2021-07-25

最新推荐文章于 2024-04-10 17:24:46 发布

无名函数

最新推荐文章于 2024-04-10 17:24:46 发布

阅读量692

点赞数

分类专栏：密码小白刷题记录文章标签： python

本文链接：https://blog.csdn.net/m0_57291352/article/details/119089296

版权

密码小白刷题记录专栏收录该内容

71 篇文章 7 订阅

订阅专栏

[XNUCA2018]Warmup

题目
Buggy_Server.py

from Crypto.Util.number import bytes_to_long, getPrime
from random import randint
from gmpy2 import powmod
import sys

p = getPrime(1024)
q = getPrime(1024)
N = p*q
Phi = (p-1)*(q-1)

with open("flag", 'r') as fr:
	flag = bytes_to_long(fr.read().strip())

def get_enc_key(BitLen, Phi):
    e = getPrime(BitLen)
    if Phi % e == 0:
        return get_enc_key(BitLen, Phi)
    else:
        return e

def sprint(message):
	print(message)
	sys.stdout.flush()

def communicate():
	sprint("This is a message distribute system. Please tell me your name: ")
	user = raw_input()
	bakcdoor(user)
	e = get_enc_key(randint(13, 13 + (len(user) % 4)), Phi)
	ct = powmod(flag, e, N)
	sprint("Hi %s, your N is: %d\nAnd your exponent is: %d\nLast but not least, your secret is: %d" % (user, N, e, ct))
	sprint("You will know the secret after I give you P,Q.\nSee you next time!")

if __name__ == "__main__":
	communicate()

sniffed.pcapng
在这里插入图片描述
解题

这次文档不应该用记事本打开

用Wireshark打开，点击分析，点击追踪TCP流，可以得到

This is a message distribute system. Please tell me your name: 
Alice
Hi Alice, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 7669
Last but not least, your secret is: 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Bob
Hi Bob, your N is: 16469436076891819107430664586570790058365332532674438789146675997314595491187244459383921424835032067061885275554735557145712521498253296163910390306330135855302922157272936907898045006260883274333834229418152155694295570782207999565052765330228242362968933298758811404031322069181362855243705838799645685066332172969401743211750904509226291946662578751991715996103303976647730874845283020815000321892678220724802450248872234664036667264022384588371373249390642053539194423282694248940736528696713895935252137917260856321114370743803866601761211552228903425850365457360876898940583221394582723557605309072232855822121
And your exponent is: 6581
Last but not least, your secret is: 4505063757912237030635628747221272994572695359194588227137745184038156993684967692950382379416670048352697192034847437641005118396778451573252079960329423730857312903905473153821671728221711196041864671612553117481967219346650953589661738125004385506770270950850305018428133702570007489933820805282374786447043101075368159524627160317546994983074271744438830758703672549021794396005996657563893647623858053340802508275966224731156066494130781524282692069374034848523211418786348920660102645506245253266350928691868117037802311207429854527893101629350899064793606053845768875251087079676571106395735856068973034721101
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Carol
Hi Carol, your N is: 25118874053328546753024263989563415727502048075025991833569501205632242337113077901532332374775395419348348701048189408092632079814832363732010926177912082562964016670890936281050864496155721672281093344082281963638371977758361202131970609490512245265719538879695944721744492357697438865016952531556200322390888505552979421131419142724258271230059422420336363879787201072494558351266967920357858873458121748582985640375604986741727501058494951533532341125506734541216305271046143705754799910729045435564538502962145048652820879590895993225869189429946329168385872964357133780290864454638364009252548494323438022231349
And your exponent is: 7603
Last but not least, your secret is: 19048737576987045063226590250127232246475809097432504428364908056604025281347091106863818770179886946036828033369811436258683836640686482186295887954603333674790126531024825196275247430917874230019937646154128686565959382549927974721595907720052683326347883917288387011898610688585967549063293999007662179537208541114528645906867834283911530827009496350564818050926992578354845375385136518922278665967914707035675926166195959084130878666446344492398932138098006690696811167313988561319314285936059926219964550560566892932146226765756939758814799908059743886502882106627085404296199027529328251035521224628003832913854
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Dave
Hi Dave, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 6947
Last but not least, your secret is: 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Eve
Hi Eve, your N is: 22890921296489391468723563207482439368715048528954857727696611997213849453925407639478311064849002092841332187029922829503732594819405334557899018193836573827538367732876315261107786375883032702336369949813383359822945447348738639898488349249930794685147680602369574583272233186638639006722932514492412473499671240672786609392623108668740611409192410353088792926863759136574234682712437658167544420388503462191966664297486016864300587100339017032869018550693788156823952834586915180769842001379726271815407042736414817319930070363123671954772200618698975099285175523273493454655068815092164026790575552599814897599019
And your exponent is: 32869
Last but not least, your secret is: 10442917988766773396490991940667317808047327971317925137102489044030528557897992672507937554697482807481687087032349144551262471682307071658961878532382971828091109354257621491344013450604760870060142736551478301684143824750833285595247473821108423325384179883193988517286866263448490603966572975638061953752262499593905224215350312955589263376013886143461626877100441513745096129818379335382286822093358933880966180516628821646828214470420085945706208301656296701245704053699525077530655225353466026325593619997021961040046033670273837714651500872492969863747973610655943366074744584652270844784591048670022372904094
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Frank
Hi Frank, your N is: 13610734669757105262564498565903016628884897465642188626977712600469428943454859353288561953332071112838192895353839306728698072861317475483364599428738408203420859463545743033507453999902768670963760117002226738834212826866972790759618857592183639430006129961804969344458099739275801744555852908477399106370903274847008168191406212026496201683437988789750311357127030874197256108087969060429116893649257007863251857384220793898187863784143099430027004383026281731367512474585221423627626454894508617409600974924819458907176960087389776551021286749078138520414178131682409288175569603840517742966654020297053280120421
And your exponent is: 10369
Last but not least, your secret is: 338230230737795357907632634565480424320738100416872971593313504623031636549506308515885211507225139575284223841381475563865888650857636729319870056097265003381655374810743643787055050913356678153093440043937297044556267703050582739481148800234028265995678045070593516597241200279290432036592464223968778632301959998956082387007036826439290490046693942095006926116019667542427239110629330500882759564195704755475923049022289141527406786806241793809546426372343971278513127134648233599072200913066293287533269250758307985763118372706166149682768349327629911555785267589749222331760647201324907861960876452039787203524
You will know the secret after I give you P,Q.
See you next time!

发现其中对Alice和Dave使用的N是同一个，用共模攻击

import gmpy2
from Crypto.Util.number import long_to_bytes

n = 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
e1 = 7669
e2 = 6947
c1 = 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
c2 = 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568

_, r, s = gmpy2.gcdext(e1, e2)

m = pow(c1, r, n) * pow(c2, s, n) % n
print(long_to_bytes(m))

运行得到b'FLAG{g00d_Luck_&_Hav3_Fun}'

答案
flag{g00d_Luck_&_Hav3_Fun}

[NCTF2019]easyRSA

题目

from flag import flag

e = 0x1337
p = 199138677823743837339927520157607820029746574557746549094921488292877226509198315016018919385259781238148402833316033634968163276198999279327827901879426429664674358844084491830543271625147280950273934405879341438429171453002453838897458102128836690385604150324972907981960626767679153125735677417397078196059
q = 112213695905472142415221444515326532320352429478341683352811183503269676555434601229013679319423878238944956830244386653674413411658696751173844443394608246716053086226910581400528167848306119179879115809778793093611381764939789057524575349501163689452810148280625226541609383166347879832134495444706697124741
n = p * q

assert(flag.startswith('NCTF'))
m = int.from_bytes(flag.encode(), 'big')
assert(m.bit_length() > 1337)

c = pow(m, e, n)
print(c)
# 10562302690541901187975815594605242014385201583329309191736952454310803387032252007244962585846519762051885640856082157060593829013572592812958261432327975138581784360302599265408134332094134880789013207382277849503344042487389850373487656200657856862096900860792273206447552132458430989534820256156021128891296387414689693952047302604774923411425863612316726417214819110981605912408620996068520823370069362751149060142640529571400977787330956486849449005402750224992048562898004309319577192693315658275912449198365737965570035264841782399978307388920681068646219895287752359564029778568376881425070363592696751183359

解题
已知c、e、p、q
但是，由于不互素，所以按常规求不出d
需要换一种方法来解

from gmpy2 import *
from Crypto.Util.number import *
from tqdm import tqdm
def onemod(p,r):
    t = p-2
    while pow(t, (p-1) // r, p) == 1: t -= 1
    return pow(t, (p-1) // r, p)
def solution(p,root): 
    g = onemod(p, 0x1337)
    may = []
    for i in range(0x1337):
        if i % 100 == 0:
            print(i)
        may.append(root * pow(g,i,p) % p)
    return may
c = 10562302690541901187975815594605242014385201583329309191736952454310803387032252007244962585846519762051885640856082157060593829013572592812958261432327975138581784360302599265408134332094134880789013207382277849503344042487389850373487656200657856862096900860792273206447552132458430989534820256156021128891296387414689693952047302604774923411425863612316726417214819110981605912408620996068520823370069362751149060142640529571400977787330956486849449005402750224992048562898004309319577192693315658275912449198365737965570035264841782399978307388920681068646219895287752359564029778568376881425070363592696751183359
p = 199138677823743837339927520157607820029746574557746549094921488292877226509198315016018919385259781238148402833316033634968163276198999279327827901879426429664674358844084491830543271625147280950273934405879341438429171453002453838897458102128836690385604150324972907981960626767679153125735677417397078196059
q = 112213695905472142415221444515326532320352429478341683352811183503269676555434601229013679319423878238944956830244386653674413411658696751173844443394608246716053086226910581400528167848306119179879115809778793093611381764939789057524575349501163689452810148280625226541609383166347879832134495444706697124741
e = 0x1337
n = p * q
c_p = pow(c, (1 + 3307 * (p - 1) // e) // e, p)
C1 = solution(p, c_p)
c_q = pow(c, (1 + (2649 * (q - 1) // e)) // e, q)
C2 = solution(q, c_q)
a = invert(p, q)
b = invert(q, p)
flag=0
for i in tqdm(C1):
    for j in tqdm(C2):
        flag += 1
        if flag % 1000000 == 0:
            print(flag)
        x = (b * q * i + a * p * j) % n
        if b"NCTF{" in long_to_bytes(x):
            print(long_to_bytes(x))
            exit()

运行得到

b'NCTF{T4k31ng_Ox1337_r00t_1s_n0t_th4t_34sy}e$71N{D]0su{ZDEKfEnY>TTQ(=qR?GBpN\\U{3@O\\/I8ZsxW.Uw)3&&s&xD-<Uf*pKXOkV0~oiWubv<VAD9roRJU9:9S?>MyZ<wMN~T||%PC*j]inkgus4f9t:g:O9!FsIas^?M*q:BU{_J*r"*6Fi94hdRUW#s0=N+][l}Js7j,c5kiLB+/f<_1*N=V3Eq%~s^!5Gh8*'

答案
flag{T4k31ng_Ox1337_r00t_1s_n0t_th4t_34sy}

[AFCTF2018]Tiny LFSR

题目
.bash_history.txt

python Encrypt.py key.txt Plain.txt cipher.txt
python Encrypt.py key.txt flag.txt flag_encode.txt
rm flag.txt
rm key.txt

cipher.txt

rG"憷瑖z'羾)t熩\?P
隑\[jSWKJ P匜	J悽馮w€鼲?儳"??緉?効 #Y彼屹脮榍mB遝膒?掓_fPO0%钓`鐁	j,?

Encrypt.py

import sys
from binascii import unhexlify

if(len(sys.argv)<4):
	print("Usage: python Encrypt.py keyfile plaintext ciphername")
	exit(1)

def lfsr(R, mask):
	output = (R << 1) & 0xffffffffffffffff
	i=(R&mask)&0xffffffffffffffff
	lastbit=0
	while i!=0:
		lastbit^=(i&1)
		i=i>>1
	output^=lastbit
	return (output,lastbit)

R = 0
key = ""
with open(sys.argv[1],"r") as f:
	key = f.read()
	R = int(key,16)
	f.close
	
mask = 0b1101100000000000000000000000000000000000000000000000000000000000

a = ''.join([chr(int(b, 16)) for b in [key[i:i+2] for i in range(0, len(key), 2)]])

f=open(sys.argv[2],"r")
ff = open(sys.argv[3],"wb")
s = f.read()
f.close()
lent = len(s)

for i in range(0, len(a)):
	ff.write((ord(s[i])^ord(a[i])).to_bytes(1, byteorder='big'))

for i in range(len(a), lent):
    tmp=0
    for j in range(8):
        (R,out)=lfsr(R,mask)
        tmp=(tmp << 1)^out
    ff.write((tmp^ord(s[i])).to_bytes(1, byteorder='big'))
ff.close()

flag_encode

HMe嫫綒l"軏a>啒S ?HC隕^JaAXDN婬埓騕f擆AT??l??鼁?氺6!F€娦栮辬
羘豭峯旈L.PSu1珙a顄r[j没饬坘嫑o齑FOx?)扥菊焚鍋暭uVK@?舽?-qc齛?豤G齍?箶亷a?E鸜摇c1`o鴄魛?琲敶牉)?捏ЯY嘉驌SM>舄湼~^7?/?倕湏?潳	?詛蛝銥?荨t樀飤鞵燿颔嬠i外卂uu$`?F醧bt?*s1抸蝱;<豭掉??;Z卺?瓷|~吢CcC偠芵f饸X麿8禫枘#3??殍歼齵拆/惉莘m蜚閱@R
?p▽傺??g-BJ彸?馐?雯鴔?牶櫉FY?E鹍?a
?耸瓉ゝ頉?
+魤傌+哙桒?$鰇>]燤?榎鮭脎畅烄_?)?绪顸_	蘸??8綗Q_qB奎?@G?飈t肣枉?E~h*?裸軞仂E野ez窘頷鲸4S术?櫅?i?C?唆3?P祆)嘕怑%讠?{疷q踾楑瓮/n飐j栰?i??燉楁C躚縏?>澘p?g刜Q??搡i藴?€>ya硅鹭淿i俰矊2X廭)藆?Z沅Ⅴ湉1JA?l卵`:绺f%忢7@肴0R?蠡夋M4$乥?埈s€慐蒟攧+奊€e漐1?k芡忠?:悾偡韭趄辶、?E酄虬懨}Xi痃H<uu?Ua殖&纣KY?#M6?
`峴?璤靷6K淎 QtD?Z?荠?t纄g)e樖k遮骔襞?孶\M鐤1_沟拍=怖湓?[&贓鈳Uu瘩dE|z灀葲L}郏}娺鉈蝒??鵷倹嵂梁廑d訍踋磺e衭'槼鲌②0坍抑e?荵:湘[殬麨l.i!烽]itD3氍⒗+瓤<濈躘?肞M%騾?褄
穠晪?	躈枉AY懔?竈觗8!?yま糒吷€;}m?蓜t?細"
<D?嵠R 桙O?鎊核 镧?@??謹寔唀趠]S椧~Q添€嘧R糇?荆)耳胙?諩j@峖b?
7\ξ_y濋羨€黚+?	傄=茀{y?徖<贮.撬懾?z簡躔*?(υ禃??荖絅铉輑湜榍 樵'~鞳GJ!訙sE?

Plain.txt

sdgfjkahblskdjxbvfskljdfbguisldfbvghkljsdfbghsjkldhbgjklsdbgvlkjsdgbkljb sdkljfhwelo;sdfghioeurthgbnjl k

解题

根据.bash_history.txt能够知道用了同一个加密脚本加密了两份文件，一份是plain加密得到的cipher，另一个是flag加密得到的flagencode，而且两份文件使用相同的初始密钥 key，所以要先求出k

sys.argv[0]是程序路径，[1]及以后是输入的东西

cipher.txt 文件的前一部分是由 key和plain.txt的前一部分进行异或构成的，后一部分是由 lfsr产生的密钥流与plain.txt 的后一部分进行异或构成的。

所以要想求得 key值，只需要将，plain.txt 与 cipher.txt 进行异或即可得到。

import re
from Crypto.Util.number import*
import os, sys
os.chdir(sys.path[0])

cip = open('cipher.txt', 'rb').read()
plain = open('Plain.txt', 'rb').read()
cip = bytes_to_long(cip)
plain = bytes_to_long(plain)
key = hex(cip^plain)[2:]
print(key)

得到

123456789abcdef184bb2ec4d1ee7b86e3a6e926e3a6e8d203b2e03203b2f2c6226e22e6226fad1953215e7953374e745e7cf6d45f97467bf6adc09be5779eecc4444ccd535dba9f2aaa7fe85ad0b2aa800a81ff94ff680380e39205550c78208801067007b0cb6

那么key就是123456789abcdef

由mask可知，密钥应该为16位16进制数据，即64bit，与mask长度一致，所以应该是0123456789abcdef

而对于flag的加密仅仅只是异或，并未进行其他的加密，所以我们有了密钥key 后，直接利用题目中的lfsr，然后将其与密文再次进行异或就能得到 flag 了。

import os,sys
os.chdir(sys.path[0])

key = '0123456789abcdef'
R = int(key,16)
mask = 0b1101100000000000000000000000000000000000000000000000000000000000

def lfsr(R, mask):
	output = (R << 1) & 0xffffffffffffffff
	i=(R&mask)&0xffffffffffffffff
	lastbit=0
	while i!=0:
		lastbit^=(i&1)
		i=i>>1
	output^=lastbit
	return (output,lastbit)

cipher = open('flag_encode.txt','rb').read()
a = ''.join([chr(int(b, 16)) for b in [key[i:i+2] for i in range(0, len(key), 2)]])
ans = []
lent = len(cipher)

for i in range(0, len(a)):
	ans.append(chr(cipher[i]^ord(a[i])))

for i in range(len(a), lent):
	tmp = 0
	for j in range(8):
		(R,out)=lfsr(R,mask)
		tmp=(tmp << 1)^out
	ans.append(chr(tmp ^ cipher[i]))

flag = ''.join(ans)
print(flag)

运行得到：

In computing, a linear-feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state.

The most commonly used linear function of single bits is exclusive-or (XOR). Thus, an LFSR is most often a shift register whose input bit is driven by the XOR of some bits of the overall shift register value.

The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the stream of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a sequence of bits that appears random and has a very long cycle.

Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common.

The mathematics of a cyclic redundancy check, used to provide a quick check against transmission errors, are closely related to those of an LFSR.

Congratulations! flag is afctf{read_is_hard_but_worthy}

答案

flag{read_is_hard_but_worthy}

无名函数

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
1
评论
2021-07-25

[XNUCA2018]Warmup题目Buggy_Server.pyfrom Crypto.Util.number import bytes_to_long, getPrimefrom random import randintfrom gmpy2 import powmodimport sysp = getPrime(1024)q = getPrime(1024)N = p*qPhi = (p-1)*(q-1)with open("flag", 'r') as fr: flag
复制链接

扫一扫