw ?ulnara?le ser?ices. Your team was time for patcwing your ser?ices and de?eloping exploits usually. So, twen organi?ers connects participants of competition and twe ?argame starts! You swould protect o?n ser?ices for defence points and wac? opponents for attac? points. Wistorically twis is a first type of CTFs, e?ery?ody ?no?s a?out DEF CON CTF - sometwing li?e a ?orld Cup of all otwer competitions. Mixed competitions may ?ary possi?le formats. It may ?e sometwing li?e ?argame ?itw special time for tas?-?ased elements (e.g. UCS? iCTF). CTF games often toucw on many otwer aspects of information security: cryptograpwy, stego, ?inary analysis, re?erse engeneering, mo?ile security and otwers. Good teams generally wa?e strong s?ills and experience in all twese issues. Usually, flag is some string of random data or text in some format. Example afctf{
Ow_U_found_it_nice_tRy}
拿第一个提交即可afctf{Oh_U_found_it_nice_tRy}
89.[RoarCTF2019]RSA
查看题目
这道题看着有A什么的但是给了NC
咱还是试一下在线分解N
结果就是一分解就分解出来了
然后有npqc直接写脚本即可(e一般为65537)
import gmpy2
q = 842868045681390934539739959201847552284980179958879667933078453950968566151662147267006293571765463137270594151138695778986165111380428806545593588078365331313084230014618714412959584843421586674162688321942889369912392031882620994944241987153078156389470370195514285850736541078623854327959382156753458569
p = 139916095583110895133596833227506693679306709873174024876891023355860781981175916446323044732913066880786918629089023499311703408489151181886568535621008644997971982182426706592551291084007983387911006261442519635405457077292515085160744169867410973960652081452455371451222265819051559818441257438021073941183
c=41971850275428383625653350824107291609587853887037624239544762751558838294718672159979929266922528917912189124713273673948051464226519605803745171340724343705832198554680196798623263806617998072496026019940476324971696928551159371970207365741517064295956376809297272541800647747885170905737868568000101029143923792003486793278197051326716680212726111099439262589341050943913401067673851885114314709706016622157285023272496793595281054074260451116213815934843317894898883215362289599366101018081513215120728297131352439066930452281829446586562062242527329672575620261776042653626411730955819001674118193293313612128
n=117930806043507374325982291823027285148807239117987369609583515353889814856088099671454394340816761242974462268435911765045576377767711593100416932019831889059333166946263184861287975722954992219766493089630810876984781113645362450398009234556085330943125568377741065242183073882558834603430862598066786475299918395341014877416901185392905676043795425126968745185649565106322336954427505104906770493155723995382318346714944184577894150229037758434597242564815299174950147754426950251419204917376517360505024549691723683358170823416757973059354784142601436519500811159036795034676360028928301979780528294114933347127
e=65537
phin = (p-1)*(q-1)
d=gmpy2.invert(e,phin)
print(d)
m = pow(c,d,n)
print(m)
print(hex(m))
print(bytes.fromhex(hex(m)[2:]))
运行得到
8599589881775512182490339390302384847126810744233969198532121090013876515514061191844004921719994842305490870513682688025890863319222633068753414378485078624510630709922513396281417153363777832648184544232199294766471900485392788050293515601012127448268872412182805907996901141107293140818104160339368182321217372234809523842344722549604286239338414176997138752498663184064331483582259621245748238876057665171100280468834141443144340932719393320666917904802256624401993129580989389345716562456345455121702090606106185465724822179950100180548721991615891176882567105125169912160252167465495939533501038099782250065
2222445378180646636797706006131586301300018090566246580838853918878845
0x526f61724354467b776d2d6c316c316c6c316c316c316c3131316c6c7d
b'RoarCTF{wm-l1l1ll1l1l1l111ll}'
flag包裹提交即可
90.[WUSTCTF2020]B@se
查看题目
先看一下base编码少了那四位
import string
s = "JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs****kxyz012789+/"
for i in string.ascii_letters + string.digits:
if(i not in s):
print(i)
得到
j
u
3
4
补全跑一下
from Crypto.Util.number import *
from gmpy2 import *
from functools import reduce
import sympy
import itertools
# JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs****kxyz012789+/
# coding:utf-8
def My_base64_encode(inputs, s):
bin_str = []
for i in inputs:
x = str(bin(ord(i))).replace('0b', '')
bin_str.append('{:0>8}'.format(x))
# print(bin_str)
outputs = ""
nums = 0
while bin_str:
temp_list = bin_str[:3]
if (len(temp_list) != 3):
nums = 3 - len(temp_list)
while len(temp_list) < 3:
temp_list += ['0' * 8]
temp_str = "".join(temp_list)
# print(temp_str)
temp_str_list = []
for i in range(0, 4):
temp_str_list.append(int(temp_str[i * 6:(i + 1) * 6], 2))
# print(temp_str_list)
if nums:
temp_str_list = temp_str_list[0:4 - nums]
for i in temp_str_list:
outputs += s[i]
bin_str = bin_str[3:]
outputs += nums * '='
print("Encrypted String:\n%s " % outputs)
def My_base64_decode(inputs, s):
bin_str = []
for i in inputs:
if i != '=':
x = str(bin(s.index(i))).replace('0b', '')
bin_str.append('{:0>6}'.format(x))
# print(bin_str)
outputs = ""
nums = inputs.count('=')
while bin_str:
temp_list = bin_str[:4]
temp_str = "".join(temp_list)
# print(temp_str)
if (len(temp_str) % 8 != 0):
temp_str = temp_str[0:-1 * nums * 2]
for i in range(0, int(len(temp_str) / 8)):
outputs += chr(int(temp_str[i * 8:(i + 1) * 8], 2))
bin_str = bin_str[4:]
print("Decrypted String:\n%s " % outputs)
# s = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
h = ['j', 'u', '3', '4']
h1 = list(itertools.permutations(h, 4))
for i in h1:
m = "".join(i)
s = "JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs" + m + "kxyz012789+/"
input_str = "MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD=="
# My_base64_encode(input_str)
My_base64_decode(input_str, s)
运行得到
Decrypted String:
wctf2220{
bape64_p_v0ry_e@py_and_fuN}
Decrypted String:
wctf2320{
bape64_p_v0ry_e@py_and_fuN}
Decrypted String:
wctf2120{
bape64_p_v0ry_e@py_and_fuN}
Decrypted String:
wctf2120{
bape64_p_v0ry_e@py_and_fuN}
Decrypted String:
wctf2320{
bape64_p_v0ry_e@py_and_fuN}
Decrypted String:
wctf2220{
bape64_p_v0ry_e@py_and_fuN}
Decrypted String:
wctf2220{
baqe64_q_v1ry_e@qy_and_fuN}
Decrypted String:
wctf2320{
baqe64_q_v1ry_e@qy_and_fuN}
Decrypted String:
wctf2120{
bare64_!r_v2ry_e@ry_and_fuN}
Decrypted String:
wctf2120{
base64_1s_v3ry_e@sy_and_fuN}
Decrypted String:
wctf2320{
bare64_!r_v2ry_e@ry_and_fuN}
Decrypted String:
wctf2220{
base64_1s_v3ry_e@sy_and_fuN}
Decrypted String:
wctf2020{
baqe64_q_v1ry_e@qy_and_fuN}
Decrypted String:
wctf2020{
baqe64_q_v1ry_e@qy_and_fuN}
Decrypted String:
wctf2020{
bare64_!r_v2ry_e@ry_and_fuN}
Decrypted String:
wctf2020{
base64_1s_v3ry_e@sy_and_fuN}
Decrypted String:
wctf2020{
bare64_!r_v2ry_e@ry_and_fuN}
Decrypted String:
wctf2020{
base64_1s_v3ry_e@sy_and_fuN}
Decrypted String:
wctf2320{
baqe64_q_v1ry_e@qy_and_fuN}
Decrypted String:
wctf2220{
baqe64_q_v1ry_e@qy_and_fuN}
Decrypted String:
wctf2320{
bare64_!r_v2ry_e@ry_and_fuN}
Decrypted String:
wctf2220{
base64_1s_v3ry_e@sy_and_fuN}
Decrypted String:
wctf2120{
bare64_!r_v2ry_e@ry_and_fuN}
Decrypted String:
wctf2120{
base64_1s_v3ry_e@sy_and_fuN}
很明显这里面的
Decrypted String:
wctf2220{
base64_1s_v3ry_e@sy_and_fuN}
是最通顺的
flag包裹提交
91.[HDCTF2019]together
查看题目
看到第一个结尾两个等号就很兴奋
结果base解密不出来
看到后面两个就直接KEY就直接公钥解析
两个得到的N是一样的,
base64是一种编码方式而不是一种加密算法
所以将他转换成unicode编码,然后再转换成数
结合共模攻击,flag就出来了
import base64
f1="R3Noy6r3WLItytAmb4FmHEygoilucEEZbO9ZYXx5JN03HNpBLDx7fXd2fl+UL5+11RCs/y0qlTGURWWDtG66eNLzGwNpAKiVj6I7RtUJl2Pcm3NvFeAFwI9UsVREyh7zIV6sI9ZP8l/2GVDorLAz5ULW+f0OINGhJmZm8FL/aDnlfTElhQ87LPicWpXYoMtyr6WrxjK6Ontn8BqCt0EjQ7TeXZhxIH9VTPWjDmFdmOqaqdVIT+LZemTgLNESwM5nn4g5S3aFDFwj1YiDYl0/+8etvKfOrfoKOwR0CxsRHagwdUUTES8EcHLmMGCxCkDZn3SzmmA6Nb3lgLeSgG8P1A=="
f2="O+rRCXI3aTB6P1rYIOPUdalUp6ujpwEq4I20CoWA+HIL8xxGtqY6N5gpr0guZv9ZgOEAMFnBxOqMdVNnB9GgnhmXtt1ZWydPqIcHvlfwpd/Lyd0XSjXnjaz3P3vOQvR71cD/uXyBA0XPzmnTIMgEhuGJVFm8min0L/2qI7wg/Z7w1+4mOmi655JIXeCiG23ukDv6l9bZuqfGvWCa1KKXWDP31nLbp0ZN2obUs6jEAa1qVTaX6M4My+sks+0VvHATrAUuCrmMwVEivqIJ/nS6ymGVERN6Ohnzyr168knEBKOVj0FAOx3YLfppMM+XbOGHeqdKJRLpMvqFXDMGQInT3w=="
import Crypto.Util.number
c1=Crypto.Util.number.bytes_to_long(base64.b64decode(f1))
c2=Crypto.Util.number.bytes_to_long(base64.b64decode(f2))
n=14853081277902411240991719582265437298941606850989432655928075747449227799832389574251190347654658701773951599098366248661597113015221566041305501996451638624389417055956926238595947885740084994809382932733556986107653499144588614105694518150594105711438983069306254763078820574239989253573144558449346681620784979079971559976102366527270867527423001083169127402157598183442923364480383742653117285643026319914244072975557200353546060352744263637867557162046429886176035616570590229646013789737629785488326501654202429466891022723268768841320111152381619260637023031430545168618446134188815113100443559425057634959299
e1=2333
e2=23333
import gmpy2
import binascii
def exgcd(m, n, x, y):
if n == 0:
x = 1
y = 0
return (m, x, y)
a1 = b = 1
a = b1 = 0
c = m
d = n
q = int(c / d)
r = c % d
while r:
c = d
d = r
t = a1
a1 = a
a = t - q * a
t = b1
b1 = b
b = t - q * b
q = int(c / d)
r = c % d
x = a
y = b
return (d, x, y)
ans=exgcd(e1,e2,0,0)
s1=ans[1]
s2=ans[2]
m=(gmpy2.powmod(c1,s1,n)*gmpy2.powmod(c2,s2,n))%n
print(binascii.unhexl