BUUCTF 每日打卡 2021-5-8

最新推荐文章于 2023-09-12 22:08:46 发布
最新推荐文章于 2023-09-12 22:08:46 发布
阅读量7.3k 收藏 2
点赞数
分类专栏: crypto 文章标签: 密码学
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_52446095/article/details/116524154
版权

引言

together

附件有两个 公钥,pem 和 flag(base64编码) 文件
联想题目,容易猜想是 RSA 共模攻击
编写代码验证:

from Crypto.PublicKey import RSA

with open("pubkey1.pem", "r") as f:
    key = RSA.import_key(f.read())
    print(key.n)
    print(key.e)
with open("pubkey2.pem", "r") as f:
    key = RSA.import_key(f.read())
    print(key.n)
    print(key.e)

输出结果:
在这里插入图片描述
猜想成立
然后进行共模攻击
完整代码如下:

from Crypto.PublicKey import RSA
import base64
from Crypto.Util.number import *
import gmpy2

with open("pubkey1.pem", "r") as f:
    key = RSA.import_key(f.read())
    n1 = key.n
    e1 = key.e
with open("pubkey2.pem", "r") as f:
    key = RSA.import_key(f.read())
    n2 = key.n
    e2 = key.e

assert n1 == n2
n = n1
with open('myflag1', 'r') as f:
    c1 = int(base64.b64decode(f.read()).hex(), 16)
    print(c1)
with open('myflag2', 'r') as f:
    c2 = int(base64.b64decode(f.read()).hex(), 16)
    print(c2)

g, u, v = gmpy2.gcdext(e1, e2)
if u < 0:
    u = -u
    c1 = inverse(c1, n)
if v < 0:
    v = -v
    c2 = inverse(c2, n)

m = (pow(c1, u, n) * pow(c2, v, n)) % n
print(long_to_bytes(m))

结果为:flag{23re_SDxF_y78hu_5rFgS}

babyRSA

加密代码如下:

import sympy
import random
from gmpy2 import gcd, invert
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
from z3 import *
flag = b"MRCTF{xxxx}"
base = 65537

def gen_p():
    P = [0 for i in range(17)]
    P[0] = getPrime(128)
    for i in range(1, 17):
        P[i] = sympy.nextprime(P[i-1])
    print("P_p :", P[9])
    n = 1
    for i in range(17):
        n *= P[i]
    p = getPrime(1024)
    factor = pow(p, base, n)
    print("P_factor :", factor)
    return sympy.nextprime(p)

def gen_q():
    sub_Q = getPrime(1024)
    Q_1 = getPrime(1024)
    Q_2 = getPrime(1024)
    Q = sub_Q ** Q_2 % Q_1
    print("Q_1: ", Q_1)
    print("Q_2: ", Q_2)
    print("sub_Q: ", sub_Q)
    return sympy.nextprime(Q)

if __name__ == "__main__":
    _E = base
    _P = gen_p()
    _Q = gen_q()
    assert (gcd(_E, (_P - 1) * (_Q - 1)) == 1)
    _M = bytes_to_long(flag)
    _C = pow(_M, _E, _P * _Q)
    print("Ciphertext = ", _C)
'''
P_p : 206027926847308612719677572554991143421
P_factor : 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1:  103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2:  151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q:  168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext =  1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
'''

其实他原附件给的代码里面定义的 GCD() 函数根本没有用到,我把它删了
分析代码,p 和 q 分别由 gen_p()gen_q() 两个自定义函数获取
其中 q 很容易求,而且把需要用到的数据都给了
需要注意的就是 用原代码的 sympy.nextprime(sub_Q ** Q_2 % Q_1) 求 q 会非常慢,我们用 sympy.nextprime(pow(sub_Q, Q_2, Q_1)) 的方式求解
代码如下:

import sympy
# 求 q
Q_1 = 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2 = 151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q = 168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
q = sympy.nextprime(pow(sub_Q, Q_2, Q_1))

然后求 p
发现 gen_p() 函数和 RSA 加密算法很相似,只不过 n 是 17 个素数相乘
告诉我们 P[9] 容易求得其他 16 个相邻的素数
最后类似于 RSA 解密即可
代码如下:

import sympy
from Crypto.Util.number import *
# 求 p
P_p = 206027926847308612719677572554991143421
P_factor = 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
list_P = [P_p]
P = P_p
for i in range(9):
    P = sympy.prevprime(P)
    list_P.append(P)
P = P_p
for i in range(7):
    P = sympy.nextprime(P)
    list_P.append(P)

phi_p = 1
n_p = 1
for i in range(len(list_P)):
    n_p *= list_P[i]
    phi_p *= (list_P[i]-1)
d_p = inverse(e, phi_p)
p = sympy.nextprime(pow(P_factor, d_p, n_p))

最后就是最基础的 RSA 解密算法了
完整代码如下:

import sympy
from Crypto.Util.number import *

e = 65537
c = 1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832

# 求 q
Q_1 = 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2 = 151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q = 168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
q = sympy.nextprime(pow(sub_Q, Q_2, Q_1))

# 求 p
P_p = 206027926847308612719677572554991143421
P_factor = 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
list_P = [P_p]
P = P_p
for i in range(9):
    P = sympy.prevprime(P)
    list_P.append(P)
P = P_p
for i in range(7):
    P = sympy.nextprime(P)
    list_P.append(P)

phi_p = 1
n_p = 1
for i in range(len(list_P)):
    n_p *= list_P[i]
    phi_p *= (list_P[i]-1)
d_p = inverse(e, phi_p)
p = sympy.nextprime(pow(P_factor, d_p, n_p))

# 求 c
n = p*q
phi = (p-1)*(q-1)
d = inverse(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))

结果:MRCTF{sti11_@_b@by_qu3st10n}

结语

希望继续坚持

Σ2333!
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
人脸打卡机)-WiFi-TCP网络通信.docx
12-17
WiFi-TCP网络通信协议在人脸打卡机中的应用 人脸打卡机是一种智能的身份识别系统,结合了人脸识别技术和网络通信技术。该系统可以通过WiFi-TCP网络通信协议与服务器进行数据交换,从而实现人脸识别和考勤管理。 ...
[MRCTF2020]babyRSA
weixin_44110537的博客
07-17 1443
题目 加密脚本 import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes from z3 import * flag = b"MRCTF{xxxx}" base = 65537 def GCD(A): B = 1 for i in
MRCTF2020——crypto——Easy_RSA——babyRSA
weixin_44159598的博客
03-29 2284
babyrsa 根据主函数可知,首要目的是找到_P和_Q,首先来看_P 可以发现 题目已给出P[9],所以直接目的可以手动测试周围素数,直到找到全部(这里是一部分) 这里我们可以得到N factor = pow(p, base, n) 这一句说明我们应该将这个简单RSA解出来,此时按照一般RSA的步骤求得d 这里已经得到N的所有因数,所以此时N的欧拉函数为所有因数减1相乘,即(p1-...
[MRCTF2020]babyRSA 1
学习,再学习
09-07 125
正数和倒数的问题 下标 range(start, stop, step) 如果是到下标0 stop是-1 如果0到n, stop是n+1
2022-03-09
m0_57291352的博客
03-09 368
d3factor (来源:AntCTF & Dˆ3CTF 2022) from Crypto.Util.number import bytes_to_long, getPrime from secret import msg from sympy import nextprime from gmpy2 import invert from hashlib import md5 flag = 'd3ctf{'+md5(msg).hexdigest()+'}' p = getPrime(256) q
精品专题资料(2021-2022年收藏)基于java的职工考勤管理信息系统.doc
11-28
2. **出勤记录管理**:记录职工的上下班打卡时间,追踪缺勤情况。 3. **出差管理**:管理职工的出差申请,包括出差起止时间及天数计算。 4. **请假管理**:处理职工的请假申请,统计请假天数。 5. **加班管理**:...
人脸打卡机)-WiFi-UDP网络通信.docx
12-17
人脸打卡机)-WiFi-UDP网络通信.docx
基于springboot的前后端分离每日任务打卡系统-源码
10-02
基于springboot的前后端分离每日任务打卡系统_源码
人脸打卡机)-加解密及数据协议.docx
12-17
人脸打卡机加解密及数据协议 人脸打卡机是一种基于人脸识别技术的考勤系统,用于记录员工的出勤信息。该系统主要包括人脸识别模块、加解密模块和数据协议模块。下面我们将详细说明人脸打卡机的加解密及数据协议。 ...
MRCTF2020 babyRSA
pondzhang的专栏
05-21 385
import sympy import gmpy2 Q_1= 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009
BUUCTF RSA题目全解4
MikeCoke的博客
12-19 3676
1.[MRCTF2020]babyRSA 题目 import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes from z3 import * flag = b"MRCTF{xxxx}" base = 65537 def GCD(A): B =
BUUCTF [GUET-CTF2019]BabyRSA
sky_hhd的博客
07-04 369
最后得flag{cc7490e-78ab-11e9-b422-8ba97e5da1fd}通过题目得知,p+q,(p+1)(q+1),e,d,c,我们只需要求出N即可。
buuctf crypto 【[GUET-CTF2019]BabyRSA】解题记录
最新发布
jsbbd12的博客
09-12 422
buuctf 密码学刷题记录
BUUCTF_Crypto_[GUET-CTF2019]BabyRSA
qq_58370970的博客
11-22 487
题目:给了一个babyrsa的文件,用txt文件打开 给了p+q,(p+1)(q+1)通过这个可以求出n(n=p*q)和phi(phi=(p-1)(q-1)) n=(p+1)(q+1)-p-q-1,phi=(p+1)(q+1)-2*(p+q) 代码: import gmpy2 import libnum e = 0xe6b1bee47bd63f615c7d0a43c529d219 d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e
BUUCTF 每日打卡 2021-4-27
weixin_52446095的博客
04-27 245
引言 明天数分考试 我吐了 RSA 附件如下: A=(((y%x)**5)%(x%y))**2019+y**316+(y+1)/x p=next_prime(z*x*y) q=next_prime(z) A = 26833491826787145242474695127934760098610147810049249054841274803081613777681928680615618865770486464323821289608814874634274141761144868858306939594
[*CTF 2022]ezRSA
shshss64的博客
04-08 409
部分p泄露经典问题
BUUCTF [NCTF2019]babyRSA解题思路
weixin_45441024的博客
11-29 2458
BUUCTF [NCTF2019]babyRSA 这是一道RSA的题目,前几天看祥云杯的RSA做到自闭,做点简单的题转换一下心情。 下载文件之后是一个压缩包,里面有一个py文件,题目如下: from Crypto.Util.number import * from flag import flag def nextPrime(n): n += 2 if n & 1 else 1 while not isPrime(n): n += 2 return n p
buu [GUET-CTF2019]BabyRSA
ao52426055的博客
12-01 1277
查看题目 观察题目给的条件,给了p+q,(p+1)(q+1),e,d,以及密文C. RSA的解密公式:M=C^d mod n 所以我们只要求出n即可。(n = pq) n = (p+1)(q+1) - (p+q) - 1 求M的值,已知C,d,n后 用函数pow(),即可求出 import libnum a = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30
设计一个每日健康打卡数据表
03-30
数据表名称:每日健康打卡表 字段: - 姓名:文本,最多10个字符 - 打卡日期:日期,格式为YYYY-MM-DD - 体温:数字,小数点后保留1位,单位为℃ - 呼吸状况:文本,最多10个字符,如正常、气促、咳嗽等 - 是否有咳嗽、发热等症状:文本,最多10个字符,如有、无 - 是否接触过有症状人员:文本,最多10个字符,如有、无 - 其他症状或注意事项:文本,最多50个字符 主键:姓名+打卡日期 示例数据: | 姓名 | 打卡日期 | 体温 | 呼吸状况 | 是否有症状 | 是否接触有症状人员 | 其他症状或注意事项 | |------|-----------|------|----------|------------|--------------------|-------------------| | 张三 | 2021-01-01 | 36.5 | 正常 | 无 | 无 | | | 张三 | 2021-01-02 | 37.0 | 正常 | 无 | 无 | | | 张三 | 2021-01-03 | 36.8 | 气促 | 有 | 无 | 建议去医院检查 | | 李四 | 2021-01-01 | 37.2 | 正常 | 无 | 有 | 自我隔离14天 | | 李四 | 2021-01-02 | 37.4 | 咳嗽 | 有 | 无 | 电话咨询医生 | | 王五 | 2021-01-01 | 36.7 | 正常 | 无 | 无 | |

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值