记一道rsa题---第一届“长城杯”网络安全大赛

最新推荐文章于 2024-09-10 10:14:07 发布
最新推荐文章于 2024-09-10 10:14:07 发布
阅读量831 收藏
点赞数
分类专栏: 密码学 文章标签: python 开发语言 学习
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/luiino/article/details/127414494
版权
本文介绍了RSA加密算法的原理,包括如何通过素数生成密钥对,以及如何利用Python实现加密和解密过程。在部分1中,通过枚举方法找到了满足条件的p、q,解密了第一部分密文;在部分2中,通过分解大数x为四个因子,成功解密了第二部分密文。整个过程展示了RSA在实际问题中的应用。
摘要由CSDN通过智能技术生成

baby_rsa

题目:

#!/usr/bin/env python3

from Crypto.Util.number import *
from secret import flag, v1, v2, m1, m2


def enc_1(val):
    p, q = pow(v1, (m1+1))-pow((v1+1), m1), pow(v2, (m2+1))-pow((v2+1), m2)
    assert isPrime(p) and isPrime(q) and (p*q).bit_length() == 2048 and q < p < q << 3
    return pow(val, 0x10001, p*q)


def enc_2(val):
    assert val.bit_length() < 512
    while True:
        fac = [getPrime(512) for i in range(3)]
        if isPrime(((fac[0]+fac[1]+fac[2]) << 1) - 1):
            n = fac[0]*fac[1]*fac[2]*(((fac[0]+fac[1]+fac[2]) << 1) - 1)
            break
    c = pow(val, 0x10001, n)
    return (c, n, ((fac[0]+fac[1]+fac[2]) << 1) - 1)


if __name__ == "__main__":
    assert flag[:5] == b'flag{'
    plain1 = bytes_to_long(flag[:21])
    plain2 = bytes_to_long(flag[21:])
    print(enc_1(plain1))
    print(enc_2(plain2))

'''
15808773921165746378224649554032774095198531782455904169552223303513940968292896814159288417499220739875833754573943607047855256739976161598599903932981169979509871591999964856806929597805904134099901826858367778386342376768508031554802249075072366710038889306268806744179086648684738023073458982906066972340414398928411147970593935244077925448732772473619783079328351522269170879807064111318871074291073581343039389561175391039766936376267875184581643335916049461784753341115227515163545709454746272514827000601853735356551495685229995637483506735448900656885365353434308639412035003119516693303377081576975540948311
(40625981017250262945230548450738951725566520252163410124565622126754739693681271649127104109038164852787767296403697462475459670540845822150397639923013223102912674748402427501588018866490878394678482061561521253365550029075565507988232729032055298992792712574569704846075514624824654127691743944112075703814043622599530496100713378696761879982542679917631570451072107893348792817321652593471794974227183476732980623835483991067080345184978482191342430627490398516912714451984152960348899589532751919272583098764118161056078536781341750142553197082925070730178092561314400518151019955104989790911460357848366016263083, 43001726046955078981344016981790445980199072066019323382068244142888931539602812318023095256474939697257802646150348546779647545152288158607555239302887689137645748628421247685225463346118081238718049701320726295435376733215681415774255258419418661466010403928591242961434178730846537471236142683517399109466429776377360118355173431016107543977241358064093102741819626163467139833352454094472229349598479358367203452452606833796483111892076343745958394932132199442718048720633556310467019222434693785423996656306612262714609076119634814783438111843773649519101169326072793596027594057988365133037041133566146897868269, 39796272592331896400626784951713239526857273168732133046667572399622660330587881579319314094557011554851873068389016629085963086136116425352535902598378739)
'''

part1 

def enc_1(val):
    p, q = pow(v1, (m1+1))-pow((v1+1), m1), pow(v2, (m2+1))-pow((v2+1), m2)
    assert isPrime(p) and isPrime(q) and (p*q).bit_length() == 2048 and q < p < q << 3
    return pow(val, 0x10001, p*q)

由代码可以得到:

p=v1^{m1+1}-(v1+1)^{m1}

q = v2^{m2+1}-(v2+1)^{m2}

且对p、q有条件限制:

1、p、q均是素数

2、p*q的bit位等于2048

3、q < p < 8q

可以知道p、q的长度都是小于2048的,可以通过枚举v、m来得到范围内满足条件的所有p或q的值,放入一个集合内,再在这个集合内进行枚举出正确的p、q,代码如下:

#part1
c1 = 15808773921165746378224649554032774095198531782455904169552223303513940968292896814159288417499220739875833754573943607047855256739976161598599903932981169979509871591999964856806929597805904134099901826858367778386342376768508031554802249075072366710038889306268806744179086648684738023073458982906066972340414398928411147970593935244077925448732772473619783079328351522269170879807064111318871074291073581343039389561175391039766936376267875184581643335916049461784753341115227515163545709454746272514827000601853735356551495685229995637483506735448900656885365353434308639412035003119516693303377081576975540948311
e1 = 65537

pq = []
for v in range(400):
    for m in range(400):
        p = pow(v,(m+1))-pow((v+1),m)
        if len(bin(p)[2:]) < 2048 and isPrime(p):
            pq.append(p)
for p in pq:
    for q in pq:
        n1 = p*q
        if len(bin(n1)[2:]) == 2048:
            d1 = invert(e1,(p-1)*(q-1))
            m1 = pow(c1,d1,n1)
            flag = long_to_bytes(m1)
            if b'flag{' in flag:
                print(flag)

part2 

def enc_2(val):
    assert val.bit_length() < 512
    while True:
        fac = [getPrime(512) for i in range(3)]
        if isPrime(((fac[0]+fac[1]+fac[2]) << 1) - 1):
            n = fac[0]*fac[1]*fac[2]*(((fac[0]+fac[1]+fac[2]) << 1) - 1)
            break
    c = pow(val, 0x10001, n)
    return (c, n, ((fac[0]+fac[1]+fac[2]) << 1) - 1)

记 x = fac[0]*fac[1]*fac[2]

y = ((fac[0]+fac[1]+fac[2]) << 1) - 1

因为c =m^{e} modn,且n =fac[0]*fac[1]*fac[2]*(((fac[0]+fac[1]+fac[2]) << 1) - 1)= x*y, 故c =m^{e} modx*y,将其分开得到:

c =m^{e} modx和 c =m^{e} mody,利用c =m^{e} modx构造新的rsa解密,对x进行分解可以得到4个因子,之后便是基础的rsa解密,代码如下:

#part2
e2 = 65537
c2 = 40625981017250262945230548450738951725566520252163410124565622126754739693681271649127104109038164852787767296403697462475459670540845822150397639923013223102912674748402427501588018866490878394678482061561521253365550029075565507988232729032055298992792712574569704846075514624824654127691743944112075703814043622599530496100713378696761879982542679917631570451072107893348792817321652593471794974227183476732980623835483991067080345184978482191342430627490398516912714451984152960348899589532751919272583098764118161056078536781341750142553197082925070730178092561314400518151019955104989790911460357848366016263083
n2 = 43001726046955078981344016981790445980199072066019323382068244142888931539602812318023095256474939697257802646150348546779647545152288158607555239302887689137645748628421247685225463346118081238718049701320726295435376733215681415774255258419418661466010403928591242961434178730846537471236142683517399109466429776377360118355173431016107543977241358064093102741819626163467139833352454094472229349598479358367203452452606833796483111892076343745958394932132199442718048720633556310467019222434693785423996656306612262714609076119634814783438111843773649519101169326072793596027594057988365133037041133566146897868269
#n2 = 191*193*627383*1859355639056989338847729886215084320013550560439241610057371464443668166453664500865174247660203446208131621966684387189121472932263450155428982061395111044679950753816414282942636019897750209949937717881413823952091423640659878296010412658344713439244770180457400325541493186854703180053691731596197238201363111053528501245160357253774375411526857827842825019859291800622538200724857835739888753732012856112635184060331441747542167843105976327845423935402822864894596846745465781342565264427930954562609611327939077769568270876754335269640277726607195276868129620895284648898858733965899439317638568413061
x = 39796272592331896400626784951713239526857273168732133046667572399622660330587881579319314094557011554851873068389016629085963086136116425352535902598378739
#x = 191*193*627383*1720754738477317127758682285465031939891059835873975157555031327070111123628789833299433549669619325160679719355338187877758311485785197492710491
p2 = 191
q2 = 193
r = 627383
s = 1720754738477317127758682285465031939891059835873975157555031327070111123628789833299433549669619325160679719355338187877758311485785197492710491

d2 = invert(e2,(p2-1)*(q2-1)*(r-1)*(s-1))
m2 = pow(c2,d2,x)
print(long_to_bytes(m2))

 整体代码如下:

from gmpy2 import *
from Crypto.Util.number import *

#part1
c1 = 15808773921165746378224649554032774095198531782455904169552223303513940968292896814159288417499220739875833754573943607047855256739976161598599903932981169979509871591999964856806929597805904134099901826858367778386342376768508031554802249075072366710038889306268806744179086648684738023073458982906066972340414398928411147970593935244077925448732772473619783079328351522269170879807064111318871074291073581343039389561175391039766936376267875184581643335916049461784753341115227515163545709454746272514827000601853735356551495685229995637483506735448900656885365353434308639412035003119516693303377081576975540948311
e1 = 65537

pq = []
for v in range(400):
    for m in range(400):
        p = pow(v,(m+1))-pow((v+1),m)
        if len(bin(p)[2:]) < 2048 and isPrime(p):
            pq.append(p)
for p in pq:
    for q in pq:
        n1 = p*q
        if len(bin(n1)[2:]) == 2048:
            d1 = invert(e1,(p-1)*(q-1))
            m1 = pow(c1,d1,n1)
            flag = long_to_bytes(m1)
            if b'flag{' in flag:
                print(flag)

#part2
e2 = 65537
c2 = 40625981017250262945230548450738951725566520252163410124565622126754739693681271649127104109038164852787767296403697462475459670540845822150397639923013223102912674748402427501588018866490878394678482061561521253365550029075565507988232729032055298992792712574569704846075514624824654127691743944112075703814043622599530496100713378696761879982542679917631570451072107893348792817321652593471794974227183476732980623835483991067080345184978482191342430627490398516912714451984152960348899589532751919272583098764118161056078536781341750142553197082925070730178092561314400518151019955104989790911460357848366016263083
n2 = 43001726046955078981344016981790445980199072066019323382068244142888931539602812318023095256474939697257802646150348546779647545152288158607555239302887689137645748628421247685225463346118081238718049701320726295435376733215681415774255258419418661466010403928591242961434178730846537471236142683517399109466429776377360118355173431016107543977241358064093102741819626163467139833352454094472229349598479358367203452452606833796483111892076343745958394932132199442718048720633556310467019222434693785423996656306612262714609076119634814783438111843773649519101169326072793596027594057988365133037041133566146897868269
#n2 = 191*193*627383*1859355639056989338847729886215084320013550560439241610057371464443668166453664500865174247660203446208131621966684387189121472932263450155428982061395111044679950753816414282942636019897750209949937717881413823952091423640659878296010412658344713439244770180457400325541493186854703180053691731596197238201363111053528501245160357253774375411526857827842825019859291800622538200724857835739888753732012856112635184060331441747542167843105976327845423935402822864894596846745465781342565264427930954562609611327939077769568270876754335269640277726607195276868129620895284648898858733965899439317638568413061
x = 39796272592331896400626784951713239526857273168732133046667572399622660330587881579319314094557011554851873068389016629085963086136116425352535902598378739
#x = 191*193*627383*1720754738477317127758682285465031939891059835873975157555031327070111123628789833299433549669619325160679719355338187877758311485785197492710491
p2 = 191
q2 = 193
r = 627383
s = 1720754738477317127758682285465031939891059835873975157555031327070111123628789833299433549669619325160679719355338187877758311485785197492710491

d2 = invert(e2,(p2-1)*(q2-1)*(r-1)*(s-1))
m2 = pow(c2,d2,x)
print(long_to_bytes(m2))
Luino!
关注
专栏目录
windows使用ssh-copy-id命令的解决方案
weixin_43178406的博客
04-22 6万+
本文主要介绍了windows使用ssh-copy-id命令的解决方案,希望能对使用windows的同学们有所帮助。 文章目录 1. 问描述 2. 解决方案 2.1 方案一 2.2 方案二
CTF密码学--新手--Normal_RSA--解过程及总结
hippotomons的博客
10-21 8189
Normal_RSA 难度系数: ☆ 目来源: PCTF 目描述: 你和小鱼走啊走走啊走,走到下一个目一看你又一愣,怎么还是一个数学啊 小鱼又一笑,hhhh数学在密码学里面很重要的!现在知道吃亏了吧!你哼一声不服气,我知道数学 很重要了!但是工具也很重要的,你看我拿工具把他解出来!你打开电脑折腾了一会还真的把答案 做了出来,小鱼有些吃惊,向你投过来一个赞叹的目光 附件下载下来又是一阵懵逼...
长城杯2021 Crypto writeup
weixin_56678592的博客
10-02 625
长城杯2021 Crypto writeup #1 baby_rsa: 目: #!/usr/bin/env python3 from Crypto.Util.number import * from secret import flag, v1, v2, m1, m2 def enc_1(val): p, q = pow(v1, (m1+1))-pow((v1+1), m1), pow(v2, (m2+1))-pow((v2+1), m2) assert isPrime(p) and
第一届长城杯网络安全大赛 ez_python
weixin_43610673的博客
09-20 1669
利用LFI读文件 /?pic=/home/app/app.py import pickle import base64 from flask import Flask, request from flask import render_template,redirect,send_from_directory import os import requests import random from flask import send_file app = Flask(__name__) class .
2024i春秋第四届长城杯网络安全大赛暨京津冀网络安全技能竞赛初赛wp-flowershop+easyre
最新发布
书山有路勤为径,学海无涯苦作舟
09-10 487
如图所示,v8是钱的数量,strncpy从src复制三个字符给dest的数组里,最后一个元素是0,相当于字符串截断,strcmp是比较c和dest中的内容,如果相等就不会exit(0);此时末位有个read,很可能就是我们要溢出的漏洞,但是参数v4可控未知,所以往前可看check函数做了什么,显然通过分析这就是满足买了两件a商品和1件b商品的时候就可以给a2指针赋值为70,指向的就是v4,这样shop函数的buf只有10字节,但是read可以输入70字节,就达到了溢出攻击条件。
第四届“长城杯网络安全大赛 暨京津冀网络安全技能竞赛(初赛) 全方向 解WriteUp
Jay17的博客
09-09 2016
第四届“长城杯网络安全大赛 暨京津冀网络安全技能竞赛(初赛) 全方向 解WriteUp
[ CTF ]【天格】战队WriteUp-2022年第二届“长城杯网络安全大赛
ZXW_NUDT的博客
08-25 2399
2022年第二届“长城杯网络安全大赛
2024长城杯初赛部分解[crypto]
ljc13626678577的博客
04-01 1733
你真的了解RSA吗,Problem两wp
CTF-RSA-tool 安装全过程
xuhc25的博客
01-22 2513
前提: 安装的机子可以连接外网 机子安装了python2.7 机子安装了pip 1、安装引导 Description CTF-RSA-tool 是一款基于python以及sage的小工具,助不熟悉RSA的CTFer在CTF比赛中快速解决RSA相关的 基本型 。 Requirements requests gmpy2 pycrypto libnum sagemath(optional) Installation 安装libnum git clone https://github.com/hellman/li
Python 实现RSA SHA-1签名
王二的专栏
09-19 7294
今天对接业务接口,传递的参数需要用RSA签名,三方只给了java的RAS签名Demo;但后端采用python开发,因此需要用Python来实现RSA签名。
漏洞分析RSA Public-Key Encryption and Signature Lab(自用,录)
weixin_48392428的博客
07-18 6406
RSA Public-Key Encryption and Signature Lab1 Introduction1.1 Lab environment1.2 Acknowledgment2 Background2.1 BIGNUM APIs2.2 A Complete Example2.2.1 Compilation3 Lab Tasks3.1 Task 1: Deriving the Private Key3.2 Task 2: Encrypting a Message3.3 Task 3: Decry
RSA基础
Mark的博客
10-29 858
1、RSAROLL 目介绍: RSA roll!roll!roll! Only number and a-z (don’t use editor which MS provide) 然后是目: {920139713,19} 704796792 752211152 274704164 18414022 368270835 483295235 263072905 459788476 483295235 459788476 663551792 475206804 459788476 428313374 47
第四届“长城杯”信息安全铁人三项赛 Junk&&language
Todog的博客
03-24 993
xxx
[XNUCA2018]Warmup(考点:流量包文件提取,RSA共模攻击)
MikeCoke的博客
02-18 688
目: from Crypto.Util.number import bytes_to_long, getPrime from random import randint from gmpy2 import powmod import sys p = getPrime(1024) q = getPrime(1024) N = p*q Phi = (p-1)*(q-1) with open("flag", 'r') as fr: flag = bytes_to_long(fr.read().strip(
任务二:Crypto学习
weixin_44171487的博客
05-09 5158
任务二:Crypto学习 内容: ① 掌握RSA加解密原理以及算法实现,在理解原理的过程中可以结合PPT对数论部分的相关内容进行学习学习掌握AES加解密原理、代码实现。 ② 完成2020数字中国虎符网络安全赛比赛目的复现。 RSA 基本信息: ①RSA加密算法是一种非对称加密算法。在公开密钥加密和电子商业中被广泛使用,于1977年由在麻省理工学院工作的三人提出。 ②1973年,在英国政府通讯总...
第一届长城杯”信息安全铁人三项(四场)部分目wp
weixin_67961126的博客
04-02 1147
首先看到流量分析的目用wireshark,再导出http对象列表在zip对象中发现了files.zip。然后尝试暴力破解没有得到密码想着去分析一下文件用到的winhex。根据目描述的提示结合之前没用到的key,des解码得到flag。就想着是不是还有别的加密----就想到了去检查一下是不是伪加密。发现这么多==是base64隐写,跑脚本得到。得到了key的值是66666666。是伪加密,改09为00。
ctfshow 密码挑战(下)
m0_62506844的博客
06-21 1023
运用费马小定理因为2**_数有点大运算不出来,我们需要借助一些数学手段来化简一开始没往分解n那里想,好家伙这个n还是可以分解的,分解出来之后求出phi那么这个"2**_"就一定能分解成k*phi+t的形式 "_"这个字符不好看,我们换成e显然t=(2**e)%phi,2**t%n用快速幂就很好求了 rsa-rsa-rsa-rsa 加密代码很好看懂,重点是 d % (2**1050) 是给出了d的低1050位,看到取余就应该想到给出多少低位,看到取余就应该想到给出低位,看到取余就应该想到给出
2022-长城杯初赛Write up-by EchoSec安全团队
echosec的博客
08-29 2315
EchoSec安全团队参加的首场比赛,在各位师傅们的输出下,也拿到第8名的成绩,虽然不算特别好,也是EchoSec安全团队迈出的第一步。同时欢迎各位有兴趣的师傅加入我们,一起学习进步。可+v:He1l_T4lk。...
[羊城杯 2021]Bigrsa
weixin_45963786的博客
02-21 647
零、写在最最最前面 强到离谱的社区群:941849249 使你变强的专属平台:https://www.ctfer.vip/ [羊城杯 2021]Bigrsa 文章目录零、写在最最最前面强到离谱的社区群:941849249使你变强的专属平台:https://www.ctfer.vip/[羊城杯 2021]Bigrsa壹、直接上目代码贰、解思路叁、求解flag 壹、直接上目代码 from Crypto.Util.number import * from flag import * n1 = 10383
公钥密码技术详解:RSA与 Diffie-Hellman
"信息安全原理与技术第2版郭亚军宋建华李莉董慧慧清华大学出版社" 公钥密码技术是信息安全领域中的重要组成部分,旨在解决对称密码技术中的两大难:密钥分配和数字签名的实现。这一章详细介绍了公钥密码体制的...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值