DASCTF NOV X联合出题人2022年度积分榜争夺赛！Crypto Wp

CRYPTO

easy_hash

根据$encode()$函数，已知$a_1$，可以求出$a_2,a_3$；已知$secre{t}_1$，可以求出$a_0$；

根据$myhash()$函数，因为$a_0$的位数小于$500$位，所以$a_0$就是$flag$各个部分和其$crc32()$拼接后的结果，把$crc32$验证的结果去掉就是$flag$

from Crypto.Util.number import long_to_bytes
a1, secret1 = [1768672211043417187765307394749760760531160781992300779145800061219666992833602547480090118225665457075744297987672863699370162614965380859290914620736, 89139545215288033432210221492974990584987914397112840989583439688211128705545477536596587262069032020212762581490561288493533363888589066045095054475929099275247145877699370608950340925139625068446642116123285918461312297390611577025368805438078034230342490499137494400676347225155752865648820807846513044723]
a2 = myhash(a1)
a3 = myhash(a2)
a = [0, a1, a2, a3]
a0 = (secret1 - (a[1] * a[1] + a[2] * a[1] ** 2 + a[3] * a[1] ** 3)) % P
a[0] = a0
flag = long_to_bytes(a0)
print(flag)
# b'DA\xd4\x17\xe9\xf8SCTF{th1\x98\xf8\xa5$s_is_theS\x83\xbf\xc9_fe3st_q\x8f\xa9\xd4\xacuest1on}\x07.B\xce'
# DASCTF{th1s_is_the_fe3st_quest1on}

DASCTF{th1s_is_the_fe3st_quest1on}

LLLCCCGGG

CVE库yyds!

a = getPrime(300)
b = getPrime(300)
n = getPrime(300)
output = []
for i in range(10):
    seed = (a * seed + b) % n
    output.append(seed)

$LCG$：已知求$output$求$a,b,n$，跑脚本即可

from math import gcd

from sage.all import GF
from sage.all import is_prime_power


def attack(y, m=None, a=None, c=None):
    """
    Recovers the parameters from a linear congruential generator.
    If no modulus is provided, attempts to recover the modulus from the outputs (may require many outputs).
    If no multiplier is provided, attempts to recover the multiplier from the outputs (requires at least 3 outputs).
    If no increment is provided, attempts to recover the increment from the outputs (requires at least 2 outputs).
    :param y: the sequential output values obtained from the LCG
    :param m: the modulus of the LCG (can be None)
    :param a: the multiplier of the LCG (can be None)
    :param c: the increment of the LCG (can be None)
    :return: a tuple containing the modulus, multiplier, and the increment
    """
    if m is None:
        assert len(y) >= 4, "At least 4 outputs are required to recover the modulus"
        for i in range(len(y) - 3):
            d0 = y[i + 1] - y[i]
            d1 = y[i + 2] - y[i + 1]
            d2 = y[i + 3] - y[i + 2]
            g = d2 * d0 - d1 * d1
            m = g if m is None else gcd(g, m)
        assert is_prime_power(m), "Modulus must be a prime power, try providing more outputs"

    gf = GF(m)
    if a is None:
        assert len(y) >= 3, "At least 3 outputs are required to recover the multiplier"
        x0 = gf(y[0])
        x1 = gf(y[1])
        x2 = gf(y[2])
        a = int((x2 - x1) / (x1 - x0))

    if c is None:
        assert len(y) >= 2, "At least 2 outputs are required to recover the multiplier"
        x0 = gf(y[0])
        x1 = gf(y[1])
        c = int(x1 - a * x0)

    return m, a, c
output =  [75581294523880849612962675076574164955427439308298754836702542570856707873339581806556114, 85105032146983524265511965363979041936757881362506442483720291395014453678757599185295866, 1135521205967352800446368309480529634045225881261100886117662161359310082444102071893527191, 668602662320826002160475166323016971968419541611162501120982012317608523771962990634779874, 649673553234341629614052928960182629959348742983379959653724041939165898600067312959677865, 785853955591839090537858092210736716046894245185520583713505441606094906159642640920286905, 937799570303158165818350743257433287791556030352377438071495081189542968310256239806349207, 734514754865608924980327625447363286114899547828404532253101460271494241963897226149955073, 1106313725444442262780946046218124519471559148520571880678416934586056489046936771811070897, 8768152099561586039808874499029856564696410477579827751292882367683300035228537162519939]
print(attack(output))
# (1173843879841082693992136920285611943911704883357670151773674151308242415515507752596457609, 593647117401772145190396579663594527776190617014037091059262174448140362779813488948389210, 373193072645905805099743175375621363982796594540597615382605580257091541576660161082581472)

n = getPrime(256)
a = [getPrime(256)]
for i in range(1, len(key)):
    a.append(a[i - 1] * 2)
b = getPrime(256)
m = []
for i in range(len(key)):
    m.append((a[i] * b) % n)
s = 0
for i in range(len(key)):
    s += m[i] * int(key[i])
seed = s

背包加密：给了$m$求$key$，也是跑脚本

import os
import sys
from math import ceil
from math import log2
from math import sqrt

from sage.all import QQ
from sage.all import matrix

path = os.path.dirname(os.path.dirname(os.path.dirname(os.path.realpath(os.path.abspath(__file__)))))
if sys.path[1] != path:
    sys.path.insert(1, path)

from shared.lattice import shortest_vectors


def attack(a, s):
    """
    Tries to find e_i values such that sum(e_i * a_i) = s.
    This attack only works if the density of the a_i values is < 0.9048.
    More information: Coster M. J. et al., "Improved low-density subset sum algorithms"
    :param a: the a_i values
    :param s: the s value
    :return: the e_i values, or None if the e_i values were not found
    """
    n = len(a)
    d = n / log2(max(a))
    N = ceil(1 / 2 * sqrt(n))
    assert d < 0.9408, f"Density should be less than 0.9408 but was {d}."

    L = matrix(QQ, n + 1, n + 1)
    for i in range(n):
        L[i, i] = 1
        L[i, n] = N * a[i]

    L[n] = [1 / 2] * n + [N * s]
    for v in shortest_vectors(L):
        s_ = 0
        e = []
        for i in range(n):
            ei = 1 - (v[i] + 1 / 2)
            if ei != 0 and ei != 1:
                break

            ei = int(ei)
            s_ += ei * a[i]
            e.append(ei)

        if s_ == s:
            return e
        
# from Crypto.Util.number import inverse
# n,a,b = (1173843879841082693992136920285611943911704883357670151773674151308242415515507752596457609, 593647117401772145190396579663594527776190617014037091059262174448140362779813488948389210, 373193072645905805099743175375621363982796594540597615382605580257091541576660161082581472)
# a += n
# b += n
# seed = (output[0] - b) * inverse(a,n) % n
seed = 3521860349748519290898711091955310441882843724537073169429818749700115765292362
m= [72110328606337761986452574632319920368225905906258123752738204764660440229296, 54011682421724526639264309053337133761455956763651742732220904522794415369243, 17814390052498055944887777895371560547916058478438980691186304039062365649137, 35628780104996111889775555790743121095832116956877961382372608078124731298274, 71257560209992223779551111581486242191664233913755922764745216156249462596548, 52306145629033450225461382951669777408332612778647340756234927305972460103747, 14403316467115903117281925692036847841669370508430176739214349605418455118145, 28806632934231806234563851384073695683338741016860353478428699210836910236290, 57613265868463612469127702768147391366677482033720706956857398421673820472580, 25017556945976227604614565324992075758359109018576909140459291836821175855811, 50035113891952455209229130649984151516718218037153818280918583673642351711622, 9861252992953913084817421088665596058440581025443131788581662340758238333895, 19722505985907826169634842177331192116881162050886263577163324681516476667790, 39445011971815652339269684354662384233762324101772527154326649363032953335580, 78890023943631304678539368709324768467524648203545054308653298726065906671160, 67571073096311612023437897207346829960053441358225603844051092445605348252971, 44933171401672226713234954203390952945111027667586702914846679884684231416593, 89866342803344453426469908406781905890222055335173405829693359769368462833186, 89523710815737909519298976602261104805448255621482306886131214532210460577023, 88838446840524821704957112993219502635900656194100108999006924057894456064697, 87467918890098646076273385775136298296805457339335713224758343109262447040045, 84726862989246294818905931338969889618615059629806921676261181211998428990741, 79244751187541592304171022466637072262234264210749338579266857417470392892133, 68280527584132187274701204721971437549472673372634172385278209828414320694917, 46352080377313377215761569232640168123949491696403839997300914650302176300485, 2495185963675757097882298253977629272903128343943175221346324294077887511621, 4990371927351514195764596507955258545806256687886350442692648588155775023242, 9980743854703028391529193015910517091612513375772700885385297176311550046484, 19961487709406056783058386031821034183225026751545401770770594352623100092968, 39922975418812113566116772063642068366450053503090803541541188705246200185936, 79845950837624227132233544127284136732900107006181607083082377410492400371872, 69482926884297456930826248043265566490804358963498709392909249814458335654395, 48756878977643916528011655875228426006612862878132914012562994622390206219441, 7304783164336835722382471539154145038229870707401323251870484238253947349533, 14609566328673671444764943078308290076459741414802646503740968476507894699066, 29219132657347342889529886156616580152919482829605293007481936953015789398132, 58438265314694685779059772313233160305838965659210586014963873906031578796264, 26667555838438374224478704415163613636682076269556667256672242805536692503179, 53335111676876748448957408830327227273364152539113334513344485611073385006358, 16461248562802499564273977449351747571732450029362164253433466215620304923367, 32922497125604999128547954898703495143464900058724328506866932431240609846734, 65844994251209998257095909797406990286929800117448657013733864862481219693468, 41481013711468999180550979383511273598863745186032809254212224718435974297587, 82962027422937998361101958767022547197727490372065618508424449436871948595174, 75715080054924999388563077322742387420459125695266732243593393867217432100999, 61221185318899001443485314434182067865922396341668959713931282727908399112649, 32233395846847005553329788657061428756848937634473414654607060449290333135949, 64466791693694011106659577314122857513697875268946829309214120898580666271898, 38724608596437024879678314416943008052399895489029153845172736790634867454447, 77449217192874049759356628833886016104799790978058307690345473581269734908894, 64689459594797102185072417456469325234603726907252110607435442156013004728439, 39169944398643207036503994701635943494211598765639716441615379305499544367529, 78339888797286414073007989403271886988423197531279432883230758610999088735058, 66470802803621830812375138595241067001850540013694360993206012215471712380767, 42732630816292664291109436979179427028705224978524217213156519424416959672185, 85465261632585328582218873958358854057410449957048434426313038848833919344370, 80721548474219659830796907705415001139825044865232364079370572691141373599391, 71234122157488322327952975199527295304654234681600223385485640375756282109433, 52259269524025647322265110187751883634312614314335941997715775744986099129517, 14309564257100297310889380164201060293629373579807379222176046483445733169685, 28619128514200594621778760328402120587258747159614758444352092966891466339370, 57238257028401189243557520656804241174517494319229516888704185933782932678740, 24267539265851381153474201102305775374039133589594529004152866861039400268131, 48535078531702762306948402204611550748078267179189058008305733722078800536262, 6861182272454527280255964197920394521160679309513611243355962437631135983175, 13722364544909054560511928395840789042321358619027222486711924875262271966350, 27444729089818109121023856791681578084642717238054444973423849750524543932700, 54889458179636218242047713583363156169285434476108889946847699501049087865400, 19569941568321439150454586955423605363575013903353275120439893995571710641451, 39139883136642878300909173910847210727150027806706550240879787991143421282902, 78279766273285756601818347821694421454300055613413100481759575982286842565804, 66350557755620515869995855432086135933604256177961696190263646958047220042259, 42492140720290034406350870652869564892212657307058887607271788909567974995169, 84984281440580068812701741305739129784425314614117775214543577819135949990338, 79759588090209140291762642400175552593854774179371045655831650631745434891327, 69310201389467283249884444589048398212713693309877586538407796256964404693305, 48411427987983569166128048966794089450431531570890668303560087507402344297261, 6613881185016140998615257722285471925867208092916831833864670008278223505173, 13227762370032281997230515444570943851734416185833663667729340016556447010346, 26455524740064563994461030889141887703468832371667327335458680033112894020692, 52911049480129127988922061778283775406937664743334654670917360066225788041384, 15613124169307258644203283345264843838879474437804804568579215125925110993419, 31226248338614517288406566690529687677758948875609609137158430251850221986838, 62452496677229034576813133381059375355517897751219218274316860503700443973676, 34696018563507071819985426550816043736039940453573931775378216000874422858003, 69392037127014143639970853101632087472079880907147863550756432001748845716006, 48575099463077289946300865991961467969163906765431222328257358996971226342663, 6941224135203582558960891772620228963331958481997939883259212987415987595977, 13882448270407165117921783545240457926663916963995879766518425974831975191954, 27764896540814330235843567090480915853327833927991759533036851949663950383908, 55529793081628660471687134180961831706655667855983519066073703899327900767816, 20850611372306323609733428150620956438315480663102533358891902792129336446283, 41701222744612647219466856301241912876630961326205066717783805584258672892566, 83402445489225294438933712602483825753261922652410133435567611168517345785132, 76595916187499591544226584993664944531527990255955762097879717330508226480915, 62982857584048185754812329776027182088060125463047019422503929654489987872481, 35756740377145374175983819340751657201124395877229534071752354302453510655613, 71513480754290748351967638681503314402248791754459068143504708604907021311226, 52817986717630499370294437151703921829501728460053631513753912203287577533103, 15426998644310001406948034092105136684007601871242758254252319400048689976857, 30853997288620002813896068184210273368015203742485516508504638800097379953714, 61707994577240005627792136368420546736030407484971033017009277600194759907428, 33207014363529013921943432525538386497064959921077561260763050193863054725507, 66414028727058027843886865051076772994129919842155122521526100387726109451014, 42619082663165058354132889890850839013263984635445740269796695768925753812679, 85238165326330116708265779781701678026527969270891480539593391537851507625358, 80267355861709236082890719352100649078060083492918456305931278069176550161367, 70325736932467474832140598492898591181124311936972407838607051131826635233385, 50442499073983952330640356774494475387252768825080310903958597257126805377421, 10676023357016907327639873337686243799509682601296117034661689507727145665493, 21352046714033814655279746675372487599019365202592234069323379015454291330986, 42704093428067629310559493350744975198038730405184468138646758030908582661972, 85408186856135258621118986701489950396077460810368936277293516061817165323944, 80607398921319519908597133191677193817159066571873367781331527117107865558539, 71005823051688042483553426172051680659322278094882230789407549227689266027729, 51802671312425087633466012132800654343648701140899956805559593448852066966109, 13396367833899177933291184054298601712301547232935408837863681891177668842869, 26792735667798355866582368108597203424603094465870817675727363782355337685738, 53585471335596711733164736217194406849206188931741635351454727564710675371476, 16961967880242426132688632223086106723416522814618765929653950122894885653603, 33923935760484852265377264446172213446833045629237531859307900245789771307206, 67847871520969704530754528892344426893666091258475063718615800491579542614412, 45486768250988411727868217573386146812336327468085622663976095976632620139475, 764561711025826122095594935469586649676799887306740554696686946738775189601, 1529123422051652244191189870939173299353599774613481109393373893477550379202, 3058246844103304488382379741878346598707199549226962218786747786955100758404, 6116493688206608976764759483756693197414399098453924437573495573910201516808, 12232987376413217953529518967513386394828798196907848875146991147820403033616, 24465974752826435907059037935026772789657596393815697750293982295640806067232, 48931949505652871814118075870053545579315192787631395500587964591281612134464, 7654924220354746294595311528804384183634530526398286227920424176036759179579, 15309848440709492589190623057608768367269061052796572455840848352073518359158, 30619696881418985178381246115217536734538122105593144911681696704147036718316, 61239393762837970356762492230435073469076244211186289823363393408294073436632, 32269812734724943379884144249567439963156633373508074873471281810061681783915, 64539625469449886759768288499134879926313266747016149746942563620123363567830, 38870276147948776185895736786967052877630678445167794720629622233720262046311, 77740552295897552371791473573934105755261356890335589441259244467440524092622, 65272129800844107409942106936565504535526858731806674109262983928354583095895, 40335284810737217486243373661828302096057862414748843445270462850182701102441, 80670569621474434972486747323656604192115724829497686890540925700365402204882, 71132164451997872611332654436010501409235594610130869007826346394204339320415, 52055354113044747889024468660718295843475334171397233242397187781882213551481, 13901733435138498444408097110133884711954813293929961711538870557237962013613, 27803466870276996888816194220267769423909626587859923423077741114475924027226, 55606933740553993777632388440535538847819253175719846846155482228951848054452, 21004892690156990221623936669768370720642651302575188919055459451377231019555, 42009785380313980443247873339536741441285302605150377838110918902754462039110, 84019570760627960886495746679073482882570605210300755676221837805508924078220, 77830166730304924439350653146844258790145355371737006579188170604491383067091, 65451358669658851545060466082385810605294855694609508385120836202456301044833]
print(attack(m,seed))
# [1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1]

state = int(key, 2)
a = getPrime(256)
b = getPrime(256)
c = getPrime(256)
for _ in range(10 ** 10000):
    state = (a * state + b) % c
flag = b'****************************************'
state_md5 = hashlib.md5(str(state).encode()).hexdigest()
xorflag = xor(flag, state_md5).hex()

矩阵快速幂：$10^{10000}$次循环，搞一个矩阵快速幂即可

# sagemath
import hashlib
from Crypto.Util.number import long_to_bytes, bytes_to_long

key = [1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1,
       1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1,
       1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1,
       1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1]
a = 102146678855348749881681741830301892566150942749854546938156269348575567682569
b = 57926598868103510549704115342815226386495366694945712679089221082045615713293
c = 79112540456632613121737537841885533313599936328220061653608162113976717833173
xorflag = 0x2079677330734e7d07116d73543d03316c6501555c02403b7201080612101049
state = int(''.join([str(i) for i in key]), 2)
A = matrix(Zmod(c), [[a, 1], [0, 1]])
B = vector(Zmod(c), [state, b])
state = int((A ^ (10 ** 10000) * B)[0])
# state = 5413978693489756582509930284917854732906886271552898511650182850401353715151
state_md5 = hashlib.md5(str(state).encode()).hexdigest()
state_md5 = bytes_to_long(state_md5.encode())
print(long_to_bytes(state_md5 ^^ xorflag))
# b'DASCTF{D0u_Ge_1S_R4al1y_G00d!!!}'

DASCTF{D0u_Ge_1S_R4al1y_G00d!!!}

easyrsa

先分解$n$,网站分解，或是$sage$分解

然后$n2$的$p,q,r$用基底转化分解（哪个是$p$，哪个是$q_1$，都可以试一试）

最后有限域开方求$flag$

from gmpy2 import *
from Crypto.Util.number import *
n = 86073852484226203700520112718689325205597071202320413471730820840719099334770
n2 = 77582485123791158683121280616703899430016469065264033598472741751344256774648355531493586310864150337351815051848231793841751148287075688226384710343269278032576253497728407800522536152937473072438970839941923618053297480433385258911357458745700958378269978384670108026994918504237309072908971746160378531040480539649223970964653553804442759847964633088481940435582792404175653758785321463055628690804551479982557193366035172983893595403859872458966844805671311011033726279121149599533093604586152158331657286488305064843651636225644328162652701896037366058322959361248649656784810609391313
c = 260434870216758498838321584935711394249835963213639852217120194663627852693180232036075839403208332707552953757185774603238436545434522971149891312380970896040823539050341723863717581297624370198483155582245220695123793458717418658539983101802256991837534210806768587736557644192367876024337837658337683388449336720569707094997412847022794461117019613124291022681935875774139147643806772608929174881451749463825639214096129554621195116737322890163556732291246108250543079041977037626755130422879778449546701988814607595746282148723362288451970833214072743929855505520539885650891349827459470540263153862109871050950881032032388185414677989393461533362690744724752363346530211163516319373099647590952338730
e = 7
# p1,q = two_squares(n)
p1 = 200170033707580057053975766783012322797
q = 214489650309129059054871357172058931331
q = q + 63066105847160076051036559850646146794
base = q
polynomial = 0
var('x')
for i, e in enumerate(ZZ(n2).digits(base)):
    polynomial += e * x ** i
res = polynomial.factor_list()
primes = []
for r in res:
    f = r[0]
    primes.append(f(base))
p = int(primes[0])
q = int(primes[1])
r = int(primes[2])
while True:
    p1 = next_prime(p1)
    p = next_prime(p)
    q = next_prime(q)
    r = next_prime(r)
    if (p - 1) % 7 == 0 and (q - 1) % 7 == 0 and (r - 1) % 7 == 0 and (p1 - 1) % 7 == 0:
        break
n3 = p1 ** 3 * p * q * r
PR.<x> = Zmod(p)[]
f = x^7 - c
res = f.roots()
for i in res:
    if b'DASCTF' in long_to_bytes(int(i[0])):
        print(long_to_bytes(int(i[0])))
# b'DASCTF{I_d0nt_kn0w_wh@t_i_w@nt_t0_d0_ju3t_d0_it_attack_we@k_prim4!!!}'

DASCTF{I_d0nt_kn0w_wh@t_i_w@nt_t0_d0_ju3t_d0_it_attack_we@k_prim4!!!}

Matrix

赛后出，跑了50多分钟

思路清晰，就是矩阵上的离散对数，用$Pohlig-Hellman$算法可出，照着$Lazzaro$佬博客的脚本一通乱改，勉强能用。

import tqdm
import hashlib


def babystep_giantstep(g, y, p):
    m = int((p-1)**0.5 + 0.5)
    table = {}
    gr = list(matrix(Zmod(P), len(g[0])))
    for i in range(len(g[0])):
        gr[i][i] = 1
    gr = matrix(Zmod(P), gr)
    for r in tqdm.tqdm(range(m)):
        table[str(gr)] = r
        gr = g * gr
    gm = g ^ (-m)
    ygqm = y
    for q in tqdm.tqdm(range(m)):
        if str(ygqm) in table:
            print(q * m + table[str(ygqm)], p)
            return q * m + table[str(ygqm)]
        ygqm = ygqm * gm
    return None


def pohlig_hellman_DLP(g, y, p):
    crt_moduli = []
    crt_remain = []
    for q, _ in factor(p-1):
        x = babystep_giantstep(g^(int((p-1)//q)), y^(int((p-1)//q)), q)
        if (x is None) or (x <= 1):
            continue
        crt_moduli.append(q)
        crt_remain.append(x)
    x = crt(crt_remain, crt_moduli)
    return x

p = 12143520799543738643
P = p
A = [[12143520799533590286, 1517884368, 12143520745929978443, 796545089340, 12143514553710344843, 28963398496032, 12143436449354407235, 158437186324560, 12143329129091084963, 144214939188320, 12143459416553205779, 11289521392968],
    [12143520799533124067, 1552775781, 12143520745442171123, 796372987410, 12143514596803995443, 28617862048776, 12143437786643111987, 155426784993480, 12143333265382547123, 140792203111560, 12143460985399172467, 10983300063372],
    [12143520799533026603, 1545759072, 12143520746151921286, 781222462020, 12143514741528175043, 27856210942560, 12143440210529480891, 150563969013744, 12143339455702534403, 135941365971840, 12143463119774571623, 10579745342712],
    [4857408319806885466, 2428704161425648657, 12143520747462241175, 758851601758, 12143514933292307603, 7286139389566980165, 9714738936567334300, 144947557513044, 12143346444338047691, 130561054163540, 4857352974113333366, 2428714303424782417],
    [12143520799533339320, 1476842796, 12143520749060275613, 733281428880, 12143515144091549812, 25896324662208, 12143446129977471347, 139126289668080, 12143353609086952433, 125093278125816, 12143467808884068695, 9705993135696],
    [3469577371288079926, 5204366058378782250, 12143520750775862343, 706665985740, 12143515359139397843, 24876891455539, 12143449149385190675, 5204499435641729607, 1734628523990131469, 119757210113970, 12143470097256549947, 9282407958928],
    [10986995009101166671, 1734788687033207505, 12143520752514668698, 680173911560, 12143515570582515443, 23883386182656, 12143452072344092516, 10408859957710764174, 8673790006740000925, 4047954924507284041, 12143472277719610437, 8879790035168],
    [12143520799534210329, 8095680534365818753, 12143520754224346525, 6071761054204856029, 12143515774342357443, 22931775530664, 12143454859049102627, 122586336122081, 12143373761302849103, 109840689548590, 8095634066844843878, 8500892291801],
    [2428704159899526175, 7286112481016467893, 12143520755876491019, 629765964828, 12143515968446948123, 9714838668887734012, 4857345013259425502, 117630592711632, 12143379764863568374, 105318302849760, 2428659620509049335, 7286120625945355053],
    [7286112479717322389, 7286112480971640825, 12143520757456628435, 606320684970, 12143516152115449139, 4857429497934652454, 4857347490735050126, 112978994964264, 12143385390297217523, 101086824360217, 7286069740980100293, 7286120294834973633],
    [7727695054246476847, 1202487728, 12143520758958480293, 584144077140, 12143516325240923843, 20377952745696, 12143462294760579275, 108622249048560, 12143390651947217363, 97133513961120, 12143479741445599772, 8831658996900830432],
    [12143520799535388887, 1161628182, 12143520760380594623, 563225247585, 12143516488091679443, 19626876325056, 12143464472820678035, 104545135017180, 12143395570399006523, 93441517429260, 12143481309754543787, 7218375794633]]
enc = [[6218417900726690014, 9327172375980932592, 4153527959371790237, 132501760371295655, 7299109180510132427, 1648440321256276927, 10254693889934546668, 4725557258212165861, 202540954318317287, 9982016014873956804, 12039778149630734734, 9041012188688166860], [3076804875574387393, 10302499316575177148, 6883027490395277833, 10878965853169213290, 9440772171285517930, 793484497395967159, 3203070038396226958, 3243524965914218040, 10903462885339873262, 6328127784146872505, 3582866063885730405, 7656522484723054646], [6760440055042602927, 150299808832813166, 8106927197068158588, 3568136066830207645, 1915695218154982134, 11420119896639238238, 4976062871832376425, 5853866011790802336, 2581655278311379827, 10329181983489200369, 11095959626942470743, 3321403548342671501], [6989296053899761245, 8000749793706207705, 3809964528725899038, 4265030375240040581, 8089437371864148142, 5053064810412901554, 6501938965780936220, 10980028692407817118, 1863994316213089323, 8802681688697262113, 11477364106737785286, 3974421463550032713], [564344169406003662, 10724528903365710678, 10337956806430136031, 2024700528402916143, 11872118105346920062, 6838139960468687332, 2511372139663339351, 704113312599525196, 3251401730670339537, 10799465026599377540, 8770053125971443972, 6814688868085941116], [3520978035324296134, 5828225067833111657, 9070639660343598399, 566393201097489131, 7135313009663503048, 12051739882139705242, 1250122561645263412, 8926361503228079288, 1824549628801039352, 2820357879648474411, 10688580232568249253, 2688980806680871259], [5664448213737495613, 2454324330766153188, 9301881451933430336, 3021484798573229472, 8271546929364126837, 7678973012480737958, 9191201408409357883, 11850313540574789398, 9524210559263349425, 10585572460443926001, 7222517189955148361, 11305799364557617365], [10461986521764931850, 5752221957033325066, 2329192457304812250, 7045570806888107634, 3107570932863726810, 8394731797841115111, 9099090649026739137, 9624140552706688612, 3502511045385838990, 3708709186460615427, 1380093196284505784, 6602173655057694105], [1628309316322170753, 8386682411272881459, 463052945030722337, 3094940575624695048, 9530557699190097735, 1189223359914307451, 95193999334854086, 9341511963235067451, 6499604981217622391, 11490873719281743251, 5788517522054066633, 6458318206067819330], [10262011543342924955, 10077405855258558051, 10534972018308857652, 7315712994565818330, 10727209214692737176, 38582499997230642, 7524643012491815390, 692052671905385931, 839117674622565504, 3738047667125884979, 3518017017084862562, 8345863842327754628], [2124572295600479486, 4109858666604779750, 8841167859692695947, 7527947761152890553, 5299879731039341554, 4012836051669960233, 11962255964799745220, 401093546211622697, 5086394577875124600, 836158269929849554, 8396307845611866890, 2005411230628730963], [6960829097328848685, 7974906431099851239, 11577910301734480466, 12134540342063390442, 4130839186501336093, 2878999232538232129, 8815211529803293482, 5165433981826992396, 10462641014399297415, 6335190222647425343, 1593313890583893142, 6411592929118677856]]
A = matrix(Zmod(p),A)
enc = matrix(Zmod(p),enc)
y = pohlig_hellman_DLP(A, enc, p)
x = lcm(lcm(229,593),1944001580291)   # crt_moduli中的元素
y = 86353340462193003
for i in range(10000):
    if x * i + y < p:
        if A ^ (x * i + y) == enc:
            print('DASCTF{' + hashlib.md5(str(x * i + y).encode()).hexdigest() + '}')
    else:break

直接跑出来的$q$，不能直接用

要加上$k$倍$lcm(crt\_moduli)$

$crt\_moduli=[229,593,1944001580291]$

最后求出来$q=7742051235826723886$，MD5一下即可

DASCTF{d7fd1e0d54aab17195f2e80e0d0cefbc}