[青少年CTF]Crypto—Easy by 周末

已于 2022-12-05 00:05:33 修改
阅读量2.1k 收藏 7
点赞数 3
分类专栏: 青少年CTF 文章标签: python 经验分享 开发语言 算法 安全
于 2022-11-30 23:20:18 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_52307221/article/details/128124172
版权

闲的没事写份wp(~ ̄▽ ̄)~
个人博客:https://www.st1ck4r.top

0x01 一起下棋

考点:棋盘密码

image-20221025165156156

在线解密:https://www.qqxiuzi.cn/bianma/qipanmima.php

0x02 emoji

考点:Emoji表情符号编码,XXencode,核心价值观编码

Emoji表情符号编码

image-20221025200132210

XXencode

image-20221025200156471

核心价值观编码

image-20221025200245047

0x03 Some Word

考点:BubbleBabble编码,JSfuck编码,Brainfuck编码

BubbleBabble编码

image-20221025203408558

JSfuck编码

在线解密:http://www.hiencode.com/jsfuck.html

或者使用浏览器控制台进行解密

image-20221025203447075

image-20221025203706733

Brainfuck编码

image-20221025203758230

0x04 basic rsa

考点:RSA

附件中的脚本如下:

import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex

flag = "*****************"

p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551

e = 65533
n = p*q

c = pow(int(b2a_hex(flag),16),e,n)
print c

# 27565231154623519221597938803435789010285480123476977081867877272451638645710

解密脚本如下:

import gmpy2
from Crypto.Util.number import *

p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
c = 27565231154623519221597938803435789010285480123476977081867877272451638645710
e = 65533
n = p * q
phi_n = (p-1) * (q-1)

d = gmpy2.invert(e, phi_n)
m = pow(c, d, n)

print(long_to_bytes(m))

0x05 CheckIn

考点:base64,ROT47

先base64解码

image-20221025211916758

再用ROT47解密得到结果

image-20221025211959221

0x06 Keyboard

考点:手机键盘密码

image-20221026093658911

打开附件发现这些字母是手机26键键盘的第一行,上面有对应数字,并且位数在1到4位,说明是9键键盘,刚好和题目意思对上了,这种题写法就是比如o,对应9,就在九键键盘上9的位置,看o有多少位,3个o,就是9那个位置字符串的第三个字符,也就是y。

image-20221026094110998

明白原理后编写脚本:

c = "ooo yyy ii w uuu ee iii ee uuu ooo r yyy yyy e"
key26 = " qwertyuiop"
key9 = [" "," ","abc","def","ghi","jkl","mno","pqrs","tuv","wxyz"]
for part in c.split(" "):
    s = key26.index(part[0])
    count=len(part)
    print(key9[s][count-1],end="")

0x07 Morse

考点:摩斯密码,16进制转文本

摩斯密码

image-20221026102406495

16进制转文本

image-20221026102436695

0x08 Vigenère

考点:维吉尼亚密码无密钥解密

下载附件解压得到两个文件,Encode.c文件为加密脚本,但是缺失密钥

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main()
{
	freopen("flag.txt","r",stdin); 
	freopen("flag_encode.txt","w",stdout);
	char key[] = /*SADLY SAYING! Key is eaten by Monster!*/;
	int len = strlen(key);
	char ch;
	int index = 0;
	while((ch = getchar()) != EOF){
		if(ch>='a'&&ch<='z'){
			putchar((ch-'a'+key[index%len]-'a')%26+'a');
			++index;
		}else if(ch>='A'&&ch<='Z'){
			putchar((ch-'A'+key[index%len]-'a')%26+'A');
			++index;
		}else{
			putchar(ch);
		}
	}
	return 0;
}

由脚本可知flag_encode.txt为加密后的文本,通过在线解密网站爆破密钥解密文本得到flag。

image-20221026105749312

0x09 easyrsa

考点:RSA

题目如下:

from Crypto.Util.number import getPrime,bytes_to_long
from sympy import Derivative
from fractions import Fraction
from secret import flag

p=getPrime(1024)
q=getPrime(1024)
e=65537
n=p*q
z=Fraction(1,Derivative(arctan(p),p))-Fraction(1,Derivative(arth(q),q))
m=bytes_to_long(flag)
c=pow(m,e,n)
print(c,z,n)
'''
output:
7922547866857761459807491502654216283012776177789511549350672958101810281348402284098310147796549430689253803510994877420135537268549410652654479620858691324110367182025648788407041599943091386227543182157746202947099572389676084392706406084307657000104665696654409155006313203957292885743791715198781974205578654792123191584957665293208390453748369182333152809882312453359706147808198922916762773721726681588977103877454119043744889164529383188077499194932909643918696646876907327364751380953182517883134591810800848971719184808713694342985458103006676013451912221080252735948993692674899399826084848622145815461035
32115748677623209667471622872185275070257924766015020072805267359839059393284316595882933372289732127274076434587519333300142473010344694803885168557548801202495933226215437763329280242113556524498457559562872900811602056944423967403777623306961880757613246328729616643032628964072931272085866928045973799374711846825157781056965164178505232524245809179235607571567174228822561697888645968559343608375331988097157145264357626738141646556353500994924115875748198318036296898604097000938272195903056733565880150540275369239637793975923329598716003350308259321436752579291000355560431542229699759955141152914708362494482
15310745161336895413406690009324766200789179248896951942047235448901612351128459309145825547569298479821101249094161867207686537607047447968708758990950136380924747359052570549594098569970632854351825950729752563502284849263730127586382522703959893392329333760927637353052250274195821469023401443841395096410231843592101426591882573405934188675124326997277775238287928403743324297705151732524641213516306585297722190780088180705070359469719869343939106529204798285957516860774384001892777525916167743272419958572055332232056095979448155082465977781482598371994798871917514767508394730447974770329967681767625495394441
'''

分析:

  1. Derivative是表示导函数的类,它的第一个参数是需要进行求导的数学函数,第二个参数是求导的自变量,注意:Derivative所得到的是一个导函数,它不会进行求导运算;例:t=Derivative(sin(x),x)

  2. Fraction():进行分数运算,例:Fraction(2,8)等于0.25

  3. 反正切函数的求导:(arctanx)'= 1/(1+x^2);

  4. arth(x)是反双曲函数正切,(arth(x))'= 1/(1-x^2);

由此可得z=p^2 + q^2;

∵ n= p*q,z=p^2 + q^2;

∴ p + q = √(z + 2n) = √(p^2 + q^2 + 2pq) = √(p + q)^2,

​ p - q = √(z - 2n) = √(p^2 + q^2 - 2pq) = √(p - q)^2

则phi_n = (p-1)(q-1) = pq-(p+q )+1 = n - (p+q) + 1

编写解密脚本如下:

import gmpy2
from Crypto.Util.number import *

c = 7922547866857761459807491502654216283012776177789511549350672958101810281348402284098310147796549430689253803510994877420135537268549410652654479620858691324110367182025648788407041599943091386227543182157746202947099572389676084392706406084307657000104665696654409155006313203957292885743791715198781974205578654792123191584957665293208390453748369182333152809882312453359706147808198922916762773721726681588977103877454119043744889164529383188077499194932909643918696646876907327364751380953182517883134591810800848971719184808713694342985458103006676013451912221080252735948993692674899399826084848622145815461035
z = 32115748677623209667471622872185275070257924766015020072805267359839059393284316595882933372289732127274076434587519333300142473010344694803885168557548801202495933226215437763329280242113556524498457559562872900811602056944423967403777623306961880757613246328729616643032628964072931272085866928045973799374711846825157781056965164178505232524245809179235607571567174228822561697888645968559343608375331988097157145264357626738141646556353500994924115875748198318036296898604097000938272195903056733565880150540275369239637793975923329598716003350308259321436752579291000355560431542229699759955141152914708362494482
n = 15310745161336895413406690009324766200789179248896951942047235448901612351128459309145825547569298479821101249094161867207686537607047447968708758990950136380924747359052570549594098569970632854351825950729752563502284849263730127586382522703959893392329333760927637353052250274195821469023401443841395096410231843592101426591882573405934188675124326997277775238287928403743324297705151732524641213516306585297722190780088180705070359469719869343939106529204798285957516860774384001892777525916167743272419958572055332232056095979448155082465977781482598371994798871917514767508394730447974770329967681767625495394441
e = 65537

p_plus_q = gmpy2.iroot(z+2*n, 2)[0]
# Tips: gmpy2.iroot(x,n) x开n次根
# print(p_plus_q)
phi_n = n - p_plus_q + 1
# print(phi_n)
d = gmpy2.invert(e, phi_n)
# Tips: gmpy2.invert(x,m) 求大整数x模m的逆元
m = pow(c, d, n)
print(long_to_bytes(m))

0x10 BASE

考点:16进制转文本,base32,base64

直接扔到CyberChef自动解密即可。

image-20221026164927629

image-20221026164944948

0x11 bbbbbbrsa

考点:RSA

image-20221026170820318

from base64 import b64encode as b32encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import random

flag = "******************************"

nbit = 128

p = getPrime(nbit)
q = getPrime(nbit)
n = p*q

print p
print n

phi = (p-1)*(q-1)

e = random.randint(50000,70000)

while True:
	if gcd(e,phi) == 1:
		break;
	else:
		e -= 1;

c = pow(int(b2a_hex(flag),16),e,n)

print b32encode(str(c))[::-1]
# 2373740699529364991763589324200093466206785561836101840381622237225512234632

分析:

enc文件给出了p,n,c,可求出q。

根据题目脚本可知e为50000到70000之间的随机值,所以我们对e进行遍历,爆破求出d。

最后判断明文中是否含有flag字样来确认最后答案(或者全部输出出来挨个找)。

解密脚本如下:

import gmpy2
import base64
from Crypto.Util.number import *

p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
q = n//p
c = '==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM'
c = int(base64.b64decode(c[::-1]))
# c在脚本文件中给出,这里直接拿来用即可
phi_n = (p - 1) * (q - 1)

for e in range(50000,70000):
	if gmpy2.gcd(e, phi_n) == 1:
	# gmpy2.gcd(a,b) 求大整数a,b的最大公因数
		d = gmpy2.invert(e, phi_n)
		m = long_to_bytes(pow(c, d, n))
		if 'flag' in str(m):
			print(m)
		else:
			continue

0x12 hill

考点:希尔密码

对希尔密码没太多研究,这里直接贴原题wp以及解密脚本。

s='wznqcaduqopfkqnwofDbzgeu'
flag_pre='utflag'
def getit(a1,b1,c1,a2,b2,c2,a3,b3,c3):
    for i in range(26):
        for j in range(26):
            if (a1 * i + b1 * j) % 26 == c1 and (a2 * i + b2 * j) % 26 == c2 and (a3 * i+b3*j) % 26 == c3:
                return (i,j)
x1=getit(22,25,20,13,16,5,2,0,0)
x2=getit(22,25,19,13,16,11,2,0,6)
import string
flag=''
for i in range(0, len(s),2):
    flag+=string.ascii_letters[(x1[0]*string.ascii_letters.index(s[i])+x1[1]*string.ascii_letters.index(s[i+1]))%26]
    flag+=string.ascii_letters[(x2[0]*string.ascii_letters.index(s[i])+x2[1]*string.ascii_letters.index(s[i+1]))%26]
print(flag)

https://www.cnblogs.com/1ucky/p/16257212.html

https://blog.csdn.net/m0_52727862/article/details/119118956

0x13 no_can_no_bb

考点:AES密钥爆破

题目源码:

import random
from Crypto.Util.number import long_to_bytes
from Crypto.Cipher import AES
from secret import flag

assert flag[:5] ==b'cazy{'

def pad(m):
    tmp = 16-(len(m)%16)
    return m + bytes([tmp for _ in range(tmp)])

def encrypt(m,key):
    aes = AES.new(key,AES.MODE_ECB)
    return aes.encrypt(m)

if __name__ == "__main__":
    flag = pad(flag)
    key = pad(long_to_bytes(random.randrange(1,1<<20)))
    c = encrypt(flag,key)
    print(c)
# b'\x9d\x18K\x84n\xb8b|\x18\xad4\xc6\xfc\xec\xfe\x14\x0b_T\xe3\x1b\x03Q\x96e\x9e\xb8MQ\xd5\xc3\x1c'

解密脚本:

import random
from Crypto.Util.number import long_to_bytes
from Crypto.Cipher import AES

def pad(m):
    tmp = 16-(len(m)%16)
    return m + bytes([tmp for _ in range(tmp)])

def decrypt(c, key):
    aes = AES.new(key, AES.MODE_ECB)
    return aes.decrypt(c)

def main():
    c = b'\x9d\x18K\x84n\xb8b|\x18\xad4\xc6\xfc\xec\xfe\x14\x0b_T\xe3\x1b\x03Q\x96e\x9e\xb8MQ\xd5\xc3\x1c'
    for i in range(0, 1 << 20):
        key = pad(long_to_bytes(i))
        flag = decrypt(c, key)
        if flag.startswith(b'cazy{'):
            print(flag.decode())

if __name__ == '__main__':
    main()

https://copyfuture.com/blogs-details/202204180203574829#no_cry_no_bb_309

0x14 Relayb64

考点:base64换表

直接丢进cyberchef解密即可。

image-20221026205040033

0x15 basic-crypto

考点:二进制转文本,base64,凯撒密码,替换加密2222

image-20221026210409494

先通过二进制文本转换

image-20221026210522461

再经过base64解密(表已给出)

image-20221026210747925

提示罗马人,猜测为凯撒密码

image-20221026210947153

根据提示可知为替换加密,并且由utflag{开头

image-20221026211128545

通过替换解密网站解密获得flag。

image-20221026211337894

0x16 you_raise_me_up

考点:离散对数,同余数运算

题目脚本如下:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from Crypto.Util.number import *
import random

n = 2 ** 512
m = random.randint(2, n-1) | 1
c = pow(m, bytes_to_long(flag), n)
print 'm = ' + str(m)
print 'c = ' + str(c)

# m = 391190709124527428959489662565274039318305952172936859403855079581402770986890308469084735451207885386318986881041563704825943945069343345307381099559075
# c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211308485605397024123180085924117610802485972584499

解密脚本如下:

m = 391190709124527428959489662565274039318305952172936859403855079581402770986890308469084735451207885386318986881041563704825943945069343345307381099559075
c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211308485605397024123180085924117610802485972584499
n = 2 ** 512

import sympy
flag=sympy.discrete_log(2**512,c,m)
import binascii
print(binascii.unhexlify(hex(flag)[2:]))#将答案的十六进制转出来就行

2020网鼎杯-青龙组-you raise me up赛题讲解

0x17 这是base??

考点:变异base64

image-20221026213546246

附件的文本给出了修改过的码表和通过新码表生成的密文,编写脚本如下:

import base64

c = "FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw"
dict = {0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
Dict = ''

for i in range(0,65):
	#用于替换的新码表
	Dict+=dict[i]
# print(Dict)
# 默认码表
old_b64dic = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="

print(base64.b64decode(c.translate(str.maketrans(Dict,old_b64dic))))

0x18 ABBB

考点:字符替换,替换加密

image-20221026214632174

看格式猜测为摩斯密码,将A替换为 - ,B替换为 . ,并进行解密:

image-20221026214759124

在密文中看到一段疑似flag的字符串,结合题目描述,猜测为替换加密:

image-20221026215232945

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Dj6z1h42-1669820236723)(https://st1ck4r-1307158806.cos.ap-shanghai.myqcloud.com/hexo-img%2F202210262153050.png)]

将字母转换为小写并加上flag{}即可。

0x19 UUID

考点:栅栏密码,ROT

image-20221027085759606

先栅栏密码解一下,在栅栏32处可得到flag字样

image-20221027085910507

使用CyberChef的“ROT47 Brute Force”可以看到在rot32处可以看到flag{,rot31处可以看到uuid格式

image-20221027090504244

将二者结合一下即可得到flag。

0x20 RSA3

考点:RSA共模攻击

题目:

c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291

分析:

已知n,e1,c1,e2,c2,求解明文,采用共模攻击

共模攻击是指生成秘钥的过程中使用了相同的模数n,此时用不同的秘钥e1,e2加密同一信息m,得到不同的密文c1,c2,即

m^e1 % n = c1

m^e2 % n = c2

因为e1和e2都是素数,所以由扩展欧几里得算法

可以计算出s1和s2,使得e1 * s1 + e2 * s2 = 1

根据这些信息,可以直接计算m。

解密脚本:

import gmpy2
import  binascii
    
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291

#扩展欧几里得算法
#return (r,x,y) 其中,r为a和b的最大公约数,xy满足ax + by = 1
r, s1, s2 = gmpy2.gcdext(e1, e2)    #计算s1,s2
m = (gmpy2.powmod(c1,s1,n)*gmpy2.powmod(c2,s2,n)) % n   #计算明文m

m = hex(m)[2:]
print("明文数据为:0x" + m)
flag = binascii.unhexlify(m)
print(flag)

RSA详细讲解请关注B站风二西

0x21 两块钱一次

考点:RSA

题目如下:

from Crypto.Util.number import *
from secret import flag

size = 1024
e = 65537
p = getPrime(size)
q = getPrime(size)
secret_number = p//2 + q//2
n = p*q

m = bytes_to_long(flag)
c = pow(m, e, n)

print('n = %d' % n)
print('secret_number = %d' % secret_number)
print('c = %d' % c)
'''
n = 22509086801958243584160896092746908630694018090056581017461443058446441899125092070639421197960378516372961277369740470406529943787211214964921083230926914343320661425624084409196872152674139019296604017412393812478062858042969761505020435940284503998062749707777048407106244812010761907190446218013202432083648343986092795304412078098832180950855581860843921608824482050763432049397135876577736184015035186956050899352615144545509108040234866166011938627657466203544914633594539776744105171825849608987456098888757535649477495128317810377886255753844074902127204594231503064532577241801932109207903469027362510506233
secret_number = 150814869558908087373464058202864038290992977960954022076493222042224699347856531016137334973082497483862270347934436594302143317750441792382701202396256173557675825668931157699846667286710175089825878631391093991147501899560360870600289219263223003413131728798812934604722319716762320615256029047005650484533
c = 8684819352060095140949755961626772275008541063620112226993948898217712105916743906266076784387852185058063580919761791704218108240937658757953644599584186462340112568545708954511494324407027145573632677044815957027804511347554060726296964346328343726403238305461023048724076194233352083590973693034206285350840404541871139333496967358749655838362873289564030144881687304779855244006191034457460831852327662418152650018585974958279046682474752240105120100306165547388506944241361336578650749566884180089756118324426547977914736225291225790022735934050192892414308107766266269197250386196913540163145594578786980011396
'''

分析:

∵phi_n = (p - 1)(q - 1) = pq - (p + q) + 1

而p*q=n已知,secret_number = p//2 + q//2 = (p + q)//2

将 secret_number * 2 即可得到p + q的值

∴phi_n = (p - 1)*(q - 1) = n - secret_number * 2 + 1

解题脚本如下:

import gmpy2
from Crypto.Util.number import *

n = 22509086801958243584160896092746908630694018090056581017461443058446441899125092070639421197960378516372961277369740470406529943787211214964921083230926914343320661425624084409196872152674139019296604017412393812478062858042969761505020435940284503998062749707777048407106244812010761907190446218013202432083648343986092795304412078098832180950855581860843921608824482050763432049397135876577736184015035186956050899352615144545509108040234866166011938627657466203544914633594539776744105171825849608987456098888757535649477495128317810377886255753844074902127204594231503064532577241801932109207903469027362510506233
secret_number = 150814869558908087373464058202864038290992977960954022076493222042224699347856531016137334973082497483862270347934436594302143317750441792382701202396256173557675825668931157699846667286710175089825878631391093991147501899560360870600289219263223003413131728798812934604722319716762320615256029047005650484533
c = 8684819352060095140949755961626772275008541063620112226993948898217712105916743906266076784387852185058063580919761791704218108240937658757953644599584186462340112568545708954511494324407027145573632677044815957027804511347554060726296964346328343726403238305461023048724076194233352083590973693034206285350840404541871139333496967358749655838362873289564030144881687304779855244006191034457460831852327662418152650018585974958279046682474752240105120100306165547388506944241361336578650749566884180089756118324426547977914736225291225790022735934050192892414308107766266269197250386196913540163145594578786980011396
e = 65537

phi_n = n - secret_number*2 + 1

d = gmpy2.invert(e,phi_n)
m = pow(c,d,n)
print(long_to_bytes(m))

0x22 继续扫把要有耐心

考点:base64,md5

解压附件后获得一千多张二维码

image-20221027144318253

使用python的pyzbar模块进行批量扫码

for i in range(1,1858):
    qrcode = cv2.imread(str(i)+'.png')
    data = pyzbar.decode(qrcode)[0].data.decode("utf-8")

扫完后发现为base编码后的文本,其中插着一些摩斯密码,根据题目描述,推定摩斯密码为干扰项,进行删除处理,获得以下文本:

image-20221027145356494

image-20221027145336993

用base64解码之后发现还有一层base64,所以这是双层base64编码,需要解码两次:

for i in range(0,len(debase)):
    #解两次base64
    md_5+=base64.b64decode(base64.b64decode(debase[i])).decode()
    md_5+='\n'

image-20221027145800139

解码后发现为md5,这里可以通过在线md5网站挨个进行解密

image-20221027145930903

或者通过字符md5值比对获得flag。

wordlist='abcdefghijklmnopqrstuvwxyz1234567890-}{'

for i in range(0,len(cmd5)):
    for word in wordlist:
        md5 = hashlib.md5(word.encode()).hexdigest()
        if md5 == str(cmd5[i].rstrip('\n')):
            flag += word

完整解密脚本如下:

import hashlib
import cv2
import pyzbar.pyzbar as pyzbar
import base64

def QRcode():
    for i in range(1,1858):
        qrcode = cv2.imread(str(i)+'.png')
        data = pyzbar.decode(qrcode)[0].data.decode("utf-8")

        with open('decode.txt','a') as f:
            #去除文本中的摩斯密码
            if data == '.' or data == '-' or data == '/':
                continue
            elif data == '=':
                f.write(data+'\n')
            else:
                f.write(data)
        f.close()

def base():
    md_5=''
    base = open('decode.txt','r')
    debase=base.readlines()
    for i in range(0,len(debase)):
        #解两次base64
        md_5+=base64.b64decode(base64.b64decode(debase[i])).decode()
        md_5+='\n'
    base.close()
    
    
    with open('decode.txt','w') as f:
        f.write(md_5)
        f.close()


def cmd5():
    wordlist='abcdefghijklmnopqrstuvwxyz1234567890-}{'
    flag=''
    md_5 = open('decode.txt','r')
    cmd5=md_5.readlines()
    md_5.close()

    #清空txt
    with open('decode.txt','w') as f:
        f.write('')
        f.close()

    #MD5字典比对
    for i in range(0,len(cmd5)):
        for word in wordlist:
            md5 = hashlib.md5(word.encode()).hexdigest()
            if md5 == str(cmd5[i].rstrip('\n')):
                flag += word
                with open('decode.txt','a') as f:
                    f.write(cmd5[i].rstrip('\n')+' = '+word+'\n')
                    f.close()
            else:
                continue
    print(flag)

def main():

    QRcode()
    base()
    cmd5()

if __name__ == '__main__':
    main()

后话:

解密脚本跑出来的flag总是提交不对,问了出题人才发现是类UUID的格式,跑出来的flag少了一个“-”,这个需要加哪就自己想想吧。

0x23 op

考点:套娃,base64换表,base62,rabbit,gunzip,base58

经典套娃题

第一层:图片属性查看

image-20221028100441840

获得密码1.zip的解压密码。

第二层:base64换表

image-20221028100603786

获得密码2.zip的解压密码。

第三层:base62

image-20221028101256408

获得密码3.zip的解压密码。

第四层:rabbit

image-20221028101400116

获得密码4.zip的解压密码。

第五层:base64 + gunzip

image-20221028101609384

获得密码5.zip的解压密码。

第六层:base58

image-20221028101747612

获得密码end.zip的解压密码,获得flag。

Tips:

​ 这道题很坑,有两层的解码必须使用那一个网站,其他网站都解不出来(至少我知道的没有),我怀疑出题人是来推广网站的内鬼!!!

0x24 gcd(n,c) != 1

from Crypto.Util.number import *
import gmpy2
from secret import flag
p = getPrime(1024)
q = getPrime(1024)
n = p * q
e = 65537
M = 2193887977 * flag * 3998648981 * p
c = pow(M, e, n)
print("e =",e)
print("n =",n)
print("c =",c)
'''
e = 65537
n = 16545807420674777260731864728347692716852933013510358278073611202332007473720430465950210831453874174540180585130284986359779330000733801240082822726387902347966983737629273658535545686936237936141483317768284389938633104733197235832335532556051916980785242007600099011879153728673588069312464701972213839299879617298657885362677778298115085245941641554378903105514256327378280355541317734041694207413428357390976229783945342498503928320163518890180270876637471305246355642573272287605884886848334407391989468718620712850803967430982862388658124662960138965477608743720994149731284055156410574157127935169200967464041
c = 12573125100440645635208438773062729879925788414291653704773664596815708408240935990941291157120226868540261287915991224097557261582576026311296297903426539698340847115148512587335396876711554850903542557730065494111799880290379940930365470290145336039125564114042461210457424293463908053697465052970279014937763120461866776230177455716958740744166180107518057001616745826304829048973489497061351429249921261051497057199034052110749413864159973040289368555140264908416367160930311792183536096094258397119579836896890818783685069994299697780296136914500206334079756465995253952551310399723804193050511824397531239144341
'''

nc不互素。

解题脚本如下:

from Crypto.Util.number import *
import gmpy2 

c = 12573125100440645635208438773062729879925788414291653704773664596815708408240935990941291157120226868540261287915991224097557261582576026311296297903426539698340847115148512587335396876711554850903542557730065494111799880290379940930365470290145336039125564114042461210457424293463908053697465052970279014937763120461866776230177455716958740744166180107518057001616745826304829048973489497061351429249921261051497057199034052110749413864159973040289368555140264908416367160930311792183536096094258397119579836896890818783685069994299697780296136914500206334079756465995253952551310399723804193050511824397531239144341
n = 16545807420674777260731864728347692716852933013510358278073611202332007473720430465950210831453874174540180585130284986359779330000733801240082822726387902347966983737629273658535545686936237936141483317768284389938633104733197235832335532556051916980785242007600099011879153728673588069312464701972213839299879617298657885362677778298115085245941641554378903105514256327378280355541317734041694207413428357390976229783945342498503928320163518890180270876637471305246355642573272287605884886848334407391989468718620712850803967430982862388658124662960138965477608743720994149731284055156410574157127935169200967464041
e = 65537

p = gmpy2.gcd(n,c)
q = n//p

phi_n = (p-1)*(q-1)
d = gmpy2.invert(e,phi_n)
M = pow(c,d,n)
m = M//(2193887977 * 3998648981 * p)

print(long_to_bytes(m))

0x25 BabyRSA

考点:RSA

image-20221027150452078

已知p+q,(p+1)(q+1),e,d以及密文enc_flag。

分析:

∵(p+1)(q+1)=p*q+p+q+1,(p+1)(q+1),p+q已知;

而n=p*q;

∴n=(p+1)(q+1)-(p+q)-1

解密脚本如下:

from Crypto.Util.number import *

p_q = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
p_1_p_1 = 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
e = 0xe6b1bee47bd63f615c7d0a43c529d219
d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
c = 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a

n = p_1_p_1 - p_q - 1

m=pow(c,d,n)
print(long_to_bytes(m))

0x26 crypto-classic0

考点:压缩包密码爆破,异或加密

image-20221027153326099

image-20221027153337239

image-20221027153401632

附件中三个文件,其中一个为加密的压缩包,提示密码为小z的生日(知道密码为纯数字就行),使用压缩包爆破工具ARCHPR进行爆破。

image-20221027153830618

解压后获得密文加密脚本:

#include<stdio.h>

char flag[25] = ***

int main()
{
	int i;
	for(i=0;i<25;i++)
	{
		flag[i] -= 3;
		flag[i] ^= 0x7;
		printf("%c",flag[i]);
	}
	return 0; 
}

一个简单的异或,编写解密脚本如下:

c='Ygvdmq[lYate[elghqvakl}'
m=''

for i in c:
    #异或的异或等于不异或
    a=ord(i)^0x7
    a+=3
    m+=chr(a)
print(m)

0x27 NO SOS

考点:培根密码

image-20221027160054613

根据题目名称以及题目描述可知培根密码

将’.‘和’-'分别替换为’A’和’B’后,发现存在没有被替换的字符

image-20221027160645633

采用手动替换

image-20221027161312810

培根密码在线解密可得flag:

image-20221027161357024

0x28 Polybius

考点:波利比奥斯方阵密码

image-20221027162700873

先了解一下波利比奥斯方阵密码

image-20221027162541343

编写排布方式遍历脚本:

import itertools

s="aeoiu"
sumresult=[]
numsumresult=[]
ciper="ouauuuoooeeaaiaeauieuooeeiea"
for i in itertools.permutations(s,5):#找出所有全排列
    sumresult.append("".join(i))
for i in sumresult:
    temp=""
    for j in ciper:
        temp+=str(i.index(j)+1)
    numsumresult.append(temp)
for i in numsumresult:
    ans_=""
    for j in range(0, len(i),2):
        xx=(int(i[j])-1)*5+int(i[j+1])+96
        if xx>ord('i'):
            xx+=1
        ans_+=chr(xx)
    print(ans_)

0x29 RSA

考点:RSA

题目脚本如下:

from Crypto.Util.number import getPrime,bytes_to_long

flag=open("flag","rb").read()

p=getPrime(1024)
q=getPrime(1024)
assert(e<100000)
n=p*q
m=bytes_to_long(flag)
c=pow(m,e,n)
print c,n
print pow(294,e,n)

p=getPrime(1024)
n=p*q
m=bytes_to_long("BJD"*32)
c=pow(m,e,n)
print c,n

'''
output:
12641635617803746150332232646354596292707861480200207537199141183624438303757120570096741248020236666965755798009656547738616399025300123043766255518596149348930444599820675230046423373053051631932557230849083426859490183732303751744004874183062594856870318614289991675980063548316499486908923209627563871554875612702079100567018698992935818206109087568166097392314105717555482926141030505639571708876213167112187962584484065321545727594135175369233925922507794999607323536976824183162923385005669930403448853465141405846835919842908469787547341752365471892495204307644586161393228776042015534147913888338316244169120  13508774104460209743306714034546704137247627344981133461801953479736017021401725818808462898375994767375627749494839671944543822403059978073813122441407612530658168942987820256786583006947001711749230193542370570950705530167921702835627122401475251039000775017381633900222474727396823708695063136246115652622259769634591309421761269548260984426148824641285010730983215377509255011298737827621611158032976420011662547854515610597955628898073569684158225678333474543920326532893446849808112837476684390030976472053905069855522297850688026960701186543428139843783907624317274796926248829543413464754127208843070331063037
381631268825806469518166370387352035475775677163615730759454343913563615970881967332407709901235637718936184198930226303761876517101208677107311006065728014220477966000620964056616058676999878976943319063836649085085377577273214792371548775204594097887078898598463892440141577974544939268247818937936607013100808169758675042264568547764031628431414727922168580998494695800403043312406643527637667466318473669542326169218665366423043579003388486634167642663495896607282155808331902351188500197960905672207046579647052764579411814305689137519860880916467272056778641442758940135016400808740387144508156358067955215018
979153370552535153498477459720877329811204688208387543826122582132404214848454954722487086658061408795223805022202997613522014736983452121073860054851302343517756732701026667062765906277626879215457936330799698812755973057557620930172778859116538571207100424990838508255127616637334499680058645411786925302368790414768248611809358160197554369255458675450109457987698749584630551177577492043403656419968285163536823819817573531356497236154342689914525321673807925458651854768512396355389740863270148775362744448115581639629326362342160548500035000156097215446881251055505465713854173913142040976382500435185442521721  12806210903061368369054309575159360374022344774547459345216907128193957592938071815865954073287532545947370671838372144806539753829484356064919357285623305209600680570975224639214396805124350862772159272362778768036844634760917612708721787320159318432456050806227784435091161119982613987303255995543165395426658059462110056431392517548717447898084915167661172362984251201688639469652283452307712821398857016487590794996544468826705600332208535201443322267298747117528882985955375246424812616478327182399461709978893464093245135530135430007842223389360212803439850867615121148050034887767584693608776323252233254261047
'''

题目中对于p值输入了两次,所以前后n对应不同的值,于是,我们可以从个题目中得知 c1,n1,c294,c2,n2 五个条件。

分析:

前后q值相同,于是我们可以用gcd函数求出q值,进而求出在不同操作中的p1和p2值。
通过 c294 = pow(294,e,n1)这个条件对e进行暴力求解。

解密脚本如下:

import gmpy2
from Crypto.Util.number import *
 
c1=12641635617803746150332232646354596292707861480200207537199141183624438303757120570096741248020236666965755798009656547738616399025300123043766255518596149348930444599820675230046423373053051631932557230849083426859490183732303751744004874183062594856870318614289991675980063548316499486908923209627563871554875612702079100567018698992935818206109087568166097392314105717555482926141030505639571708876213167112187962584484065321545727594135175369233925922507794999607323536976824183162923385005669930403448853465141405846835919842908469787547341752365471892495204307644586161393228776042015534147913888338316244169120  
n1=13508774104460209743306714034546704137247627344981133461801953479736017021401725818808462898375994767375627749494839671944543822403059978073813122441407612530658168942987820256786583006947001711749230193542370570950705530167921702835627122401475251039000775017381633900222474727396823708695063136246115652622259769634591309421761269548260984426148824641285010730983215377509255011298737827621611158032976420011662547854515610597955628898073569684158225678333474543920326532893446849808112837476684390030976472053905069855522297850688026960701186543428139843783907624317274796926248829543413464754127208843070331063037
 
c294=381631268825806469518166370387352035475775677163615730759454343913563615970881967332407709901235637718936184198930226303761876517101208677107311006065728014220477966000620964056616058676999878976943319063836649085085377577273214792371548775204594097887078898598463892440141577974544939268247818937936607013100808169758675042264568547764031628431414727922168580998494695800403043312406643527637667466318473669542326169218665366423043579003388486634167642663495896607282155808331902351188500197960905672207046579647052764579411814305689137519860880916467272056778641442758940135016400808740387144508156358067955215018

c2=979153370552535153498477459720877329811204688208387543826122582132404214848454954722487086658061408795223805022202997613522014736983452121073860054851302343517756732701026667062765906277626879215457936330799698812755973057557620930172778859116538571207100424990838508255127616637334499680058645411786925302368790414768248611809358160197554369255458675450109457987698749584630551177577492043403656419968285163536823819817573531356497236154342689914525321673807925458651854768512396355389740863270148775362744448115581639629326362342160548500035000156097215446881251055505465713854173913142040976382500435185442521721  
n2=12806210903061368369054309575159360374022344774547459345216907128193957592938071815865954073287532545947370671838372144806539753829484356064919357285623305209600680570975224639214396805124350862772159272362778768036844634760917612708721787320159318432456050806227784435091161119982613987303255995543165395426658059462110056431392517548717447898084915167661172362984251201688639469652283452307712821398857016487590794996544468826705600332208535201443322267298747117528882985955375246424812616478327182399461709978893464093245135530135430007842223389360212803439850867615121148050034887767584693608776323252233254261047
 
p = gmpy2.gcd(n1,n2)
q1 = n1//p
phi_n = (p-1)*(q1-1)
for e in range(1,100000):
    if c294 == pow(294,e,n1):
        break
d = gmpy2.invert(e,phi_n)
m = pow(c1,d,n1)
print(long_to_bytes(m))

0x30 single

考点:替换加密

密文:

image-20221027173627534

加密脚本:

#include <bits/stdc++.h>
using namespace std;
int main()
{
	freopen("Plain.txt","r",stdin);
	freopen("Cipher.txt","w",stdout);
	map<char, char> f;
	int arr[26];
	for(int i=0;i<26;++i){
		arr[i]=i;
	}
	random_shuffle(arr,arr+26);
	for(int i=0;i<26;++i){
		f['a'+i]='a'+arr[i];
		f['A'+i]='A'+arr[i];
	}
	char ch;
	while((ch=getchar())!=EOF){
		if(f.count(ch)){
			putchar(f[ch]);
		}else{
			putchar(ch);
		}
	}
	return 0;
}

题目提示无规律替换加密,直接在线词频分析网站分析即可。

image-20221027173908836

0x31 编码与调制

考点:曼彻斯特编码

image-20221027175330584

用工具直接解:

image-20221027175417855

最后复制16进制转换成文本获得flag(工具解出来需要自己添加一个B)

image-20221027175505449

0x32 childRSA

考点:RSA,费马小定理

题目:

from random import choice
from Crypto.Util.number import isPrime, sieve_base as primes
from flag import flag


def getPrime(bits):
    while True:
        n = 2
        while n.bit_length() < bits:
            n *= choice(primes)
        if isPrime(n + 1):
            return n + 1

e = 0x10001
m = int.from_bytes(flag.encode(), 'big')
p, q = [getPrime(2048) for _ in range(2)]
n = p * q
c = pow(m, e, n)

# n = 32849718197337581823002243717057659218502519004386996660885100592872201948834155543125924395614928962750579667346279456710633774501407292473006312537723894221717638059058796679686953564471994009285384798450493756900459225040360430847240975678450171551048783818642467506711424027848778367427338647282428667393241157151675410661015044633282064056800913282016363415202171926089293431012379261585078566301060173689328363696699811123592090204578098276704877408688525618732848817623879899628629300385790344366046641825507767709276622692835393219811283244303899850483748651722336996164724553364097066493953127153066970594638491950199605713033004684970381605908909693802373826516622872100822213645899846325022476318425889580091613323747640467299866189070780620292627043349618839126919699862580579994887507733838561768581933029077488033326056066378869170169389819542928899483936705521710423905128732013121538495096959944889076705471928490092476616709838980562233255542325528398956185421193665359897664110835645928646616337700617883946369110702443135980068553511927115723157704586595844927607636003501038871748639417378062348085980873502535098755568810971926925447913858894180171498580131088992227637341857123607600275137768132347158657063692388249513
# c = 26308018356739853895382240109968894175166731283702927002165268998773708335216338997058314157717147131083296551313334042509806229853341488461087009955203854253313827608275460592785607739091992591431080342664081962030557042784864074533380701014585315663218783130162376176094773010478159362434331787279303302718098735574605469803801873109982473258207444342330633191849040553550708886593340770753064322410889048135425025715982196600650740987076486540674090923181664281515197679745907830107684777248532278645343716263686014941081417914622724906314960249945105011301731247324601620886782967217339340393853616450077105125391982689986178342417223392217085276465471102737594719932347242482670320801063191869471318313514407997326350065187904154229557706351355052446027159972546737213451422978211055778164578782156428466626894026103053360431281644645515155471301826844754338802352846095293421718249819728205538534652212984831283642472071669494851823123552827380737798609829706225744376667082534026874483482483127491533474306552210039386256062116345785870668331513725792053302188276682550672663353937781055621860101624242216671635824311412793495965628876036344731733142759495348248970313655381407241457118743532311394697763283681852908564387282605279108

对费马小定理了解不多,这里直接贴原题wp:https://blog.csdn.net/qq_61774705/article/details/124676106

0x33 Crypt0r

考点:替换加密

打开题目附件,给了一个网址,访问后下载一个流量包

image-20221027180422651

image-20221027180456844

追踪TCP流获得加密文本,使用在线替换加密网站进行解密获得flag。

image-20221027180634947

image-20221027180744899

0x34 crypto-classic1

考点:键盘密码,维吉尼亚密码

image-20221027204236063

电脑键盘密码,每五个字符圈起来的那个字符连起来就是压缩包密码

image-20221027204615620

接下来找密钥。根据题目ACTF,猜测接出来的flag应该是‘ACTF开头’,对于维吉尼亚表格可以找到密钥:spsp或者sp

image-20221027205437453

利用解密工具解出flag。

image-20221027205652680

0x35 crypto-rsa0

考点:伪加密,RSA

image-20221027205954205

提示为压缩包伪加密,将压缩包用010editor打开,将这两处改为00即可正常解压。

image-20221027210325327

image-20221027210352617

解压后获得rsa的加密脚本和输出文本

from Cryptodome.Util.number import *
import random

FLAG=#hidden, please solve it
flag=int.from_bytes(FLAG,byteorder = 'big')


p=getPrime(512)
q=getPrime(512)

print(p)
print(q)
N=p*q
e=65537
enc = pow(flag,e,N)
print (enc)


p = 9018588066434206377240277162476739271386240173088676526295315163990968347022922841299128274551482926490908399237153883494964743436193853978459947060210411
q = 7547005673877738257835729760037765213340036696350766324229143613179932145122130685778504062410137043635958208805698698169847293520149572605026492751740223
enc = 50996206925961019415256003394743594106061473865032792073035954925875056079762626648452348856255575840166640519334862690063949316515750256545937498213476286637455803452890781264446030732369871044870359838568618176586206041055000297981733272816089806014400846392307742065559331874972274844992047849472203390350

已知p,q,e,编写解密脚本如下:

import gmpy2
from Crypto.Util.number import *

p = 9018588066434206377240277162476739271386240173088676526295315163990968347022922841299128274551482926490908399237153883494964743436193853978459947060210411
q = 7547005673877738257835729760037765213340036696350766324229143613179932145122130685778504062410137043635958208805698698169847293520149572605026492751740223
enc = 50996206925961019415256003394743594106061473865032792073035954925875056079762626648452348856255575840166640519334862690063949316515750256545937498213476286637455803452890781264446030732369871044870359838568618176586206041055000297981733272816089806014400846392307742065559331874972274844992047849472203390350
e = 65537

n = p * q
phi_n = (p-1) * (q-1)

d = gmpy2.invert(e, phi_n)
m = pow(enc, d, n)

print(long_to_bytes(m))

0x36 LinearEquations

考点:线性方程(?)

加密脚本:

from Crypto.Util.number import*
from secret import flag
assert flag[:5] == b'cazy{'
assert flag[-1:] == b'}'
flag = flag[5:-1]
assert(len(flag) == 24)

class my_LCG:
    def __init__(self, seed1 , seed2):
        self.state = [seed1,seed2]
        self.n = getPrime(64)
        while 1:
            self.a = bytes_to_long(flag[:8])
            self.b = bytes_to_long(flag[8:16])
            self.c = bytes_to_long(flag[16:])
            if self.a < self.n and self.b < self.n and self.c < self.n:
                break
    
    def next(self):
        new = (self.a * self.state[-1] + self.b * self.state[-2] + self.c) % self.n
        self.state.append( new )
        return new

def main():
    lcg = my_LCG(getRandomInteger(64),getRandomInteger(64))
    print("data = " + str([lcg.next() for _ in range(5)]))
    print("n = " + str(lcg.n))

if __name__ == "__main__":
    main() 

# data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]
# n = 10104483468358610819

不会做,官方wp在此

from Crypto.Util.number import long_to_bytes
import gmpy2
data = [2626199569775466793, 8922951687182166500, 454458498974504742, 7289424376539417914, 8673638837300855396]
n = 10104483468358610819
r = []
for i in range(10):
  r.append([])
  for j in range(10):
    r[i].append(0)
    
for i in range(3):
  for j in range(3):
    r[i][j] = data[i + j]

for i in range(2):
  for j in range(3):
    r[i][j] = (r[i][j] - r[i + 1][j]) % n 

k = gmpy2.invert(r[0][0], n)
for j in range(3):
  r[0][j] = (r[0][j] * k) % n

k = r[1][0]
for j in range(3):
  r[1][j] = (r[1][j] - k * r[0][j]) % n

k = gmpy2.invert(r[1][1], n)

for j in range(3):
  r[1][j] = (r[1][j] * k) % n

k = r[0][1]
for j in range(3):
  r[0][j] = (r[0][j] - k * r[1][j]) % n #解出a和b
#用a和b求c
a = 8175498372211240502
b = 5490290802446982981
c = data[2] - a * data[0] - b * data[1]
c=c%n
print(long_to_bytes(b) + long_to_bytes(a) + long_to_bytes(c))

0x37 MagicNum

考点:计算机浮点数保存

image-20221027211644551

这个题考的是数据在计算机内存中的存储,需要将上面的数据转换为 内部存储模式再转换为 二进制数据,再转成字节,就得到 flag了。

解题脚本如下:

from libnum import*
import struct

s = [72065910510177138000000000000000.000000,71863209670811371000000.000000,18489682625412760000000000000000.000000,72723257588050687000000.000000,4674659167469766200000000.000000,19061698837499292000000000000000000000.000000]
a = ''
b = ''
for i in s:
    i = float(i)
    a += struct.pack('<f',i).hex()        #小端
print(a)

for j in s:
    i = float(i)
    b += struct.pack('>f',i).hex()        #大端
print(b)
a = 0x61666374667b7365635f69735f657665727977686572657d
b = 0x7d6572657d6572657d6572657d6572657d6572657d657265
print(n2s(a))
print(n2s(b))

参考:https://blog.csdn.net/MikeCoke/article/details/113802168

0x38 爱丽丝的兔子

考点:rabbbit,核心价值观编码,栅栏密码

下载附件打开,看到熟悉的U2Fsd开头,题目名字带兔子,所以猜测加密方式为Rabbit

image-20221121111830762

Rabbit在线解密

image-20221121111850807

接下来就简单了,核心价值观编码:

image-20221121112019808

栅栏密码(栅栏数在题目描述中可以得到为6):

image-20221121112117875

0x39 Do a Vigenere Game

考点:hash爆破,pwntools应用

import random
import string
from signal import alarm
from flag import flag
import os
import hashlib

def proof_of_work():
    random.seed(os.urandom(8))
    proof = ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(20)])
    digest = hashlib.sha256(proof.encode()).hexdigest()
    print("sha256(XXXX+%s) == %s" % (proof[4:], digest))
    print("Give me XXXX:")
    x = input()
    if len(x) != 4 or hashlib.sha256((x + proof[4:]).encode()).hexdigest() != digest:
        return False
    return True

def main():
    alarm(120)
    if not proof_of_work():
        return
    try:
        print("Welcome to the Vigenere game!")
        for i in range(1,1000):
            x = random.randint(500, 700)
            y = random.randint(40, 50)
            z = random.randint(0, 700)
            ap = ''.join([random.choice(string.ascii_letters + string.digits + '{' + '}' + '-') for _ in range(x)])
            fakeflag = ''.join([random.choice(string.ascii_letters + string.digits) for _ in range(y)])
            fakeflag = 'flag{' + fakeflag + '}'
            if i%50==0:
                fakeflag=flag
            vigenere = ap[z:] + fakeflag + ap[:z]
            print("Vigemere > ",vigenere)
            m=str(input("Please input your fakeflag : "))
            if m==fakeflag:
                print('right!')
            else:
                print('wrong!')
                break
    except:
        print("Error!")
if __name__ == "__main__":
    main()

开启容器使用netcat(nc)进行连接:

image-20221130214407724

由于前半部分和2022年安洵杯Crypto部分的签到题类似(一样),不过多赘述,这里直接借用S1gMa大佬的解题脚本:

import hashlib
dic=['Q','W','E','R','T','Y','U','I','O','A','S','D','F','G','H','J','K','P','L','Z','X','C','V','B','N','M','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0']
for a in range(len(dic)):
    for b in range(len(dic)):
        for c in range(len(dic)):
            for d in range(len(dic)):
                m = dic[a] + dic[b] + dic[c] + dic[d] + '{此处填写给定的明文}'
                flag=hashlib.sha256(m.encode('utf-8')).hexdigest()
                if flag[0:8]=='{此处填写后面sha256值的前8位}':
                    print (flag)
                    print(dic[a]+dic[b]+dic[c]+dic[d])

将爆破出来的值输入后开始进行下半部分(如果在爆破期间nc断了是需要重新爆破的,每回连接的值不一样):

image-20221130220200371

分析脚本可以知道需要从一大串字符中找到flag的值并输入,并且会一直循环,当 i % 50 = 0的时候,会把真正的flag赋值给fakeflag,所以我们至少需要循环50次才能拿到flag。

我们这里选用pwntools进行操作(当然你想手撸也行,不过需要你眼尖手快)。

解题脚本如下:

'''
 # @Author: St1ck4r
 # @Date: 2022-11-30 22:17:01
 # @LastEditors: St1ck4r
 # @Partial script: S1gMa
 # @LastEditTime: 2022-11-30 22:48:25
 # @link: https://www.st1ck4r.top
'''
from pwn import *
import hashlib
import re

io = remote("challenge.qsnctf.com",10173)
c=io.recvline()
M = c[12:28].decode()
sha_256 = c[33:97].decode()

dic=['Q','W','E','R','T','Y','U','I','O','A','S','D','F','G','H','J','K','P','L','Z','X','C','V','B','N','M','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0']
for a in range(len(dic)):
    for b in range(len(dic)):
        for c in range(len(dic)):
            for d in range(len(dic)):

                m = dic[a] + dic[b] + dic[c] + dic[d] + M
                flag=hashlib.sha256(m.encode('utf-8')).hexdigest()

                if flag==sha_256:
                    payload = dic[a]+dic[b]+dic[c]+dic[d]
                    break

io.sendlineafter('Give me XXXX:\n', payload.encode())

for i in range(1,1000):
    res=io.recvlines(2)[1]
    new_res=res.decode()[12:]

    qsn_res=re.findall('(?=qsnctf).*?(?<=})',new_res)[0]
    io.sendline(qsn_res.encode())

    if i % 50 ==0:
        print(qsn_res)
        break

io.close()

此文章不定时更新…

ZhouMo.
关注
  • 3
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
安恒ctf misc crypto 培训资料合集
10-06
安恒ctf misc crypto合集 加解密rsa 隐写 图片隐写 现代密码 古典密码 ppt
青少年CTF擂台挑战赛 2024 #Round 1 PK You!战队 WriteUp
2301_79744960的博客
03-02 1618
青少年CTF擂台挑战赛 2024 #Round 1 PK You!战队 WriteUp
crypto_aes.zip_AES_aes java_crypto_aes.zip_javacard
09-14
a javacard software AES implementation
Crypto.rar_CRYPTO_RIJNDAEL A_cryptohash.inc_md2_加密
07-14
ASM 多种hash模块,汇编源码 MD2,4,5 SHA 等多种加密算法 还有其他赠送内容
CTF Crypto BubbleBabble气泡加密.py
09-19
CTF Crypto BubbleBabble 气泡加密 加密解密脚本 python3
密码学——RSA1
08-04
1、随机数的生成 2、Miller—Rabin 素性检验 1、加密算法 2、解密算法 1、大整数类的定义与实现 2、大素数的产生 3、快速模、乘法逆元 4、加解
[BJDCTF2020]RSA
rang的博客
12-08 1399
题目给了c和e、同公钥(e,n)加密的密文、具有同q的公钥加密的密文 思路:由同q的公钥,也就是n公用了素数q,通过gcd函数可以得到p,也就有p和q 此时就差e就能解出题目,已知e的范围、相同公钥加密的密文 可由_294c == pow(294,e,n)爆破e,脚本如下: import gmpy2 from Crypto.Util.number import * # flag=open("flag","rb").read() # p=getPrime(1024) # q=getPrime(1024) #
BUUCTF RSA(三)
qq_52193383的博客
08-18 929
这里写目录标题1.[MRCTF2020]babyRSA2.[WUSTCTF2020]dp_leaking_1s_very_d@angerous3.[NPUCTF2020]EzRSA4.[MRCTF2020]Easy_RSA5.[INSHack2019]Yet Another RSA Challenge - Part 1 1.[MRCTF2020]babyRSA 根据给出的代码可以很容易推出 _Q = sympy.nextprime(pow(sub_Q,Q_2,Q_1))。我们知道P[9],就可以推出其他的素
RSA的共模攻击--[BUUCTF]-RSA3
rang的博客
11-08 3274
假设有一条信息m,由两个不同的用户使用公钥进行加密(两个用户的e一般不同,模数n一般相同) c1 = m^e1 mod n c2 = m^e2 mod n 得到了两个不同的密文c1,c2 因为公钥是公开的(e1,e2,n)已知 那么攻击者一共知道如下信息 gcd(e1, e2) = 1 m = c1^d1 mod n m = c2^d2 mod n 若两个秘钥e互素根据扩展的欧几里得算法则存在s1,s2有:e1s1+e2s2=1 所以 c1^s1 mod n=m^(e1*s1) mod n c2^s2
BUUCTF RSA题目全解3
MikeCoke的博客
08-21 6290
1.[WUSTCTF2020]babyrsa 爆破n,就行了 from gmpy2 import* from libnum import* p = 189239861511125143212536989589123569301 q = 386123125371923651191219869811293586459 c = 28767758880940662779934612526152562406674613203406706867456395986985664083182 n = 730698867
青少年ctf擂台挑战赛 2024 #round 1
04-16
青少年ctf擂台挑战赛 2024 #round 1
Crypto.zip_CRYPTO_Crypto++_mfc sample crypto_terriblent3_zip
07-14
mfc sample crypto code
aes加密是CTF比赛Crypto赛项的分支
11-08
aes加密
2022年ctf强网青少年题目
09-16
2022年ctf强网青少年题目
Ansible 指定受控端使用Python的版本
shijin741231的博客
04-20 597
最近在装Ansible,有一台受控端Ubuntu16的服务器,安装了Python2.7.12和Pyhon3.5。当用Ansible连接它时,显示使用的是Python3.5。最后看文档,发现Ansible可以在hosts的文件中指定受控服上运行的Python
【编译程序介绍】
武帝为此的博客
04-22 1217
简单来说,编译程序是一个软件,它读取用某种编程语言编写的源代码,分析并转换成等效的、可执行的机器语言代码。这个过程涉及多个复杂的步骤,包括语法分析、语义分析、代码优化和代码生成等。
[python3] 读取一个正在更新的日志文件
最新发布
言之。
04-24 238
等同于–follow=name --retry,根据文件名进行追踪,并保持重试,即该文件被删除或改名后,如果再次创建相同的文件名,会继续追踪。这两种方法都会持续监听日志文件的变化,并实时读取新增的日志内容。你可以根据实际需求选择其中一种方法。要读取一个正在更新的日志文件(即实时写入的日志文件),你可以使用 Python 的。的技巧来实现实时读取。函数打开文件,并使用。
实现自定义注解、实现自定义幂等性注解
qq_44721738的博客
04-23 612
添加 Spring AOP 依赖。创建自定义注解。创建一个新的 Java 注解类,通过@interface关键字来定义,并可以添加元注解以及属性。@Target(ElementType.METHOD) //表示作用于方法上@Retention(RetentionPolicy.RUNTIME) // 表示这个注解在运行时是可见的,这样 AOP 代理才能在运行时读取到这个注解编写 AOP 拦截(自定义注解)的逻辑代码。@Aspect@Component// 方法执行前的处理。
【InternLM实战营---第五节课作业】
weixin_45609124的博客
04-22 802
LMDeploy环境配置及基础使用
from Crypto.Util.number import long_to_bytes ModuleNotFoundError: No module named 'Crypto'
04-14
根据你提供的错误信息,看起来你在使用Python时遇到了一个模块导入错误。具体来说,你尝试导入了一个名为"Crypto"的模块,但是Python解释器无法找到该模块。 这个错误通常是由于缺少相应的库或模块引起的。在这种情况下,你需要确保已经安装了所需的模块。 对于这个特定的错误,你需要安装`pycryptodome`模块,它是一个常用的加密库。你可以使用以下命令来安装它: ``` pip install pycryptodome ``` 安装完成后,你应该能够成功导入`Crypto`模块并使用其中的`long_to_bytes`函数。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值