[ctf.show 元旦水友赛 2024] crypto

news2024/12/28 5:34:46

感觉半个多月回家没有打开过电脑了。看到ctf.show上元旦的比赛,才想起似乎应该看看。

月月的爱情故事

上来这就是个小脑洞题,给了一大段文字和一个base64的串。并且提示:试试摩斯吧!

从文字上看只有三种标点符号,显然就是.-/ 程序过滤一下,不过无法区分./只能试。

a='你知道吗。月月今天遇到了一个让他心动的女孩,她的名字叫做小雨,太幸运了。小雨是一个活泼可爱的女孩!她的笑容如同春天里的阳光。温暖了月月的心,月月第一次见到小雨是在图书馆里!事情是这样的。当时小雨正在专心致志地看书。阳光洒在她的脸上。让她看起来如同天使一般美丽!月月被小雨的美丽和才华所吸引。开始暗暗关注她。在接下来的日子里。月月开始尝试与小雨接触!和她聊天和学习。他们有着许多共同的兴趣爱好,一起度过了许多快乐的时光,渐渐地!月月发现自己对小雨产生了特殊的感情,他开始向小雨表达自己的心意,然而,小雨并没有立即接受月月的感情!她告诉月月。她曾经受过感情的伤害,需要时间来慢慢修复自己的心灵。月月尊重小雨的决定!他开始用更多的时间和精力来陪伴小雨,帮助她走出过去的阴影。在接下来的几个月里。月月和小雨的关系逐渐升温!他们一起参加了许多校园活动。一起探索了那个城市的角角落落。渐渐地!雨也开始对月月产生了感情。她发现自己越来越依赖他。越来越喜欢他。最终!小雨和月月走到了一起,他们的爱情故事成为了校园里的佳话。让同学们都羡慕不已,他们一起度过了青春岁月,一起经历了成长和进步的喜悦与挫折!他们的感情越来越深厚。也越来越稳定。在他们的恋爱过程中,月月和小雨也学会了如何相处和包容对方!他们互相理解互相支持。一起面对生活中的挑战和困难!他们的爱情让他们变得更加坚强和勇敢,也让他们感受到了生命中最美好的东西。月月相信他们能走得更远,更相信自己不会辜负小雨,当他们遭遇挫折和失败的时候!两人永远不会被打倒。这正是他们彼此爱的力量。在他们空闲的时候,月月经常带小雨出去逛街!晚上一起看电影。有一天!月月说将来他要给小雨一场最美的婚礼,小雨十分感动也十分期盼。就这样。这份约定成为了两人前进的动力。两人共同努力最终一起考上了同一所大学的研究生。两人非常开心彼此深情地看着对方似乎有说不完的情话!研究生三年他们互相帮助一起度过了人生最有意义的大学时光,毕业后两人也很轻松找到了自己心仪的企业。月月没有忘记当初的约定。是的。他要给小雨一场最美好的婚礼。终于!这一天到来了,小雨穿上月月为她定制的婚纱。他们手牵手走向了更美好的未来。场下。所有的嘉宾都为他们鼓掌和欢呼并祝福他们的爱情能够永恒长存。'


b='VTJGc2RHVmtYMS9iVkY0NXp5dGxrZUVoZWZBcWtwSFFkTXF0VUxrMk9pYkxxNzlOSEpNbTlyUDNDdGtLckU0MQpDYUJKbU1JVmNVVlNiM0l6cEhldVd3PT0='


#hint:试试摩斯吧!
b64decode(b)
#U2FsdGVkX1/bVF45zytlkeEhefAqkpHQdMqtULk2OibLq79NHJMm9rP3CtkKrE41
#CaBJmMIVcUVSb3IzpHeuWw==

b = ''.join([i for i in a if i in [',','。','!']]).replace('!','/').replace(',','-').replace('。','.')
#XNOODSKWMOLGTLGT111
#PASSWORDISYUEYUE666

试出两个结果,密码显然是后边这个,然后拿到B神的puzzleSolver上自动捘

麻辣兔头又一锅

只给了两个数组,这个还真不会,不过网上已经有WP了,看来脑洞真是大。 这两个数组里都是斐波那契函数的项数,两组对应的数字导或后取尾字节。正常人应该想不出来,不过作出来的人真多。

#麻辣兔头又一锅/200/题目描述:/听说有人不喜欢短尾巴的兔兔?肿么可能?我也很疑惑呢。
a = [126292,165298,124522,116716,23623,21538,72802,90966,193480,77695,98618,127096,15893,65821,58966,163254,179952,134870,45821,21712,68316,87720,156070,16323,86266,148522,93678,110618,110445,136381,92706,129732,22416,177638,110110,4324,180608,3820,67750,134150,23116,116772,50573,149156,5292]
b = [60144,146332,165671,109800,176885,65766,76908,147004,135068,182821,123107,77538,86482,88096,101725,16475,158935,123018,42322,144694,186769,176935,59296,134856,65813,131931,144283,95814,102191,185706,55744,67711,149076,108054,135112,100344,35434,121479,14506,145222,183989,17548,38904,27832,105943]
#fib函数第126292项与第60144项异或的尾字节
from gmpy2 import fib 
bytes([(fib(a[i])^fib(b[i]))&0xff for i in range(len(a))])
#b'ctfshow{6d83b2f1-1241-4b25-9c1c-0a4c218f6c5f}'

NOeasyRSA

这个算是个中规中矩的CTF题吧。给了一个函数,并且已知f(w,a),f(w,b)求f(B,a),其中p,u,v,w已知,只是a,b未知。

def f(x, n):  
    return (pow(u,n,p)*x + v*(1-pow(u,n,p))*pow(1-u, -1, p)) % p  
A = f(w, a)
B = f(w, b)
key = long_to_bytes(f(B, a))[:len(FLAG)]

这是个初中数学里的换元,并不需要求出a只需要求出u^{a}即可

from flag import FLAG
 
def f(x, n):  
    return (pow(u,n,p)*x + v*(1-pow(u,n,p))*pow(1-u, -1, p)) % p  
 
p = 97201997431130462639713476119411091922677381239967611061717766639853376871260165905989218335681560177626304205941143288128749532327607316527719299945637260643711897738116821179208534292854942631428531228316344113303402450588666012800739695018334321748049518585617428717505851025279186520225325765864212731597
u = 14011530787746260724685809284106528245188320623672333581950055679051366424425259006994945665868546765648275822501035229606171697373122374288934559593175958252416643298136731105775907857798815936190074350794406666922357841091849449562922724459876362600203284195621546769313749721476449207319566681142955460891977927184371401451946649848065952527323468939007868874410618846898618148752279316070498097254384228565132693552949206926391461108714034141321700284318834819732949544823937032615318011463993204345644038210938407875147446570896826729265366024224612406740371824999201173579640264979086368843819069035017648357042
v = 16560637729264127314502582188855146263038095275553321912067588804088156431664370603746929023264744622682435376065011098909463163865218610904571775751705336266271206718700427773757241393847274601309127403955317959981271158685681135990095066557078560050980575698278958401980987514566688310172721963092100285717921465575782434632190913355536291988686994429739581469633462010143996998589435537178075521590880467628369030177392034117774853431604525531066071844562073814187461299329339694285509725214674761990940902460186665127466202741989052293452290042871514149972640901432877318075354158973805495004367245286709191395753
w = 30714296289538837760400431621661767909419746909959905820574067592409316977551664652203146506867115455464665524418603262821119202980897986798059489126166547078057148348119365709992892615014626003313040730934533283339617856938614948620116906770806796378275546490794161777851252745862081462799572448648587153412425374338967601487603800379070501278705056791472269999767679535887678042527423534392867454254712641029797659150392148648565421400107500607994226410206105774620083214215531253544274444448346065590895353139670885420838370607181375842930315910289979440845957719622069769102831263579510660283634808483329218819353
a = randint(0, 2**2048)
b = randint(0, 2**2048)
A = f(w, a)
B = f(w, b)
key = long_to_bytes(f(B, a))[:len(FLAG)]
enc = strxor(FLAG, key)
print(f"{A = }")
print(f"{B = }")
print(f"{enc = }")
 
"""
A = 19000912802080599027672447674783518419279033741329820736608320648294849832904652704615322546923683308427498322653162857743332527479657555691849627174691056234736228204031597391109766621450008024310365149769851160904834246087493085291270515883474521052340305802461028930107070785434600793548735004323108063823
B = 73344156869667785951629011239443984128961974188783039136848369309843181351498207375582387449307849089511875560536212143659712959631858144127598424003355287131145957594729789310869405545587664999655457134475561514111282513273352679348722584469527242626837672035004800949907749224093056447758969518003237425788
enc = b'\xfd\xc1\xb7\x9d"$\xc2\xb0\xb5\xee\xf89\xa4V\x8e\x17\x01K9\xbc.\x92=\x85\x80\xd4\x03\xefAl"\xbd\x8b\xcdL\xb5\xa3!'
"""

#(pow(u,n,p)*x + v*(1-pow(u,n,p))*pow(1-u, -1, p)) % p
#u^a* x + v*(1-u^a)*(1-u)^-1 ==A 
#ka * w - v*(1-u)^-1*ka == A - v*(1-u)^-1
#=> u^a = (A - v*(1-u)^-1)*(w - v*(1-u)^-1)^-1 
ka = (A - v*pow(1-u,-1,p))*pow(w-v*pow(1-u,-1,p),-1,p)%p
kb = (B - v*pow(1-u,-1,p))*pow(w-v*pow(1-u,-1,p),-1,p)%p
f_Ba = (ka*B + v*(1-ka)*pow(1-u, -1, p)) % p
strxor(long_to_bytes(int(f_Ba))[:len(enc)], enc)
b'ctfshow{This_Is_Really_Not_So_Smooth!}'

sign_rand

也不会,只会爆破,但这题真的能爆破,爆破范围是28位。看了WP也不懂,不过记下来也不错。

题目跟梅森旋转有关,但又基本无关。先是生成一个随机序列,然后将这些作为state来设置随机函数。再通过生成的随机数求原来的值

import random
from hashlib import md5
from Crypto.Util.number import *
from flag import flag

def get_state(kbits, k):
    seed = [(random.getrandbits(kbits) >> k) & 0xfffffff for i in range(624)]
    state = (3, tuple(seed + [0]), None)  #state[1]的最后一项正常值为624,这里设置为0,则仅与第0项有关
    return state


def give_gift(kbits, num):
    gift = [random.getrandbits(kbits) for i in range(num)] #kbits=37则每次使用两个32位,加密时使用state[1][60]对应gift的第30项的低32位
    e = random.getrandbits(7)
    l_num = num - e
    s_box = list(range(num))
    random.shuffle(s_box)
    l_gift = [gift[i] for i in s_box[:l_num]]
    return (l_gift, s_box[:l_num], e) #e=60

#取seed的第60项
def enc_flag(state, e):
    key = bytes_to_long(md5(long_to_bytes(state[1][e])).digest())
    enc = bytes_to_long(flag) ^ key
    return enc


kbits, k, num = random.randrange(64), random.randrange(16), random.randrange(400, 600)
#kbits = 37,num=529,e=60
state = get_state(kbits, k) #k [0,15]
random.setstate(state)
gift = give_gift(kbits, num)
enc = enc_flag(state, gift[2])
print(gift, enc)
#---------------------------
gift = ([91463260584, 97520150804, 134987178347, 134745660347, 23369346769, 88869916197, 67723104206, 132211190015, 74383600340, 57357411421, 80301226226, 2847043233, 46071508714, 76391425800, 71113777427, 12603028605, 127607785895, 82661956584, 48539405830, 131191473154, 137430688091, 48026249914, 105523652421, 58217141456, 135651011411, 37099885733, 101903983367, 117525416468, 49720139903, 123719748136, 58611168240, 68135859850, 6355615539, 23769720298, 7999623487, 19601432037, 49460687576, 34510812373, 97988805553, 120381187017, 37643325426, 79314538948, 128727827227, 41938289773, 74120986880, 29052999070, 21215042789, 76176648906, 82899209179, 90338690991, 102277220210, 109016314367, 2419923303, 75246152672, 109203867772, 87030346778, 119151949871, 134868756437, 124854798665, 122116306769, 31536426951, 82104297926, 118556737102, 78417017414, 81807286830, 24688295471, 126360674284, 8870569872, 105339369180, 61910863416, 56597235604, 50122937080, 135836683348, 75685244539, 112566491901, 86217144353, 110999080631, 91114786530, 94967775022, 52680440255, 76947914257, 133052296759, 22589975272, 104632324223, 47428022416, 106941367714, 119250845700, 80196618477, 92917756830, 52764061858, 82855761133, 26800124167, 129317288037, 44051967549, 70500283649, 165355182, 78293334339, 45001066520, 84638985033, 32566871344, 38421055041, 56145488218, 83396525174, 116762960131, 58381974438, 132249926372, 36091120717, 35213963219, 88756092150, 45288405267, 27461079382, 19589246113, 28308681656, 47161727545, 69898448282, 22959597168, 132569999975, 100557577568, 127037292334, 29708117311, 33229333831, 29311547868, 135347707719, 85435007922, 54540391811, 109544478077, 66841548339, 47159376439, 42574542524, 62176229940, 3138675000, 21267865120, 22618290315, 126018690563, 21590061225, 9799239940, 10617934652, 40956988582, 131053131140, 90043238501, 81283244185, 109338223936, 68311960398, 25088200986, 28895564195, 17646619057, 82775422880, 81522377214, 28334564831, 100791800926, 85872403124, 127915503356, 72496838376, 109007653011, 96263138881, 69693106974, 4718076407, 68334177311, 31708464646, 96111162918, 48965277868, 54931198292, 105535767797, 105680940066, 109968562576, 23573023928, 48569942163, 106967716286, 94835446653, 92803971955, 53791818332, 14453746086, 132101017989, 26361874022, 32122658200, 51724426274, 114997634813, 75838224666, 89848273104, 73619960674, 97795812498, 132466249292, 25997032367, 40732063573, 59142286405, 68524304985, 49545031400, 28044368864, 95700359624, 108201671504, 127043767055, 9384509797, 120972803416, 41782179648, 76653307257, 44056421640, 101631026937, 99078185959, 54885001820, 69316726710, 19710227322, 86035277688, 42289562955, 98051921147, 79098792488, 106490144808, 13834874, 69114014086, 4418515159, 109316722991, 92603496375, 68830244931, 111949257703, 102637560761, 5012149380, 43811237017, 4526712578, 102995188930, 9165821006, 63456393327, 68912422322, 104913358841, 108860651772, 52967416635, 84227988465, 101715630295, 26297443306, 110653579906, 91487440397, 116959430145, 83499469513, 48913630229, 76988993305, 41832173701, 13694488408, 135450931748, 39634435716, 41679152695, 126540504548, 91399825525, 99004649347, 19517357430, 8279948639, 133596449559, 1449103211, 50732184406, 52247676129, 74928416312, 64326525401, 124673786795, 92042480385, 24404916254, 99622146133, 51463314254, 36722967192, 4007778602, 39109534005, 120478575332, 99886542155, 5756463131, 91679854224, 3608646835, 35655876863, 121959477025, 20408412916, 36341277711, 43627610089, 24855949002, 128669830633, 70347508117, 9425085453, 2022963949, 5053312318, 63243834495, 21497715007, 5936366400, 44266914863, 119468825913, 91726986385, 126494307832, 93847533617, 22070910941, 20204251399, 42254244260, 60489335607, 40705184865, 80919639775, 73360223499, 132743946450, 88897376509, 103144368275, 9982808097, 131532980487, 91081435155, 78915930938, 72790758029, 120696671493, 78255313725, 13309583510, 23841020581, 116634908326, 73400462338, 57323203784, 46210923108, 41134724194, 43089395737, 118503520944, 111039189867, 99418263301, 59298127775, 45252940179, 40345195432, 16841439060, 100422187771, 65791698364, 61167532292, 30338914082, 14930863404, 4703203112, 124912009656, 9195518396, 18552364400, 7303227315, 105753747788, 3079040268, 116480022128, 1215344111, 9934249637, 76178148585, 20033461169, 87344780021, 72391242953, 129540048833, 15495213032, 49963621916, 84362224351, 97100635498, 105086571577, 51150506310, 118045067326, 65966867679, 7925108854, 131280748402, 66481282233, 107509392827, 78521145687, 35456851157, 97461157961, 30244093674, 24123083085, 27909475052, 69646113342, 131930611276, 97792139629, 135917828529, 32305782568, 59325645293, 84962280113, 74529748221, 22659244720, 54776660364, 66934871192, 14824496938, 37231294479, 102244198902, 31674646475, 128196911226, 90158594889, 121714346066, 64647669235, 105263204191, 127988380741, 130175056631, 114272442969, 135960937840, 62465712860, 32333037569, 137012433094, 92929672123, 86030288893, 73602847949, 58136148471, 118893337093, 97692245318, 99539974338, 116231441994, 32445182154, 115683286754, 114711297102, 102210385893, 7687212992, 73626254322, 242951419, 5952493527, 96817591608, 45197171621, 122928115217, 106192593180, 99889552302, 125596158762, 136959359712, 67291405558, 71974425715, 115789979144, 59321975202, 84748820897, 133266408556, 6800817333, 110678933813, 96832595879, 97681824039, 89341148630, 84626208563, 58523733456, 93000780873, 68444996084, 775177345, 17204124036, 129474447019, 73589942581, 65415043899, 131703332659, 101783987222, 61388598262, 103435807803, 104030629529, 19123072760, 63612557945, 38245223725, 54345357864, 62016904380, 34602169486, 51229280420, 66624757580, 68760378559, 131556923700, 21935621011, 36349470821, 10120892182, 25883848878, 71735922493, 62883391871, 90647098, 41388569318, 52175456448, 71822304690, 19251125978, 91308465291, 50110754397, 91050175581, 83697004380, 6165622900, 129188497722, 71424103672, 57569171583, 13220579058, 118266862549, 21791521844, 70064705221, 83120075317, 83316886784, 111745960042, 26241940218, 32402511427, 118604113535, 98847819357, 117058412964, 57680263912, 83166477192], [508, 300, 327, 517, 431, 195, 41, 162, 110, 358, 433, 105, 40, 256, 172, 50, 474, 55, 67, 284, 215, 118, 513, 98, 120, 26, 155, 298, 4, 233, 243, 267, 428, 478, 494, 226, 146, 488, 20, 113, 143, 136, 49, 236, 128, 346, 501, 264, 498, 0, 413, 30, 410, 99, 1, 220, 443, 369, 290, 374, 119, 511, 483, 199, 248, 351, 388, 335, 131, 79, 496, 245, 414, 244, 158, 451, 255, 412, 47, 473, 254, 95, 299, 462, 169, 519, 493, 12, 257, 385, 432, 417, 59, 93, 455, 324, 52, 90, 407, 288, 112, 34, 528, 29, 192, 101, 419, 203, 123, 176, 177, 167, 204, 445, 416, 485, 196, 302, 424, 425, 6, 418, 258, 17, 370, 262, 227, 326, 387, 294, 295, 174, 25, 188, 81, 408, 469, 11, 472, 80, 400, 84, 382, 448, 201, 344, 7, 502, 163, 312, 484, 349, 239, 108, 411, 315, 303, 377, 36, 383, 78, 339, 491, 271, 216, 187, 322, 140, 405, 296, 402, 516, 450, 22, 482, 361, 371, 249, 453, 64, 152, 72, 194, 66, 345, 492, 447, 58, 486, 357, 149, 200, 83, 212, 219, 504, 333, 23, 439, 376, 457, 332, 153, 348, 210, 237, 173, 359, 129, 179, 426, 71, 19, 321, 338, 444, 139, 307, 515, 88, 266, 475, 182, 323, 336, 354, 272, 384, 330, 2, 211, 446, 238, 397, 230, 278, 141, 506, 181, 70, 316, 314, 459, 235, 121, 286, 76, 518, 280, 43, 111, 62, 487, 429, 524, 364, 86, 228, 353, 275, 104, 441, 268, 13, 500, 68, 87, 109, 403, 520, 231, 391, 42, 51, 328, 253, 436, 60, 497, 313, 481, 522, 53, 61, 420, 225, 189, 325, 183, 56, 100, 229, 27, 39, 3, 184, 291, 415, 454, 75, 28, 107, 347, 421, 166, 224, 279, 16, 342, 206, 207, 171, 368, 198, 456, 464, 406, 365, 151, 320, 161, 9, 89, 479, 142, 259, 401, 232, 523, 449, 150, 218, 15, 97, 287, 133, 458, 221, 63, 185, 350, 74, 135, 404, 466, 214, 116, 507, 355, 213, 178, 318, 423, 126, 395, 465, 440, 452, 157, 366, 190, 343, 467, 247, 509, 91, 205, 114, 193, 409, 375, 269, 373, 389, 148, 69, 396, 398, 317, 145, 122, 147, 512, 32, 130, 386, 94, 435, 310, 57, 422, 308, 305, 217, 8, 154, 156, 309, 223, 44, 24, 82, 160, 392, 477, 356, 134, 54, 138, 378, 331, 379, 250, 96, 489, 306, 399, 46, 18, 283, 470, 21, 360, 209, 168, 495, 180, 514, 191, 270, 510, 381, 186, 442, 31, 390, 5, 85, 92, 363, 33, 127, 197, 285, 380, 265, 48, 352, 505, 208, 438, 329, 468, 282, 45, 159, 301, 362, 341, 65, 263, 393, 222, 521, 175, 293, 37, 490, 35], 60) 
enc = 912396759652812740801869061695733452669218533249083289698313292427681899514848561025221753354562922565560034

1是random.setstate这个函数,参数是(3,(...,624),none)这里第2个有625项,最后一项是数字624,前边的将作为state的624个值。这个题的漏洞也就在这里,它把624改成了0,这样可以猜一下再试一下,就能得到结论,这个再生成的随机数只与第1个数有关,而且这个数大小只有28位,血腥的暴力还是可以作的。按WP的原来,可以通过矩阵还原,原理应该是跟生成方法有关吧。

2,gift经过了乱序处理并截了一部分,好在加密只使用了第60项,由于kbits=37所以每一项需要两个32位随机数才能得到,所以实际上对应的是gift的第30项的尾32位

3,在复现的时候发现在sage里生成随机数设置tuple有问题,所以将这块在python里生成,然后直接拿数字去sage生成矩阵(当最后为0时,这个矩阵是固定的,跟啥都没关系),然后用矩阵求左得到state

'''
python state = (3,(...624..., 624),None)
                                ^
                                | 当此值为0时,仅与第0相关
'''
'''
from random import Random
s_tmp = []
for i in range(32):
    rng = Random()
    s = [0]*624  #仅与第1项有关联
    s[0] = 1 << (31 - i)
    rng.setstate((3,tuple(s + [0]),None))
    s_tmp.append(rng.getrandbits(32))
'''
def buildT():
    s_tmp = [2282758660, 1141379330, 537135105, 285344832, 2281775616, 1140887808, 572541064, 2164260928, 143135266, 71567633, 304087176, 152043588, 76021794,541345937, 16908288, 2281779744, 1073778704, 572804225, 16917060, 134746624, 71567760, 33555584, 16777792, 8388896, 541083792, 64, 134222368, 16, 33817737, 16908868, 2, 4194449]
    T = matrix(GF(2), 32, 32)
    for i,tmp in enumerate(s_tmp):
        T[i] = vector(GF(2), [int(x) for x in bin(tmp)[2:].zfill(32)])
    return T

def get_key(key1):
    T = buildT()
    a = [int(i) for i in bin(key1)[2:].zfill(32)]
    a = matrix(GF(2), a)
    b = T.solve_left(a)
    c = ''.join([str(i) for i in b.list()])
    return (int(c, 2))

def dec_flag(enc, key):
    key = bytes_to_long(md5(long_to_bytes(key)).digest())
    dec = enc ^^ key
    return long_to_bytes(dec)

#gift[1]的第30项=51, data = gift[0][51]
data = gift[0][gift[1].index(30)]

key1 = (data & 0xffffffff)
key = get_key(key1)
print(dec_flag(enc, key))
# b'ctfshow{F2AD971D-66C2-2D1D-69D6-CE7DE2A49B35}'

哪位师傅知道这个是什么密码啊?

作完这个题一看WP,有一句话:没文化真可怕!

import os
from Crypto.Util.number import *

F = lambda x: x * F(x-1) if x > 0 else 1   #x!
G = lambda x, y: F(x) // (F(y) * F(x-y))   #Cxy//y!

def get_keys(n: int):
    p = getPrime(-11+45-14)
    print('Please wait...')
    s_list, t_list, u_list = [], [], []
    for i in range(n):
        print(f'Progress: {i+1} / {n}')
        while True:
            t, s = sorted(getPrime(101) for _ in 'NB')
            u = (G(s, t) % p) & 0xFF
            if (u != 0):
                s_list.append(s)
                t_list.append(t)
                u_list.append(u)
                break
    return (s_list, t_list, p), u_list 

FLAG = os.getenv('FLAG', 'ctfshow{never_gonna_give_you_flag}')
pubkey, privkey = get_keys(len(FLAG))
ciphertext = bytes(x ^ k for x, k in zip(FLAG.encode(), privkey))
print(f'{pubkey = }')
print(f'{ciphertext.hex() = }')


pubkey = ([1930151072665128353588734655537, 2031058415674042196947620002273, 2144863946566435250228859586391, 2204574594761764684195846866839, 2477828607642661430260650973099, 2012386255018188844730867225381, 1762053451781461688652926282351, 1432075294504073608412671363229, 2085972009627276502163685682109, 2356830745677576130564410837629, 2095586676389124116002874906797, 1834099033698162708991115616977, 1791840766877362122811192536119, 2466612221451031915438145152813, 2055669435753006117069851698387, 1945191352090331802358773354047, 1598384509815635624743575801559, 1734584046009665963460321198971, 1703291088463476485960557553999, 2109460578568002211705878463579, 2379112636954266631858709609297, 1562853987941503005527197137193, 2083127151176772865178055099623, 2531791820688251514294784000163, 2419383541724950707481401557879, 1296127912800791494923183159227, 1911458001898055656608791844607, 1946167119803607551220553328777, 1904512983764066793751568905519, 1916230655982693714440043335807, 2512594341307292494592511422453, 2440117129864142342199757415119, 1979899755487925628129637546103, 2194400805715240118886434137993, 2523064995519689703569774021401, 2114574063402299913941092965571, 2381937349061799920669414958047, 2527981840329087465484497504541, 1668501048060086166105530258267, 1806403234834223830758220690463, 1911471080586461098261469429017, 1339541095681286408183031500617, 2127226624970258161117347546391, 2099378880330092247471103157591, 1817979380085600544511932938511], [1873159646454515246371181002643, 1804013691198418310618414108771, 1812615686339814327371280875597, 1800999264458084929945557444697, 1588066281211920550828189195481, 1496728051871062086801855668249, 1610673865527813598676056481461, 1325014119495418821090259991869, 1505791236680543235885282691973, 2348852764652026182965706639791, 1824135303268604720787073263413, 1486244711603932363682065611853, 1501151560524825317540824912799, 2276201700800208762185986149943, 1499253769931649556267344414137, 1490433621401772012533417542801, 1595412721633675118799193648283, 1615752012174860792342907699697, 1513845996053825310963856994387, 1839003732354104170410208839841, 1512261084747354177738456894811, 1513982572527568106680720393517, 1510595005874590962689775078269, 2298184399106399375164579208311, 2293559104060307668205289912223, 1295846257932101474274146277553, 1492967151340481835523691948141, 1879040002400116343011683347177, 1511237029995360063024713359843, 1519174814929746722197973524961, 2396968969794891970606734609163, 1611070391525078159832743120311, 1723857192281627381668741919753, 1668048777606203158944880846963, 2413123925251955100868310793203, 1576149931563624798731285775403, 2310882643431694718623705671961, 1507535832710254742220535229081, 1527490022413322878990854933667, 1525819980673483186726141204931, 1619579736922652814136731512099, 1305493665697683014167156810817, 2052693973422009018345307802839, 1818586801929550427018944143523, 1777527018545957748163522728169], 942317)
enc=bytes.fromhex('cd0b53e2bb84f8581353701aabf7be2ab6b9c548a26394e47386842afde4fdaa018e73b75b6a120b109bdf4a99')

原是里有两个函数F和G,很显然F是阶乘,而G是C_{n}^{m} %p

对于这么大的数是根本算不出阶乘来的。不过由于题目给出G(s,t)%p !=0 所以可以有一个解法:把阶乘展开每p项为一组,这样每组都是

(k*p+1)*(k*p+2)*...(k*p+p-1)*(k+1)*p,

最后是残域

(k*p+1)*...(k*p+x%p)

其中k\in (1...x/p)由于要求u!=0所以这些带k的项可以过滤掉,然后式子就变成

(p-1)!^{x/p}*(p-x%p)!*(x/p)!

然后重写两个函数,注意有限域里没有除法,需要求逆运算

from gmpy2 import fac,invert
s_list,t_list,p = pubkey
fac_p1 = fac(p-1)%p
def F(x):
    if x<p:
        return fac(x)
    v = x//p 
    return pow(fac_p1,v,p) * F(v) * fac(x%p) %p

G = lambda x, y: F(x) * invert(F(y) * F(x-y),p)%p 
bytes([((G(s_list[i],t_list[i])%p)&0xff)^enc[i] for i in range(45)])
#b'ctfshow{b0964981-47b6-4c8f-b9ab-7090ffb8961a}'

完整后看WP原来是lucas定理,怎么没记得学过呢,真是没文化呀。这个方法可能跟lucas定理有出入但是结果是对的,而且时间也不算很长。再作的lucas定理的解法:

#lucas定理解法
C = lambda n,m,p: fac(n)* invert(fac(m)%p,p) * invert(fac(n-m)%p, p)%p 
Lucas = lambda n,m,p: 1 if m == 0 else (C(n % p, m % p, p) * Lucas(n // p, m // p, p)) % p

bytes([(Lucas(s_list[i],t_list[i], p)&0xff)^enc[i] for i in range(45)])

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1378181.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

SpringBoot 配置文件加载优先级

SpringBoot 配置文件加载优先级 前言SpringBoot 配置文件加载优先级 前言 最近在使用k8s部署项目的时候,发现Dockerfile文件中的命令后面跟的参数,无法覆盖nacos中的参数,今天有时间正好来整理一下Springboot配置的加载顺序 SpringBoot 配置文件加载优先级 整理加载顺序第一个肯…

Handsfree_ros_imu:ROS机器人IMU模块的hfi_a9.py文件学习记录

之前的博客写了关于Handsfree_ros_imu&#xff1a;ROS机器人IMU模块ARHS姿态传感器&#xff08;A9&#xff09;Liunx系统Ubuntu20.04学习启动和运行教程&#xff1a; https://blog.csdn.net/qq_54900679/article/details/135539176?spm1001.2014.3001.5502 与Handsfree_ros_…

Python基础知识:整理11 模块的导入、自定义模块和安装第三方包

1 模块的导入 1.1 使用import 导入time模块&#xff0c;使用sleep功能&#xff08;函数&#xff09; import time print("start") time.sleep(3) print("end")1.2 使用from 导入time的sleep功能 from time import sleep print("start") slee…

外汇天眼:塞浦路斯证券交易委员会(CySEC)确认了四家投资公司退出投资者赔偿基金(ICF)会员资格

塞浦路斯证券交易委员会&#xff08;CySEC&#xff09;今天确认了四家投资公司已被取消其在投资者赔偿基金&#xff08;ICF&#xff09;的会员资格。 以下公司不再是ICF的会员&#xff1a; 1.Stone Edge Capital Ltd&#xff08;LEI 213800PZFB9VV8FNWB30&#xff09;&#xf…

Redis的优化

1 Redis的高可用 1.1 高可用的定义 在web服务器中&#xff0c;高可用是指服务器可以正常访问的时间&#xff0c;衡量的标准是在多长时间内可以提供正常服务&#xff08;99.9%、99.99%、99.999%等等&#xff09;。 但是在Redis语境中&#xff0c;高可用的含义似乎要宽泛一些&…

边缘数据采集网关无法上传数据是什么原因?如何解决?

边缘数据采集网关是物联网系统中的常见设备&#xff0c;主要用途包括数据采集、协议转换、边缘数据处理、数据传输分发等&#xff0c;实现多设备和多系统的互联互通和数据协同应用&#xff0c;对于提高物联网感知和响应效率、加强物联网联动协同能力、提升数据安全性等方面都具…

Docker安装Atlassian全家桶

文章目录 省流&#xff1a;1.docker-compose文件2.其他服务都正常启动&#xff0c;唯独Bitbucket不行。日志错误刚启动时候重启后查询分析原因再针对第一点排查看样子是安装的bitbucket和系统环境有冲突问题&#xff1f; 结论&#xff1a; 省流&#xff1a; bitbucket 只能安装…

查看SQL Server的表字段类型、长度、描述以及是否可为null

文章目录 初步理解小步测试组合一下参考文章有更详细评述 继续理解得到大部分信息 本文参考&#xff1a;https://blog.csdn.net/josjiang1/article/details/80558068。 也可以直接点击这里文章链接&#xff1a; sql server查询表结构&#xff08;字段名&#xff0c;数据类型&a…

基于博弈树的开源五子棋AI教程[3 极大极小搜索]

基于博弈树的开源五子棋AI教程[3 极大极小搜索] 引子极大极小搜索原理alpha-beta剪枝负极大搜索尾记 引子 极大极小搜索是博弈树搜索中最常用的算法&#xff0c;广泛应用于各类零和游戏中&#xff0c;例如象棋&#xff0c;围棋等棋类游戏。算法思想也是合乎人类的思考逻辑的&a…

Tomcat性能优化学习

Tomcat 服务器是一个开源的轻量级Web应用服务器&#xff0c;在中小型系统和并发量小的场合下被普遍使用&#xff0c;是开发和调试Servlet、JSP 程序的首选。相信大家对于 Tomcat 已经是非常熟悉了&#xff0c;本篇将介绍tomcat的常见优化。那么为什么要对tomcat进行优化呢。因为…

Linux上如何一键安装软件?yum源是什么?Linux如何配置yum源?

这几个问题是Linux操作的入门问题&#xff0c;但是确实也会让刚上手Linux小伙伴头疼一阵&#xff0c;故特有此文&#xff0c;希望能对刚入门的小伙伴有一些帮助~ 众所周知 在linux上在线安装软件需要用到yum命令&#xff0c;经常下述命令来安装 yum install [-y] 包名 #-y的…

自动化测试数据校验神器!

在做接口自动化测试时&#xff0c;经常需要从接口响应返回体中提取指定数据进行断言校验。 今天给大家推荐一款json数据提取神器: jsonpath jsonpath和常规的json有哪些区别呢&#xff1f;在Python中&#xff0c;json是用于处理JSON数据的内置模块&#xff0c;而jsonpath是用…

Python基础知识:整理12 JSON数据格式的转换

首先导入python中的内置包json import json 1 准备一个列表&#xff0c;列表内每个元素都是字典&#xff0c;将其转换为JSON 使用json.dumps()方法 data [{"name": "John", "age": 30}, {"name": "Jane", "age":…

Wpf 使用 Prism 实战开发Day11

仓储&#xff08;Repository&#xff09;/工作单元&#xff08;Unit Of Work&#xff09;模式 仓储&#xff08;rep&#xff09;:仓储接口定义了对实体类访问数据库及操作的方法。它统一管理数据访问的逻辑&#xff0c;并与业务逻辑层进行解耦。 简单的理解就是对访问数据库的一…

百家大吉·夕阳关爱——昌岗街微型养老博览会

居民热情参与博览会 为让长者了解及选择适合自己的养老服务&#xff0c;昌岗街在2023年12月27日开展以“百家大吉夕阳关爱”为主题的昌岗街微型养老服务公益博览会活动&#xff0c;通过搭建养老服务机构供需服务平台&#xff0c;拓宽社区长者了解正规养老服务机构的渠道&#…

视频转码:掌握mp4视频格式转FLV视频的技巧,视频批量剪辑方法

在多媒体时代&#xff0c;视频格式的转换成为一种常见的需求。把MP4格式转换为FLV格式&#xff0c;FLV格式的视频文件通常具有较小的文件大小&#xff0c;同时保持了较好的视频质量。批量剪辑视频的方法能大大提高工作效率。下面来看云炫AI智剪如何进行MP4到FLV的转码&#xff…

写在学习webkit过程的前面

webkit起源于KHTML&#xff0c;是KDE开源项目的KHTML和KJS引擎的一部分。在它的诞生和发展过程中&#xff0c;由两家著名的公司参与开发过程中&#xff0c;造成两次裂变。诞生两个内核webkit和blink&#xff0c;并发展和产生了两个主流的浏览器&#xff0c;分别为safari和chrom…

Unity网络通讯学习

---部分截图来自 siki学院Unity网络通讯课程 Socket 网络上的两个程序通过一个双向的通信连接实现数据交换&#xff0c;这个连接的一端称为一个 Socket &#xff0c;Socket 包含了网络通信必须的五种信息 Socket 例子{ 协议&#xff1a; TCP 本地&#xff1a; IP &#xff…

【Linux Shell】9. 流程控制

文章目录 【 1. if else 判断 】1.1 if1.2 if else1.3 if elif else1.4 实例 【 2. case 匹配 】【 3. 循环 】3.1 for 循环3.2 while 循环3.3 until 循环3.4 无限循环3.5 跳出循环3.5.1 break 跳出所有循环3.5.2 continue 仅跳出当前循环 【 1. if else 判断 】 1.1 if fi 是…

【双指针】001移动零_C++

题目链接&#xff1a;移动零 目录 题目解析 代码书写 知识补充 题目解析 题目让我们求必须在不复制数组的情况下,编写一个函数将所有 0 移动到数组的末尾&#xff0c;同时保持非零元素的相对顺序。 这题我们可以用双指针的方法来写&#xff1a; 我们这里将用两个数组下标来…