2023年NewStar CTF 第一周 题目记录
2023年NewStar CTF
CRYPTO
brainfuck
题目内容如下:
++++++++[>>++>++++>++++++>++++++++>++++++++++>++++++++++++>++++++++++++++>++++++++++++++++>++++++++++++++++++>++++++++++++++++++++>++++++++++++++++++++++>++++++++++++++++++++++++>++++++++++++++++++++++++++>++++++++++++++++++++++++++++>++++++++++++++++++++++++++++++<<<<<<<<<<<<<<<<-]>>>>>>>++++++.>----.<-----.>-----.>-----.<<<-.>>++..<.>.++++++.....------.<.>.<<<<<+++.>>>>+.<<<+++++++.>>>+.<<<-------.>>>-.<<<+.+++++++.--..>>>>---.-.<<<<-.+++.>>>>.<<<<-------.+.>>>>>++.
解题思路:利用在线工具加解密
工具链接:http://www.hiencode.com/brain.html
Caesar’s Secert
题目内容如下:
kqfl{hf3x4w'x_h1umjw_n5_a4wd_3fed}
根据题目提示:Caesar’s Secert 初步判断未凯撒加密
凯撒加密原理:把明文中每个英文字母替换为该字母在字母表中后面第k个字母,如果后面第k个字符超过字母表范围,则把字母表首尾相接,也就是字母Z的下一个字母是A,字母z的下一个字母是a。要求明文中的大写字母和小写字母分别进行处理,大写字母加密后仍为大写字母,小写字母加密后仍为小写字母。
使用在线网站解密,key=5
http://www.hiencode.com/caesar.html
Fence
题目内容如下:
fa{ereigtepanet6680}lgrodrn_h_litx#8fc3
根据题目提示为:栅栏密码
栅栏密码原理:就是把要加密的明文分成N个一组,然后把每组的第1个字连起来,形成一段无规律的话。 不过栅栏密码本身有一个潜规则,就是组成栅栏的字母一般不会太多。(一般不超过30个,也就是一、两句话)
利用加解密网站解密:http://www.hiencode.com/railfence.html
key=2
Vigenère
题目内容如下:
pqcq{qc_m1kt4_njn_5slp0b_lkyacx_gcdy1ud4_g3nv5x0}
根据题目提示为 维吉尼亚密码
密码原理:https://blog.csdn.net/weixin_47585015/article/details/112999152
利用在线加解密网站 http://www.hiencode.com/vigenere.html
key = kfc
babyrsa
from Crypto.Util.number import *
from flag import flag
def gen_prime(n):
res = 1
for i in range(15):
res *= getPrime(n)
return res
if __name__ == '__main__':
n = gen_prime(32)
e = 65537
m = bytes_to_long(flag)
c = pow(m,e,n)
print(n)
print(c)
# 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
# 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595
RSA加解密原理: RSA原理
利用yafu.exe 工具进行大整数因式分解;一般来说会得到p和q两个结果;但是该题目分解得到很多的质数。转变思路,直接求φ(n)。即欧拉函数。
将相关质因数保存为txt格式:
P10 = 2794985117
P10 = 3207148519
P10 = 2217990919
P10 = 3654864131
P10 = 2970591037
P10 = 2370292207
P10 = 2923072267
P10 = 2706073949
P10 = 2463878387
P10 = 2338725373
P10 = 3939901243
P10 = 4093178561
P10 = 2804303069
P10 = 3831680819
P10 = 4278428893
相关python代码如下:
from Crypto.Util.number import *
f = open("12.txt","r").read()
c1 = f.split("\n")
c1= [int(_.split(" = ")[1]) for _ in c]
print(c1)
a = 1
for i in c1:
assert isPrime(i)
a*=(i-1)
n= 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
c= 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595
d = inverse(65537,a)
print(long_to_bytes(pow(c,d,n)))
babyencoding
题目内容如下:
part 1 of flag: ZmxhZ3tkYXp6bGluZ19lbmNvZGluZyM0ZTBhZDQ=
part 2 of flag: MYYGGYJQHBSDCZJRMQYGMMJQMMYGGN3BMZSTIMRSMZSWCNY=
part 3 of flag: =8S4U,3DR8SDY,C`S-F5F-C(S,S<R-C`Q9F8S87T`
由此可以看出flag分为三部,三部分为不同编码
part1和part2看内容为base64、base32;part3为UUencode编码
利用在线网站进行加解密,并组合flag:https://ctf.bugku.com/tools
Small d
题目相关内容如下:
from secret import flag
from Crypto.Util.number import *
p = getPrime(1024)
q = getPrime(1024)
d = getPrime(32)
e = inverse(d, (p-1)*(q-1))
n = p*q
m = bytes_to_long(flag)
c = pow(m,e,n)
print(c)
print(e)
print(n)
# c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
# e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
# n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433
解题思路·:e很大,适用于维纳攻击脚本;相关内容链接:https://blog.csdn.net/fengerxi33/article/details/123007453
脚本内容如下:
import gmpy2
import libnum
def continuedFra(x, y):
"""计算连分数
:param x: 分子
:param y: 分母
:return: 连分数列表
"""
cf = []
while y:
cf.append(x // y)
x, y = y, x % y
return cf
def gradualFra(cf):
"""计算传入列表最后的渐进分数
:param cf: 连分数列表
:return: 该列表最后的渐近分数
"""
numerator = 0
denominator = 1
for x in cf[::-1]:
# 这里的渐进分数分子分母要分开
numerator, denominator = denominator, x * denominator + numerator
return numerator, denominator
def solve_pq(a, b, c):
"""使用韦达定理解出pq,x^2−(p+q)∗x+pq=0
:param a:x^2的系数
:param b:x的系数
:param c:pq
:return:p,q
"""
par = gmpy2.isqrt(b * b - 4 * a * c)
return (-b + par) // (2 * a), (-b - par) // (2 * a)
def getGradualFra(cf):
"""计算列表所有的渐近分数
:param cf: 连分数列表
:return: 该列表所有的渐近分数
"""
gf = []
for i in range(1, len(cf) + 1):
gf.append(gradualFra(cf[:i]))
return gf
def wienerAttack(e, n):
"""
:param e:
:param n:
:return: 私钥d
"""
cf = continuedFra(e, n)
gf = getGradualFra(cf)
for d, k in gf:
if k == 0: continue
if (e * d - 1) % k != 0:
continue
phi = (e * d - 1) // k
p, q = solve_pq(1, n - phi + 1, n)
if p * q == n:
return d
n=
e=
c=
d=wienerAttack(e, n)
m=pow(c, d, n)
print(libnum.n2s(m).decode())
babyxor
题目内容如下:
from secret import *
ciphertext = []
for f in flag:
ciphertext.append(f ^ key)
print(bytes(ciphertext).hex())
# e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2
babyaes
题目内容如下:
from Crypto.Cipher import AES
import os
from flag import flag
from Crypto.Util.number import *
def pad(data):
return data + b"".join([b'\x00' for _ in range(0, 16 - len(data))])
def main():
flag_ = pad(flag)
key = os.urandom(16) * 2
iv = os.urandom(16)
print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)
aes = AES.new(key, AES.MODE_CBC, iv)
enc_flag = aes.encrypt(flag_)
print(enc_flag)
if __name__ == "__main__":
main()
# 3657491768215750635844958060963805125333761387746954618540958489914964573229
# b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
解题思路如下:https://blog.csdn.net/MikeCoke/article/details/113790052