安全矩阵

 找回密码
 立即注册
搜索
查看: 4039|回复: 0

2017第二届广东省强网杯线上赛

[复制链接]

12

主题

18

帖子

150

积分

注册会员

Rank: 2

积分
150
发表于 2020-4-2 19:55:30 | 显示全部楼层 |阅读模式
题目名称:RSA
题目内容:Download
解题思路
先利用yafu分解得到p q
然后写个脚本算密文

  1. #!/usr/bin/env python
  2. # coding:utf-8

  3. __author__ = 'zhengjim'

  4. import gmpy2

  5. p = gmpy2.mpz(31093551302922880999883020803665536616272147022877428745314830867519351013248914244880101094365815998050115415308439610066700139164376274980650005150267949853671653233491784289493988946869396093730966325659249796545878080119206283512342980854475734097108975670778836003822789405498941374798016753689377992355122774401780930185598458240894362246194248623911382284169677595864501475308194644140602272961699230282993020507668939980205079239221924230430230318076991507619960330144745307022538024878444458717587446601559546292026245318907293584609320115374632235270795633933755350928537598242214216674496409625928997877221)
  6. q = gmpy2.mpz(31093551302922880999883020803665536616272147022877428745314830867519351013248914244880101094365815998050115415308439610066700139164376274980650005150267949853671653233491784289493988946869396093730966325659249796545878080119206283512342980854475734097108975670778836003822789405498941374798016753689377992355122774401780930185598458240894362246194248623911382284169677595864501475308194644140602272961699230282993020507668939980205079239221924230430230318076991507619960330144745307022538024878444458717587446601559546292026245318907293584609320115374632235270795633933755350928537598242214216674496409625928797450473)
  7. e = gmpy2.mpz(65537)
  8. #计算d
  9. phi_n = (p - 1) * (q - 1)
  10. d = gmpy2.invert(e, phi_n)
  11. print "private key:"
  12. print d

  13. #求密文
  14. c = gmpy2.mpz(168502910088858295634315070244377409556567637139736308082186369003227771936407321783557795624279162162305200436446903976385948677897665466290852769877562167487142385308027341639816401055081820497002018908896202860342391029082581621987305533097386652183849657065952062433988387640990383623264405525144003500286531262674315900537001845043225363148359766771033899680111076181672797077410584747509581932045540801777738548872747597899965366950827505529432483779821158152928899947837196391555666165486441878183288008753561108995715961920472927844877569855940505148843530998878113722830427807926679324241141182238903567682042410145345551889442158895157875798990903715105782682083886461661307063583447696168828687126956147955886493383805513557604179029050981678755054945607866353195793654108403939242723861651919152369923904002966873994811826391080318146260416978499377182540684409790357257490816203138499369634490897553227763563553981246891677613446390134477832143175248992161641698011195968792105201847976082322786623390242470226740685822218140263182024226228692159380557661591633072091945077334191987860262448385123599459647228562137369178069072804498049463136233856337817385977990145571042231795332995523988174895432819872832170029690848)
  15. print "plaintext:"

  16. print "plaintext:"
  17. M  =  pow(c,d,p*q)
  18. print '[10进制]'+str(M)
  19. flag = str(hex(M))[2:]
  20. print '[16进制]'+flag
  21. print '[ASCII码]'+flag.decode('hex')
复制代码


题目名称:SimpleMath
题目内容:Download
解题思路
由题目脚本可以看到:
hack = (f1*f2...*f14 + f2*f3...*f14 + f3*f4...*f14 + f14 + 1)*pad
pad为hack的一个因子,用http://factordb.com/对hack大数分解,得到质因子:
2^2 · 19 · 31 · 59 · 97 · 127 · 3727 · 44948980991 · 1753609692783577883 · 556795634058750798159011。
由此可得出结论,pad为这些质因子的乘积组合。
1、因为pad为MD5值,所以pad符合:
0x10000000000000000000000000000000<pad<0xffffffffffffffffffffffffffffffff。
用迭代法穷尽所有质因子乘积组合,找到符合上一条件的所有pad。
2、hack/pad-1 = f1*f2...*f14 + f2*f3...*f14 + f3*f4...*f14 + f14 ,f1~f14为可见字符(32~126),所以有条件:
(hack/pad - 1) % (f14) = 0
((hack/pad - 1) / f14 -1) % f13 =0
......
同意利用迭代法,找到符合条件的pad,并倒叙打出符合条件的可整除的可见字符,有两个符合条件:
301029523552535981934367911782880889228  :  veryl1keMath!!
143231789432255023662320216090241713423  :  \2`Q{gKn{Sjjn)
3、穷尽f0,计算flag的MD5,得到pad,与之对应的比较,最终得出flag为:
Iveryl1keMath!!

上代码:
  1. from Crypto.Util.number import *
  2. from hashlib import md5
  3. hack=280098481791453837177137197730537158171743673148935867304957882116
  4. numMin=0x10000000000000000000000000000000
  5. numMax=0xffffffffffffffffffffffffffffffff
  6. factors=[2,2,19,31,59,97,127,3727,44948980991,1753609692783577883,556795634058750798159011]
  7. #<1> find the pad
  8. #(f1*f2...*f14 + f2*f3...*f14 + f3*f4...*f14 + f14 + 1)*pad = hack
  9. #ascii [32~126] visible char
  10. #301029523552535981934367911782880889228
  11. #143231789432255023662320216090241713423
  12. #<2> print the flag :
  13. #veryl1keMath!!
  14. #\2`Q{gKn{Sjjn)
  15. #<3> caculate md5
  16. def checkValue(count,value):
  17. if count==14 and value==1:
  18. return 1
  19. for i in range(32,127):
  20. if (value-1)%i==0:
  21. if checkValue(count+1,(value-1)/i)==1:
  22. return 1
  23. return 0
  24. def findFlag(count,value,flag):
  25. if count>14 or (count==14 and value!=1):
  26. return 0
  27. if count==14 and value==1:
  28. return 1
  29. for i in range(32,127):
  30. if (value-1)%i==0:
  31. flag[count]=i
  32. if findFlag(count+1,(value-1)/i,flag)==1:
  33. return 1
  34. return 0
  35. def findpad(value,index):
  36. for i in range(index,11):
  37. tmp=value*factors[i]
  38. if tmp>=numMin and tmp<= numMax:
  39. flag = [0 for i in range(14)]
  40. if findFlag(0,hack/tmp,flag)==1:
  41. #<1>print flag
  42. for j in range(0,14):
  43. print chr(flag[13-j]),
  44. print '\n'
  45. findpad(tmp,i+1)
  46. findpad(1,0)
  47. #check md5
  48. for i in range(32,127):
  49. flag=chr(i)+'veryl1keMath!!'
  50. pad = bytes_to_long(md5(flag).digest())
  51. if pad==301029523552535981934367911782880889228:
  52. print flag
  53. for i in range(32,127):
  54. flag=chr(i)+'\\2`Q{gKn{Sjjn)'
  55. if pad==143231789432255023662320216090241713423:
  56. print flag
复制代码


题目名称:Known
题目内容:Download
解题思路
# coding=utf-8
import base64
import string
import binascii
#随便从known.txt中取出一行,这里去除第一行
plain = "jYj0ApA8korwFrDKhkBsyAfcklX81hYr"
password = "IB8hBnIHFQkRBAERABwFCDsPe0AadDEZJVkIbWMyFzo="
#password.enc中的内容
encpwd = base64.b64decode("CzVrT1wCdFoUBARGMgYgN3McVkFDQzIINxUjPD8qIi0=")
dpwd = base64.b64decode(password)
#长度为32,和明文长度相同,则使用简单的异或运算
key = ""
for i in range(0,len(plain)):
key += chr(ord(plain)^ ord(dpwd))
filekey = ""
for i in range(0,len(plain)):
filekey += chr(ord(key)^ ord(encpwd))
#获得压缩文件的解压缩密码
print "file password : " + filekey
plain_text = ""
cipher_text = ""
#根据每一样用:分割的字符长度相同,大概看一下为基础的替换
f = open("known.txt","r")
data = f.readline()
#拼接明文字串以及密文字串
while(len(data) != 0):
data = f.readline()[0:-1]
dt = data.split(':')
if(len(dt) == 2) :
plain_text =  plain_text + dt[0]
cipher_text = cipher_text + dt[1]
f.close()
#获取标准字串对应的替换字串
encode_table = '{' + string.letters + string.digits + '}'
decode_table = ""
for i in encode_table:
decode_table += cipher_text[plain_text.find(i)]
print "default table : " + encode_table
print "challage_table : " + decode_table
#加密的flag
encrypt_flag = "uAmUXk{jW{Stp{JpMA0spF7OS0SS0aq8"
decrypt_flag =""
#利用对应关系获得原始的flag
for i in encrypt_flag:
decrypt_flag += encode_table[decode_table.find(i)]
print "The True flag is : " + decrypt_flag


回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|安全矩阵

GMT+8, 2024-11-27 22:32 , Processed in 0.012290 second(s), 18 queries .

Powered by Discuz! X4.0

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表