1、Crypto-dssssa2
题目源码如下:
from Crypto.Util.number import *
import random
from gmpy2 import *
from hashlib import sha1
from secret import flag
fakeflag = b'DASCTF{fakeflaga3608c231422e684c66494fe}'
m = bytes_to_long(flag)
q = getPrime(160)
while True:
p = getPrime(1024)
if (p-1) % q == 0:
break
h = random.randint(1, p-2)
g = powmod(h, (p-1)//q, p)
x = random.randint(1, q-1)
y = powmod(g, x, p)
k = random.randint(1, q-1)
h1 = bytes_to_long(sha1(flag).digest())
h2 = bytes_to_long(sha1(fakeflag).digest())
r = powmod(g, k, p) % q
s1 = (h1 + x*r) * invert(k, q) % q
s2 = (h2 + x*r) * invert(k, q) % q
c = powmod(m, x, p*q)
print(p, q, g, y, h1, r, s1, s2, c, sep=',')
# 176291757854662733114877112744401194575390352835519424536790973807236243319624167464380187540631208681192353238426874316586412901846421996082638350116673924438584000255270787552186066116466066360103258211990014457351027535315180262797511163028400025574336679508233431328234921467048874781156257329908279453359,1429930553224732700333533601760144308741233650737,13640791513390339140228801631487934314069405742468352432851759267319160350275762754832589318689013486356782873807340648343632198187137420614970479344371786357411510422969012205475001388552639364767258254375148008394047947363189261858745722488988965084619599200163119344433797487978525803589355476885062747048,68274302538248366857289877673633112271967500540943540461238318340458504693043753632424752359778354443372277536015771527310811616066151643328556878321065691530798027361384022009602647720690585262455449677637664902480060137614096231506457629988687344136420469430266193200509739704490090330433076089713841334739,746161617404459092775651370903806965294365914289,497995288615277752245272016619502426074060878921,72479559178566724294360816238397769196753718531,1241670676498603044097373107110962647205869504910,88223407250423691439189215635246258039542743373455721647822946284152163007846653206676154828244864064258857834601338792399492948946594442207850994014177326720705664477692035270866192907046386593443580955546555467989744773239524936840730045693280055718076210909191860676109903653343117484356708971847997138021400090559105402182606515112490143948080557343548
题目考察DSA算法共享密钥导致的安全问题,exp如下:
#p, q, g, y, h1, r, s1, s2, c
import gmpy2
from hashlib import sha1
from Crypto.Util.number import *
p = 176291757854662733114877112744401194575390352835519424536790973807236243319624167464380187540631208681192353238426874316586412901846421996082638350116673924438584000255270787552186066116466066360103258211990014457351027535315180262797511163028400025574336679508233431328234921467048874781156257329908279453359
q = 1429930553224732700333533601760144308741233650737
g = 13640791513390339140228801631487934314069405742468352432851759267319160350275762754832589318689013486356782873807340648343632198187137420614970479344371786357411510422969012205475001388552639364767258254375148008394047947363189261858745722488988965084619599200163119344433797487978525803589355476885062747048
y = 68274302538248366857289877673633112271967500540943540461238318340458504693043753632424752359778354443372277536015771527310811616066151643328556878321065691530798027361384022009602647720690585262455449677637664902480060137614096231506457629988687344136420469430266193200509739704490090330433076089713841334739
h1 = 746161617404459092775651370903806965294365914289
r = 497995288615277752245272016619502426074060878921
s1 = 72479559178566724294360816238397769196753718531
s2 = 1241670676498603044097373107110962647205869504910
c = 88223407250423691439189215635246258039542743373455721647822946284152163007846653206676154828244864064258857834601338792399492948946594442207850994014177326720705664477692035270866192907046386593443580955546555467989744773239524936840730045693280055718076210909191860676109903653343117484356708971847997138021400090559105402182606515112490143948080557343548
# s1 = (h1 + x*r) * invert(k, q) % q
# s2 = (h2 + x*r) * invert(k, q) % q
fakeflag = b'DASCTF{fakeflaga3608c231422e684c66494fe}'
h2 = bytes_to_long(sha1(fakeflag).digest())
ds = s2 - s1
dm = h2 - h1
k = gmpy2.mul(dm, gmpy2.invert(ds, q))
k = gmpy2.f_mod(k, q)
tmp = gmpy2.mul(k, s1) - h1
x = tmp * gmpy2.invert(r, q)
x = gmpy2.f_mod(x, q)
phi_n = (p-1)*(q-1)
d = gmpy2.invert(x,phi_n)
m = pow(c,d,p*q)
print(long_to_bytes(m))
#b'DASCTF{bbc2329a03a5319bc889b39baf742ee3}'
得到flag如下:
DASCTF{bbc2329a03a5319bc889b39baf742ee3}
2、MISC-ez_pdf
题目下载得到alpha.png和key.ad1这两个文件。
首先打开key.ad1发现文件头为ADCRYPT,提示为ADCRYPT,猜测是加密软件的密钥文件,暂时放一下。
接着去研究alpha.png文件,发现文件尾部有压缩包文件,
将文件提取出来后发现是一个加密的压缩包
然后接着分析png图片,发现lsb的alpha通道存在隐写的字符串
发现lsb隐写的内容为
5b3fbcedf0fb5d87
然后考虑这个是刚才key.ad1加密的密码,那么通过AccessData FTK Imager工具进行加载
File-Add Evidence Item-Image File
挂载之后发现如下内容,右键 Export File将文件导出发现一堆base64结构的pdf文件,那么将文件全部读取
,刚开始陷入一个误区以为要将读取的字符串将base64解码,发现各种报错,后来将全部内容输出发现password
#encoding=utf-8
import base64
import PyPDF2
import os
path = './pdf'
all_files = []
def getallfiles(dir):
global all_files
#"""使用listdir循环遍历"""
if not os.path.isdir(dir):
all_files.append(dir)
return
dirlist = os.listdir(dir)
for dirret in dirlist:
fullname = dir + "/" + dirret
if os.path.isdir(fullname):
getallfiles(fullname)
else:
all_files.append(fullname)
def readPDFFile():
global all_files
for file in all_files:
pdfFileObj = open(file, 'rb')
pdfReader = PyPDF2.PdfReader(pdfFileObj)
pageObj = pdfReader.pages[0]
datas = pageObj.extract_text()
pdfFileObj.close()
if 'password' in datas or 'flag' in datas:
print(datas)
def main():
getallfiles(path)
readPDFFile()
if __name__ == "__main__":
main()
然后得到password内容:
d41d8cd98f00b204e9800998ecf8427e
然后通过这个密码可以解压从图片中发现的压缩包
OBEEKAAFPDFGLABFOEEBKCAHNJHMONEINJHMONEINPHKLNBIIICNLNBIIMCJOJEMNOHLOMEJNMHJLIBNNMHJOLEOIICNLKBPNPHKLKBPICCHLGBDICCHLBBEIECBLNBIIFCALDBGIECBLFBAIGCDLBBEIECBPJFM
得到这个字符串然后联想同文件名再大厨中搜索Citrix
,然后发现Citrix CTX1 Decode
得到flag如下:
DASCTF{4442b551e720dd7c2ee8443598671375}