JUSTCTF2020 Crypto&Misc wp
Crypto
1.Crypto Sign IN
打开附件可以得到如下的颜文字
゚ω゚ノ= /`m´)ノ ~┻━┻ //*´∇`*/ ['_']; o=(゚ー゚) =_=3; c=(゚Θ゚) =(゚ー゚)-(゚ー゚); (゚Д゚) =(゚Θ゚)= (o^_^o)/ (o^_^o);(゚Д゚)={゚Θ゚: '_' ,゚ω゚ノ : ((゚ω゚ノ==3) +'_') [゚Θ゚] ,゚ー゚ノ :(゚ω゚ノ+ '_')[o^_^o -(゚Θ゚)] ,゚Д゚ノ:((゚ー゚==3) +'_')[゚ー゚] }; (゚Д゚) [゚Θ゚] =((゚ω゚ノ==3) +'_') [c^_^o];(゚Д゚) ['c'] = ((゚Д゚)+'_') [ (゚ー゚)+(゚ー゚)-(゚Θ゚) ];(゚Д゚) ['o'] = ((゚Д゚)+'_') [゚Θ゚];(゚o゚)=(゚Д゚) ['c']+(゚Д゚) ['o']+(゚ω゚ノ +'_')[゚Θ゚]+ ((゚ω゚ノ==3) +'_') [゚ー゚] + ((゚Д゚) +'_') [(゚ー゚)+(゚ー゚)]+ ((゚ー゚==3) +'_') [゚Θ゚]+((゚ー゚==3) +'_') [(゚ー゚) - (゚Θ゚)]+(゚Д゚) ['c']+((゚Д゚)+'_') [(゚ー゚)+(゚ー゚)]+ (゚Д゚) ['o']+((゚ー゚==3) +'_') [゚Θ゚];(゚Д゚) ['_'] =(o^_^o) [゚o゚] [゚o゚];(゚ε゚)=((゚ー゚==3) +'_') [゚Θ゚]+ (゚Д゚) .゚Д゚ノ+((゚Д゚)+'_') [(゚ー゚) + (゚ー゚)]+((゚ー゚==3) +'_') [o^_^o -゚Θ゚]+((゚ー゚==3) +'_') [゚Θ゚]+ (゚ω゚ノ +'_') [゚Θ゚]; (゚ー゚)+=(゚Θ゚); (゚Д゚)[゚ε゚]='\\'; (゚Д゚).゚Θ゚ノ=(゚Д゚+ ゚ー゚)[o^_^o -(゚Θ゚)];(o゚ー゚o)=(゚ω゚ノ +'_')[c^_^o];(゚Д゚) [゚o゚]='\"';(゚Д゚) ['_'] ( (゚Д゚) ['_'] (゚ε゚+(゚Д゚)[゚o゚]+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (o^_^o))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚ー゚)+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (o^_^o)+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) +(o^_^o))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (゚Θ゚))+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (o^_^o)+ ((゚ー゚) + (o^_^o))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (c^_^o)+ (o^_^o)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((o^_^o) - (゚Θ゚))+ (゚ー゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ (c^_^o)+ ((o^_^o) +(o^_^o))+ (゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+ (c^_^o)+ (゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+((o^_^o) +(o^_^o))+ (c^_^o)+ (゚Д゚)[゚ε゚]+(゚ー゚)+ (゚Θ゚)+ (゚Д゚)[゚ε゚]+(゚Θ゚)+ ((゚ー゚) + (o^_^o))+ ((゚ー゚) + (゚Θ゚))+ (゚Д゚)[゚ε゚]+(゚ー゚)+ ((o^_^o) - (゚Θ゚))+ (゚Д゚)[゚ε゚]+((゚ー゚) + (゚Θ゚))+ (゚Θ゚)+ (゚Д゚)[゚o゚]) (゚Θ゚)) ('_');
将其复制到浏览器的控制台就可以得到flag,如图
2.So easy
打开附件得到三个文件,根据题目的提示直接去看py脚本,将脚本拉到最下方可以看到如图
当然这个脚本输入任意值进去最后都会跳转到这,所以不影响,然后将{}内值逆序就是正确的flag
3.Basic and advanced
题目:
Xzetgstv axivgi gh dbqnl uhf kkq hbarcgrbha rls xouv mu ngg, rls usizlcxfu rpt htvvl wtff km rkoeb, qd bh kj yalc erjaxr LLQI hp ksnulcafnol eeiq
根据提示可知使用了凯撒加密和维吉尼亚加密
解法一:观察到“LLQI”与其他不同,联想到flag格式JUST{},初步猜测LLQI=JUST,在这种假设下可推得密钥的一部分为cryp,那么又可以联想到crypto,尝试解密,得到
Vigenere cipher is known for its simplicity and ease of use, and beginners are often hard to crack, so it is also called JUST ob ibpfsoyopzs qcrs
确实出现了JUST,并且前面明文可读,说明key就是crypto
接下来对JUST后面的内容进行凯撒解密,枚举所有偏移量得到下图,可看到可读字符串
按照题目给的格式处理以后就是flag
解法二:通过在线网站爆破key可得到,网址:https://www.dcode.fr/
之后解法与解法一相同
4.Drunk Laffey
题目:
0111001000111110111010010101101101111001101000000011010001110011010010100100000100101101111101
提示:
101011101111010100101101011010110001101111111100010011001000110011001100110001101110000110001101101
根据题目描述可知这是摩斯密码,尝试01转摩斯,但是发现题目无空格。再看提示,因为考虑到是一道简单题,所以尝试将提示的01转字符或十进制这种简单的转换。将提示转十进制可得
433174344136236336221131312237
猜测这应该是分组,按照提示分组后得到
0111 001 000 1 1111011 1010 010 1011 0110 1 111 001101 00 000 001101 000 111 001101 00 10 1 0 010 0 000 1 00 10 110 1111101
然后就可以01→摩斯→明文
JUST%u7bCRYPTO_IS_SO_INTERESTING%u7d
将此值处理一下就可以得到flag
5.Are you blind?
附件打开,一段盲文,一个加密的key
ciphertext: ⠂⣁⠂⢕⠂⣰⠂⣉⠂⢔⠂⣎⠂⣀⠂⣗⠂⣀⠂⣥⠂⣁⠂⣌⠂⣋⠂⣂==
encrypted key: rrted ushsq wgpv
最后给了三个提示:
根据提示一:bifid cipher需要一个5*5的密码表,但是现在没有密码表
根据提示二:猜测密码表是按照电脑键盘的顺序排列,但是键盘有26位,密码表只需要25位
根据提示三:约定俗成的规则是指剔除“z”,因为“z”的出现频率是26个英文字母中最低的
然后就可以得到密码表:
1 2 3 4 5
1 q w e r t
2 y u i o p
3 a s d f g
4 h j k l x
5 c v b n m
之后的话可以选择手撸,也可以用工具
手撸版解法:
密文:rrted ushsq wgpv
推出坐标:14 14 15 13 33 22 32 41 32 11 12 35 25 52
合并坐标:1414151333 2232413211 12352552
然后根据bifid的原理要将其分为“行”和“列”,即
行:14141 22324 1235
列:51333 13211 2552
然后根据行列坐标得到明文:the key is yhwpgv
然后去解盲文密码即可(写这个主要是让你们加深对bifid的理解)
工具版解法:
注意去掉空格
6.Big_Gift
题目:
import Crypto.PublicKey.RSA as RSA
def enc(msg, pubkey):
(n,e) = pubkey
m = int.from_bytes(msg.encode(), byteorder = 'little')
c = pow(m, e, n)
ctxt = (c).to_bytes(c.bit_length() // 8 + 1, byteorder = 'little')
return ctxt
with open("pubkey.pem", "r") as f:
ciph = RSA.importKey(f.read())
pubkey = (ciph.n, ciph.e)
with open("flag.txt", "r") as f:
flag = f.read()
flag = enc(flag, pubkey)
with open("flag.enc","wb") as fs:
fs.write(flag)
还有一个pubkey以及加密的flag文件
这道题很简单,因为N过大导致m^e%N == m^e,直接开方得到flag,但是要注意分组
payload:
import sys
import Crypto.PublicKey.RSA as RSA
# with open("pubkey.pem", "r") as f:
# ciph = RSA.importKey(f.read())
# with open("result.txt","w") as fs:
# fs.write("e = "+str(ciph.e) + "\nn="+str(ciph.n))
# def enc(msg, pubkey):
# (n,e) = pubkey
# m = int.from_bytes(msg, byteorder = 'little')
# c = pow(m, e, n)
# ctxt = (c).to_bytes(c.bit_length() // 8 + 1, byteorder = 'little')
# return ctxt
import gmpy2
from Crypto.Util.number import long_to_bytes
def dec(msg,privatekey):
c = int.from_bytes(msg,byteorder="little")
assert gmpy2.iroot(c,privatekey)[1] == True
m = gmpy2.iroot(c,privatekey)[0]
m = int(m)
ctxt = (m).to_bytes(m.bit_length() // 8 + 1 ,byteorder = 'little' )
return ctxt
with open('flag.enc',"rb") as rs:
msg = rs.read()
print(str(dec(msg,65537)))
7.Baby Rsa
题目:
from Crypto.Util.number import getPrime
flag = 'JUST{**********}'
p,q = [getPrime(40) for _ in range(2)]
n = p*q
m = int.from_bytes(flag.strip("JUST")[1:-1].encode(),"big")
# e = secret
print("c ="+pow(m,e,n))
print("x ="+pow(3,e,n))
print("y ="+pow(9,e,n))
print("z ="+pow(27,e,n))
"""
c = 549255654365864476196144
x = 153618743392211321669273
y = 294470439622467776032293
z = 396326281365084844903098
"""
由
x = 3^e%n
y = 9^e%n
z = 27^e%n
可得
y = x^2%n
z = x^3%n
所以
(y - x^2)%n = 0
(z - x^3)%n = 0
有
(z - x^3)%n = (y - x^2)%n
发现(y - x^2)和(z - x^3)存在公因数n
在线分解n(之前课上给过网址的)
离散对数求e
e,c,p,q全部得到,常规rsa解密
payload:
from Crypto.Util.number import *
import sympy
c = 549255654365864476196144
x = 153618743392211321669273
y = 294470439622467776032293
z = 396326281365084844903098
n = GCD(x**2-y,x**3-z)
print(n)
p = 722402380069
q = 762582733951
phi = (p-1)*(q-1)
e = sympy.discrete_log(n,x,3)
d = sympy.invert(e,phi)
m = pow(c,int(d),n)
print(long_to_bytes(m))
8.LLL
题目:
from Crypto.Util.number import bytes_to_long,GCD
import random
flag = "JUST{****************}"
def init(n):
privKey = [random.randint(1, 4**n)]
s = privKey[0]
for i in range(1, n):
privKey.append(random.randint(s + 1, 4**(n + i)))
s += privKey[i]
q = random.randint(privKey[n-1] + 1, 2*privKey[n-1])
r = random.randint(1, q)
while GCD(r, q) != 1:
r = random.randint(1, q)
pubKey = [ r*w % q for w in privKey ]
return pubKey,r,q
def encrypt(key,m):
global flag
data = [int(i, 2) for i in bin(bytes_to_long(bytes(flag[5:-1], encoding='utf-8')))[2:].rjust(128, '0')]
enc = 0
for i in range(len(data)):
enc += (key[i]*data[i])%m
return enc
def main():
data, w, m = init(128)
enc = encrypt(data,m)
with open("public.key","w") as fs:
fs.write(str(data))
with open("flag.enc","w") as fs:
fs.write("flag_chiper = "+str(enc))
fs.write("\nw = "+str(w))
fs.write("\nm = "+str(m))
if __name__ == '__main__':
main()
还有一个pubkey以及加密的flag文件
背包公钥密码体系,使用LLL算法进行超递增序列伪造,详见ctf_wiki,注意payload运行环境是sage
payload:
# open the public key and strip the spaces so we have a decent array
fileKey = open("public.key", 'r')
pubKey = fileKey.read().replace(' ', '').replace('L', '').strip('[]').split(',')
nbit = len(pubKey)
# open the encoded message
fileEnc = open("flag.enc", 'r')
encoded = fileEnc.read().replace('L', '')
print ("start")
# create a large matrix of 0's (dimensions are public key length +1)
A = Matrix(ZZ, nbit + 1, nbit + 1)
# fill in the identity matrix
for i in range(nbit):
A[i, i] = 1
# replace the bottom row with your public key
for i in range(nbit):
A[i, nbit] = int(pubKey[i])
# last element is the encoded message
A[nbit, nbit] = -int(encoded)
res = A.LLL()
for i in range(0, nbit + 1):
# print solution
M = res.row(i).list()
flag = True
for m in M:
if m != 0 and m != 1:
flag = False
break
if flag:
print (i, M)
M = ''.join(str(j) for j in M)
# remove the last bit
M = M[:-1]
print(eval("0b"+M).to_bytes(16,"big"))
Misc
1.Eazy SignIn
扫描二维码签到
2.抽象带师
题目:
🏇🐔💥🚒🐻🍤😶🤔🕗🔩🍍🐾🛑👜🕗🤷🎥🌪🎧🍀🐾🤛🍉🤗🕒👱🏥🥊🎀🐾📀😹🤶🤯🛑🤳🐉
emoji编码,在线网站:emoji cipher 即可解码
3. Can you see me?
打开附件一片空白,全选以后出现
根据题目提示的二进制,将短空格转“0”,长空格转“1”,得到
001100010101111101000000011011010101111101101001011011100111011000100001010100110110100101100010011011000110010100111111
01转字符串即可得到flag
4.Mikutap
题目给的是一段音频,然后给了源网站:Mikutap,然后听就完事了
5.PUZZLE
拼图题,详见我unctf wp那篇博客
6.CTFerの奇妙历险
游戏题,通关得flag,或者用修改器等等都行
7.社工
戳这里→社工wp
8.抽象带带带师
题目:
message:🛩🚫🏹🌉🔪🎈⌨👣🔬🌊😊😀🎅😎😎👉🕹🎃🚫🍌🐅🚫🏎🚪😎🎤🌿🍎👑😎ℹ😍🔬🌪🚨🔬🏎🔪😂👑🌉🎈⌨🖐😍🎤🥋👌🚪🍌🌪😆🏎👉👉😇🔬💵🔄😀🐍🤣🖐✅
If you want to decrypt what laffey said, you need two keys. However,the two keys are also encrypted.
key1:🛢😗🐶🏢💋🍅🧘🌯📟😆🏝🍄🏖🎼🍶🌆🤨🤹🤶🐺🙄👞🏳🕹🗄🤝🦉🌭🧠🤛🏐📦🐑🐉💳💅🐼📀🎢👊🧚🎭🔋🕐🍦🍴🙊🐙😊🏫🦈🐯
key2:👫👟👜🐗👢👜👰🐩🐗👠👪🐗👤👘👪👫👜👩
message使用emoji aes加密;key1同misc2;key2使用base100
9.Take Over–Heroes Never Die
考点:音频流隐写,zip
mp3tag分离封面以及得到key1:feng
010editor分析图片,在末尾发现二进制字符串
尝试转字符串(二进制-acsii)获得key2:xiao
mp3stegz分离出压缩包task.mp3.7z
解压压缩包又得到一个压缩包ziptask.7z,但是这个压缩包加密了,但是上一个压缩包有提示,猜得密码为JUST
解压得到一个压缩包和txt
这个压缩包也是加密的,但观察到压缩包里也有一个readme.txt
cracked中的txt文件crc32值为
ziptask中的txt文件crc32值为
发现两者一致,得知是zip明文攻击,将readme.txt用winrar压缩,务必使用winrar,否则会报错,然后用archpr工具得到密码为youfound
解压得到一个无后缀文件拖进010editor,发现pk结尾,补pk开头50 4B 03 04
得到压缩包,发现解压还需要密码,再次拖进010editor,发现全局方式位标记为09 00改成00 00即可,解压得到flag
结束语
希望各位新生可以从这次比赛中有所收获,并能明确自己的方向,也祝各位新生能在CTF的道路上越走越远,有所成就!
1711
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
