[MRCTF2020]babyRSA

最新推荐文章于 2023-09-07 12:46:19 发布
最新推荐文章于 2023-09-07 12:46:19 发布
阅读量1.4k 收藏 1
点赞数 2
分类专栏: RSA
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_44110537/article/details/107411524
版权

题目

在这里插入图片描述

加密脚本

import sympy
import random
from gmpy2 import gcd, invert
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
from z3 import *
flag = b"MRCTF{xxxx}"
base = 65537


def GCD(A):
    B = 1
    for i in range(1, len(A)):
        B = gcd(A[i-1], A[i])
    return B


def gen_p():
    P = [0 for i in range(17)]
    P[0] = getPrime(128)
    for i in range(1, 17):
        P[i] = sympy.nextprime(P[i-1])
    print("P_p :", P[9])
    n = 1
    for i in range(17):
        n *= P[i]
    p = getPrime(1024)
    factor = pow(p, base, n)
    print("P_factor :", factor)
    return sympy.nextprime(p)


def gen_q():
    sub_Q = getPrime(1024)
    Q_1 = getPrime(1024)
    Q_2 = getPrime(1024)
    Q = sub_Q ** Q_2 % Q_1
    print("Q_1: ", Q_1)
    print("Q_2: ", Q_2)
    print("sub_Q: ", sub_Q)
    return sympy.nextprime(Q)


if __name__ == "__main__":
    _E = base
    _P = gen_p()
    _Q = gen_q()
    assert (gcd(_E, (_P - 1) * (_Q - 1)) == 1)
    _M = bytes_to_long(flag)
    _C = pow(_M, _E, _P * _Q)
    print("Ciphertext = ", _C)
'''
P_p : 206027926847308612719677572554991143421
P_factor : 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1:  103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2:  151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q:  168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext =  1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
'''

分析

拿到加密脚本以后,发现p,q的生成方式不同,其中,q的生成方式比较简单.三数相乘以后取结果的下一个素数.p的求解则需要先求出n的欧拉函数值,然后求出base对应的逆元然后求解p,p求出来以后就可以解密密文了.

decrypt

'''
import sympy
import random
from gmpy2 import gcd, invert
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
from z3 import *
flag = b"MRCTF{xxxx}"
base = 65537


def GCD(A):
    B = 1
    for i in range(1, len(A)):
        B = gcd(A[i-1], A[i])
    return B


def gen_p():
    P = [0 for i in range(17)]
    P[0] = getPrime(128)
    for i in range(1, 17):
        P[i] = sympy.nextprime(P[i-1])
    print("P_p :", P[9])
    n = 1
    for i in range(17):
        n *= P[i]
    p = getPrime(1024)
    factor = pow(p, base, n)
    print("P_factor :", factor)
    return sympy.nextprime(p)


def gen_q():
    sub_Q = getPrime(1024)
    Q_1 = getPrime(1024)
    Q_2 = getPrime(1024)
    Q = sub_Q ** Q_2 % Q_1
    print("Q_1: ", Q_1)
    print("Q_2: ", Q_2)
    print("sub_Q: ", sub_Q)
    return sympy.nextprime(Q)


if __name__ == "__main__":
    _E = base
    _P = gen_p()
    _Q = gen_q()
    assert (gcd(_E, (_P - 1) * (_Q - 1)) == 1)
    _M = bytes_to_long(flag)
    _C = pow(_M, _E, _P * _Q)
    print("Ciphertext = ", _C)
'''

P_p=206027926847308612719677572554991143421
P_factor=213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1=103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2=151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q=168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext=1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
import gmpy2
import Crypto
import sympy
base = 65537
q=sympy.nextprime(gmpy2.powmod(sub_Q,Q_2,Q_1))
P=[]
for i in range(9):
    P_p=sympy.prevprime(P_p)
P.append(P_p)
for i in range(1,17):
    P.append(sympy.nextprime(P[i-1]))
n=1
phi=1
for i in range(17):
    n*=P[i]
    phi*=(P[i]-1)
based=gmpy2.invert(base,phi)
_p=gmpy2.powmod(P_factor,based,n)
p=sympy.nextprime(_p)
d=gmpy2.invert(base,(p-1)*(q-1))
plaintext=gmpy2.powmod(Ciphertext,d,p*q)
import binascii
print(binascii.unhexlify(hex(plaintext)[2:]))
前方是否可导?
关注
  • 2
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
MRCTF2020 babyRSA
pondzhang的专栏
05-21 371
import sympy import gmpy2 Q_1= 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009
vigenere-cipher:Vigenere密码
03-19
虚拟密码 vigenere密码是一种利用密钥的加密和解密方法。它由重复26行/列的字母表组成,但是第一个字母被推到字母表的末尾,并且一直持续到z是第25行中的第一个字母为止。然后,程序将密钥用于行,将消息加密用于列。字母匹配,并显示加密的消息。标点和空格保持不变。
BUUCTF RSA(三)
qq_52193383的博客
08-18 942
这里写目录标题1.[MRCTF2020]babyRSA2.[WUSTCTF2020]dp_leaking_1s_very_d@angerous3.[NPUCTF2020]EzRSA4.[MRCTF2020]Easy_RSA5.[INSHack2019]Yet Another RSA Challenge - Part 1 1.[MRCTF2020]babyRSA 根据给出的代码可以很容易推出 _Q = sympy.nextprime(pow(sub_Q,Q_2,Q_1))。我们知道P[9],就可以推出其他的素
RSA 2022/8/14
sylvia_a的博客
08-17 214
buursa(欧拉函数,e和phin不互质)
刷题记录 7.7
PUTAOAO的博客
07-07 800
[MRCTF2020]babyRSA 需要求得p和q q简单点 Q_1=1037664398494655880846250494957938576345565170645634884331482245246381059711610517631277184380628625481848147476012994940528136628514597401274995577853987144819094616319960200483157901679676999329679744844812098796641730
BUUCTF 每日打卡 2021-5-8
weixin_52446095的博客
05-08 7307
引言 together 附件有两个 公钥,pem 和 flag(base64编码) 文件 联想题目,容易猜想是 RSA 共模攻击 编写代码验证: from Crypto.PublicKey import RSA with open("pubkey1.pem", "r") as f: key = RSA.import_key(f.read()) print(key.n) print(key.e) with open("pubkey2.pem", "r") as f: key
MRCTF2020——crypto——Easy_RSA——babyRSA
weixin_44159598的博客
03-29 2236
babyrsa 根据主函数可知,首要目的是找到_P和_Q,首先来看_P 可以发现 题目已给出P[9],所以直接目的可以手动测试周围素数,直到找到全部(这里是一部分) 这里我们可以得到N factor = pow(p, base, n) 这一句说明我们应该将这个简单RSA解出来,此时按照一般RSA的步骤求得d 这里已经得到N的所有因数,所以此时N的欧拉函数为所有因数减1相乘,即(p1-...
[MRCTF2020]babyRSA 1
最新发布
学习,再学习
09-07 114
正数和倒数的问题 下标 range(start, stop, step) 如果是到下标0 stop是-1 如果0到n, stop是n+1
BUUCTF RSA题目全解4
MikeCoke的博客
12-19 3577
1.[MRCTF2020]babyRSA 题目 import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes from z3 import * flag = b"MRCTF{xxxx}" base = 65537 def GCD(A): B =
采区含断层工作面冲击失稳预测
04-19
本文以矿井西二采区某一工作面为工程背景,根据数值模拟峰前扰动时断层面应力、位移分叉趋势对断层冲击地压危险区域进行了初步划分,通过现场电磁辐射监测结果分析可知:预测的预警距离是工作面距断层35m时应当采取加强...
CTF 逆向练习-Transform
06-10
该资源配合博客使用,博客我还没写。 有空我会在哔哩哔哩录制教程。
向前欧拉法matlab代码-zbc-ops:我的GitHub个人资料的配置文件
05-20
1.mrctf[friendly_sign-in] 意思就是服务器产生一个数组$N$,需要输入一个数组$X$与其对应位置乘积和为$0$,题目说$N$中全为素数,实际好像不是,因为产生这么多素数比较耗时间,但里面还是大部分都是素数。这里可以...
C语言函数
ZiLongO的专栏
04-11 1213
Functions 函数和变量、控制流、条件一样、函数也是现代编程语言的基本组成部分。他可以使我们在应用中重复利用一块代码,对于代码的组织和维护是很有必要的。您将在IOS和OS X的框架中发现大量的例子。像其他的基础元素一样,Object-C的函数也是建立在C语言函数之上的。这章我们将介绍C语言最重要的方面,包括基本语法、声明和实现、变量生命周期以及函数库的注意事项。Basic Syntax 基本语
[羊城杯 2020]GMC题解
a5555678744的博客
10-06 2495
def gen_y(gN): gy_list = [] while len(gy_list) != F_LEN: ty = getRandomNBitInteger(768) if gcd(ty,gN) == 1: gy_list.append(ty) return gy_list 刚做这道题看到上面的getRandomNBitInteger()函数,不自觉地网MT上靠,但是发现有一个神出鬼没的x存在,让我根本还原不了6...
格密码(Lattice)与NTRUEncrypt介绍
heartbewith的博客
08-22 2388
在http://www.hackdig.com/02/hack-57841.htm一文基础上,以更连续合理的逻辑解释格密码及二维SVP问题的求解、LLL算法
[MRCTF2020]PYWebsite 1
weixin_53150482的博客
07-20 338
[MRCTF2020]PYWebsite 1
MRCTF 2020 Crypto writeup
Slightwind's Blog
03-29 2563
MRCTF 2020 Crypto writeup
rsa中已知 n,e,d 来分解n
weixin_44110537的博客
08-07 4533
rsa中,如果已知n,e,d 的话可以试着用以下方法来分解n 由e,d 的定义我们可以知道: ed-1=k(p-1)(q-1) 这里我们任取一个小于n的数g 从而: ged-1 =gk(p-1)(q-1) 在mod n 下 ged-1 =1 故 pq=ged-1 -1=0 (mod n) 令 k=ed-1 则: pq=gk -1=(gk/2 -1)(gk/2 +1) = 0(mod n) 我们可以发现如果gk/2 -1 在 mod n下 如果等于p或者q (即与n有非1最大公因子) 那么就可以分解n了.
[De1CTF2019]babyrsa(比较综合的rsa类型题目)
weixin_44110537的博客
07-18 3470
encrypt import binascii from data import e1,e2,p,q1p,q1q,hint,flag n = [20129615352491765499340112943188317180548761597861300847305827141510465619670536844634558246439230371658836928103063432870245707180355907194284861510906071265352409579441048101084995

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值