2023 GDOUCTF --- Crypto wp

Crypto

Absolute_Baby_Encrytpion

将替换的字符反过来,然后把密文逐位解密拼接起来即可

encrypted_string = '+}!q")hiim)#}-nvm)i-$#mvn#0mnbm)im#n+}!qnm8)i-$#mvnoc#0nz<$9inm!>-n1:1-nm8)i-$~c58n!}qhij#0[noic##m8nc8n?!8c}w!n]>&'
print(len(encrypted_string))
decrypted_string = ''
for char in encrypted_string:if char == '!':decrypted_string += 'a'elif char == '1':decrypted_string += 'b'elif char == ')':decrypted_string += 'c'elif char == 'v':decrypted_string += 'd'elif char == 'm':decrypted_string += 'e'elif char == '+':decrypted_string += 'f'elif char == 'q':decrypted_string += 'g'elif char == '0':decrypted_string += 'h'elif char == 'c':decrypted_string += 'i'elif char == ']':decrypted_string += 'j'elif char == '(':decrypted_string += 'k'elif char == '}':decrypted_string += 'l'elif char == '[':decrypted_string += 'm'elif char == '8':decrypted_string += 'n'elif char == '5':decrypted_string += 'o'elif char == '$':decrypted_string += 'p'elif char == '*':decrypted_string += 'q'elif char == 'i':decrypted_string += 'r'elif char == '>':decrypted_string += 's'elif char == '#':decrypted_string += 't'elif char == '<':decrypted_string += 'u'elif char == '?':decrypted_string += 'v'elif char == 'o':decrypted_string += 'w'elif char == '^':decrypted_string += 'x'elif char == '-':decrypted_string += 'y'elif char == '_':decrypted_string += 'z'elif char == 'h':decrypted_string += '0'elif char == 'w':decrypted_string += '1'elif char == 'e':decrypted_string += '2'elif char == '9':decrypted_string += '3'elif char == 'g':decrypted_string += '4'elif char == 'z':decrypted_string += '5'elif char == 'd':decrypted_string += '6'elif char == '~':decrypted_string += '7'elif char == '=':decrypted_string += '8'elif char == 'x':decrypted_string += '9'elif char == 'j':decrypted_string += '!'elif char == ':':decrypted_string += '@'elif char == '4':decrypted_string += '#'elif char == 'b':decrypted_string += '$'elif char == '`':decrypted_string += '%'elif char == 'l':decrypted_string += '^'elif char == '3':decrypted_string += '&'elif char == 't':decrypted_string += '*'elif char == '6':decrypted_string += '('elif char == 's':decrypted_string += ')'elif char == 'n':decrypted_string += '_'elif char == ';':decrypted_string += '+'elif char == '\\'':decrypted_string += '-'elif char == 'r':decrypted_string += '='elif char == 'k':decrypted_string += '`'elif char == 'p':decrypted_string += '~'elif char == '"':decrypted_string += '{'elif char == '&':decrypted_string += '}'elif char == '/':decrypted_string += '['elif char == '\\\\':decrypted_string += ']'elif char == '2':decrypted_string += '|'elif char == '.':decrypted_string += ':'elif char == '%':decrypted_string += ';'elif char == '|':decrypted_string += '"'elif char == ',':decrypted_string += '\\''elif char == '@':decrypted_string += '<'elif char == '{':decrypted_string += '>'elif char == 'u':decrypted_string += ','elif char == '7':decrypted_string += '.'elif char == 'y':decrypted_string += '?'elif char == 'a':decrypted_string += '/'print(decrypted_string)

babylua

seed是由4个字符组成的，key则是其经过二次md5加密后的hex，所以直接爆破seed即可得到key，最后将secret的ascii值减去key的ascii值还原即可

from hashlib import md5
import string
import itertools
dict  = string.printable[:62]
for i in itertools.product(dict,repeat=4):enc = "".join(i)md5_data = md5(enc.encode()).hexdigest()key_md5 = md5(md5_data.encode()).hexdigest()if key_md5[:10]=='b5e62abe84':print(key_md5[:18])break
key = key_md5[:18]
secret = [200, 161, 198, 157, 173, 169, 199, 150, 105, 163, 193, 175, 173, 194, 135, 131, 135, 225]
flag = ''
for i in range(len(secret)):ascii_code = secret[i] - ord(key[i])flag += chr(ascii_code)
print(flag)

Magic of Encoding

将假的flag信息去除，之后可提取出一个压缩包，解压即可得到flag。

import base64
f = open("D:\\学习资料\\CTF\\match\\\\2023gdouctf\\crypto\\Magic_Of_Encoding.txt","r")
data = f.read()
flag_list = ["flag{Xd_fake_flag_xD}","find_me_if_you_can","flag{not_the_correct_flag_lol}","\\nflag{not_the_correct_flag_lol}\\nflag{not_the_correct_flag_lol}\\n"]
base64_flag_list = [base64.b64encode(i.encode()).decode() for i in flag_list]
for i in base64_flag_list:data = data.replace(i,"")
zip_data = base64.b64decode(data)
with open("magic.zip","wb") as file:file.write(zip_data)

Math Problem

copper求x，gcd一下求得p，最后RSA解密即可

#sage
from Crypto.Util.number import *
import gmpy2
e = 65537
n = 79239019133008902130006198964639844798771408211660544649405418249108104979283858140199725213927656792578582828912684320882248828512464244641351915288069266378046829511827542801945752252863425605946379775869602719406340271702260307900825314967696531175183205977973427572862807386846990514994510850414958255877
c = 45457869965165575324534408050513326739799864850578881475341543330291990558135968254698676312246850389922318827771380881195754151389802803398367341521544667542828862543407738361578535730524976113729406101764290984943061582342991118766322793847422471903811686775249409300301726906738475446634950949059180072008
a = 9303981927028382051386918702900550228062240363697933771286553052631411452412621158116514735706670764224584958899184294505751247393129887316131576567242619
b = 9007779281398842447745292673398186664639261529076471011805234554666556577498532370235883716552696783469143334088312327338274844469338982242193952226631913
y = 970090448249525757357772770885678889252473675418473052487452323704761315577270362842929142427322075233537587085124672615901229826477368779145818623466854
PR.<x> = PolynomialRing(Zmod(n))
f = x**3+a*x+b-y**2
f=f.monic()
x0= f.small_roots(X=2^64,beta=0.4,epsilon=0.01)[0]
f = x0**3+a*x0+b-y**2
p = gmpy2.gcd(int(f),n)
q = n//p
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
flag = long_to_bytes(int(m))
print(flag)

Re

Check_Your_Luck

简单Z3约束求解

from z3 import *
v,w,x,y,z = Ints('v w x y z')
s = Solver()
s.add(v * 23 + w * -32 + x * 98 + y * 55 + z * 90 == 333322)
s.add(v * 266 + w * -34 + x * 43 + y * 8 + z * 32 == 1272529)
s.add(v * 231 + w * -321 + x * 938 + y * 555 + z * 970 == 3372367)
s.add(v * 343 + w * -352 + x * 58 + y * 65 + z * 5 == 1672457)
s.add(v * 123 + w * -322 + x * 68 + y * 67 + z * 32 == 707724)
if s.check()==sat:print(s.model())

【一个人，哪能什么都不麻烦别人，偶尔有个一两次，不用太愧疚。】