密码第十三周

已于 2023-05-19 18:02:58 修改
阅读量658 收藏 1
点赞数
文章标签: 网络安全
于 2023-05-18 22:54:04 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yy_1111618/article/details/130689880
版权

题目

[LitCTF 2023]原来你也玩原神 (初级)

提示:提瓦特现行文字对照表

题目


最后一排
LITCTF{YUANLAINIYEWANYUANSHENWWW}

[LitCTF 2023]梦想是红色的 (初级)

自由友善公正公正敬业法治自由自由和谐平等自由自由公正法治诚信民主诚信自由自由诚信民主爱国友善平等诚信富强友善爱国自由诚信民主敬业爱国诚信民主友善爱国平等爱国爱国敬业敬业友善爱国公正敬业爱国敬业和谐文明诚信文明友善爱国自由诚信民主爱国爱国诚信和谐友善爱国自由友善平等爱国友善平等友善自由诚信自由平等爱国爱国敬业敬业友善爱国敬业敬业友善自由友善平等诚信自由法治诚信和谐

社会主义核心价值观编码
http://www.hiencode.com/cvencode.html
LitCTF{为之则易,不为则难}

[LitCTF 2023]Hex?Hex!(初级)

4c69744354467b746169313131636f6f6c6c616161217d

https://the-x.cn/encodings/Hex.aspx

LitCTF{tai111coollaaa!}

[LitCTF 2023]你是我的关键词(Keyworld) (初级)

IFRURC{X0S_YP3_JX_HBXV0PA}

本来以为是base,但是看到了{}和_,那么就不是base了

关键词加密(关键词是you)
对照表
a b c d e f g h i j k l m n o p q r s t u v w x y z
y o u a b c d e f g h i j k l m n p q r s t v w x z

http://www.hiencode.com/keyword.html

LITCTF{Y0U_AR3_MY_KEYW0RD}

[LitCTF 2023]家人们!谁懂啊,RSA签到都不会 (初级)

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
e = 65537
n = p*q
c = pow(m,e,n)
print(f'p = {p}')
print(f'q = {q}')
print(f'c = {c}')
'''
p = 12567387145159119014524309071236701639759988903138784984758783651292440613056150667165602473478042486784826835732833001151645545259394365039352263846276073
q = 12716692565364681652614824033831497167911028027478195947187437474380470205859949692107216740030921664273595734808349540612759651241456765149114895216695451
c = 108691165922055382844520116328228845767222921196922506468663428855093343772017986225285637996980678749662049989519029385165514816621011058462841314243727826941569954125384522233795629521155389745713798246071907492365062512521474965012924607857440577856404307124237116387085337087671914959900909379028727767057
'''

基础的RSA

LitCTF{it_is_easy_to_solve_question_when_you_know_p_and_q}

[LitCTF 2023]Is this only base?

SWZxWl=F=DQef0hlEiSUIVh9ESCcMFS9NF2NXFzM
今年是本世纪的第23年呢

https://ctf.mzy0.com/CyberChef3/


有点雏形了,接下来可能还有一个移位密码
凯撒
http://moersima.00cha.net/kaisamima.asp
偏移量:23
LitCTF{LeT_Us_H4V3_fU0!!!}

[LitCTF 2023]yafu (中级)

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
n  = 1
for i in range(15):
    n *=getPrime(32)
e = 65537
c = pow(m,e,n)
print(f'n = {n}')
print(f'c = {c}')
'''
n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
c = 12608550100856399369399391849907846147170257754920996952259023159548789970041433744454761458030776176806265496305629236559551086998780836655717
'''

经过yafu分解

.\yafu-x64.exe “factor(15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307)
P10 = 2201440207
P10 = 2719600579
P10 = 3354884521
P10 = 4171911923
P10 = 2923522073
P10 = 3355651511
P10 = 2906576131
P10 = 2151018733
P10 = 4044505687
P10 = 2758708999
P10 = 2315495107
P10 = 2585574697
P10 = 3989697563
P10 = 4021078331
P10 = 2767137487

exp

import gmpy2
from Crypto.Util.number import long_to_bytes

n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
c = 12608550100856399369399391849907846147170257754920996952259023159548789970041433744454761458030776176806265496305629236559551086998780836655717
e = 65537
P1 = 2201440207
P2 = 2719600579
P3 = 3354884521
P4 = 4171911923
P5 = 2923522073
P6 = 3355651511
P7 = 2906576131
P8 = 2151018733
P9 = 4044505687
P10 = 2758708999
P11 = 2315495107
P12 = 2585574697
P13 = 3989697563
P14 = 4021078331
P15 = 2767137487

phi=(P1-1)*(P2-1)*(P3-1)*(P4-1)*(P5-1)*(P6-1)*(P7-1)*(P8-1)*(P9-1)*(P10-1)*(P11-1)*(P12-1)*(P13-1)*(P14-1)*(P15-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))

LitCTF{Mu1tiple_3m4ll_prim5_fac7ors_@re_uns4f5}

[LitCTF 2023]factordb (中级)

e = 65537
n = 87924348264132406875276140514499937145050893665602592992418171647042491658461
c = 87677652386897749300638591365341016390128692783949277305987828177045932576708

factordb

import gmpy2
from Crypto.Util.number import long_to_bytes

e = 65537
n = 87924348264132406875276140514499937145050893665602592992418171647042491658461
c = 87677652386897749300638591365341016390128692783949277305987828177045932576708
p = 275127860351348928173285174381581152299
q = 319576316814478949870590164193048041239

phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))

LitCTF{factordb!!!}

[LitCTF 2023]md5的破解

from Crypto.Util.number import *
from hashlib import md5
from secret import flag

#flag全是由小写字母及数字组成
m=md5(flag).hexdigest()
print(flag[:13]+flag[15:18]+flag[19:34]+flag[35:38])
print(m)
# b'LitCTF{md5can3derypt213thoughcrsh}'
# 496603d6953a15846cd7cc476f146771

哈希,单向
exp

import string
import hashlib
dic = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_}{'
for i in dic:
    for j in dic:
        for k in dic:
            for l in dic:
              s = 'LitCTF{md5can'+i+j+'3de'+k+'rypt213thoughcr'+l+'sh}'
              print(s)
              if hashlib.md5(s.encode('utf-8')).hexdigest() == '496603d6953a15846cd7cc476f146771':
                 print("Find it: "+s)
                 exit(0)

LitCTF{md5can123dexrypt213thoughcrpsh}

[LitCTF 2023]P_Leak

dp泄露

from Crypto.Util.number import *
e=65537
m=bytes_to_long(b'xxxx')
p=getPrime(512)
q=getPrime(512)
n=p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
dp=d%(p-1)
c=pow(m,e,n)
print("dp=",dp)
print("n=",n)
print("c=",c)
#dp= 5892502924236878675675338970704766304539618343869489297045857272605067962848952532606770917225218534430490745895652561015493032055636004130931491316020329
#n= 50612159190225619689404794427464916374543237300894011803225784470008992781409447214236779975896311093686413491163221778479739252804271270231391599602217675895446538524670610623369953168412236472302812808639218392319634397138871387898452935081756580084070333246950840091192420542761507705395568904875746222477
#c= 39257649468514605476432946851710016346016992413796229928386230062780829495844059368939749930876895443279723032641876662714088329296631207594999580050131450251288839714711436117326769029649419789323982613380617840218087161435260837263996287628129307328857086987521821533565738409794866606381789730458247531619

套个脚本

import gmpy2
import libnum
e = 65537
dp= 5892502924236878675675338970704766304539618343869489297045857272605067962848952532606770917225218534430490745895652561015493032055636004130931491316020329
n= 50612159190225619689404794427464916374543237300894011803225784470008992781409447214236779975896311093686413491163221778479739252804271270231391599602217675895446538524670610623369953168412236472302812808639218392319634397138871387898452935081756580084070333246950840091192420542761507705395568904875746222477
c= 39257649468514605476432946851710016346016992413796229928386230062780829495844059368939749930876895443279723032641876662714088329296631207594999580050131450251288839714711436117326769029649419789323982613380617840218087161435260837263996287628129307328857086987521821533565738409794866606381789730458247531619
#遍历,爆破出p
#dp*e-1=(p-1)*[k2*(q-1)-k1]
#i=[k2*(q-1)-k1]
for i in range(1,65535):
    p=(dp*e-1)//i+1
    if n%p==0:
        q=n//p
        break
#print(p)
#print(q)
phi_n= (p-1)*(q-1)
d=gmpy2.invert(e,phi_n)
m=pow(c,d,n)
print(m)
flag=libnum.n2s(int(m)).decode()
print(flag)

LitCTF{Prim3_1s_Le@k!!!}

再看看之前dp泄露的推导

[LitCTF 2023]e的学问

e和phi不互素

from Crypto.Util.number import *
m=bytes_to_long(b'xxxxxx')
p=getPrime(256)
q=getPrime(256)
e=74
n=p*q
c=pow(m,e,n)
print("p=",p)
print("q=",q)
print("c=",c)
#p= 86053582917386343422567174764040471033234388106968488834872953625339458483149
#q= 72031998384560188060716696553519973198388628004850270102102972862328770104493
#c= 3939634105073614197573473825268995321781553470182462454724181094897309933627076266632153551522332244941496491385911139566998817961371516587764621395810123


LitCTF{e_1s_n0t_@_Prime}

exp

import gmpy2
from Crypto.Util.number import *

# 当e约去公约数后与phi互素
def decrypt(p, q, e, c):
    n = p * q
    phi = (p - 1) * (q - 1)
    t = gmpy2.gcd(e, phi)
    d = gmpy2.invert(e // t, phi)
    m = pow(c, d, n)
    print(m)
    msg = gmpy2.iroot(m, t)
    print(msg)
    if msg[1]:
        print(long_to_bytes(msg[0]))
e=74
p= 86053582917386343422567174764040471033234388106968488834872953625339458483149
q= 72031998384560188060716696553519973198388628004850270102102972862328770104493
c= 3939634105073614197573473825268995321781553470182462454724181094897309933627076266632153551522332244941496491385911139566998817961371516587764621395810123

decrypt(p, q, e, c)

记录一个疑惑:为啥几周前做的HD CTF2023_normal rsa中所用的方法时灵时不灵???

[LitCTF 2023]easy_math (中级)

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
e = 65537
p = getPrime(512)
q = getPrime(128)
n = p*q
hint = p**3-q**5
c = pow(m,e,n)
print(f'n = {n}')
print(f'c = {c}')
print(f'hint = {hint}')
'''
n = 2230791374046346835775433548641067593691369485828070649075162141394476183565187654365131822111419512477883295758461313983481545182887415447403634720326639070667688614534290859200753589300443797
c = 2168563038335029902089976057856861885635845445863841607485310134441400500612435296818745930370268060353437465666224400129105788787423156958336380480503762222278722770240792709450637433509537280
hint = 392490868359411675557103683163021977774935163924606169241731307258226973701652855448542714274348304997416149742779376023311152228735117186027560227613656229190807480010615064372521942836446425717660375242197759811804760170129768647414717571386950790115746414735411766002368288743086845078803312201707960465419405926186622999423245762570917629351110970429987377475979058821154568001902541710817731089463915930932142007312230897818177067675996751110894377356758932
'''

在这道题中可以尝试解方程求得p,q

exp

import gmpy2
import sympy as sp
from Crypto.Util.number import long_to_bytes

# 定义符号变量p,q
p, q = sp.symbols('p q')

# 定义方程组
y1 = 392490868359411675557103683163021977774935163924606169241731307258226973701652855448542714274348304997416149742779376023311152228735117186027560227613656229190807480010615064372521942836446425717660375242197759811804760170129768647414717571386950790115746414735411766002368288743086845078803312201707960465419405926186622999423245762570917629351110970429987377475979058821154568001902541710817731089463915930932142007312230897818177067675996751110894377356758932
y2 = 2230791374046346835775433548641067593691369485828070649075162141394476183565187654365131822111419512477883295758461313983481545182887415447403634720326639070667688614534290859200753589300443797
eq1 = p**3 - q**5 - y1
eq2 = p * q - y2

# 求解方程组
sol = sp.solve((eq1, eq2), (p, q))
print(sol)

# 解题
e = 65537
n = 2230791374046346835775433548641067593691369485828070649075162141394476183565187654365131822111419512477883295758461313983481545182887415447403634720326639070667688614534290859200753589300443797
c = 2168563038335029902089976057856861885635845445863841607485310134441400500612435296818745930370268060353437465666224400129105788787423156958336380480503762222278722770240792709450637433509537280
p = 7321664971326604351487965655099805117568571010588695608389113791312918573783115429227542573780838065461696504325762281209452761930184231131129306271846427
q = 304683618109085947723284393392507415311
d = gmpy2.invert(e, (p - 1) * (q - 1))
m = pow(c, d, n)
print(long_to_bytes(m))

LitCTF{f9fab7522253e44b48824e914d0801ba}

[LitCTF 2023]Virginia

Ysexj lrk rzmkses os wilj hhks joa rtsy xzmktye yt xuim ehgy joa ofsz blnz yz pohv tnjx fxtx yuzc dxjlmy fyd nzr tnjx fuw cegq! Orkfx wnfe yuz haty eo jwpas;lz wnjce etf wgse tu lz;bk bsaz dzu cfyt zt me,hjnaaxp yuz sabj znrd znk qtfk fyd usp cnfyck yz du fwl zmp tnnygy dzu cfyt zt oo.Sfj yuz sabj pnuzrh nfapospsy yz mgpp yuz dwkje,ettfgn ycigqd tu rlkk dzu yycotl,pnuzrh ytcrub eo qjpp etf harln,kszumm sovj eo sfve etf hguay? Gqhaex auz dzuxxpll ny ozmpry’xsokx.Tf etf fkjw tnfe iz mfrzx joa,ne pxtmahqj hawes zmp ozmpr vjcsus, eou.Yse nfapojdt uk aeuuwe jty’t tjneyxlroqj hgap tnj meyy zf kapreysitl;ehkd uuyy xaqj ehk rzsz tq ebjcyzmtnm ysaz hzmkx llusr tnjtr cfj.Hguaitjds rnps ltc tntde cmz cxd,ehuxp wnt suxy, ehuxp wnt sabj degwnhki,lnj ysoyj hhu mlvk yciki,qox tyle ysee hln guarkhtazj ehk nxpuweathp ol upovqp,wnt sabj eoahsej yseow wibjd.Luap bkltny bttn f dmoqp,gxths cneh g ptsy fyd ksos cneh g ypax.Yse hwtgnypsz kftawp woqw arblyy gp bgxpd us l fuwrozypn vfdt, etf cgs’e gu ty wkqw it qtfkzytoq joa qpt mt zf etfr vfdt lftlawps gso hkfctghsey.Bset dzu cjce htcn,etf wkwp cxdtnm fyd kapretye gwzuti joa bls yrtlosr.Loap yuzc lokp su ysaz bset dzu jnp,yuz'ce zmp otj hhu nd ssnwitl lnj jgexdznk fcoaso yuz ts iwjitl.
Uwegxp skso tnnd mkxdamj eo zmzsk upovqp wnt xegs dosjehosr tu dzu,zt ehuxp wnt sabj eoahsej dzux qtfk ny otj hae tc attehkw,eo zmzsk bso sfve etf ssnwe cmpn etf rkfwle spej ne,tu ysoyj ehgy xaqj joa xpe zmp bxnrhzjc soip ol ysitld wnjy yuz lrk wparqj duby,tu ysoyj hhu dzu cfyt zt wez yses pyoc ysaz dzu guarkhtazj ehknc fxnpnjxsiv.Fyd ok joa izn’z, izn’z bzrxd,yozmtnm gld cnwl nfapks eo etf,yuz hirq uuyy xiyx zuz ty tnj zpvtctastte yz bxnrhzjy surpotj’d dgd hizm ehox xeyxlgk.Rj pgxdwuwo iy szt g wpgaqlr Ifpsgw aayxhoxi,lnj yse ksn frfr=[86, 116, 128, 80, 98, 85, 139, 122, 134, 114, 125, 136, 117, 123, 129, 127, 128, 128, 142, 130, 140, 147, 127, 132, 131, 136, 151, 134, 152, 164] -Cgjdax

根据题目,维吉尼亚密码,未知密钥
https://www.guballa.de/vigenere-solver

My password is not a regular Caesar password,and the enc flag=[86, 116, 128, 80, 98, 85, 139, 122, 134, 114, 125, 136, 117, 123, 129, 127, 128, 128, 142, 130, 140, 147, 127, 132, 131, 136, 151, 134, 152, 164] -Caesar

凯撒密码变异
找一找变异的偏移量改变规律


已知LitCTF—>76,105,116,67,84,70
在变异的表中86, 116, 128, 80, 98, 85
依次变化10,11,12,13,14,15
依次+1

a=[86, 116, 128, 80, 98, 85, 139, 122, 134, 114, 125, 136, 117, 123, 129, 127, 128, 128, 142, 130, 140, 147, 127, 132, 131, 136, 151, 134, 152, 164]
b=''
for i in range(30):
    b=b+chr((a[i]-10-i))
print(b)

[LitCTF 2023]The same common divisor

from Crypto.Util.number import *
m=bytes_to_long(b'xxxxxx')
e=65537
p=getPrime(1024)
q1=getPrime(1024)
q2=getPrime(1024)
n1=p*q1
n2=p*q2
c1=pow(m,e,n1)
c2=pow(m,e,n2)
n3=n1^n2
print('n1=',n1)
print('n3=',n3)
print('c1=',c1)
print('c2=',c2)
# n1= 9852079772293301283705208653824307027320071498525390578148444258198605733768947108049676831872672654449631852459503049139275329796717506126689710613873813880735666507857022786447784753088176997374711523987152412069255685005264853118880922539048290400078105858759506186417678959028622484823376958194324034590514104266608644398160457382895380141070373685334979803658172378382884352616985632157233900719194944197689860219335238499593658894630966428723660931647038577670614850305719449893199713589368780231046895222526070730152875112477675102652862254926169713030701937231206405968412044029177246460558028793385980934233
# n3= 4940268030889181135441311597961813780480775970170156650560367030148383674257975796516865571557828263935532335958510269356443566533284856608454193676600884849913964971291145182724888816164723930966472329604608512023988191536173112847915884014445539739070437180314205284883149421228744714989392788108329929896637182055266508625177260492776962915873036873839946591259443753924970795669864031580632650140641456386202636466624658715315856453572441182758855085077441336516178544978457053552156714181607801760605521338788424464551796638531143900048375037218585999440622490119344971822707261432953755569507740550277088437182
# c1= 7066425618980522033304943700150361912772559890076173881522840300333719222157667104461410726444725540513601550570478331917063911791020088865705346188662290524599499769112250751103647749860198318955619903728724860941709527724500004142950768744200491448875522031555564384426372047270359602780292587644737898593450148108629904854675417943165292922990980758572264063039172969633878015560735737699147707712154627358077477591293746136250207139049702201052305840453700782016480965369600667516646007546442708862429431724013679189842300429421340122052682391471347471758814138218632022564279296594279507382548264409296929401260
# c2= 854668035897095127498890630660344701894030345838998465420605524714323454298819946231147930930739944351187708040037822108105697983018529921300277486094149269105712677374751164879455815185393395371001495146490416978221501351569800028842842393448555836910486037183218754013655794027528039329299851644787006463456162952383099752894635657833907958930587328480492546831654755627949756658554724024525108575961076341962292900510328611128404001877137799465932130220386963518903892403159969133882215092783063943679288192557384595152566356483424061922742307738886179947575613661171671781544283180451958232826666741028590085269

根据异或的可逆性可以得到n2,已知n1,n2,求公因数可得p,接下来是个基础的RSA

exp

import gmpy2
from Crypto.Util.number import long_to_bytes
e= 65537
n1= 9852079772293301283705208653824307027320071498525390578148444258198605733768947108049676831872672654449631852459503049139275329796717506126689710613873813880735666507857022786447784753088176997374711523987152412069255685005264853118880922539048290400078105858759506186417678959028622484823376958194324034590514104266608644398160457382895380141070373685334979803658172378382884352616985632157233900719194944197689860219335238499593658894630966428723660931647038577670614850305719449893199713589368780231046895222526070730152875112477675102652862254926169713030701937231206405968412044029177246460558028793385980934233
n3= 4940268030889181135441311597961813780480775970170156650560367030148383674257975796516865571557828263935532335958510269356443566533284856608454193676600884849913964971291145182724888816164723930966472329604608512023988191536173112847915884014445539739070437180314205284883149421228744714989392788108329929896637182055266508625177260492776962915873036873839946591259443753924970795669864031580632650140641456386202636466624658715315856453572441182758855085077441336516178544978457053552156714181607801760605521338788424464551796638531143900048375037218585999440622490119344971822707261432953755569507740550277088437182
c1= 7066425618980522033304943700150361912772559890076173881522840300333719222157667104461410726444725540513601550570478331917063911791020088865705346188662290524599499769112250751103647749860198318955619903728724860941709527724500004142950768744200491448875522031555564384426372047270359602780292587644737898593450148108629904854675417943165292922990980758572264063039172969633878015560735737699147707712154627358077477591293746136250207139049702201052305840453700782016480965369600667516646007546442708862429431724013679189842300429421340122052682391471347471758814138218632022564279296594279507382548264409296929401260
c2= 854668035897095127498890630660344701894030345838998465420605524714323454298819946231147930930739944351187708040037822108105697983018529921300277486094149269105712677374751164879455815185393395371001495146490416978221501351569800028842842393448555836910486037183218754013655794027528039329299851644787006463456162952383099752894635657833907958930587328480492546831654755627949756658554724024525108575961076341962292900510328611128404001877137799465932130220386963518903892403159969133882215092783063943679288192557384595152566356483424061922742307738886179947575613661171671781544283180451958232826666741028590085269
n2=n1^n3
print(n2)
p=gmpy2.gcd(n1,n2)
print(p)
q=n1//p
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c1,d,n1)
print(long_to_bytes (m))

[LitCTF 2023]404notfound (初级)

图片隐写

[LitCTF 2023]babyLCG

LCG

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
bit_len = m.bit_length()
a = getPrime(bit_len)
b = getPrime(bit_len)
p = getPrime(bit_len+1)

seed = m
result = []
for i in range(10):
    seed = (a*seed+b)%p
    result.append(seed)
print(result)
"""
result = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878, 193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390, 1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943, 659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506, 111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829, 1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909, 655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698, 1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851, 492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509, 70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]
"""

exp

import sympy
import libnum
import contextlib


def lcg_get_m(output):
    t = [output[i] - output[i - 1] for i in range(1, len(output))]
    return [int(sympy.gcd(t[i + 3] * t[i + 1] - t[i + 2] * t[i + 2], t[i + 2] * t[i] - t[i + 1] * t[i + 1])) for i in
            range(len(t) - 3)]


def lcg_get_a(output, m):
    lis = []
    with contextlib.suppress(Exception):
        lis.extend((output[i + 2] - output[1]) * int(sympy.mod_inverse((output[i + 1] - output[i]), m)) % m for i in
                   range(len(output) - 2))
    return lis


def lcg_get_b(output, a, m):
    return [(output[i] - a * output[i - 1]) % m for i in range(1, len(output))]


def lcg_get_seed(output, a, b, m):
    with contextlib.suppress(Exception):
        a_inv = int(sympy.mod_inverse(a, m))
        return a_inv * (output[0] - b) % m


def lcg_solver(output, isPrint=True, isSet=False):
    lis = []
    for m in lcg_get_m(output):
        for a in lcg_get_a(output, m):
            for b in lcg_get_b(output, a, m):
                if (seed := lcg_get_seed(output, a, b, m)):
                    lis.append(seed)

    if isSet:
        lis = list(set(lis))

    if isPrint:
        for seed in lis:
            print(libnum.n2s(seed))
    return lis


if __name__ == '__main__':
    # output = [69676071514199964129368494511049773706185789519381885090989836826032423348931601761005255484444660094, 63031206989830671133688676504767396390656004885395484175664501826753686622909142758317354395992301026, 10982611756211554291222567868588733322082261620905115629089850311461024570081479382334755302093076626, 57593354371133571326881703280620102147253648139230630688131873856129105654575862207035367081838844484, 47619980490914264678052844656879066638030284466312631649629134306776942962249639156106765582151143844, 58789571370633161248337888914950971131623915440268354523313877777336488371785773275506162258821825516, 109481456137357201661490538198304522268006931099085677213764961347749368305449034788701532872386412243, 19307804703479426044115964742461201656670909298595515226324824508728816047217841799764422041962083267, 93700801968408201834162526077717334683725582703626747502836611244942102316238114344746715776427713387, 87095688282213954059983741940081650190732077925687511841367934545528486899471711188785929150582606959]
    output = [699175025435513913222265085178805479192132631113784770123757454808149151697608216361550466652878, 193316257467202036043918706856603526262215679149886976392930192639917920593706895122296071643390, 1624937780477561769577140419364339298985292198464188802403816662221142156714021229977403603922943, 659236391930254891621938248429619132720452597526316230221895367798170380093631947248925278766506, 111407194162820942281872438978366964960570302720229611594374532025973998885554449685055172110829, 1415787594624585063605356859393351333923892058922987749824214311091742328340293435914830175796909, 655057648553921580727111809001898496375489870757705297406250204329094679858718932270475755075698, 1683427135823894785654993254138434580152093609545092045940376086714124324274044014654085676620851, 492953986125248558013838257810313149490245209968714980288031443714890115686764222999717055064509, 70048773361068060773257074705619791938224397526269544533030294499007242937089146507674570192265]
    lcg_solver(output, isPrint=True, isSet=False)

脚本来源:https://github.com/Byxs20/CTF_Script/blob/main/LCG/main.py

rookie一号机
关注
Java第十三心得体会
Her4c的博客
05-05 251
1.本思维导图 点击查看详情 2.个人总结 操作域 page域 <% //往pageContext域中存储了一个msg变量 pageContext.setAttribute("msg" ,"hello page msg"); %> <% //往pageContext域中存储了一个msg变量 Object msg = pageCont...
第十七教案--Web服务器的配置.doc
06-29
- **设置默认文档**:指定当用户访问网站根目录时,自动打开的第一个页面。 - **创建虚拟目录**:在物理路径与URL之间建立映射关系,使得外部用户可以通过不同的URL访问同一台服务器上的不同文件夹。 - **管理...
crypto-babyLCG(NPUCTF2020)
耐酸碱高温固化材料近距离传输研究
11-30 1532
显然如果要解密出flag明文那必须要反推出最初的seed参数,将后面产生的随机数全部复原。的原因是为了保持向量各个数值bit位保持一致(关于格密码基础概念推荐这篇。因为前20个随机数的高位是已知的,接下来思路是针对这个式子做变形。其中A,B均可通过a,b,h推出。现在将以上关系式写成矩阵形式。由于h均为已知,那么现在找到低位l递推的关系式,又因为。近期研究格密码过程中遇到的一个很好的题目,记录一下。则可以推出所有低位l与l1的关系式,简写为。构造lattice,最后一项取2。将s拆分为高位h和低位l变为。
LitCTF Crypto(除了ACM题目外)
Jasonxjyee的博客
05-15 289
LitCTF Crypto全解(除ACM)
LitCTF(2023)部分题解
最新发布
萌新一枚
09-22 1366
曾经一次ctf题解
NSS常刷密码(3)
arcuied
06-10 626
一开始以为是base92 base85之类的,这种题要知道flag的格式就比较好做,可以直接找找规律。很接近flag的格式,发现非字母对应的地方有点问题,考虑到题目说凯撒5号。查wp得知要过md5,这个当时的题应该有说的(然而也未必) 复现没这句话。这题应该也是当时给了第一句话让我们倒推key。(M+kr)**e 同余 c mod n。发现像盲文的东西只有三个字符来回出现。n1/n2 约等于 q1/q2。于是p3开三次得到p就行了。已知 n1/n2 = p1。梭出来的大小写有点问题。base64->键盘。
[山海关crypto 训练营 day11]
cxiaodi的博客
05-15 428
补题
收录CTF MISC方向中使用的在线工具网站
热门推荐
末初的CSDN博客
01-01 1万+
收录笔者在做misc题目时使用到的各种工具站或,持续更新.....建议收藏
第13作业.rar
11-11
很抱歉,由于提供的信息有限,我无法针对具体的“第13作业.rar”压缩包文件中的内容进行详细的IT知识解释。通常,这样的文件可能包含各种类型的资料,如文本、图像、代码、PDF文档等,而没有标签或其他详细信息,...
第13做题记录1
08-08
在第13的做题记录中,我们关注的是两个网络安全相关的挑战,它们涉及到Flask框架的应用以及SQL注入漏洞的利用。首先,我们来看第一个挑战——hacker101的bugdb v1和v3版本。 在bugdb v1中,挑战似乎相对简单,...
数据库系统概论第13学习攻略
07-12
### 数据库系统概论第13学习攻略 #### 数据库安全性 数据库安全性是数据库管理系统(DBMS)中的一个重要组成部分,其主要目标是保护数据库免受非法访问和恶意攻击。为了达到这一目的,数据库系统通常会采用多种...
[LitCTF 2023]Virginia(变异凯撒)
2302_80322812的博客
06-12 411
首先利用网站进行维吉尼亚解密(第一段和第二段密钥不同,两段无关,可只解密第二段)由此可以看出每一个以为都递增的移动,所以可以写个小脚本解码出来。由最后一句话知道不是常规的凯撒加密,联想到变异凯撒。比赛是litctf故开头应该是litctf{...}解码的第一个是86而L对应的是76,退了10。第二个是116而i对应的是105,退了11。第三是128而t对应的是116,退了12。
[LitCTF 2023]———密码学部分题解
m0_73700261的博客
05-15 396
发现这题变种凯撒的逻辑是这样的每个减ASCII码减10然后下一个字母再加1,然后在对照ASCII的表最后就是flag。题目打开是一个一串位移过的base64,经过尝试发现这个不是凯撒和rot系列的位移。根据题目描述使用维吉尼亚解码,密钥猜测是flag,发现能成功被解码。多次尝试后发现这个是栅栏密码的位移位移数是23。你是我的关键词(Keyworld) (初级)但根据题目描述发现可能是一个关键词解密。题目打开是一个类似镜像翻转一样的。看上去是一个字码乱移的flag。梦想是红色的 (初级)
BUUCTF NewStarCTF一些新知识记录
Aiwin的博客
09-21 3349
BUUCTF NewStarCTF一些新知识记录
LITCTF2023 部分WP
arcuied
05-14 1664
LITCTF2023 部分WP
LitCTF2023暨zzuli首届新生赛crypto部分wp
jiuli137的博客
05-17 369
所以我们要做的就是逆向,也就是遍历加密后的字符串的每个字符,如果该字符在原始字符串中是偶数位,那么将该字符的ASCII码值减去该字符在字符串中的下标即可得到原始字符的ASCII码值;},像是flag又不是,根据23的提示想到凯撒密码解密得到LitCTF{LeT_Us_H4V3_fU0!因为e是偶数与phi互质,所以正常解得不到d,但是我们可以找到e与phi的最大公因数s,然后让e除以s,然后在正常解rsa,只不过我们得到的不是m而是m的s次幂,正如题目所言,rsa最基础的题,有p,q,e.c直接解。
[LitCTF 2023]原来你也玩原神 (初级)
2301_80189829的博客
12-13 806
得 NSSCTF{YUANLAINIYEWANYUANSHENWWW}
LitCTF2023 郑州轻工业大学首届网络安全赛 WP 部分
Aluxian_的博客
05-14 8256
由于刚接触CTF没多久 还是属于萌新级别的(中专高中生)也没怎么打过比赛记录一下学习的过程大佬绕过即可,后续会继续加油努力。PS:记得所有的flag都改为NSSCTF或者LitCTF。
[LitCTF 2023]babyLCG
s_a2g1a3j1的博客
03-03 454
【代码】[LitCTF 2023]babyLCG
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值