NewStarCTF 2023 WEEK1 Crypto

已于 2023-10-03 16:22:45 修改
阅读量578 收藏 1
点赞数
文章标签: java 前端 算法
于 2023-10-02 00:27:21 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_63577068/article/details/133470701
版权

brainfuck

++++++++[>>++>++++>++++++>++++++++>++++++++++>++++++++++++>++++++++++++++>++++++++++++++++>++++++++++++++++++>++++++++++++++++++++>++++++++++++++++++++++>++++++++++++++++++++++++>++++++++++++++++++++++++++>++++++++++++++++++++++++++++>++++++++++++++++++++++++++++++<<<<<<<<<<<<<<<<-]>>>>>>>++++++.>----.<-----.>-----.>-----.<<<-.>>++..<.>.++++++.....------.<.>.<<<<<+++.>>>>+.<<<+++++++.>>>+.<<<-------.>>>-.<<<+.+++++++.--..>>>>---.-.<<<<-.+++.>>>>.<<<<-------.+.>>>>>++.

http://www.hiencode.com/brain.html  Brainfuck解密

flag{Oiiaioooooiai#b7c0b1866fe58e12}

Caesar's Secert

kqfl{hf3x4w'x_h1umjw_n5_a4wd_3fed}

凯撒密码,已知flag的头,kqfl->flag 相当于向前移动5位,key=5,得到

flag{ca3s4r's_c1pher_i5_v4ry_3azy}

Fence

fa{ereigtepanet6680}lgrodrn_h_litx#8fc3

栅栏密码

flag{reordering_the_plaintext#686f8c03}

Vigenère

pqcq{qc_m1kt4_njn_5slp0b_lkyacx_gcdy1ud4_g3nv5x0}

维吉尼亚密码,"pqcq"对应是“flag”,发现密钥是kfc

flag{la_c1fr4_del_5ign0r_giovan_batt1st4_b3ll5s0}

babyencoding

part 1 of flag: ZmxhZ3tkYXp6bGluZ19lbmNvZGluZyM0ZTBhZDQ=
part 2 of flag: MYYGGYJQHBSDCZJRMQYGMMJQMMYGGN3BMZSTIMRSMZSWCNY=
part 3 of flag: =8S4U,3DR8SDY,C`S-F5F-C(S,S<R-C`Q9F8S87T`

part1:base64,part2:base32,part3:uuencode

flag{dazzling_encoding#4e0ad4f0ca08d1e1d0f10c0c7afe422fea7c55192c992036ef623372601ff3a}

babyrsa

from Crypto.Util.number import *
from flag import flag

def gen_prime(n):
    res = 1

    for i in range(15):
        res *= getPrime(n)

    return res


if __name__ == '__main__':
    n = gen_prime(32)
    e = 65537
    m = bytes_to_long(flag)
    c = pow(m,e,n)
    print(n)
    print(c)
# 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
# 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595

这题n分解15个素数,正常解就行

exp

from Crypto.Util.number import *
from gmpy2 import *
primes = [2217990919, 2338725373, 2370292207, 2463878387, 2706073949, 2794985117, 2804303069, 2923072267, 2970591037, 3207148519, 3654864131, 3831680819, 3939901243, 4093178561, 4278428893]
n = 1
for prime in primes:
    n *= prime
e = 65537
c=14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595
phi_n = 1
for prime in primes:
    phi_n *= (prime - 1)
d = inverse(e, phi_n)
m = pow(c, d, n)

print(long_to_bytes(m))
#b'flag{us4_s1ge_t0_cal_phI}'

Small d

from secret import flag
from Crypto.Util.number import *

p = getPrime(1024)
q = getPrime(1024)

d = getPrime(32)
e = inverse(d, (p-1)*(q-1))
n = p*q
m = bytes_to_long(flag)

c = pow(m,e,n)

print(c)
print(e)
print(n)

# c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
# e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
# n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433

这题e很大,维纳攻击,直接套模板

exp

import gmpy2
import libnum

def continuedFra(x, y):
    """计算连分数
    :param x: 分子
    :param y: 分母
    :return: 连分数列表
    """
    cf = []
    while y:
        cf.append(x // y)
        x, y = y, x % y
    return cf
def gradualFra(cf):
    """计算传入列表最后的渐进分数
    :param cf: 连分数列表
    :return: 该列表最后的渐近分数
    """
    numerator = 0
    denominator = 1
    for x in cf[::-1]:
        # 这里的渐进分数分子分母要分开
        numerator, denominator = denominator, x * denominator + numerator
    return numerator, denominator
def solve_pq(a, b, c):
    """使用韦达定理解出pq,x^2−(p+q)∗x+pq=0
    :param a:x^2的系数
    :param b:x的系数
    :param c:pq
    :return:p,q
    """
    par = gmpy2.isqrt(b * b - 4 * a * c)
    return (-b + par) // (2 * a), (-b - par) // (2 * a)
def getGradualFra(cf):
    """计算列表所有的渐近分数
    :param cf: 连分数列表
    :return: 该列表所有的渐近分数
    """
    gf = []
    for i in range(1, len(cf) + 1):
        gf.append(gradualFra(cf[:i]))
    return gf


def wienerAttack(e, n):
    """
    :param e:
    :param n:
    :return: 私钥d
    """
    cf = continuedFra(e, n)
    gf = getGradualFra(cf)
    for d, k in gf:
        if k == 0: continue
        if (e * d - 1) % k != 0:
            continue
        phi = (e * d - 1) // k
        p, q = solve_pq(1, n - phi + 1, n)
        if p * q == n:
            return d

c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433

d=wienerAttack(e, n)
m=pow(c, d, n)
print(libnum.n2s(m).decode())
#flag{learn_some_continued_fraction_technique#dc16885c}

babyxor

from secret import *

ciphertext = []

for f in flag:
    ciphertext.append(f ^ key)

print(bytes(ciphertext).hex())
# e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2

每一个明文异或key,得到密文。最主要是要知道key值,就能逆推明文,一种就是,已知明文头是“flag”,用0xe9^ord("f"),0xe3^ord("l")得到key=143

import binascii

cipher = "e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2"
c = binascii.unhexlify(cipher)

key=143

result = ""
for i in c:
    result += chr(i ^ key)
print(result)

另一种方法就是去爆破key

import binascii

cipher = "e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2"
c = binascii.unhexlify(cipher)

for key in range(256):
    result = ""
    for i in c:
        result += chr(i ^ key)
    print(f"Key: {key}, Decrypted: {result}")
#Key: 143, Decrypted: flag{x0r_15_symm3try_and_e4zy!!!!!!}

Affine

from flag import flag, key

modulus = 256

ciphertext = []

for f in flag:
    ciphertext.append((key[0]*f + key[1]) % modulus)

print(bytes(ciphertext).hex())

# dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064
`对于仿射加密过程我们可以把他看成一个一元线性同余方程`

c = (a*m + b) % n

我们已知密文,和明文的前四个“flag”

c是密文,m是明文,a是所求的值

根据加密方程 `c = (a*m + b) % 256`

c1 = (a*m1 + b) % 256(1)

c2 = (a*m2+ b) %  256(2)

(2)-(1),得

c2 -c1= a*(m2-m1) %  256

a=c2-c1*(m2-m1)^-1 %256

得到a

算出b=c-(a*m)%n

这里说明为什么要m3-m1,因为ord(l)-ord(f),跟256,算不出逆元,你们可以自行实验

exp

import gmpy2
c1=ord('\xdd')
c2=ord('C')
c3=ord('\x88')
c4=ord('\xee')
m1=ord('f')
m2=ord('l')
m3=ord('a')
m4=ord('g')
a=(c3-c1)*gmpy2.invert(m3-m1,256)%256
print(a)#17
b=(c1-a*m1)%256
print(b)#23
c="\xddC\x88\xeeB\x8b\xdd\xddXe\xccf\xaaX\x87\xff\xcc\xa9f\x10\x9cf\xed\xcc\xa9 fz\x881 d"
flag=''
for cc in c:
    m=(ord(cc)-b)*gmpy2.invert(a,256)%256
    flag+=chr(m)
print(flag)
#flag{4ff1ne_c1pher_i5_very_3azy}

babyaes

from Crypto.Cipher import AES
import os
from flag import flag
from Crypto.Util.number import *


def pad(data):
    return data + b"".join([b'\x00' for _ in range(0, 16 - len(data))])


def main():
    flag_ = pad(flag)
    key = os.urandom(16) * 2
    iv = os.urandom(16)
    print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)
    aes = AES.new(key, AES.MODE_CBC, iv)
    enc_flag = aes.encrypt(flag_)
    print(enc_flag)


if __name__ == "__main__":
    main()
# 3657491768215750635844958060963805125333761387746954618540958489914964573229
# b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
xor=print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)

key=16*8*2=256bit,iv=16*8=128bit,256^128bit说明key的高位128bit不变,所以通过xor高128bit得到高位key的值*2还原key,iv=key^xor^1

exp

from Crypto.Util.number import *
from Crypto.Cipher import AES
from gmpy2 import*
xor=3657491768215750635844958060963805125333761387746954618540958489914964573229
c=b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
xor=long_to_bytes(xor)
key=xor[0:16]*2
print(key)
#b'\x08\x16\x11%\xa0\xa6\xc5\xcb^\x02\x99NF`\xea,\x08\x16\x11%\xa0\xa6\xc5\xcb^\x02\x99NF`\xea,'
iv = long_to_bytes(bytes_to_long(key) ^bytes_to_long(xor)  ^ 1)
print(iv)
#b'\xe3Z\x19Ga>\x07\xcc\xd1\xa1X\x01c\x11\x16\x00'
aes = AES.new(key, AES.MODE_CBC, iv)
flag = aes.decrypt(c)
print(flag)
#b'firsT_cry_Aes\x00\x00\x00'

逆流的鱼儿843
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
SEKAICTF2023 Crypto题目合集
08-29
SEKAICTF2023 Crypto题目合集
Cousera Crypto课程 Chapter 1
12-14
Cousera Crypto课程 Chapter 1
2022 七校联合NewStarCTF 公开赛赛道 WEEK1|CRYPTO
zerorzeror的博客
10-01 858
2022 七校联合NewStarCTF 公开赛赛道 WEEK1|CRYPTO
2022 七校联合NewStarCTF 公开赛赛道 WEEK3|CRYPTO
zerorzeror的博客
10-09 847
2022 七校联合NewStarCTF 公开赛赛道 WEEK3|CRYPTO
NewStarCTF 2024 公开赛道 Week1,2024年最新31道网络安全面试题
最新发布
2401_83946722的博客
04-13 948
还有兄弟不知道网络安全面试可以提前刷题吗?费时一周整理的160+网络安全面试题,金九银十,做网络安全面试里的显眼包!王岚嵚工程师面试题(附答案),只能帮兄弟们到这儿了!如果你能答对70%,找一个安全工作,问题不大。对于有1-3年工作经验,想要跳槽的朋友来说,也是很好的温习资料!【完整版领取方式在文末!!
【2023NewStar】#Week1 Web和Crypto 全题解!涉及知识扩展~
jayq1的博客
10-02 1381
本篇文章在web方面属于中规中矩的解法,师傅们看着玩叭,在crypto方面是有一些知识扩展的,包括仿射密码、连分数等~
NewStarCTF-WEEK1CRYPTO-RSA_begin题与解
villons的博客
09-25 544
rsa套娃题,奇怪的hint
NewStarCTF 2023 公开赛道 WEEK2|Crypto
qq_73643549的博客
10-11 1265
获取一组发现难以解密,所以考虑靶机特性,因为是对同一个明文加密,所以我们。但是看到题目只解一半,也就说m > q,即k4 < 0, 所以h就是我们要求取的系数。因此可以使用广播攻击(见题,如果关注到题目含义就能很快反应,笔者是崩溃的过程中提出为什么给我这么恶心的靶机才意识到的)。根据加密过程,我们知道这里应该采取费马费解法,所以我们可以把n丢到yafu中去,可以获取得到两个因子。好好分析还是挺简单的,因为只需要搞清楚h是什么就可以了。知道(p,q)后,我们就可以破解RSA了。,我们提取出(p-1)。
Dismantling.Mifare_mifare_crypto1_
09-30
荷兰Radboud大学,详细介绍了Mifare Classic的Crypto1算法。偏理论。也分析了该算法的弱点,给出了攻击方法。
crypto1_bs-master_crypto1_bs_mifare_crypto1_
09-28
crypto1算法源码,挺复杂,需要一定基础才看的懂
asn1crypto-0.24.0-py2.py3-none-any.whl
05-15
asn1crypto-0.24.0-py2.py3-none-any.whl
NewStar CTF UnserializeOne
qq_62260766的博客
10-03 1190
NewStarCTF php反序列化
【buuctf】 NewStarCTF 公开赛赛道 web:Word-For-You、NotPHP
weixin_46497491的博客
09-22 1977
【buuctf】 NewStarCTF 公开赛赛道 web:Word-For-You、NotPHP
BUUCTF NewStarCTF 公开赛赛道Week2 Writeup
末初的CSDN博客
10-03 2288
BUUCTF NewStarCTF 公开赛赛道Week2 Writeup
[NewStarCTF 2023] web题解
热门推荐
rev1ve的博客
10-16 1万+
分析一下,第一个if语句判断条件为上传的password参数的MD5值前六位为c4d038;和反引号去绕过对system函数的过滤,反斜杠绕过flag,tac替换cat命令。(多次尝试,发现回显的位置在5而不是1,开始卡了很久没回显)简单的文件包含,这里过滤了常见的转换过滤器base和rot。打开题目,发现是小游戏(题目跟最近打的SHCTF比较像)我们丢到重放器,发现是页面302状态,并且出现了提示。(这里用XFF不行,我用的是X-Real-IP)打开题目,提示我们传参两个数,然后帮我们计算。
newsctf 部分wp
FDgege的博客
06-03 1227
目录:1.Very-ez-dump2. sign_in4.rsa2565.反了都6.happy六一7. base64 ... or base56?8.easy_web9.字符串与字节10.签到 1.Very-ez-dump 解压密码 一会用得到 发现flag.zip 保存到指定文件夹 用刚刚得密码 解压得flag flag{ez_di_imp_1t_y0u_like?} 2. sign_in PDF加密破解工具 3.Peltate 直接被耍了……太套了 换工具 Tweakpng
2022 七校联合NewStarCTF 公开赛赛道 WEEK2|MISC
zerorzeror的博客
10-03 1253
2022 七校联合NewStarCTF 公开赛赛道 WEEK2|MISC
2022 七校联合NewStarCTF 公开赛赛道 WEEK1|MISC
zerorzeror的博客
10-02 690
2022 七校联合NewStarCTF 公开赛赛道 WEEK1|MISC
NewStarCTF2023week3
10-20
NewStarCTF2023week3是一场CTF比赛,其中包含了各种类型的题目,例如Web、Crypto、Pwn等等。其中,引用和引用是该比赛中的两道题目的flag,而引用则是一篇关于该比赛中Crypto题目chaos的Writeup。如果你对CTF比赛感兴趣,可以尝试参加一些类似的比赛,提高自己的技能和思维能力。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值