2022-03-19

已于 2022-03-25 10:05:28 修改
阅读量494 收藏 2
点赞数
文章标签: python
于 2022-03-19 18:32:26 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_57291352/article/details/123599787
版权

来源:2022虎符CTF

RRSSAA

from Crypto.Util.number import getPrime, inverse, GCD, bytes_to_long
from random import randint
from secret import hint, flag

def seq(r, k):
    v = [r, 2]
    for i in range(1, k):
        v = [r*v[0]-v[1], v[0]]
    ret = v[0] if k != 0 else v[1]
    return ret

def encrypt(m, e, n):
    while True:
        r = randint(1, n - 1)
        if r != 2 and r != n - 2 and GCD(r, n) == 1:
            break
    v = seq(r, e)
    print(r)
    return ((1 + m*n) * v) % n**2

def go(beta, msg):
    nbits = 1024
    delta = 0.63

    p = getPrime(nbits // 2)
    q = next_prime(p + (1 << int(nbits * beta)))
    n = p * q
    phi = (p**2 - 1) * (q**2 - 1)

    while True:
        d = getPrime(int(nbits * delta))
        if GCD(d, phi) == 1:
            e = inverse(d, phi)
            if GCD(e, phi) == 1:
                break

    m = bytes_to_long(msg)
    c = int(encrypt(m, e, n))

    print(f"n = {n}")
    print(f"e = {e}")
    print(f"c = {c}")

go(0.33, hint)
go(0.44, flag)

'''
n = 122774778628333786198247673730199699244621671207929503475974934116435291656353398717362903500544713183492877018211738292001516168567879903073296829793548881467270228989482723510323780292947403861546283099122868428902480999485625751961457245487615479377459707992802193391975415447673215862245349068018710525679
e = 7105408692393780974425936359246908629062633111464343215149184058052422839553782885999575538955213539904607968494147112651103116202742324255190616790664935322773999797774246994193641076154786429287567308416036562198486649223818741008968261111017589015617705905631979526370180766874051731174064076871339400470062519500450745667838729104568633808272577378699913068193645578675484681151593983853443489561431176000585296710615726640355782811266099023653898050647891425956485791437516020367967793814415345332943552405865306305448753989707540163585481006631816856260061985275944250758886027672221219132999488907097750048011
c = 2593129589804979134490367446026701647048897831627696427897506570257238733858989741279626614121210703780002736667183915826429635213867589464112850355422817678245007337553349507744893376944140333333044928907283949731124795240808354521353751152149301719465724014407412256933045835977081658410026081895650068864922666975525001601181989114436054060461228877148361720945120260382962899756912493868467226822547185396096960560068874538680230073168773182775945272726468512949751672553541335307512429217493003429882831235199830121519272447634533018024087697385363918421438799206577619692685090186486444886371979602617584956259
n = 59969098213446598961510550233718258878862148298191323654672950330070587404726715299685997489142290693126366408044603303463518341243526241117556011994804902686998166238333549719269703453450958140262475942580009981324936992976252832887660977703209225426388975233018602730303262439218292062822981478737257836581
e = 970698965238639683403205181589498135440069660016843488485401994654202837058754446853559143754852628922125327583411039117445415303888796067576548626904070971514824878024057391507617988385537930417136322298476467215300995795105008488692961624917433064070351961856959734368784774555385603000155569897078026670993484466622344106374637350023474339105113172687604783395923403613555236693496567851779400707953027457705617050061193750124237055690801725151098972239120476113241310088089420901051617493693842562637896252448161948655455277146925913049354086353328749354876619287042077221173795354616472050669799421983520421287
c = 2757297249371055260112176788534868300821961060153993508569437878576838431569949051806118959108641317578931985550844206475198216543139472405873345269094341570473142756599117266569746703013099627523306340748466413993624965897996985230542275127290795414763432332819334757831671028121489964563214463689614865416498886490980692515184662350519034273510244222407505570929178897273048405431658365659592815446583970229985655015539079874797518564867199632672678818617933927005198847206019475149998468493858071672920824599672525667187482558622701227716212254925837398813278836428805193481064316937182435285668656233017810444672
'''

先求p、q
我们知道q = next_prime(p + (1 << int(nbits * beta)))所以q近似等于p + (1 << int(nbits * beta))
然后就可以求了

但是
在这里插入图片描述没有解出来p

看WP吧还是

#sage
nbits = 1024
beta = 0.44

n = 59969098213446598961510550233718258878862148298191323654672950330070587404726715299685997489142290693126366408044603303463518341243526241117556011994804902686998166238333549719269703453450958140262475942580009981324936992976252832887660977703209225426388975233018602730303262439218292062822981478737257836581
e = 970698965238639683403205181589498135440069660016843488485401994654202837058754446853559143754852628922125327583411039117445415303888796067576548626904070971514824878024057391507617988385537930417136322298476467215300995795105008488692961624917433064070351961856959734368784774555385603000155569897078026670993484466622344106374637350023474339105113172687604783395923403613555236693496567851779400707953027457705617050061193750124237055690801725151098972239120476113241310088089420901051617493693842562637896252448161948655455277146925913049354086353328749354876619287042077221173795354616472050669799421983520421287
c = 2757297249371055260112176788534868300821961060153993508569437878576838431569949051806118959108641317578931985550844206475198216543139472405873345269094341570473142756599117266569746703013099627523306340748466413993624965897996985230542275127290795414763432332819334757831671028121489964563214463689614865416498886490980692515184662350519034273510244222407505570929178897273048405431658365659592815446583970229985655015539079874797518564867199632672678818617933927005198847206019475149998468493858071672920824599672525667187482558622701227716212254925837398813278836428805193481064316937182435285668656233017810444672

myR = RealField(1000)
x = polygen(myR)
f = x * (x + (1 << int(nbits * beta))) - n
p = int(f.roots()[1][0])
print(p)
while n % p != 0:
    p = p - 1

q = n // p
print(f"p = {p}")
print(f"q = {q}")

p = 7743971733771153102128801312798743998017713722732925283466018690899116898707556486947918196848489007935614742583856884731087798825462330340492923214926391
q = 7743971733771153105036156209981171560215008954284943420880584133648389139833517283670475349302080701240378945438911146974137885250527042074631329729385091

然后再求m

#sage
p = 7743971733771153102128801312798743998017713722732925283466018690899116898707556486947918196848489007935614742583856884731087798825462330340492923214926391
q = 7743971733771153105036156209981171560215008954284943420880584133648389139833517283670475349302080701240378945438911146974137885250527042074631329729385091
n = p * q
MOD = n * n
phi = (p**2 - 1) * (q**2 - 1)


def seq(r, k):
    A = matrix(Zmod(MOD), [[r, -1], [1, 0]])
    x = matrix(Zmod(MOD), [[2], [r]])
    return int((A**k * x)[0, 0])


def L(x):
    return (x % MOD - 1) // n


e = 970698965238639683403205181589498135440069660016843488485401994654202837058754446853559143754852628922125327583411039117445415303888796067576548626904070971514824878024057391507617988385537930417136322298476467215300995795105008488692961624917433064070351961856959734368784774555385603000155569897078026670993484466622344106374637350023474339105113172687604783395923403613555236693496567851779400707953027457705617050061193750124237055690801725151098972239120476113241310088089420901051617493693842562637896252448161948655455277146925913049354086353328749354876619287042077221173795354616472050669799421983520421287
c = 2757297249371055260112176788534868300821961060153993508569437878576838431569949051806118959108641317578931985550844206475198216543139472405873345269094341570473142756599117266569746703013099627523306340748466413993624965897996985230542275127290795414763432332819334757831671028121489964563214463689614865416498886490980692515184662350519034273510244222407505570929178897273048405431658365659592815446583970229985655015539079874797518564867199632672678818617933927005198847206019475149998468493858071672920824599672525667187482558622701227716212254925837398813278836428805193481064316937182435285668656233017810444672

d = inverse_mod(e, phi)
r = seq(c, d) % n
v = seq(r, e)
m = L(c * inverse_mod(v, MOD))
print(m)

得到m为10117272041783141081358129679637825945832394504842327144988006020708705479938738449534456077541900236925
在这里插入图片描述

无名函数
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
2021-03-19
zhangsi的博客
04-20 2164
桌面云的几种主流架构技术和应用场景对比
CBM209X UMPToolV7200(2020-03-19).rar
08-22
《CBM209X UMPToolV7200(2020-03-19):U盘量产修复与存储器管理详解》 在IT领域中,存储设备的管理和维护是一项至关重要的任务,尤其是对于U盘这类便携式存储器。"CBM209X UMPToolV7200(2020-03-19)"是一个专用于...
CTF中字符长度限制下的命令执行 rce(7字符5字符4字符)汇总
热门推荐
Love&Share
10-21 1万+
七字符rce 源码 <?php highlight_file(__FILE__); if(strlen($_GET[1]<7)){ echo strlen($_GET[1]); echo '<hr/>'; echo shell_exec($_GET[1]); }else{ exit('too long'); } ?> #写入语句 <?php eval($_GET[1]); #base64编码后 PD9waHAgZXZhbCgkX0dFV
RSSSSSA-BugkuCTF
yuqie的博客
06-05 291
看特征很明显是低加密指数广播攻击,关于原理的话可以看。,大佬是真的强,这个题只是他内容的冰山一角。成功拿到flag,这里我再次提一下。,出题脚本和解题脚本可参考。这里我使用的是解题脚本2。
BUGKU CTF (Crypto第一篇)
weixin_51387754的博客
08-17 1783
CTF/AWD一体化平台,部分赛题采用动态FLAG形式,避免直接抄袭答案。 平台有题库、赛事预告、工具库、Writeup库等模块。
crypto_solveit2022(rsa中coppersmith攻击应用)
耐酸碱高温固化材料近距离传输研究
10-12 1656
大概分析一下,p和q是512bit的大素数,明文先与pad**3进行异或以后rsa加密,所以本题关键的两个问题一个就是求解p和q,另一个就是求解pad。如此一来pad问题就解决了。接下来需要求p和q。可以得到近似p=(iroot(pow(2,1024)-4*n,2)[0]+pow(2,512))//2+1145141919810。今年遇到的另一道rsa题,知识点比较杂记录一下。针对本题的话根据p+q。
河南省第四届”金盾信安杯”网络安全大赛writeup(过程,解题思路)
路baby的博客
12-19 3238
河南省第四届”金盾信安杯”网络安全大赛writeup(过程,解题思路)Misc-qianda0_Sdoku​编辑 Misc-盗梦空间 Misc-Megmi Misc-数据泄露01-账号泄露追踪 Web-eZphp2 Web-EzPHP Web-有来无回 Crypto-小菜一碟 Crypto-RRSSAA​编辑 Crypto-simpleR
minio version RELEASE.2022-02-01T18-00-14Z (amd x64)
02-13
minio version RELEASE.2022-02-01T18-00-14Z minio version RELEASE.2022-02-01T18-00-14Z minio version RELEASE.2022-02-01T18-00-14Z minio version RELEASE.2022-02-01T18-00-14Z minio version RELEASE.2022-...
ChipsBank(芯邦)CBM209X UMPToolV7200(2020-03-19)
05-02
ChipsBank(芯邦)APToolV7200(2020-05-20)CBM2099,CBM2199 相对新一点,这个型号的试了可以用。 显示是CBM2099,但实际上好像是CBM2199  主控厂商: ChipsBank(芯邦)  主控型号: CBM2099E - [2019-11-11]
Screenshot_2022-05-02-16-13-22-348_newdim.com.dwgview.jpg
05-02
Screenshot_2022-05-02-16-13-22-348_newdim.com.dwgview.jpg
2022HFCTF-线上赛官方Writeup1
08-04
随后读取了未知的 RSA 公钥 /etc/firmware.pub ,对第 8 字节开始的 128 字节进了公钥解密再然后 16 字节明 MD5。始有 zlib
2022-HFCTF-江苏翔信二队-Writeup1
08-03
2022-HFCTF-江苏翔信二队-Writeup1
小米路由mini openwrt openwrt-ramips-mt7620-miwifi-mini-squashfs-sysupgrade.bin
07-04
小米 mini openwrt小米路由mini openwrt openwrt-ramips-mt7620-miwifi-mini-squashfs-sysupgrade.bin小米路由mini openwrt openwrt-ramips-mt7620-miwifi-mini-squashfs-sysupgrade.bin
rsa脚本 Crypto.Util.number.getPrime()函数详解
cake_neko的博客
05-28 2241
getPrime函数
BugkuCTF 部分题解(随缘更新)
volcano的博客
12-30 7837
之前做的题在 佛系更新 等假期抽空做 bugku佛系更新MISC简单取证1南城旧梦成果狗成果狗 MISC 简单取证1 下载得到windows系统下一个目录,获取用户名和密码需要用SAM和system两个文件。 把SAM和SYSTEM文件放到Win32文件夹下,运行mimikatz,执行命令 所以flag{administrator-QQAAzz_forensics} 南城旧梦 mmz.bmp文件尾有一段DE@@=<6J:DB625K4,rot47解码后得到stoolkeyisqeadzc 意思是使
【zer0pts CTF 2022】 Anti-Fermat
qq_61774705的博客
05-26 669
1.题目 from Crypto.Util.number import isPrime, getStrongPrime from gmpy import next_prime from secret import flag # Anti-Fermat Key Generation p = getStrongPrime(1024) q = next_prime(p ^ ((1<<1024)-1)) n = p * q e = 65537 # Encryption m = int.fro
RSA-p和q挨得很近(费马分解)
admin的博客
11-20 7385
一、基础 最简单的就是拿yafu直接分解,但是我们得知道那个算法的原理, 就是现在p,q是两个素数,而且他俩在素数序列里面就是一前一后的关系。所以我们要把他俩的乘积开根号得到的结果一定是在p,q之间的一个数字,(而且一定不是素数,因为p,q就是紧邻的两个素数)。 那我们找这个开方出来的数字的下一个素数,一定是q,因此我们再让n/q就可以得到两个素数。(这是第一种方法,必须得保证两个数为素数,而且挨得很近才行,我们还会介绍第二种方法,即使有一个不是素数也可以解决。...
BUU-crypto-刷题记录13
m0_57291352的博客
06-30 434
[NCTF2019]childRSA 题目 from random import choice from Crypto.Util.number import isPrime, sieve_base as primes from flag import flag def getPrime(bits): while True: n = 2 while n.bit_length() < bits: n *= choice(primes)
2022 工业互联网安全大赛[北京站]---crypto1 wp
3tefanie丶zhou的博客
09-23 1134
【溪涧长长长去远方,草木高高高在长大,没有长大的孩子会把心里话放在嘴边,长大了的孩子会把心里话好好放在心里。】
天线理论及5g天线介绍 2022-03-03 19:55:53
最新发布
11-30
天线理论是电磁学的重要内容,主要研究天线的辐射和接收特性。天线是用来发射或接收无线电波的装置,其性能直接影响着通信系统的传输质量和距离范围。天线理论主要包括天线的基本参数、辐射场和辐射功率、天线阵列等内容,是通信领域中的重要理论基础。 5G天线是指用于5G通信系统的天线设备,其设计和性能对5G网络的覆盖范围、传输速率和连接稳定性都有着重要影响。与传统的天线相比,5G天线需要具备更高的频率响应、更大的带宽、更好的抗干扰能力,以支持5G网络中大数据传输和高速移动通信的要求。 5G天线的种类包括天线单元、MIMO天线、波束赋形天线等,其中MIMO天线可以利用多个天线单元进行信号的同时传输和接收,以提高信道容量和传输速率;波束赋形天线采用相控阵技术,可以实现对特定方向的波束聚焦,提高覆盖范围和传输质量。 总的来说,天线理论的研究和5G天线的设计都是为了更好地支持无线通信系统的发展,提高通信速率、稳定性和覆盖范围,为人们的日常生活和产业发展提供更加便捷和高效的通信服务。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值