【CTF WriteUp】2020中央企业”新基建“网络安全技术大赛初赛Crypto题解

Crypto

Crypto_ezCrypto

#!/usr/bin/env python
# coding:utf-8
s = "!=4IJkynJlTaX8g7KvlaK :mokzwof svh tc vqfo bo fsrbi ubwg fsjcz o rfosv T fsjwf ubwaawfp svh mp bkcr rbL .hosvk hgsjfov tc grzswt sfsk hbsasjod svh bcdi grkcfq svh ,hssfhD zchgwfM bkcr ubwyzoH .ubwbsjs sbc hic rsyzok T gL"
s = s[::-1]
# print s
def change(c, a, b):
dic1 = "abcdefghijklmnopqrstuvwxyz"
dic2 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
if c in dic1:
return dic1[(dic1.index(c) + a)%26]
elif c in dic2:
return dic2[(dic2.index(c) + b)%26]
else:
return c

for i in range(26):
for j in range(26):
m = ""
for k in s:
m += change(k, i, j)
if m.find("As I walked out one evening")>=0:
print i, j, m


ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz456789+/0123


def myb64decode(text):
dic = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz456789+/0123"
b = ""
for i in text:
if i == "=":
b += "000000"
else:
tmp = bin(dic.index(i))[2:]
tmp = '0'*(6-len(tmp))+tmp
b += tmp
return ''.join(chr(int(b[i:i+8], 2)) for i in range(0, len(b), 8))

print myb64decode("ZmxhZ7s8MmIxYzkwYX4=")


flag{82b1c90a}

Crypto_LD

（本题为202004数字中国创新大赛原题GM修改数据得到）

pow(q ** 2 * x, (p-1)/2, p) = p - 1
pow(p ** 2 * x, (q-1)/2, q) = q - 1


pow(q**2, (p-1)/2, p) * pow(x, (p-1)/2, p) = p-1
pow(q, p-1, p)* pow(x, (p-1)/2, p) = p-1


（不好意思之前这里写错了，更正）

N - phi + 1 = p + q
(N - phi + 1) ** 2 = (p + q) ** 2
= p ** 2 + 2 * p * q + q ** 2 = (p - q) ** 2 + 4 * N


(pow(x, 2r+s, n) * r ** 2) % n


(pow(x, 2r+s, n) * r ** 2) % n
= (pow(-1, 2r+s, n) * r ** 2) % n
= (pow(-1, s, n) * r ** 2) % n


#!/usr/bin/env python
# -*- coding: utf-8 -*-
import gmpy2
from libnum import n2s

phi = ...
n = ...
c = [...]

pandq = n - phi + 1
pminq = int(gmpy2.iroot(pandq ** 2 - 4 * n, 2)[0])
p = (pandq + pminq)/2
q = pandq - p

def egcd(a,b):
if b==0:
return 1,0
else:
x,y=egcd(b,a%b)
return y,x-a/b*y

m = ''
for tmpc in c:
# Rabin算法，首先计算mp和mq
mp = pow(tmpc,(p+1)/4,p)
mq = pow(tmpc,(q+1)/4,q)
# 然后找到yp和yq，使得 yp*p + yq*q = 1
yp, yq = egcd(p,q)
# 根据以下公式计算出四个解，看哪个是正确的（验一个就行，剩下三个用不着）
r0 = ( yp*p*mq + yq*q*mp ) % n
if ((r0**2) % n) - tmpc == 0:
m += '0'
else:
m += '1'

print n2s(int(m,2))


flag{W0w_GRe4t_J0b_oF_Y0U}

Crypto_x0RSA

# Step 1: get true c
rankey = strxor(strxor(c2[:6], "cipher"), "aurora")
c = int(strxor(strxor(c2, rankey), "aurora")[6:])


c = 1856697110992918824464298787454294159011106271511363128280860862584155594269029395131248226266611808200238931950746057431333545971341991313163605943208153559470152489577910087800309443262712360025994919201672332342449038271564251549891330221212904329083840565141139421297906553223593110128504079225225243524177374646829278673984110723769692714275725478941456406471017959413550921134661118105479199054108564555453328996331814213457868743195496340578924282780663064707938974495150564020521340356222508089180921289647010152389694500150509627382979696253027096903638933128803114000672648029082716956897545736938679433985


x = e*phi+2*d+2000


x = e*(p-1)*(q-1) + 2*d + 2000


x/n = e - e/p - e/q + e/n + 2*d/n + 2000/n


x-2000 = e*(p-1)*(q-1) + 2*d


e*(x-2000) = e*e*(p-1)*(q-1) + 2*e*d
e*(x-2000) = e*e*(p-1)*(q-1) + 2*(a*(p-1)*(q-1)+1)
e*(x-2000)-2 = (e*e+2*a)*(p-1)*(q-1)


pow(c, d, n) = pow(pow(m, e, n), d, n) = pow(m, ed, n) = m * pow(m, phi, n) ** a = m


pow(m, e*(x-2000)-2, n) = pow(m, phi, n) ** b = 1
pow(c, dd, n) = pow(pow(m, e, n), dd, n) = pow(m, e*dd, n) = m * pow(m, e*(x-2000)-2, n) ** a = m


#!/usr/bin/env python
# coding:utf-8
import gmpy2
from libnum import n2s

def strxor(a, b):
return "".join(chr(ord(a[i])^ord(b[i%len(b)])) for i in range(len(a)))

x = 1267982668072513231452891863043424295599834859100149573631132691595983329470423884239104289369242212251891490867692440047416100533141306836274387621030189535353453497214687975530093393776691837662099778202721802783459072343625657847902483364574074675844370114187041501516164524844560501180602491635032095054050468409668106317972933045713247586266030529732217997511486967953665597945551895583076407217918050242533151323363573068151249311147549761111688506751695988878207998582474739061539806489240491925479395640190191976972656159237635585081329365088001534308652965962150210160485125292710903028061655467118074792803701813091473848960821379158422678252985725282494730999219827545731624223169002
n = 12481674614855685953431310069139262770181111896679332858866368534047537666480569760106869666713999606187655666521091324286510186479595436084367101655509452542502349245680670188096288818989023660590513347753471182289817286176898990883927311061256037550588683828709224481144088322585331288408741487874543701938368655046545540421273512332162617552393131417390793555393898354606731643126500725127350104840163420140767953528301349877632196173183839299220917643489404456656955737164844088165024091907559909967664122295807264526567102312418385269875719242576503849975407146024422857786698109651727438983673071610691953929487

# Step 1: get true c
rankey = strxor(strxor(c2[:6], "cipher"), "aurora")
c = int(strxor(strxor(c2, rankey), "aurora")[6:])

# Step 2: decrypt
x -= 2000
e = x/n
new = e*x-2
dd = gmpy2.invert(e, new)
print n2s(pow(c, dd, n))


flag{s1mplE_x0r_uND_rs4}

• 1
点赞
• 8
收藏
觉得还不错? 一键收藏
• 11
评论
04-11 434
08-01 2609
12-24 1416
03-25 1万+
12-21
03-28 8190
06-30 3623
04-25 1311
12-04 1070

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。