题目给出了代码
from Crypto.Util.number import *
import gmpy2
flag = '*******************************************'
hex_flag=int(flag.encode("hex"),16)
p=getPrime(512)
q=getPrime(512)
n=p*q
e=0x3
c=pow(hex_flag,e,n)
print((hex_flag*hex_flag*hex_flag-n)//n)
#hex_flag*hex_flag*hex_flag-n)//n<100
print("n=",hex(n))
print("e=",hex(e))
print("c=",hex(c))
'''
('n=', '0x9c514a157a47a670e192230b40169fafd13407bbf8da96a260238988979ea661129b5405b4410bf4c592750ba1521511c4dbe5e9542b54c9ef458270b8932166e299ac13ef5f40bd00c835d9eec8b4cad742aeafabcdb0075584233151994df3f77299e6f5804b5e2823635421cb9dced394acb8d4747dd9fa80045abca4acf5L')
('e=', '0x3')
('c=', '0x84eb595067756c5994115110892008c3e62de67c5050b389e1c576b1cd90dde61b301ed2b91badc42b13eee88d9989ca665e8b827bc09960d7fa5f7170865382cc328be7211c3577bceb17516fc5cddeb2a74b4a0f6f84c02a8f1473da5f481bd805aade3826c42ded0b4c45c198be9100b06bd1f7675100841328c5896f015eL')
'''
题目给出了n、e、c,其中n=p*q
按理来说,要分解n为p和q,再计算。
但是,n实在太大,yafu无法分解
经过观察,e的值很小,为3,考虑RSA的特殊情况——“小明文分解”
以下是分解脚本
import gmpy2
from Crypto.Util.number import long_to_bytes
def small_msg(e, n, c):
for k in range(200000000):
if gmpy2.iroot(k*n + c, e)[1]:
return gmpy2.iroot(k*n + c, e)[0]
return False
先将n、e、c转为十进制
e = 3
n = 109769907245792409973152066923182961009878337660390058449086641925362901413818510843949524844472099064455292942282273477934514645640135287606157336574651401671194834836809994993452876183199813668522082781972086867149383699009423160433760504264384380863894455808398677244322669816707607845104258580582385364213
cipher = 93339128852461631750355869700469021425807203479076699838088563059213091266523478807345383630016112696669435946851245211093437773718948704524771295520112764755604031498085287845171501235855234683537765027506028255424424101404093546981252842709427295797362518018060295056375700023866076798961452195227366261086
msg = small_msg(3, n, cipher)
print(long_to_bytes(msg))
解之,得
b’flag is : 9838516c4e1e1ac827bf32505bb2207d’