前言
crypto很简单的(bushi
random
题目
from random import *
from flag import flag
from hashlib import md5
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
f = open('output.txt','w')
for i in range(666):
f.write(f'{getrandbits(32)}\n')
f.close()
r = getrandbits(32)
key = bytes.fromhex(hex(r)[2:])
key = md5(key).digest()
cipher = AES.new(key,AES.MODE_CBC)
c = cipher.encrypt(pad(flag,16))
print(f'c = \'{cipher.iv.hex() + c.hex()}\'')
#c = '91fd1824ddc0a35e845e87f59e53a103334df418e6a65a7d7769699c3ca2119019361cd23a46a61d4e7f6cdff5f5200f586f90b66eabfd8ecff4ddf11ee444d37f80ada0bbe8af09e4fc32c1a51e3f29e2771b51c71d2ba4acb84fda61904b96'
过程分析
题目用getrandbits()
生成了666个32位的随机数,查阅资料得知是Python的random
模块通过MT19937 PRNG
来生成随机数的。所以我们可以通过利用前624
个随机数,再借助mt19937predictor
模块来预测第43个随机数,此时该随机数的md5摘要即为key
。然后把16进制的c转成byte类型,取前面16位作为iv
,16位以后的值则为密文c,之后进行AES解密即可得到flag
。
解题代码
from Crypto.Cipher import AES
from mt19937predictor import MT19937Predictor
from hashlib import *
import binascii
random_list = []
f = open('output.txt','r')
for i in f:
random_list.append(int(i))
f.close()
pre = MT19937Predictor()
for j in range(624):
pre.setrandbits(random_list[j],32)
for k in range(42):
pre.getrandbits(32)
r = pre.getrandbits(32)
c = binascii.unhexlify('91fd1824ddc0a35e845e87f59e53a103334df418e6a65a7d7769699c3ca2119019361cd23a46a61d4e7f6cdff5f5200f586f90b66eabfd8ecff4ddf11ee444d37f80ada0bbe8af09e4fc32c1a51e3f29e2771b51c71d2ba4acb84fda61904b96')
iv = c[:16]
c = c[16:]
key = bytes.fromhex(hex(r)[2:])
key = md5(key).digest()
aes = AES.new(key,AES.MODE_CBC,iv)
m = aes.decrypt(c)
print(m)
flag:
NSSCTF{Every_Mersenne_prime_corresponds_2_exactly_1_perfect_number}
square
题目
from flag import flag
from Crypto.Util.Padding import pad
from Crypto.Util.number import *
flag = pad(flag,16)
m = int.from_bytes(flag,'big')
n = getPrime(2048)
e = 16
c = pow(m,e,n)
with open('output.txt','w') as f:
f.write(f'n = {hex(n)}\n')
f.write(f'e = {hex(e)}\n')
f.write(f'c = {hex(c)}\n')
'''
n = 0xcaea4e2db0dc68029999cdad792fa1f9142117163af28f3230f7500ef748841554141ef35555ba23b95dc87f4c83f75dad14b6204dd4907fb75650fa7799def911f077b945f359e345bb9350c4a8268906c547e95e5819ef44ff124566a88fa2174ddfe3e895016df0036b59a50c6efb78724bde5d16a8a5cae45c918f329e462d10abe56ecdfae95bd13665260d0e8b648540d11f2447eef9aef3ea370faaecaab4c82ec1fe2bc83f2ce1b2793d95187eb2637e75700ba9745c253e928a4a603139dbf6b8bbf8111900a58be21a269992a9744c0284cf8f3ad7a3b95106d17af6baceac1acf543e425dc6317ab7f799a8ce19633b22e709eacb5d74ce4b56f9
e = 0x10
c = 0x2700a92e463d1c5da073b38d075a2da57c89ff9d658066c0bd38391cc60259a4fc992f1a6f1c5756d6e5934831fc0fbf7bfd85607f0d18781d30a4ab485e119af4f08b5fe7bf927aeaf7572b05dfec764d6ddda2b247b9f6b731300ece4209606d94c5708388d6e8efc1fa6e9c0cdda41cee95eb4a6b053b862fc43e55648973863f9874ee79ce4408277c9dc38fb26b44880e58f054b957c64fcf0d39c1fd496ad2fc5f5e5e70ba41422a4d945da299b5a695a4b7013a1f9ae1b629e395ffb0942d783d6e6be1f0888dfcb02d0aa1e9b7076e952a339bdc60f044f598afa2da28a4d7f094b959c8a8fefd5a11d10971cd681722f6868cf15a200cb910c591e1
'''
过程分析
一眼丁真,有限域开方
解题代码
#sage
import gmpy2
import libnum
n = 25615677894578755047156343445844436265410029831929516816331615976442311723531561327119120421902137698702653352454485089340848821437391616202141872920071595012903043917129450415132281907851460389644978646684609345443875666422198491448869630433730250869349508030370580903892239207884756374806258109492943540694086628024646020870637092193719694492693846334255662773824649492430671129799738149781864430546125939433980330127212907575934619598220128829660669072374596742985160944744357764899980761882388174261685017998418835450616554405045572713241285624806694724839559978907713026057535561110529562103720815584229448177401
c = 4923619777042399025887146422303297659783120863226021996148860671244847512543098087964715767641980417679067390679564108726073206690699301224393506078206013912924380722152925011054668001017618531377057540022895412157878200312482440734700318829864241419088425547155735004814729711491605355026803363624542118358640137143297907437453623706048322326645004217906155891160491031898832200405387987365631365076388160011734943632502259110957991013666764677877335371895193349158552558287723825942343208259258904711934477381264350542678515421966792754830294704523232235472880006977827912360930331797971744778921436751402476343777
e = 16
R.<x> = Zmod(n)[]
f = x^e-c
f = f.monic()
res = f.roots()
for i in res:
flag = libnum.n2s(int(i[0]))
if b'NSSCTF' in flag:
print(flag)
break
flag:
NSSCTF{ore_wa_ningen_O_yameru_zo!!!JOJO!!!}
【心仪女子之美,总是这般动人,美得教人装得下日月的双眼都装不下她,得搬去心扉,余在心头。】