BUUCTF 每日打卡 2021-7-16

引言

颓废了一天，水了

[UTCTF2020]hill

hill？山丘？变异栅栏？
没有头绪，找wp
原来是希尔密码，没见过
主要就是要求一个nxn的密钥矩阵，然后解密即可
从wp中得知utflag被加密成wznqca，只能构造6个式子，还要模26，所以不可能是3x3的矩阵，只有可能是2x2的矩阵，4个未知数
即
$$\left(\begin{array}{cc}a& b\\ c& d\end{array}\right)\left(\begin{array}{ccc}20& 5& 0\\ 19& 11& 6\end{array}\right)\equiv \left(\begin{array}{ccc}22& 13& 2\\ 25& 16& 0\end{array}\right)mod26$$
其中$a,b,c,d$为密钥矩阵的四个未知数
得到模方程组
$$\{\begin{array}{l}20a+19b\equiv 22mod26\\ 20c+19d\equiv 25mod26\\ 5a+11b\equiv 13mod26\\ 5c+11d\equiv 16mod26\\ 6b\equiv 2mod26\\ 6d\equiv 0mod26\end{array}$$
显然，最后两个式子是最好下手的，但是我没有什么好的方法，猜测$a,b,c,d$应该不会超过100，干脆直接爆破，代码如下：

import random

for k in range(0, 100):
    a = 0; b = 0; c = 0; d = 0

    while (20*a+19*b) % 26 != 22 or (20*c+19*d) % 26 != 25:
        d = random.randint(0, 100)
        b = random.randint(0, 100)
        a = 0
        c = 0
        while (6*d) % 26 != 0:
            d += 1
        while (5*c+11*d) % 26 != 16:
            c += 1
        while (6*b) % 26 != 2:
            b += 1
        while (5*a+11*b) % 26 != 13:
            a += 1
    print(a, b, c, d)

    with open('result.txt', 'r') as f:
        r = f.readlines()

    with open('result.txt', 'a') as f:
        if not (str([a, b, c, d]) + '\n') in r:
            f.write(str([a, b, c, d]) + '\n')

得到了100以内的部分解：

[1, 22, 11, 91]
[1, 22, 11, 39]
[1, 100, 11, 39]
[1, 100, 11, 91]
[1, 48, 11, 39]
[1, 48, 11, 65]
[1, 74, 11, 39]
[1, 22, 11, 13]
[1, 100, 11, 65]
[1, 74, 11, 65]
[1, 74, 11, 13]
[1, 74, 11, 91]
[1, 22, 11, 65]
[1, 100, 11, 13]
[1, 48, 11, 91]
[1, 48, 11, 13]

猜测密钥矩阵可能不唯一
懒得自己写解密程序了，就找了一个在线工具
验证了前三组，结果相同，证实了我的猜想
结果如下：

忽略了符号、数字和大小写，修改一下即可
结果为utflag{d4nger0us_c1pherText_qq}

[INSHack2017]rsa16m

题干描述：
When you need really secure communications, you use RSA with a 4096 bit key.
I want really really really secure communications to transmit the nuclear launch codes (yeah IoT is everywhere man) so I used RSA with a 16777216 bit key. Surely russians will not be able to factor that one !

平时为了保证安全RSA会采用4096位的密钥，但他给我整了个16777216位的
wtm直接找wp

啊这
这还真想不到
代码如下：

import gmpy2
from Crypto.Util.number import *

c = # 自己复制
e = 0x10001
m = gmpy2.iroot(c, e)[0]

print(long_to_bytes(m))

结果为

结语

希望继续坚持