BUUCTF 每日打卡 2021-4-20

最新推荐文章于 2023-09-24 13:10:47 发布
最新推荐文章于 2023-09-24 13:10:47 发布
阅读量736 收藏 1
点赞数
分类专栏: crypto 文章标签: 密码学
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_52446095/article/details/115921318
版权

引言

一张谍报

题目给了一份报纸
在这里插入图片描述
完全摸不着头脑
只能找 wp
flag:南天菩萨放鹰捉猴头

SameMod

共模攻击
不再赘述
详见 CTFwiki 共模攻击
题目给的数据都和 CTFwiki 的一模一样(啊这)
解密代码如下:

import gmpy2

n = 6266565720726907265997241358331585417095726146341989755538017122981360742813498401533594757088796536341941659691259323065631249
e1 = 773
e2 = 839
message1=3453520592723443935451151545245025864232388871721682326408915024349804062041976702364728660682912396903968193981131553111537349
message2=5672818026816293344070119332536629619457163570036305296869053532293105379690793386019065754465292867769521736414170803238309535
# s & t
gcd, s, t = gmpy2.gcdext(e1, e2)
if s < 0:
    s = -s
    message1 = gmpy2.invert(message1, n)
if t < 0:
    t = -t
    message2 = gmpy2.invert(message2, n)
plain = gmpy2.powmod(message1, s, n) * gmpy2.powmod(message2, t, n) % n
i = 0
flag = ""
plain = str(plain)
while i < len(plain):
    if plain[i] == '1':
        flag += chr(int(plain[i:i + 3]))
        i += 3
    else:
        flag += chr(int(plain[i:i + 2]))
        i += 2
print(flag)

结果为:flag{whenwethinkitispossible}

BabyRSA

加密代码如下:

import hashlib
import sympy
from Crypto.Util.number import *

flag = 'GWHT{******}'
secret = '******'

assert(len(flag) == 38)

half = len(flag) / 2

flag1 = flag[:half]
flag2 = flag[half:]

secret_num = getPrime(1024) * bytes_to_long(secret)

p = sympy.nextprime(secret_num)
q = sympy.nextprime(p)

N = p * q

e = 0x10001

F1 = bytes_to_long(flag1)
F2 = bytes_to_long(flag2)

c1 = F1 + F2
c2 = pow(F1, 3) + pow(F2, 3)
assert(c2 < N)

m1 = pow(c1, e, N)
m2 = pow(c2, e, N)

output = open('secret', 'w')
output.write('N=' + str(N) + '\n')
output.write('m1=' + str(m1) + '\n')
output.write('m2=' + str(m2) + '\n')
output.close()

看来是把 flag 分成两段加密了
输出数据如下:

N=636585149594574746909030160182690866222909256464847291783000651837227921337237899651287943597773270944384034858925295744880727101606841413640006527614873110651410155893776548737823152943797884729130149758279127430044739254000426610922834573094957082589539445610828279428814524313491262061930512829074466232633130599104490893572093943832740301809630847541592548921200288222432789208650949937638303429456468889100192613859073752923812454212239908948930178355331390933536771065791817643978763045030833712326162883810638120029378337092938662174119747687899484603628344079493556601422498405360731958162719296160584042671057160241284852522913676264596201906163
m1=90009974341452243216986938028371257528604943208941176518717463554774967878152694586469377765296113165659498726012712288670458884373971419842750929287658640266219686646956929872115782173093979742958745121671928568709468526098715927189829600497283118051641107305128852697032053368115181216069626606165503465125725204875578701237789292966211824002761481815276666236869005129138862782476859103086726091860497614883282949955023222414333243193268564781621699870412557822404381213804026685831221430728290755597819259339616650158674713248841654338515199405532003173732520457813901170264713085107077001478083341339002069870585378257051150217511755761491021553239
m2=487443985757405173426628188375657117604235507936967522993257972108872283698305238454465723214226871414276788912058186197039821242912736742824080627680971802511206914394672159240206910735850651999316100014691067295708138639363203596244693995562780286637116394738250774129759021080197323724805414668042318806010652814405078769738548913675466181551005527065309515364950610137206393257148357659666687091662749848560225453826362271704292692847596339533229088038820532086109421158575841077601268713175097874083536249006018948789413238783922845633494023608865256071962856581229890043896939025613600564283391329331452199062858930374565991634191495137939574539546

老规矩,先试试能不能爆破 N :
在这里插入图片描述
啊这
爆破出来了
根据 RSA 的常规套路解出 c1, c2
由于
c 1 = f 1 + f 2 c 2 = f 1 3 + f 2 3 c_{1} = f_{1} + f_{2} \\ c_{2} = f_{1}^{3} + f_{2}^{3} c1=f1+f2c2=f13+f23
c2 又可以进行因式分解
c 2 = f 1 3 + f 2 3 = ( f 1 + f 2 ) ( f 1 2 − f 1 f 2 + f 2 2 ) c_{2} = f_{1}^{3} + f_{2}^{3} = (f_{1} + f_{2} )(f_{1}^{2} - f_{1} f_{2} + f_{2}^{2}) c2=f13+f23=(f1+f2)(f12f1f2+f22)
c 1 = f 1 + f 2 c_{1} = f_{1} + f_{2} c1=f1+f2 代入得
c 2 c 1 = f 1 2 − f 1 f 2 + f 2 2 = ( f 1 + f 2 ) 2 − 3 f 1 f 2 \frac{c_{2}}{c_{1}} = f_{1}^{2} - f_{1} f_{2} + f_{2}^{2} = (f_{1} + f_{2} )^{2} - 3f_{1} f_{2} c1c2=f12f1f2+f22=(f1+f2)23f1f2
可以求出 f 1 f 2 f_{1} f_{2} f1f2 记为 c 3 c_{3} c3
然后可以构造一元二次方程
x 2 − c 1 x + c 3 = 0 x^{2} - c_{1}x + c_{3} = 0 x2c1x+c3=0
解出结果即为 f 1 , f 2 f1,f2 f1,f2
最后解密即可
代码如下:

from Crypto.Util.number import *
from sympy import *

p = 797862863902421984951231350430312260517773269684958456342860983236184129602390919026048496119757187702076499551310794177917920137646835888862706126924088411570997141257159563952725882214181185531209186972351469946269508511312863779123205322378452194261217016552527754513215520329499967108196968833163329724620251096080377747699
q = 797862863902421984951231350430312260517773269684958456342860983236184129602390919026048496119757187702076499551310794177917920137646835888862706126924088411570997141257159563952725882214181185531209186972351469946269508511312863779123205322378452194261217016552527754513215520329499967108196968833163329724620251096080377748737
N = 636585149594574746909030160182690866222909256464847291783000651837227921337237899651287943597773270944384034858925295744880727101606841413640006527614873110651410155893776548737823152943797884729130149758279127430044739254000426610922834573094957082589539445610828279428814524313491262061930512829074466232633130599104490893572093943832740301809630847541592548921200288222432789208650949937638303429456468889100192613859073752923812454212239908948930178355331390933536771065791817643978763045030833712326162883810638120029378337092938662174119747687899484603628344079493556601422498405360731958162719296160584042671057160241284852522913676264596201906163
m1= 90009974341452243216986938028371257528604943208941176518717463554774967878152694586469377765296113165659498726012712288670458884373971419842750929287658640266219686646956929872115782173093979742958745121671928568709468526098715927189829600497283118051641107305128852697032053368115181216069626606165503465125725204875578701237789292966211824002761481815276666236869005129138862782476859103086726091860497614883282949955023222414333243193268564781621699870412557822404381213804026685831221430728290755597819259339616650158674713248841654338515199405532003173732520457813901170264713085107077001478083341339002069870585378257051150217511755761491021553239
m2 = 487443985757405173426628188375657117604235507936967522993257972108872283698305238454465723214226871414276788912058186197039821242912736742824080627680971802511206914394672159240206910735850651999316100014691067295708138639363203596244693995562780286637116394738250774129759021080197323724805414668042318806010652814405078769738548913675466181551005527065309515364950610137206393257148357659666687091662749848560225453826362271704292692847596339533229088038820532086109421158575841077601268713175097874083536249006018948789413238783922845633494023608865256071962856581229890043896939025613600564283391329331452199062858930374565991634191495137939574539546
e = int('0x10001', 16)
phi = (p-1)*(q-1)
d = inverse(e, phi)
c1 = pow(m1, d, N) # f1 + f2
c2 = pow(m2, d, N) # f1^3 + f2^3
c3 = (c1**2 - c2//c1) // 3 # f1 * f2
x = symbols('x')
f1, f2 = solve(Eq(x**2 - c1*x + c3,0),x)
print(long_to_bytes(f2) + long_to_bytes(f1))

结果为:GWHT{f709e0e2cfe7e530ca8972959a1033b2}

结语

希望继续坚持

Σ2333!
关注
专栏目录
[GWCTF 2019]BabyRSA 1
weixin_44110537的博客
07-07 1824
问题 首先拿到压缩包,压缩包中给了我们两个文件 一个是encrypt.py 这个文件是加密脚本 另一个是secret里面有我们所需要的数据 分析加密脚本 打开脚本 import hashlib import sympy from Crypto.Util.number import * flag = 'GWHT{******}' secret = '******' assert(len(flag) == 38) half = len(flag) / 2 flag1 = flag[:half] fla
[GWCTF 2019]BabyRSA
rang的博客
12-11 529
import hashlib import gmpy2 import sympy from Crypto.Util.number import * # flag = 'GWHT{******}' # secret = '******' # assert(len(flag) == 38) # half = len(flag) / 2 # flag1 = flag[:half] # flag2 = flag[half:] # secret_num = getPrime(1024) * bytes_to
BUUCTF-------[GWCTF 2019]BabyRSA1
woshicainiao666的博客
09-24 263
**因为n的值太大,所以创建一个.txt文件,将n的值放进去,切记第一行要空出来,否则就会报错***1.首先解压文件,得到两个文件,分析代码,知道了。2.已知n=q*p,求q和p,n数太大了,通过。c1,c2知道后,接下来就是求f1,f2。从后往前推导,想要知道。
[GWCTF 2019]BabyRSA1
qq_61774705的博客
05-11 350
1.题目代码: # import hashlib # import sympy # from Crypto.Util.number import * # # N=63658514959457474690903016018269086622290925646484729178300065183722792133723789965128794359777327094438403485892529574488072710160684141364000652761487311065141015589377654
小学计算每日打卡A4 60-110题 生成器C# net4.5
最新发布
07-21
1、生成100以内计算题 2、生成PDF格式(pdf生成最大14页A4) 3、题量一次最多1000题(支持难度升级20%) 4、C# vs2017 开发。
基于springboot的前后端分离每日任务打卡系统-源码
10-02
标题中的“基于SpringBoot的前后端分离每日任务打卡系统”是指一个使用SpringBoot框架开发的、实现了前后端分离架构的任务管理应用,特别适用于日常任务的打卡功能。在现代Web开发中,前后端分离已经成为一种常见的...
优质资料(2021-2022年收藏)省级安全质量标准化示范工地基本要求.doc
10-11
【优质资料(2021-2022年收藏)省级安全质量标准化示范工地基本要求】 这份文档详细阐述了创建省级安全质量标准化示范工地所需满足的各项条件和要求,涉及了项目的规模、申报资料的准备、项目的基本要求等多个方面...
昇思25天打卡营-mindspore-ML- Day9
06-27
FCN图像语义分割,mindspore平台
专题资料(2021-2022年)办公室制度二十四、员工打卡管理规定.doc
10-08
【员工打卡管理规定】 在企业运营中,员工的考勤管理是确保正常工作秩序和维护公司利益的重要环节。员工打卡管理规定是此类管理的核心部分,它明确了员工上下班时间的记录方式,旨在防止迟到、早退现象,保障公平...
BUUCTF_Crypto_[GWCTF 2019]BabyRSA
qq_58370970的博客
12-08 589
题目:给了一个py文件和一个txt文件(用txt打开) 可以看出flag是分成两段被加密了 通过 可以知道p,q相差不大,可以通过yafu直接分解出来 得到p,q 解出c1,c2后依旧要接F1+F2=c1,F1**3+fF2**3=c2 大佬的解法 代码: import gmpy2 import libnum from z3 import * from sympy.abc import a,b import binascii e=0x10001 n=63658514...
BUUCTF Crypto [GWCTF 2019]BabyRSA wp
hsqGOD's blog
03-19 1751
这题我们可以看到,在题目的加密脚本中,我们可以发现q = sympy.nextprime§,意味着p和q是相邻的素数,非常接近,于是可以将N开平方根,这个数的nextprime就为q,然后就可以求出所有rsa的元素求出c1,c2来。然后可以通过c1,c2和F1,F2的关系得到关系式,3C1F2²-3C1²F2+C1³-C2=0,于是可以通过初中所学的二次方程求根公式,得到m1,m2求出flag,解...
[GWCTF 2019]BabyRSA 1解题(记一次sympy学习过程)
学习,再学习
08-27 248
求解方程组
CTF-BUUCTF-CRPTO-[GWCTF 2019]BabyRSA
weixin_43880435的博客
05-30 872
1,题目有两个文件secret和encrypt.py两个文件: secret:给出N,m1,m2 encrpt.py: import hashlib import sympy from Crypto.Util.number import * flag = 'GWHT{******}' secret = '******' assert(len(flag) == 38) half = len(flag) / 2 flag1 = flag[:half] flag2 = flag[half:] s
BUUCTF Crypto [GWCTF 2019]BabyRSA、[BJDCTF2020]easyrsa
qtL0ng的博客
06-05 2423
一、题目 下载题目得到encrypt.py和secret两个文件 先来看看加密算法: import hashlib import sympy from Crypto.Util.number import * flag = 'GWHT{******}' secret = '******' assert(len(flag) == 38) half = len(flag) / 2 flag1 = flag[:half] flag2 = flag[half:] secret_num = getPrime(
BUUCTF Crypto [GUET-CTF2019]BabyRSA wp
hsqGOD's blog
03-16 1949
这题RSA非常简单,给出了p+q和(p+1)*(q+1)的值,通过简单的拼凑就可以得到n和欧拉函数phin的值,直接求得flag出来,脚本如下 // python2 import gmpy2 a =0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf301412...
BUUCTF [GUET-CTF2019]BabyRSA
sky_hhd的博客
07-04 411
最后得flag{cc7490e-78ab-11e9-b422-8ba97e5da1fd}通过题目得知,p+q,(p+1)(q+1),e,d,c,我们只需要求出N即可。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值