Crypto练习-六月练习部分题目

已于 2024-07-01 22:26:34 修改
阅读量416 收藏 2
点赞数 1
文章标签: 算法 密码学
于 2024-06-27 16:57:58 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_59841460/article/details/140006258
版权

第一题:

题目:
himt: 爆破、仿射加密变形

from secret import flag

assert flag.startswith(b'flag{') and flag.endswith(b'}')
table = "!\"#$%&'()*+,-.:<=>?@[\]^_{}ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz"


def Enc(m: bytes) -> bytes:
    m = m.decode()
    cipher = ''
    for i in m:
        x = table.index(i)
        x = pow(x, -1, len(table))
        Index = (20 * x + 24) % len(table)
        cipher += table[Index]
    return cipher.encode()


m = flag[5:-1]
c = Enc(m.swapcase())
print(c)  # b'u-*a058*way08w8M*nwJ51q0sw-?vv8yu**8'

解法一(正向爆破):

table = "!\"#$%&'()*+,-.:<=>?@[\]^_{}ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz"
c = b'u-*a058*way08w8M*nwJ51q0sw-?vv8yu**8'
c = c.decode()
cm_dict = {}
for i in range(1, len(table)):
    x = i
    x = pow(x, -1, len(table))
    Index = (20 * x + 24) % len(table)
    cm_dict[Index] = i
flag = ''
for ci in c:
    ci = table.index(ci)
    Index = cm_dict[ci]
    m = table[Index]
    flag += m
flag = f"flag{{{flag.swapcase()}}}"
print(flag)

解法二(数论解密):

table = "!\"#$%&'()*+,-.:<=>?@[\]^_{}ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz"
cipher = ''
name = b'u-*a058*way08w8M*nwJ51q0sw-?vv8yu**8'
for i in name:
    Index = table.index(chr(i))
    x = 20 * pow((Index-24),-1,89)
    cipher += table[x % len(table)]
print(cipher.swapcase())
  • 数论详细说明如下:

第二题:

题目(第三届粤海杯-决赛Crypto1):

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)

e = 65537
p = getPrime(1024)#生成一个1024二进制位的素数
q = getPrime(1024)
n = p * q

m = m * 2024 * q
c = pow(m, e, n)
print('c =', c)
print('n =', n)
#c = 11545622607408935458241292536059990101167349630718109609294965462438709273782489441876212917886133281927174501984195623922748845334472739773510801470970817720781268388230179515316476418724726975224719347630031080136490291075031534070900765922279400252680537756834228968929053004372347793194650613987769765467274552851439489471383254054865141037525723254945136184257590195301295660928232207262269582068083178544307777339982522032814759798399706632838087407405751960220739155606798371470343902512348951743472905649502921293269075476246772249983778876956091712601912931337782047911042303929198516654456415853368630203339
#n = 16685436900538999627958075836984455711275215227654508118866426820576750648214363814042620418604845678203948296168102845978815414728545576069310308602991967303882570151371842717385425660457439491696199859652579599985098514579849352058139823030426869537044169471423155839169977271312291018942482182102617647133320398924105420264097756185821980304410848122362329683629865399937502419424391684348738913383188330657655742401743281171234628370950482823006140502343675646036865574770126732307009918543130249736003273056079941336418478673038446442067464892523213081977061437393902307236265097311007382158394034241317995279579

exp:

因为m的因子有q,所以找到c和n的最大公约数即为q。从n再解出p。

from Crypto.Util.number import *
import gmpy2
import libnum
c = 11545622607408935458241292536059990101167349630718109609294965462438709273782489441876212917886133281927174501984195623922748845334472739773510801470970817720781268388230179515316476418724726975224719347630031080136490291075031534070900765922279400252680537756834228968929053004372347793194650613987769765467274552851439489471383254054865141037525723254945136184257590195301295660928232207262269582068083178544307777339982522032814759798399706632838087407405751960220739155606798371470343902512348951743472905649502921293269075476246772249983778876956091712601912931337782047911042303929198516654456415853368630203339
n = 16685436900538999627958075836984455711275215227654508118866426820576750648214363814042620418604845678203948296168102845978815414728545576069310308602991967303882570151371842717385425660457439491696199859652579599985098514579849352058139823030426869537044169471423155839169977271312291018942482182102617647133320398924105420264097756185821980304410848122362329683629865399937502419424391684348738913383188330657655742401743281171234628370950482823006140502343675646036865574770126732307009918543130249736003273056079941336418478673038446442067464892523213081977061437393902307236265097311007382158394034241317995279579
q = math.gcd(c,n)
p = n // q
e = 65537
print(p)
# n = p * q
phi = (p - 1) * (q - 1)
print(phi)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
m = m // (2024*q)
print(long_to_bytes(m))#这里记得转换一下

第三题:

题目(第三届粤海杯-决赛Crypto2):

from hashlib import md5
from secret import hint
from Crypto.Util.strxor import strxor

hint1 = hint[:6] #前六位
hint2 = hint[6:] #从第气位开始
assert hint1.islower() #判断是一个小写字母
print(md5(hint1).hexdigest())
print(strxor(hint1, hint2).decode())

"""
b5dd60e56f64aa1d259ab21c3973205f
TCUI_B
"""

exp:

可知 hint1 6 位小写字母组成,知道它的 md5 值,可以尝试爆破即可得到 hint1
有了 hint1 ,又已知 hint1 异或 hint2 的结果为 TCUI_B ,则 : hint2 = hint1 异或 TCUI_B 
import string
from tqdm import *
from hashlib import md5
from itertools import product
from Crypto.Util.strxor import strxor
hint1_c= "b5dd60e56f64aa1d259ab21c3973205f"
hint1_xor_hint2 = 'TCUI_B'
table = string.ascii_lowercase
for hint1 in tqdm(product(table, repeat=6)):
    hint1 = ''.join(hint1).encode()
    if md5(hint1).hexdigest() == hint1_c:
        hint2 = strxor(hint1, hint1_xor_hint2.encode())
        hint = hint1+hint2
        print(hint) # tryxor 1,100
        break
得到 hint: tryxor 1,100 ,容易想到要对给出的 cipher 进行逐位异或(范围从 1 100 进行尝试)
发现得到的内容都没有出现 flag ,应想到还有一层编码,由题目名容易联想到 base64 ,故而得解 
import base64
cipher = b"Bu`pB+kaVr]oV\NqBK(*B\IbTL|pUuQlU*QoBr^uTLZpU*I*VLU-VLB!"
for t in range(1,101):
    c = ""
    for i in cipher:
        c += chr(i ^ t)
    try:
        msg = base64.b64decode(c)
        if b"flag" in msg:
            print(msg) # flag{261045be-6d43-7a2b-3b0f1f-0a3d653956}
            break
    except:
        continue

第四题:

题目:给出n, c1, c2, e1*e2

n = 23723414709663043409146354803167768676484239031400646854344921581190842455020298542679503185959169237351051283957808491272176607589972102017725217000980459409011765777305036376238334392654701713028578404550441412521528096494483705166107924141060306111730935285286442299028811733353145813755051318853095870353494707151967367912118298118285822794149957221321943818652577443815883589657620731416673718056733736043424734846424920674873434253469199349509358967749850577159394268891674156450757240830233448999712357318363199170045863588924264511829817509100474166090712813299549787004962346680319872798058231188915628383591

c1 = 19054912774147628727553917598318536324166149639543661440938862373325472740612249436160410830877486186040052106255634085434218097705885466041251507988011368642912696888436661688751400979996939440386005462275597837891144799805829564596722747856176178371417553527156064062175120040399642658034642303212443343190336774432678439552199370842494606152369382835846688899438806677242794145486160825601378269966409132805334341258559358175137602547810978801876853296509228350723466401954436323165165393596214066597752251797884080416877041663915509051711571979131521014273115893792023266190735124851850698647470042538070138972920

c2 = 4490538789057573761504993536020749252128430743130655544771616036039597648387562955542457059064263092943953642271064630845544109444089794366487650060454509019455549834788373801758638846202744776342542046709631245793895398748825742566870869785973680707337905651332408048050432199901437246930344414459178264677544957506430818815995656423679626408760273187218494529527907212920442401843942300205444207127386748755283120742011676190160487038975352496744040261653217263840760717217725774971768938832680363884456641540497915440248468759706550639924866379591404304501009876129733453810653383380691467000199986316814509832670

e = e1*e2

e = 104481

解法一:(这种做法有点不稳,有些题目做不出?)

题目给了两个c、两个e和n,推测为共模攻击,但e1和e2给的是乘积,根据共模攻击的要求,e1和e2互质,且需要是整除,可通过脚本爆破:

from gmpy2 import *
from Crypto.Util.number import *

n=23723414709663043409146354803167768676484239031400646854344921581190842455020298542679503185959169237351051283957808491272176607589972102017725217000980459409011765777305036376238334392654701713028578404550441412521528096494483705166107924141060306111730935285286442299028811733353145813755051318853095870353494707151967367912118298118285822794149957221321943818652577443815883589657620731416673718056733736043424734846424920674873434253469199349509358967749850577159394268891674156450757240830233448999712357318363199170045863588924264511829817509100474166090712813299549787004962346680319872798058231188915628383591
c1=19054912774147628727553917598318536324166149639543661440938862373325472740612249436160410830877486186040052106255634085434218097705885466041251507988011368642912696888436661688751400979996939440386005462275597837891144799805829564596722747856176178371417553527156064062175120040399642658034642303212443343190336774432678439552199370842494606152369382835846688899438806677242794145486160825601378269966409132805334341258559358175137602547810978801876853296509228350723466401954436323165165393596214066597752251797884080416877041663915509051711571979131521014273115893792023266190735124851850698647470042538070138972920
c2=4490538789057573761504993536020749252128430743130655544771616036039597648387562955542457059064263092943953642271064630845544109444089794366487650060454509019455549834788373801758638846202744776342542046709631245793895398748825742566870869785973680707337905651332408048050432199901437246930344414459178264677544957506430818815995656423679626408760273187218494529527907212920442401843942300205444207127386748755283120742011676190160487038975352496744040261653217263840760717217725774971768938832680363884456641540497915440248468759706550639924866379591404304501009876129733453810653383380691467000199986316814509832670
e= 104481
e1e2 = e

for e1 in range(2,e):
    e2=e//e1
    if( e%e1==0 and gcd(e1, e2)==1):
        s = gcdext(e1, e2)  # gmpy2.gcdext(),扩展欧几里得算法,返回tuple元组,满足s[1]*e1+s[2]*e2=1
        m = pow(c1, s[1], n) * pow(c2, s[2], n) % n  # 获取明文m
        m = long_to_bytes(m)
        if(b"flag" in m):
            print(m)

解法二:

参考文章:【密码学RSA】共模攻击原理详解_已知e1*e2的共模攻击题_rsa共模攻击原理-CSDN博客

n = 23723414709663043409146354803167768676484239031400646854344921581190842455020298542679503185959169237351051283957808491272176607589972102017725217000980459409011765777305036376238334392654701713028578404550441412521528096494483705166107924141060306111730935285286442299028811733353145813755051318853095870353494707151967367912118298118285822794149957221321943818652577443815883589657620731416673718056733736043424734846424920674873434253469199349509358967749850577159394268891674156450757240830233448999712357318363199170045863588924264511829817509100474166090712813299549787004962346680319872798058231188915628383591
c1 = 19054912774147628727553917598318536324166149639543661440938862373325472740612249436160410830877486186040052106255634085434218097705885466041251507988011368642912696888436661688751400979996939440386005462275597837891144799805829564596722747856176178371417553527156064062175120040399642658034642303212443343190336774432678439552199370842494606152369382835846688899438806677242794145486160825601378269966409132805334341258559358175137602547810978801876853296509228350723466401954436323165165393596214066597752251797884080416877041663915509051711571979131521014273115893792023266190735124851850698647470042538070138972920
c2 = 4490538789057573761504993536020749252128430743130655544771616036039597648387562955542457059064263092943953642271064630845544109444089794366487650060454509019455549834788373801758638846202744776342542046709631245793895398748825742566870869785973680707337905651332408048050432199901437246930344414459178264677544957506430818815995656423679626408760273187218494529527907212920442401843942300205444207127386748755283120742011676190160487038975352496744040261653217263840760717217725774971768938832680363884456641540497915440248468759706550639924866379591404304501009876129733453810653383380691467000199986316814509832670
e1e2 = 104481

import libnum
import gmpy2

def rsa_gongmo_def(e1,e2,c1,c2,n):
    s,s1,s2 = gmpy2.gcdext(e1, e2)
    m = (pow(c1,s1,n) * pow(c2 ,s2 ,n)) % n
    return int(m)


def de(c, e, n):  # 因为此时的m不是真正的m,而是m^k,所以对m^k进行爆破
    k = 0
    while k < 1000:  # 指定k小于1000
        mk = c + n * k
        flag, true1 = gmpy2.iroot(mk, e)  # 返回的第一个数值为开方数,第二个数值为布尔型,可整除为true
        if True == true1:
            return flag
        k += 1

for e1 in range(2, e1e2):
    if e1e2 % e1 == 0:  # 爆破可整除的e
        e2 = e1e2 // e1
        c = rsa_gongmo_def(e1, e2, c1, c2, n)
        e = gmpy2.gcd(e1, e2)
        m1 = de(c, e, n)
        if m1:  # 指定输出m1
            print(libnum.n2s(int(m1)))

weixin_59841460
关注
Crypto总结
qq_46148060的博客
03-23 489
1.MD5 打开后下载题目会出现题目.txt文本文件,打开后出现一行数字和字母,然后用MD5解工具,就可以解出密码。 按要求提交就可以pass。 2.看我回旋踢 下载后是这样的:synt{5pq1004q-86n5-46q8-o720-oro5on0417r1},看格式像是凯撒密码,用解工具解码,经过13次解码就可以得到答案,f与s之间有12个单词,也可以从12开始尝试,解码后得到flag。 ...
实验吧Crypto题目Writeup
weixin_33817333的博客
09-08 231
这大概是一篇不怎么更新的没什么用的网上已经有了很多差不多的东西的博客。 变异凯撒 忘记了2333 传统知识+古典密码 先查百度百科,把年份变成数字,然后猜测+甲子的意思,一开始以为是加1,后来意识到是因为六十年一甲子,所以应该+60,于是对前面的所有数字加60,然后接栅栏,得到flag try them all 以现有的能力自己解这有点费劲,多番尝试之后发现某个SOMD5网站是可以把...
一些Crypto的基础
lllwky的博客
04-05 3298
文章目录前言一:一眼就解密 base64 SElTX1NUUklOR30=二:看我回旋踢 synt{:凯撒密码三:password四:变异凯撒 ASCII五:Quoted-printable =E9=82=A3六 Rabbit加密 U2FsdGVkX1/七:篱笆墙的影子:栅栏加密八:RSA九:丢失的MD5 unicode十:Alice与Bob素数分解 使用yafu工具,md5十一:rsarsa十二:凯撒大帝十三:windows系统密码 md5加密 :::十四:信息化时代下的步伐 数字转中文十五:传统知识+
算法还原 - CTF 》Crypto篇 十
u014643814的博客
09-10 1722
观察最后的AA,联想到base64编码最后常出现的==,A的ASCII码值为65,=的ASCII的码值为61,分析可能是base64编码做了偏移,尝试将密文所有字符的ASCII码值-4,然后再做base64解码。遍历密文字符串的每个字符,获取它的ascii码值,-4之后转化为新的ASCII字符,拼接转化的字符之后获得还原的base64字符串,然后再做base64解密。这里的4就相当于凯撒密码的密钥。2的七次方为128,每组转换十进制数都减去128寓意二进制去掉了最高位的1。看一下上面这串字符,也是乱序的~
Wechall刷(三)Crypto - Transposition I//The Beginning//hi
leeham的博客
08-17 2278
Crypto - Transposition I//The Beginning//hi
commons-crypto-1.0.0-API文档-中文版.zip
05-02
赠送jar包:commons-crypto-1.0.0.jar; 赠送原API文档:commons-crypto-1.0.0-javadoc.jar; 赠送源代码:commons-crypto-1.0.0-sources.jar; 赠送Maven依赖信息文件:commons-crypto-1.0.0.pom; 包含翻译后的API...
crypto-js-4.0.0.tar.gz
07-20
《深入理解crypto-js 4.0.0:加密与安全的基石》 在现代网络环境中,数据的安全传输和存储已经成为至关重要的议crypto-js作为一款强大的JavaScript加密库,为开发者提供了丰富的加密算法和功能,使得在浏览器端...
crypto-js4.1.1版本,js在crypto-js文件夹里面
03-10
《深入理解crypto-js4.1.1:JavaScript加密库在前端安全中的应用》 在现代Web开发中,数据安全已经成为至关重要的环节。特别是在JavaScript环境中,由于其代码的开放性,如何保护用户信息不被窃取或篡改成为了一个...
spring-security-crypto-5.6.1-API文档-中文版.zip
05-04
赠送jar包:spring-security-crypto-5.6.1.jar; 赠送原API文档:spring-security-crypto-5.6.1-javadoc.jar; 赠送源代码:spring-security-crypto-5.6.1-sources.jar; 赠送Maven依赖信息文件:spring-security-...
crypto-js.4.0.0
01-15
此资源为构建好的crypto-js.4.0.0版本,下载后可直接使用Script标签引入所需加密算法。支持:MD5 SHA-1 SHA-256 AES Rabbit MARC4 HMAC HMAC-MD5 HMAC-SHA等算法
BUU-CRYPTO1密码学小白 25道入门 详细解思路
晓寒的博客
07-07 6733
文章目录MD5题目思路flagUrl编码题目思路flag知识点一眼就解密(base64)题目思路flag看我回旋踢(凯撒密码)题目思路flag摩丝(Morse密码)题目思路flagpassword题目思路flag变异凯撒题目思路flagQuoted-printable题目思路flag知识点Rabbit题目思路flag知识点篱笆墙的影子(栅栏密码)题目思路flag丢失的MD5(还原大师)题目思路flagAlice与Bob(大模数分解)题目思路flag优化代码大帝
攻防世界crypto高阶题目
weixin_51216636的博客
10-29 747
1.Broadcast 粗心的Alice在制作密码的时候,把明文留下来,聪明的你能快速找出来吗? flag{fa0f8335-ae80-448e-a329-6fb69048aae4} 2.cr3-what-is-this-encryption Fady同学以为你是菜鸟,不怕你看到他发的东西。他以明文形式将下面这些东西发给了他的朋友 p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78e
攻防世界题目练习——Crypto密码新手,2024年最新数据结构与算法面试
2401_84263434的博客
04-11 1094
本人从事网路安全工作12年,曾在2个大厂工作过,安全服务、售后服务、售前、攻防比赛、安全讲师、销售经理等职位都做过,对这个行业了解比较全面。最近遍览了各种网络安全类的文章,内容参差不齐,其中不伐有大佬倾力教学,也有各种不良机构浑水摸鱼,在收到几条私信,发现大家对一套完整的系统的网络安全从学习路线到学习资料,甚至是工具有着不小的需求。最后,我将这部分内容融会贯通成了一套282G的网络安全资料包,所有类目条理清晰,知识点层层递进,需要的小伙伴可以点击下方小卡片领取哦!
bugku web/crypto 系列题目思路总结(三)
yukinorong的博客
08-07 641
bugku 告诉你一个秘密 参考博文:https://www.jianshu.com/p/3cacf1dd479c 需要了解base64编码特征才能想到。 利用键盘位置做密码很巧妙。 bugku 这不是md5 确实不是md5,十六进制字符串直接转字符即可。 bugku 贝斯家族 base编码系列除了64之外还有16 32 36 58 62 91等。后面的数字为用于编码的种类,数字越大,一般来讲编码...
强网杯部分Crypto
Risker
03-26 4074
周末打了两天强网杯,被大佬虐成狗,web狗做不出来去搞密码.... 爆出三道密码解如下:题目名称:streamgame1操作:分析下载的压缩包,给了一个python脚本和key,key值16进制打开是12个数,脚本里是用flag值和mask等进行一系列加密算法,最终得到12个key文件里的数,而且flag内容为19位的二进制数字,即2^19种可能。所以写脚本爆破,每次按照给出的算法计算出12...
ctf-crypto
xiaohajunsky的博客
11-03 2503
1.字母映射密码,每个字母对应随机的一个字母,所有的字母共有26!种排列方式,因此暴力破解是十分不可靠的。 由于英文中每个字母出现的频率是不同的,所以可以根据字母出现的频率进行分析,基于频率的替换字母 2.CRC32还原压缩(试用于小文件的解压缩,可能有碰撞) 文件在压缩之后会产生一个crc32校验值(文件夹除外),打开压缩文件可见,如果文件长度很短,可以用枚举的方式进行破解,试用pyt
Ctfshow Crypto
weixin_63231007的博客
07-19 4802
[ctfshow] Crypto一栏古典密码以及RSA各类
2023天一永安杯rsa复盘
arcuied
05-23 317
2023天一永安杯rsa复盘
NSSCTF Round11 Crypto
qq_41626232的博客
04-08 1137
难度:basic。
npm install crypto-js --save-dev
最新发布
08-18
`npm install crypto-js --save-dev` 是一个命令行操作,用于Node.js项目中安装名为 `crypto-js` 的开发依赖包。`crypto-js` 是一个JavaScript实现的加密库,常用于处理各种密码学算法。 这个命令分两部分理解: 1. **npm install**: 这是Node Package Manager (npm) 的常用命令,用于安装包到你的项目中。`install` 操作会下载并添加包到项目的 `package.json` 文件的 `dependencies` 或 `devDependencies` 节点(取决于 `--save` 或 `--save-dev`)。 2. **crypto-js**: 是要安装的具体包名。 3. **--save** 或 **--save-dev**: 分别表示将此包作为生产依赖(`dependencies`)或开发依赖(`devDependencies`)添加。生产依赖通常会被打包并在生产环境中运行,而开发依赖主要用于开发环境中的工具和测试。 执行这个命令后,你的项目文件夹内会多出一个 `node_modules` 目录,其中包含了 `crypto-js` 的代码,以及 `package.json` 中记录了对它的依赖关系。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值