20210919-长城杯-CryptoSecWriteUp

Posted on 2021-10-09 Edited on 2022-09-10 In CTF-Crypto , WriteUp Views: Symbols count in article: 4.1k Reading time ≈ 4 mins.

baby_rsa

第一层比较难搞

from secret import flag, v1, v2, m1, m2


def enc_1(val):
    p, q = pow(v1, (m1+1))-pow((v1+1), m1), pow(v2, (m2+1))-pow((v2+1), m2)
    assert isPrime(p) and isPrime(q) and (
        p*q).bit_length() == 2048 and q < p < q << 3
    return pow(val, 0x10001, p*q)


assert flag[:5] == b'flag{'
plain1 = bytes_to_long(flag[:21])

$$
p=v_1^{m_1+1}-(v_1+1)^{m_1}\\
q=v_2^{m_2+1}-(v_2+1)^{m_2}\notag
$$

他们没有告诉我们模数，但也不是选择明文攻击条件不符

既然现没有符号的RSA攻击，就凭借感觉吧，我觉得这个v1, v2, m1, m2可爆，然后根据第二层，$m$很小不需要这么多模数，只需要知道$p$就好了，然后记得v1确定之后框定一下m1的范围就很快可以爆破出来

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from Crypto.Util.number import *
from gmpy2 import *
from math import log
import sys

c1 = 15808773921165746378224649554032774095198531782455904169552223303513940968292896814159288417499220739875833754573943607047855256739976161598599903932981169979509871591999964856806929597805904134099901826858367778386342376768508031554802249075072366710038889306268806744179086648684738023073458982906066972340414398928411147970593935244077925448732772473619783079328351522269170879807064111318871074291073581343039389561175391039766936376267875184581643335916049461784753341115227515163545709454746272514827000601853735356551495685229995637483506735448900656885365353434308639412035003119516693303377081576975540948311
c2 = (40625981017250262945230548450738951725566520252163410124565622126754739693681271649127104109038164852787767296403697462475459670540845822150397639923013223102912674748402427501588018866490878394678482061561521253365550029075565507988232729032055298992792712574569704846075514624824654127691743944112075703814043622599530496100713378696761879982542679917631570451072107893348792817321652593471794974227183476732980623835483991067080345184978482191342430627490398516912714451984152960348899589532751919272583098764118161056078536781341750142553197082925070730178092561314400518151019955104989790911460357848366016263083, 43001726046955078981344016981790445980199072066019323382068244142888931539602812318023095256474939697257802646150348546779647545152288158607555239302887689137645748628421247685225463346118081238718049701320726295435376733215681415774255258419418661466010403928591242961434178730846537471236142683517399109466429776377360118355173431016107543977241358064093102741819626163467139833352454094472229349598479358367203452452606833796483111892076343745958394932132199442718048720633556310467019222434693785423996656306612262714609076119634814783438111843773649519101169326072793596027594057988365133037041133566146897868269, 39796272592331896400626784951713239526857273168732133046667572399622660330587881579319314094557011554851873068389016629085963086136116425352535902598378739)
e = 0x10001

# enc_2
c2, n2, x = c2[0], c2[1], c2[2]
assert n2 % x == 0
n2 = x
p1 = 191
p2 = 193
p3 = 627383
p4 = 1720754738477317127758682285465031939891059835873975157555031327070111123628789833299433549669619325160679719355338187877758311485785197492710491
phi2 = (p1 - 1) * (p2 - 1) * (p3 - 1) * (p4 - 1)
d2 = invert(e, phi2)
m2 = pow(c2, d2, n2)
flag2 = long_to_bytes(m2)

# enc_1
lbound, ubound = 2 ** 1021, 2 ** 1027
for v1 in range(2, 1000000):
    for m1 in range(int(log(lbound, v1)), int(log(ubound, v1))):
        p = pow(v1, (m1 + 1)) - pow((v1 + 1), m1)
        if isPrime(p) and 1021 < p.bit_length() < 1027:
            phi1 = p - 1
            d1 = invert(e, phi1)
            m = pow(c1, d1, p)
            if long_to_bytes(m).startswith(b'flag'):
                flag1 = long_to_bytes(m)
                flag = flag1 + flag2
                print(flag)
                sys.exit(0)

差一点，第四个解出来

你这flag保熟吗

帮队友看题，看图形我记得在b站上看过一个up用计算机模拟二向箔二维化地球，用的就是希尔伯特曲线，有一部分原题改下脚本

第五届强网杯-Threebody

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import xlrd
import numpy as np
from hilbertcurve.hilbertcurve import HilbertCurve
from base64 import b64decode

filename = r"password.xls"
# xlrd操作xls文件
excel = xlrd.open_workbook(filename)  # 文件名以及路径，如果路径或者文件名有中文给前面加一个 r

excel.sheet_names()  # 获取excel里的工作表sheet名称数组
sheet = excel.sheet_by_index(0)  # 根据下标获取对应的sheet表

lis = []
for index in range(256):
    lis.append(sheet.row_values(index))

arr = np.array(lis)

hilbert_curve = HilbertCurve(8, 2)

s = ''
for i in range(np.size(arr)):
    [x, y] = hilbert_curve.point_from_distance(i)
    s += arr[y, x]
for i in range(25):
    s = b64decode(s)
print(s)

1f_y0u_h4ve_7he_fllllllag,_I_muSt_vvant_1t!

后面得到flag.php就没了