20220526-第六届中国海洋大学信息安全竞赛暨Blue Whale CTF-CryptoSecPartWriteUp
rsa0
- 考点:CopperSmith
题目代码
1 | from gmpy2 import * |
exp
1 | from Crypto.Util.number import long_to_bytes |
不知道怎么来的,但是可以证明是对的
$\begin{cases}
m^2-m^{p+1}-m^{q+1}+m^{p+q}\equiv_p m^2-m^2-m^{q+1}+m^{q+1}\equiv_p0\\
m^2-m(m^{p}+m^{q})+m^{p+q}\equiv_q0
\end{cases}\notag$
$\Rightarrow m^2-m(m^{p}+m^{q})+m^{p+q}\equiv_n0\notag$
Classicbc
1 | ZmxhARcCMHZxQx8SKm96RR0cBXNh |
hh0解,尚师傅做出来的,斯巴拉西,佩服出题人脑洞
base64解码一下,可以看到前三个字节是fla
1 | b'fla\x01\x17\x020vqC\x1f\x12*ozE\x1d\x1c\x05sa' |
根据cbc的加密模式,这里应该是三个字节一组,上一组密文与组一个明文异或,可以得到
1 | from base64 import b64decode |
leaks
- 考点:MT19937
1 | from random import getrandbits |
之前也碰到过,不是32位的虚伪随机数
做个小实验
1 | from random import * |
可见生成小于32位的伪随机数是截取32位伪随机数的前几位,另外如果生成大于32位的伪随机数,则是从低到高以比特位形式填充32位,如果不需要那么多,则截取高位的32位伪随机数(注意是截取,多余的部分不再使用
所以题目提供的1500个(附件里是1000个27位的随机数
后5位不知道,用上次那个?????脚本就可以恢复预测,但不知道为啥提交不对
自己试了一组,是可以恢复第一组state,并且成功预测
1 | leaks = [] |
然后把长1500的leaks丢到脚本里,因为看不懂脚本,但在get_random()的方法里输出state发现逆两轮twist就能得到最开始的state
1 | def get_random(self): |
1 | state = [3899451448, 3688920089, 2424569011, 1461519993, 2953621007, 2375249789, 1901226679, 3077627170, 2027714221, 3718787320, 4018837963, 3451074940, 2567607834, 2139239099, 2229109942, 2767796226, 2274941329, 4248936150, 2271380476, 3515872987, 3067423215, 4190734058, 1073227417, 3839359582, 1900424514, 2254980115, 911988991, 3988652204, 4123013303, 3073622123, 114090118, 3927978396, 4206626229, 1336061860, 4273293467, 2319381165, 1880320203, 3163626195, 3092996300, 327915126, 1580045155, 2912933133, 3744300, 3211055227, 2229315585, 1147303469, 2965429037, 2853041134, 1456005179, 1054904761, 2854203385, 2166815111, 1560134877, 3449732114, 911210241, 3171926050, 3854610159, 2173259575, 3945487700, 603587167, 1908557463, 2501513576, 2047818871, 867355718, 1327130976, 4232103848, 898625962, 3187160728, 545565886, 3874180848, 169066450, 2092119676, 1324643677, 687684873, 2694723843, 1826538155, 198603084, 1803340803, 739241893, 3707535497, 2150474550, 4127574817, 3033549917, 4269980082, 1478563529, 3160030275, 3136078977, 487495547, 1528517586, 666565642, 2279049562, 547293042, 1959522128, 4270242801, 2171370051, 2485007060, 2148571464, 3719858981, 702499705, 4097085449, 1837421250, 3051678360, 524648267, 644623133, 3838925811, 385410025, 3627093605, 3908807586, 1084244020, 103524635, 1494932864, 577951669, 1393768110, 2652377776, 2615390680, 1750265245, 314394900, 3964284257, 1570426746, 3936258340, 956095273, 775381837, 2122792286, 3854528680, 2328952410, 688787529, 2669475021, 1234025336, 3754407374, 3558350438, 1878790555, 39657117, 626098933, 2110444973, 2840529929, 1161949052, 3298502072, 2336375293, 575934912, 67620555, 2318681497, 1186593742, 3967314183, 806900871, 1249624132, 3670623448, 508432819, 2545619984, 4113833680, 4101450659, 2590494722, 1396780283, 3809268377, 1560123348, 240879502, 1743232615, 871705, 4225283948, 3468407991, 47417075, 398675844, 922732949, 2565980115, 389527185, 1691194, 1740857563, 1037022556, 3400771257, 2419464519, 690414493, 2970937661, 3806518708, 2822153706, 1141847573, 3050763772, 1406945954, 586866745, 3586955946, 2719365735, 4241640749, 479101164, 4224210339, 3747334567, 3356803286, 827251202, 2115360798, 1322684379, 1681688462, 1590531228, 2382300842, 2157082064, 255417663, 2036627834, 1203037450, 3654485921, 1514263273, 1832402026, 167061840, 2444489948, 863359190, 2580777938, 3996326693, 3432912394, 1642628261, 1329622739, 14500307, 1669460122, 1721183941, 543640060, 2285735820, 3109161586, 1454139859, 2841596736, 1606418103, 2594499980, 1412814708, 1733069102, 2508601240, 4077790470, 2197142806, 526315165, 1626939021, 2094991739, 1205942274, 115779805, 1102818894, 2267068908, 2267863625, 2910324750, 2544159014, 760150703, 2029120675, 2581294785, 4138776466, 3228150527, 3004273559, 311072499, 2945067652, 2851396395, 3044142566, 560388346, 2881357881, 3400505199, 1662548102, 2487919758, 2902560455, 4259090782, 2743043319, 1003019559, 1696980730, 3231252438, 3429187551, 302479391, 3054085880, 3205396032, 4041703038, 2948780670, 2472767303, 512245636, 2275950854, 118493022, 1262546487, 760129600, 625223605, 1585822210, 3478836169, 2745642219, 1861498039, 3557586355, 1682292976, 1291763734, 3460084141, 3499448607, 359426268, 3317363895, 127703080, 3553524849, 2180323601, 488793271, 325417697, 2346497602, 1949172752, 1236625003, 2647693908, 250765865, 2010810379, 3188194117, 4219975567, 3064111666, 2644229674, 2142022206, 3041983417, 473752442, 352455219, 4095420768, 1077447120, 2181157838, 159382401, 3217854178, 3021743730, 3946226563, 1893346409, 3956383194, 1734791638, 2108615645, 2519702112, 2164150840, 464099818, 892667025, 1620289166, 3889130311, 4002154180, 3243976210, 2562645314, 1245296057, 2686894737, 1704584961, 1050878272, 2292428046, 3540976256, 2170753595, 3897078894, 3477852248, 1104367092, 2648446703, 1271081657, 3525258821, 3923374001, 3226807687, 3281897077, 4228042909, 1612795739, 395215066, 3664538024, 2558365581, 847310236, 3457034306, 3893582038, 3802032968, 3302653140, 415738423, 1066148714, 1355968898, 3491974390, 844815797, 742544669, 1239062747, 2791259775, 2383305670, 1055262018, 103448571, 3668585548, 1890271465, 3817356259, 3398190545, 3750456573, 1734617885, 2892417982, 3913841137, 827658019, 1352123729, 3602592374, 3823986692, 2753222650, 3183123442, 1470688431, 2277146695, 2793368772, 344996454, 981013334, 762230165, 3204805645, 4195921267, 3874322511, 2776065970, 3235159729, 3757734966, 1510504426, 296190997, 1425335563, 1608413179, 4230974342, 2842986419, 92764313, 513794090, 3064859496, 3746592485, 1689648608, 1519203258, 1539884216, 232884361, 354517555, 43443977, 3041925996, 4209832412, 3219864004, 3672664606, 1887546344, 2721082869, 2828889265, 374815218, 1803939472, 1168120640, 2859021906, 269411505, 2473335141, 2464181527, 3222559407, 1272458713, 3396750934, 2322122466, 2441448002, 4045694411, 2644640552, 4071174644, 3270472552, 3667433119, 3343780979, 3043667437, 4234606592, 1015939621, 2518152338, 692423279, 3388425780, 270073403, 3930155093, 1035320083, 3662437867, 3771623935, 1212401434, 2461746402, 1107538525, 321271679, 1691504831, 2112184541, 3593985593, 2768819252, 3699440344, 4003729231, 3012034207, 310087241, 3822245000, 718922686, 2590799419, 1428099888, 184688665, 1843608225, 663638345, 1045495022, 1280897660, 2429127948, 1991134490, 929704444, 2790292422, 860299632, 2928446613, 1401529386, 164483077, 3180626435, 4277424928, 3291167077, 114799931, 1832476049, 727918866, 976201409, 1462392195, 3603525379, 1045042426, 2139022459, 1677899650, 2228356631, 2901289305, 2405516308, 1615008322, 3976852845, 3711759567, 2867514350, 2762401471, 3999917814, 235867799, 4254111360, 1030251837, 1857831412, 3440852122, 2804799555, 333483387, 4284161231, 3635591702, 624169595, 4149229138, 1360461512, 3873413355, 645530228, 2947155076, 2542353740, 3821471039, 2468028945, 1333825097, 225481042, 2674033419, 2823488683, 4204528146, 3288386031, 2232607784, 1622093536, 1427622225, 3690395209, 1132810180, 3246329878, 996942619, 1183582681, 3360415039, 2839329210, 2497393075, 463098166, 4019681043, 4186798276, 3051176205, 1303022181, 3426640383, 976884737, 376490171, 3385654059, 3477868940, 3508048417, 221878015, 1401537569, 329861630, 565102550, 328730655, 2698750293, 858780097, 1159947180, 2014038202, 2747059987, 2535049914, 3643177311, 1203281970, 1710253571, 3990864977, 1000392804, 1299708753, 2623774999, 3341419988, 3168173552, 1767900961, 3272956732, 3330674699, 1832427028, 778254462, 290517174, 2694235483, 2241627983, 512889547, 2752530013, 2286264494, 1095783731, 3138295350, 3197100699, 1888523982, 2989881003, 1653779342, 2707134771, 4268983799, 2001381933, 4177815381, 3365667927, 402160230, 2379851654, 277601197, 668224416, 23326909, 1052050974, 2855862679, 2347404687, 3943889421, 3165948708, 1212114622, 2708814383, 3036471003, 562337742, 3965750449, 1414996704, 1970781958, 3640777137, 336983239, 3577501375, 4234781280, 911335595, 3747083444, 1718362041, 1859580357, 4128562866, 59815907, 3163432197, 185049319, 212826158, 1915809190, 1040850770, 608118958, 857269126, 1478618117, 709101513, 2636589404, 2045326194, 1279980829, 1472156504, 1877305506, 277037080, 1014061167, 459056040, 1188787439, 1750603809, 2315069418, 1586839996, 2330828402, 1698567219, 3984321988, 2604300216, 288708326, 1194148689, 1694473375, 3041544136, 4007534082] |
此外,恢复的seed并不能直接用于seed函数的参数直接作为初始化的seed值,要实例化一个Random类,然后调用setstate方法
比如
1 | a = MT19937(1) |
rsa1
- 考点:RSA素数二进制形式有很多0
题目代码
1 | from Crypto.Util.number import bytes_to_long |
掐头去尾两个1,中间只有四个1,排列组合$C_{255}^4$。有点费时间,主要看怎样爆破了,4个1要保持这么大的位数,大概率都是在高位,从后往前爆,然后为了加快,尝试头尾去掉几个。代码参考评论区。