signature=a7ab3f52fd3143e911ffec68c5ce32d7,2019年强网杯crypto部分题解

最新推荐文章于 2022-11-05 16:40:02 发布
最新推荐文章于 2022-11-05 16:40:02 发布
阅读量6.3k 收藏
点赞数
文章标签: signature=a7ab3f52fd3143e911ffec68c5ce32d7

一 、random study

这个题目中共给出了三个challenge。

1. challenge 1

服务器将python中的random模块的种子设置为int(time()),然后生成随机数让我们猜,只要我们猜对一次就可以通关了。

题目中给了200次机会,应该是考虑到服务器与我们机器的时间不同步的问题(可能相差几秒)。我这里假定服务器时间与本地时间相差不超过10秒,然后对这20种情况进行枚举就好了。相应代码如下:

2.challenge 2

服务器自己调用了一个Java程序生成了三个随机数,然后将前两个告诉我们,让我们猜第三个。

用Java Decompiler对提供的Java程序进行反编译得到源码如下:

public class Main {

public static void main(String[] paramArrayOfString) {

Random random = new Random();

System.out.println(random.nextInt());

System.out.println(random.nextInt());

System.out.println(random.nextInt());

}

}

可以看出这个Java程序是使用了Random类的nextInt函数来生成随机数的。百度一下这个类,可以查到官方文档。从官方文档中可以知道:

Random的nextInt函数就是直接调用next(32)并将得到的值返回。

next(int n)会通过以下方式更新内部存储的seed值,并返回下一个随机数。

//seed乘一个数,然后取低48位。

seed = (seed * 0x5DEECE66DL + 0xBL) & ((1L << 48) - 1);

// 48位种子的前n位。

return seed>>(48-n);

setSeed(long n)会将n做一些变化,然后存储到内部的seed中。

seed = (n^ 0x5DEECE66DL + 0xBL) & ((1L << 48) - 1);

根据以上知识,我们可以发现,如果我们用nextInt获得了一个随机数

math?formula=n,那么生成这个随机数时的种子就是

math?formula=n*2%5E%7B32%7D%2Bx,其中x是一个16位的整数。

因此我们根据题目中给出的第一个随机数可以推断出生成第二个随机数的种子的前32位,然后我们通过对低16位进行枚举就可以得到生成第二个随机数的种子是多少了。

3. challenge3

这一题就没什么了,只要challenge1通过了,这里直接调函数得到随机数,然后发过去就好了。

代码如下:

from pwn import *

import time

from aux import *

import tqdm

import random

import subprocess

conn = remote('119.3.245.36', 23456)

def solveChaleneg1(conn):

conn.recvuntil('[-]')

cur_time = int(time.time())

for i,j in (enumerate(range(cur_time-10,cur_time+10)),initial=0,total=20):

random.seed(j)

for k in range(i):

random.randint(0,2**64)

conn.sendline(str(random.randint(0,2**64)))

if 'fail' not in conn.recvline():

break

def solveChalenge2():

conn.recvuntil('[-]')

x1 = conn.recvline()

print x1

x1 = int(x1)

print(x1)

conn.recvuntil('[-]')

x2 = int(conn.recvline(),10)

o = subprocess.check_output(["java", "MyMain",str(x1),str(x2)])

x3 = int(o.split('\n')[0],10)

print "x1=%d,x2=%d,x3=%d"%(x1,x2,x3)

conn.recvuntil('[-]')

conn.sendline(str(x3))

if 'fail' in conn.recvline()[:-1]:

print "challenge2 fails"

def solveChalenge3():

target = random.getrandbits(32)

conn.recvuntil('[-]')

conn.sendline(str(target))

conn.recvuntil("[++++++++++++++++]challenge 3 completed[++++++++++++++++]")

solveSHA(conn)

solveChaleneg1(conn)

solveChalenge2()

solveChalenge3()

conn.interactive()

import java.util.Random;

public class MyMain {

public static void main(String[] paramArrayOfString) {

long x1 = (long)(Long.parseLong(paramArrayOfString[0])&((1L<<32)-1));

long x2 = (long)(Long.parseLong(paramArrayOfString[1])&((1L<<32)-1));

// = (seed ^ 0x5DEECE66DL) & ((1L << 48) - 1);

//seed = (seed * 0x5DEECE66DL + 0xBL) & ((1L << 48) - 1);

for(int i= 0;i

Random random = new Random(((x1<<16)+i)^0x5DEECE66DL);

if(random.nextInt() == x2){

System.out.println(random.nextInt());

}

}

}

}

CopperStudy

里面包含6个challenge.

1. challenge1

[+]teamtoken:[++++++++++++++++]proof completed[++++++++++++++++]

[+]Generating challenge 1

[+]n=0x931a21e45b8c30eb30f1b9767c724f57dd770432df414a5969d770e5cf41d86aa8c198baba3709d602b6de17003406b3ba9190e99c4c9aaa470afe052fa2aec57a7c448bf1a887c5c4776a789b51bf4f76b334fc27a59469d6b4fb76af90ec2ec56a4c83f0cabfcb3669c2e24243c9dfe32cc817fd2196452df47e92eeb06eb5L

[+]e=3

[+]m=random.getrandbits(512)

[+]c=pow(m,e,n)=0x842683283571aeb5d8716f2a4667ff7e61fc63bb5a4cd89858c02881e0d536e344167e06e44ef5e276253563486c3b05971acfb96f8ed1a9e8c3143c026889ab11d5f72973bf6907f773ad0d570436cc64daf16e35ffff1fb48c66b36d9a8bfc568de1407b19f621ead2fa572fce24a921d742128a7b321f381e81bae0cb9f70L

[+]((m>>72)<<72)=0xb74706a05587a42246ed7ff2f03c4edf180f5248cfb7a8b86757ea456ba134c8a81f146b3172d1b59437efeb2e59b41e8dbb9cf2ac3254000000000000000000L

给定了明文的高位,低72位未知。思考了一会,发现不会,于是直接百度copper,发现了这个。上面给出了Coppersmith 算法的三种适用情况,并给出了相应的脚本。抄来改改就好了_。

3 Challenge 2

[+]Generating challenge 2

[+]n=0xaf10597fa3ac1e95f9eeeb0747827fbfd6a6b74e9e7824e5e58c9423e4eea8f898ef5ad96900adc54721aa922af14987fbeecd1663e639f85d4e0fc2f5cc50fc1dfdf3e0b04d8395fdb8372447f0b398a7bff92cf7745c03a613e71a7017648db905ac867d69aab2c8c9ff0fc65c3313f4080cbb46d1a13a3b6c8e263915a413L

[+]e=65537

[+]m=random.getrandbits(512)

[+]c=pow(m,e,n)=0x7be9e49497bebb936018a628148e89dc2f8cb919ac899b1ac3fa050ba7987e051e78adc51677d3ab3d2529d1f98be08459699ab381e6bd51c96cb6ae327112d0bfcdd68691f55a0b9e92516506939cbbd1612a4760d428df38dab6353b838f7bfdbfcfd3fad489258a8a289527c30a9a38bdbec751c3c3dacdb9f67a222fc8c0L

[+]((p>>128)<<128)=0xbb1c7149e21b37fb4480326fa4ce2f825ff449b22fbc55d5b9d51dea23d64d6c36d5e45a25d4a46f2559d26625dc6bd900000000000000000000000000000000L

[-]long_to_bytes(m).encode('hex')=

解法同上改一下脚本就好了。

3. Challenge 3

[++++++++++++++++]challenge 2 completed[++++++++++++++++]

[+]Generating challenge 3

[+]n=0x9dd9df9c335f720b2a01628f4433daeec452e55ed505ae66df8567c6ca66ea0796a242a7bcc41b973d0392ccd0a6e11c829890d3243cf86c90a03a5729240cb9eae191f5cff6294d83a04cee995a8d01f72e4d2166c60b7368b8061cf23e5b89d5057b7026ff7673c658f478cd0e3a6e0a21a97e21c9b2e5d8e94cbb50210d99L

[+]e=3

[+]m=random.getrandbits(512)

[+]c=pow(m,e,n)=0x169f8a6015b955747b211adb5e6a573eb03ea164170a35582dbc45d2a5d6ac4a01e0fae44b919d9afa419d73c1c02cb8e1095738b84236d53997862e0ac4dd108a47db0fb3515f3d8f29f620ec209bde20ebc93e64e9301751470f80212072e0981db41e0b307dbac81e3e126dd0e58cc96046b993cd2d48460731bb0a8c437cL

[+]d=invmod(e,(p-1)*(q-1))

[+]d&((1<<512)-1)=0x3a3d77ea2d0e834a43efa2accc7e463a7790f5f597abface5d56f3ed88aad629299a32ae6e21f0f9b43b7b402ba9d2e4d548f99298dce0ca92bcd26dd0d7c323L

[-]long_to_bytes(m).encode('hex')=

解法同上

4. challenge 4

[+]Generating challenge 4

[+]e=3

[+]m=random.getrandbits(512)

[+]n1=0x3cfc26953d034786a32dd22249d823ec272b8a46216efae5e57f9a8b8c7fed3b9b4a3c9361447159d714a614d7501e5b628a3da24b11a4ecd8c9c3f3cafb52674985752081ddff6eea6fc6c069d27b96ae039a53d05791c5207236890229abd337f2cad946ab550f8f4c414537fd3c0135f3b4f27e6919c15f2aa81a1ffe15afL

[+]c1=pow(m,e,n1)=0x374c6727e44c56e0de065f16bce1314b857792862f5d848a88d442605d7a54214806a0ad2c72090c39770e802aaa045deecaecc112c80a022ea3c4540823a175d11ba4fa347727931776854265c62228324ee77a8f19360f80f0a0152bfab2214474e3f744f8a0a577c26cdc2ab325326b40bc7d5d6fb9a005f9dce9418b6deaL

[+]n2=0x41e446d32fd2f4143558b8abf4f9cfd1feb827f49a3e61e115157ac948a183c196531acdd66d7749ede2f5913b01cdc49f98abb77a7bf6c9f1246ab1e74288d90885a0359cb244cc71f94b19fb552c2b6ace51ddf48893e3bae0561ae78cec67e71e7864da05fcfc13b8d3d741ef988043e944f8a53bb84def356170e2a9e5a3L

[+]c2=pow(m,e,n2)=0x2d9dbdaa0b89a0d12624a34146871f0378843199c516015e25770baefb00771713a705ff48eea7d9cad2a50c7b31d73612ac4c68ff29ba5a230546ff364fe6d2dc807b5eab1b3633baffe89c421bd683da0e4c828cd0709d08b2fb6941b94e3b73f87f1db368ef77d0597d1478192722b7ccfdab10dd4c9f6321676f5397e0ffL

[+]n3=0x1f7f8868ee329980957490a294da7507071ac5b90c029dddfef65a62a9c6010fa8cb735a00a7524e5633d3f807cc639d8956486bd29f46d16e731db107c8f1d58f995ec39c5582155ee06d4db32317fa1b3b9148052c18245c8b48f87844cb68d81f1f995044fa22eb18c197e437ba3badc12bc749572a49de66828e391b1dbL

[+]c3=pow(m,e,n3)=0x1e1e3ed0522464ccde39974aa9664f2fe9dad909ba4d42e9c2266dafccb5dc7e2074a9d4ac180653985e1b89def78d06143800d678365041abe2278dbcac81fce8f1122a117bd77b455ff7585a46d7e439265baa9c493d3f2fb2172a9bc07ba1483e1ed58a0eb5ea8efbd1d5f33cb62e01ab9ccecf7f2d396d4034b73cbf77cL

首先尝试发现

math?formula=n_1

math?formula=n_2

math?formula=n_3没有公约数(如果有的话可以直接分解)。然后,利用中国剩余定理得到:

math?formula=m%5Ee%3D%20n_2n_3c_1((n_2n_3)%5E%7B-1%7Dmod%20n_1)%2Bn_1n_3c_2((n_1n_3)%5E%7B-1%7Dmod%20n_2)%2Bn_2n_1c_1((n_2n_1)%5E%7B-1%7Dmod%20n_3)%20mod%20n_1n_2n_3

可以发现m是512位的,因此

math?formula=m%5E3大概是1536位的,少于

math?formula=n_1n_2n_3的3072位。因此,我们可以知道

math?formula=m%5Ee%3D%20(n_2n_3c_1((n_2n_3)%5E%7B-1%7Dmod%20n_1)%2Bn_1n_3c_2((n_1n_3)%5E%7B-1%7Dmod%20n_2)%2Bn_2n_1c_1((n_2n_1)%5E%7B-1%7Dmod%20n_3)%EF%BC%89%20%25%20n_1n_2n_3

直接求立方根就可以得到m了。

5. chalenge 5

[++++++++++++++++]challenge 4 completed[++++++++++++++++]

[+]Generating challenge 5

[+]n=0x3298d508dc5255e5f53c2890326aceacf9439b9f2f06e2abf3e19ece5a503315852cbaf9ab9f730f9bde1082331f0697491dade2c57463d610b540697506ce3441ced4262ca150b1c28535f266e954967895f6d4b3fc86281cdfaa21fa8aa1b440de1bb0b0b4332969f24bff01d574f94235de3bc3da43401915adf253589b63L

[+]e=3

[+]m=random.getrandbits(512)

[+]c=pow(m,e,n)=0x1b124c087004fd532a26f2cb6cc5c9ee2176c2070d87c159bd0e74b8811ab3af84c96e05dd7bf6bb6b5a251c8558c357036aff678525c8734570e142e38e77419993892a29d9a9f54bd3d4c048895482466d749eb0cf5b12b427c1753f6ebe3eba2ad9dcdc87b7c2040bfab6a5c124eb21b821fa58e167d8cb57e9c551ab9dbfL

[+]x=pow(m+1,e,n)=0x2d6fcf825d2fcb98f37f951fc000520f4aab11222f92a1af01e0988943fdde016664b706f4197bd085e79f57daedbecf4ee59cc9f010998c22f1c2df6223df57e86b9efd8bcca779f16e6da8a54778459b4d956a255d8ecc3d3a9e9a72a7c70cb2bec8bbaa2bb5c2f2d3f95769cee6fdd7fd04bbd6d84070e50739b5b059c6e6L

[-]long_to_bytes(m).encode('hex')=

题目中给出了m和m+1加密后的结果。即我们知道:

math?formula=m%5E3%5Cequiv%20c_1%5C%20mod%5C%20n%20%5C%5C%20(m%2B1)%5E3%20%5Cequiv%20c_2%5C%20mod%5C%20n

二者相减得到:

math?formula=3m%5E2%2B3m%2B1%20%5Cequiv%20c_2-c_1%5C%20mod%5C%20n

两边减1并乘以3模n的逆得到:

math?formula=m%5E2%2Bm%20%5Cequiv%20(c_2-c_1-1)*(3%5E%7B-1%7D%5C%20mod%5C%20n)%20mod%5C%20n

我们知道m是512位的,由此可以推出

math?formula=m%5E2%2Bm不超过1024位。进而可以得到:

math?formula=m%5E2%2Bm%20%3D%20k*n%2B(c_2-c_1-1)*(3%5E%7B-1%7D%5C%20mod%5C%20n)%20%25n

k = 0或1(不确定自己分析的对不对,所以写代码的时候把k的范围稍微扩大了一点点)

然后,对每一个k值,尝试求解上面的方程就可以得到结果了。因为

math?formula=m%5E2%2Bm

math?formula=(0%2C%2B%5Cinfty)单调递增,因此求解方法用二分法即可。

6. challenge 6

[++++++++++++++++]challenge 5 completed[++++++++++++++++]

[+]Generating challenge 6

[+]n=0xbadd260d14ea665b62e7d2e634f20a6382ac369cd44017305b69cf3a2694667ee651acded7085e0757d169b090f29f3f86fec255746674ffa8a6a3e1c9e1861003eb39f82cf74d84cc18e345f60865f998b33fc182a1a4ffa71f5ae48a1b5cb4c5f154b0997dc9b001e441815ce59c6c825f064fdca678858758dc2cebbc4d27L

[+]d=random.getrandbits(1024*0.270)

[+]e=invmod(d,phin)

[+]hex(e)=0x11722b54dd6f3ad9ce81da6f6ecb0acaf2cbc3885841d08b32abc0672d1a7293f9856db8f9407dc05f6f373a2d9246752a7cc7b1b6923f1827adfaeefc811e6e5989cce9f00897cfc1fc57987cce4862b5343bc8e91ddf2bd9e23aea9316a69f28f407cfe324d546a7dde13eb0bd052f694aefe8ec0f5298800277dbab4a33bbL

[+]m=random.getrandbits(512)

[+]c=pow(m,e,n)=0xe3505f41ec936cf6bd8ae344bfec85746dc7d87a5943b3a7136482dd7b980f68f52c887585d1c7ca099310c4da2f70d4d5345d3641428797030177da6cc0d41e7b28d0abce694157c611697df8d0add3d900c00f778ac3428f341f47ecc4d868c6c5de0724b0c3403296d84f26736aa66f7905d498fa1862ca59e97f8f866cL

注意到题目中提示

math?formula=p的位数为0.27*1024,相当于

math?formula=p%3Cn%5E%7B0.27%7D。不知道怎么办,后来在mhx的提示下发现Boneh and Durfee attack在

math?formula=p%3Cn%5E%7B0.292%7D时分解n。然后又是直接抄个脚本过来分解掉了。

代码如下(不包含Sage脚本,因为上面提供的连接中都有):

from Crypto.Util import number

from pwn import *

import hashlib

import libnum

from aux import *

import tqdm

import gmpy2

conn = remote('119.3.245.36', 12345)

x0 = 3031202121516888756254+0xb74706a05587a42246ed7ff2f03c4edf180f5248cfb7a8b86757ea456ba134c8a81f146b3172d1b59437efeb2e59b41e8dbb9cf2ac3254000000000000000000

p = 157455850951539875413707605384569848509+0xbb1c7149e21b37fb4480326fa4ce2f825ff449b22fbc55d5b9d51dea23d64d6c36d5e45a25d4a46f2559d26625dc6bd900000000000000000000000000000000L

n = 0xaf10597fa3ac1e95f9eeeb0747827fbfd6a6b74e9e7824e5e58c9423e4eea8f898ef5ad96900adc54721aa922af14987fbeecd1663e639f85d4e0fc2f5cc50fc1dfdf3e0b04d8395fdb8372447f0b398a7bff92cf7745c03a613e71a7017648db905ac867d69aab2c8c9ff0fc65c3313f4080cbb46d1a13a3b6c8e263915a413

q = n/p

c = 0x7be9e49497bebb936018a628148e89dc2f8cb919ac899b1ac3fa050ba7987e051e78adc51677d3ab3d2529d1f98be08459699ab381e6bd51c96cb6ae327112d0bfcdd68691f55a0b9e92516506939cbbd1612a4760d428df38dab6353b838f7bfdbfcfd3fad489258a8a289527c30a9a38bdbec751c3c3dacdb9f67a222fc8c0

x1 = pow(c,gmpy2.invert(65537,(p-1)*(q-1)),n)

d = 73897859833360735083833018291216138538391694441421128347796113898176347610218862647497820864455327205623491646417194479391497879610944659647766341364110862866967065387388720221408859326315301232384151863747183910278699184043306720913086501616478917318589938736632770485961912898351468620093203923268728767267

c = 0x169f8a6015b955747b211adb5e6a573eb03ea164170a35582dbc45d2a5d6ac4a01e0fae44b919d9afa419d73c1c02cb8e1095738b84236d53997862e0ac4dd108a47db0fb3515f3d8f29f620ec209bde20ebc93e64e9301751470f80212072e0981db41e0b307dbac81e3e126dd0e58cc96046b993cd2d48460731bb0a8c437c

n = 0x9dd9df9c335f720b2a01628f4433daeec452e55ed505ae66df8567c6ca66ea0796a242a7bcc41b973d0392ccd0a6e11c829890d3243cf86c90a03a5729240cb9eae191f5cff6294d83a04cee995a8d01f72e4d2166c60b7368b8061cf23e5b89d5057b7026ff7673c658f478cd0e3a6e0a21a97e21c9b2e5d8e94cbb50210d99L

x2 = pow(c,d,n)

n1 = 0x3cfc26953d034786a32dd22249d823ec272b8a46216efae5e57f9a8b8c7fed3b9b4a3c9361447159d714a614d7501e5b628a3da24b11a4ecd8c9c3f3cafb52674985752081ddff6eea6fc6c069d27b96ae039a53d05791c5207236890229abd337f2cad946ab550f8f4c414537fd3c0135f3b4f27e6919c15f2aa81a1ffe15af

n2 = 0x41e446d32fd2f4143558b8abf4f9cfd1feb827f49a3e61e115157ac948a183c196531acdd66d7749ede2f5913b01cdc49f98abb77a7bf6c9f1246ab1e74288d90885a0359cb244cc71f94b19fb552c2b6ace51ddf48893e3bae0561ae78cec67e71e7864da05fcfc13b8d3d741ef988043e944f8a53bb84def356170e2a9e5a3

n3 = 0x1f7f8868ee329980957490a294da7507071ac5b90c029dddfef65a62a9c6010fa8cb735a00a7524e5633d3f807cc639d8956486bd29f46d16e731db107c8f1d58f995ec39c5582155ee06d4db32317fa1b3b9148052c18245c8b48f87844cb68d81f1f995044fa22eb18c197e437ba3badc12bc749572a49de66828e391b1db

c1 = 0x374c6727e44c56e0de065f16bce1314b857792862f5d848a88d442605d7a54214806a0ad2c72090c39770e802aaa045deecaecc112c80a022ea3c4540823a175d11ba4fa347727931776854265c62228324ee77a8f19360f80f0a0152bfab2214474e3f744f8a0a577c26cdc2ab325326b40bc7d5d6fb9a005f9dce9418b6dea

c2 = 0x2d9dbdaa0b89a0d12624a34146871f0378843199c516015e25770baefb00771713a705ff48eea7d9cad2a50c7b31d73612ac4c68ff29ba5a230546ff364fe6d2dc807b5eab1b3633baffe89c421bd683da0e4c828cd0709d08b2fb6941b94e3b73f87f1db368ef77d0597d1478192722b7ccfdab10dd4c9f6321676f5397e0ff

c3 = 0x1e1e3ed0522464ccde39974aa9664f2fe9dad909ba4d42e9c2266dafccb5dc7e2074a9d4ac180653985e1b89def78d06143800d678365041abe2278dbcac81fce8f1122a117bd77b455ff7585a46d7e439265baa9c493d3f2fb2172a9bc07ba1483e1ed58a0eb5ea8efbd1d5f33cb62e01ab9ccecf7f2d396d4034b73cbf77c

x = c1*gmpy2.invert(n2*n3,n1)*n3*n2 + c2*gmpy2.invert(n1*n3,n2)*n1*n3 + c3 * gmpy2.invert(n1*n2,n3)*n1*n2

x = int(x%(n1*n2*n3))

def cubeRoot(x):

l,r = 0,x

while l

mid = (l+r)//2

if mid**3 == x:

return mid

elif mid**3 < x:

l = mid+1

else:

r = mid-1

return l

x3 = cubeRoot(x)

assert x3**3 %n1 == c1 and x3**3%n2 == c2 and x3**3%n3 == c3

n = 0x3298d508dc5255e5f53c2890326aceacf9439b9f2f06e2abf3e19ece5a503315852cbaf9ab9f730f9bde1082331f0697491dade2c57463d610b540697506ce3441ced4262ca150b1c28535f266e954967895f6d4b3fc86281cdfaa21fa8aa1b440de1bb0b0b4332969f24bff01d574f94235de3bc3da43401915adf253589b63

e = 3

c = 0x1b124c087004fd532a26f2cb6cc5c9ee2176c2070d87c159bd0e74b8811ab3af84c96e05dd7bf6bb6b5a251c8558c357036aff678525c8734570e142e38e77419993892a29d9a9f54bd3d4c048895482466d749eb0cf5b12b427c1753f6ebe3eba2ad9dcdc87b7c2040bfab6a5c124eb21b821fa58e167d8cb57e9c551ab9dbf

x = 0x2d6fcf825d2fcb98f37f951fc000520f4aab11222f92a1af01e0988943fdde016664b706f4197bd085e79f57daedbecf4ee59cc9f010998c22f1c2df6223df57e86b9efd8bcca779f16e6da8a54778459b4d956a255d8ecc3d3a9e9a72a7c70cb2bec8bbaa2bb5c2f2d3f95769cee6fdd7fd04bbd6d84070e50739b5b059c6e6

tmp = (x-c-1)*gmpy2.invert(3,n)%n

def findm(x,n):

l,r = 0,n

while l

mid = (l+r)//2

t = mid**2+mid

if t==x:

return mid

elif t

l = mid +1

else:

r = mid -1

return l

for i in range(5):

m = findm(tmp+i*n,n)

if (m**2+m) == tmp:

break

assert (m**3)%n == c

x4 = m

n = 0xbadd260d14ea665b62e7d2e634f20a6382ac369cd44017305b69cf3a2694667ee651acded7085e0757d169b090f29f3f86fec255746674ffa8a6a3e1c9e1861003eb39f82cf74d84cc18e345f60865f998b33fc182a1a4ffa71f5ae48a1b5cb4c5f154b0997dc9b001e441815ce59c6c825f064fdca678858758dc2cebbc4d27

e = 0x11722b54dd6f3ad9ce81da6f6ecb0acaf2cbc3885841d08b32abc0672d1a7293f9856db8f9407dc05f6f373a2d9246752a7cc7b1b6923f1827adfaeefc811e6e5989cce9f00897cfc1fc57987cce4862b5343bc8e91ddf2bd9e23aea9316a69f28f407cfe324d546a7dde13eb0bd052f694aefe8ec0f5298800277dbab4a33bb

c = 0xe3505f41ec936cf6bd8ae344bfec85746dc7d87a5943b3a7136482dd7b980f68f52c887585d1c7ca099310c4da2f70d4d5345d3641428797030177da6cc0d41e7b28d0abce694157c611697df8d0add3d900c00f778ac3428f341f47ecc4d868c6c5de0724b0c3403296d84f26736aa66f7905d498fa1862ca59e97f8f866c

d = 776765455081795377117377680209510234887230129318575063382634593357724998207571

assert c == pow(c,e*d,n)

x5 = pow(c,d,n)

solveSHA(conn)

conn.recvuntil('long_to_bytes(m).encode(\'hex\')=')

conn.sendline(number.long_to_bytes(x0).encode('hex'))

conn.recvuntil("long_to_bytes(m).encode('hex')=")

conn.sendline(number.long_to_bytes(x1).encode('hex'))

conn.recvuntil("long_to_bytes(m).encode('hex')=")

conn.sendline(number.long_to_bytes(x2).encode('hex'))

conn.recvuntil("long_to_bytes(m).encode('hex')=")

conn.sendline(number.long_to_bytes(x3).encode('hex'))

conn.recvuntil("long_to_bytes(m).encode('hex')=")

conn.sendline(number.long_to_bytes(x4).encode('hex'))

conn.recvuntil("long_to_bytes(m).encode('hex')=")

conn.sendline(number.long_to_bytes(x5).encode('hex'))

conn.interactive()

强网先锋-辅助

题目中给出了

math?formula=n_1%3Dp_1*q,

math?formula=n_2%3Dp_2*q的值,并用

math?formula=n

math?formula=e加密了明文。因此,先对

math?formula=n_1

math?formula=n_2求最大公约数可以得到

math?formula=q,进而分解

math?formula=n_1,最后得到

math?formula=d解密密文。

c1 = 2482083893746618248544426737023750400124543452082436334398504986023501710639402060949106693279462896968839029712099336235976221571564642900240827774719199533124053953157919850838214021934907480633441577316263853011232518392904983028052155862154264401108124968404098823946691811798952747194237290581323868666637357604693015079007555594974245559555518819140844020498487432684946922741232053249894575417796067090655122702306134848220257943297645461477488086804856018323986796999103385565540496534422406390355987976815450744535949785073009043007159496929187184338592859040917546122343981520508220332785862546608841127597

e = 65537

n1 = 14967030059975114950295399874185047053736587880127990542035765201425779342430662517765063258784685868107066789475747180244711352646469776732938544641583842313791872986357504462184924075227433498631423289187988351475666785190854210389587594975456064984611990461126684301086241532915267311675164190213474245311019623654865937851653532870965423474555348239858021551589650169602439423841160698793338115204238140085738680883313433574060243600028500600824624358473403059597593891412179399165813622512901263380299561019624741488779367019389775786547292065352885007224239581776975892385364446446185642939137287519945974807727

c2 = 3829060039572042737496679186881067950328956133163629908872348108160129550437697677150599483923925798224328175594483217938833520220087230303470138525970468915511111320396185482564783975435346354440035776909781158407636044986403819840648379609630039348895415045723208843631191252142600667607807479954194447237061080618370787672720344741413537975922184859333432197766580150534457001196765621678659952108010596273244230812327182786329760844037149719587269632133595149294067490955644893402708720284179715002149224068928828656515326446881791228638008572889331511945042911372915003805505412099102954073299010951896955362470

n2 = 14624662628725820618622370803948630854094687814338334827462870357582795291844925274690253604919535785934208081825425541536057550227048399837243392490762167733083030368221240764693694321150104306044125934201699430146970466657410999261630825931178731857267599750324918610790098952520113593130245010530961350592735239454337631927669542026935873535964487595433984902529960726655481696404006628917922241666148082741874033756970724357470539589848548704573091633917869387239324447730587545472564561496724882799495186768858324490838169123077051890332313671220385830444331578674338014080959653201802476516237464651809255679979

import gmpy2

from Crypto.Util.number import getPrime,bytes_to_long,long_to_bytes

p = gmpy2.gcd(n1,n2)

assert n1%p ==0 and n2%p == 0

q = n1//p

print "flag=%s"%(long_to_bytes(pow(c1,gmpy2.invert(e,(p-1)*(q-1)),n1),))

weixin_39865625
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
js实现点击烟花特效
01-18
代码: [removed] function clickEffect() { let balls = []; let longPressed = false; let longPress;... const colours = [#F73859, #14FFEC, #00E0FF, #FF99FE, #FAF15D]; const canvas = do
BUUCTF-CRYPTO-强网杯2019 Copperstudy
m0_62506844的博客
04-23 802
coppersmith基础很全面了 第一题: 利用kali的hashcat: hashcat -a 3 --hex-salt -m 1420 e96ccab8a20768b1a4ed29cb8127a35c9c0042f585d32eb357fa5c2b8b6a2e29:52dc4554e6 ?b?b?b --force --show 第二题 已知m高位 第三题 已知p高位 第四题 已知d低位 第五题 广播攻击 第六题 短填充攻击 第七题 Boneh and Durfee attack
RSA自查表(内含脚本)
pwnyuan's blog
11-19 1896
RSA自查表BeforeRSA原理攻击类型低加密指数分解攻击e=2 把c开平方求解e=2 Rabin算法e=3 小明文攻击低解密指数攻击(Wiener's Attack)Boneh and Durfee attack低加密指数广播攻击共模攻击模不互素e与phi 不互素e与phi不互素,存在公因子x(x!=e)e与phi不互素,存在公因子x(x==e即e为phi的一个因子)Coppersmith攻击已知m的高位(Known High Bits Message Attack)已知p的高位(Factoring w
signature=33dc74750c205adabba2ee42799fa732,lllll.html
weixin_35747627的博客
05-30 8661
<>$(document).ready(function(){$("#x").click(function(){$("#aaa").fadeToggle();});});$(document).ready(function(){$("#xx").click(function(){$("#ddd").fadeToggle();});});$(document).ready(functio...
signature=9abcfd6b9fa1aeb46c90db58bb7dc716,yarn.lock
weixin_28878621的博客
05-29 5992
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.# yarn lockfile v1"@babel/runtime@^7.1.2":version "7.1.2"resolved "http://registry.npm.taobao.org/@babel/runtime/download/@babel/runtime...
signature=17ede2daffab535e010937b46f183f69,Unit4.dfm
weixin_39707478的博客
05-30 2万+
object Form4: TForm4Left = 0Top = 0Caption = #22791#24536ClientHeight = 342ClientWidth = 403Color = clBtnFaceFont.Charset = DEFAULT_CHARSETFont.Color = clWindowTextFont.Height = -14Font.Name = 'Tahoma...
c758f52e87.html,查看源码: delphi_product.rar_Unit4.dfm 第1页 - VerySource
weixin_30686891的博客
06-16 1万+
objectForm4:TForm4Left=133Top=12BorderIcons=[]BorderStyle=bsNoneCaption='Form4'ClientHeight=626ClientWidth=860Color=clBtnFaceFont.Charset=DEFAULT_CHARSETFont.Color=clWindowTextFo...
MoeCTF2022 部分Crypto 复现
Luiino的博客
11-05 2737
用基础方法解不出来,原因是e与phi_n不互素,又phi_n = (p-1)*(q-1),求gcd(e,(p-1))和gcd(e,(q-1)),发现e与p-1互素。choice用法:从非空序列中随机选取一个数据并带回,该序列可以是list、tuple、str、set。,计算delt + N是否为完全平方数,如果为完全平方数,那么delt + N =Wilson定理:如果p是素数,则(p − 1)!可以知道p、q相近,则|p-q|很小,进而。因此,我们可以爆破差值delt,即。与 N 相差很小,从而。
应用数字指纹ECFF的音频盗版追踪系统设计
07-21
毕设项目,设计实现了一个带有版权保护的在线音乐网站
半静态编译的bpftrace:v0.16.0
09-02
linux-vdso.so.1 (0x00007ffec589f000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fef1540d000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fef15408000) libdl.so.2 =>...
色彩编码基本参考
09-26
色彩编码,RGB 与 16进制参考 #FFFFFF #FFFFF0 #FFFFE0...#FFEFD5 #FFEC8B #FFEBCD #FFE7BA #FFE4E1 #FFE4C4 #FFE4B5 #FFE1FF #FFDEAD #FFDAB9 #FFD700 #FFD39B #FFC1C1 #FFC125 #FFC0CB #FFBBFF #FFB90F
\PowerArchiver.2010.v11.50.43.beta.4
08-30
PowerArchiver.2010.v11.50.43.beta.4 Name: Peter Hoffffff Code: 0D0E60-78E901-EBB705-0B71F0-FFEC54-0A8188-F1D031
c758f52e87.html,查看源码: rainsoft_200372295849.rar_AboutFrm.dfm - VerySource
weixin_39638526的博客
06-16 2万+
objectfrmAbout:TfrmAboutLeft=216Top=110Width=516Height=326Caption='关于...'Color=clBtnFaceFont.Charset=DEFAULT_CHARSETFont.Color=clWindowTextFont.Height=-11Font.Name='MSSansSerif...
【密码学】破解RSA密码(Python代码实现)
Mitchell_Donovan的博客
12-26 1万+
题目描述 已知有人写了如下的代码,并将生成的(n,e,c)以及(n2,e2,c2,(p2+1)*(q2+1))输出。 from Crypto.Util.number import * def ef(): p=getPrime(512) q=getPrime(512) flag=open("flag","rb").read() m=bytes_to_long(flag) e=65537 n=p*q c=pow(m,e,n) print(n,...
简单RSA算法
WangLal的博客
02-28 2297
RSA 最近在涅普科技的网课下学习了RSA。来总结一下。 在去了解RSA的前提下,我们需要一些数论基础。 mod是取余函数,a mod b表示a 对 b取余 同余:若 a,b为两个整数且它们的差能被某个自然数 n 所 整除则称 a 就模 n 来说同余于 b,或者说 a 和 b关于模 n 同余,也可以说a和b对n的余数是相同的。 可以记为a ≡ b(mod n) 模逆元: 模逆元也称为模倒数。 一整数A对同余 N之模逆元是指满足以下公式的整数 A^-1≡ B(mod n) 也可以为A*B ≡ 1 mod n
字体编辑用中日韩汉字Unicode编码表
热门推荐
lotte
03-31 5万+
一 丁 丂 七 丄 丅 丆 丈 三 上 下 丌 不 与 丏 4E00 4E01 4E02 4E03 4E04 4E05 4E06 4E07 4E08 4E09 4E0A 4E0B 4E0C 4E0D 4E0E 4E0F 丐 丑 丒 专 且 丕 世 丗 丘 丙 业 丛 东 丝 丞 丟 4E10 4E11 4E12 4E13 4E14 4E15 4E16 4E17 4E18 4E19 4E1A 4E1B 4E1C 4E1D 4E1E 4E1F 丠 両 丢 丣 两 严 並 丧 丨 丩 个 丫 ...
signature=97f6825e49e852b7cef999d3176defdc,求补档HBMAME GIT (20.02.19) (ARCADE Hacks Emulator for WIN)版...
weixin_39745724的博客
05-29 3367
Alien Challenge (Simplified Edition 2018-07-05) [folder: alienchas02 - parent: aliencha - size: 26mb]missing rom: igsc0102_po02.u81 [size: 2097152] [CRC32: cfd429ae] [SHA1: 4c23dba96f80ffefbabcb5da7bb...
signature=d6661ffc104d47cc8a8c4281f77bbffc,Hardware/FMUv3_REV_D/__Previews/FMU3_REV_D.PcbDocPreview ...
weixin_29147045的博客
05-29 3万+
[Preview]LargeImageOriginalSize=1000000LargeImageWidth=500LargeImageHeight=500LargeImage=78DAEDDD7F88A4F77D1FF02F48F4BF0882083658588B28CD9238A2C604B2CBD162ACD06954820E85DA252A5608197A843672A2362D97C24...
基于Springboot+Vue的墙绘产品展示交易平台毕业源码案例设计.zip
最新发布
04-27
网络技术和计算机技术发展至今,已经拥有了深厚的理论基础,并在现实中进行了充分运用,尤其是基于计算机运行的软件更是受到各界的关注。加上现在人们已经步入信息时代,所以对于信息的宣传和管理就很关键。系统化是必要的,设计网上系统不仅会节约人力和管理成本,还会安全保存庞大的数据量,对于信息的维护和检索也不需要花费很多时间,非常的便利。 网上系统是在MySQL中建立数据表保存信息,运用SpringBoot框架和Java语言编写。并按照软件设计开发流程进行设计实现。系统具备友好性且功能完善。 网上系统在让售信息规范化的同时,也能及时通过数据输入的有效性规则检测出错误数据,让数据的录入达到准确性的目的,进而提升数据的可靠性,让系统数据的错误率降至最低。 关键词:vue;MySQL;SpringBoot框架 【引流】 Java、Python、Node.js、Spring Boot、Django、Express、MySQL、PostgreSQL、MongoDB、React、Angular、Vue、Bootstrap、Material-UI、Redis、Docker、Kubernetes
Error: TencentCloud API error: { "Response": { "Error": { "Code": "FailedOperation.UpdateFunctionCode", "Message": "当前函数处于Creating状态,无法进行此操作,请稍后重试。" }, "RequestId": "a1245116-3a3d-4495-99b3-65f4524ffec7" } }
07-25
这个错误提示表明在调用腾讯云 API 时发生了错误。具体的错误信息是: ``` "Code": "FailedOperation.UpdateFunctionCode", "Message": "当前函数处于Creating状态,无法进行此操作,请稍后重试。...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值