CISCN2023-Crypto
- 基于国密SM2算法的密钥分发
- 可信度量
- Sign_in_passwd
- BB84
- badkey1
基于国密SM2算法的密钥分发
非预期,直接search能找到明文
curl -d "name=ha&school=hznu&phone=110" http://123.56.244.196:30817/api/login
curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e&publicKey=B9C9A6E04E9C91F7BA880429273747D7EF5DDEB0BB2FF6317EB00BEF331A83081A6994B8993F3F5D6EADDDB81872266C87C018FB4162F5AF347B483E24620207" http://123.56.244.196:30817/api/allkey
curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e" http://123.56.244.196:30817/api/search
curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e&quantumString=8eaa7070bcf3d39d7b39db030ea81165" http://123.56.244.196:30817/api/check
可信度量
非预期,之前一次国赛也是差不多,直接查找flag
因为没有权限不能直接grep,提示player.sh是通过root运行,修改player.sh
grep -ra "flag" /
运行player.sh
Sign_in_passwd
base64变表,表通过url编码解密
BB84
先把表格里的数据提出来,进行纠错
如果EPC1是1或2,则表示APD1是1或ADP2是1,且ADP只有一个为1
同理如果EPC1是3或4,则表示APD3是1或ADP4是1,且ADP只有一个为1
上述如果成功,则EPC1是1或3则密钥赋值0,2或4则赋值1
得到密钥串,通过线性同余方程( x_n = (A * x_n-1 + B) % M)得到索引串
M为密钥串长度,A、B、x0已知
得到正确密钥之后跟密文异或得到flag
import binascii
from Crypto.PublicKey import RSA
from gmpy2 import gcd
from math import *
from Crypto.Util.number import *
EPC1=[]
ADP1=[]
ADP2=[]
ADP3=[]
ADP4=[]
strr = '0b'
for i in range(len(EPC1)):
if EPC1[i] == 1:
if (APD1[i] == 1 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 0) or (APD1[i] == 0 and APD2[i] == 1 and APD3[i] == 0 and APD4[i] == 0):
strr += '0'
elif EPC1[i] == 2:
if (APD1[i] == 0 and APD2[i] == 1 and APD3[i] == 0 and APD4[i] == 0) or (APD1[i] == 1 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 0):
strr += '1'
elif EPC1[i] == 3:
if (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 1 and APD4[i] == 0) or (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 1):
strr += '0'
elif EPC1[i] == 4:
if (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 1) or (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 1 and APD4[i] == 0):
strr += '1'
strr = strr[2:]
print(strr)
print(len(strr))
envc = 0xD9F7E0F737D4BF641E83D35D201457272ECB952D31F660E8EA9B5A326C55AF011686ADB8F478D1BD3852
env = str(bin(envc))[2:]
A = 1709
B = 2003
M = len(strr)
x0 = 17
c = strr[x0]
flag = '0b'
for i in range(336):
f = (A * x0 + B) % M
x0 = f
c += strr[f]
for i in range(336):
flag += str((int(c[i], 2) ^ int(env[i], 2)) % 2)
print(long_to_bytes(int(flag, 2)))
badkey1
再来补充~
e = 65537
while True:
p = getPrime(512)
m = inverse(e, p - 1)
t = (e * m *p - 1) // (p - 1) # k(q - 1)
for k in range(1, e + 1):
if t % k == 0:
q = t // k + 1
if isPrime(q) and q.bit_length() == 512:
print(p, q)
