BUU-crypto-刷题记录15

已于 2024-01-04 21:25:30 修改
阅读量6.5k 收藏
点赞数
分类专栏: 密码小白刷题记录 文章标签: BUU crypto 编码
于 2021-07-02 22:02:05 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_57291352/article/details/118407098
版权

[MRCTF2020]天干地支+甲子

题目

得到得字符串用MRCTF{}包裹
一天Eki收到了一封来自Sndav的信,但是他有点迷希望您来解决一下
甲戌
甲寅
甲寅
癸卯
己酉 
甲寅
辛丑

解题

由六十甲子顺序表
在这里插入图片描述
得到
11 51 51 40 46 51 38

根据提示,在加上一甲子,也就是再加60
得:71 111 111 100 106 111 98

然后十进制转ASCII码得到
Goodjob

答案
flag{Goodjob}

[MRCTF2020]vigenere

题目
cipher.txt

g vjganxsymda ux ylt vtvjttajwsgt bl udfteyhfgt
oe btlc ckjwc qnxdta 
vbbwwrbrtlx su gnw nrshylwmpy cgwps, lum bipee ynecgy gk jaryz frs fzwjp, x puej jgbs udfteyhfgt, gnw sil uuej su zofi. sc okzfpu bl lmi uhzmwi, x nyc dsj bl lmi enyl ys argnj yh nrgsi. nba swi cbz ojprbsw fqdam mx. cdh nsai cb ygaigroysxn jnwwi lr msylte.
cw mekr tg jptpzwi kdikjsqtaz, ftv pek oj pxxkdd xd ugnj scr, yg n esqxwxw nba onxw au ywipgkj fyiuujnxn gnss xwnz onxw jnahl avhwwxn vzkjpu nrofch fvwfoh. v jwhppek lmi vyutfp hbiafp hcguj at nxw gyxyjask ib hw seihxsqpn vtvjttajwsx ds zzj xnegfsmtf egz wtrq lt mbcukj sc hy. qty wnbw ss bbxsq vxtnl ys ghrw zw cbx vt cdh vgxwtfy ssc brzzthh bl wsjdeiwricg cw mekr zjzi grgktr ib lwfv.
vbbwwrbrtlx hteonj xwroj oyhg vgbigf ljtq iuk utrhrtl tj iuk ytztetwi. cdh nsai crolmig fudngxgkv ssg ekujmkrj gzvh. jk vnh cbz aszxgk qty. nba vt rdg qfta jf, tgw hd lum prdj umw aderv. hcqrxkuerr jgjw cbz dni lvzznr nbaj gsgqkjx. hd aul ylxaq lmei lum hec oaaqh xg, gk yldhmz nx lrxw f tjorah gdaylwyrgogs tgbpwhx. nba ufrcbz. ay mh nt shx ds tsyygr gfi mi txgbw xgywqj iuxgzkw baj hsaykuymkr guymday.
qty wnbw ssi rtyfktq of tyg txwfx paj yfxwrxask rbtnjvhnzatr, cbx vnh nba uwipgk lmi lrgdyl ds umw qpeqwytaniwx. cdh jg ssi xtgb sje imqxjek, gzv tgnahw, de zzj ycjxayxta igiih gnsy eaeksic eeunnht baj xsrvkld qdek gwhte zzfr rbadi ft bhlfmcrj td ecl ux dsje oeushvzatrh.
lum hppvs lmigr gjj tgbhdjqh nsgsk jf zzfx nba fjis gu ktpkr. egz yhr zznw rygar eh nt wcgjfk lt mcigvj sje vjjgxailx. qpae gk xwryw uvdorwrw sbt'l jbxfz. omigr zzjvt nxw wipy igsjavilx, awrxw yltek swi leuflw, lr caqp xqkfymul zzjq paj sihgryk yltz hq tyg zkssw. lr gjj jdesask dhx gbr hbiafp rbtlwerg. zznw vbbwwrpaiw bmay gjnwt niutvsvty ys iuk utrsvzatrh bl gzv lbxdi, rdg egzvh. baj bsgyj ax hxslwwicg.
iqgigfvshi rbtknwif ux yvpayshxxbtk, wianzatrhuohx, ecq zztyvuz aywtyl, swvplkv qmzr g kyecqofl apik as xwr cwg su baj hsbzafngpgogsw. dhxk nw p jujqh iugl nw qbzz jzteeomigr gfi rdjnwwi, qhz ay mh aul bltek tthxry dnzt.
jk swi reksymct g otvaq zzfx pyr efc tazww axgngzx eeonnpttk gw tgrpmimrr guhsgqkv gc gniw, jgdaueng ebcww, qxyolfvn sujhi, de ylfxxbt gk fxezz.
bi pek uwipgofl e lbxdi awrxw frnbtw, frnjnwwi bne wctgryk mmh bx zjv qrrajjh, au efxirx zta hvtyzppe, cayldhz xjeg bl tjmct igjvrrj asxd fodjrrr uj hscsujrmil.
egzv armsq gdaiwuxh bl hwserxld, imcxwxwxbt, aiicgold, qdikejri, ntv hscgkpy hd aul fteye lt yh. gnwd egr gdq fpfkv tr bnzljv, paj lmigr ok ss bnzljv wrxw.
tyg vjwsxxgowx lpik ft fdqowx, wd, htdnot lum, bi rntftx dozsnr dejww fn cnqxmrnr utigpogs. at okdnikr zzfx ueue jxwvik, jravmzyicrj kjpu-vtljvtfz, ssh iuk utqbbtojea, baj lskrxffrrr caqp tzkjli. dhx aiicgolnih zgq gi svylwmqhzwi ereukx qpae gk cdhx bzvxfjahxxbtk. ylt btdd ppj zzfx pyr gzv rbtkymihkfy gjyzmwih jumqh vrtwweaye jjgdttaei xf zzj kdyjws vjyk. oj ldck oj axyr tj eqyk lt fjvrv tyg cgjymrhrsw wdyalnscf uf ylpg hsxmh. oal bi rntftx ppiwux iuk ktpjgogsw nba swi pgzwrtivty ys xzvgxi.
xa zzj ycvzwi winzwx, cdh nsai ibjsd ggrgljh p ygo, ylt gkdjgdzsmsmrnzatrh ekxtvb nil, blxpn jjtjqosyih lumw sla igswivzmymda gfi mcfadyw iuk vwipzy gk ntslwwwda, csxlxamltr, bvrd, resvygs, htguizikvrdj, ecq hjfrsrok. yltfk vwipzy ezwi auo gi qbxf frtj of zw.
nba swi irxjnjxrj gk cdhx gbr ruodivta, yasgt gnwd egr tsymkry as e lbxdi awrxw dsj jodq eajgqx ft vsenkgntlx. ftpgmxi nba xjeg gnwr, cdh kfyvjfz qtyg oajjejpxshmtf cayl iuk hfvtazsq vtfvgswxoodnxxry qty pek lts rbcswhal zg hscsxgsx nbajxiaikk. nr dhx otvaq, gdq xwr ywsxxzkfyw paj wctgryknscf ux mybntayc, ueue ylt qktfwxam lt xwr gfliavi, swi enxlx su n ywfqaryk bldyk, lmi vyutfp rbtnjvhnzatr ds hayw. lr issrdg ywuegnzw ylt noj ylpg iztotf ljtq iuk snv jcuf blxpn onrvf hwfx.
xa iznrp, tkjrecl, ljfrrr, xmxwxn, yaskpcujj, minrq frs gnw zrxgkv xxpgkk, dsj nxw yvnvty ys lnxv tju gnw amghy gk pxokjyc ql kjjgivty lypej htwif gl ylt sxgsxxrxk tj rlhwwweniw. yltfk efc zrkh tyi gnw hscggynsc suj f wbnrd ymbr, hmy xwre onpa aul bsgx of f aderv ylpg caqp hbuf gi qygfpiirj as fxg-hwfvxam ejhxn.
egzv xaijjehvtyqc doygqiir ofksgzglnsc vtvzwieowx adhrv uigcklzeir zzjqhrrnjw ql vjttdfofl ppjy, as ebrxahe paj wqwtjnwwi, iugl hppvs lt sla yhjiru olxias zzwsjtngzx iuk otvaq. zzjwt ygox adhrv iirygjj msrgk ys qr gftxwrx ashjfzjnea cxgiyrg, tg rsgr tggpt gnss txt ojtr. xa umw aderv, blpgknjv iuk zzqpa sash bne uwipgk ufr qr xwuvdqaujh paj vnwieotzxtq ofkmcvzwqc pg tg hshg. zzj kabhsq gdabwdecpk gk xwbaymx cb rgskte xwvyxekk dsje lshxdeowx xd niutqeyokm.
xwryw nrreksxmctrq mshgodj ecq igqscvgd ripfajjw eyguj yh vt lmi hnsw ushvzatr pf zztwt cxwamdhy dtztey gk jgrkvtq paj kjpu-qkljvbvtsymda czt lpq zg wiyril ylt nalmsgvzajw ds jaxxpaz, msmcsujris cuojvh. jk ezwi qkuqegr umw zxezmfp hrrnjw xzsmsi ib egzv hbbwwixttld, ikrt sx at pufymchk lt gdaywsx ib egzv ghrw tzte umw fdqowx. at jodq weeksi sjeywqztf guwshf zzj tantwy wd gnsy rd btw hec nxjjwi baj yldhmzyw.
lr caqp reksyi p ponnpxmglnsc bl lmi bvtv nr rlhwwweniw. ren vz tj qdek zzqpak ssh unoj ylpa zzj aderv dsje mgaigaswsxh ugnj qpqk tjjdek.
xqev vy ewgis balicrxw hvnczg hvppq efr, eyksxi pqj mshteyutvt ntv hygye twerry.

vigenere.py

#!/bin/python3
from ctf import source_text, key_string

getdiff = lambda char: ord(char)-ord('a')
getchar = lambda num: chr(ord('a')+num)

def vigenere(src: chr, key: chr) -> chr:
    assert(src.isalpha() and key.isalpha())
    return(getchar((getdiff(src) + getdiff(key) + 1) % 26))

src = source_text.lower()
count = 0
assert(len(key_string) > 5 and len(key_string) < 10)
for i in src:
    if(i.isalpha()):
        print(vigenere(i, key_string[count % len(key_string)]), end='')
        count+=1
    else:
        print(i, end='')

解题
vigenere不是翻译为葡萄园,而是维吉尼亚

维吉尼亚密码(又译维热纳尔密码)是使用一系列凯撒密码组成密码字母表的加密算法,属于多表密码的一种简单形式。

根据代码我们知道密钥长度小于10大于5

由于本人比较菜,写不出爆破代码
还是用在线解密

输入本文并填上密钥长度为5-10后
得到

一串解密后的字符

可以看出最后一行有flag

flag是mrctf vigenere crypto crack man,请加上下划线和括号

答案
flag{vigenere_crypto_crack_man}

[BJDCTF2020]rsa_output

题目

{21058339337354287847534107544613605305015441090508924094198816691219103399526800112802416383088995253908857460266726925615826895303377801614829364034624475195859997943146305588315939130777450485196290766249612340054354622516207681542973756257677388091926549655162490873849955783768663029138647079874278240867932127196686258800146911620730706734103611833179733264096475286491988063990431085380499075005629807702406676707841324660971173253100956362528346684752959937473852630145893796056675793646430793578265418255919376323796044588559726703858429311784705245069845938316802681575653653770883615525735690306674635167111,2767}

{21058339337354287847534107544613605305015441090508924094198816691219103399526800112802416383088995253908857460266726925615826895303377801614829364034624475195859997943146305588315939130777450485196290766249612340054354622516207681542973756257677388091926549655162490873849955783768663029138647079874278240867932127196686258800146911620730706734103611833179733264096475286491988063990431085380499075005629807702406676707841324660971173253100956362528346684752959937473852630145893796056675793646430793578265418255919376323796044588559726703858429311784705245069845938316802681575653653770883615525735690306674635167111,3659}

message1=20152490165522401747723193966902181151098731763998057421967155300933719378216342043730801302534978403741086887969040721959533190058342762057359432663717825826365444996915469039056428416166173920958243044831404924113442512617599426876141184212121677500371236937127571802891321706587610393639446868836987170301813018218408886968263882123084155607494076330256934285171370758586535415136162861138898728910585138378884530819857478609791126971308624318454905992919405355751492789110009313138417265126117273710813843923143381276204802515910527468883224274829962479636527422350190210717694762908096944600267033351813929448599

message2=11298697323140988812057735324285908480504721454145796535014418738959035245600679947297874517818928181509081545027056523790022598233918011261011973196386395689371526774785582326121959186195586069851592467637819366624044133661016373360885158956955263645614345881350494012328275215821306955212788282617812686548883151066866149060363482958708364726982908798340182288702101023393839781427386537230459436512613047311585875068008210818996941460156589314135010438362447522428206884944952639826677247819066812706835773107059567082822312300721049827013660418610265189288840247186598145741724084351633508492707755206886202876227

解题

可以看出前两组输出的数第一个一样

也就是说两个不一样的e有两个一样的n,还有两个不一样的m

共模攻击

共模攻击,也称同模攻击,英文原名是 Common Modulus Attack 。 同模攻击利用的大前提就是,RSA体系在生成密钥的过程中使用了相同的模数n。 我们依然以上面的案例展开。 如果,此时有一个攻击者,同时监听了A和B接收到的密文c1,c2,因为模数不变,以及所有公钥都是公开的,那么利用同模攻击,他就可以在不知道d1,d2的情况下解密得到消息m。

这里需要用到两条幂运算的性质:
(a * b) % p = (a % p * b % p) % p
a b % p = ((a % p) b) % p
因为c1 = m^e1%n,c2 = me2%n,需要证明m=(c1s1c2^s2)%n
代入可得:
(c1s1*c2s2)%n = ((me1%n)s1(me2%n)s2)%n
=((me1%n)s1(me2%n)s2)%n
=((me1)s1%n*(me2)s2%n)%n //消掉%n
=((me1)s1*(me2)s2)%n
=((m(e1*s1)*(m(e2*s2))%n //幂的乘方,底数不变,指数相乘
=(m(e1*s1+e2*s2))%n //同底数幂相乘,底数不变,指数相加
又因为m<n,所以(c1s1*c2s2)%n=m%n=m

import gmpy2
from Crypto.Util.number import long_to_bytes

e1 = 2767
e2 = 3659

n = 21058339337354287847534107544613605305015441090508924094198816691219103399526800112802416383088995253908857460266726925615826895303377801614829364034624475195859997943146305588315939130777450485196290766249612340054354622516207681542973756257677388091926549655162490873849955783768663029138647079874278240867932127196686258800146911620730706734103611833179733264096475286491988063990431085380499075005629807702406676707841324660971173253100956362528346684752959937473852630145893796056675793646430793578265418255919376323796044588559726703858429311784705245069845938316802681575653653770883615525735690306674635167111

c1 = 20152490165522401747723193966902181151098731763998057421967155300933719378216342043730801302534978403741086887969040721959533190058342762057359432663717825826365444996915469039056428416166173920958243044831404924113442512617599426876141184212121677500371236937127571802891321706587610393639446868836987170301813018218408886968263882123084155607494076330256934285171370758586535415136162861138898728910585138378884530819857478609791126971308624318454905992919405355751492789110009313138417265126117273710813843923143381276204802515910527468883224274829962479636527422350190210717694762908096944600267033351813929448599
c2 = 11298697323140988812057735324285908480504721454145796535014418738959035245600679947297874517818928181509081545027056523790022598233918011261011973196386395689371526774785582326121959186195586069851592467637819366624044133661016373360885158956955263645614345881350494012328275215821306955212788282617812686548883151066866149060363482958708364726982908798340182288702101023393839781427386537230459436512613047311585875068008210818996941460156589314135010438362447522428206884944952639826677247819066812706835773107059567082822312300721049827013660418610265189288840247186598145741724084351633508492707755206886202876227

_, r, s = gmpy2.gcdext(e1, e2)

m = pow(c1, r, n) * pow(c2, s, n) % n
print(long_to_bytes(m))

答案
flag{r3a_C0mmoN_moD@_4ttack}

无名函数
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
ssl:用于 Modulus SSL 指南的示例
07-12
模数 SSL 示例 一个简单的静态服务器,提供一个页面来帮助公众了解 SSL 的工作情况。 跑步 $ node site Server listening on port 8080 部署到 Modulus 不需要特殊的过程。 如果可用,服务器将使用process.env.PORT 。 $ modulus deploy -p <project>
ad101-lab.github.io:这是我的个人网站
08-04
我的个人网站 如果您正在寻找 HD Projects 站点,它会被移回 ,该站点目前也在建设中。
BUUCTF crypto做记录(13)新手向
tgmhh的博客
03-05 418
[MRCTF2020]vigenere、[MRCTF2020]keyboard、一张谍报、[NPUCTF2020]这是什么觅🐎
crypto-CommonModulusAttack(GXYCTF2019)
耐酸碱高温固化材料近距离传输研究
11-26 742
比较少见的一道java密码记录一下。 目源码CommonModulusAttack.class用jdgui反编译一下即可,大概改写一下变量名字以便分析。 相关文件: 分析一下程序逻辑。首先是执行oldtest函数,逻辑很简单就是生成了20个随机整数输出到old.txt然后执行initseed函数,就是从flag文件中读取字符串转为二进制形式,保存为seed接下来是执行gen_states函数 3.1 调用generate_init_state函数生成initStat值,本质上是seed在有限域上求
BUU-crypto-记录06
m0_57291352的博客
06-07 134
RSA3 目 c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349
Merge AVHD with VHD
热门推荐
weixin_34189116的博客
02-22 10万+
AVHD is a file created when you perform snapshot. Once you delete the snapshot and shutdown the Virtual Machine, automatically AVHD will merge with VHD but.... Dunno how , something cause...
BUU-crypto-记录30
m0_57291352的博客
07-17 1万+
[INSHack2017]rsa16m 目 # Challenge description: When you need really secure communications, you use RSA with a 4096 bit key. <br> I want really really really secure communications to transmit the nuclear launch codes (yeah IoT is everywhere man) so
BUU-crypto-记录25
m0_57291352的博客
07-12 706
[ACTF新生赛2020]crypto-classic1 目 hin 哇,这里有压缩包的密码哦,于是我低下了头,看向了我的双手,试图从中找到某些规律 xdfv ujko98 edft54 xdfv pok,.; wsdr43 解 看向自己的双手,xdfv ujko98 edft54 xdfv pok,.; wsdr43 键盘加密,每组字母包围起来的字母分别为:circle 解压,得到:SRLU{LZPL_S_UASHKXUPD_NXYTFTJT} 提示是维吉尼亚加密, c='SRLU{LZPL_S_U
BUU-Reveser-XMAN2018排位赛-easywasm(WebAssembly逆向分析)
最新发布
05-26
BUU-Reveser-XMAN2018排位赛_easywasm(WebAssembly逆向分析)
BUU-Reveser-FlareOn5-Web2.0(WebAssembly逆向分析)
05-26
BUU-Reveser-FlareOn5_Web2.0(WebAssembly逆向分析)
POSN:POSN-BUU的源代码
04-01
POSN POSN-BUU的源代码
Majin Buu Top HD Anime New Tabs Theme-crx插件
03-15
每次打开一个新选项卡,您将获得Majin Buu提供的不同高清壁纸 这个新主包括时钟等等。 魔鬼的布欧(the devil,Buu),日本动漫《七龙珠》中的义与恶的角色,是《七龙珠》综合实力最强的BOSS。 这个名字来自电影...
Project-Decoder-Ring
03-27
项目解码器环 项目描述:解码器环 该应用程序具有3种不同的解码器。 1.凯撒密码是一种替换密码,其中明文中... 2.... 3.... “单位”可以是单个字母(最常见),成对的字母,字母的三元组,上述的混合形式,等等。... 屏幕截图:
MRCTF2020 天干地支+甲子
pondzhang的专栏
05-01 1237
得到得字符串用MRCTF{}包裹 一天Eki收到了一封来自Sndav的信,但是他有点迷希望您来解决一下 甲戌 11 甲寅 51 甲寅 51 癸卯 40 己酉 46 甲寅 51 辛丑 38 为天干地支60年轮回的,脚本如下: a= [11, 51,51,40,46,51,38] print ''.join(chr(i+60) for i in a) ...
CTF密码学之RSA攻击算法
蚁景网安学院
11-24 5664
我们开始学习 RSA 的各种攻击算法及其数学原理。希望大家在学习的过程中更多的去关注攻击算法实现的原理,而不仅仅只在于 copy 攻击代码。
[GKCTF 2021]Random
m0_57291352的博客
08-12 2844
[GKCTF 2021]Random 目 import random from hashlib import md5 def get_mask(): file = open("random.txt","w") for i in range(104): file.write(str(random.getrandbits(32))+"\n") file.write(str(random.getrandbits(64))+"\n") file.
BUU-crypto-记录20
m0_57291352的博客
07-07 1833
[RoarCTF2019]RSA 目 A=(((y%x)**5)%(x%y))**2019+y**316+(y+1)/x p=next_prime(z*x*y) q=next_prime(z) A = 268334918267871452424746951279347600986101478100492490548412748030816137776819286806156188657704864643238212896088148746342741417611448688583069395940498
2021-09-25
m0_57291352的博客
09-25 1337
DASCTF Sept X 浙江工业大学秋季挑战赛 crypto 签到 目 #!/usr/bin/env python # -*- coding: utf-8 -*- from Crypto.Util.number import * import random flag=b'flag{******************}' n = 2 ** 256 flaglong=bytes_to_long(flag) m = random.randint(2, n-1) | 1 c = pow(m, flaglon
buu Quoted-printable
09-13
Quoted-printable是一种编码方法,常用于电子邮件中的MIME编码。它的作用是将非ASCII字符转换为可打印的ASCII字符。在Quoted-printable编码中,使用"="符号后跟两个十六进制数字来表示原本的字符。 在解密Quoted-printable编码时,我们可以使用在线工具来帮助我们。一个可以使用的工具是[mxcz.net](http://www.mxcz.net/tools/QuotedPrintable.aspx)。 根据提供的信息,得到的flag是"flag{那你也很棒哦}"。 总结:Quoted-printable是一种常见的邮件编码方法,用于将非ASCII字符转换为可打印的ASCII字符。解密Quoted-printable编码可以使用在线工具,如[mxcz.net](http://www.mxcz.net/tools/QuotedPrintable.aspx)。根据提供的信息,得到的flag是"flag{那你也很棒哦}"。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值