[CISCN2018]crackme-java
题目
import java.math.BigInteger;
import java.util.Random;
public class Test0 {
static BigInteger two =new BigInteger("2");
static BigInteger p = new BigInteger("11360738295177002998495384057893129964980131806509572927886675899422214174408333932150813939357279703161556767193621832795605708456628733877084015367497711");
static BigInteger h= new BigInteger("7854998893567208831270627233155763658947405610938106998083991389307363085837028364154809577816577515021560985491707606165788274218742692875308216243966916");
/*
Alice write the below algorithm for encryption.
The public key {p, h} is broadcasted to everyone.
@param val: The plaintext to encrypt.
We suppose val only contains lowercase letter {a-z} and numeric charactors, and is at most 256 charactors in length.
*/
public static String pkEnc(String val){
BigInteger[] ret = new BigInteger[2];
BigInteger bVal=new BigInteger(val.toLowerCase(),36);
BigInteger r =new BigInteger(new Random().nextInt()+"");
ret[0]=two.modPow(r,p);
ret[1]=h.modPow(r,p).multiply(bVal);
return ret[0].toString(36)+"=="+ret[1].toString(36);
}
/* Alice write the below algorithm for decryption. x is her private key, which she will never let you know.
public static String skDec(String val,BigInteger x){
if(!val.contains("==")){
return null;
}
else {
BigInteger val0=new BigInteger(val.split("==")[0],36);
BigInteger val1=new BigInteger(val.split("==")[1],36);
BigInteger s=val0.modPow(x,p).modInverse(p);
return val1.multiply(s).mod(p).toString(36);
}
}
*/
public static void main(String[] args) throws Exception {
System.out.println("You intercepted the following message, which is sent from Bob to Alice:");
System.out.println("eag0vit7sboilgcfu0fbkbrmjgs4pzi2oznmqrkey5h1bwicvborngscx050u8vpghi69xqjmotgrtj4vq8fgw9tzi916o034bu==ahcwy7c0qq5cnxdntssqrj972nhvzt5liqlq0cvv0o1fm2ee4205nemuy5tvkda0hyetu5a5xcqqov8exk901z5xebvkcdo3jiq1gj8pkxzhjaeg9z6syu58neijxy56am7d1l9grhgtgkkfc432wm6h3jr8y1xx");
System.out.println("Please figure out the plaintext!");
}
}
//eag0vit7sboilgcfu0fbkbrmjgs4pzi2oznmqrkey5h1bwicvborngscx050u8vpghi69xqjmotgrtj4vq8fgw9tzi916o034bu==ahcwy7c0qq5cnxdntssqrj972nhvzt5liqlq0cvv0o1fm2ee4205nemuy5tvkda0hyetu5a5xcqqov8exk901z5xebvkcdo3jiq1gj8pkxzhjaeg9z6syu58neijxy56am7d1l9grhgtgkkfc432wm6h3jr8y1xx
解题
您截获了以下由Bob发送给Alice的消息:请找出明文!
Alice编写以下加密算法。
公钥{p,h}向每个人广播。
@param val:要加密的明文。
我们假设val只包含小写字母{a-z}和数字字符,长度最多为256个字符。
toLowerCase() 方法用于把字符串转换为小写。
Random().nextInt() 生成随意整数
.modPow() 大数快速幂取模
.multiply(val)乘val
.modInverse(BigInteger m) 返回一个BigInteger,其值是 (this-1 mod m).
public boolean contains(CharSequence chars)参数chars – 要判断的字符或字符串。返回值:如果包含指定的字符或字符串返回 true,否则返回 false。
toString(i) 方法用于返回以一个字符串表示的 Number 对象值。如果方法使用了原生的数据类型作为参数,返回原生数据类型的 String 对象值。如果方法有两个参数, 返回用第二个参数指定基数表示的第一个参数的字符串表示形式。参数i – 要转换的整数。返回值toString(): 返回表示 Integer 值的 String 对象。toString(int i): 返回表示指定 int 的 String 对象。
还是比较习惯用Python,题目给出的代码翻译成python差不多是
import gmpy2
two = 2
p = 11360738295177002998495384057893129964980131806509572927886675899422214174408333932150813939357279703161556767193621832795605708456628733877084015367497711
h = 7854998893567208831270627233155763658947405610938106998083991389307363085837028364154809577816577515021560985491707606165788274218742692875308216243966916
def pkEnc(val):
bVal = val.lower()
#val是明文
r = random()+' '
ret = [pow(two,r,p),pow(h,r,p)*bVal]
return ret[0]==ret[1]
def skDec(val,x):
if(not '==' in val):
return
else:
val0 = val.split('==')[0]
val1 = val.split('==')[1]
s = gmpy2.invert(pow(val[0],x,p),p)
return pow(val1*s,p)
#c = eag0vit7sboilgcfu0fbkbrmjgs4pzi2oznmqrkey5h1bwicvborngscx050u8vpghi69xqjmotgrtj4vq8fgw9tzi916o034bu==ahcwy7c0qq5cnxdntssqrj972nhvzt5liqlq0cvv0o1fm2ee4205nemuy5tvkda0hyetu5a5xcqqov8exk901z5xebvkcdo3jiq1gj8pkxzhjaeg9z6syu58neijxy56am7d1l9grhgtgkkfc432wm6h3jr8y1xx
读完程序来解题
爆破r来解:
from threading import Thread
import base36
p=11360738295177002998495384057893129964980131806509572927886675899422214174408333932150813939357279703161556767193621832795605708456628733877084015367497711
c1=int('a9hgrei38ez78hl2kkd6nvookaodyidgti7d9mbvctx3jjniezhlxs1b1xz9m0dzcexwiyhi4nhvazhhj8dwb91e7lbbxa4ieco',36)
def calr(r0,pid):
print("[Process%d]: start from %d" % (pid, r0))
while r0 < 2**26*(pid+1):
if pow(2,r0,p) == c1:
f = open('r','w')
f.write(r0)
exit(0)
r0+=1
if r0 % 2**18 == 0:
print('[Process%d]: now %d' % (pid, r0))
print('[Process%d]: exited!' % pid)
for i in range(0,32):
t = Thread(target=calr,args=(i*2**26,i))
t.start()
#152351913
c2 = int('2q17m8ajs7509yl9iy39g4znf08bw3b33vibipaa1xt5b8lcmgmk6i5w4830yd3fdqfbqaf82386z5odwssyo3t93y91xqd5jb0zbgvkb00fcmo53sa8eblgw6vahl80ykxeylpr4bpv32p7flvhdtwl4cxqzc', 36)
h = int("7854998893567208831270627233155763658947405610938106998083991389307363085837028364154809577816577515021560985491707606165788274218742692875308216243966916")
print(base36.dumps(c2//pow(h,r,p)))
#ciscncongratulationsthisisdesignedbyalibabasecurity424218533