HIT-CTF-RSA002

已于 2023-11-26 01:30:50 修改
阅读量160 收藏 1
点赞数 1
分类专栏: CTF刷题 文章标签: 密码学 python
于 2023-11-26 01:21:19 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_62170186/article/details/134622981
版权

         首先,打开网页,可以看见题目是一个python文件,下载并打开查看:

        首先,分析题目:【下面是添加了注释的原题代码】

from Crypto.Util.number import getPrime,bytes_to_long
from random import randint
from gmpy2 import *

m = bytes_to_long(b'flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}')

p=getPrime(1024)  # 生成1024位的二进制质数
q=getPrime(1024)  # 生成1024位的二进制质数
n = p*q  # 计算n
e = 65537
c = pow(m,e,n)
p_2=((p>>128)<<128)  # 将p的后128位置为0

# 下面这部分可以联想到同余方程组
'''同余方程组
常见题目:今有物不知其数, 三三数之剩二, 五五数之剩三, 七七数之剩二, 问物几何?
'''
Result = []
Divisor = []
for i in range(12):
    Divisor.append(getPrime(128))
for i in range(12):
    Result.append(p_2%Divisor[i])

print(c,n,Divisor,Result)
'''
output:
16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178 
23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913
[205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]
[108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]
'''

        首先,尝试根据中国剩余算法编写求解p_2的代码:

'''
Author: LeopardRich 2829176648@qq.com
Date: 2023-11-26 00:23:24
FilePath: \Temp\CTF_personal\RSA_2\exp.py
Description: HIT-网络空间安全设计与实践
Copyright (c) 2023 by LeopardRich 2829176648@qq.com, All Rights Reserved. 
'''
# 扩展欧几里得算法求逆元
def extended_gcd(a, b):
    if a == 0:
        return b, 0, 1
    else:
        gcd, x, y = extended_gcd(b % a, a)
        return gcd, y - (b // a) * x, x

# 求解同余方程组
def chinese_remainder_theorem(n, a):
    sum = 0
    prod = 1
    for num in n:
        prod *= num

    for n_i, a_i in zip(n, a):
        p = prod // n_i
        _, inv, _ = extended_gcd(p, n_i)
        sum += a_i * inv * p

    return sum % prod

# 变量定义
c = 16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178 
n = 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913
Divisor = [205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]
Result = [108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]



# 求解同余方程组
result = chinese_remainder_theorem(Divisor, Result)
print("Solution:", result, end='\n\n')
print("二进制展示:", bin(result))

for div, res in zip(n, a):
    assert result % div == res  # 使用断言,防止求解错误

print("[hex(c)]", hex(c))
print("[hex(n)]", hex(n))
print("[hex(p_2)]", hex(result))

        求解结果如下:

Solution: 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794467422919824463419065126688059515994112 

二进制展示: 0b1110000000100100010011110101101101011100011000010000000100101100011011010111011011000100100110010101101011000001001000001100110011101111010011000101010110010001100011010011000011111100001111111001011010100101101000010100000110111000011101011110001001011010000101010100110111100001100101011011010001111001000110011000110111011011101010001001001101001101101011101001011111010001101001011010000000000001110001101011001001101110111110000011101100001110110000100010111111111111000010111110110110101110011010111011110000100010100111110011010000000100011010101011100000110010110011110110101101111100001110000110100111111001100111001101110101011000110110000000110100111101011010000000010100011101011110110111101011011010000001100100111011011011010111011001101111001000000110100111010101101001111110011101010001110110101010110101011110101111110101110110000000010110110101001100011101110000010000100110100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[hex(c)] 0x7f2d343a853cd96ea159828cabcab39d6eab86f1dff01cb43ac457754ea142d2faa0438d3d47a06cff3aa53389332b104aa4c62fdc79df8945edbc6531fbc6cf97a5eaec0cfc5e054ad984e1c1fa4b6b06263090e0b5c1c0af55af6f317a5d7e310e08eb886187c8376c658449addd2ad3902962e5924523ffa30201fe360fbcdf3c4117aa349e2d49f94ea9e44e41cde5bbcf92a7fd46b1366866fa375e7ee9ada4cc58725384a71d1b44a45b1b2ebff6fca70e63b8097578e6db0c4605eaf1795d537a9fd72fe3e75e421668f04dab3abc5ec21b048af0a021ea77cce610c94421ec6914a685a71fc3e4a31dad369813ceabe7aa3cf19957065096333ff29a
[hex(n)] 0xb6c89e5733b461df7ecfaf98b88f9c87acfde46d782b97eec23b2a398bee994d65a6c666ca951c05fb03b8fd4d676171703422cd76e9aae89c1b7366ee96a6d7d34eb5ab8d1d25bdffcf2d27d3aeb87e6bdbdad608b7989c9a3c2dd4d28da122e31d3ffa6ded924d0da472d6473053cece345fc5c9fce29eaabd75163b49c7a96f8222b720b6cc60c2b7e72e856835c47061a80ba0f713fe93a40cc53edf89ccf3465b26e307e05dda97b66cd09c415ea1ed37aba389b5e3d9eef8e19aad74a0a2339ca87db40cb13b3749ceb29c6c911e61ba5cf1285ecb897145b619f9e79de948d90a75f47c81e4b0c38bf1dcd5ad50fe96bb4d771cfa0e58e7c0229fcfd9
[hex(p_2)] 0xe0244f5b5c61012c6d76c4995ac120ccef4c55918d30fc3f96a5a141b875e25a154de195b479198ddba8934dae97d1a5a001c6b26ef83b0ec22fff0bedae6bbc229f34046ab832cf6b7c3869f99cdd58d80d3d68051d7b7ada064edb5d9bc81a7569f9d476ab57afd76016d4c770426900000000000000000000000000000000

        可以看出,二进制下p_2确实后128位为0。

        经过查阅资料,发现,是一种高位泄露的漏洞。

        使用在线工具尝试解答:Sage Cell Server (sagemath.org),网址如下:

https://sagecell.sagemath.org/

        使用的代码如下:

n = 0xb6c89e5733b461df7ecfaf98b88f9c87acfde46d782b97eec23b2a398bee994d65a6c666ca951c05fb03b8fd4d676171703422cd76e9aae89c1b7366ee96a6d7d34eb5ab8d1d25bdffcf2d27d3aeb87e6bdbdad608b7989c9a3c2dd4d28da122e31d3ffa6ded924d0da472d6473053cece345fc5c9fce29eaabd75163b49c7a96f8222b720b6cc60c2b7e72e856835c47061a80ba0f713fe93a40cc53edf89ccf3465b26e307e05dda97b66cd09c415ea1ed37aba389b5e3d9eef8e19aad74a0a2339ca87db40cb13b3749ceb29c6c911e61ba5cf1285ecb897145b619f9e79de948d90a75f47c81e4b0c38bf1dcd5ad50fe96bb4d771cfa0e58e7c0229fcfd9
# 低位未知的p,此处指代p_2右移128位的结果
p_2_ = 0xe0244f5b5c61012c6d76c4995ac120ccef4c55918d30fc3f96a5a141b875e25a154de195b479198ddba8934dae97d1a5a001c6b26ef83b0ec22fff0bedae6bbc229f34046ab832cf6b7c3869f99cdd58d80d3d68051d7b7ada064edb5d9bc81a7569f9d476ab57afd76016d4c7704269
e = 65537
# p原本的位数
pbits = 1024      

kbits = pbits - p_2_.nbits()
p_2_ = p_2_ << kbits
PR.<x> = PolynomialRing(Zmod(n))
f = x + p_2_
roots = f.small_roots(X=2^kbits,beta=0.4)
if roots:
    p= p_2_ + int(roots[0])
    print("n", n)
    print("p", p)
    print("q", n/p)

        输出结果如下:

n 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913
p 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117
q 146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

        下图为网站的执行结果:

        由此,我们得出p和q的值,然后求解即可,剩余代码如下:

n = 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913
p = 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117
q = 146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

# 计算模数 n
assert n == p * q  # 设置断言,判断是否求解错误

# 计算欧拉函数 phi(n)
phi_n = (p - 1) * (q - 1)

# 计算私钥指数 d
d = inverse(e, phi_n)

print(f"私钥指数 d = {d}")

# 解密操作
m = pow(c, d, n)
print(f"明文 m = {m}")
big_integer = int(m)

# 将大整数转换为字节类型
bytes_representation = big_integer.to_bytes(
    (big_integer.bit_length() + 7) // 8, 'big')

# 打印结果
print(bytes_representation)

        综上所述,结合网站运行结果,完整代码如下:

'''
Author: LeopardRich 2829176648@qq.com
Date: 2023-11-26 00:23:24
FilePath: \Temp\CTF_personal\RSA_2\exp.py
Description: HIT-网络空间安全设计与实践
Copyright (c) 2023 by LeopardRich 2829176648@qq.com, All Rights Reserved. 
'''
from gmpy2 import *
from Crypto.Util.number import *

# 扩展欧几里得算法求逆元
def extended_gcd(a, b):
    if a == 0:
        return b, 0, 1
    else:
        gcd, x, y = extended_gcd(b % a, a)
        return gcd, y - (b // a) * x, x

# 求解同余方程组
def chinese_remainder_theorem(n, a):
    sum = 0
    prod = 1
    for num in n:
        prod *= num

    for n_i, a_i in zip(n, a):
        p = prod // n_i
        _, inv, _ = extended_gcd(p, n_i)
        sum += a_i * inv * p

    return sum % prod

# 变量定义
e = 65537
c = 16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178 
n = 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913
Divisor = [205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]
Result = [108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]

# 求解同余方程组
p_2 = chinese_remainder_theorem(Divisor, Result)
print("Solution:", p_2, end='\n\n')
print("二进制展示:", bin(p_2))

for div, res in zip(Divisor, Result):
    assert p_2 % div == res  # 使用断言,防止求解错误

print("[hex(c)]", hex(c))
print("[hex(n)]", hex(n))
print("[hex(p_2)]", hex(p_2))

n = 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913
p = 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117
q = 146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

# 计算模数 n
assert n == p * q  # 设置断言,判断是否求解错误

# 计算欧拉函数 phi(n)
phi_n = (p - 1) * (q - 1)

# 计算私钥指数 d
d = inverse(e, phi_n)

print(f"私钥指数 d = {d}")

# 解密操作
m = pow(c, d, n)
print(f"明文 m = {m}")
big_integer = int(m)

# 将大整数转换为字节类型
bytes_representation = big_integer.to_bytes(
    (big_integer.bit_length() + 7) // 8, 'big')

# 打印结果
print(bytes_representation)

        输出结果如下:

Solution: 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794467422919824463419065126688059515994112 

二进制展示: 0b1110000000100100010011110101101101011100011000010000000100101100011011010111011011000100100110010101101011000001001000001100110011101111010011000101010110010001100011010011000011111100001111111001011010100101101000010100000110111000011101011110001001011010000101010100110111100001100101011011010001111001000110011000110111011011101010001001001101001101101011101001011111010001101001011010000000000001110001101011001001101110111110000011101100001110110000100010111111111111000010111110110110101110011010111011110000100010100111110011010000000100011010101011100000110010110011110110101101111100001110000110100111111001100111001101110101011000110110000000110100111101011010000000010100011101011110110111101011011010000001100100111011011011010111011001101111001000000110100111010101101001111110011101010001110110101010110101011110101111110101110110000000010110110101001100011101110000010000100110100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[hex(c)] 0x7f2d343a853cd96ea159828cabcab39d6eab86f1dff01cb43ac457754ea142d2faa0438d3d47a06cff3aa53389332b104aa4c62fdc79df8945edbc6531fbc6cf97a5eaec0cfc5e054ad984e1c1fa4b6b06263090e0b5c1c0af55af6f317a5d7e310e08eb886187c8376c658449addd2ad3902962e5924523ffa30201fe360fbcdf3c4117aa349e2d49f94ea9e44e41cde5bbcf92a7fd46b1366866fa375e7ee9ada4cc58725384a71d1b44a45b1b2ebff6fca70e63b8097578e6db0c4605eaf1795d537a9fd72fe3e75e421668f04dab3abc5ec21b048af0a021ea77cce610c94421ec6914a685a71fc3e4a31dad369813ceabe7aa3cf19957065096333ff29a
[hex(n)] 0xb6c89e5733b461df7ecfaf98b88f9c87acfde46d782b97eec23b2a398bee994d65a6c666ca951c05fb03b8fd4d676171703422cd76e9aae89c1b7366ee96a6d7d34eb5ab8d1d25bdffcf2d27d3aeb87e6bdbdad608b7989c9a3c2dd4d28da122e31d3ffa6ded924d0da472d6473053cece345fc5c9fce29eaabd75163b49c7a96f8222b720b6cc60c2b7e72e856835c47061a80ba0f713fe93a40cc53edf89ccf3465b26e307e05dda97b66cd09c415ea1ed37aba389b5e3d9eef8e19aad74a0a2339ca87db40cb13b3749ceb29c6c911e61ba5cf1285ecb897145b619f9e79de948d90a75f47c81e4b0c38bf1dcd5ad50fe96bb4d771cfa0e58e7c0229fcfd9
[hex(p_2)] 0xe0244f5b5c61012c6d76c4995ac120ccef4c55918d30fc3f96a5a141b875e25a154de195b479198ddba8934dae97d1a5a001c6b26ef83b0ec22fff0bedae6bbc229f34046ab832cf6b7c3869f99cdd58d80d3d68051d7b7ada064edb5d9bc81a7569f9d476ab57afd76016d4c770426900000000000000000000000000000000
私钥指数 d = 20900907212982163954388854194269714797043242046341825727148680508423166238584907045162815026590832071787805925908205804301198957267196954261669120437222647386665307875793868546908134087538818844461478586690376244319212584644100707675604948926876006022806756893014109358383642984938415927956886394044846799582957130410983623508072676308932038950752097733496521076059974201440615238377194490460447000884701537575233858801277744093543272676449077650714384343891558142085775890889259741946681683506776746658531223380986998898267801236495301231545835556248129989812452424952672026684998460809556922834623404922338325661249
明文 m = 13040004482819712375951267610031339898296550908679340906024242956528907950777904585522898557
b'flag{2233747d3bf06f070048e80300dac75f}'

        完成!

·+·+·
关注
专栏目录
RSA解题
wwh的博客
11-13 8980
出题人:胡凌洋 解题组:吴航 胡凌洋 张佳豪 题目源码: p=getPrime(1024) q=getPrime(1024) e=65537 n1=p*q m=bytes_to_long(flag) c1=pow(m,e,n1) print (c1,e,n1) p=getPrime(1024) e=65537 n2=p*q m=bytes_to_long("1"*32) c2=pow (...
CTF-CRYPTO-RSA-partial
zippo1234的博客
11-21 805
CTF-CRYPTO-RSA-partialRSA-partial题目分析开始1.题目2.分析(1)已给出部分解密(2)rsa私钥格式解析(3)理论4.常规套路5.get flag结语 每天一题,只能多不能少 RSA-partial 题目分析 私钥格式 私钥恢复 开始 1.题目 题目介绍 这里有一张RSA私钥上半部分被挡住的截图,你能恢复私钥并解密出flag的内容吗?flag格式为0ctf{字符串}。 -----BEGIN RSA PRIVATE KEY----- ****隐藏的部分**** Os9mh
BUUCTF——rsa系列(4)
Luiino的博客
07-27 4185
给了c、z、n以及e分析一下,首先是它的作用是进行求导,前一个参数表示求导的内容,后一个参数表示求导的主体,如意思是以p为主体对求导得到1/(1+),同理得到1/(1-)。其次对于如Fraction(1,Derivative(arctan(p),p))是以1为分子,以Derivative(arctan(p),p)为分母,这样一来可以得到关系式z=可以进一步得到下面的关系式=z-2n,=z+2n,敲代码解出p、q。............
非套路的RSA
qq_42391153的博客
11-12 711
CTF 非套路的RSA题 做了很多RSA类型的题目 除了典型的RSA简单解密,还有各种套路题 举几个栗子 e很大的wiener攻击 e很小像3和2的直接开放 低加密指数广播攻击 共模攻击 … 这里介绍一下前两天在湖湘杯踩得坑的非套路RSA 嗯,下面是这道题 from Crypto.Util.number import * import libnum import gmpy2 flag = ope...
rsa special
axe
01-26 1074
文章目录[ReSnAd] -- iqmp ipmq e,c,ϕ(n)\phi(n)ϕ(n)[RoarCTF2019]babyRSA -- wilson[NCTF2019]childRSA -- ϕ(p),ϕ(q)\phi(p),\phi(q)ϕ(p),ϕ(q)是多个小因子累乘[Crypto CTF] Time capsule [ReSnAd] – iqmp ipmq e,c,ϕ(n)\phi(n)...
RSA的破解
weixin_44681716的博客
07-04 2246
题目 在已知密文、公钥和加密算法的前提下求解私钥和明文
CTF-RSA-tool-master.zip
01-19
针对CTFCRYPTORSA工具
juice-shop-ctf:OWASP Juice Shop的标志捕获(CTF)环境设置工具
04-30
juice-shop-ctf-cli支持以下开源CTF框架: 特遣部队 基金会 根盒子 设置 npm install -g juice-shop-ctf-cli 用法 互动模式 打开命令行并运行: juice-shop-ctf 然后按照交互式命令行工具的说明进行操作。 ...
google-ctf:Google CTF
02-04
Google CTF 该存储库列出了2017-2019 Google CTF中使用的大多数挑战以及可用于运行这些挑战的大多数基础结构。 重要信息-2017、2018、2019和2020文件夹中的代码具有未修复的安全漏洞。 这些是故意存在的,并且在...
CTF-misc工具2-CTF-Tools-masterV1.3.7
最新发布
08-17
CTF-Tools-master是一个专注于密码编码识别与解码的工具,能自动推断密码的编码类型,并进行解码。 适用人群: 该工具主要适用于参加CTF竞赛的选手,以及对密码编码算法感兴趣的信息安全从业人员。 使用场景: 在CTF竞赛...
Crypto RSA中的数学技巧
a5555678744的博客
11-02 4195
闲聊两句 之前做到[GKCTF 2021]RRRRsa的时候遇到过这种问题,就是去构造hint和p,q的关系,感觉也没啥好说的,就是去想、去试,当时也没啥记录,没想到这次2021东华杯遇到了老朋友,感觉有必要写篇文章总结下了。 问题解析 先看[GKCTF 2021]RRRRsa from Crypto.Util.number import * from gmpy2 import gcd import gmpy2 flag = b'xxxxxxxxxxxxx' p = getPrime(512)..
BUU Crypto解析
weixin_43404314的博客
10-20 1267
[GXYCTF2019]CheckIn 打开题目所提供的文件,发现内容有点像base64解密文件,解密后得到 看到解码出来的结果既有数字又有字母符号,这让我想到了rot, ROT5、ROT13、ROT18、ROT47 编码是一种简单的码元位置顺序替换暗码。此类编码具有可逆性,可以自我解密,主要用于应对快速浏览,或者是机器的读取,而不让其理解其意。 ROT5 是 rotate by 5 places 的简写,意思是旋转5个位置,其它皆同。下面分别说说它们的编码方式:ROT5:只对数字进行编码,用当
RSA
YUK_103的博客
03-02 911
题目如下所示: from Crypto.Util.number import getPrime,bytes_to_long from sympy import Derivative from fractions import Fraction from secret import flag p=getPrime(1024) q=getPrime(1024) e=65537 n=p*q z=Fra...
Crypto--格密码(一)
刘十三t的博客
07-15 2772
记录格密码的一些题
2022鹏城杯CTF---Crypto
Luiino的博客
09-18 2429
第一部分,e与phi_n不互素,gcd(e,phi_n) == 4,此时e对phi_n没有逆元,但gcd(e//t,phi_n) == 1。mod n,由上面的for循环可以知道M与初始m的关系:M = m * (p-q-1)!对n进行分解,得到p、q,小的是q。记print(pow(m,e,n))里的m为M,故有c2 =第三部分, 看到M = 2022 * m * 1011 * p,又n = p*q,且c =记两输出结果分别为c1、c2,由print(pow(2,e,n))可以得到:c1 =
CTF RSA练习(1)初识rsa
tgmhh的博客
08-16 554
ctfrsa入门题
校赛 writeup
热门推荐
4ct10n
12-26 2万+
web1.warmup-web打开响应消息头,发现路径/NOTHERE 访问即得flag2.web1看源码得到 index.txt<?php $flag="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; $secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxx"; // guess it length :) $username = $_POST["userna
每日10行代码170:rsa中的N分解问题,基于p和q之间的关系
天天卡丁的博客
07-15 1685
事实证明,真实的p值在平方根上下1000之内浮动,类似的,可以解决其他类似这种知道p和q某种关系的rsa问题。其中t和m是一个很小的量,t代表11x到下一个素数之间的差值,经过测试,通常差值在5000以内。从这里可以发现p和q有一定的关系。由于t和m很小,那么相关于。......
python程序的flag_知道部分m, e 和c (如何求出整个flag?)
weixin_26731219的博客
02-05 1033
from Crypto.Util.number import *import gmpy2p = getPrime(1024)q = gmpy2.next_prime(p)e = 65537N = p * qphi = (p - 1) * (q - 1)d = gmpy2.powmod(e, -1, phi)#flag = open("flag").read()msg = ["Hello Happy...
Ubuntu-CTF
07-28
CTFd是一个用于举办和参加CTF(Capture The Flag)安全竞赛的平台。根据引用\[1\]和引用\[2\]的内容,你可以按照以下步骤在Ubuntu上搭建CTFd平台: 1. 首先,确保你已经安装了虚拟机并配置好了Ubuntu系统。具体的安装和配置步骤可以参考相关的教程。 2. 配置阿里云镜像下载源文件。这可以加快软件包的下载速度。你可以按照引用\[1\]中的指导进行配置。 3. 进入CTFd目录。在终端中使用cd命令进入CTFd的目录。 4. 使用gunicorn工具配置CTFd。根据引用\[2\]和引用\[3\]的内容,你可以使用以下命令配置gunicorn工具: ``` gunicorn --bind 0.0.0.0:8000 -w 5 "CTFd:create_app()" ``` 5. 如果你希望在重启电脑后再次运行CTFd平台,确保以root权限运行。在Ubuntu终端中使用sudo命令运行上述命令。 这样,你就可以在Ubuntu上成功搭建CTFd平台了。请注意,这只是一个简单的搭建过程,具体的配置和使用方法可能会有所不同,你可以参考相关的文档和教程进行更详细的了解和操作。 #### 引用[.reference_title] - *1* *2* *3* [基于Ubuntu搭建CTFd平台(全网最全)](https://blog.csdn.net/qq_25953411/article/details/127489944)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^control_2,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值