HNCTF---crypto mathRSA

最新推荐文章于 2024-05-27 22:12:40 发布
最新推荐文章于 2024-05-27 22:12:40 发布
阅读量962 收藏 7
点赞数
分类专栏: CTF 文章标签: python 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/luochen2436/article/details/127299358
版权

文章目录

题目

from Crypto.Util.number import getPrime, bytes_to_long
from flag import flag

m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
n = p*q
e = 0x10001
c = pow(m, e, n)
hint = p**5 - q**4

print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
print(f"h = {hint}")
print(f"f = {flag}")
"""
n = 76236418318712173274495941060488893810931309177217802334230599201457092723011685048556311576262486371987147895332408646920500226769161418792142565209634495797142268681403865426056588605013602625268553194169434049817172340173907696496945054049859221379092764811535206778031226535614731731322630330166833765943      
e = 65537
c = 7207616060389865156270906240837846478541820008527247539698331406253371238674590766101711421196342768182325013873320402422918804780590951789425587131632422554819735000106070325708057225062376701298825910565526713270553888227235612227223162695870584803109353377288421750982913226189395526612487664144379690552       
h = 130285072635228037239175162118613869214302695058325046962039091162567931492116336918638092534964417960274466351834311039222269165021532950982276262717322395682559639859781516047319178212473103057947426886870612637975024605166325017663998263834789814181250953051730859433354534450232382414565421858172075431133498326501045697132640582932453817599366612200146802110424409285814189125929844293789544163802323048780585398714263586547670912817768592459281775837372982750626103047573532664320692775783627129463700810934670066747044799514243631607384814191188276380589420289084574680852618867732847029105400406874790675559126905078326495799755425006555539699119063191489852930421412630857588890593040420277938268954008973405431053073576987401154763326417551463323055736754390446
"""

题目分析

思路一

由题目可知,n=p*q,hint=p**5 - q**4,由此我们可以构造出非线性方程组p*q-n=0,p**5 - q**4-hint=0,然后利用sympy库对其解方程组得到p,q

求解p和q代码如下:

p,q = symbols("p q")
eq = [p*q-76236418318712173274495941060488893810931309177217802334230599201457092723011685048556311576262486371987147895332408646920500226769161418792142565209634495797142268681403865426056588605013602625268553194169434049817172340173907696496945054049859221379092764811535206778031226535614731731322630330166833765943,p**5 - q**4-130285072635228037239175162118613869214302695058325046962039091162567931492116336918638092534964417960274466351834311039222269165021532950982276262717322395682559639859781516047319178212473103057947426886870612637975024605166325017663998263834789814181250953051730859433354534450232382414565421858172075431133498326501045697132640582932453817599366612200146802110424409285814189125929844293789544163802323048780585398714263586547670912817768592459281775837372982750626103047573532664320692775783627129463700810934670066747044799514243631607384814191188276380589420289084574680852618867732847029105400406874790675559126905078326495799755425006555539699119063191489852930421412630857588890593040420277938268954008973405431053073576987401154763326417551463323055736754390446]
result = nonlinsolve(eq,[p,q])

得到p,q

p = 10543357481374908938696626650832667304979816176891429562773232136754485382413647547320866232418359800743787286242710171986152592431595912519025867918658127
q = 7230753434414569972828808651891325142186523078619542872286840414394373161212272545789342965212718184298307353595004152854764254216044770456139231711296409

接下进行普通RSA解密即可得到flag

思路二

因为p和q都是512bit长度,且已知hint=p**5 - q**4p**5远大于q**4。由此我们可以直接对hint开5次方得到near_p,此时near_p<p我们再循环取near_p的下一个素数,直至n可以整除near_p为止,此时p=near_p,则q=n//p

求解p和q代码如下:

near_p = gmpy2.iroot(h,5)[0]
while n%near_p !=0:
    near_p =gmpy2.next_prime(near_p)
p = near_p
q = n//p

接下进行普通RSA解密即可得到flag

解题脚本

脚本1:

from Crypto.Util.number import *
import gmpy2
from sympy import *

n = 76236418318712173274495941060488893810931309177217802334230599201457092723011685048556311576262486371987147895332408646920500226769161418792142565209634495797142268681403865426056588605013602625268553194169434049817172340173907696496945054049859221379092764811535206778031226535614731731322630330166833765943
e = 65537
c = 7207616060389865156270906240837846478541820008527247539698331406253371238674590766101711421196342768182325013873320402422918804780590951789425587131632422554819735000106070325708057225062376701298825910565526713270553888227235612227223162695870584803109353377288421750982913226189395526612487664144379690552
h = 130285072635228037239175162118613869214302695058325046962039091162567931492116336918638092534964417960274466351834311039222269165021532950982276262717322395682559639859781516047319178212473103057947426886870612637975024605166325017663998263834789814181250953051730859433354534450232382414565421858172075431133498326501045697132640582932453817599366612200146802110424409285814189125929844293789544163802323048780585398714263586547670912817768592459281775837372982750626103047573532664320692775783627129463700810934670066747044799514243631607384814191188276380589420289084574680852618867732847029105400406874790675559126905078326495799755425006555539699119063191489852930421412630857588890593040420277938268954008973405431053073576987401154763326417551463323055736754390446
p,q = symbols("p q")
eq = [p*q-76236418318712173274495941060488893810931309177217802334230599201457092723011685048556311576262486371987147895332408646920500226769161418792142565209634495797142268681403865426056588605013602625268553194169434049817172340173907696496945054049859221379092764811535206778031226535614731731322630330166833765943,p**5 - q**4-130285072635228037239175162118613869214302695058325046962039091162567931492116336918638092534964417960274466351834311039222269165021532950982276262717322395682559639859781516047319178212473103057947426886870612637975024605166325017663998263834789814181250953051730859433354534450232382414565421858172075431133498326501045697132640582932453817599366612200146802110424409285814189125929844293789544163802323048780585398714263586547670912817768592459281775837372982750626103047573532664320692775783627129463700810934670066747044799514243631607384814191188276380589420289084574680852618867732847029105400406874790675559126905078326495799755425006555539699119063191489852930421412630857588890593040420277938268954008973405431053073576987401154763326417551463323055736754390446]
result = nonlinsolve(eq,[p,q])
p = 10543357481374908938696626650832667304979816176891429562773232136754485382413647547320866232418359800743787286242710171986152592431595912519025867918658127
q = 7230753434414569972828808651891325142186523078619542872286840414394373161212272545789342965212718184298307353595004152854764254216044770456139231711296409
near_p = gmpy2.iroot(h,5)[0]
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))

脚本2:

from Crypto.Util.number import *
import gmpy2

n = 76236418318712173274495941060488893810931309177217802334230599201457092723011685048556311576262486371987147895332408646920500226769161418792142565209634495797142268681403865426056588605013602625268553194169434049817172340173907696496945054049859221379092764811535206778031226535614731731322630330166833765943
e = 65537
c = 7207616060389865156270906240837846478541820008527247539698331406253371238674590766101711421196342768182325013873320402422918804780590951789425587131632422554819735000106070325708057225062376701298825910565526713270553888227235612227223162695870584803109353377288421750982913226189395526612487664144379690552
h = 130285072635228037239175162118613869214302695058325046962039091162567931492116336918638092534964417960274466351834311039222269165021532950982276262717322395682559639859781516047319178212473103057947426886870612637975024605166325017663998263834789814181250953051730859433354534450232382414565421858172075431133498326501045697132640582932453817599366612200146802110424409285814189125929844293789544163802323048780585398714263586547670912817768592459281775837372982750626103047573532664320692775783627129463700810934670066747044799514243631607384814191188276380589420289084574680852618867732847029105400406874790675559126905078326495799755425006555539699119063191489852930421412630857588890593040420277938268954008973405431053073576987401154763326417551463323055736754390446
near_p = gmpy2.iroot(h,5)[0]
while n%near_p !=0:
    near_p =gmpy2.next_prime(near_p)
p = near_p
q = n//p
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))

【真正有嚼头的男女情爱,就是哑巴吃黄连,旁人拦不住,不吃还不行。】

3tefanie丶zhou
关注
  • 0
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
sm-crypto-master.zip
12-17
国密算法SM2公私钥加解密及签名验签以及前端js sm-crypto,附件说明及参考及测试方法;
crypto-js.4.0.0
01-15
此资源为构建好的crypto-js.4.0.0版本,下载后可直接使用Script标签引入所需加密算法。支持:MD5 SHA-1 SHA-256 AES Rabbit MARC4 HMAC HMAC-MD5 HMAC-SHA等算法
HNCTF 2022 week1 web方向题解
m0_74160536的博客
08-01 694
简单说一下file伪协议,也是引用的别人博客(https://blog.csdn.net/qq_37466661/article/details/126203437)但正常情况下,我们输入php?filter=flag.php,只会发现一片空白,这时就需要用到php伪协议了,而这道题使用的就是file伪协议。检查-网络-刷新网页,只有两个网络响应,不过另一个是图标,不用管,打开cookie,提示去/f14g.php,跳转。打开环境,是一个小游戏,目标是2000分,不用管,小游戏题基本都是找js代码。
HNCTF——web方向部分题解
m0_60715541的博客
11-01 1524
这是这次分享的题解的清单,主要是web的,等我啥时候有时间更新一波杂项的题解。
HNCTF
最新发布
m0_73725283的博客
05-27 887
正常·RSA常用的e是65537,那么65537-1=65536,它可能在base家族中能被找到(好明显的提示啊,想不到/(ㄒoㄒ)/~~)奇怪的字符,肯定也是一种加密,再次看到提示2^11=2048,所以是base2048(这谁想得到,摔桌(╯▔皿▔)╯)时间戳,是从1970年1月1日(UTC/GMT的午夜)开始所经过的秒数(不考虑闰秒),用于表示一个时间点。根据上图,有:模p的三阶矩阵群的阶为p(p-1)(p+1)(p^2+p+1)矩阵上的RSA,n是不大的,可以直接分解,主要还是求d的问题。
hnctf-pwn-week2
m0_64174759的博客
11-26 898
逆向,整数溢出,orw,栈迁移,ret2csu,partial overwrite
HNCTF-re部分复现
weixin_61154173的博客
04-23 824
dfs迷宫01背包问题,这几天在做HNCTF的week3,week4部分,学到了一些不知道的没接触过的东西,所以记录一下。
[dasctf]crypto3 可以写个方程吗?
amber_o0k的博客
09-02 268
hint和n分解pq然后常规rsa,解出来的m就是题中的flag。奇怪的是sage居然解不出来,sympy可以。
crypto-js.zip
05-08
《JS加密库——crypto-js深度解析》 在Web开发中,数据安全愈发重要,加密技术成为保护用户信息、确保通信安全的关键。crypto-js是一个流行的JavaScript加密库,它为开发者提供了丰富的加密算法,使得在浏览器环境...
ipp-crypto-develop
11-25
"ipp-crypto-develop" 是一个专门针对Intel Performance Primitives (IPP) 加密库的开发环境。IPP是由Intel公司提供的一个高效、跨平台的软件库,主要用于执行各种密码学和数据安全算法,如AES(高级加密标准)、RSA...
Charm-Crypto-0.43_Python3.tar.gz
08-15
**Charm-Crypto-0.43_Python3.tar.gz** 是一个包含了Charm加密库的版本0.43的压缩文件,专为Python 3编程语言设计。这个库为开发者提供了一整套强大的加密工具,包括了身份基加密(IBE)、属性基加密(ABE)以及对称...
hnctf-pwn-[week1]
m0_64174759的博客
11-20 1623
hnctf pwn week1 WP,栈溢出,格式化字符串,32位,64位rop,ret2shellcode,可见字符串,格式化字符串
[HNCTF 2022 WEEK2]easy_include
biejianghua的博客
03-02 1222
[HNCTF 2022 WEEK2]easy_include
HNCTF week1
qq_49341576的博客
04-24 320
代码分析。
[HNCTF]crypto-wps
weixin_52118017的博客
10-28 2252
hnctf-crypto方面题解
CTF笔记 个人HNCTF反思(部分题目)
qq_51248658的博客
10-31 2085
[WEEK2]easy_include、[WEEK2]easy_unser、[WEEK2]easy_sql、[WEEK2]ez_SSTI、[WEEK4]pop子和pipi美
HNCTF--Misc部分题解
m0_60715541的博客
11-03 839
分享一下,HNCTF种三道有意思的题目
NewStarCTF-WEEK1CRYPTO-RSA_begin题与解
villons的博客
09-25 571
rsa套娃题,奇怪的hint
RSA中的数学运用
Luiino的博客
12-31 670
翻别人博客学习,偶然翻到了一道题,与之前写的一道题类似,记录一下。
-g crypto-js
08-03
回答: "-g crypto-js"这个问题似乎是一个命令行参数或选项。根据提供的引用内容,我没有找到与"-g crypto-js"直接相关的信息。引用[1]提到了一种将正常的js代码转换成复杂的只有符号的字符串编码的方法,而引用[2]提到了一种将正常的js代码转换为特殊网络表情符号的方法。引用[3]则提到了一种基于格子的简单替代式密码。根据这些信息,我无法确定"-g crypto-js"具体指的是什么。如果您能提供更多上下文或信息,我将尽力为您提供更准确的答案。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值