历史记录

    清空历史记录
    • 相关的动态
    • 相关的文章
    • 相关的用户
    • 相关的圈子
    • 相关的话题
    注册 登录
    2024 DSBCTF_单身杯 crypto
    1770980518794052 发表于 浙江 CTF 275浏览 · 2024-11-14 11:11

    签到·一把梭

    小鼎,24岁。网安专业old star.最近入坑ctf,想体验一把梭的感觉。于是他的朋友给他找来了cahtylin先生。cahtylin先生听闻,欣然写下此题。

    提示:

    什么年代了还在做低加密指数的传统RSA?我就猜出题人在100以内找个d然后模拟出e加密的。

    from Crypto.Util.number import *

#小鼎,24岁。网安专业old star.最近入坑ctf,想体验一把梭的感觉。于是他的朋友给他找来了cahtylin先生。cahtylin先生听闻,欣然写下此题。

falg = '?????'
m = bytes_to_long(falg)
print(m)
'''
m =365570067986928236989573788230270407130085464313909252527513197832758480604817399268366313889131551088558394832418649150417321940578277210433329648095352247884911033780856767602238960538520312352025465812228462858158997175162265505345470937926646520732298730237509998898024691120409770049168658027104966429925920045510148612448817
'''

#什么年代了还在做低加密指数的传统RSA?我就猜出题人在100以内找个d然后模拟出e加密的。

    直接对m进行long_to_bytes得到b'n=0x846d39bff2e430ce49d3230c7f00b81b23e4f0c733f7f52f6a5d32460e456e5f_c=0x4eeec51849a85e5a6566f8d73a74b1e64959aa893f98e01c1e02c3120496f8b1'

    根据提示d在100以内,直接爆破d即可

    from Crypto.Util.number import *
m =365570067986928236989573788230270407130085464313909252527513197832758480604817399268366313889131551088558394832418649150417321940578277210433329648095352247884911033780856767602238960538520312352025465812228462858158997175162265505345470937926646520732298730237509998898024691120409770049168658027104966429925920045510148612448817
print(long_to_bytes(m))
n=0x846d39bff2e430ce49d3230c7f00b81b23e4f0c733f7f52f6a5d32460e456e5f
c=0x4eeec51849a85e5a6566f8d73a74b1e64959aa893f98e01c1e02c3120496f8b1
for d in range(2, 100):
    flag = long_to_bytes(pow(c, d, n))
    if b'ctfshow' in flag:
        print(d, flag)

#7 b'ctfshow{b4n_your_1_b1o0d}'

    古典古典古典

    密文如下:

    UUxRQjFBU19NWkFFe1pPX0xBMV9PMVVOU31OV05aX0IxSA==

    提示如下:

    {}位置对了就能出了吗?什么加密会保留{}位置

    step1. 一眼base64 得到

    QLQB1AS_MZAE{ZO_LA1_O1UNS}NWNZ_B1H

    step2. 栅栏恢复到{}正确的位置

    QZNALEW{QZNOB_ZL1A_1A_BOS11U_NHSM}

    step3. quipqiup替换,把符号换成空格,QZNALEW=CTFSHOW得到CTFSHOW CTFUL TH1S 1S LUN11A FINE, 然后全靠猜,CTFUL->CTFER得到CTFSHOW CTFER TH1S 1S REN11L FIND, REN11L->REA11Y得到CTFSHOW CTFER TH1S 1S REA11Y FLAG

    CTFSHOW{CTFER_TH1S_1S_REA11Y_FLAG}

    ex咖喱棒

    题目

    from Crypto.Util.number import *
from sympy import *
def givemeprime(x):
    ''' x < 502'''
    p = getPrime(x)
    print(p)
    while (p).bit_length() <= 512:
        p = nextprime(p*2**10)

    return p 

p = givemeprime(10)
q = givemeprime(10)
n = p*q
flag=b'?????'
m = bytes_to_long(flag)
e=2**32+1
c=pow(m,e,n)

print('n=',n)
print('c=',c)

'''
n= 9007989895621669259301762739598643626213892494330778168383286295463641223987867033273111296978959160408689408884183780314498828688143466136060628598819311509949865018608092450964012727526450914131409697944090166113416984201622940137239452703698919890772056684013237404520834408811118739546684092365102406400768733
c= 3155015611586304247269005826733691392085437186284673630268852999607965592611252562808748872502491405722341353019602057980123546192900359248245073985988035982837057433789538035295585235536446429172802713235552248615722281314286849930993306403034865999074888279573724168174433746677852218329931104122667029131804586
'''

    素数的生成可以进行爆破,选取10bits的素数,计算p*2**10,取下一个大于512bits的素数。爆破10bits的素数即可。

    from Crypto.Util.number import *
from sympy import *
n = 9007989895621669259301762739598643626213892494330778168383286295463641223987867033273111296978959160408689408884183780314498828688143466136060628598819311509949865018608092450964012727526450914131409697944090166113416984201622940137239452703698919890772056684013237404520834408811118739546684092365102406400768733
c = 3155015611586304247269005826733691392085437186284673630268852999607965592611252562808748872502491405722341353019602057980123546192900359248245073985988035982837057433789538035295585235536446429172802713235552248615722281314286849930993306403034865999074888279573724168174433746677852218329931104122667029131804586
e = 2**32+1
P = []
p0 = nextprime(2**9)
while p0 < 2**10:
    p = p0
    while p.bit_length() <= 512:
        p = nextprime(p*2**10)
    P.append(p)
    p0 = nextprime(p0)
for p in P:
    if n % p == 0:
        q = n // p
        phi = (p-1)*(q-1)
        d = inverse(e, phi)
        m = pow(c, d, n)
        print(long_to_bytes(m))
        break
# ctfshow{exp_i5_a_5ki11_u_mUs7_m45t3r}

    ASR

    题目

    from Crypto.Util.number import *
from sympy import *
p = getPrime(215)
q = getPrime(215)
n = p*q
e = 73556
flag= b'?????'

m = bytes_to_long(flag)
print(nextprime(m))
print(prevprime(m))
c = pow(n,e,m)
print('n=',n)
print('c=',c)

'''
40913285701005622718863058877533926183158872052161364026817991531
40913285701005622718863058877533926183158872052161364026817991159
n= 1613066479310413323265772296807266781564029043951746766617970255478050198763115133921086056086051610592970427572413404447990142013
c= 34708409030920347254051748353430247487967281837305081753454451319
'''

    给了m的上一个素数和下一个素数,直接这两个之间爆破m即可。

    from Crypto.Util.number import *
m1 = 40913285701005622718863058877533926183158872052161364026817991531
m2 = 40913285701005622718863058877533926183158872052161364026817991159

for m in range(m2, m1):
    flag = long_to_bytes(m)
    if flag.endswith(b'}'):
        print(flag)
        break
# b'ctfshow{RSA_not_is_not_ASR}'

    math_rsa

    分解 n!

    from Crypto.Util.number import bytes_to_long, long_to_bytes


def count_factor_occurrences(n, p):
    """
    计算n!中因子p出现的次数。

    :param n: 整数,表示阶乘的底数
    :param p: 整数,要计算出现次数的因子
    :return: 因子p在n!中出现的次数
    """
    count = 0
    power = p
    while n >= power:
        count += n // power
        power *= p
    return count


def calculate_special_counter(n, key):
    """
    通过一系列与质数相关的操作计算并返回一个特定计数值。

    :param n: 整数,用于确定计算范围
    :param key: 整数,用于取模运算的常量
    :return: 计算得到的特定计数值
    """
    is_prime = [True] * (n + 1)
    is_prime[1] = False
    primes = []

    # 单独处理2这个质数
    if n >= 2:
        primes.append(2)

    p = 3
    while p * p <= n:
        if is_prime[p]:
            for i in range(p * p, n + 1, p * 2):
                is_prime[i] = False
        p += 2

    for p in range(3, n + 1, 2):
        if is_prime[p]:
            primes.append(p)

    counter = 1
    for prime in primes:
        power = count_factor_occurrences(n, prime)
        mod_value = (2 * power + 1) % key
        counter = (counter * mod_value) % key

    return counter
key=key = bytes_to_long(b'ctfshow' * 11)
d1=(calculate_special_counter(1111111,key))
n = 54574114381718620167617516254929393779619478308097113614916675753251123548928131184783684874283433005383416329333515148795542347110691860676572758697931909264778996887013262158676437681328356540522795904026051878217112848328807404132186855022441100415245863609800487131682707570632405183635021611108835267759
c = 6152360020770587319042211616230221955276231957369900018326509075246049533065274193822064664954312088370274199977933471629773286341632192578865475616294549753212257409853382739383167314755235136431546938621288480401985886224522239505956567272435201576625728864298081471539244545838583231944620511300185831132
leak = 16102974322718628332775750617032895793782360562291434204500149732571174230338263002384756014760949775420804601441832387500764784508882168206386996211671060761357982709828010115692143995397973526517421403555634084184433318856377393377764138389228581916413401245531536422259037376817202123767631518253694641004207511682233164891541552631514

d=d1+leak
print(long_to_bytes(int(pow(c,d,n))))
#b'ctfshow{dsb_ctf_just_a_easy_ctf}'
    0 人收藏 0 人喜欢 转载 分享
    0 条评论
    某人
    表情
    可输入 255
      发布投稿
    热门文章
    优秀作者
    目录
    先知社区
    本站/app由 Djingoii 提供技术和产品支持