引言
原本以为今天能把1分题刷完的,结果又多了几个,淦
[AFCTF2018]One Secret, Two encryption
题面:
一份秘密发送给两个人不太好吧,那我各自加密一次好啦~~~
素数生成好慢呀
偷个懒也……不会有问题的吧?
给了两个公钥文件
先转成能看懂的:
from Crypto.PublicKey import RSA
with open("public1.pub", "r") as f:
key = RSA.import_key(f.read())
n1 = key.n
e1 = key.e
print('n1:', key.n)
print('e1:', key.e)
with open("public2.pub", "r") as f:
key = RSA.import_key(f.read())
n2 = key.n
e2 = key.e
print('n2:', key.n)
print('e2:', key.e)
得到n和e:
先尝试爆破,发现都可以暴力分解(啊这)
得到p,q:
p1 = 27809722472252756488236572384949349891208643090117349509994417047989746484576130392206781875743390815588696964830219136848285391966773129269973231061599768809907518881304479207799187410626121509031210549317480187679455501340422680238395009932081263455435640341892702399022829951248686529928945588545968218943
q1 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
p2 = 13574537518864130340355432541118272197612469786472599699388744722964224446468845332277885224151359348751827390453295742493408690917441802418376492710577443748707324892538263470296850322457820732500754398379697996486797672220145645775197396918813888878389297506519458452871204328250224991572191181011886880259
q2 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
发现q1=q2
原来题面说的“偷个懒”是这个意思
然后就是常规的RSA解密,代码如下:
from Crypto.PublicKey import RSA
from Crypto.Util.number import *
import rsa
with open("public1.pub", "r") as f:
key = RSA.import_key(f.read())
n1 = key.n
e1 = key.e
print('n1:', key.n)
print('e1:', key.e)
with open("public2.pub", "r") as f:
key = RSA.import_key(f.read())
n2 = key.n
e2 = key.e
print('n2:', key.n)
print('e2:', key.e)
p1 = 27809722472252756488236572384949349891208643090117349509994417047989746484576130392206781875743390815588696964830219136848285391966773129269973231061599768809907518881304479207799187410626121509031210549317480187679455501340422680238395009932081263455435640341892702399022829951248686529928945588545968218943
q1 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
p2 = 13574537518864130340355432541118272197612469786472599699388744722964224446468845332277885224151359348751827390453295742493408690917441802418376492710577443748707324892538263470296850322457820732500754398379697996486797672220145645775197396918813888878389297506519458452871204328250224991572191181011886880259
q2 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
print(q1 == q2)
d1 = inverse(e1, (p1 - 1) * (q1 - 1))
Rsa = rsa.PrivateKey(n1, e1, d1, p1, q1)
with open('flag_encry1', 'rb') as f:
c1 = f.read()
print(rsa.decrypt(c1, Rsa))
d2 = inverse(e2, (p2 - 1) * (q2 - 1))
Rsa = rsa.PrivateKey(n2, e2, d2, p2, q2)
with open('flag_encry2', 'rb') as f:
c2 = f.read()
print(rsa.decrypt(c2, Rsa))
[AFCTF2018]MyOwnCBC
加密代码如下:
from Crypto.Cipher import AES
from Crypto.Random import random
from Crypto.Util.number import long_to_bytes
def MyOwnCBC(key, plain):
if len(key)!=32:
return "error!"
cipher_txt = b""
cipher_arr = []
cipher = AES.new(key, AES.MODE_ECB, "")
plain = [plain[i:i+32] for i in range(0, len(plain), 32)]
print plain
cipher_arr.append(cipher.encrypt(plain[0]))
cipher_txt += cipher_arr[0]
for i in range(1, len(plain)):
cipher = AES.new(cipher_arr[i-1], AES.MODE_ECB, "")
cipher_arr.append(cipher.encrypt(plain[i]))
cipher_txt += cipher_arr[i]
return cipher_txt
key = random.getrandbits(256)
key = long_to_bytes(key)
s = ""
with open("flag.txt","r") as f:
s = f.read()
f.close()
with open("flag_cipher","wb") as f:
f.write(MyOwnCBC(key, s))
f.close()
题面:
CBC什么东西呀?不就是把上一轮加密的影响扩散到下一轮嘛
它写的CBC一点都不正宗
我这样写肯定也行的!
大概吧?
观察代码,发现是先随机生成了一个key然后把plain按每段32位分割,第一段用生成的key进行AES加密,后面每段plain以前面一段加密后的plain(也就是cipher)作为key进行加密,最后拼接在一起,题面里“把上一轮加密的影响扩散到下一轮”就是这个意思
由于第一段key是随机生成的,也没有线索来还原,就以第一段cipher作为key来还原后面的内容,代码如下:
from Crypto.Cipher import AES
with open("flag_cipher", "rb") as f:
cipher = f.read()
key = cipher[:32]
plain_txt = b""
cipher = [cipher[i:i + 32] for i in range(0, len(cipher), 32)]
for i in range(1, len(cipher)):
aes = AES.new(key, AES.MODE_ECB)
plain_txt += aes.decrypt(cipher[i])
key = cipher[i]
print(plain_txt)
结果为:
结语
希望继续坚持