从零开始学RSA:Roll按行加密等6类题目解题

已于 2024-05-07 00:09:33 修改
阅读量860 收藏 11
点赞数 14
分类专栏: Crypto 文章标签: 服务器 运维
于 2024-04-04 13:14:56 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_44626085/article/details/137372455
版权

1.Roll按行加密

顾名思义,这里的的加密是按行进行的。

题目: 04-实验吧---RSAROLL

不要总是觉得 密文C 就是一连串的字符串,密文C 也可以是分行的,记住不要把分行符删除让 密文C 变为一个字符串。应该按行进行解密。

n为920139713,e为19,手动把加密的部分另存为一份文件roll.txt。

解题脚本:

#!/usr/bin/python

#coding:utf-8

#@Author:Mr.Aur0ra



import gmpy2  

from Crypto.Util.number import long_to_bytes  



n = 920139713  

p = 49891  

q = 18443  

e = 19  

phi = (p-1)*(q-1)  

d = gmpy2.invert(e,phi)  

m = ""  

with open('roll.txt','r') as f:  

    for c in f.readlines():  

        m += long_to_bytes(pow(int(c), d, n))  

print m  

#flag{13212je2ue28fy71w8u87y31r78eu1e2}

2.模不互素

适用情况:存在两个或更多模数 ,且gcd(N1,N2)!=1 也就是N1和N2不互质。

多个模数n共用质数,则可以很容易利用欧几里得算法求得他们的质因数之一gcd(N1,N2) ,然后这个最大公约数可用于分解模数分别得到对应的p和q,即可进行解密。实现参照本文欧几里得算法 部分和RSA解密部分。

题目: 05-存货1

N is 18674375108313094928585156581138941368570022222190945461284402673204018075354069827186085851309806592398721628845336840532779579197302984987661547245423180760958022898546496524249201679543421158842103496452861932183144343315925106154322066796612415616342291023962127055311307613898583850177922930685155351380500587263611591893137588708003711296496548004793832636078992866149115453883484010146248683416979269684197112659302912316105354447631916609587360103908746719586185593386794532066034112164661723748874045470225129298518385683561122623859924435600673501186244422907402943929464694448652074412105888867178867357727

e is 65537

message is 0x8BD7BF995BF9E16A0D04ADB49A2411C74FFDB0DB4F35DB3A79A1B44691947C9824085BC4CA5F7F4EFA3C8FD0BC3E870AA6D5E15307A63A2172C44C5903D35785B8D06B51651EE7106B070D5A6AABA089AB67609661265B74914C865F863DC1D2DC08CE0B026107A74EC3FDC62666B50110B9D15A243EAAD6F53646929A3369285404868E42DD0BBE92D956018E3C0B36EF5E9516E433228CFDD06D6E662EC0A9A31061EA11F61CA17EABF43D2D4977FC9D6FC53AB6DC01509401B8D9A46B59A9ADAA97D54CC50C27445E4C21B893510620EC3566AD6E8727FA147437B207505217E6F2DF009E2286C8354D281374D7802D08A2062FE48DBF135BBCAB120EBF84



N is 20071978783607427283823783012022286910630968751671103864055982304683197064862908267206049336732205051588820325894943126769930029619538705149178241710069113634567118672515743206769333625177879492557703359178528342489585156713623530654319500738508146831223487732824835005697932704427046675392714922683584376449203594641540794557871881581407228096642417744611261557101573050163285919971711214856243031354845945564837109657494523902296444463748723639109612438012590084771865377795409000586992732971594598355272609789079147061852664472115395344504822644651957496307894998467309347038349470471900776050769578152203349128951

e is 65537

message is 0x8C3CF3161AA3E37831030985C60566A7604688B73E5B1D3B36E72EF06ED4F71289EFE80E0D94BD755034E6C210F17DA85B9D0388F3AD104C68BC514A8EB1569A109EB5F266F7C5FA4DDFA638258949B43D4CF1406720CCD4CA11E74FDF8AEB35C56A79781C87157FC4213573329C5B0FF411F8A4F34580AA103DB9FD403C0D409FA11860A7C4595FDC49DC2CF94E5112B772E5DEC8F17E24B10A7FD7A95DCB87BE5E27C32FC931574A7847BC506A61EFE9DB3D3F612143845FE80D7B3EA548B886A67A29CBDB2775B1F91178B6DA763F1A6ECFF46592E4C7FFAAB6C9FEF29D9CB9E035A3D98ECFFB26BA2EEAA56D1CD096E6A2CF9A58086CAD7718DDA5CB0C1B

求明文m?

这里把明文字符串一分为二做了分别做了RSA加密,上面的message其实就是密文c。关键是加密时它们多个模数使用了相同的质数e,而且模数N1和N2不互素,所以可以进行模不互素攻击。

判断两个数是否互素的脚本:

#!/usr/bin/python

#coding:utf-8

#@Author:Mr.Aur0ra



def gcd(a,b):    #判断来两个数是否互素,辗转相除法

    if(b==0):  

        return a  

    else:  

        return gcd(b,a%b)  



def main():  

    x = 17              #x,y的值根据需要修改即可

    y = 65537  

    if gcd(x,y)==1:    #如果两个数的最大公约数是1,那么两数互素。

        print str(x)+" "+str(y) + "两个数互素"

    else:  

        print str(x)+" "+str(y) + "两个数不互素"

if __name__=="__main__":  

    main()

题目是给出的文件rsa2.txt,为了方便Python直接读取文件为变量赋值,这里把无关的解释性东西删除掉,生成新的tmp.txt文件。

内容如下:

解题脚本:

#!/usr/bin/python

#coding:utf-8

#@Author:Mr.Aur0ra



import gmpy2

from Crypto.Util.number import long_to_bytes



lines = open('tmp.txt','r').readlines()



e1 = e2 = 65537



c1 = int(lines[2],16)

c2 = int(lines[6],16)

n1 = int(lines[0])

n2 = int(lines[4])



p1=p2=gmpy2.gcd(n1,n2)

assert p1 == p2 != 1

q1=n1/p1

q2=n2/p2



d1=gmpy2.invert(e1,(p1-1)*(q1-1))

d2=gmpy2.invert(e2,(p2-1)*(q2-1))



m1=pow(c1,d1,n1)

m2=pow(c2,d2,n2)

flag=long_to_bytes(m1)+long_to_bytes(m2)

print flag

运行结果:flag{Pr1me_nUmber_Is_S4me}

3.共模攻击

适用情况:明文m、模数n相同,公钥指数e、密文c不同,gcd(e1,e2)==1也就是e1和e2互质。

对同一明文的多次加密使用相同的模数和不同的公钥指数可能导致共模攻击。

题目: 06-Jarvis OJ -Crypto-very hard RSA

这个题目就比较有意思了,4096位的RSA加密,要不是这里存在共模攻击说不定你死活都解不开。哈哈哈,要是有量子计算机的话说不定能解开。

题目给出了两个flag.enc文件以及一个easyRSA.py的加密脚本。

通过分析加密脚本可知,该加密脚本首先会从flag.txt中读取字符串flag,然后对flag根据不同的e的值进行2次RSA加密,并分别将密文保存到了flag.enc1和flag.enc2中。

我们发现明文m、模数n相同,但是公钥指数e1和e2不同,而且e1与e2互素(上面给过判断2数是否互素的脚本),所以这就是典型的共模攻击。

解题脚本:

#!/usr/bin/python

#coding:utf-8

#@Author:Mr.Aur0ra



import gmpy2

from Crypto.Util.number import long_to_bytes



def egcd(a,b):

    if b==0:

        return a,1,0

    else:

        g,x,y=egcd(b,a%b)

        return g,y,x-a//b*y



e1 = 17

e2 = 65537

n = n1 = n2 = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c478bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74ba8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e611c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739ce00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb2222a965cc30b3929L

c1=int(open('./flag.enc1','rb').read().encode('hex'),16)  

c2=int(open('./flag.enc2','rb').read().encode('hex'),16)  



assert n1==n2



# s1=gmpy2.invert(e1,e2)

s1=egcd(e1,e2)[1]

s2=egcd(e1,e2)[2]



#此处判断s1和s2是否小于0,因为pow()函数里s1和s2不能为负,

if(s1<0):

    s1=-s1

    c1=gmpy2.invert(c1,n)#若s1为负,s1取正,c1取逆

if(s2<0):

    s2=-s2

    c2=gmpy2.invert(c2,n)



m=pow(c1,s1,n) * pow(c2,s2,n) %n

print(long_to_bytes(m))

其中,函数egcd是扩展欧几里得算法的一个实现,用于找到两个整数a和b的最大公约数 (GCD),以及贝祖等式的系数x和y(这些系数是满足等式ax + by = gcd(a, b)的整数)。

针对函数egcd 我们这里解释一下。

def egcd(a, b):

    if b == 0:

        return a, 1, 0

在函数的第一部分,它检查b是否为零。如果是,那么a和0的最大公约数就是a,并且系数分别是1和0,满足等式a*1 + 0*0 = a。然后它返回这三个值。

    else:

        g, x, y = egcd(b, a % b)

如果b不是零,函数会递归调用自己,传入b和a除以b的余数(a % b)。这是基于这样一个性质:a和b的最大公约数与b和a % b的最大公约数相同。递归调用最终会达到基本情况,即b为零。

        return g, y, x - a // b * y

递归调用返回后,函数会计算满足原始输入a和b的贝祖等式的x和y的新值。具体的计算方法如下:

g 是两个数的最大公约数,在递归中保持不变。

y 是原来的 x 值,即在递归过程中 a % b 的系数。

x - a // b * y 是根据贝祖等式计算出的新的 x 值,a // b 是 a 除以 b 的商,x - a // b * y 就是新的 x 值,即原来的 y 值减去 a 除以 b 的商乘以原来的 x 值。

这个算法通过不断递归,直到b为零时结束,最终能找到最大公约数,并且计算出满足ax + by = gcd(a, b)的整数x和y。

上述脚本:

#!/usr/bin/python

#coding:utf-8

#@Author:Mr.Aur0ra



import gmpy2

from Crypto.Util.number import long_to_bytes



def egcd(a,b):

    if b==0:

        return a,1,0

    else:

        g,x,y=egcd(b,a%b)

        return g,y,x-a//b*y



e1 = 17

e2 = 65537

n = n1 = n2 = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c478bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74ba8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e611c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739ce00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb2222a965cc30b3929L

c1=int(open('./flag.enc1','rb').read().encode('hex'),16)  

c2=int(open('./flag.enc2','rb').read().encode('hex'),16)  



assert n1==n2



# s1=gmpy2.invert(e1,e2)

s1=egcd(e1,e2)[1]

s2=egcd(e1,e2)[2]



#此处判断s1和s2是否小于0,因为pow()函数里s1和s2不能为负,

if(s1<0):

    s1=-s1

    c1=gmpy2.invert(c1,n)#若s1为负,s1取正,c1取逆

if(s2<0):

    s2=-s2

    c2=gmpy2.invert(c2,n)



m=pow(c1,s1,n) * pow(c2,s2,n) %n

print(long_to_bytes(m))

简化版的脚本:

#!/usr/bin/python

#coding:utf-8

#@Author:醉清风



import gmpy2

from Crypto.Util.number import long_to_bytes



e1 = 17

e2 = 65537

n = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c478bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74ba8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e611c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739ce00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb2222a965cc30b3929L

c1=int(open('./flag.enc1','rb').read().encode('hex'),16)  

c2=int(open('./flag.enc2','rb').read().encode('hex'),16)  




_, r, s = gmpy2.gcdext(e1, e2)



m = pow(c1, r, n) * pow(c2, s, n) % n

print long_to_bytes(m)

PCTF{M4st3r_oF_Number_Th3ory}

4.低解密指数攻击

在RSA中d也称为解密指数,当d比较小的时候,e也就显得特别大了。

适用情况:e过大或过小(一般e过大时使用)

在e过大或过小的情况下,可使用算法从e中快速推断出d的值,进而求出m。详细的算法原理可以阅读:

RSA 大礼包 | Tr0y's Blog

题目: 07-存货2

n = 460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597L

e = 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619L

c = 38230991316229399651823567590692301060044620412191737764632384680546256228451518238842965221394711848337832459443844446889468362154188214840736744657885858943810177675871991111466653158257191139605699916347308294995664530280816850482740530602254559123759121106338359220242637775919026933563326069449424391192

求明文m?

首先需要需要下载工具rsa-wiener-attack :

git clone https://github.com/pablocelayes/rsa-wiener-attack

然后把exp.py放入这个目录中运行即可:

低解密指数攻击

首先,我们分析一下这个题,这个题是根据RSA加密算法,我们知道了n,e,密文求明文

N = p*q(p,q均为素数)

我们用Wiener’s attack脚本进行分解素数

求出p,q后,我们进行解密求出明文,脚本如下

先分解一下素数

def continued_fractions_expansion(numerator,denominator):#(e,N)

    result=[]



    divident=numerator%denominator

    quotient=numerator/denominator

    result.append(quotient)



    while divident!=0:

        numerator=numerator-quotient*denominator



        tmp=denominator

        denominator=numerator

        numerator=tmp



        divident=numerator%denominator

        quotient=numerator/denominator

        result.append(quotient)



    return result



def convergents(expansion):

    convergents=[(expansion[0],1)]

    for i in range(1,len(expansion)):

        numerator=1

        denominator=expansion[i]

        for j in range(i-1,-1,-1):

            numerator+=expansion[j]*denominator

            if j==0:

                break

            tmp=denominator

            denominator=numerator

            numerator=tmp

        convergents.append((numerator,denominator))#(k,d)

    return convergents



def newtonSqrt(n):

    approx = n/2

    better = (approx + n/approx)/2

    while better != approx:

        approx = better

        better = (approx + n/approx)/2

    return approx



def wiener_attack(cons,e,N):

    for cs in cons:

        k,d=cs

        if k==0:

            continue

        phi_N=(e*d-1)/k

        #x**2-((N-phi_N)+1)*x+N=0

        a=1

        b=-((N-phi_N)+1)

        c=N

        delta = b*b - 4*a*c

        if delta<=0:

            continue

        x1= (newtonSqrt(delta)-b)/(2*a)

        x2=-(newtonSqrt(delta)+b)/(2*a)

        if x1*x2==N:

            return [x1,x2,k,d]





N=460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597

e=354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619



expansion=continued_fractions_expansion(e,N)

cons=convergents(expansion)



p,q,k,d=wiener_attack(cons,e,N)

print p

print q


再求出明文

import binascii

import sys

sys.setrecursionlimit(1000000)

def ByteToHex(bins):

    return ''.join(["%02X" % x for x in bins]).strip()

def n2s(num):

    t = hex(num)[2:-1]  # python

    if len(t) % 2 == 1:

        t = '0' + t

    #print(t)

    return(binascii.a2b_hex(t).decode('latin1'))

def egcd(a, b):

    if a == 0:

        return (b, 0, 1)

    else:

        g, y, x = egcd(b % a, a)

        return (g, x - (b // a) * y, y)

def modinv(a, m):

    g, x, y = egcd(a, m)

    if g != 1:

        print('modular inverse does not exist')

        return 'null'

    else:

        return x % m

c = 38230991316229399651823567590692301060044620412191737764632384680546256228451518238842965221394711848337832459443844446889468362154188214840736744657885858943810177675871991111466653158257191139605699916347308294995664530280816850482740530602254559123759121106338359220242637775919026933563326069449424391192

p = 28805791771260259486856902729020438686670354441296247148207862836064657849735343618207098163901787287368569768472521344635567334299356760080507454640207003

q = 15991846970993213322072626901560749932686325766403404864023341810735319249066370916090640926219079368845510444031400322229147771682961132420481897362843199

e = 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619

n = p * q

d = modinv(e, (p - 1) * (q - 1))

m = pow(c, d, n)

print (m)

之后我们得到明文,最后一步就是将数字转为字符串:

import binascii

def n2s(num):

    t = hex(num)[2:-1]  # python

    if len(t) % 2 == 1:

        t = '0' + t

    #print(t)

    return(binascii.a2b_hex(t).decode('latin1'))

print(n2s(42134526936705472951339882390913202211002951999415321980512196989))

flag{Wien3r_4tt@ck_1s_3AsY}

5.rsa wiener attack 破解

当ctf中遇见rsa的n e 都很大而且是同一数量级的,这时候可以采用wiener attack 来进行破解。

这里拿bugku的rsa来举例。

题目给出了n, e, enc 现在已知公钥{e, n}及密文enc

目标是获取d, 由于n, e 很大是通数量级的,推断出d很小。所以利用wiener attack进行破解

先把n, e 转换成pem格式

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool]

└─$ python RsaCtfTool.py --createpub -n 460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597 -e 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619 > flag.pem



┌──(holyeyes㉿kali2023)-[~/RsaCtfTool]

└─$ python RsaCtfTool.py --publickey flag.pem --private > flag.key    



[*] Testing key flag.pem.

[*] Performing factordb attack on flag.pem.

[!] internal error :-(

[+] Time elapsed: 5.2750 sec.

[*] Performing lucas_gcd attack on flag.pem.

100%|████████████████████████████████| 9999/9999 [00:00<00:00, 111690.68it/s]

[+] Time elapsed: 0.0928 sec.

[*] Performing mersenne_primes attack on flag.pem.

 27%|█████████▉                          | 14/51 [00:00<00:00, 388875.87it/s]

[+] Time elapsed: 0.0005 sec.

[*] Performing pastctfprimes attack on flag.pem.

[+] loading prime list file data/ti_rsa_signing_keys.txt...

100%|████████████████████████████████████| 34/34 [00:00<00:00, 885753.64it/s]

[+] loading prime list file data/visa_emv.txt...

100%|███████████████████████████████████████| 2/2 [00:00<00:00, 80659.69it/s]

[+] loading prime list file data/pastctfprimes.txt...

100%|█████████████████████████████████| 121/121 [00:00<00:00, 1250026.56it/s]

[+] Time elapsed: 0.0018 sec.

[*] Performing system_primes_gcd attack on flag.pem.

100%|████████████████████████████████| 7007/7007 [00:00<00:00, 858463.21it/s]

[+] Time elapsed: 0.0274 sec.

[*] Performing fibonacci_gcd attack on flag.pem.

100%|████████████████████████████████| 9999/9999 [00:00<00:00, 102799.60it/s]

[+] Time elapsed: 0.0979 sec.

[*] Performing smallq attack on flag.pem.

[+] Time elapsed: 0.2669 sec.

[*] Performing rapid7primes attack on flag.pem.

[+] loading prime list file data/ea229f977fb51000.pkl.bz2...

loading pickle data/ea229f977fb51000.pkl.bz2...

100%|█████████████████████████████| 61174/61174 [00:00<00:00, 1671437.38it/s]

[+] loading prime list file data/fbcc4333b5f183fc.pkl.bz2...

loading pickle data/fbcc4333b5f183fc.pkl.bz2...

100%|█████████████████████████████| 21048/21048 [00:00<00:00, 1482779.24it/s]

[+] Time elapsed: 0.3407 sec.

[*] Performing nonRSA attack on flag.pem.

[+] Time elapsed: 0.0010 sec.

[*] Performing pisano_period attack on flag.pem.

[+] Time elapsed: 0.0001 sec.

[*] Performing classical_shor attack on flag.pem.

[!] Timeout.

[+] Time elapsed: 60.0013 sec.

[*] Performing wolframalpha attack on flag.pem.

[*] Performing qicheng attack on flag.pem.

Can't load qicheng because sage binary is not installed

[*] Performing partial_q attack on flag.pem.

[!] partial_q attack is only for partial private keys not pubkeys...

[+] Time elapsed: 0.0003 sec.

[*] Performing factorial_pm1_gcd attack on flag.pem.

100%|████████████████████████████████| 29998/29998 [00:05<00:00, 5496.09it/s]

[+] Time elapsed: 5.4588 sec.

[*] Performing lattice attack on flag.pem.

[!] simple lattice attack is for partial keys only...

[+] Time elapsed: 0.0003 sec.

[*] Performing small_crt_exp attack on flag.pem.

Can't load small_crt_exp because sage binary is not installed

[*] Performing cube_root attack on flag.pem.

[+] Time elapsed: 0.0001 sec.

[*] Performing wiener attack on flag.pem.

 25%|████████▌                         | 148/591 [00:00<00:00, 676205.87it/s]

[*] Attack success with wiener method !

[+] Total time elapsed min,max,avg: 0.0001/60.0013/4.7710 sec.



Results for flag.pem:



Private key :

-----BEGIN RSA PRIVATE KEY-----

MIICOQIBAAKBgQKP/53T5v6XgWSet/5ekwPPaWNHxBELxLo5afCxFmmEDFHYGmhC

tt8rCQ8hzXbUNxqMDkcEjJZeyltGkTr7uNoFIHKgVm1wOcYYq6kGV1mwWeKeSF3F

BhoWrGMSlDjZNU5l31dHVGuF2z1pmBnEt3Mt+SfHCEpdUtbm1qrBRGI0JQKBgQH4

+6QQBS337aNGLxqs1p5AdgQzyjNXZ81zBaPQkIBaX9QF3W7qcOmPDKHhzyVHSGcb

8MmABsIO7h1ieQQ1Cf56mCOLQ5FgpWEtpx6QRRToEoBhfjB8PNMxP6TG/KMxWdBE

H7sY2DyvS9Rva5KXqAoULdab8aNXzLXkwgC22Q8VowIgEkWi5MMhraVZBcJJt+CW

QPiKQcq9Y8kytE4BDTeIyXcCQQExVoUNBVlVGTb0Jeg+wkvwkFWR8T5KB4V/iEnz

a0+QRDG1CqRQm68TaVg+Mv/yslrxDjnehozqdwbv7ow2+2Y/AkECJf/G98bYlZaW

Zj5M25DUolCpmiEiv2s9mkQxoajS5s14SK9OOWuX7BEJ6pzzDPZ68iFcwsvTp1T/

CqZAffm0mwIgEkWi5MMhraVZBcJJt+CWQPiKQcq9Y8kytE4BDTeIyXcCIBJFouTD

Ia2lWQXCSbfglkD4ikHKvWPJMrROAQ03iMl3AkBV0D6QJvGtKdXF9dPONK4B7k/P

NGuglv2itym5OL5Kve/WX6wnzEyaz8mJD64NwY2Y8punAUFUif8TTsCQ2XQG

-----END RSA PRIVATE KEY-----

                                     

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool]

└─$ more flag.key                                

-----BEGIN RSA PRIVATE KEY-----

MIICOQIBAAKBgQKP/53T5v6XgWSet/5ekwPPaWNHxBELxLo5afCxFmmEDFHYGmhC

tt8rCQ8hzXbUNxqMDkcEjJZeyltGkTr7uNoFIHKgVm1wOcYYq6kGV1mwWeKeSF3F

BhoWrGMSlDjZNU5l31dHVGuF2z1pmBnEt3Mt+SfHCEpdUtbm1qrBRGI0JQKBgQH4

+6QQBS337aNGLxqs1p5AdgQzyjNXZ81zBaPQkIBaX9QF3W7qcOmPDKHhzyVHSGcb

8MmABsIO7h1ieQQ1Cf56mCOLQ5FgpWEtpx6QRRToEoBhfjB8PNMxP6TG/KMxWdBE

H7sY2DyvS9Rva5KXqAoULdab8aNXzLXkwgC22Q8VowIgEkWi5MMhraVZBcJJt+CW

QPiKQcq9Y8kytE4BDTeIyXcCQQExVoUNBVlVGTb0Jeg+wkvwkFWR8T5KB4V/iEnz

a0+QRDG1CqRQm68TaVg+Mv/yslrxDjnehozqdwbv7ow2+2Y/AkECJf/G98bYlZaW

Zj5M25DUolCpmiEiv2s9mkQxoajS5s14SK9OOWuX7BEJ6pzzDPZ68iFcwsvTp1T/

CqZAffm0mwIgEkWi5MMhraVZBcJJt+CWQPiKQcq9Y8kytE4BDTeIyXcCIBJFouTD

Ia2lWQXCSbfglkD4ikHKvWPJMrROAQ03iMl3AkBV0D6QJvGtKdXF9dPONK4B7k/P

NGuglv2itym5OL5Kve/WX6wnzEyaz8mJD64NwY2Y8punAUFUif8TTsCQ2XQG

-----END RSA PRIVATE KEY-----

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool]

└─$  python RsaCtfTool.py --key flag.key --dumpkey



private argument is not set, the private key will not be displayed, even if recovered.                                                                    

None

n: 460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597

e: 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619

d: 8264667972294275017293339772371783322168822149471976834221082393409363691895

p: 15991846970993213322072626901560749932686325766403404864023341810735319249066370916090640926219079368845510444031400322229147771682961132420481897362843199

q: 28805791771260259486856902729020438686670354441296247148207862836064657849735343618207098163901787287368569768472521344635567334299356760080507454640207003

利用n, e (公钥) 求解私钥

 python RsaCtfTool.py --publickey flag.pem --private > flag.key

得到p, q, d

 python RsaCtfTool.py --key flag.key --dumpkey

得到p q d n e如下:

https://www.freebuf.com/sectool/185468.html

利用脚本进行解密

由于pqned都知道了,直接可以直接求解flag了。

#!/usr/bin/python

# -*- coding=utf8 -*-

"""

# @Author : pig

# @CreatedTime:2019-12-25 20:46:54

# @Description :

"""



import gmpy2

from libnum import n2s



n = '460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597'



e = '354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619'



enc = '38230991316229399651823567590692301060044620412191737764632384680546256228451518238842965221394711848337832459443844446889468362154188214840736744657885858943810177675871991111466653158257191139605699916347308294995664530280816850482740530602254559123759121106338359220242637775919026933563326069449424391192'



p = '15991846970993213322072626901560749932686325766403404864023341810735319249066370916090640926219079368845510444031400322229147771682961132420481897362843199'



q = '28805791771260259486856902729020438686670354441296247148207862836064657849735343618207098163901787287368569768472521344635567334299356760080507454640207003'



d = '8264667972294275017293339772371783322168822149471976834221082393409363691895'



n1 = gmpy2.mpz(n)

enc1 = gmpy2.mpz(enc)

d1 = gmpy2.mpz(d)



r = gmpy2.powmod(enc1, d1, n1)

print (r)

s = n2s(r)

print (s)

脚本输出得到:

42134526936705472951339882390913202211002951999415321980512196989

flag{Wien3r_4tt@ck_1s_3AsY}

                                 

6.根据公钥计算得到私钥

这种题型需要使用RsaCtfTools根据公钥生成私钥

 题目: 08-存货3

题目只给出了两个文件(一个私钥文件和一个密文文件)

按照常规查看提取一下公钥文件,发现n特别大,无法直接分解为p和q,而且e也不存在是特殊值的可能,也不存在其他的攻击方法。

首先进入RsaCtfTools,接着执行下面的命令生成私钥。

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool]

└─$ ./RsaCtfTool.py --publickey examples/根据公钥计算私钥/pub.key --private > examples/根据公钥计算私钥/pri.key



[*] Testing key examples/根据公钥计算私钥/pub.key.

[*] Performing factordb attack on examples/根据公钥计算私钥/pub.key.

[!] internal error :-(

[+] Time elapsed: 5.3062 sec.

[*] Performing lucas_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|█████████████████████████████████| 9999/9999 [00:00<00:00, 71047.87it/s]

[+] Time elapsed: 0.1454 sec.

[*] Performing mersenne_primes attack on examples/根据公钥计算私钥/pub.key.

 29%|██████████▌                         | 15/51 [00:00<00:00, 183960.70it/s]

[+] Time elapsed: 0.0005 sec.

[*] Performing pastctfprimes attack on examples/根据公钥计算私钥/pub.key.

[+] loading prime list file data/ti_rsa_signing_keys.txt...

100%|████████████████████████████████████| 34/34 [00:00<00:00, 766700.73it/s]

[+] loading prime list file data/visa_emv.txt...

100%|███████████████████████████████████████| 2/2 [00:00<00:00, 86480.49it/s]

[+] loading prime list file data/pastctfprimes.txt...

100%|██████████████████████████████████| 121/121 [00:00<00:00, 847263.41it/s]

[+] Time elapsed: 0.0021 sec.

[*] Performing system_primes_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|████████████████████████████████| 7007/7007 [00:00<00:00, 598466.40it/s]

[+] Time elapsed: 0.0322 sec.

[*] Performing fibonacci_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|█████████████████████████████████| 9999/9999 [00:00<00:00, 69512.05it/s]

[+] Time elapsed: 0.1447 sec.

[*] Performing smallq attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.2832 sec.

[*] Performing rapid7primes attack on examples/根据公钥计算私钥/pub.key.

[+] loading prime list file data/ea229f977fb51000.pkl.bz2...

loading pickle data/ea229f977fb51000.pkl.bz2...

100%|█████████████████████████████| 61174/61174 [00:00<00:00, 1221547.33it/s]

[+] loading prime list file data/fbcc4333b5f183fc.pkl.bz2...

loading pickle data/fbcc4333b5f183fc.pkl.bz2...

100%|█████████████████████████████| 21048/21048 [00:00<00:00, 1096177.00it/s]

[+] Time elapsed: 0.3401 sec.

[*] Performing nonRSA attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.0039 sec.

[*] Performing pisano_period attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.0002 sec.

[*] Performing classical_shor attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0007 sec.

[*] Performing wolframalpha attack on examples/根据公钥计算私钥/pub.key.

[*] Performing qicheng attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0014 sec.

[*] Performing partial_q attack on examples/根据公钥计算私钥/pub.key.

[!] partial_q attack is only for partial private keys not pubkeys...

[+] Time elapsed: 0.0003 sec.

[*] Performing factorial_pm1_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|████████████████████████████████| 29998/29998 [00:16<00:00, 1818.58it/s]

[+] Time elapsed: 16.5014 sec.

[*] Performing lattice attack on examples/根据公钥计算私钥/pub.key.

[!] simple lattice attack is for partial keys only...

[+] Time elapsed: 0.0002 sec.

[*] Performing small_crt_exp attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0298 sec.

[*] Performing cube_root attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.0004 sec.

[*] Performing wiener attack on examples/根据公钥计算私钥/pub.key.

100%|██████████████████████████████████████| 11/11 [00:00<00:00, 7223.63it/s]

[*] Cracking failed...

[+] Time elapsed: 0.0192 sec.

[*] Performing kraitchik attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0021 sec.

[*] Performing lehmer attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0040 sec.

[*] Performing siqs attack on examples/根据公钥计算私钥/pub.key.

Can't load siqs because yafu binary is not installed

[*] Performing partial_d attack on examples/根据公钥计算私钥/pub.key.

[!] partial_d attack is only for partial private keys not pubkeys...

[!] partial_d internal error...

[+] Time elapsed: 0.0004 sec.

[*] Performing compositorial_pm1_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|██████████████████████████████████| 9999/9999 [00:01<00:00, 6857.40it/s]

[+] Time elapsed: 1.4637 sec.

[*] Performing pollard_p_1 attack on examples/根据公钥计算私钥/pub.key.

  1%|▎                                     | 9/997 [00:54<1:40:15,  6.09s/it][!] Timeout.                                                                

  1%|▎                                     | 9/997 [00:59<1:49:45,  6.67s/it]

[+] Time elapsed: 60.0025 sec.

[*] Performing carmichael attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0027 sec.

[*] Performing fermat attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0016 sec.

[*] Performing comfact_cn attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.0002 sec.

[*] Performing mersenne_pm1_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|█████████████████████████████████| 2045/2045 [00:00<00:00, 51346.94it/s]

[+] Time elapsed: 0.0409 sec.

[*] Performing qs attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0019 sec.

[*] Performing primorial_pm1_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|████████████████████████████████| 10000/10000 [00:01<00:00, 5162.65it/s]

[+] Time elapsed: 1.9417 sec.

[*] Performing noveltyprimes attack on examples/根据公钥计算私钥/pub.key.

100%|████████████████████████████████████| 21/21 [00:00<00:00, 421437.24it/s]

[+] Time elapsed: 0.0005 sec.

[*] Performing ecm2 attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 3.9250 sec.

[*] Performing z3_solver attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.4458 sec.

[*] Performing hart attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0020 sec.

[*] Performing SQUFOF attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0083 sec.

[*] Performing boneh_durfee attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 3.8855 sec.

[*] Performing fermat_numbers_gcd attack on examples/根据公钥计算私钥/pub.key.

100%|████████████████████████████████████████| 28/28 [00:01<00:00, 15.84it/s]

[+] Time elapsed: 1.7753 sec.

[*] Performing highandlowbitsequal attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.0209 sec.

[*] Performing lehman attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0032 sec.

[*] Performing factor_2PN attack on examples/根据公钥计算私钥/pub.key.

[+] Time elapsed: 0.0003 sec.

[*] Performing euler attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0054 sec.

[*] Performing dixon attack on examples/根据公钥计算私钥/pub.key.

[-] Dixon is too slow for pubkeys > 10^10...

[+] Time elapsed: 0.0005 sec.

[*] Performing brent attack on examples/根据公钥计算私钥/pub.key.

[!] Timeout.

[+] Time elapsed: 60.0046 sec.

[*] Performing ecm attack on examples/根据公钥计算私钥/pub.key.

[*] Attack success with ecm method !

[+] Total time elapsed min,max,avg: 0.0002/60.4458/22.2941 sec.



Results for examples/根据公钥计算私钥/pub.key:



Private key :

-----BEGIN RSA PRIVATE KEY-----

MIIEJwIBAAKCAQEAlKA+bg7c8nQQUu8e6qiJ1vmNARFR216Qkkj9OQxwhyTYmDzz

Mxy6xWHCzixa8V5lsrJGkVa2GdXTsqa7o31Wk5lNfkwvqmB7Psj8kLIAYktTGFui

MBBgqCGrYVfX58xnG03NZkx98RoqHV5QgMFeRRI6ukpTZNhyH4RKrlxVAuiOVk04

cKUWNtO8FD4vri8xWLoAq6zAxbpEPClwVgFrV/XXUtcxVgurCuaNrQgiqR/LbknM

AUwS0qujpZflEEkZf2nZO8VTU3EAGGDMaRoGZDuGlHCp2oL8VGsGI0MtsCDrthuR

NV5TpuXYmoS7MEa4n2O8cAYtWdhipf1cqwZogQIDAQABAoIBABPPyIKjOHpW3URh

+atClM6/BRjSxn3VWoMz6ktMtXxQqvYXURIU9dRJeTGj8/li4amLpD7x8tt19x++

qDPMlwgpPnoKMZdaP5rN6kWv1U69qY4BSzqFCn6okHJXvSVvw+rt6oGtqMKDP9Au

FHxhoC3U5209w64ujgKv6UGaFht4akx/rOtubJz68E7KN8Vv7wZZTqw7x3LdzfdT

W3U2tesM+sxIVFLY8WLpn+WzLK4jqjzgB+gYV7MzE6fwX78xav7NvpDVoED6XeZk

Q9rm1BJrmMJqzEGG5hqV9HuKofpzZMuGvdH8daa9g9qlBZtdI7nAJh8xTOrhbPlC

JSekFgECBwDj2obRlt0CgfsApvxHygw/WWuVhb/EkbdRXsXwcBqlGW3wu3n3V3fR

Kn71k7Pi1NIrMlcKX8lQkpBULyT9QmxcYx1fWIOKWXjbOYChE0Dd+8TnG2ietZQY

dtrHstNlMyeQuIictnG+4G7hzg3n54K/yUAP/D+OH2m2cXB4LpTSI3qVFTzIVRJW

HzLqvpOUaMyHXkBo9RVItp8MTJtMDiyjqO5WqXUzayFBazl+Jy29DQ8ZPq6Nhl5J

bDDiqRg3BC+U5oXA4DZZvnYONZd66l2vXYktCUhTiCU3FucZWxj//6eWkI6oOf1J

N2lbD1ygkdGeG5DUFW4OChAjJdmPz8rJHz8z9QIGEK9M1gYlAoH7AIE6L9x/Se9L

wPU3CUqzkbdEe+Rl2mspl+meY/o+8ZJvmmFqDxsgYumcTpz+UOp744pwl8Z10bGq

o4T+l2zSiOWhVAZwZtpW8XtWpaxkJeKlQXJ1ApZqAietIYpX0J4jcYBjZprVptJ6

T2SpUrWgu95iab+y0EVAsmszFN4xSJDweJZv46SO1BvuwMsaY6FgyMXoUR2PEkDD

4jFWUCqSG+x9G9H6JZobmy/VKhVYln2x/1dZNAp7QEJ+NFvP8/ffqPN0fV0uj25V

oJLUdECifFWvFwJXAJa6/Vx16l6mU6kcUao7xs/SZwdyN482EotbHbhG/HKUvrz9

zpkCBwCXnq0AlUo=

-----END RSA PRIVATE KEY-----

接着把这些内容复制到新创建的文件pri.key中。

使用openssl通过私钥文件进行解密:

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool/examples/根据公钥计算私钥]

└─$ openssl pkeyutl -decrypt -inkey pri.key -in enc1 -out txt

                                                                             

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool/examples/根据公钥计算私钥]

└─$ ll                                                    

total 48

-rwxrw-rw- 1 holyeyes holyeyes   256 Mar 10 12:52 enc1

-rwxrw-rw- 1 holyeyes holyeyes  1522 Mar 12 20:58 pri.key

-rwxrw-rw- 1 holyeyes holyeyes   451 Mar 10 12:52 pub.key

-rwxrw-rw- 1 holyeyes holyeyes    25 Mar 12 21:00 txt

-rwxrw-rw- 1 holyeyes holyeyes 30720 Mar 10 12:52 wp.doc

                                                                             

┌──(holyeyes㉿kali2023)-[~/RsaCtfTool/examples/根据公钥计算私钥]

└─$ more txt                                                

flag{0penSs1_DecrYp7_Rs4}

打开生成的文件txt即可得到flag。

网络安全我来了
关注
  • 14
    点赞
  • 11
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
ctf.show rsa
Q221022的博客
04-09 1093
easyrsa7 拿到题目后,p低位缺失,用sagemath恢复数据 得到p之后,就可以直接解密 import gmpy2 import binascii p = 14730552629448397529400670492827111803937061505443720640440841084885874025615447627859103545506414953135308903827028328154141145825095093665653728348233159852145707..
中国剩余定理
qq_52193383的博客
08-12 685
中国剩余定理: 设m1,…,mk是k个两两互素的正整数,则对任意的整数b1,…,bk,同余式组: x ≡ b1 (mod m1) …… …… …… x = bk (mod mk) 一定有解,且解是唯一的。 (1)若令m = m1*…*mk,m = mi * Mi, i = 1,…k 则同余式组的解可以表示为 x ≡ b1 * M1’ * M1 + … + bk * Mk’ * Mk (mod m) 其中Mi’为Mi模mi的逆元,即Mi’ * Mi ≡ 1 (mod mi),i = 1,…,k (2)若令N
CTF-Crypto 密码原理及解密方法
yifijhjh的博客
11-01 2113
常见的CTF-Crpto密码原理及解密工具网址
CTF-Crypto-RSA整理
Love&Share
10-28 1万+
rsa基本参数 N:大整数N,我们称之为模数(modulus) p 和 q :大整数N的两个因子(factor) e 和 d:互为模反数的两个指数(exponent) c 和 m:分别是密文和明文 {N,e}称为公钥,{N,d}称为私钥 加密过程: c=m^e mod n c=pow(m,e,n) 解密过程: m=c^d mod n m=pow(c,d,n) 求解私钥d: d = gmpy2.invert(e, (p-1)*(q-1)) 一般来说,n,e是公开的,但是由于n一般是两
【Crypto】RSA
weixin_52553215的博客
11-01 5849
目录1.已知(p,q,e),求d2.已知(p,q,e,c),求m3.已知(p,q,dp,dq,c),求m4.已知(e,dp,n,c),求m5.已知(n,e1,e2,c1,c2),求m6.已知(e,n1,c1,n2,c2),求m7.已知(p+q,p-q,e,c),求m7.已知(e,n,c),求m8.已知(e,n,c),求m(e极小,如3,低加密指数攻击)9.已知(e,n,c),求m(e很大,低解密指数攻击)10.已知(c,n,p*(q-1),q*(p-1)),求m参考:CTF中关于RSA的常见题型_abtgu
RSA加密解密工具,用于文件的加密和解密* RSA加密解密:私钥解密,公钥加密
02-11
RSA算法是一种非对称加密算法,由Ron Rivest、Adi Shamir和Leonard Adleman在1977年提出,是目前广泛应用于网络安全领域的一种核心加密技术。它的主要特点是拥有两个密钥:公钥和私钥。公钥可以公开,用于加密信息;...
ThinkPHP实现的rsa非对称加密示例
10-18
主要介绍了ThinkPHP实现的rsa非对称加密,结合实例形式分析了thinkPHP引入密钥文件实现rsa加密解密的相关操作技巧,需要的朋友可以参考下
RSA.rar_rsa_rsa加密解密_密码RSA
09-21
RSA是一种非对称加密算法,它是现代密码的基石,由Ron Rivest、Adi Shamir和Leonard Adleman在1977年提出,因此得名RSA。该算法基于大整数因子分解的困难性,即找到两个大素数的乘积很容易,但将这个乘积分解回...
RSA:js加密,php解密
01-05
RSA算法是一种非对称加密算法,它基于两个密钥:公钥和私钥。在"RSA:js加密,php解密"的场景中,我们通常使用JavaScript进行前端数据加密,然后在服务器端的PHP环境中进行解密。这种方法有助于保护用户敏感信息,如...
rust-rsa:Rust中的简单RSA加密算法
04-05
**rust-rsa: Rust 中的简单RSA加密算法** RSA(Rivest-Shamir-Adleman)是一种广泛使用的非对称加密算法,它在网络安全、数据加密和数字签名等领域有着重要的应用。在Rust编程语言中实现RSA加密,可以确保代码的...
[HDCTF 2023]enc
liaochonxiang的博客
06-04 450
/注意修改为16进制,这样不会溢出,不会出错。第一种方法:smc自解密,再找到相对应的位置,按p转换成函数。密钥为v7和v8,注意看汇编代码,发现它俩的内存位置在一块。动调,运行到此处,再在反汇编窗口进行搜索”hdctf“按顺序理解,sub_411523函数为一个加密函数。可在反汇编窗口,通过搜索”hdctf“得到具体位置。跟进sub_411523—>sub_415100。先在smc函数解密后随便一个位置下断点。发现为一个XTEA加密。写idc脚本:进行解密。发现是一个smc加密。可知smc解密的位置。
CTF中压缩包解密的几种常见方式
热门推荐
BlusKing
12-10 4万+
  压缩包解密通用方法: 1.用winhex打开,搜索字符pass 、 key 等,查看是否有含有压缩包密码 2.如果要爆破: 先0-6位数字来一遍 3.如果爆破不成功可以根据题意或者社工 猜密码组合。例如某用户名叫王方,密码就有可能是wangfang123.     crc32爆破: 压缩包压缩文件会附带crc32校验码,如果字节长度比较短的话,可以尝试crc32爆破。 比方说...
CTF RSA
最新发布
qq_63603591的博客
07-03 465
2.Public Exponent这里要使用16进制的数,如果公钥e=17的话,就应该填入十六进制的11。4.给出的是n和e的话,输入n和e,点击Factor N(分解),得到p,q,再重复第3步就能得到d了。在一次RSA密钥对生成中,假设p=473398607161,q=4511491,e=17。3.给出p,q,e的话直接填入,再点击Calc.D,获得d。注意e填进去是16进制,需要将17转hex得到11再填进去。1.Number Base 设置为十进制。求解出d作为flga提交。
CTF-RSA_密钥生成与读取
fengerxi33的博客
02-18 2992
RSA密钥生成与读取 1.pycryptodome模块 公钥生成 from Crypto.PublicKey import RSA p= 787228223375328491232514653709 q= 814212346998672554509751911073 n= 640970939378021470187479083920100737340912672709639557619757 d= 590103645243332826117029128695341159496883001869370080
ctf密码总结
Reset
11-05 1万+
自己做题总结的小知识点。 1.RSA 公钥标准文件的后缀是  .pem 加密过程  选择两个大素数p和q,计算出模数N = p * q  计算φ = (p−1) * (q−1) 即N的欧拉函数,然后选择一个e (1&lt;e&lt;φ),且e和φ互质  取e的模反数为d,计算方法: e * d ≡ 1 (mod φ)  对明文m进行加密:c≡m^e (mod n) 或 c = pow(...
0CTF 2016 RSA?(未完成)
何彬的博客
03-13 2703
分值:2分 描述:It seems easy, right? Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc 首先是把文件下载下来,看到一个文件和一个public.pem 用openssl解析public.pem,得到: openssl rsa -pubin -text -m
CTF--攻防世界crypto新手训练7-11
qq_40730029的博客
05-06 1581
7.不仅仅是Morse 8.easy_RSA 9.easychallenge 10.混合编码 11.转轮机加密 7.不仅仅是Morse 题目:“这个题目和我们刚刚做的那个好像啊但是为什么按照刚刚的方法做出来答案却不对呢” ,你奇怪的问了问小鱼,“可能是因为还有一些奇怪的加密方式在里面吧,我们在仔细观察观察”。两个人 安安静静的坐下来开始思考,很耐心的把自己可以想到的加密方式一种种的过了一遍,十多...
ctf-实验吧-crypto
zhang14916的博客
07-27 4575
1.trivial 下载文件解压,得到一个py文件,里面又一个加密算法,这是一个移位加密加密算法的key和加密之后的密文已知,然后对每个明文在不同范围内进行移位加密,直接解密即可 #!/usr/bin/env python import sys alphaL = "abcdefghijklnmopqrstuvqxyz" alphaU = "ABCDEFGHIJKLMNOPQRSTUVQ...
CTF密码--新手题--Normal_RSA--解题过程及总结
hippotomons的博客
10-21 8040
Normal_RSA 难度系数: ☆ 题目来源: PCTF 题目描述: 你和小鱼走啊走走啊走,走到下一个题目一看你又一愣,怎么还是一个数题啊 小鱼又一笑,hhhh数在密码里面很重要的!现在知道吃亏了吧!你哼一声不服气,我知道数 很重要了!但是工具也很重要的,你看我拿工具把他解出来!你打开电脑折腾了一会还真的把答案 做了出来,小鱼有些吃惊,向你投过来一个赞叹的目光 附件下载下来又是一阵懵逼...
密码实验_对称加密算法DES_非对称加密算法RSA.pdf
02-20
完整实验报告,共31页 包括实验目的,实验内容,实验步骤,运行结果,实验总结 附上了源码。 部分内容可见https://blog.csdn.net/guansheng123/article/details/123029969

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值