文章目录
题目26 [AFCTF2018]Morse
题目
得到的 flag 请包上 flag{} 提交。
-..../.----/-..../-..../-..../...--/--.../....-/-..../-..../--.../-.../...--/.----/--.../...--/..---/--.../--.../....-/...../..-./--.../...--/...--/-----/...../..-./...--/...--/...--/....-/...--/...../--.../----./--.../-..
解题思路
根据提示,Morse
摩斯解码得到61666374667B317327745F73305F333435797D
厂商提交,显示不对,继续解码
使用[随波逐流]CTF编码工具一键解码
base16解码: ★ afctf{1s’t_s0_345y}
Base16-32-64-91混合多重解码:
★ 1 isBase16 True 61666374667B317327745F73305F333435797D
2 解码结果: afctf{1s’t_s0_345y}
如果最后一个的[解码结果]是乱码,倒数第二个就是正确是正确答案。
Cisco Type7解码: ★ fctf{1s’t_s0_345y}
鸭语Nak解码: ★ afctf{1s’t_s0_345y}
猜测flag为
flag{1s't_s0_345y}
flag
flag{1s't_s0_345y}
题目27 RSA3
题目
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291
注意:得到的 flag 请包上 flag{} 提交
解题思路1
# -*- coding:utf-8 -*-
from gmpy2 import invert
# 欧几里得算法
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def main():
n = 22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
c1 = 22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
c2 = 18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e1 = 11187289
e2 = 9647291
s = egcd(e1, e2)
s1 = s[1]
s2 = s[2]
# 求模反元素
if s1<0:
s1 = - s1
c1 = invert(c1, n)
elif s2<0:
s2 = - s2
c2 = invert(c2, n)
m = pow(c1,s1,n)*pow(c2,s2,n) % n
print(m)
import codecs
hex_str=hex(m)
print(hex_str)
str_rst=codecs.decode(hex_str[2:],'hex').decode("UTF-8")
print(str_rst)
if __name__ == '__main__':
main()
运行结果
13040004482819947212936436796507286940525898188874967465457845309271472287032383337801279101
0x666c61677b34396439313037376131616263623134663161396435343663383062653965667d
flag{49d91077a1abcb14f1a9d546c80be9ef}
解题思路2:
from Crypto.Util.number import long_to_bytes
from gmpy2 import gcdext
def rsa(c1,c2,e1,e2,n):
g,s1,s2 = gcdext(e1,e2)
m = (pow(c1,s1,n)*pow(c2,s2,n))%n
print(long_to_bytes(m)) # 正整数转化为byte类型字符串
if '__name__'=='__name__':
c1 = 22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n = 22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1 = 11187289
c2 = 18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2 = 9647291
rsa(c1,c2,e1,e2,n)
知识拓展-共摸n攻击
https://blog.csdn.net/m0_51507437/article/details/122978218
攻击条件:c1,e1,c2,e2,n => m
已知n,同一份密文m用e1和e2两个公钥分别加密得到c1和c2两份密文
脚本:
from gmpy2 import *
from Crypto.Util.number import *
# c1,e1,c2,e2,n => m
def rsa(c1,c2,e1,e2,n):
#扩展欧几里得算法,第一个返回结果是最大公因数,后面两个分别对应e1,e2的系数
g,s1,s2=gcdext(e1,e2)
m=(pow(c1,s1,n)*pow(c2,s2,n))%n
print(long_to_bytes(m))
if __name__ == "__main__":
rsa(c1,c2,e1,e2,n)
变式:若e1、e2不互素呢?
from gmpy2 import *
from Crypto.Util.number import *
e1 =
e2 =
n =
c1 =
c2 =
a, s1, s2 = gcdext(e1, e2)
m = (pow(c1, s1, n)*pow(c2, s2, n)) % n
while True:
if iroot(m, a)[1]:
m = iroot(m, a)[0]
print(long_to_bytes(m))
break
m += n
题目28 RSA2
题目
e = 65537
n = 248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113
dp = 905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657
c = 140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751
注意:得到的 flag 请包上 flag{} 提交
解题思路
# -*- coding:utf-8 -*-
import gmpy2 as gp
e = 65537
n = gp.mpz(248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113)
dp = gp.mpz(905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657)
c = gp.mpz(140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751)
for x in range(1, e):
if(e*dp%x==1):
p=(e*dp-1)//x+1
if(n%p!=0):
continue
q=n//p
phin=(p-1)*(q-1)
d=gp.invert(e, phin)
m=gp.powmod(c, d, n)
if(len(hex(m)[2:])%2==1):
continue
print('--------------')
print(m)
print(hex(m)[2:])
print(bytes.fromhex(hex(m)[2:]))
执行结果
3670434958110785066911905751469631231338751225710158680692616521935747246580688484040488309932916523151997
666c61677b776f775f6c65616b696e675f64705f627265616b735f7273613f5f39383932343734333530327d
b'flag{wow_leaking_dp_breaks_rsa?_98924743502}'
flag
b’flag{wow_leaking_dp_breaks_rsa?_98924743502}’
题目29 还原大师
题目
还原大师
我们得到了一串神秘字符串:TASC?O3RJMV?WDJKX?ZM,问号部分是未知大写字母,为了确定这个神秘字符串,我们通过了其他途径获得了这个字串的32位MD5码。但是我们获得它的32位MD5码也是残缺不全,E903???4DAB????08?????51?80??8A?,请猜出神秘字符串的原本模样,并且提交这个字串的32位MD5码作为答案。 注意:得到的 flag 请包上 flag{} 提交
解题思路
MD5爆破,直接用大佬脚本
# -*- coding: utf-8 -*-
#!/usr/bin/env python
import hashlib
#print hashlib.md5(s).hexdigest().upper()
k = 'TASC?O3RJMV?WDJKX?ZM' #要还原的明文
for i in range(26):
temp1 = k.replace('?',str(chr(65+i)),1) # 替换不超过1次
for j in range(26):
temp2 = temp1.replace('?',chr(65+j),1)
for n in range(26):
temp3 = temp2.replace('?',chr(65+n),1)
s = hashlib.md5(temp3.encode('utf8')).hexdigest().upper()
# md5.hexdigest:返回摘要,作为十六进制数据字符串值
# upper:转成大写字母
if s[:4] == 'E903': #检查元素
print (s) #输出密文
题目30 异性相吸
题目
最近出现了一个奇葩观点,说性别都不一样,怎么能谈恋爱?为了证明这个观点错误,请大家证明异性是相吸的。 注意:得到的 flag 请包上 flag{} 提交
key:
asadsasdasdasdasdasdasdasdasdasdqwesqf
密文
ἇ̀Ј唒ဃ塔屋䩘卖剄䐃堂ن䝔嘅均ቄ䩝ᬔ
解题思路1
这里密文是乱码,我们转换成二进制查看
key:
01100001 01110011 01100001 01100100 01110011 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01110001 01110111 01100101 01110011 01110001 01100110
密文:
00000111 00011111 00000000 00000011 00001000 00000100 00010010 01010101 00000011 00010000 01010100 01011000 01001011 01011100 01011000 01001010 01010110 01010011 01000100 01010010 00000011 01000100 00000010 01011000 01000110 00000110 01010100 01000111 00000101 01010110 01000111 01010111 01000100 00010010 01011101 01001010 00010100 00011011
下一步暂时不知道如何做,但是根据标题想到将二者异或
附上代码:
key = '01100001 01110011 01100001 01100100 01110011 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01100001 01110011 01100100 01110001 01110111 01100101 01110011 01110001 01100110'
msg = '00000111 00011111 00000000 00000011 00001000 00000100 00010010 01010101 00000011 00010000 01010100 01011000 01001011 01011100 01011000 01001010 01010110 01010011 01000100 01010010 00000011 01000100 00000010 01011000 01000110 00000110 01010100 01000111 00000101 01010110 01000111 01010111 01000100 00010010 01011101 01001010 00010100 00011011'
s = ''
key = key.replace(" ", '')
msg = msg.replace(" ", '')
for i in range(len(key)):
if key[i] == msg[i]:
s += '0'
else:
s += '1'
L = s.split(' ')#分离每一个字节
flag = ''
for i in L:
flag += chr(int(i, 2))#转化为Ascll字符
print(flag)
异或得到
01100110 01101100 01100001 01100111 01111011 01100101 01100001 00110001 01100010 01100011 00110000 00111001 00111000 00111000 00111001 00111001 00110010 00110010 00110111 00110110 01100010 00110111 01100110 00111001 00110101 01100010 00110101 00110100 01100001 00110111 00110100 00110011 00110101 01100101 00111000 00111001 01100101 01111101
再将其转化为ascll文本即可
flag
flag{ea1bc0988992276b7f95b54a7435e89e}
解题思路2
转成16进制、8进制、2进制,观察特点
16进制
07 1f 20 03 08 04 12 55 03 10 54 58 4b 5c 58 4a 56 53 44 52 03 44 02 58 46 06 54 47 05 56 47 57 44 12 5d 4a 14 1b
二进制
0000011100011111000000000000001100001000000001000001001001010101000000110001000001010100010110000100101101011100010110000100101001010110010100110100010001010010000000110100010000000010010110000100011000000110010101000100011100000101010101100100011101010111010001000001001001011101010010100001010000011011
key: 以二进制打开
0110000101110011011000010110010001110011011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011100010111011101100101011100110111000101100110
key和密文进行异或运算
import binascii
a = '0110000101110011011000010110010001110011011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011100010111011101100101011100110111000101100110'
b = '0000011100011111000000000000001100001000000001000001001001010101000000110001000001010100010110000100101101011100010110000100101001010110010100110100010001010010000000110100010000000010010110000100011000000110010101000100011100000101010101100100011101010111010001000001001001011101010010100001010000011011'
c = ''
def hexStr_to_str(hex_str):
hex = hex_str.encode('utf-8')
str_bin = binascii.unhexlify(hex)
return str_bin.decode('utf-8')
if __name__ == "__main__":
for i in range(len(a)):
if a[i] == b[i]:
c += '0'
else:
c += '1'
s = hex(int(c, 2))[2:]
print(hexStr_to_str(s))
# print(bytes.fromhex(s)) 直接十六进制转字符串
#flag{ea1bc0988992276b7f95b54a7435e89e}
flag
flag{ea1bc0988992276b7f95b54a7435e89e}
题目31 RSA
题目
RSA 注意:得到的 flag 请包上 flag{} 提交
解题思路
题目给出了公钥和密文,那先从公钥文件中提取出n、e、p、q
公钥解析
http://www.hiencode.com/pub_asys.html
-----BEGIN PUBLIC KEY-----
MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMAzLFxkrkcYL2wch21CM2kQVFpY9+7+
/AvKr1rzQczdAgMBAAE=
-----END PUBLIC KEY-----
详细信息
密钥类型
RSA
密钥强度
256
PN(e)
65537
PN(n)
8693448229604811919066606200349480058890565601720302561721665405
8378322103517
DER格式
303c300d06092a864886f70d0101010500032b003028022100c0332c5c64ae47182f6c1c876d42336910545a58f7eefefc0bcaaf5af341ccdd0203010001
再分解得到的n:
http://www.factordb.com/
| Result: | ||
|---|---|---|
| status (?) | digits | number |
| FF | 77 (show) | 8693448229…17<77> = 285960468890451637935629440372639283459<39> · 304008741604601924494328155975272418463<39> |
用得到的p、q解出逆元d
import rsa
e = 65537
n = 86934482296048119190666062003494800588905656017203025617216654058378322103517
p = 285960468890451637935629440372639283459
q = 304008741604601924494328155975272418463
d = 81176168860169991027846870170527607562179635470395365333547868786951080991441
key = rsa.PrivateKey(n, e, d, q, p) # 在pkcs标准中,pkcs#1规定,私钥包含(n,e,d,p,q)
with open("flag.txt", "rb") as f: # 以二进制读模式,读取密文
f = f.read()
print(rsa.decrypt(f, key)) # f:公钥加密结果 key:私钥
# flag{decrypt_256}
再写脚本解密即可:(将flag.enc改为flag.txt)
flag
flag{decrypt_256}
题目32 RSAROLL
题目
RSA roll!roll!roll!
Only number and a-z
(don't use editor
which MS provide)
data
{920139713,19}
704796792
752211152
274704164
18414022
368270835
483295235
263072905
459788476
483295235
459788476
663551792
475206804
459788476
428313374
475206804
459788476
425392137
704796792
458265677
341524652
483295235
534149509
425392137
428313374
425392137
341524652
458265677
263072905
483295235
828509797
341524652
425392137
475206804
428313374
483295235
475206804
459788476
306220148
注意:得到的 flag 请包上 flag{} 提交
解题思路
在线分解质因数分解920139713
http://www.jsons.cn/quality/
分解质因数结果为:18443*49891
import gmpy2
N,p,q,e=920139713,18443,49891,19
d=gmpy2.invert(e,(p-1)*(q-1))
result=[]
with open("E:\\1.txt","r") as f:
for line in f.readlines():
line=line.strip('\n')#去掉列表中每一个元素的换行符
result.append(chr(pow(int(line),d,N)))
for i in result:
print(i,end='')
flag
flag{13212je2ue28fy71w8u87y31r78eu1e2}
传感器(曼彻斯特编码)
题目
5555555595555A65556AA696AA6666666955
这是某压力传感器无线数据包解调后但未解码的报文(hex)
已知其ID为0xFED31F,请继续将报文完整解码,提交hex。
提示1:曼联
解题思路1
根据提示,曼城(Manchester)
上网学习一波,又是一种没有见过的编码,叫Manchester编码
该编码的特点是只含:5,6,9,A
根据编码的原理,写出解码的代码:
def GE(s):
#GE标准
c2bin = {'5':'00', '9':'10', '6':'01', 'A':'11', 'a':'11'}
s_bin = ''
for i in s:
s_bin += c2bin[i]
#print(s_bin)
s_bin_re = ''
#下面是做了数据报文大小端处理,即每个字节内部倒序
for i in range((len(s_bin)+7)//8):
s_bin_re += s_bin[i*8:(i+1)*8][::-1]
return hex(int(s_bin_re, 2)).upper()
def IEE(s):
#IEE标准
c2bin = {'5':'11', '9':'01', '6':'10', 'A':'00', 'a':'00'}
s_bin = ''
for i in s:
s_bin += c2bin[i]
#print(s_bin)
s_bin_re = ''
#下面是做了数据报文大小端处理,即每个字节内部倒序
for i in range((len(s_bin)+7)//8):
s_bin_re += s_bin[i*8:(i+1)*8][::-1]
return hex(int(s_bin_re, 2)).upper()
c = "5555555595555A65556AA696AA6666666955"
print(GE(c))
print(IEE(c))
值得注意的是,Manchester编码有两种截然相反的标准,GE和IEE,这里都给出了代码实现,其解码结果分别为:
0X12CE09BAFAA06
0XFFFFFED31F645055F9
IEE的解码结果对应上了题目提示的ID,为正确答案
解题思路2:
https://www.cnblogs.com/darkcyan/p/15686724.html
https://blog.csdn.net/qq_52193383/article/details/119984884
https://blog.csdn.net/weixin_45897326/article/details/104069305
提示曼联猜测曼彻斯特编码,每位16进制数转成四位二进制数(位数不够高位补零),再进行转换。
本次采用第二种编码即:
0x5=0101 编码为11
0x6=0110 编码为10
0x9=1001 编码为01
0xA=1010 编码为00
把5555555595555A65556AA696AA6666666955转为二进制再编码后得到
11111111 11111111 01111111 11001011 11111000 00100110 00001010 10101010 10011111
转为十六进制0xffff7fcbf8260aaa9f
但是不包括题目0xFED31F ,于是需要根据八位倒序传输协议将二进制每八位reverse
(8位翻转:镜像翻转 比如01010101反转后10101010),
翻转后得到11111111 11111111 11111110 11010011 00011111 01100100 01010000 01010101 11111001
转为十六进制0xfffffed31f645055f9包含0xFED31F
康康大佬脚本:
cipher='5555555595555A65556AA696AA6666666955'
def iee(cipher):
tmp=''
for i in range(len(cipher)):
a=bin(eval('0x'+cipher[i]))[2:].zfill(4)
tmp=tmp+a[1]+a[3]
print(tmp)
plain=[hex(int(tmp[i:i+8][::-1],2))[2:] for i in range(0,len(tmp),8)]
print(''.join(plain).upper())
iee(cipher)
flag
flag{FFFFFED31F645055F9}
知识点-曼彻斯特编码
曼彻斯特编码
曼彻斯特编码也叫做相位编码,是一个同步时钟编码技术,被物理层使用来编码一个同步位流的时钟和数据。它在以太网媒介系统中的应用属于数据通信中的两种位同步方法里的自同步法(另一种是外同步法),即接收方利用包含有同步信号的特殊编码从信号自身提取同步信号来锁定自己的时钟脉冲频率,达到同步目的。用电平跳变来表示1或0的编码方法,其变化规则很简单,即每个码元均用两个不同相位的电平信号表示,也就是一个周期的方波,但0码和1码的相位正好相反。
解密:
第一种指定对于0位,信号电平将为低高电平(假设对数据进行幅度物理编码)-在位周期的前半段为低电平,在后半段为高电平。对于1位,信号电平将为高-低。即01 => 0 , 10 => 1。
第二种指出逻辑0由高-低信号序列表示,逻辑1由低-高信号序列表示。也就是说10代表0,01代表1,这正好也反映了每个码元均用两个不同相位的电平信号表示。
每一位的中间有一跳变,位中间的跳变既作时钟信号,又作数据信号;从高到低跳变表示"1",从低到高跳变表示"0"(这里是GE标准,IEE标准恰好相反)。
GE标准
编码0101(即0x5),表示原数据为00;
编码1001(0x9)表示10;
编码0110(0x6)表示01;
编码1010(0xA)表示11。
IEE标准
编码0101(0x5)表示11;
编码1001(0x9)表示01;
编码0110(0x6)表示10;
编码1010(0xA)表示00;
差分曼彻斯特编码
每位中间的跳变仅提供时钟定时,而用每位开始时有无跳变表示"0"或"1",有跳变为"0",无跳变为"1"。
题目33 Dangerous RSA
题目
littlE littlE RSA Big Big Dangerous 注意:得到的 flag 请包上 flag{} 提交
解题思路-低指数加密攻击
类型:n非常大,e一般很小
'''
当M^e < n 时,
C = M^e ,所以对C开方就能得到M
'''
from gmpy2 import iroot
import libnum
n = 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793
c = 0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
k = 0
while 1:
res=iroot(c+k*n,3)
if(res[1]==True):
print(libnum.n2s(int(res[0])))
break
k=k+1
'''
第二种写法
当M^e > n 时,此时用爆破的方法
假设我们 M^e / n 商 k 余数为c,
所以M^e = k*n + C,对K进行爆破,只要k满足 k*n + C能够开方就可以
'''
'''
import gmpy2
from libnum import*
n = 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793
c = 0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
i = 0
while 1:
if(gmpy2.iroot(c+i*n,3)[1]==1): #开根号
print(gmpy2.iroot(c+i*n,3))
break
i=i+1
'''
#b'flag{25df8caf006ee5db94d48144c33b2c3b}'
flag
flag{25df8caf006ee5db94d48144c33b2c3b}
题目34[HDCTF2019]basic rsa
题目
import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
flag = "*****************"
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p*q
c = pow(int(b2a_hex(flag),16),e,n)
print c
# 27565231154623519221597938803435789010285480123476977081867877272451638645710
得到的 flag 请包上 flag{} 提交。
解题思路-脚本1
from Crypto.Util.number import *
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p * q
g = (p - 1) * (q - 1) # 欧拉定理
c = 27565231154623519221597938803435789010285480123476977081867877272451638645710 # 密文
d = inverse(e, g) # 逆元d
m = hex(pow(c, d, n))[2:] # 明文
print(bytes.fromhex(m))
#from Crypto.Util.number import *
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p * q
g = (p - 1) * (q - 1) # 欧拉定理
c = 27565231154623519221597938803435789010285480123476977081867877272451638645710 # 密文
d = inverse(e, g) # 逆元d
m = hex(pow(c, d, n))[2:] # 明文
print(bytes.fromhex(m))
#flag{B4by_Rs4}
解题思路-脚本2
import random
from binascii import a2b_hex,b2a_hex
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
n = p * q
def multiplicative_inversr(a,b):
x = 0
y = 1
lx = 1
ly = 0
oa = a
ob = b
while b != 0:
q = a // b
(a, b) = (b, a % b)
(x, lx) = ((lx - (q * x)), x)
(y, ly) = ((ly - (q * y)), y)
if lx < 0:
lx += ob
if ly < 0:
ly += oa
return lx
def gcd(a,b):
while b != 0:
a, b = b, a % b
return a
def generate_keypair(p,q):
n = p * q
phi = (p - 1) * (q -1)
e = 65533
g = gcd(e, phi)
while g != 1:
e = random.randrange(1, phi)
g = gcd(e, phi)
d = multiplicative_inversr(e, phi)
return ((e,n),(d,n))
def encrypt(pk, plaintext):
key, n = pk[0]
print(b2a_hex(plaintext.encode()))
cipher = pow(int(b2a_hex(plaintext.encode()),16), key , n)
return cipher
def decrypt(pk, cipher):
key, n = pk[1]
cipher = pow(cipher, key ,n)
cipher = a2b_hex(hex(cipher).split('0x')[1])
return cipher
pk = generate_keypair(p,q)
cipher = 27565231154623519221597938803435789010285480123476977081867877272451638645710
plaintext = decrypt(pk, cipher)
print(plaintext)
flag
flag{B4by_Rs4}
题目35[GXYCTF2019]Checkln
题目
dikqTCpfRjA8fUBIMD5GNDkwMjNARkUwI0BFTg==
得到的 flag 请包上 flag{} 提交。
解题思路
用base64解码得到v)*L*_F0<}@H0>F49023@FE0#@EN
再用rot-47加密:GXY{Y0u_kNow_much_about_Rot}
flag{Y0u_kNow_much_about_Rot}
flag
flag{Y0u_kNow_much_about_Rot}
知识补充:
rot5/13/18/47详解
ROT5、ROT13、ROT18、ROT47 编码是一种简单的码元位置顺序替换暗码。此类编码具有可逆性,可以自我解密,主要用于应对快速浏览,或者是机器的读取,而不让其理解其意。
rot5
作为一种简单的替换密码,rot5只能用于数字的替换,作用是将当前的这位数字往后移动5位,范围是0~9
比如:
明文:123456
密文:678901
rot13
作为我们最为熟悉的rot编码,rot13使用的次数很多,但是rot13也只能用用于字母的替换,作用是将当前的字母往后移动13个位置(其中不改变字母的大小写),范围为a-z或者A-Z
比如:
明文:abcdefghijklmnopqrstuvwxyz
密文:nopqrstuvwxyzabcdefghijklm
明文:ABCDEFGHIJKLMNOPQRSTUVWXYZ
密文:NOPQRSTUVWXYZABCDEFGHIJKLM
其中a是第1位,则经过加密后是第14位的n
rot18
18就是13+5的合成,所以rot13的加密方法就是rot5+rot13,对数字进行rot5加密,对字母进行rot13加密
比如:
明文:123456abcdefgHIJKLMN
密文:678901nopqrstUVWXYZA
rot47
rot47综合了rot5和rot13的使用范围,对字母和数字同时进行同一种加密方式,那就是将每位数字或者字母的ASCII值往前移动47位,替换成新的ASCII值,比如Z对应的ASCII值是90,则90-47=43,对应的就是+号
明文:ilo1ey0u
密文::=@`6J_F
其中范围也只能是可打印的字符,也就是ASCII值为32-126
题目36 Cipher
题目
还能提示什么呢?公平的玩吧(密钥自己找) Dncnoqqfliqrpgeklwmppu 注意:得到的 flag 请包上 flag{} 提交, flag{小写字母}
解题思路
题目的突破口“公平的玩吧”,公平-“fair”,这里涉及到一种加密方式名为“普莱费尔密码”(playfair)
在线解密网站 http://rumkin.com/tools/cipher/playfair.php
注意网站这里的解密和加密的切换
题目重点就是公平的玩,即告诉我们什么密码和密钥
密钥是:“公平的玩” playfair
输进去得到答案
答案:flag{itisnotaproblemhavefun}
flag
flag{itisnotaproblemhavefun}
题目37 密码学的心声
题目
二战时期,某国军官与一个音乐家情妇相好,然而自从那时起,他屡战屡败,敌人似乎料事如神。他也有怀疑过他的情妇,但是他经过24小时观察他的情妇,发现她每天都只是作曲,然后弹奏给战地电台,为士兵们鼓气,并未有任何逾越。那么,间谍到底是谁?这张曲谱是否有猫腻? (答案为一个明文字符串,提交获得的有意义语句通顺字符串即可) 注意:得到的 flag 请包上 flag{} 提交
解题思路
图片中的线索很明显ASCLL码 八进制
数字三个一组,转换就行了
111 114 157 166 145 123 145 143 165 162 151 164 171 126 145 162 171 115 165 143 150
s = '111 114 157 166 145 123 145 143 165 162 151 164 171 126 145 162 171 115 165 143 150'
tmp = [s.split(' ')[i] for i in range(len(s.split(' ')))]
cipher = ''
for i in tmp:
cipher += chr(int(i,8))
flag = "flag{"+cipher+"}"
print(flag)
# flag{ILoveSecurityVeryMuch}
flag
flag{ILoveSecurityVeryMuch}
题目38 [GUET-CTF2019]BabyRSA
题目
p+q : 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
(p+1)(q+1) : 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
e : 0xe6b1bee47bd63f615c7d0a43c529d219
d : 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
enc_flag : 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
得到的 flag 请包上 flag{} 提交。
解题思路1
观察题目给的条件,给了p+q,(p+1)(q+1),e,d,以及密文C.
RSA的解密公式:M=C^d mod n
所以我们只要求出n即可。(n = pq)
n = (p+1)(q+1) - (p+q) - 1
求M的值,已知C,d,n后 用函数pow(),即可求出
import libnum
from Crypto.Util.number import long_to_bytes
x = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea + 1
y = 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
c = 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
e = 0xe6b1bee47bd63f615c7d0a43c529d219
n = y-x
phi = n-x+2
d = libnum.invmod(e,phi)
m = pow(c,d,n)
print long_to_bytes(m)
#flag{cc7490e-78ab-11e9-b422-8ba97e5da1fd}
解题思路2
打开题目给的文件,得到p+q、(p+1)*(q+1)、e、d、加密的flag
我们已经获得了d因此再获得n就可以得到私钥(d,n)进行解密
n = (p+1)*(q+1) - (p+q) - 1
import libnum
# p+q
a = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
# (p+1)(q+1)
b = 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
c = 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
n = b - a - 1
m = pow(c, d, n)
print(libnum.n2s(m)) # 数字转字符串
flag
flag{cc7490e-78ab-11e9-b422-8ba97e5da1fd}
题目39 robomunication
题目
题目只给了一个音频文件"robo.mp3"
注意:得到的 flag 请包上 flag{} 提交
解题思路
打开音频,发现可以正常播放
仔细听音频的内容,一开始以为是毫无意义的噪声,后来发现是有"bee"和"boo"两种声音组成,而且有一定的间隔节奏。那么可以联想到这是Morse编码。
用Audacity打开,将所听到的内容记录下来,”bee“记为’1’,"boo"记为’0’
[‘1111’, ‘1’, ‘1011’, ‘1011’, ‘000’, ‘100’, ‘1111’, ‘10’, ‘0’, ‘11’, ‘111’, ‘0’, ‘1111’, ‘1’, ‘010’, ‘1’, ‘0100’, ‘11’, ‘0’, ‘11’, ‘111’, ‘0111’, ‘000’, ‘000’, ‘1001’, ‘0111’, ‘1’, ‘1’, ‘1001’]
然后写代码进行解密:
MorseList = {
".-": "A", "-...": "B", "-.-.": "C", "-..": "D", ".": "E", "..-.": "F", "--.": "G",
"....": "H", "..": "I", ".---": "J", "-.-": "K", ".-..": "L", "--": "M", "-.": "N",
"---": "O", ".--.": "P", "--.-": "Q", ".-.": "R", "...": "S", "-": "T",
"..-": "U", "...-": "V", ".--": "W", "-..-": "X", "-.--": "Y", "--..": "Z",
"-----": "0", ".----": "1", "..---": "2", "...--": "3", "....-": "4",
".....": "5", "-....": "6", "--...": "7", "---..": "8", "----.": "9",
".-.-.-": ".", "---...": ":", "--..--": ",", "-.-.-.": ";", "..--..": "?",
"-...-": "=", ".----.": "'", "-..-.": "/", "-.-.--": "!", "-....-": "-",
"..--.-": "_", ".-..-.": '"', "-.--.": "(", "-.--.-": ")", "...-..-": "$",
".-...": "&", ".--.-.": "@", ".-.-.": "+", "": "",
}
L = ['1111', '1', '1011', '1011', '000', '100', '1111', '10', '0', '11', '111', '0', '1111', '1', '010', '1', '0100', '11', '0', '11', '111', '0111', '000', '000', '1001', '0111', '1', '1', '1001']
beep = '.'
boop = '-'
morse = ''
flag = ''
for i in L:
for j in range(len(i)):
if i[j] == '1':
morse += beep
elif i[j] == '0':
morse += boop
else:
continue
#print(i[j], "decode error")
morse += ' '
L = morse.split(' ')
for i in L:
flag += MorseList[i]
print("flag{" + flag + "}")
flag
flag{BOOPBEEP}
题目40 [BJDCTF2020]这是base??
题目
dict:{0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
chipertext:
FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw
得到的 flag 请包上 flag{} 提交。
来源:https://github.com/BjdsecCA/BJDCTF2020
解题思路
这应该是替换加密,那么直接脚本
import base64
dict={0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B',13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25:'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h',33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm',38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50:'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
base64_list = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P','Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f','g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p','q', 'r', 's', 't', 'u', 'v','w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/']
cipher='FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw'
res=''
for i in range(len(cipher)):
for j in range(64):
if(dict[j]==cipher[i]):
res+=base64_list[j]
print(res)
flag=base64.b64decode(res)
print(flag)
#QkpEe0QwX1kwdV9rTm9XX1RoMXNfYjRzZV9tYXB9
#b'BJD{D0_Y0u_kNoW_Th1s_b4se_map}'
flag
flag{D0_Y0u_kNoW_Th1s_b4se_map}
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
