NSSCTF Round#11 --- 密码个人赛 wp
文章目录
-
-
- ez_enc
- MyMessage
- MyGame
- ez_signin
- ez_fac
-
ez_enc
题目:
ABAABBBAABABAABBABABAABBABAAAABBABABABAAABAAABBAABBBBABBABBABBABABABAABBAABBABAAABBAABBBABABABAAAABBAAABABAABABBABBBABBAAABBBAABABAABBAAAABBBAAAABAABBBAABBABABAABABAAAAABBBBABAABBBBAAAABBBBBAB
将A替换为0,B替换为1,再二进制转字符串
flag:
NSSCTF{mS4gT1Kv9L8NjPzx}
MyMessage
题目:
from Crypto.Util.number import *
import osflag = os.getenv('FLAG')e = 127def sign():msg = input("Input message:")p = getPrime(512)q = getPrime(512)n = p*qc = pow(bytes_to_long((msg + flag).encode()), e, n)print(f"n: {n}")print(f"Token: {hex(c)}")def main():while True:sign()main()
与黄河流域警校CTF类似,取127组数据构成 低加密指数广播攻击,之后按照板子解题即可
解题代码:
import gmpy2
from pwn import *
from functools import reduce
from Crypto.Util.number import *def CRT(ai, mi):assert (reduce(gmpy2.gcd, mi) == 1)assert (isinstance(mi, list) and isinstance(ai, list))M = reduce(lambda x, y: x * y, mi)ai_ti_Mi = [a * (M // m) * gmpy2.invert(M // m, m) for (m, a) in zip(mi, ai)]return reduce(lambda x, y: x + y, ai_ti_Mi) % Me = 127
n = []
c = []
for i in range(127):p = remote('node2.anna.nssctf.cn', 28949)message='1'send_data = p.sendline(message.encode())get_n = p.recvline().decode()get_token = p.recvline().decode()n_data = int(get_n.split(':')[1].replace('\\n',''))c_data = int(get_token.split(':')[1].strip(),16)n.append(n_data)c.append(c_data)M = int(CRT(c,n))
m = gmpy2.iroot(M,127)[0]
flag = long_to_bytes(m)
print(flag)MyGame
题目:
from Crypto.Util.number import *
import os
import random
import stringflag = os.getenv('FLAG')def menu():print('''=---menu---=
1. Guess
2. Encrypt
''')p = getPrime(512)
q = getPrime(512)
n = p*qdef randommsg():return ''.join(random.choices(string.ascii_lowercase+string.digits, k=30))mymsg = randommsg()
def guess():global mymsgmsg = input()if msg == mymsg:print(flag)else:print(mymsg)mymsg = randommsg()def encrypt():e = random.getrandbits(8)c = pow(bytes_to_long(mymsg.encode()), e, n)print(f'Cipher_{e}: {c}')def main():print(f'n: {n}')while True:opt = int(input())if opt == 1:guess()elif opt == 2:encrypt()main()
显然n已经确定了,那么直接取两组数据构成共模攻击,然后按照板子解题即可
解题代码:
from Crypto.Util.number import *
import gmpy2def egcd(a, b):if a == 0:return (b, 0, 1)else:g, y, x = egcd(b % a, a)return (g, x - (b // a) * y, y)def deocode():n = 92376669002623921509402142523040417979742847285128913230222037277281193123569384917422295565460337201247419578329317570919388466167460921476436708744255861919569840646055365622736782018449981456970295507042507578400203506466228792516604670880411611388070363010575761687416199559859671498479577162814750167227c1 = 56209807203263700238616560618292167910103178762773040784631746817419178047868684355927134794504437622277771565804770934927080520866774097937077159522561456694970573720502644960107683432027702982653269325018244743399259436663458302138397221829147003127560773174189067496942399020628208697090961657373400555014c2 = 90201008191161333080317628432839944522494767331025005565907527059217108167006947509077285590701267614286437629784262846613850046677772564536135707131060135969549898546289759735024482099701063980172806975932382772513818194522857561088504530894222162124688966716463702313948548512256262573687696646070994545974e1 = 170e2 = 98s = egcd(e1, e2)s1 = s[1]s2 = s[2]if s1 < 0:s1 = - s1c1 = gmpy2.invert(c1, n)elif s2 < 0:s2 = - s2c2 = gmpy2.invert(c2, n)if gmpy2.gcd(e1, e2) == 1:print("e1,e2互质")message = pow(c1, s1, n) * pow(c2, s2, n) % nflag = long_to_bytes(message)print(flag)elif gmpy2.gcd(e1, e2) != 1:message = pow(c1, s1, n) * pow(c2, s2, n) % ncommon_e = gmpy2.gcd(e1, e2)print("e1,e2不互质,且公约数为" + str(common_e))flag = long_to_bytes((gmpy2.iroot(message, common_e)[0]))print(flag)if __name__ == '__main__':deocode()
解密得到随机字符串:dpb3o4zvh47f8xksol7zgvbuullc96,之后选择1进入到guess()方法输入字符串即可得到flag 
ez_signin
题目:
from Crypto.Util.number import *
from secret import flagp = getPrime(512)
q = getPrime(512)
assert p > q
n = p*q
e = 65536
m = bytes_to_long(flag)
num1 = (pow(p,e,n)-pow(q,e,n)) % n
num2 = pow(p-q,e,n)
c = pow(m,e,n)print("num1=",num1)
print("num2=",num2)
print("n=",n)
print("c=",c)晚点写!!!!
解题代码:
from Crypto.Util.number import *
import gmpy2num1= 134186458247304184975418956047750205959249518467116558944535042073046353646812210914711656218265319503240074967140027248278994209294869476247136854741631971975560846483033205230015783696055443897579440474585892990793595602095853960468928457703619205343030230201261058516219352855127626321847429189498666288452
num2= 142252615203395148320392930915384149783801592719030740337592034613073131106036364733480644482188684184951026866672011061092572389846929838149296357261088256882232316029199097203257003822750826537629358422813658558008420810100860520289261141533787464661186681371090873356089237613080052677646446751824502044253
n= 154128165952806886790805410291540694477027958542517309121222164274741570806324940112942356615458298064007096476638232940977238598879453357856259085001745763666030177657087772721079761302637352680091939676709372354103177660093164629417313468356185431895723026835950366030712541994019375251534778666996491342313
c= 9061020000447780498751583220055526057707259079063266050917693522289697419950637286020502996753375864826169562714946009146452528404466989211057548905704856329650955828939737304126685040898740775635547039660982064419976700425595503919207903099686497044429265908046033565745195837408532764433870408185128447965p = GCD(num1+num2,n)
q = n//px0=gmpy2.invert(p,q)
x1=gmpy2.invert(q,p)
cs = [c]
for i in range(16):ps = []for c2 in cs:r = pow(c2, (p + 1) // 4, p)s = pow(c2, (q + 1) // 4, q)x = (r * x1 * q + s * x0 * p) % ny = (r * x1 * q - s * x0 * p) % nif x not in ps:ps.append(x)if n - x not in ps:ps.append(n - x)if y not in ps:ps.append(y)if n - y not in ps:ps.append(n - y)cs = psfor m in ps:flag = long_to_bytes(m)if b"nssctf" in flag:print(flag)breakez_fac
题目:
from Crypto.Util.number import *
import random
from secret import flag,a0,a1,b0,b1p = getPrime(512)
q = getPrime(512)
e = getPrime(128)
n = p*q
assert pow(a0,2) + e * pow(b0,2) == n
assert pow(a1,2) + e * pow(b1,2) == n
m = bytes_to_long(flag)
c = pow(m,e,n)print("c=",c)
print("n=",n)
print("a0=",a0)
print("a1=",a1)
print("b0=",b0)
print("b1=",b1)当
N=ma2+nb2N=ma^2+nb^2N=ma2+nb2
N=mc2+nd2N = mc^2+nd^2N=mc2+nd2
则有,N=(N,ad−bc)⋅N(N,ad−bc)N = (N,ad-bc) \\cdot \\frac{N}{(N,ad-bc)}N=(N,ad−bc)⋅(N,ad−bc)N
那么,p=gcd(N,ad−bc)那么,p = gcd(N,ad-bc)那么,p=gcd(N,ad−bc)
解题代码:
import gmpy2
from Crypto.Util.number import *c= 34007465638566836660852768374211870538357285529060206826620688555044780516477877596651414637089490522614456532732711803500304737160162560168303462221485961593760966240770414498297915175227814336224871400766371471776600674705757656616409870237891336752248110367865552469248343708419900511716030176178698949179
n= 70043427687738872803871163276488213173780425282753969243938124727004843810522473265066937344440899712569316720945145873584064860810161865485251816597432836666987134938760506657782143983431621481190009008491725207321741725979791393566155990005404328775785526238494554357279069151540867533082875900530405903003
a0= 8369195163678456889416121467476480674288621867182572824570660596055739410903686466334448920102666056798356927389728982948229326705483052970212882852055482
a1= 8369195163678456889416121462308686152524805984209312455308229689034789710117101859597220211456125364647704791637845189120538925088375209397006380815921158
b0= 25500181489306553053743739056022091355379036380919737553326529889338409847082228856006303427136881468093863020843230477979
b1= 31448594528370020763962343185054872105044827103889010592635556324009793301024988530934510929565983517651356856506719032859
e = (n-pow(a0,2))//pow(b0,2)
p = gmpy2.gcd(a0*b1-a1*b0,n)
q = n//p
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
flag = long_to_bytes(m)
print(flag)
【大概骄傲就i是高高的城头,喜欢之人,就走在城头之上,脚下是骄傲。】