Crypto(7)BUUCTF-RSA4

已于 2023-11-06 17:21:24 修改
阅读量221 收藏
点赞数
分类专栏: # cryptography 文章标签: 算法
于 2023-11-03 18:10:42 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_66039322/article/details/134208625
版权

BUUCTF RSA4

下载题目,可见文件给出了3组n和c

N = 331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413033243132101010422240133122211400434023222214231402403403200012221023341333340042343122302113410210110221233241303024431330001303404020104442443120130000334110042432010203401440404010003442001223042211442001413004
c = 310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243

N = 302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114
c = 112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344

N = 332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323
c = 10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242

根据加密公式,可以构造出同余方程组

me = c1 (mod n1)

me = c2 (mod n2)

me = c3 (mod n3)

解这样的方程组要用到【中国剩余定理】(详细信息观看《应用密码学》书籍)

具体解题思路:

代码如下:

import gmpy2
import  binascii

#利用中国剩余定理求解同余方程,aList:余数,mList:模数
def CRT(aList, mList):
    M = 1
    for i in mList:
        M = M * i   #计算M = ∏ mi
    #print(M)
    x = 0
    for i in range(len(mList)):
        Mi = M // mList[i]   #计算Mi
        Mi_inverse = gmpy2.invert(Mi, mList[i]) #计算Mi的逆元
        x += aList[i] * Mi * Mi_inverse #构造x各项
    x = x % M
    return x

if __name__ == "__main__":
    #========== n c ==========
    n1 = "331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413033243132101010422240133122211400434023222214231402403403200012221023341333340042343122302113410210110221233241303024431330001303404020104442443120130000334110042432010203401440404010003442001223042211442001413004"
    c1 = "310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243"
    n2 = "302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114"
    c2 = "112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344"
    n3 = "332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323"
    c3 = "10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242"
    
    cList = [int(c1,5), int(c2,5), int(c3,5)]
    nList = [int(n1,5), int(n2,5), int(n3,5)]
    m_e = CRT(cList, nList) #计算m^e
    for e in range(1, 10):  #遍历e求解
        m, f = gmpy2.iroot(m_e, e) #m_e开e次根
        print("加密指数e = %d:"%e)
        m = hex(m)[2:]
        if len(m)%2 == 1:
            m = m + '0' #binascii.unhexlify()参数长度必须为偶数,因此做一下处理
        flag = binascii.unhexlify(m)
        print(flag)

运行后发现,当e=3时,get flag!

术业有专攻,闻道有先后
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
BUUCTF RSA题目全解4
MikeCoke的博客
12-19 3701
1.[MRCTF2020]babyRSA 题目 import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes from z3 import * flag = b"MRCTF{xxxx}" base = 65537 def GCD(A): B =
某RSA
YUK_103的博客
03-02 856
题目如下所示: from Crypto.Util.number import getPrime,bytes_to_long from sympy import Derivative from fractions import Fraction from secret import flag p=getPrime(1024) q=getPrime(1024) e=65537 n=p*q z=Fra...
Buuctf的RSA(四)
最新发布
ndjnddjxn的博客
05-30 577
生成素数e1=2333e2=23333#共模攻击n=p*q导入库定义RSA公钥的模数n、两个加密指数e1和e2、以及两个密文c1和c2。定义共模攻击函数e1e2c1c2和n。首先,将输入参数转换为整数类型,确保所有操作都在整数域进行。使用函数计算e1和e2的扩展欧几里得算法结果。该函数返回一个三元组(g, x, y),其中g是e1和e2的最大公约数(在此场景下应为1,因为e1和e2互质),而x和y是满足的整数。从gcdext的结果中提取x和y的等价值s1和s2。
中国剩余定理
qq_52193383的博客
08-12 684
中国剩余定理: 设m1,…,mk是k个两两互素的正整数,则对任意的整数b1,…,bk,同余式组: x ≡ b1 (mod m1) …… …… …… x = bk (mod mk) 一定有解,且解是唯一的。 (1)若令m = m1*…*mk,m = mi * Mi, i = 1,…k 则同余式组的解可以表示为 x ≡ b1 * M1’ * M1 + … + bk * Mk’ * Mk (mod m) 其中Mi’为Mi模mi的逆元,即Mi’ * Mi ≡ 1 (mod mi),i = 1,…,k (2)若令N
BUUCTF·RSA4·WP
sm1918451478的博客
10-16 309
BUUCTF·RSA4·WP
BUUCTF RSA4——中国剩余定理
shshss64的博客
10-05 1136
rsa中国剩余2定理的应用·
BUUCTF Crypto RSA4 wp
hsqGOD's blog
03-23 2459
看到这一题,给到了三组三个n三个c,我们可以很容易的想到了中国剩余定理,但是我们发现这题并不是那么容易的,可以说是非常恶心人了,他题目给到的c和n并不是用的十进制,而是用的五进制,要先用int("*****",5)的代码转换为十进制才能计算。后来我们又发现,将题目通过CRT解出来并不对,看来并不是flag直接模的n,于是我们猜测e=3,果然,成功解出flag,脚本如下 // python2 imp...
crypto-rsa-example:使用crypto ++进行rsa加密的快速示例
05-07
在项目`crypto-rsa-example-master`中,你可以找到完整的示例代码,包括如何编译和运行。通过阅读和运行这个例子,你将更深入地理解如何在C++中使用Crypto++库实现RSA加密和解密。同时,也可以根据自己的需求修改...
crypto-js-develop.zip
12-14
crypto-js-develop\src\rc4.js, 3081 , 2017-06-02 crypto-js-develop\src\ripemd160.js, 8812 , 2017-06-02 crypto-js-develop\src\sha1.js, 3722 , 2017-06-02 crypto-js-develop\src\sha224.js, 1521 , ...
commons-crypto-1.0.0-API文档-中文版.zip
05-02
赠送jar包:commons-crypto-1.0.0.jar; 赠送原API文档:commons-crypto-1.0.0-javadoc.jar; 赠送源代码:commons-crypto-1.0.0-sources.jar; 赠送Maven依赖信息文件:commons-crypto-1.0.0.pom; 包含翻译后的API...
crypto-js-4.0.0.tar.gz
07-20
- **广泛的加密算法支持**:crypto-js不仅包含了AES、DES、TripleDES等对称加密算法,还支持RSA、ECC等非对称加密算法,以及MD5、SHA1、SHA256等哈希函数。 - **易于使用**:通过简单的API调用,开发者可以轻松...
crypto-js-develop含有各种加密JS库
05-20
**加密库Crypto-JS详解** Crypto-JS是一个广泛使用的JavaScript加密库,专为在浏览器环境中进行安全的数据加密而设计。这个库提供了多种加密算法,包括对称加密、非对称加密以及哈希函数等,使得开发者能够实现数据...
BUUCTF 打卡2
qq_52193383的博客
08-20 349
1.RSA4 题目给出了三组c和n,猜测是广播攻击。猜测e = 3。自己写的脚本有点不靠谱,就借用书上的。值得注意的是题目给出的c和n都是5进制数!!!(仔细点的话可以看出数据中没有出现>=5的数字) #广播攻击??? import gmpy2,libnum from Crypto.Util.number import long_to_bytes,bytes_to_long def broadcast_attack(data): def extended_gcd(a,b):
BUUCTF RSA4(中国剩余定理)
晓寒的博客
07-09 3700
RSA4(中国剩余定理) 题目 给出3组n和c N = 331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413
BUUCTF——rsa系列(4)
Luiino的博客
07-27 4012
给了c、z、n以及e分析一下,首先是它的作用是进行求导,前一个参数表示求导的内容,后一个参数表示求导的主体,如意思是以p为主体对求导得到1/(1+),同理得到1/(1-)。其次对于如Fraction(1,Derivative(arctan(p),p))是以1为分子,以Derivative(arctan(p),p)为分母,这样一来可以得到关系式z=可以进一步得到下面的关系式=z-2n,=z+2n,敲代码解出p、q。............
BUUCTF RSA4 ==> 中国剩余定理
LYJ20010728的博客
12-02 855
题目地址 解题代码: import gmpy2 import binascii n1 = int(str(33131032421200003002021431224423222240014241042341310444114020300324300210433321420203120221240340022003120214232243410414310424424121420444444332300024413012202242231020110441104403011330232301410133
[CTF密码学]RSA相关题目解题方法与python脚本总结(附例题)
WANGJUNAIJIAO的博客
10-30 5292
RSA是一种非对称加密体制 ,所谓非对称就是加密钥和解密钥不一样,要解决加解密相关问题,我们首先要弄清楚RSA加密解密流程中用到了哪些东西:**明文 m:**就是待加密的文本啦,一般也就是我们的flag。**密文 C:**加密完成后的密文,一般题目会给你,我们要做的就是根据密文解密出明文。**公钥 e(加密钥):**用来加密的密钥,是一个整数,是公开的。RSA加密的关键部分,一般不会告诉你。我们选取两个大素数并计算它们的乘积,得到n=p*q。**后面会用p,q,n来加密解密。
BUUCTF--Crypto(51~60)
m0_59022585的博客
07-07 233
根据标题提示、数字范围(9以内)、每组数字个数(4以内),确定使用九宫格键加密,使用脚本求解。解压后使用pycharm打开py文件,而文本文件中是py文件的输出(p、q、c),直接用RSA解密脚本求出flag。打开文本有3组N和c,发现密文中数字不超过5,则断定为5进制,先进行进制转换,再使用RSA解密脚本求出flag。根据标题提示,将文本中的密文对照天干地支表并加上一甲子(60),使用脚本将其转换成字符,即flag。文本中有一串密文,根据提示:曼联,确定是曼彻斯特编码,使用脚本进行解码得到flag。
[BJDCTF2020]RSA
rang的博客
12-08 1488
题目给了c和e、同公钥(e,n)加密的密文、具有同q的公钥加密的密文 思路:由同q的公钥,也就是n公用了素数q,通过gcd函数可以得到p,也就有p和q 此时就差e就能解出题目,已知e的范围、相同公钥加密的密文 可由_294c == pow(294,e,n)爆破e,脚本如下: import gmpy2 from Crypto.Util.number import * # flag=open("flag","rb").read() # p=getPrime(1024) # q=getPrime(1024) #
buuctf crypto rsa
01-22
在buuctf crypto rsa比赛中,参赛者需要通过解密RSA加密的数据来获取flag。通常情况下,需要对RSA算法进行分解因子攻击或者求解模数的方法来获取私钥,从而解密加密的数据。参赛者需要具备对RSA加密算法的理解和掌握...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值