2016 Boston Key Party CTF bobs-hat RSA-attack

最新推荐文章于 2019-04-19 00:06:59 发布

Flying_Fatty

最新推荐文章于 2019-04-19 00:06:59 发布

阅读量345

点赞数

分类专栏： Crypto CTF之旅

本文链接：https://blog.csdn.net/kevin66654/article/details/80373407

版权

CTF之旅同时被 2 个专栏收录

84 篇文章 3 订阅

订阅专栏

Crypto

28 篇文章 1 订阅

订阅专栏

知识点：Fermat分解

首先使用openssl：

openssl rsa -text -modulus -pubin < almost_almost_almost_almost_there.pub

得到第一关的n和e（这里也可以yafu.exe）

然后使用Fermat分解，得到p和q，求得明文（即压缩包的密码）

def isqrt(n):
  x = n
  y = (x + n // x) // 2
  while y < x:
    x = y
    y = (x + n // x) // 2
  return x

def fermat(n):
	x = isqrt(n) + 1
	y = isqrt(x * x - n)

	while True:
		w = x * x - n - y * y
		if w == 0:
			break
		elif w > 0:
			y += 1
		else:
			x += 1
	return x+y, x-y

XtCgoEKksjKFWlqOSxqsEhK/+tsr1k5c

第二关：

上factordb.com得到：

rlSpJ6HbP+cZXaOuSPOe4pgfevGnXtLt

（其实题目作者的意思可能是：求第一个n和第二个n的gcd……）

第三关：

小素数暴力打表分解n

#!/usr/bin/env python
# coding=utf-8

prime = [0 for x in range(1000000)]
tot = 0
maxint = 1000000

i = 2
while i * i <= maxint:
    if prime[i] == 0:
        j = i * i
        while j < maxint:
            prime[j] = 1
            j += i
    i += 1

i = 2
while i < maxint:
    if prime[i] == 0:
        tot += 1
        prime[tot] = i
    i += 1

#print prime[1],prime[2]
#print tot

n3 = 0xBAD20CF97ED5042DF696CE4DF3E5A678CF4FB3693D3DF12DFE9FD3FD8CC8AAB8B95533E414E3FC0C377F4EE54827118B1D30561A3C741BEA7C76899789B51743E076092DF9EB05DC97EB1505CE9EB12B5AB9E10ABF56F920A58E7E00ECF05977E872834DD8584CF4AC87CB7DC50159BD962C75CBEFB6C6AC3A31A74E7D8F1E4C10D5

p = 0
q = 0
for i in xrange(1,tot+1):
    if n3 % prime[i] == 0:
        p = prime[i]
        q = n3 / prime[i]
        break
print "[+]p:",p
print "[+]q:",q


#!/usr/bin/env python
# coding=utf-8

maxint = 1000000
vis = [0 for x in range(maxint)]
prime = [0 for x in range(maxint)]
tot = 0

i = 2
while i < maxint:
    if vis[i] == 0:
        tot += 1
        prime[tot] = i
    j = 1
    while ((j <= tot) + (i * prime[j] < maxint) == 2):
        vis[i * prime[j]] = 1
        if (i % prime[j] == 0):
            break
        j += 1
    i += 1

i = 2
while i < maxint:
    if prime[i] == 0:
        tot += 1
        prime[tot] = i
    i += 1

#print prime[1],prime[2]
#print tot

n3 = 0xBAD20CF97ED5042DF696CE4DF3E5A678CF4FB3693D3DF12DFE9FD3FD8CC8AAB8B95533E414E3FC0C377F4EE54827118B1D30561A3C741BEA7C76899789B51743E076092DF9EB05DC97EB1505CE9EB12B5AB9E10ABF56F920A58E7E00ECF05977E872834DD8584CF4AC87CB7DC50159BD962C75CBEFB6C6AC3A31A74E7D8F1E4C10D5

p = 0
q = 0
for i in xrange(1,tot+1):
    if n3 % prime[i] == 0:
        p = prime[i]
        q = n3 / prime[i]
        break
print "[+]p:",p
print "[+]q:",q

然后得到明文

hQdK+dKleMJqth/dofWyFaiWp3PW7jil

第四关：

wiener-attack，直接上github搜工具就好

/3aAP5dF2zmrPh9K6A4AqMLsIiYDk2C2

就得到了flag：BKPCTF{Its_not_you,_its_rsa_(that_is_broken)}

这个题降低了很多难度，因为题目有提示：

> Alice and Bob are close together, likely because they have a lot of things in common. This is why Alice asked him a small \*q\*uestion, about something cooler than a wiener

close together：yafu.exe或者Fermat

in common：考虑gcd

small question：小素数暴力

wiener：工具

Flying_Fatty

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
2016 Boston Key Party CTF bobs-hat RSA-attack

知识点：Fermat分解首先使用openssl：openssl rsa -text -modulus -pubin &lt; almost_almost_almost_almost_there.pub得到第一关的n和e（这里也可以yafu.exe）然后使用Fermat分解，得到p和q，求得明文（即压缩包的密码）def isqrt(n): x = n y = (x + n // x) // ...
复制链接

扫一扫