文章 标签 分类 关于 友链
/images/zsm.jpg

moectf2024_crypto

 published on  included in CTF

题目

现代密码学指北

task:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

from Crypto.Util.number import bytes_to_long, getPrime
from secret import flag
p = getPrime(128)
q = getPrime(128)
n = p*q
e = 65537
m = bytes_to_long(flag)
c = pow(m, e, n)
print(f"n = {n}")
print(f"p = {p}")
print(f"q = {q}")
print(f"c = {c}")
'''
n = 40600296529065757616876034307502386207424439675894291036278463517602256790833
p = 197380555956482914197022424175976066223
q = 205695522197318297682903544013139543071
c = 36450632910287169149899281952743051320560762944710752155402435752196566406306
'''

正常解密即可 exp

Read More
 Crypto

wsl2 + arch + sagemath

 published on  included in CTF

前言

为什么要这样搞呢,主要是自己太闲了(被打),还是因为win环境下的sagemath版本低,bug多,而且还不能pwn交互,虽然在vm里面可以搞,但是我又嫌打开虚拟机麻烦,所以就wsl2了。

Read More
 Crypto

串烧_crypto复现

 published on  included in CTF

前言

打了香港,日本的比赛,还有蜀道山,感觉这几个题都很好,但是都不会(),写个记录一下,顺便总结

题目

seccon/reiwa_rot13

task

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

from Crypto.Util.number import *
import codecs
import string
import random
import hashlib
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from flag import flag

p = getStrongPrime(512)
q = getStrongPrime(512)
n = p*q
e = 137

key = ''.join(random.sample(string.ascii_lowercase, 10))
rot13_key = codecs.encode(key, 'rot13')

key = key.encode()
rot13_key = rot13_key.encode()

print("n =", n)
print("e =", e)
print("c1 =", pow(bytes_to_long(key), e, n))
print("c2 =", pow(bytes_to_long(rot13_key), e, n))

key = hashlib.sha256(key).digest()
cipher = AES.new(key, AES.MODE_ECB)
print("encyprted_flag = ", cipher.encrypt(flag))

思路: 当时比赛第一眼看过去,e很小,就在想是不是富兰克林,然后想利用rot13的性质去写,发现没用,然后就想通过c1和c2直接去构造富兰克林攻击,发现一直不对。 正确想法应该是bytes_to_long转换的时候形成的富兰克林,每一位可以看作

Read More
 Crypto

国城杯2024_crypto

 published on  included in CTF

前言

额,没有进线下,很遗憾,24名,感觉算是尽力了吧,密码差一个,pwn差一个,害,加油加油

题目

baby_rsa

task

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

from secret import flag
from Crypto.Util.number import*
from gmpy2 import*

flag = b'D0g3xGC{****************}'

def gen_key(p, q):
    public_key = p*p*q
    e = public_key
    n = p*q
    phi_n = (p-1)*(q-1)
    private_key = inverse(e,phi_n)
    return public_key,private_key,e

p = getPrime(512)
q = getPrime(512)

N,d,e = gen_key(p,q)

c = gmpy2.powmod(bytes_to_long(flag),e,N)

print(N)
print(d)
print(c)

'''
n = 539403894871945779827202174061302970341082455928364137444962844359039924160163196863639732747261316352083923762760392277536591121706270680734175544093484423564223679628430671167864783270170316881238613070741410367403388936640139281272357761773388084534717028640788227350254140821128908338938211038299089224967666902522698905762169859839320277939509727532793553875254243396522340305880944219886874086251872580220405893975158782585205038779055706441633392356197489
d = 58169755386408729394668831947856757060407423126014928705447058468355548861569452522734305188388017764321018770435192767746145932739423507387500606563617116764196418533748380893094448060562081543927295828007016873588530479985728135015510171217414380395169021607415979109815455365309760152218352878885075237009
c = 82363935080688828403687816407414245190197520763274791336321809938555352729292372511750720874636733170318783864904860402219217916275532026726988967173244517058861515301795651235356589935260088896862597321759820481288634232602161279508285376396160040216717452399727353343286840178630019331762024227868572613111538565515895048015318352044475799556833174329418774012639769680007774968870455333386419199820213165698948819857171366903857477182306178673924861370469175
'''

思路:第一开始蠢了,光想着数论去分解(),实际上就是已知ed去分解n的板子,如果你不喜欢这样写,也可以当做Schmidt-Samoa密码系统去写,也就是N=ppq exp 已知ed分解n

Read More
 Crypto