TSG CTF 2023

最新推荐文章于 2024-04-10 17:24:46 发布
最新推荐文章于 2024-04-10 17:24:46 发布
阅读量150 收藏 1
点赞数 1
分类专栏: CTF-WriteUp 文章标签: 网络安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_62584492/article/details/134838063
版权

浅谈:比赛很早已经结束了,简单回顾一下!

Crypto

Unique Flag

I heard unique flag makes problems good.

encrypt.py

from Crypto.Util.number import getPrime

p = getPrime(1024)
q = getPrime(1024)
N = p * q
e = 0x10001

with open('flag.txt', 'rb') as f:
    flag = f.read()

assert len(flag) == 33

flag_header = flag[:7] # TSGCTF{
flag_content = flag[7:-1]
flag_footer = flag[-1:] # }

assert len(flag_content) == len({byte for byte in flag_content}) # flag_content is unique

c_list = [pow(byte, e, N) for byte in flag]
clues = [x * y % N for x, y in zip(c_list[:-1], c_list[1:])]
clues.sort()

print(f'N = {N}')
print(f'e = {e}')
print(f'clues = {clues}')

output.txt

N = 23270433480920204754247611545325351123344837487480637119344134402239723224072753511766733288907047277110318616688410345451695008290697208699431350412549980332693080979894504737640802849242656337537061128034361792156302502329044951868719492095983428863678764573927362740207756141512536958600798465368672826288270218390845725069636496528488276905161318078890887808033722334376853632300178257589009018165644740844747444214979597702959381078126401914809713991087656801656368079319383579542103855944156160231935875884314630699684359910296730669798237991501134339113682532446997472722560474195749179320370386661938616345489
e = 65537
clues = [790128007826920672966041424911766354167695121053219604283198146207007061791691778597663178563455647947105718896263099495348666331968821896627253287975936857535926164644548223394731131868459847861503995994130787209417795249554290922334587840664276128893082715626698208421033163870050616673531495044580102830036983208043090136212931697438690030675611301000171270559392107484305007589373493054650247495594665847524590737367285135216109196557363472975056201832374767680569696302197844301099024043070258479146726214414688459938129079248125143388403636784068208501745074616490491553776387248926153964494371491351883633209, 2603711767185838325352475153597847161854130118046369285623915043550612314176250745686994158628404520769025735077328213489305045750703593138538988340789187229888984902266067604215108157628606721779126603704209046389682027226116051092595210765409544706918465385789940134172311788347486915924020739666375005469879097995622537311532236494537245411805276338873499191960938465585934543775755531517716535416304391622644348521922876999587501073379321712481689748053619310595304248483018790236975241904276396525088600521271478581198340688684196813199138458166434400373640927130152301112142288723416868406008752554068971897796, 3555341764263168489859556591176672830061219988177503466050405264336799992429135972104282899942353497557907652603350792489036502274605405291660887915416806360972250779650137925049172948193768071600510818240408613776868308398496542674893829543607137246662897358746317583492470427929271497748068342690213991707491115445413140859740482959186024227616377454531805749180736700863648663258910520198205760375727899867937645622163083304815955402598214976712655286175624671893539673068172120613290880503614440004957010458255469774287344198988168780496350286219383906192401923310489444670837618343011413316177831554304813263293, 4392082234365429459669635522490994995545586622061892472817657701654688511628534821883962531710455275948798581412337865098670688087280709878221953558349740960329160083052847343991585094759562763366071177122979453158141777809615757029472963694552128931278267696610442930805576661385112057944278069707887638239490706210686333113376066401571156753733092557168107224196049486567238631166786676598900544251407195743615657256591953956049341610070209608544320990612354876845027617374094455067062785749092329211594227845595088640923695318792943759161256049917608399044564463672780212345061033003580514031008070984006394521668, 6978684590718573243656949612105542758488203443423350685382013479128441571089892176317290844763856663774755922991003851926082052833399193817638062111399819008457173066656968710933915780345439852889885256407111306528134824030362697685736295137459712033151836378581847902384300946884645175079050691372299609133912373238921511680524246835804911263766704418407215767692780171673688161098855454535667470100406268512578658298590762764201801122154299700156455886608231139966939989436753650901587246230468663005258431711603830727021655440551309738459469083116564621458459773745615809415945961545341435040532110184451588706909, 7730262380985917599887572033422177147289651970502093448402835145164830024426315228806715285722659089566236129886746480764786215693984588815504124791891393731400575988135841499609611797069840377647924075117377822033352586269608104804125510707845643611710455554838427560803831147423159767827522768368918988345993436576494036323665588754259053163989171434047082195256858849152960407740290442654588260794482691958589991068313525613320625439489177141737508702594419202694397478381467839720929129426927668998377854144326405841432095191488744613115154408572282654135532074279295245338650730047025690759623846022642571071963, 7870428672617888994422906853248211446366754259733482277745650556132131582761503165723404791505714110195629648744360328326420176714096715656418558504951970022788814322102278336415722851826552839236483969562821649541794780657722003849928232610560989749085154296910943580468121448389230575504988958640111467569744601441342152829070870718010034108398733578934054919041551400855436743799387390257957855545880360755020395022783083503166714335601095744185285348725860445725936407700491229265197561539811624147428412389726767719262845468067268220408467424614068704646047656505819137603600314223155281334867541677294657269390, 8609510284694803043189705088389821843021038300248628370429317978814889304430328856895995414830838739620301124621301721537775180909783646308710312015748757692570074444146048063288330338241388649181127306992151615819806150752330593447168414624657327459419994792062262566992856822874586796213398413460564073159223988672183437164224830058703931407420751347450506434382840960774130788709586835237024062653074786060686562890430445063234694495435768852328222652802008741192860317680389695015771978657721235243624844185665810736779862719888645610567314465422364407861744887985325045151347091814327252867102598023702123634893, 8764012548720665713701201793155399309870111965369993371803350036539422185650799931107265721471961540862241262644925810817557287987388612113771424453413029690339343352048592343900357225140896471551985699215620154773850213962677651930062137448251705285861554850231313763242085813951196025573454108680549038776926779092562595635561865377427363791539907677647388233742883434894879173415977599370552750513325217529346778748301898211759441267178121774471269812805873578379664777277726959180923972945741326150250571072096537087980515856259481465906892196132539685345329249252030441836333228304113901123751209313594774048411, 9008821235404534774894891840865644757418002303365121156019461336283705824480673407281784353738233629927976889096625448460073180574899056351401937861566897823469165990311234532903677780258240301012377511917098868850017485389860900161403497054524629055763134706771541438200372479388084747248076874591357294592908214804614821614134453271058041821309928429492064920317496131336615880002176651354627658576705156794615097981712459554762647700173303841240037417204812844860127520500295842333216976016883771600927798062138428278165410002807841897458765380987909422855298376904935944755071636375020175879303691494691648729571, 10474911617314344093035296274381234749101583500527437860041431188313938156453438490783669910408601907840231565111467423937905944246300919566807077410926355571241589514754269643137702018163430659263615177391720920777071669679112457463342818217687533446232740783283032619985290522536451057260694049911207086850829161304525815898322999460249349418001236987856485233784175562194872850068860587367749350367692115642230663276488474831786206392289391683584796316038243477608620299442818925558267755743944966965590254288900990166554824598295411812423812057962439493264058570961162833692763593404011287652460274292011178704229, 13110381638342217700044116835482318354178640599253721255902105118218292921908590875402841920977595295587154969905468217393514029780192254567805167189561981288346541104187097786158686610182752582262736216900889630694589441983532956902475092397149348354578876977278601897135958677041840489787116994835677415918526784950587842308692695028053266428000179056540851210672916239382320991277325978720399398297894385691874713065477018336173537483516990191924630941831467023912809007439219185416637094870113459693399267881245563091987656247602891135995257754370121186475874895953059792350690971513600960862888017703690554083459, 13722721572470236588898440206865856389152421592146331372623620761105236258642769428613680530235913336412231001256536483370539801648315256149288975606335360634006014491805081550253603688595254959670129531815820738880819515467443628589419885739357776607879281030305390788462268201177519696379582421075205825223506882790846127395851423387355250518925599458496527319759716961190269475043488198823985171705163502605280956855529982181144980535693738091067309543085139412462069952512044802852746114286283887473219768202644823684600027741551806766726373880658547387314450097217066672915328591025976805608015523890515132426387, 13907378143102130732902591528175452184668250175669078564922722729277532332899307298492183863825002170085267037120966710137296520632659066245811450863381591820314104559304716576579947768421047268607544985860210956387427521210211129755935598531328869037393608408989674670981088938567613781468335811260237492104595950519517518617578677677787025453461327336960623845610621752404588399599991001699803056576669100638249157172825774364065063815561453951010729993716989597143669677725856650954155213710311820417545885775510044222220541796461890558861039133971629201524057880779170401640703503019641132712790726669921828415791, 14120400860385637396632607286135661793958438285062218101343811442329217898129411032002000350977425825996409346097620544352258144601308497322065150782257038383914436998782920142187156177557396917159637452504378331382141301919552487290646033095326670250741650299062291668092793457098216953317991446828793222200503107261585592188754090447817955186450059917734158228634856449513892854663100410202968587025379391901260869884847048181290904241170031050049608323224619595992013998760176044527640260560226425674718522654115796289752023951046001416701610705547940854507383323162061543349749057955527154808438878655873381924405, 14698896348088063156187270997421588677714399061222880874144618906068645039117367567961854550911710929776929577319055009436987940195644271595440197688498312761277731697978188128431643248470794438585436719216257105191878641049129049923301277529851691883566500423292922218796681106904405477311127758973402766359242062810538614875409810216565025132923823792242500786728482925652318681058145996956719422754840265487588886384210435421642534141346623264992306879009731648539475819770296162993354959588928869246795665015356541113141789547198151388517967205114998707046242427529782450631008568205068970921337432050960660682459, 15029884228277986489199399805546744756384194842114602643592034471387136929994797445880809477875738231285145593249223445053535965293809750894912475666388265290853063554307747052471064827789230626431100261538591961826419047326217130106954938564102444946805966835435441345928820303084749906070834370292328693504130454703539813471516484793230944669747561760610824827040233316834137947013336066206964971490936063361717836670055655255008278013748443661849914080655007167036195301285165244039723352500939219835986599194370637835048745016392523067465483063368927290961796554522196264881536578834490630583213917304029865939161, 15309200221723806616467815527508949449508016308667619503475045946652621652525992305168651560887284176353924931956269939787077811973514566176608684620809151397625885719537402839920369797647002257990605085738377504988859240254084164590957509486682488178961349129559926308115898888408809018423909717677181884526722126502322318455704911203649111381107113783748969172970323298774692322646329004904087523994990271905442581272126396627211570936941571392711592683960657204560162191971440131508850959242922017207256661353383453193118931908674343390887637124979355811285785638033429254835197971636826274879249886842048918432736, 15724182462935088662707915446655107878278152894209881300967803307334781347515606304746531472463196270125945780931765849147216669235630418637875694444778675771594247113061143844136107527843426140240070502431201960657331892635213118991405460668666027672294906783791441223090507736721265283630015340939375871798311963795515181453223204337362840111547002251197009848653679561190486710064616795228154486847718903419257804283649208020835219877286500226549440463845774258811597945314325403472598511132833259835975605936073505765246811661546643859844350550681749257518136665405784760339373876106842193544962035364141936283753, 16010598613006269242394494415481073404802885743759056303920374396389364406805008152009154054902831052653758678196829556029416363334310779301534650601102392985616360749664385284718557734612612334579643566581651102242306222193227111260448228193714693240481130347390382116855512299873569881326939972343314570039547897580924071328599722614389921295511670529095683738107704146361532800780429539031159556496976109863114080778133301779747597407525649360836980458868113543694436862963884485475906909931191611405995601484367864575876650055986787526037062685039522257827670426684466191523819658566267710796063797508503673575508, 16176225157815061780398885654620420828395273758161309313595904684794782916031471005382323856662285262373051339479066795020066992972796748770489374700029745240899106774349950323621974876991346899532267757945372794675963763211677154442477490480764334758589065403101041835380412036155680032278713692380636751799800174173937468277604554776759076686957635653867348211328058462563934841255845438021673179325752005903202195307236777237380608739528664802974483747876242106584283139484518385093456386588108230286642702223901374448669968747735244954159162896226605024555185352576619896951345620018917148886974802087005061112135, 16681188269653223654724315030136682210774552752554458086958468278548783168739866695726975896035811383412108751120213372631892032120642218357242947180926422406518062384144340315186804028028673285952917556435047990619394575021747680589947318197008430952647870055239411272055715760414079469566525762018667573302151696340104245475784099738670745323261117058044792751584716381734074389247651104965039208100878784761184187575420884985536037251587193757974760803271209026578181938823090178086385927565035063194430696540320842560908821318551920518079959829776767797371769064772564881430027427764161144068312324251665729488780, 17829658117323428808747868598742075440062137591346852189083905589271168845051505272630777599191830286419880652433509964145788364929611644511812576526573426916933568982874857304389571078641719134887390902234897633109911630620064342448365833021501305097046535685687516423128015236731938861706627775842928316810722656485753731575710818024516292222339926273882441860157758675960292785969030577768637311050941129992914285935037973635612973287046435622821551354639344767359753011162290622995439092970304336429989082391680592785895499607898534896211918901223135266662562647266007027360588113757029416715494934165222739616683, 18142530606909716062376251786389643324197492525662369626779351589827519710596398063341881492070698478957535529402981903035193439593816123316087575219925977686245766113691521350584328679759502382807285523704968935762596078425008178057360086647386696939735982650179504583840710564525731340265745482252714541820058727354731450644763797071558334414897585733667272516453556559972684675125516239673811780523512745567106915629379361310179451294037943334450423100411431081620714967277818090200519889910181746783471882899674667241036338987708997780333893361059800622713833148966642131905197255377905810743498001951198125311059, 18916874915493297936079891268802075451235734846035427583955430843324283662366324633202233385782932817340850020378986785716061936989209245162032573305936283861299211919092036584752926046345006676182392365941514696661367329055550272171753927543111392356350737216020653037731493630053105987250335352958368913760588484193482490045930904427197949983588313643868410274754829287237363788001109161904345279546393663787324578514084534019735002594130069819170331383328434044289905874038021158845855747798172165049208337121421852611456896877370705022828767867961460247191792131749388018583310316369606660652603473617620362220776, 19761531445789644550941649188821673088534370105097262343329866705687995865103813168376859916409080934942621503804632853819460640556129955518535485874638416201423297931706690054251711146751875933841075798086049232897482741510517534219163312537149829346821694199026849981873391746409094894635786418504655918594084378562506966684113615145069297495931332254115518216812302704944162971621215874347240778158691664956918543903100361085291794226778736356304744575442579466683011144983985184446648189753472950753969800901371318514176099102941183927711143295688852105189853285767981704534129685617787251540530767915253022947490, 20256094547551427361159536964089120192470579547856867798123148497076148597338094007239708853868154430044018965669548800520357708625488500840886524107263842898564620995651088843299156623903379275911887021467406220229809304913979273339544306605180744927202065302617395980949445708701034751035277692178613703611237789111970396029694552402613307432231659723290421165555788483472386785358943811922285121036435102796254087074468046006584551405865525781432291674627713381806461231003764884384009047079053403228562795215671383412031358781402019097452515349062662042796744413040430120541108838183559554461277378419187930920413, 20363523683403754850477941996268145873307803894978921710228462628146999736940222671129222862265160379946415684464747917659662321205107403115837157035374067466188228334375906081151411079001619437896818940656122691708169785711806055272700179185892964477917806030204206763229340531579796772278526520943763997401381029845705999036446407497831084737277684996161128395539244139220962069262836778956401801008041186706885436332324336681638085145485728737526432916392575653655187967807139187810035548902309557063161478464221501395056289134752409225031789805569864167180786090815982754846720197089740299363472750121282729340973, 20814912434079654358712994986655938285672355659172554521972448981339195273278087029468453535698010595236459533086499060463317723686547000241667857244712653564557545738168820338242942485233926997951781862259839493112100996378583435254659260667047548564231904421776634552680502559175487802626042304303449745827230709927179704869112666087937034760280611168221409540432787302943151703739428105219869226885922197133645265907625314478690899327851652074282189138427005746519010639537824886929608878348016360424645895051778822009871610495121610883214100573360743476671172464995366677557757239376079084722813893096016326823606, 20978978782083985514808414763592752188297832781732994978611517153950737776001188808668923478821417090172961435355822072526474663371493271175072308071960227368747274906534977118068778902399152185246696702689800010100729290250592141361416806610123159371068751278126481137723149743960233299432386251076215253444110113219693470037719585135531616598037376091905011497168565184564212550608338331996940342482386974738408168008861574665395721197042150006344988032346900944468633093984681022454475106597004968263850271320396630355903399323458669065574677651201990075334529713587085951400864385000308137999968746200082025015416, 21510393992991434219771555281382073811886457282216421285690979093137458508475954568419056773565332788894486275426908163637126421408657102596322971185031241956913463507854888295227362444328359266706872420059719619657069662925599952624262906407162386789979523361641558714567193670965811155805593371330497659154542639258412356476199441487088405118103359273682288473187622391831093531374603531951020860755898239699034003278466710154923269181470911166256665818879112416320538492976301262952831443514831107346725637206419870968005748691921100981160236843650083592044728031025798498262451919405184577923803192873012465402408, 21702370286383142896382980896421981414971906140748132749535149467159561579953330771029906461700411301795811236217402115596536451372996903939804016345835732303546870765245612262653631530944318690150045446899350265189274003884240988723566380751519278171721537440720211256644999794264781281823566708722358903968738834874217357352233640572984862487562571610283183746852625175244503706166323292070046358158579157876780137070957640130723554973407811810584917266738218587446647624045843454142231125439581659799761005303756629310091897520981148547565077534090671712715361212723249781422387730181374938558849132220687101010195]

我的解答:

题目给了一个数组clues,该数组对字符的加密结果的乘积进行了排序。 但我们知道flag的前 7 个字符是 TSGCTF{

由于x和y是相反方向来的,因此我们可以根据上一个字符找下一个字符进行爆破。

但需要注意的是,尽管flag中的字符保证不同,但我们按此算法这样找下去,以下的字符可以有多个可能的候选项: 例如,如果我们尝试查找 flag[i]=3 的 flag[i+1],并且有一个 flag[j]=2,其末尾的 flag[j+1]=6,则 flag[i+1]=4 是候选者,即使 flag[i+1] 实际上不是 4。

exp:

from Crypto.Util.number import *
N = 23270433480920204754247611545325351123344837487480637119344134402239723224072753511766733288907047277110318616688410345451695008290697208699431350412549980332693080979894504737640802849242656337537061128034361792156302502329044951868719492095983428863678764573927362740207756141512536958600798465368672826288270218390845725069636496528488276905161318078890887808033722334376853632300178257589009018165644740844747444214979597702959381078126401914809713991087656801656368079319383579542103855944156160231935875884314630699684359910296730669798237991501134339113682532446997472722560474195749179320370386661938616345489
e = 65537
clues = [790128007826920672966041424911766354167695121053219604283198146207007061791691778597663178563455647947105718896263099495348666331968821896627253287975936857535926164644548223394731131868459847861503995994130787209417795249554290922334587840664276128893082715626698208421033163870050616673531495044580102830036983208043090136212931697438690030675611301000171270559392107484305007589373493054650247495594665847524590737367285135216109196557363472975056201832374767680569696302197844301099024043070258479146726214414688459938129079248125143388403636784068208501745074616490491553776387248926153964494371491351883633209, 2603711767185838325352475153597847161854130118046369285623915043550612314176250745686994158628404520769025735077328213489305045750703593138538988340789187229888984902266067604215108157628606721779126603704209046389682027226116051092595210765409544706918465385789940134172311788347486915924020739666375005469879097995622537311532236494537245411805276338873499191960938465585934543775755531517716535416304391622644348521922876999587501073379321712481689748053619310595304248483018790236975241904276396525088600521271478581198340688684196813199138458166434400373640927130152301112142288723416868406008752554068971897796, 3555341764263168489859556591176672830061219988177503466050405264336799992429135972104282899942353497557907652603350792489036502274605405291660887915416806360972250779650137925049172948193768071600510818240408613776868308398496542674893829543607137246662897358746317583492470427929271497748068342690213991707491115445413140859740482959186024227616377454531805749180736700863648663258910520198205760375727899867937645622163083304815955402598214976712655286175624671893539673068172120613290880503614440004957010458255469774287344198988168780496350286219383906192401923310489444670837618343011413316177831554304813263293, 4392082234365429459669635522490994995545586622061892472817657701654688511628534821883962531710455275948798581412337865098670688087280709878221953558349740960329160083052847343991585094759562763366071177122979453158141777809615757029472963694552128931278267696610442930805576661385112057944278069707887638239490706210686333113376066401571156753733092557168107224196049486567238631166786676598900544251407195743615657256591953956049341610070209608544320990612354876845027617374094455067062785749092329211594227845595088640923695318792943759161256049917608399044564463672780212345061033003580514031008070984006394521668, 6978684590718573243656949612105542758488203443423350685382013479128441571089892176317290844763856663774755922991003851926082052833399193817638062111399819008457173066656968710933915780345439852889885256407111306528134824030362697685736295137459712033151836378581847902384300946884645175079050691372299609133912373238921511680524246835804911263766704418407215767692780171673688161098855454535667470100406268512578658298590762764201801122154299700156455886608231139966939989436753650901587246230468663005258431711603830727021655440551309738459469083116564621458459773745615809415945961545341435040532110184451588706909, 7730262380985917599887572033422177147289651970502093448402835145164830024426315228806715285722659089566236129886746480764786215693984588815504124791891393731400575988135841499609611797069840377647924075117377822033352586269608104804125510707845643611710455554838427560803831147423159767827522768368918988345993436576494036323665588754259053163989171434047082195256858849152960407740290442654588260794482691958589991068313525613320625439489177141737508702594419202694397478381467839720929129426927668998377854144326405841432095191488744613115154408572282654135532074279295245338650730047025690759623846022642571071963, 7870428672617888994422906853248211446366754259733482277745650556132131582761503165723404791505714110195629648744360328326420176714096715656418558504951970022788814322102278336415722851826552839236483969562821649541794780657722003849928232610560989749085154296910943580468121448389230575504988958640111467569744601441342152829070870718010034108398733578934054919041551400855436743799387390257957855545880360755020395022783083503166714335601095744185285348725860445725936407700491229265197561539811624147428412389726767719262845468067268220408467424614068704646047656505819137603600314223155281334867541677294657269390, 8609510284694803043189705088389821843021038300248628370429317978814889304430328856895995414830838739620301124621301721537775180909783646308710312015748757692570074444146048063288330338241388649181127306992151615819806150752330593447168414624657327459419994792062262566992856822874586796213398413460564073159223988672183437164224830058703931407420751347450506434382840960774130788709586835237024062653074786060686562890430445063234694495435768852328222652802008741192860317680389695015771978657721235243624844185665810736779862719888645610567314465422364407861744887985325045151347091814327252867102598023702123634893, 8764012548720665713701201793155399309870111965369993371803350036539422185650799931107265721471961540862241262644925810817557287987388612113771424453413029690339343352048592343900357225140896471551985699215620154773850213962677651930062137448251705285861554850231313763242085813951196025573454108680549038776926779092562595635561865377427363791539907677647388233742883434894879173415977599370552750513325217529346778748301898211759441267178121774471269812805873578379664777277726959180923972945741326150250571072096537087980515856259481465906892196132539685345329249252030441836333228304113901123751209313594774048411, 9008821235404534774894891840865644757418002303365121156019461336283705824480673407281784353738233629927976889096625448460073180574899056351401937861566897823469165990311234532903677780258240301012377511917098868850017485389860900161403497054524629055763134706771541438200372479388084747248076874591357294592908214804614821614134453271058041821309928429492064920317496131336615880002176651354627658576705156794615097981712459554762647700173303841240037417204812844860127520500295842333216976016883771600927798062138428278165410002807841897458765380987909422855298376904935944755071636375020175879303691494691648729571, 10474911617314344093035296274381234749101583500527437860041431188313938156453438490783669910408601907840231565111467423937905944246300919566807077410926355571241589514754269643137702018163430659263615177391720920777071669679112457463342818217687533446232740783283032619985290522536451057260694049911207086850829161304525815898322999460249349418001236987856485233784175562194872850068860587367749350367692115642230663276488474831786206392289391683584796316038243477608620299442818925558267755743944966965590254288900990166554824598295411812423812057962439493264058570961162833692763593404011287652460274292011178704229, 13110381638342217700044116835482318354178640599253721255902105118218292921908590875402841920977595295587154969905468217393514029780192254567805167189561981288346541104187097786158686610182752582262736216900889630694589441983532956902475092397149348354578876977278601897135958677041840489787116994835677415918526784950587842308692695028053266428000179056540851210672916239382320991277325978720399398297894385691874713065477018336173537483516990191924630941831467023912809007439219185416637094870113459693399267881245563091987656247602891135995257754370121186475874895953059792350690971513600960862888017703690554083459, 13722721572470236588898440206865856389152421592146331372623620761105236258642769428613680530235913336412231001256536483370539801648315256149288975606335360634006014491805081550253603688595254959670129531815820738880819515467443628589419885739357776607879281030305390788462268201177519696379582421075205825223506882790846127395851423387355250518925599458496527319759716961190269475043488198823985171705163502605280956855529982181144980535693738091067309543085139412462069952512044802852746114286283887473219768202644823684600027741551806766726373880658547387314450097217066672915328591025976805608015523890515132426387, 13907378143102130732902591528175452184668250175669078564922722729277532332899307298492183863825002170085267037120966710137296520632659066245811450863381591820314104559304716576579947768421047268607544985860210956387427521210211129755935598531328869037393608408989674670981088938567613781468335811260237492104595950519517518617578677677787025453461327336960623845610621752404588399599991001699803056576669100638249157172825774364065063815561453951010729993716989597143669677725856650954155213710311820417545885775510044222220541796461890558861039133971629201524057880779170401640703503019641132712790726669921828415791, 14120400860385637396632607286135661793958438285062218101343811442329217898129411032002000350977425825996409346097620544352258144601308497322065150782257038383914436998782920142187156177557396917159637452504378331382141301919552487290646033095326670250741650299062291668092793457098216953317991446828793222200503107261585592188754090447817955186450059917734158228634856449513892854663100410202968587025379391901260869884847048181290904241170031050049608323224619595992013998760176044527640260560226425674718522654115796289752023951046001416701610705547940854507383323162061543349749057955527154808438878655873381924405, 14698896348088063156187270997421588677714399061222880874144618906068645039117367567961854550911710929776929577319055009436987940195644271595440197688498312761277731697978188128431643248470794438585436719216257105191878641049129049923301277529851691883566500423292922218796681106904405477311127758973402766359242062810538614875409810216565025132923823792242500786728482925652318681058145996956719422754840265487588886384210435421642534141346623264992306879009731648539475819770296162993354959588928869246795665015356541113141789547198151388517967205114998707046242427529782450631008568205068970921337432050960660682459, 15029884228277986489199399805546744756384194842114602643592034471387136929994797445880809477875738231285145593249223445053535965293809750894912475666388265290853063554307747052471064827789230626431100261538591961826419047326217130106954938564102444946805966835435441345928820303084749906070834370292328693504130454703539813471516484793230944669747561760610824827040233316834137947013336066206964971490936063361717836670055655255008278013748443661849914080655007167036195301285165244039723352500939219835986599194370637835048745016392523067465483063368927290961796554522196264881536578834490630583213917304029865939161, 15309200221723806616467815527508949449508016308667619503475045946652621652525992305168651560887284176353924931956269939787077811973514566176608684620809151397625885719537402839920369797647002257990605085738377504988859240254084164590957509486682488178961349129559926308115898888408809018423909717677181884526722126502322318455704911203649111381107113783748969172970323298774692322646329004904087523994990271905442581272126396627211570936941571392711592683960657204560162191971440131508850959242922017207256661353383453193118931908674343390887637124979355811285785638033429254835197971636826274879249886842048918432736, 15724182462935088662707915446655107878278152894209881300967803307334781347515606304746531472463196270125945780931765849147216669235630418637875694444778675771594247113061143844136107527843426140240070502431201960657331892635213118991405460668666027672294906783791441223090507736721265283630015340939375871798311963795515181453223204337362840111547002251197009848653679561190486710064616795228154486847718903419257804283649208020835219877286500226549440463845774258811597945314325403472598511132833259835975605936073505765246811661546643859844350550681749257518136665405784760339373876106842193544962035364141936283753, 16010598613006269242394494415481073404802885743759056303920374396389364406805008152009154054902831052653758678196829556029416363334310779301534650601102392985616360749664385284718557734612612334579643566581651102242306222193227111260448228193714693240481130347390382116855512299873569881326939972343314570039547897580924071328599722614389921295511670529095683738107704146361532800780429539031159556496976109863114080778133301779747597407525649360836980458868113543694436862963884485475906909931191611405995601484367864575876650055986787526037062685039522257827670426684466191523819658566267710796063797508503673575508, 16176225157815061780398885654620420828395273758161309313595904684794782916031471005382323856662285262373051339479066795020066992972796748770489374700029745240899106774349950323621974876991346899532267757945372794675963763211677154442477490480764334758589065403101041835380412036155680032278713692380636751799800174173937468277604554776759076686957635653867348211328058462563934841255845438021673179325752005903202195307236777237380608739528664802974483747876242106584283139484518385093456386588108230286642702223901374448669968747735244954159162896226605024555185352576619896951345620018917148886974802087005061112135, 16681188269653223654724315030136682210774552752554458086958468278548783168739866695726975896035811383412108751120213372631892032120642218357242947180926422406518062384144340315186804028028673285952917556435047990619394575021747680589947318197008430952647870055239411272055715760414079469566525762018667573302151696340104245475784099738670745323261117058044792751584716381734074389247651104965039208100878784761184187575420884985536037251587193757974760803271209026578181938823090178086385927565035063194430696540320842560908821318551920518079959829776767797371769064772564881430027427764161144068312324251665729488780, 17829658117323428808747868598742075440062137591346852189083905589271168845051505272630777599191830286419880652433509964145788364929611644511812576526573426916933568982874857304389571078641719134887390902234897633109911630620064342448365833021501305097046535685687516423128015236731938861706627775842928316810722656485753731575710818024516292222339926273882441860157758675960292785969030577768637311050941129992914285935037973635612973287046435622821551354639344767359753011162290622995439092970304336429989082391680592785895499607898534896211918901223135266662562647266007027360588113757029416715494934165222739616683, 18142530606909716062376251786389643324197492525662369626779351589827519710596398063341881492070698478957535529402981903035193439593816123316087575219925977686245766113691521350584328679759502382807285523704968935762596078425008178057360086647386696939735982650179504583840710564525731340265745482252714541820058727354731450644763797071558334414897585733667272516453556559972684675125516239673811780523512745567106915629379361310179451294037943334450423100411431081620714967277818090200519889910181746783471882899674667241036338987708997780333893361059800622713833148966642131905197255377905810743498001951198125311059, 18916874915493297936079891268802075451235734846035427583955430843324283662366324633202233385782932817340850020378986785716061936989209245162032573305936283861299211919092036584752926046345006676182392365941514696661367329055550272171753927543111392356350737216020653037731493630053105987250335352958368913760588484193482490045930904427197949983588313643868410274754829287237363788001109161904345279546393663787324578514084534019735002594130069819170331383328434044289905874038021158845855747798172165049208337121421852611456896877370705022828767867961460247191792131749388018583310316369606660652603473617620362220776, 19761531445789644550941649188821673088534370105097262343329866705687995865103813168376859916409080934942621503804632853819460640556129955518535485874638416201423297931706690054251711146751875933841075798086049232897482741510517534219163312537149829346821694199026849981873391746409094894635786418504655918594084378562506966684113615145069297495931332254115518216812302704944162971621215874347240778158691664956918543903100361085291794226778736356304744575442579466683011144983985184446648189753472950753969800901371318514176099102941183927711143295688852105189853285767981704534129685617787251540530767915253022947490, 20256094547551427361159536964089120192470579547856867798123148497076148597338094007239708853868154430044018965669548800520357708625488500840886524107263842898564620995651088843299156623903379275911887021467406220229809304913979273339544306605180744927202065302617395980949445708701034751035277692178613703611237789111970396029694552402613307432231659723290421165555788483472386785358943811922285121036435102796254087074468046006584551405865525781432291674627713381806461231003764884384009047079053403228562795215671383412031358781402019097452515349062662042796744413040430120541108838183559554461277378419187930920413, 20363523683403754850477941996268145873307803894978921710228462628146999736940222671129222862265160379946415684464747917659662321205107403115837157035374067466188228334375906081151411079001619437896818940656122691708169785711806055272700179185892964477917806030204206763229340531579796772278526520943763997401381029845705999036446407497831084737277684996161128395539244139220962069262836778956401801008041186706885436332324336681638085145485728737526432916392575653655187967807139187810035548902309557063161478464221501395056289134752409225031789805569864167180786090815982754846720197089740299363472750121282729340973, 20814912434079654358712994986655938285672355659172554521972448981339195273278087029468453535698010595236459533086499060463317723686547000241667857244712653564557545738168820338242942485233926997951781862259839493112100996378583435254659260667047548564231904421776634552680502559175487802626042304303449745827230709927179704869112666087937034760280611168221409540432787302943151703739428105219869226885922197133645265907625314478690899327851652074282189138427005746519010639537824886929608878348016360424645895051778822009871610495121610883214100573360743476671172464995366677557757239376079084722813893096016326823606, 20978978782083985514808414763592752188297832781732994978611517153950737776001188808668923478821417090172961435355822072526474663371493271175072308071960227368747274906534977118068778902399152185246696702689800010100729290250592141361416806610123159371068751278126481137723149743960233299432386251076215253444110113219693470037719585135531616598037376091905011497168565184564212550608338331996940342482386974738408168008861574665395721197042150006344988032346900944468633093984681022454475106597004968263850271320396630355903399323458669065574677651201990075334529713587085951400864385000308137999968746200082025015416, 21510393992991434219771555281382073811886457282216421285690979093137458508475954568419056773565332788894486275426908163637126421408657102596322971185031241956913463507854888295227362444328359266706872420059719619657069662925599952624262906407162386789979523361641558714567193670965811155805593371330497659154542639258412356476199441487088405118103359273682288473187622391831093531374603531951020860755898239699034003278466710154923269181470911166256665818879112416320538492976301262952831443514831107346725637206419870968005748691921100981160236843650083592044728031025798498262451919405184577923803192873012465402408, 21702370286383142896382980896421981414971906140748132749535149467159561579953330771029906461700411301795811236217402115596536451372996903939804016345835732303546870765245612262653631530944318690150045446899350265189274003884240988723566380751519278171721537440720211256644999794264781281823566708722358903968738834874217357352233640572984862487562571610283183746852625175244503706166323292070046358158579157876780137070957640130723554973407811810584917266738218587446647624045843454142231125439581659799761005303756629310091897520981148547565077534090671712715361212723249781422387730181374938558849132220687101010195]

flag = b'TSGCTF{'
for i in range(6):
    c = pow(flag[i]*flag[i+1], e, N)
    clues.remove(c)

def solve(flag, clues):
    if len(flag) == 33:
        print(flag)
        return
    for i in range(0x20, 0x80):
        c = pow(flag[-1]*i, e, N)
        if c in clues:
            clues_nxt = clues[:]
            clues_nxt.remove(c)
            solve(flag+bytes([i]), clues_nxt)

solve(flag, clues)
#TSGCTF{OK,IsTHi5A_un1qUe-flag?XD}

Complicated Function

You should not use simple function like f(p) = p + 8 to get q. It surely becomes secure if f(p) is complicated!

Hints for beginners:

  • The result of running challenge.py is stored in output.txt.
  • If you read challenge.py, you will see that it reads the flag from secrets.py, encrypts it, and outputs it. As secret.py is not included in distributed files, read challenge.py carefully and find the vulnerability!
  • The original flag is a string (more precisely, a byte string), but to encrypt it, it is converted to the corresponding integer m with the code m = int.from_bytes(flag, 'big'). If you get m, then you can obtain the flag with the code m.to_bytes((m.bit_length()-1)//8 + 1, 'big')

challenge.py

from Crypto.Util.number import isPrime, getStrongPrime
from math import isqrt, sin, ceil
from secrets import flag


def f(p):
    return isqrt(p**2 + p * (2**512-6) + ceil(isqrt(p)*sin(p))) + 2**1023


while True:
    p = getStrongPrime(1024)
    if p < 2**1023:
        continue
    q = f(p)
    if isPrime(q):
        break

N = p * q
e = 0x10001
m = int.from_bytes(flag, 'big')
c = pow(m, e, N)

print(f'N = {N}')
print(f'c = {c}')

输出.txt

N = 36517404305297844159564250986998364545749151568667732337564141796428285198409567155495468780386611544242689580089026301007867731616501462571857014948329304677585682534513311931280592743677919741211277066420279973665839898693462080087384474270473468411814863104608060945012301810206919347219744349831947632420533489933798065496290612931089442978868423837068735855183319271953531607892676482508704408482509645764820088854762889436761417245871075875762331247987854763068633058894469255779600684845456979405817748289218533715177711802661303055514957438072072036882111277967476497338901040854808789173453802590826788192053
c = 10955441460830702971387335888341162305090757526159743008807609823673521696863955454033040842132899414049783504960968117620860408142538216669369693386110678382112863315608217382774969191050306778748875856817288367369848881561750362221050586276876239956129985854245190619132772579774800480316624847309710595491090120189333272498817039509311650265968036568364234815921263181086438290844976279974023236010641698308664245573159698211860696725554580817928576304048869309097043078452170158082597167199813821750238244173483019805092246803337196768846732908994751887507198151471659940647272634351206676375579258509003076141110

我的解答:

根据代码我们知道p,q值的确定方式:

q = isqrt(p**2 + p * (2**512-6) + ceil(isqrt(p)*sin(p))) + 2**1023

方法一:

f(p)是递增函数,因此我们可以令p*f(p)

然后我们可以使用二叉搜索来找到满足条件的正确值p 使得p*f(p) == N

方法二:

  • f(p)差不多是isqrt((p+2**511)**2) + 2 **1024
  • 事实证明,对于:p > 2**1023
    • f(p) = p + 2**1023 + 2**511 - 2**2
  • 然后q = p + a 以及 p**2 + a*p - N = 0
    • 二次方程的根为:
    • p = (isqrt(a**2 + 4*N)-a) / 2

exp:

from math import isqrt

N = 36517404305297844159564250986998364545749151568667732337564141796428285198409567155495468780386611544242689580089026301007867731616501462571857014948329304677585682534513311931280592743677919741211277066420279973665839898693462080087384474270473468411814863104608060945012301810206919347219744349831947632420533489933798065496290612931089442978868423837068735855183319271953531607892676482508704408482509645764820088854762889436761417245871075875762331247987854763068633058894469255779600684845456979405817748289218533715177711802661303055514957438072072036882111277967476497338901040854808789173453802590826788192053
c = 10955441460830702971387335888341162305090757526159743008807609823673521696863955454033040842132899414049783504960968117620860408142538216669369693386110678382112863315608217382774969191050306778748875856817288367369848881561750362221050586276876239956129985854245190619132772579774800480316624847309710595491090120189333272498817039509311650265968036568364234815921263181086438290844976279974023236010641698308664245573159698211860696725554580817928576304048869309097043078452170158082597167199813821750238244173483019805092246803337196768846732908994751887507198151471659940647272634351206676375579258509003076141110
e = 0x10001

a = 2**1023 + 2**511 - 2**2
p = (isqrt(a**2+4*N)-a)>>1
q = p + a
d = pow(e, -1, (p-1)*(q-1))
m = pow(c, d, N)
print(m.to_bytes((m.bit_length()-1)//8 + 1, 'big'))
#TSGCTF{From which angle did you solve this, binary search or convergence of f(p)-p?}

Streamer

This is my simple stream cipher. Can you break it?

加密.py

import secrets
import hashlib
import base64
import re

pattern = re.compile("[a-zA-Z0-9!-/:-?\[-`|~]+")
flag_content = b"@@REDUCTED@@"
assert pattern.fullmatch(flag_content.decode())

flag_hash = hashlib.md5(flag_content).digest()
flag = b"TSGCTF{"+flag_content+b"@"+base64.b64encode(flag_hash)+b"}"

key_stream = list(secrets.token_bytes(16))
encrypted_flags = [flag[i]^key_stream[i%16] for i in range(len(flag))]

print("cipher =",encrypted_flags)
print("flag_length =",len(flag))

输出.py

cipher = [163, 227, 86, 67, 200, 14, 176, 188, 101, 214, 117, 82, 99, 71, 199, 117, 139, 130, 78, 43, 224, 101, 183, 219, 82, 213, 70, 95, 101, 118, 133, 46, 146, 239, 98, 97, 250, 123, 183, 218, 82, 218, 1, 97, 62, 29, 145, 105, 168, 136, 116, 95, 253, 59, 148, 132, 98, 207, 118, 66, 52, 118, 197, 98, 168, 201, 126, 117, 195, 61, 184, 141, 82, 210, 86, 98, 47, 118, 144, 58, 221, 192, 99, 48, 224, 98, 185, 129, 108, 152, 25, 97, 96, 85, 173, 58, 148, 194, 104, 124, 182, 99, 162, 216, 99, 157, 117, 106, 59, 64, 213, 25, 148, 217, 109, 42, 224, 101, 183, 219, 127, 236, 67, 26, 12, 29, 174, 118, 153, 213, 78, 43, 245, 52, 151, 199, 113, 214, 117, 66, 121, 72, 141, 111, 168, 194, 112, 43, 244, 123, 183, 218, 82, 199, 86, 19, 47, 29, 141, 26, 139, 239, 112, 95, 239, 99, 185, 141, 57, 222, 117, 22, 58, 89, 153, 117, 133, 156, 78, 98, 233, 60, 148, 129, 121, 236, 67, 26, 12, 64, 159, 53, 196, 152, 100, 124, 174, 45, 148, 138, 104, 155, 75, 75, 32, 76, 174, 47, 131, 239, 100, 115, 175, 59, 148, 156, 101, 214, 117, 26, 103, 85, 173, 105, 139, 213, 78, 114, 168, 38, 175, 135, 96, 236, 68, 75, 62, 17, 194, 52, 211, 239, 99, 101, 224, 98, 248, 220, 38, 128, 86, 23, 63, 80, 223, 25, 146, 222, 123, 111, 229, 23, 163, 137, 101, 210, 66, 95, 12, 19, 220, 111, 218, 138, 56, 45, 166, 97, 139, 188, 90, 195, 28, 77, 2, 113, 152, 34, 165, 252, 88, 67, 250, 44, 163, 167, 64, 234, 1, 119, 18, 20, 204, 59]
flag_length = 304

我的解答:

该问题是使用长度为 16 的密钥进行 XOR 加密。也许我们可以逐字节弄到这个密钥?

首先,我们可以使用 flag 前缀来获取密钥的 7 个字节。之后,我们可以逐个字符地进行暴力破解,测试该位置的所有 256 个可能的字节,并检查每个字节是否会导致 flag_content 部分与正则表达式模式完全匹配。

exp:

import re

pattern = re.compile("[a-zA-Z0-9!-/:-?\[-`|~]+")

cipher = [163, 227, 86, 67, 200, 14, 176, 188, 101, 214, 117, 82, 99, 71, 199, 117, 139, 130, 78, 43, 224, 101, 183, 219, 82, 213, 70, 95, 101, 118, 133, 46, 146, 239, 98, 97, 250, 123, 183, 218, 82, 218, 1, 97, 62, 29, 145, 105, 168, 136, 116, 95, 253, 59, 148, 132, 98, 207, 118, 66, 52, 118, 197, 98, 168, 201, 126, 117, 195, 61, 184, 141, 82, 210, 86, 98, 47, 118, 144, 58, 221, 192, 99, 48, 224, 98, 185, 129, 108, 152, 25, 97, 96, 85, 173, 58, 148, 194, 104, 124, 182, 99, 162, 216, 99, 157, 117, 106, 59, 64, 213, 25, 148, 217, 109, 42, 224, 101, 183, 219, 127, 236, 67, 26, 12, 29, 174, 118, 153, 213, 78, 43, 245, 52, 151, 199, 113, 214, 117, 66, 121, 72, 141, 111, 168, 194, 112, 43, 244, 123, 183, 218, 82, 199, 86, 19, 47, 29, 141, 26, 139, 239, 112, 95, 239, 99, 185, 141, 57, 222, 117, 22, 58, 89, 153, 117, 133, 156, 78, 98, 233, 60, 148, 129, 121, 236, 67, 26, 12, 64, 159, 53, 196, 152, 100, 124, 174, 45, 148, 138, 104, 155, 75, 75, 32, 76, 174, 47, 131, 239, 100, 115, 175, 59, 148, 156, 101, 214, 117, 26, 103, 85, 173, 105, 139, 213, 78, 114, 168, 38, 175, 135, 96, 236, 68, 75, 62, 17, 194, 52, 211, 239, 99, 101, 224, 98, 248, 220, 38, 128, 86, 23, 63, 80, 223, 25, 146, 222, 123, 111, 229, 23, 163, 137, 101, 210, 66, 95, 12, 19, 220, 111, 218, 138, 56, 45, 166, 97, 139, 188, 90, 195, 28, 77, 2, 113, 152, 34, 165, 252, 88, 67, 250, 44, 163, 167, 64, 234, 1, 119, 18, 20, 204, 59]
flag_length = 304

key_stream = []
m = 'TSGCTF{'
for i in range(len(m)):
    key_stream.append(ord(m[i]) ^ cipher[i])

key_stream.append(ord('o') ^ cipher[231])
key_stream.append(ord('m') ^ cipher[232])
key_stream.append(ord('e') ^ cipher[217])
key_stream.append(ord('_') ^ cipher[10])
key_stream.append(ord('u') ^ cipher[235])
key_stream.append(ord('m') ^ cipher[236])
key_stream.append(ord('8') ^ cipher[237])
key_stream.append(ord('3') ^ cipher[238])
key_stream.append(ord('r') ^ cipher[239])
key_stream.append(ord('$') ^ cipher[240])

'''
for c in range(256):
    key_stream.append(c)
    output = ''
    for i in range(len(cipher)):
        if i % 16 < len(key_stream):
            a = chr(cipher[i] ^ key_stream[i % 16])
            #if i > 7 and i < 271:
                #if not pattern.match(a):
                    #print(a)
            output += a
        else:
            output += '~'

    #print(output)
    #print('\nmatch' if pattern.fullmatch(output[7:278]) else '\nno match')
    if pattern.fullmatch(output[7:278]):
        print(output,end='\n\n')
    del key_stream[-1]
    '''

output = ''
for i in range(len(cipher)):
    if i % 16 < len(key_stream):
        a = chr(cipher[i] ^ key_stream[i % 16])
        #if i > 7 and i < 271:
            #if not pattern.match(a):
                #print(a)
        output += a
    else:
        output += '~'

print(output)
print('\nmatch' if pattern.fullmatch(output[7:278]) else '\nno match')
#TSGCTF{The_l0n63|2_+|-|3_fla6_the_saf3|2_i+_m4`/_8e_as_lo|\|g_4$_you_use_a|\|_a|*pr0|*ria+3_3|\|cry|*+i0n._Thi$_ci|*|-|3r_i$_4_0ne_+i|\/|e_|*a|)_ra+h3|2_t|-|4|\|_a_s+re4m_(iph3r,_but_it_i$_ins3(u|2e_be(ause_it_us3s_the_$4|\/|e_r4ndom_num83r$_re|*34+3|)ly._enjoy_hahaha_:-)-:)-:)@TWp6sQXidRLICfdhOMY+IA==}

MISC

Secret Sequence

I implemented a cipher called twofish with a 128-bit key by myself to encrypt Flag , which is my first time using NumPy, but very useful!

By the way, the encryption results don't match the Known Answer Test listed in Test Vectors on the official site, but I wonder why.

题目

import numpy as np
import secrets
import base64
def block_to_words(block):
    # block 128bit byteString
    # words 32 * 4bit int np.array
    # little endian
    divided_blocks = np.array([block[4*i:4*(i+1)] for i in range(4)])
    f = np.frompyfunc(int.from_bytes, 2, 1)
    words = f(divided_blocks,'little')
    return words

def words_to_block(words):
    # words 32 * 4bit int np.array
    # block 128bit byteString
    # little endian
    block = b''.join([i.to_bytes(4,'little') for i in words])
    return block

def rotate_left(x, n):
    # x 32bit int
    # n int
    # rotated 32bit int
    rotated = ((x << n) & 0xffffffff) | (x >> (32 - n))
    return rotated

def rotate_right(x, n):
    # x 32bit int
    # n int
    # rotated 32bit int
    rotated = (x >> n) | ((x << (32 - n)) & 0xffffffff)
    return rotated

primitive_polynomial_g = 0b01101001

def xtime(a):
    # a: 8bit
    # b: 8bit
    if a & 0b10000000 == 0b10000000:
        a = ((a << 1) ^ primitive_polynomial_g) & 0b11111111
    else:
        a <<= 1
    return a

def gmul(a, b):
    # a: 8bit
    # b: 8bit
    # c: 8bit
    c = 0
    for i in range(8):
        if b & 1 == 1:
            c ^= a
        a = xtime(a)
        b >>= 1
    return c

MDS = np.array([
    [0x01, 0xEF, 0x5B, 0x5B],
    [0x5B, 0xEF, 0xEF, 0x01],
    [0xEF, 0x5B, 0x01, 0xEF],
    [0xEF, 0x01, 0xEF, 0x5B]
],dtype='object')

def q0(x):
    # x 8bit int
    # y 8bit int
    t = np.array([
        [0x8,0x1,0x7,0xd,0x6,0xf,0x3,0x2,0x0,0xb,0x5,0x9,0xe,0xc,0xa,0x4],
        [0xe,0xc,0xb,0x8,0x1,0x2,0x3,0x5,0xf,0x4,0xa,0x6,0x7,0x0,0x9,0xd],
        [0xb,0xa,0x5,0xe,0x6,0xd,0x9,0x0,0xc,0x8,0xf,0x3,0x2,0x4,0x7,0x1],
        [0xd,0x7,0xf,0x4,0x1,0x2,0x6,0xe,0x9,0xb,0x3,0x0,0x8,0x5,0xc,0xa]
    ],dtype='object')
    a = np.zeros(5,dtype='object')
    b = np.zeros(5,dtype='object')
    a[0] = (x>>4)%16
    b[0] = x%16
    a[1] = a[0] ^ b[0]
    b[1] = a[0] ^ (((b[0]<<3)&(0b1000)) | b[0]>>1) ^ ((8*a[0])%16)
    a[2] = t[0][a[1]]
    b[2] = t[1][b[1]]
    a[3] = a[2] ^ b[2]
    b[3] = a[2] ^ (((b[2]<<3)&(0b1000)) | b[2]>>1) ^ ((8*a[2])%16)
    a[4] = t[2][a[3]]
    b[4] = t[3][b[3]]
    y = 16*b[4] + a[4]
    return y

def q1(x):
    # x 8bit int
    # y 8bit int
    t = np.array([
        [0x2,0x8,0xb,0xd,0xf,0x7,0x6,0xe,0x3,0x1,0x9,0x4,0x0,0xa,0xc,0x5],
        [0x1,0xe,0x2,0xb,0x4,0xc,0x3,0x7,0x6,0xd,0xa,0x5,0xf,0x9,0x0,0x8],
        [0x4,0xc,0x7,0x5,0x1,0x6,0x9,0xa,0x0,0xe,0xd,0x8,0x2,0xb,0x3,0xf],
        [0xb,0x9,0x5,0x1,0xc,0x3,0xd,0xe,0x6,0x4,0x7,0xf,0x2,0x0,0x8,0xa]
    ],dtype='object')
    a = np.zeros(5,dtype='object')
    b = np.zeros(5,dtype='object')
    a[0] = (x>>4)%16
    b[0] = x%16
    a[1] = a[0] ^ b[0]
    b[1] = a[0] ^ (((b[0]<<3)&(0b1000)) | b[0]>>1) ^ ((8*a[0])%16)
    a[2] = t[0][a[1]]
    b[2] = t[1][b[1]]
    a[3] = a[2] ^ b[2]
    b[3] = a[2] ^ (((b[2]<<3)&(0b1000)) | b[2]>>1) ^ ((8*a[2])%16)
    a[4] = t[2][a[3]]
    b[4] = t[3][b[3]]
    y = 16*b[4] + a[4]
    return y

def h_func(X,L):
    # X 32bit int
    # L 32 * k bit int np.array
    # Y 32bit int
    k=2
    x = np.array([X>>(8*i) &0xff for i in range(4)])
    l = np.zeros((k,4),dtype='object')
    for i in range(k):
        l[i] = np.array([L[i]>>(8*j) &0xff for j in range(4)])
    y = np.zeros((k+1,4) ,dtype='object')
    y[k] = [i for i in x]
    y[0][0] = q1(q0(q0(y[k][0]) ^ l[1][0]) ^ l[0][0])
    y[0][1] = q0(q0(q1(y[k][1]) ^ l[1][1]) ^ l[0][1])
    y[0][2] = q1(q1(q0(y[k][2]) ^ l[1][2]) ^ l[0][2])
    y[0][3] = q0(q1(q1(y[k][3]) ^ l[1][3]) ^ l[0][3])
    z = [0]*4
    for i in range(4):
        for j in range(4):
            z[i] ^= gmul(MDS[i][j],y[0][j])
    Z = 0
    for i in range(4):
        Z += (z[i] << (8*i))
    return Z

def xtime_k(a):
    # a: 8bit
    # b: 8bit
    primitive_polynomial_k = 0b01001101
    if a & 0b10000000 == 0b10000000:
        a = ((a << 1) ^ primitive_polynomial_k) & 0b11111111
    else:
        a <<= 1
    return a

def gmul_k(a, b):
    # a: 8bit
    # b: 8bit
    # c: 8bit
    c = 0
    for i in range(8):
        if b & 1 == 1:
            c ^= a
        a = xtime_k(a)
        b >>= 1
    return c

def key_schedule(key):
    # key 128bit byteSrting
    # Me 32 * 2 bit byteString np.array
    # Mo 32 * 2 bit byteString np.array
    # S 32 * 2 bit byteString np.array
    # keys byteString np.array
    # [key,Me[0],Me[1],Mo[0],Mo[1],S[0],S[1]]
    keys = np.full(7,b"")
    keys[0] = key
    RS = np.array([
        [0x01,0xA4,0x55,0x87,0x5A,0x58,0xDB,0x9E],
        [0xA4,0x56,0x82,0xF3,0x1E,0xC6,0x68,0xE5],
        [0x02,0xA1,0xFC,0xC1,0x47,0xAE,0x3D,0x19],
        [0xA4,0x55,0x87,0x5A,0x58,0xDB,0x9E,0x03]
    ],dtype='object')
    m = np.array([keys[0][4*i:4*(i+1)] for i in range(4)])
    keys[1] = m[0]
    keys[2] = m[2]
    keys[3] = m[1]
    keys[4] = m[3]
    S = np.zeros(2,dtype='object') 
    m2 = np.array([(int.from_bytes(keys[0],'big')>>(8*(15-i))) & 0xff for i in range(16)])
    for i in range(2):
        s = [0]*4
        for j in range(4):
            for k in range(8):
                s[j] ^= gmul_k(RS[j][k],m2[8*i+k])
        for j in range(4):
            S[i] += (s[j] << (8*j))
        keys[6-i] = S[i].to_bytes(4,'little')
    Me = np.full(2,b"")
    Mo = np.full(2,b"")
    S = np.full(2,b"")
    Me[0] = keys[1]
    Me[1] = keys[2]
    Mo[0] = keys[3]
    Mo[1] = keys[4]
    S[0] = keys[5]
    S[1] = keys[6]
    return Me,Mo,S
            
def sbox_with_key(X,i,S):
    # X 8bit int
    # i int 0-3
    # S 32 * 2 bit int
    # Y 8bit int
    k=2
    l = np.zeros((2,4),dtype='object')
    for m in range(k):
        l[m] = [S[m]>>(8*j) &0xff for j in range(4)]
    y = np.zeros((k+1,4) ,dtype='object')
    y[k][i] = X
    if i == 0:
        y[0][0] = q1(q0(q0(y[k][0]) ^ l[1][0]) ^ l[0][0])
    elif i == 1:
        y[0][1] = q0(q0(q1(y[k][1]) ^ l[1][1]) ^ l[0][1])
    elif i == 2:
        y[0][2] = q1(q1(q0(y[k][2]) ^ l[1][2]) ^ l[0][2])
    elif i == 3:
        y[0][3] = q0(q1(q1(y[k][3]) ^ l[1][3]) ^ l[0][3])
    return y[0][i]

def expand_key(Mo,Me):
    # key 128bit byteString
    # keys 32 * 40 bit int
    # little endian
    Mo_int = np.frompyfunc(int.from_bytes, 2, 1)(Mo,'little')
    Me_int = np.frompyfunc(int.from_bytes, 2, 1)(Me,'little')
    keys = []
    rho = 2**24 + 2**16 + 2**8 + 2**0
    A = np.zeros(20,dtype='object')
    B = np.zeros(20,dtype='object')
    for i in range(20):
        A[i]=h_func(2*i*rho,Me_int)
        B[i]=rotate_left(h_func((2*i+1)*rho,Mo_int),8)
    keys = np.zeros(40,dtype='object')
    for i in range(20):
        keys[2*i] = (A[i] + B[i])%(2**32)
        keys[2*i+1] = rotate_left((A[i] + 2*B[i])%(2**32),9)
    return keys

def g_func(X,S):
    # X 32bit int
    # S 32 * 2 bit int
    # Z 32bit int
    x = [X>>(8*i) &0xff for i in range(4)]
    y = [sbox_with_key(x[i],i,S) for i in range(4)]
    z = np.zeros(4,dtype='object')
    for i in range(4):
        for j in range(4):
            z[i] ^= gmul(MDS[i][j],y[j])
    Z = 0
    for i in range(4):
        Z += (z[i] << (8*i))
    return Z
    
def f_func(r0,r1,keys,rounds,S):
    # r0 32bit int
    # r1 32bit int
    # keys 32 * n bit int
    # rounds int 0-15
    # f0 32bit int
    # f1 32bit int
    t0 = g_func(r0,S)
    t1 = g_func(rotate_left(r1,8),S)
    f0 = (t0+t1+keys[2*rounds+8]) % 2**32
    f1 = (t0+2*t1+keys[2*rounds+9]) % 2**32
    return f0,f1

def one_round(words,rounds,keys,S):
    # words 32 * 4bit int
    # rounds int 0-15
    # exchanged_words 32 * 4bit int
    S_int = np.frompyfunc(int.from_bytes, 2, 1)(S,'little')
    f0,f1 = f_func(words[0],words[1],keys,rounds,S_int)
    exchanged_words = [0]*4
    exchanged_words[2] = words[0]
    exchanged_words[3] = words[1]
    exchanged_words[0] = rotate_right(words[2] ^ f0,1)
    exchanged_words[1] = rotate_left(words[3],1) ^ f1
    return exchanged_words

def input_whitening(words,keys):
    # words 32 * 4bit int
    # keys 32 * 4bit int
    # whitened_words 32 * 4bit int
    whitened_words = [0]*4
    for i in range(4):
        whitened_words[i] = words[i] ^ keys[i]
    return whitened_words

def output_whitening(words,keys):
    # words 32 * 4bit int
    # keys 32 * 4bit int
    # whitened_words 32 * 4bit int
    whitened_words = [0]*4
    for i in range(4):
        whitened_words[i] = words[(i+2)%4] ^ keys[i]
    return whitened_words

def twofish_encrypt(block,key):
    # block 128bit byteString
    # key 128bit byteString
    # encrypted_block 128bit byteString
    words = block_to_words(block)
    Me,Mo,S = key_schedule(key)
    keys = expand_key(Mo,Me)
    whitened_words = input_whitening(words,keys[0:4])
    for i in range(16):
        whitened_words = one_round(whitened_words,i,keys,S)
    encrypted_words = output_whitening(whitened_words,keys[4:8])
    encrypted_block = words_to_block(encrypted_words)
    return encrypted_block

def main(flag):
    pad_flag = flag+b'\x00'*(16-len(flag)%16)
    block_length = len(pad_flag)//16
    nonce = int.from_bytes(secrets.token_bytes(12),'big')
    assert block_length <= 2**32
    counter = [int.to_bytes((nonce<<32) + i,16,'big') for i in range(0,block_length)]
    key = secrets.token_bytes(16)
    encrypted_counter = [twofish_encrypt(i,key) for i in counter]
    encrypted_flags = [int.from_bytes(encrypted_counter[i],'big') ^ (int.from_bytes(pad_flag,'big')>>(16*8)*(block_length-1-i))&0xffffffffffffffffffffffffffffffff for i in range(0,block_length)]
    print("nonce = ", nonce)
    print("encrypted_flags = ", encrypted_flags)

if __name__ == '__main__':    
    flag = b"TSGCTF{__REDUCTED__}"
    main(flag)

cipher.txt

nonce =  18639088674531619804203553158
encrypted_flags =  [136566763988814260123977728391695169870, 297854733988125490212154919002758942167, 140286143861115781298750245081274386093, 267780198301748450281498233524628586631, 67891782595602432915140903440966332185, 27833795440965705923198634284529559150, 75239374091619069386173206358307312436, 155895086707931827255209248461881439022, 168571968627802622229088996983467487220, 258118042758062906462047523793633475289]

我的解答:

问题如下:

为了加密Flag,我自己试着实现了密钥为128bit时的twofish密码。这是我第一次使用NumPy,真是太方便了!

但是,官方网站Test Vectors上的Known Answer Test和加密结果不一致,这是为什么呢?

一个名为 twofish 的分组密码已经实现,但实现中似乎存在错误。 该标志在点击率模式下加密。

如果修复随机数,并在更改密钥时观察密文中的变化,则可以奇怪地猜测,即使更改密钥的第二个和后续字符,密文也不会更改。

def main(flag, key):
    pad_flag = flag+b'\x00'*(16-len(flag)%16)
    block_length = len(pad_flag)//16
    # nonce = int.from_bytes(secrets.token_bytes(12),'big')
    nonce = 18639088674531619804203553158
    assert block_length <= 2**32
    counter = [int.to_bytes((nonce<<32) + i,16,'big') for i in range(0,block_length)]
    # key = secrets.token_bytes(16)
    encrypted_counter = [twofish_encrypt(i,key) for i in counter]
    encrypted_flags = [int.from_bytes(encrypted_counter[i],'big') ^ (int.from_bytes(pad_flag,'big')>>(16*8)*(block_length-1-i))&0xffffffffffffffffffffffffffffffff for i in range(0,block_length)]
    # print("nonce = ", nonce)
    print("encrypted_flags = ", encrypted_flags)

if __name__ == '__main__':    
    flag = b"TSGCTF{__REDUCTED__}"
    main(flag, b'a' + b'a'*15)
    main(flag, b'a' + b'b'*15)
python3 encrypt.py
encrypted_flags =  [290626269617722010694582424448868702133, 188985550652166884715879952474676365533]
encrypted_flags =  [290626269617722010694582424448868702133, 188985550652166884715879952474676365533]

因此,可以根据需要修复key的第二个和后续字符,并尝试第一个字符的所有字符。 由于它处于 CTR 模式,因此可以通过 XOR 进行解密。

from Crypto.Util.number import *

nonce = 18639088674531619804203553158
encrypted_flags = [136566763988814260123977728391695169870, 297854733988125490212154919002758942167, 140286143861115781298750245081274386093, 267780198301748450281498233524628586631, 67891782595602432915140903440966332185, 27833795440965705923198634284529559150, 75239374091619069386173206358307312436, 155895086707931827255209248461881439022, 168571968627802622229088996983467487220, 258118042758062906462047523793633475289]

def decrypt(k):
    block_length = len(encrypted_flags)
    counter = [int.to_bytes((nonce<<32) + i,16,'big') for i in range(0,block_length)]
    key = bytes([k]) + b'a'*15
    encrypted_counter = [twofish_encrypt(i,key) for i in counter]
    
    ans = b''
    for i in range(len(encrypted_flags)):
        v = bytes_to_long(encrypted_counter[i]) ^ encrypted_flags[i]
        ans += long_to_bytes(v)
    if b'TSGCTF' in ans:
        print(ans)
        
for k in range(256):
    decrypt(k)
# TSGCTF{P3ople_li|<e_w4$+3,_I_|<|\|o\/\/._If_I_wa$_g0i|\|g_t0_ac+u4lly_use_i+,_I_shoul|)_not_h4ve_i|\/|ple|\/|e|\|ted_+|-|3_(i|*he|2_0|\|_|\/|`/_own.}

Kicky_Mu
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
RSA解题
wwh的博客
11-13 8852
出题人:胡凌洋 解题组:吴航 胡凌洋 张佳豪 题目源码: p=getPrime(1024) q=getPrime(1024) e=65537 n1=p*q m=bytes_to_long(flag) c1=pow(m,e,n1) print (c1,e,n1) p=getPrime(1024) e=65537 n2=p*q m=bytes_to_long("1"*32) c2=pow (...
TSG 21-2016
03-29
TSG 21-2016 固定式压力容器安全技术监察规程。保障设备安全运行,减少事故发生,保证人民群众生命权。
2021-07-25
m0_57291352的博客
07-25 708
[XNUCA2018]Warmup 题目 Buggy_Server.py from Crypto.Util.number import bytes_to_long, getPrime from random import randint from gmpy2 import powmod import sys p = getPrime(1024) q = getPrime(1024) N = p*q Phi = (p-1)*(q-1) with open("flag", 'r') as fr: flag
【密码学】破解RSA密码(Python代码实现)
热门推荐
Mitchell_Donovan的博客
12-26 1万+
题目描述 已知有人写了如下的代码,并将生成的(n,e,c)以及(n2,e2,c2,(p2+1)*(q2+1))输出。 from Crypto.Util.number import * def ef(): p=getPrime(512) q=getPrime(512) flag=open("flag","rb").read() m=bytes_to_long(flag) e=65537 n=p*q c=pow(m,e,n) print(n,...
记同因子p-RSA
qq_43647197的博客
03-29 139
rsa之相同因子求解
RSA的破解
weixin_44681716的博客
07-04 2136
题目 在已知密文、公钥和加密算法的前提下求解私钥和明文
TSG T5002-2017
01-10
特种设备安全技术规范 TSG T5002-2017 电梯维护保养规则
TSG 23-2021 气瓶安全技术规程
04-08
TSG 23-2021 气瓶安全技术规程
RH850-C1M-A Motor Control Timer(TSG3)电机控制驱动应用手册
01-17
【RH850-C1M-A Motor Control Timer(TSG3)电机控制驱动应用手册】是针对RH850/C1M-A微控制器中内置的电机控制定时器(TSG3)提供的一份详细操作指南。这份应用笔记包含了经过验证的操作实例,旨在帮助用户理解和运用...
tsg.zip
06-08
很抱歉,根据您提供的信息,"tsg.zip"是一个压缩包文件,但没有提供具体的描述或标签来指示其内容。通常,这样的文件可能包含各种类型的IT相关资料,如代码、文档、图片、音频或视频文件等。由于缺乏详细信息,我...
BUUCTF——rsa系列(4)
Luiino的博客
07-27 4037
给了c、z、n以及e分析一下,首先是它的作用是进行求导,前一个参数表示求导的内容,后一个参数表示求导的主体,如意思是以p为主体对求导得到1/(1+),同理得到1/(1-)。其次对于如Fraction(1,Derivative(arctan(p),p))是以1为分子,以Derivative(arctan(p),p)为分母,这样一来可以得到关系式z=可以进一步得到下面的关系式=z-2n,=z+2n,敲代码解出p、q。............
【密码学RSA】2020巅峰极客_tryrsa解题过程及原理的详细分析
serendipity1130的博客
09-07 1616
1.题目: from secret import e1,e2,flag from Crypto.Util.number import * msg = bytes_to_long("=========Hint:e1="+str(3)+"=============") p = getPrime(512) q = getPrime(512) N = p*q print (N) print (pow(msg,3,N)) msg = bytes_to_long(flag) p = getPrime(1024
[Geek Challenge 2022] crypto部分
weixin_52640415的博客
11-22 2860
极客 GeekChallenge 2022 CTF crypto
CTF-RSA利用公约数求解
rhyme1213的博客
03-23 695
如果题目中的N没法分解,可以考虑已知的数学关系式(因为给了数学关系式,很可能就是在暗示得到p或q),判断是否存在公约数 p 或者 q,计算出p或者q的值,进而得到私钥d,就能用常规RSA解密做了。
Crypto--格密码(一)
刘十三t的博客
07-15 2429
记录格密码的一些题
每日10行代码170:rsa中的N分解问题,基于p和q之间的关系
天天卡丁的博客
07-15 1596
事实证明,真实的p值在平方根上下1000之内浮动,类似的,可以解决其他类似这种知道p和q某种关系的rsa问题。其中t和m是一个很小的量,t代表11x到下一个素数之间的差值,经过测试,通常差值在5000以内。从这里可以发现p和q有一定的关系。由于t和m很小,那么相关于。......
[BJDCTF2020]RSA ==>低加密指数攻击
LYJ20010728的博客
12-01 782
题目地址 task.py内容如下: from Crypto.Util.number import getPrime,bytes_to_long flag=open("flag","rb").read() p=getPrime(1024) q=getPrime(1024) assert(e<100000) n=p*q m=bytes_to_long(flag) c=pow(m,e,n) print c,n print pow(294,e,n) p=getPrime(1024) n=p*q m=by
【鹤城杯 2021】 CRYPTO刷题
最新发布
orchid_sea的博客
04-10 561
附件easy_crypto.txt,内容是社会核心主义观使用工具解密。
某RSA
YUK_103的博客
03-02 865
题目如下所示: from Crypto.Util.number import getPrime,bytes_to_long from sympy import Derivative from fractions import Fraction from secret import flag p=getPrime(1024) q=getPrime(1024) e=65537 n=p*q z=Fra...
特种设备许可鉴定评审详解:TSG Z0005-2007规则与流程
TSG Z0005-2007《特种设备制造安装改造维修许可鉴定评审细则》是一部针对特种设备行业的关键法规,该标准适用于锅炉、压力容器、压力管道、电梯、起重机械、客运索道、大型游乐设施以及场(厂)内机动车辆等机电类...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值