1.nc连接:
nc node4.buuoj.cn 29983
2.查看题目给的加密脚本,进行分析:
from sympy import isprime,nextprime
from Crypto.Util.number import getPrime as getprime ,long_to_bytes,bytes_to_long,inverse
flag='flag{***************}'
def play():
p=getprime(1024)
q=getprime(1024)
n=p*q
e=65537
print "Hello,let's play rsa~\n"
print 'Now,I make some numbers,wait a second\n'
n1=getprime(200)
n2=getprime(200)
number=n1*n2
print "Ok,i will send two numbers to you,one of them was encoded.\n"
print "Encode n1:%d,\n"%(pow(n1,e,n))
print "And n2:%d.\n"%n2
print "Information that can now be made public:the public key (n,e):(%d,%d)\n"%(n,e)
while True:
try:
c=int(raw_input("ok,now,tell me the value of the number (encode it for safe):"))
except:
print "Sorry,the input is illeagal, and the integer is accept~"
else:
break
d=inverse(e,(p-1)*(q-1))
m=pow(c,d,n)
if m==number:
print "It's easy and interesting,didn't it?\n"
print "This is the gift for you :"+flag
else:
print "Emmmmm,there is something wrong, bye~\n"
if __name__ == '__main__':
play()
3. 当number==m时,输出flag,所以可以推导出:
已知:n1,n2,n,e
c1=pow(n1,e,n)
number = n1*n2
m = pow(c,d,n)
c = pow(m,e,n) = m^e mod n
= (n1*n2)^e%n
= (n1^e%n*n2^e%n)%n
= (c1*n2^e%n)%n
4.写exp,需要注意的是c1就是打印出来的n1
n2=1419001690000403575030954119684929445461131177890373362560929
n=13033069592560246301105221948583824971295177546615112595224856105020305979693676637068693079686051068994974295355963082519397656602965820137403275671360362596866997026701324747040448973212311402145001383447700860690548430688782745331030679490424027704418389764998273660929226531988832226566545094823669127961724757746129963669720964234684819411127710613992670706012711459304528296933517478064957288109323590852084602153838535904020618200360314313406772003224526889685679638689411939589192711323920912729433692842568731563319391427996423511637465490453571024063223177952564687547638100100918598738612582468723250610739
e=65537
c1=2202275892565352960651936396530351585323506733802505960403680633072034921542647622963647595203241158071867867899363309510346506820790175942387585391965963710669061242178424398941436096135146354159983501948863977322687307505086672719619891534933015356046473491101046821624081897823932671011840091496474476422276083846648455924810113594472836968405439303394715418897219728446335933668542780198329255738968985633759220211997790252619588696337688671576506652152574207565348158401314422693225508091309641764386070991011279422842461558933793922688250397211352854145685026413155517100116288527106001643440578767800246064297
c=(c1*(n2**e)%n)%n
print(c)
flag{654ffa38-1e30-4b73-803f-fbe73135e1a1}
ps:附上一个自动获取脚本:
# encoding:utf-8
from Crypto.Util.number import *
from pwn import *
io = remote("node4.buuoj.cn", 25710)
context.log_level = 'debug'
msg = io.recvuntil('n1:')
msg = io.recvuntil(',')
print(msg[:-1])
c1 = int(msg[:-1])
print(c1)
msg = io.recvuntil('n2:')
msg = io.recvuntil('.')
print(msg[:-1])
n2 = int(msg[:-1])
print(n2)
msg = io.recvuntil('(n,e):(')
msg = io.recvuntil(',')
print(msg[:-1])
n = int(msg[:-1])
print(n)
msg = io.recvuntil(')')
print(msg[:-1])
e = int(msg[:-1])
print(e)
c2 = pow(n2, e, n)
c = (c1*c2) % n
print(c,end='')
print(str(c))
io.sendline(str(c))
io.interactive()