2017第二届广东省强网杯线上赛

braveX

题目名称：RSA
题目内容：Download
解题思路：
先利用yafu分解得到p q
然后写个脚本算密文

1. #!/usr/bin/env python
   
2. # coding:utf-8
   
3. 
   
4. __author__ = 'zhengjim'
   
5. 
   
6. import gmpy2
   
7. 
   
8. p = gmpy2.mpz(31093551302922880999883020803665536616272147022877428745314830867519351013248914244880101094365815998050115415308439610066700139164376274980650005150267949853671653233491784289493988946869396093730966325659249796545878080119206283512342980854475734097108975670778836003822789405498941374798016753689377992355122774401780930185598458240894362246194248623911382284169677595864501475308194644140602272961699230282993020507668939980205079239221924230430230318076991507619960330144745307022538024878444458717587446601559546292026245318907293584609320115374632235270795633933755350928537598242214216674496409625928997877221)
   
9. q = gmpy2.mpz(31093551302922880999883020803665536616272147022877428745314830867519351013248914244880101094365815998050115415308439610066700139164376274980650005150267949853671653233491784289493988946869396093730966325659249796545878080119206283512342980854475734097108975670778836003822789405498941374798016753689377992355122774401780930185598458240894362246194248623911382284169677595864501475308194644140602272961699230282993020507668939980205079239221924230430230318076991507619960330144745307022538024878444458717587446601559546292026245318907293584609320115374632235270795633933755350928537598242214216674496409625928797450473)
   
10. e = gmpy2.mpz(65537)
    
11. #计算d
    
12. phi_n = (p - 1) * (q - 1)
    
13. d = gmpy2.invert(e, phi_n)
    
14. print "private key:"
    
15. print d
    
16. 
    
17. #求密文
    
18. c = gmpy2.mpz(168502910088858295634315070244377409556567637139736308082186369003227771936407321783557795624279162162305200436446903976385948677897665466290852769877562167487142385308027341639816401055081820497002018908896202860342391029082581621987305533097386652183849657065952062433988387640990383623264405525144003500286531262674315900537001845043225363148359766771033899680111076181672797077410584747509581932045540801777738548872747597899965366950827505529432483779821158152928899947837196391555666165486441878183288008753561108995715961920472927844877569855940505148843530998878113722830427807926679324241141182238903567682042410145345551889442158895157875798990903715105782682083886461661307063583447696168828687126956147955886493383805513557604179029050981678755054945607866353195793654108403939242723861651919152369923904002966873994811826391080318146260416978499377182540684409790357257490816203138499369634490897553227763563553981246891677613446390134477832143175248992161641698011195968792105201847976082322786623390242470226740685822218140263182024226228692159380557661591633072091945077334191987860262448385123599459647228562137369178069072804498049463136233856337817385977990145571042231795332995523988174895432819872832170029690848)
    
19. print "plaintext:"
    
20. 
    
21. print "plaintext:"
    
22. M  =  pow(c,d,p*q)
    
23. print '[10进制]'+str(M)
    
24. flag = str(hex(M))[2:]
    
25. print '[16进制]'+flag
    
26. print '[ASCII码]'+flag.decode('hex')

复制代码

题目名称：SimpleMath
题目内容：Download
解题思路：
由题目脚本可以看到：
hack = (f1*f2...*f14 + f2*f3...*f14 + f3*f4...*f14 + f14 + 1)*pad
pad为hack的一个因子，用http://factordb.com/对hack大数分解，得到质因子：
2^2 · 19 · 31 · 59 · 97 · 127 · 3727 · 44948980991 · 1753609692783577883 · 556795634058750798159011。
由此可得出结论，pad为这些质因子的乘积组合。
1、因为pad为MD5值，所以pad符合：
0x10000000000000000000000000000000<pad<0xffffffffffffffffffffffffffffffff。
用迭代法穷尽所有质因子乘积组合，找到符合上一条件的所有pad。
2、hack/pad-1 = f1*f2...*f14 + f2*f3...*f14 + f3*f4...*f14 + f14 ，f1~f14为可见字符(32~126),所以有条件：
(hack/pad - 1) % (f14) = 0
((hack/pad - 1) / f14 -1) % f13 =0
......
同意利用迭代法，找到符合条件的pad,并倒叙打出符合条件的可整除的可见字符，有两个符合条件：
301029523552535981934367911782880889228  ：  veryl1keMath!!
143231789432255023662320216090241713423  ：  \2`Q{gKn{Sjjn)
3、穷尽f0,计算flag的MD5，得到pad，与之对应的比较，最终得出flag为:
Iveryl1keMath!!

上代码：

1. from Crypto.Util.number import *
   
2. from hashlib import md5
   
3. hack=280098481791453837177137197730537158171743673148935867304957882116
   
4. numMin=0x10000000000000000000000000000000
   
5. numMax=0xffffffffffffffffffffffffffffffff
   
6. factors=[2,2,19,31,59,97,127,3727,44948980991,1753609692783577883,556795634058750798159011]
   
7. #<1> find the pad
   
8. #(f1*f2...*f14 + f2*f3...*f14 + f3*f4...*f14 + f14 + 1)*pad = hack
   
9. #ascii [32~126] visible char
   
10. #301029523552535981934367911782880889228
    
11. #143231789432255023662320216090241713423
    
12. #<2> print the flag :
    
13. #veryl1keMath!!
    
14. #\2`Q{gKn{Sjjn)
    
15. #<3> caculate md5
    
16. def checkValue(count,value):
    
17. if count==14 and value==1:
    
18. return 1
    
19. for i in range(32,127):
    
20. if (value-1)%i==0:
    
21. if checkValue(count+1,(value-1)/i)==1:
    
22. return 1
    
23. return 0
    
24. def findFlag(count,value,flag):
    
25. if count>14 or (count==14 and value!=1):
    
26. return 0
    
27. if count==14 and value==1:
    
28. return 1
    
29. for i in range(32,127):
    
30. if (value-1)%i==0:
    
31. flag[count]=i
    
32. if findFlag(count+1,(value-1)/i,flag)==1:
    
33. return 1
    
34. return 0
    
35. def findpad(value,index):
    
36. for i in range(index,11):
    
37. tmp=value*factors[i]
    
38. if tmp>=numMin and tmp<= numMax:
    
39. flag = [0 for i in range(14)]
    
40. if findFlag(0,hack/tmp,flag)==1:
    
41. #<1>print flag
    
42. for j in range(0,14):
    
43. print chr(flag[13-j]),
    
44. print '\n'
    
45. findpad(tmp,i+1)
    
46. findpad(1,0)
    
47. #check md5
    
48. for i in range(32,127):
    
49. flag=chr(i)+'veryl1keMath!!'
    
50. pad = bytes_to_long(md5(flag).digest())
    
51. if pad==301029523552535981934367911782880889228:
    
52. print flag
    
53. for i in range(32,127):
    
54. flag=chr(i)+'\\2`Q{gKn{Sjjn)'
    
55. if pad==143231789432255023662320216090241713423:
    
56. print flag

复制代码

题目名称：Known
题目内容：Download
解题思路：
# coding=utf-8
import base64
import string
import binascii
#随便从known.txt中取出一行，这里去除第一行
plain = "jYj0ApA8korwFrDKhkBsyAfcklX81hYr"
password = "IB8hBnIHFQkRBAERABwFCDsPe0AadDEZJVkIbWMyFzo="
#password.enc中的内容
encpwd = base64.b64decode("CzVrT1wCdFoUBARGMgYgN3McVkFDQzIINxUjPD8qIi0=")
dpwd = base64.b64decode(password)
#长度为32，和明文长度相同，则使用简单的异或运算
key = ""
for i in range(0,len(plain)):
key += chr(ord(plain)^ ord(dpwd))
filekey = ""
for i in range(0,len(plain)):
filekey += chr(ord(key)^ ord(encpwd))
#获得压缩文件的解压缩密码
print "file password : " + filekey
plain_text = ""
cipher_text = ""
#根据每一样用：分割的字符长度相同，大概看一下为基础的替换
f = open("known.txt","r")
data = f.readline()
#拼接明文字串以及密文字串
while(len(data) != 0):
data = f.readline()[0:-1]
dt = data.split(':')
if(len(dt) == 2) :
plain_text =  plain_text + dt[0]
cipher_text = cipher_text + dt[1]
f.close()
#获取标准字串对应的替换字串
encode_table = '{' + string.letters + string.digits + '}'
decode_table = ""
for i in encode_table:
decode_table += cipher_text[plain_text.find(i)]
print "default table : " + encode_table
print "challage_table : " + decode_table
#加密的flag
encrypt_flag = "uAmUXk{jW{Stp{JpMA0spF7OS0SS0aq8"
decrypt_flag =""
#利用对应关系获得原始的flag
for i in encrypt_flag:
decrypt_flag += encode_table[decode_table.find(i)]
print "The True flag is : " + decrypt_flag