BUUCTF·[MRCTF2020]babyRSA·WP

最新推荐文章于 2023-09-07 12:46:19 发布
最新推荐文章于 2023-09-07 12:46:19 发布
阅读量369 收藏
点赞数
分类专栏: ctf 文章标签: python 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/sm1918451478/article/details/127989604
版权

BUUCTF在线评测 (buuoj.cn)

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-yDhZPnlu-1669120575836)(assets/image-20221122150905-f0nrqt5.png)]​

附件

import sympy
import random
from gmpy2 import gcd, invert
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
from z3 import *
flag = b"MRCTF{xxxx}"
base = 65537


def GCD(A):
    B = 1
    for i in range(1, len(A)):
        B = gcd(A[i-1], A[i])
    return B


def gen_p():
    P = [0 for i in range(17)]
    P[0] = getPrime(128)
    for i in range(1, 17):
        P[i] = sympy.nextprime(P[i-1])
    print("P_p :", P[9])
    n = 1
    for i in range(17):
        n *= P[i]
    p = getPrime(1024)
    factor = pow(p, base, n)
    print("P_factor :", factor)
    return sympy.nextprime(p)


def gen_q():
    sub_Q = getPrime(1024)
    Q_1 = getPrime(1024)
    Q_2 = getPrime(1024)
    Q = sub_Q ** Q_2 % Q_1
    print("Q_1: ", Q_1)
    print("Q_2: ", Q_2)
    print("sub_Q: ", sub_Q)
    return sympy.nextprime(Q)


if __name__ == "__main__":
    _E = base
    _P = gen_p()
    _Q = gen_q()
    assert (gcd(_E, (_P - 1) * (_Q - 1)) == 1)
    _M = bytes_to_long(flag)
    _C = pow(_M, _E, _P * _Q)
    print("Ciphertext = ", _C)
'''
P_p : 206027926847308612719677572554991143421
P_factor : 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1:  103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2:  151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q:  168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext =  1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
'''

分析

分析一下代码,就是在求pqc

有一个坑,这里的gen_p的p不是我们要用的p,千万别被骗了

根据求q部分的代码,我们最终需要的是Q,所以也可以在gen_q函数中加入print("q:",q)将q输出

这个利用源程序运行很慢,但是他已经告诉了我们与Q相关的数据我们可以自己利用简单的计算代码求解

import sympy
import gmpy2
Q_1=103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2=151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q= 168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
q=sympy.nextprime(gmpy2.powmod(sub_Q,Q_2,Q_1))
print(q)

解题脚本

综合上述条件,最终已知条件有pqec足够我们得到flag了

P_p=206027926847308612719677572554991143421
P_factor=213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
q=95170653714081687088760585440906768700419459767774333757336842864507607081809193370870747769993218256925111100260761958233280546585624501259121060195932474781731613458132842656517609786144352755126076860272047457230913808406105832246663969943550533958139118721153456230616182820319799156494938586844573835221
c=1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
e = 65537

import gmpy2
import Crypto
import sympy
import binascii
P=[]
for i in range(9):
    P_p=sympy.prevprime(P_p)
P.append(P_p)
for i in range(1,17):
    P.append(sympy.nextprime(P[i-1]))
n=1
phi=1
for i in range(17):
    n*=P[i]
    phi*=(P[i]-1)
based=gmpy2.invert(e,phi)
_p=gmpy2.powmod(P_factor,based,n)
p=sympy.nextprime(_p)
d=gmpy2.invert(e,(p-1)*(q-1))
flag=gmpy2.powmod(c,d,p*q)

print(binascii.unhexlify(hex(flag)[2:]))

flag

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-RscWcdux-1669120575838)(assets/image-20221122203444-rmu78cc.png)]​

很久没有一道做那么久了,人麻了😭

Cinnam0n
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
[MRCTF2020]babyRSA
2er0!=O的博客
07-16 1231
[MRCTF2020]babyRSA 附件下载: 给了个baby_RSA.py文件 import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes from z3 import * flag = b"MRCTF{xxxx}" base = 65537 d
MRCTF2020 babyRSA
pondzhang的专栏
05-21 388
import sympy import gmpy2 Q_1= 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009
BUUCTF 每日打卡 2021-5-8
weixin_52446095的博客
05-08 7325
引言 together 附件有两个 公钥,pem 和 flag(base64编码) 文件 联想题目,容易猜想是 RSA 共模攻击 编写代码验证: from Crypto.PublicKey import RSA with open("pubkey1.pem", "r") as f: key = RSA.import_key(f.read()) print(key.n) print(key.e) with open("pubkey2.pem", "r") as f: key
[MRCTF2020]babyRSA 1
学习,再学习
09-07 134
正数和倒数的问题 下标 range(start, stop, step) 如果是到下标0 stop是-1 如果0到n, stop是n+1
BUUCTF-MISC-WP(详细解题思路)
最新发布
01-27
BUUCTF-MISC-WP(详细解题思路)
2020 第二届网鼎杯 boom wp
01-20
2020 第二届网鼎杯 boom wp ​ ​ 卑微新手在线答题。。。。。 第二届网鼎杯-boom 下载附件得到一个boom.exe程序 打开是这样 根据提示继续 得到一串md5 加密的数据,使用在线解密 https://www.somd5.com/ 得到第...
2020年WP新手建站 视频教程.txt
06-17
本套课程是一套2020年全新版的wordpress建站视频教程,我们将全方位解说如何通过wordpress来建站自己的网站,我们会介绍如何购买域名和网站空间、如何搭建网站空间、如何安装wordpress程序、如何做好SEO优化等方面,...
PHP: Hypertext Preprocessorstorm2020wp
11-09
Major frameworks support PhpStorm is perfect for working with Symfony, Laravel, Drupal, WordPress, Zend Framework, Magento, Joomla!, CakePHP, Yii, and other frameworks. All the PHP tools ...
Wp.rar_wp
09-14
标题中的"Wp.rar_wp"可能是指一个名为"Wp"的RAR压缩文件,后缀"_wp"可能是用户为了标记或区分该文件而添加的自定义标识。这个压缩包内容与但丁滤波器设计有关,是一种在信号处理领域广泛应用的技术。 在描述中提到...
MRCTF2020——crypto——Easy_RSA——babyRSA
weixin_44159598的博客
03-29 2314
babyrsa 根据主函数可知,首要目的是找到_P和_Q,首先来看_P 可以发现 题目已给出P[9],所以直接目的可以手动测试周围素数,直到找到全部(这里是一部分) 这里我们可以得到N factor = pow(p, base, n) 这一句说明我们应该将这个简单RSA解出来,此时按照一般RSA的步骤求得d 这里已经得到N的所有因数,所以此时N的欧拉函数为所有因数减1相乘,即(p1-...
[MRCTF 2020] - RSA
qtL0ng的博客
07-02 554
easy_RSA 题目: import sympy from gmpy2 import gcd, invert from random import randint from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes import base64 from zlib import * flag = b"MRCTF{XXXX}" base = 65537 de
BUUCTF RSA题目全解4
MikeCoke的博客
12-19 3726
1.[MRCTF2020]babyRSA 题目 import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes from z3 import * flag = b"MRCTF{xxxx}" base = 65537 def GCD(A): B =
2022-03-09
m0_57291352的博客
03-09 374
d3factor (来源:AntCTF & Dˆ3CTF 2022) from Crypto.Util.number import bytes_to_long, getPrime from secret import msg from sympy import nextprime from gmpy2 import invert from hashlib import md5 flag = 'd3ctf{'+md5(msg).hexdigest()+'}' p = getPrime(256) q
BUUCTF [GUET-CTF2019]BabyRSA
sky_hhd的博客
07-04 379
最后得flag{cc7490e-78ab-11e9-b422-8ba97e5da1fd}通过题目得知,p+q,(p+1)(q+1),e,d,c,我们只需要求出N即可。
BUUCTF_Crypto_[GUET-CTF2019]BabyRSA
qq_58370970的博客
11-22 497
题目:给了一个babyrsa的文件,用txt文件打开 给了p+q,(p+1)(q+1)通过这个可以求出n(n=p*q)和phi(phi=(p-1)(q-1)) n=(p+1)(q+1)-p-q-1,phi=(p+1)(q+1)-2*(p+q) 代码: import gmpy2 import libnum e = 0xe6b1bee47bd63f615c7d0a43c529d219 d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e
[*CTF 2022]ezRSA
shshss64的博客
04-08 432
部分p泄露经典问题
BUUCTF [NCTF2019]babyRSA解题思路
weixin_45441024的博客
11-29 2526
BUUCTF [NCTF2019]babyRSA 这是一道RSA的题目,前几天看祥云杯的RSA做到自闭,做点简单的题转换一下心情。 下载文件之后是一个压缩包,里面有一个py文件,题目如下: from Crypto.Util.number import * from flag import flag def nextPrime(n): n += 2 if n & 1 else 1 while not isPrime(n): n += 2 return n p
ctf密码学总结
热门推荐
Reset
11-05 1万+
自己做题总结的小知识点。 1.RSA 公钥标准文件的后缀是  .pem 加密过程  选择两个大素数p和q,计算出模数N = p * q  计算φ = (p−1) * (q−1) 即N的欧拉函数,然后选择一个e (1<e<φ),且e和φ互质  取e的模反数为d,计算方法: e * d ≡ 1 (mod φ)  对明文m进行加密:c≡m^e (mod n) 或 c = pow(...
buuctf reverse wp
08-03
根据提供的引用内容,我们可以得到以下信息: ...根据以上信息,我们可以推断buuctf reverse wp是关于逆向工程的挑战。具体来说,可能需要分析get_flag()函数和main函数的逻辑,以及对n进行因式分解,以获取flag。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值