HSC-1th WP CRYPTO
HSC-1th WP CRYPTO
1. Easy SignIn
方法一:
十六进制+base64+base32+base64
方法二:
cyberchef直接梭
方法三:
ciphey一把梭
flag{welc0me_to_my_s1gn_in}2. AFFINE
flag{md5(result)}
仿射密码加密,先根据密文和明文,爆破各位置存在 flag 字符串情况下对应的 a,b 值,再解密整串密文。爆破求 a,b 。
Script1:
letter=string.ascii_letters+string.digits
s = 'xGJ13kkRK9QDfORQomFOf9NZs9LKVZvGqVIsVO9NOkorv'
for a in range(1,128):
for b in range(1,128):
res = ''
#求a关于26的乘法逆元
x, y = get(a, 62)
a1 = x % 62
l= len(s)
for i in range(l):
cipher = a1 * (letter.index(s[i]) - b) % 62
# res+=chr(cipher + 65)
# print(cipher)
res += letter[cipher]
if 'flag' in res:
print(res)Script2:
import string
import hashlib
letter=string.ascii_letters+string.digits
def encrypt(m, a, b):
c = []
for i in range(len(m)):
ch=m[i]
t=(letter.index(ch) * a + b) % 62
c.append(letter[t])
d = ''.join(c)
return d
s='xGJ13kkRK9QDfORQomFOf9NZs9LKVZvGqVIsVO9NOkorv'
for a in range(50):
for b in range(50):
Cipher = encrypt('flag', a, b)
for k in range(len(s)-3):
if Cipher==s[k:k+4]:
print(Cipher,a,b)
# korv 11 17
a=11
b=17
def decrypt(m, a, b):
import gmpy2
c = []
for i in range(len(m)):
ch=m[i]
t=((letter.index(ch) - b) * gmpy2.invert(a,62)) % 62
c.append(letter[t])
d = ''.join(c)
return d
m=decrypt(s, a, b)
print(m)
flag = hashlib.md5("".join(str(m)).encode("utf8")).hexdigest()
print(flag)
# Oh62Affine1sSti1lN0tSecureEnoughToProtectflag
# 2b9b99caae1cc49e5b5aacbc8cc22350flag{2b9b99caae1cc49e5b5aacbc8cc22350}3.LINE-GENERATION-TEST
"Sorry, Tazmi, I can't hold you in my arms anymore" Who said that? flag{md5(result)}
希尔密码,逆矩阵得到12 18 2 19 5即RSCTF
md5加密得flag
flag{e4163deba70420c58acb87abcab34141}4.LATTICE
Part1,extending WienerAttack with two exponents
构造如下矩阵,对其进行格基规约找到最短向量
c1 = 182xxx3
N = 2381xxx9
e1, e2 = 9835783xxx9, 173753xxx3
a = 730 / 2048
M1 = int(pow(N, 0.5))
M2 = int(pow(N, 1 + a))
L2 = matrix(ZZ, [[N, -M1*N, 0, N**2],
[0, M1*e1, -M2*e1, -e1 * N],
[0, 0, M2*e2, -e2 * N],
[0, 0, 0, e1 * e2]])
B = L2.LLL()[0]
A = B * L2 ^ (-1)
phi = int(e1 * A[1] // A[0])
print(long_to_bytes(pow(c1, gmpy2.invert(0x10001, phi), N)))
#b'89c63fd5-00c'Part2 extending WienerAttack with three exponents
和 Part1 类似,实现一个这样的矩阵
c2 = 73xxx3
N = 26xxx9
e1, e2, e3 = 2xxx9, 19xxx5, 1xxxx7
alpha2 = 818/2048
M1 = int(N**(3/2))
M2 = int(N)
M3 = int(N**(3/2 + alpha2))
M4 = int(N**0.5)
M5 = int(N**(3/2 + alpha2))
M6 = int(N**(1+alpha2))
M7 = int(N**(1+alpha2))
D = diagonal_matrix(ZZ, [M1, M2, M3, M4, M5, M6, M7, 1])
B = Matrix(ZZ, [ [1, -N, 0, N**2, 0, 0, 0, -N**3],
[0, e1, -e1, -e1*N, -e1, 0, e1*N, e1*N**2],
[0, 0, e2, -e2*N, 0, e2*N, 0, e2*N**2],
[0, 0, 0, e1*e2, 0, -e1*e2, -e1*e2, -e1*e2*N],
[0, 0, 0, 0, e3, -e3*N, -e3*N, e3*N**2],
[0, 0, 0, 0, 0, e1*e3, 0, -e1*e3*N],
[0, 0, 0, 0, 0, 0, e2*e3, -e2*e3*N],
[0, 0, 0, 0, 0, 0, 0, e1*e2*e3] ])
* D
L = B.LLL()
v = Matrix(ZZ, L[0])
x = v * B**(-1)
phi = (e1*x[0, 1]/x[0, 0]).floor()
flag = pow(c2, gmpy2.invert(0x10001, phi), N)
print(long_to_bytes(flag))
#b'f-4ae0-b369-'Part3 common private exponent
共享多组私钥,且私钥很小,只要满足
就可以构造形如下列矩阵恢复 d
大致的原理可以参考 la 佬博客
这里 n 是 2048 位的,d 是 890 位,至少需要 7 组
nl=[2xxx1, 1xxx, 214xxx1, 27xxx99, 118xxx1, 15xxx1, 2081xxx]
el=[xxxx1, 11xxx, 62xxx3, 1123xxx7, 7xx33, 1xxxx13, 1xxxx]
cl=[269xxxx3, 1xxxx0, 6xxxx9, 9xxx7, 8xxx8, 196xxx5, 15xxx2]
times = 7
M = int(sqrt(nl[0]))
A = [[0 for _ in range(times + 1)] for j in range(times + 1)]
A[0][0] = M
for i in range(1 + times):
for j in range(1 + times):
if j != 0:
if i == 0:
A[i][j] = el[j - 1]
if i == j:
A[i][j] = -nl[i - 1]
A = Matrix(A)
C = A.LLL()
d = abs(C[0][0] // M)
print(long_to_bytes(pow(cl[0], d, nl[0])))
#b'5a3d94a20a2c'拼凑起来套在一起就得到了 flag
flag{89c63fd5-00cf-4ae0-b369-5a3d94a20a2c5.RSA
费马分解RSA
再利用Rabin算法求 。
n=124689085077258164778068312042204623310499608479147230303784397390856552161216990480107601962337145795119702418941037207945225700624
t=10
import gmpy2
for k in range(-1000000,1000000):
x=gmpy2.iroot(k**2+4*t*n,2)
if x[1]:
p=(-k+x[0])//(2*t)
q=t*p+k
break
import gmpy2
from Crypto.Util.number import long_to_bytes,bytes_to_long
phi=(p-1)*(q-1)
e=57742
c=124689085077258164778068312042204623310499608479147230303784397390856552161216990480107601962337145795119702418941037207945225700624
t=gmpy2.gcd(e,phi)
d=gmpy2.invert(e//t,phi)
m=pow(c,d,n)
msg=gmpy2.iroot(m,t)
if msg[1]:
print(long_to_bytes(msg[0]))
#flag{6d22773623d3d5c871692e9985de5f16}flag{6d22773623d3d5c871692e9985de5f16}6.BABY-RSA
lfsr恢复高位p
from Crypto.Util.number import*
f = open('key','rb').read()
key = str(f,encoding="utf-8")
def lfsr(status,mask):
out = (status << 1) & 0xffffffff
i=(status&mask)&0xffffffff
lastbit=0
while i!=0:
lastbit^=(i&1)
i=i>>1
out^=lastbit
return (out,lastbit)
status= 1
mask = 0b10110001110010011100100010110101
pp = ''
for i in range(len(str(key))):
(status,out) = lfsr(status,mask)
pp += str(int(key[i]) ^ out)
pp = int(pp, 2)
print(hex(pp))coppersmith恢复p
n=93635433746653382838611456563401157565983287448706207567987790808
2672577469136416164833537806270543399904811756435663709442193088616
6369832353405527855104576202658647651524758179962855692461154859961
9035319901722797640991991571811677753079506904929698598299268089509
6412067808246044884792707448756861953656874030164998855547649020669
3181162301088156855926656544441682939839165455244630182978802660669
2554015762139410676798881642375868793646156649422342478962141952625
1093534592251283163238574173581012273013036652161283455656583862370
8828780093323310348242654778247293430853566054703991781432542625271
396246500576703
e=65537
pbits=1024
for i in range(0,256):
p4 =0x807c1395b8128e6de865ab20dd2a39684f6831464553c65215cfe2861192657b6
938d227c75e902ae858fdbd8b118c8522c08a3bf978bb203bc1644fe526f2de55b0
65b050795800
p4 = p4 + int(hex(i), 16)
kbits = pbits - p4.nbits()
p4 = p4 << kbits
PR.<x> = PolynomialRing(Zmod(n))
f = x + p4
roots = f.small_roots(X=2 ^ kbits, beta=0.4)
if roots:
p = p4 + int(roots[0])
print("n=", n)
print("p=", p)
print("q=", n // p)普通rsa
import gmpy2
from Crypto.Util.number import *
n=
9363543374665338283861145656340115756598328744870620756798779080826
7257746913641616483353780627054339990481175643566370944219308861663
6983235340552785510457620265864765152475817996285569246115485996190
3531990172279764099199157181167775307950690492969859829926808950964
1206780824604488479270744875686195365687403016499885554764902066931
8116230108815685592665654444168293983916545524463018297880266066925
5401576213941067679888164237586879364615664942234247896214195262510
9353459225128316323857417358101227301303665216128345565658386237088
2878009332331034824265477824729343085356605470399178143254262527139
6246500576703
p=
9022500628862702093326702442579764704296555448627367414547462902233
5483579168020321334177600624475358419458781387021577078957978886555
0662645143649512298718336117131446171558370233137567417160419931591
5509352276941674246168381004104536192633494611554748723427252091424
9496954864904467634471167509689549908477
q=
1037799137936510742142635030105940714249690733538416226046589748129
4002998062458411639830591826928312697116327962094519090758259792206
8185151061264528002313474791985042185827606404465614715082278876591
6004528092853543075827672659991342372777325066714638341019562139613
09366951706106789005830772784151863039339
e=65537
c=36413045370298157467271638945545573223820125399539481834063082311
7425957126360862197097367120200145695562245837130342475081501757810
4069924877881162707673935496925529412748663209884628320657034190702
3489248147942630414832603779605695308693866199214254153239129643059
7977690959820020223691282396886748569610169187958079900024071577801
0424877093758489309380968229017074542588151574195295436881889313935
7342821414474981345430531064639518649745123753140914407131650471885
9069343193859982234058893459171259299562233452279991456352863070568
7647950894928965913199772209825508001274120556508220248069647851360
567609656517789
phi = (p - 1) * (q - 1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
print(long_to_bytes(m))flag{fbbce1e3aa690ebb49039241f940ed26}红客突击队于2019年由队长k龙牵头,联合国内多位顶尖高校研究生成立。其团队从成立至今多次参加国际网络安全竞赛并取得良好成绩,积累了丰富的竞赛经验。团队现有三十多位正式成员及若干预备人员,下属联合分队数支。红客突击队始终秉承先做人后技术的宗旨,旨在打造国际顶尖网络安全团队。
本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2022-04-24,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读