custom_base64_chars = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ+/" from Crypto.Cipher import DES from Crypto.Random import get_random_bytes import binascii import string import base64 for i in string.digits: for j in string.digits: for k in string.digits: for l in string.digits: for m in string.digits: for n in string.digits: key=i+j+k+l+m+n key=key.encode() num=key key = base64.b64encode(key).translate(bytes.maketrans(b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', custom_base64_chars.encode('utf-8'))) encrypted_data_hex = '0723105d5c12217dcdc3601f5ecb54da9ccec2279f1684a13a0d716d17217f4c9ea85ff1a42795731ca3c55d3a4d7bea' encrypted_data = binascii.unhexlify(encrypted_data_hex) cipher = DES.new(key, DES.MODE_ECB) decrypted_data = cipher.decrypt(encrypted_data) if(decrypted_data.decode('latin1').startswith('DASCTF{')): print(num) print(decrypted_data.decode('latin1'))
#DASCTF{f771b96b71514bb6bc20f3275fa9404e}
CSGO
IDA调试不知道为什么有问题,一直卡住,直接x64dbg,一路调试,直接取得base64的表
Blast
发现MD5的常量表
丢到网站上查一下,md5了两次,直接打表进行比较
1 2 3 4 5 6 7 8 9 10 11 12 13 14
a=['14d89c38cd0fb23a14be2798d449c182','a94837b18f8f43f29448b40a6e7386ba','af85d512594fc84a5c65ec9970956ea5','af85d512594fc84a5c65ec9970956ea5','10e21da237a4a1491e769df6f4c3b419','a705e8280082f93f07e3486636f3827a','297e7ca127d2eef674c119331fe30dff','b5d2099e49bdb07b8176dff5e23b3c14','83be264eb452fcf0a1c322f2c7cbf987','a94837b18f8f43f29448b40a6e7386ba','71b0438bf46aa26928c7f5a371d619e1','a705e8280082f93f07e3486636f3827a','ac49073a7165f41c57eb2c1806a7092e','a94837b18f8f43f29448b40a6e7386ba','af85d512594fc84a5c65ec9970956ea5','ed108f6919ebadc8e809f8b86ef40b05','10e21da237a4a1491e769df6f4c3b419','3cfd436919bc3107d68b912ee647f341','a705e8280082f93f07e3486636f3827a','65c162f7c43612ba1bdf4d0f2912bbc0','10e21da237a4a1491e769df6f4c3b419','a705e8280082f93f07e3486636f3827a','3cfd436919bc3107d68b912ee647f341','557460d317ae874c924e9be336a83cbe','a705e8280082f93f07e3486636f3827a','9203d8a26e241e63e4b35b3527440998','10e21da237a4a1491e769df6f4c3b419','f91b2663febba8a884487f7de5e1d249','a705e8280082f93f07e3486636f3827a','d7afde3e7059cd0a0fe09eec4b0008cd','488c428cd4a8d916deee7c1613c8b2fd','39abe4bca904bca5a11121955a2996bf','a705e8280082f93f07e3486636f3827a','3cfd436919bc3107d68b912ee647f341','39abe4bca904bca5a11121955a2996bf','4e44f1ac85cd60e3caa56bfd4afb675e','45cf8ddfae1d78741d8f1c622689e4af','3cfd436919bc3107d68b912ee647f341','39abe4bca904bca5a11121955a2996bf','4e44f1ac85cd60e3caa56bfd4afb675e','37327bb06c83cb29cefde1963ea588aa','a705e8280082f93f07e3486636f3827a','23e65a679105b85c5dc7034fded4fb5f','10e21da237a4a1491e769df6f4c3b419','71b0438bf46aa26928c7f5a371d619e1','af85d512594fc84a5c65ec9970956ea5','39abe4bca904bca5a11121955a2996bf'] import hashlib import string dic={} c=[] for i in string.printable: md5_hash = hashlib.md5(i.encode()) t=hashlib.md5(md5_hash.hexdigest().encode()) dic[i]=t.hexdigest() for i in a: for key, val in dic.items(): if val == i: print(key,end="") #Hello_Ctfer_Velcom_To_my_Mov_and_md5(md5)_world
from gmpy2 import * from Crypto.Util.number import * from sympy import *
n = 20289788565671012003324307131062103060859990244423187333725116068731043744218295859587498278382150779775620675092152011336913225797849717782573829179765649320271927359983554162082141908877255319715400550981462988869084618816967398571437725114356308935833701495015311197958172878812521403732038749414005661189594761246154666465178024563227666440066723650451362032162000998737626370987794816660694178305939474922064726534186386488052827919792122844587807300048430756990391177266977583227470089929347969731703368720788359127837289988944365786283419724178187242169399457608505627145016468888402441344333481249304670223 e = 11079917583 c = 13354219204055754230025847310134936965811370208880054443449019813095522768684299807719787421318648141224402269593016895821181312342830493800652737679627324687428327297369122017160142465940412477792023917546122283870042482432790385644640286392037986185997262289003477817675380787176650410819568815448960281666117602590863047680652856789877783422272330706693947399620261349458556870056095723068536573904350085124198592111773470010262148170379730937529246069218004969402885134027857991552224816835834207152308645148250837667184968030600819179396545349582556181916861808402629154688779221034610013350165801919342549766
s=5741*21 r=e//s m=4 a_b = int(iroot(n - e, 4)[0]) a = Symbol('a') b = Symbol('b') print(a_b)
ans = solve([a * b - a_b, (a**m+r)*(b**m+s)-n], [a, b]) print(r,s) print(ans) a = int(ans[1][0]) b = int(ans[1][1]) p = a ** 4 + r q = n // p print(isPrime(q)) print(q)
p= 5213351003420231819415242686664610206224730148063270274863722096379841592931572096469136339538500817713355302889731144789372844731378975059329731297860686270736540109105854515590165681366189003405833252270606896051264517339339578167231093908235856718285980689179840159807651185918046198419707669304960745217 q= 3891889986375336330559716098591764128742918441309724777337583126578227827768865619689858547513951476952436981068109005313431255086775128227872912287517417948310766208005723508039484956447166240210962374423348694952997002274647622939970550008327647559433222317977926773242269276334110863262269534189811138319 n = 20289788565671012003324307131062103060859990244423187333725116068731043744218295859587498278382150779775620675092152011336913225797849717782573829179765649320271927359983554162082141908877255319715400550981462988869084618816967398571437725114356308935833701495015311197958172878812521403732038749414005661189594761246154666465178024563227666440066723650451362032162000998737626370987794816660694178305939474922064726534186386488052827919792122844587807300048430756990391177266977583227470089929347969731703368720788359127837289988944365786283419724178187242169399457608505627145016468888402441344333481249304670223 e = 11079917583 enc=13354219204055754230025847310134936965811370208880054443449019813095522768684299807719787421318648141224402269593016895821181312342830493800652737679627324687428327297369122017160142465940412477792023917546122283870042482432790385644640286392037986185997262289003477817675380787176650410819568815448960281666117602590863047680652856789877783422272330706693947399620261349458556870056095723068536573904350085124198592111773470010262148170379730937529246069218004969402885134027857991552224816835834207152308645148250837667184968030600819179396545349582556181916861808402629154688779221034610013350165801919342549766 from Crypto.Util.number import * import itertools defget_oneroot(p, e): whileTrue: Zp = Zmod(p) g = Zp.random_element() g = g^((p-1) // e) for mult in divisors(e): if (mult != e): g2 = g^mult if (g2 == 1): break else: return g
defdecrypt(p, c, e): w = gcd(e, p-1) e1, p1 = e // w, (p-1) // w d = inverse_mod(e1, p1) c1 = pow(c, d, p) g, a, b = xgcd(p1, w) g = get_oneroot(p, w) m = pow(c1, b, p) return [ZZ(m * g^i) for i inrange(w)]
mp_list = decrypt(p, enc, e) print('Find root p OK') mq_list = decrypt(q, enc, e) print('Find root q OK') for mp, mq in itertools.product(mp_list, mq_list): m = crt([mp, mq], [p, q]) msg = long_to_bytes(int(m)) print(msg)
Easy_3L
就一个NTRU构造格求解就行
1 2 3 4 5 6 7 8 9 10 11 12 13
p = 25886434964719448194352673440525701654705794467884891063997131230558866479588298264578120588832128279435501897537203249743883076992668855905005985050222145380285378634993563571078034923112985724204131887907198503097115380966366598622251191576354831935118147880783949022370177789175320661630501595157946150891275992785113199863734714343650596491139321990230671901990010723398037081693145723605154355325074739107535905777351 h = 2332673914418001018316159191702497430320194762477685969994411366563846498561222483921873160125818295447435796015251682805613716554577537183122368080760105458908517619529332931042168173262127728892648742025494771751133664547888267249802368767396121189473647263861691578834674578112521646941677994097088669110583465311980605508259404858000937372665500663077299603396786862387710064061811000146453852819607311367850587534711 c = 20329058681057003355767546524327270876901063126285410163862577312957425318547938475645814390088863577141554443432653658287774537679738768993301095388221262144278253212238975358868925761055407920504398004143126310247822585095611305912801250788531962681592054588938446210412897150782558115114462054815460318533279921722893020563472010279486838372516063331845966834180751724227249589463408168677246991839581459878242111459287
from extend_mt19937_predictor import ExtendMT19937Predictor from Crypto.Util.number import * from Crypto.Cipher import DES3 from random import * import hashlib f=open('task.txt','r') ls1=[] ls2=[] for i inrange(624): ls1.append(f.readline()[2:-1])
for i inrange(312): ls2.append(f.readline()[2:-1]) ran=[] k=0 for num in ls2: tmp=int(num,16) s=bin(tmp)[2:].zfill(32) s1=bin(int(ls1[k+1],16))[2:].zfill(16) s2=s[:16] s3=bin(int(ls1[k],16))[2:].zfill(16) s4=s[16:] ran.append(int(s1+s2+s3+s4,2)) k+=2 rc=ExtendMT19937Predictor() for i inrange(len(ran)): rc.setrandbits(ran[i],64) K2=rc.predict_getrandbits(64)
import binascii pubKey = [18143710780782459577, 54431132342347378731, 163293397027042136193, 489880191081126408579, 1469640573243379225737, 4408921719730137677211, 13226765159190413031633, 39680295477571239094899, 119040886432713717284697, 357122659298141151854091, 1071367977894423455562273, 3214103933683270366686819, 9642311801049811100060457, 28926935403149433300181371, 86780806209448299900544113, 260342418628344899701632339, 781027255885034699104897017, 2343081767655104097314691051, 7029245302965312291944073153, 21087735908895936875832219459, 63263207726687810627496658377, 189789623180063431882489975131, 569368869540190295647469925393, 1708106608620570886942409776179, 601827224419797931380408071500, 1805481673259393794141224214500, 893952418336266652976851386463, 2681857255008799958930554159389, 3523079163584485147344841221130, 1524252287869625983140881149316, 50264262166963219975822190911, 150792786500889659927466572733, 452378359502668979782399718199, 1357135078508006939347199154597, 4071405235524020818041597463791, 3169230503688232995231149877299, 462706308180869526799807117823, 1388118924542608580399421353469, 4164356773627825741198264060407, 3448085117999647764701149667147, 1299270151115113835209806487367, 3897810453345341505629419462101, 2648446157152195057994615872229, 3422845870014670444537026359650, 1223552407160181874717436564876, 3670657221480545624152309694628, 1966986461557807413563286569810, 1378466783231507511243038452393, 4135400349694522533729115357179, 3361215846199738142293703557463, 1038662335715384967987468158315, 3115987007146154903962404474945, 302975818554635252993570910761, 908927455663905758980712732283, 2726782366991717276942138196849, 3657854499533237101379593333510, 1928578295715881845245137486456, 1263242285705730806288591202331, 3789726857117192418865773606993, 2324195368467747797703678306905, 2450093503961328663664213663678, 2827787910442071261545819733997, 3960871129884299055190637944954, 2837628186769067706678271320788] encoded=31087054322877663244023458448558 nbit=len(pubKey) # create a large matrix of 0's (dimensions are public key length +1) A = Matrix(ZZ, nbit + 1, nbit + 1) # fill in the identity matrix for i inrange(nbit): A[i, i] = 1 # replace the bottom row with your public key for i inrange(nbit): A[i, nbit] = pubKey[i] # last element is the encoded message A[nbit, nbit] = -int(encoded)
res = A.LLL() for i inrange(0, nbit + 1): # print solution M = res.row(i).list() flag = True for m in M: if m != 0and m != 1: flag = False break if flag: print(i, M) M = ''.join(str(j) for j in M) # remove the last bit M = M[:-1] M = hex(int(M, 2))[2:-1] print(M)
求出e之后,再copper求出p
1 2 3 4 5 6 7 8
p = 139540788452365306201344680691061363403552933527922544113532931871057569249632300961012384092481349965600565669315386312075890938848151802133991344036696488204791984307057923179655351110456639347861739783538289295071556484465877192913103980697449775104351723521120185802327587352171892429135110880845830815744 n = 22687275367292715121023165106670108853938361902298846206862771935407158965874027802803638281495587478289987884478175402963651345721058971675312390474130344896656045501040131613951749912121302307319667377206302623735461295814304029815569792081676250351680394603150988291840152045153821466137945680377288968814340125983972875343193067740301088120701811835603840224481300390881804176310419837493233326574694092344562954466888826931087463507145512465506577802975542167456635224555763956520133324723112741833090389521889638959417580386320644108693480886579608925996338215190459826993010122431767343984393826487197759618771 p0=p>>435 R.<x>=Zmod(n)[] f=p0*2**435+x print(f.small_roots(X=2^435,beta=0.4)) p=22279478575805637289061098350801418725939755105414714905065078232409620860952900304322034404385073099026861643396875749287858710167+p0*2**435 print(p)
最后求个RSA
1 2 3 4 5 6 7 8 9 10
e=15960663600754919507 print(isPrime(e)) n = 22687275367292715121023165106670108853938361902298846206862771935407158965874027802803638281495587478289987884478175402963651345721058971675312390474130344896656045501040131613951749912121302307319667377206302623735461295814304029815569792081676250351680394603150988291840152045153821466137945680377288968814340125983972875343193067740301088120701811835603840224481300390881804176310419837493233326574694092344562954466888826931087463507145512465506577802975542167456635224555763956520133324723112741833090389521889638959417580386320644108693480886579608925996338215190459826993010122431767343984393826487197759618771 c = 156879727064293983713540449709354153986555741467040286464656817265584766312996642691830194777204718013294370729900795379967954637233360644687807499775502507899321601376211142933572536311131955278039722631021587570212889988642265055045777870448827343999745781892044969377246509539272350727171791700388478710290244365826497917791913803035343900620641430005143841479362493138179077146820182826098057144121231954895739989984846588790277051812053349488382941698352320246217038444944941841831556417341663611407424355426767987304941762716818718024107781873815837487744195004393262412593608463400216124753724777502286239464 p=139540788452365306201344680691061363403552933527922544113532931871057569249632300961012384092481349965600565669315386312075890938848151802133991344036696488204791984307057923179677630589032444985150800881889090713797496239571291907818169058929859395965304623825442220206712660451198754072531986630133689525911 q=n//p phi=(p-1)*(q-1) d=inverse(e,phi) m=pow(c,d,n) print(long_to_bytes(m))
from Crypto.Util.number import long_to_bytes from PIL import Image image = Image.open('flag1.png') w,h = image.size # print(w,h) res ='' for i inrange(h): for j inrange(w): if image.getpixel((i,j)) <=(10,10,10): res+='0' else: res+='1' print(long_to_bytes(int(res,2)))
from PIL import Image import numpy as np import base64 im = Image.open('flag1.png') # 将图片转为numpy数组 im = np.asarray(im)
# 获取图片尺寸 x, y, z = im.shape # print(im.shape) #(400, 400, 3)
r = [] for i inrange(x): for j inrange(y): pixel = im[i, j] r.append(pixel[0]) for i,item inenumerate(r): print(item,end=' ') if (i+1) % 400 == 0 : print("\n----------------------------------------------------------------")
img = cv2.imread("key.png") r, c = img.shape[:2] print(r, c) # 137 2494
withopen("key.txt", "w") as f: for y inrange(r): for x inrange(c): uu_byte = binascii.a2b_uu(', '.join(map(lambda x: str(x), img[y, x])) + "\n") f.write(base64.b64encode(uu_byte).decode() + "\n")
#define _CRT_SECURE_NO_WARNINGS #include<stdio.h> #include<stdlib.h> char s[30000]={0}; char code[2000]; int len = 0; intstack[10000]; int stack_len=0;