CTF Crypto --- 七八月份比赛杂题记录

news2024/12/24 10:19:51

文章目录

      • 前言
      • 第一届交通运输行业网络安全大赛决赛---Crypto
        • easyRSA
        • Mypow
      • baby_RSA
      • EasyRSA
      • 你懂RSA吗

前言

哥们终于想起账号密码了(尊嘟忘了)。
在这里插入图片描述
鸽了快两个星期辣,下次一定不鸽(x)。
在这里插入图片描述

第一届交通运输行业网络安全大赛决赛—Crypto

easyRSA

题目:

from Crypto.Util.number import *
from gmpy2 import *
from random import *

flag = b'DASCTF{xxxxx}'

m = bytes_to_long(flag)

while True:
    try:
        p = getPrime(512)
        q = next_prime(p+2**520)
        n = p*q
        phi = (p-1)*(q-1)
        d = randint(0,n**0.32)
        e = inverse(d,phi)
        c = pow(m,e,n)
        break
    except:
        continue

print("e = %d"%e)
print("n = %d"%n)
print("c = %d"%c)

'''
e = 22406617662992657889189996038164778072134256533643932957015006754647822578958941307848612281469431201991306481890996110372419319706474785730441458621818413195157394408942556272495727435704953347478158553946953413179163328976215167865874464655775410591847016921402275945868909242077897959037348916785120117461655
n = 24060380804148316574301133150703936973811513337391019200164987960874105848921375758959945881263552336035571494502139825591685175642839368578283761865745224459787280066739212098720274347746524677894359534493555854937925590705524983104059677695973201044287743440388194064688873456047929476158165843812125976675193
c = 6224246192773369488536745056540125828918816255225886951931770916428603800143493592040760978737512689281802769927712229089196097571495191027802589192805135838831322474642230511392667306908597027184532769940279896145161482936674583102879507860488435333891036563479618834572359715411724343814117656984603501647779
'''

由题目可知,q = next_prime(p+2**520),由此我们可以构造一个一元多项式方程 f = p*q-n = p*(p+2**520)-n,然后求解方程的根,此时p在根附近,于是在将根值往前推直至n%p=0为止,此时p为所求,则q=n//p

#sage
import gmpy2
import libnum
e = 22406617662992657889189996038164778072134256533643932957015006754647822578958941307848612281469431201991306481890996110372419319706474785730441458621818413195157394408942556272495727435704953347478158553946953413179163328976215167865874464655775410591847016921402275945868909242077897959037348916785120117461655
n = 24060380804148316574301133150703936973811513337391019200164987960874105848921375758959945881263552336035571494502139825591685175642839368578283761865745224459787280066739212098720274347746524677894359534493555854937925590705524983104059677695973201044287743440388194064688873456047929476158165843812125976675193
c = 6224246192773369488536745056540125828918816255225886951931770916428603800143493592040760978737512689281802769927712229089196097571495191027802589192805135838831322474642230511392667306908597027184532769940279896145161482936674583102879507860488435333891036563479618834572359715411724343814117656984603501647779
RF = RealField(1000)
x = polygen(RF)
f = x * (x + 2**520) - n
p = int(f.roots()[1][0])
print(p)
while n % p != 0:
    p = p - 1

q = n // p
print(f"p = {p}")
print(f"q = {q}")
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
flag = libnum.n2s(int(m))
print(flag)

flag:

DASCTF{24ce231dcbc-08aa5-4ba28-8ef5-231dcb00sd2ed}

Mypow

题目:

+from Crypto.Util.number import *
from gmpy2 import *
import os

flag = b'xxx'
def Mypow(b, e, mod):
    a = 1
    while e:
        e >>= 1
        b = (b*b)%mod
        if e&1:
            a = (a*b)%mod
    return a

def Genp(bit_length):
    coeff = 2 ** 5 * 3 * 7
    while True:
        tmp_prime = getRandomNBitInteger(bit_length - 10)
        p = coeff * tmp_prime + 1
        if is_prime(p):
            break
    return p

def Genkeys(bit_length):
    p,q = Genp(bit_length),Genp(bit_length)
    n = p * q
    hint = (2 * p + 7 * q) % n
    return n, hint

if __name__ == '__main__':
    e = next_prime(666)
    n, hint = Genkeys(512)
    m = bytes_to_long(os.urandom(30) + flag)
    ct = Mypow(m,e,n)
    print(f'n = {n}')
    print(f'hint = {hint}')
    print(f'ct = {ct}')

    '''
    n = 36443283250594259606482132779262570582448178589602577809591307671554949253094255209079689901493052116793388954529442162972106210862341856282788030374324677114528044629385805693771773377070021111949953333360526159026822968061585876873187059674130307295006486032106471182393880915860569773206853864515489855553
    hint = 57792516722001523643789088224096258172899052039145876393373730235406451592173971020702024058282699663364267742428240581839287357212741266617791207580236457
    ct = 24482128269957355675512496312977308128712253968496848873519792376434347925427116612997489113223781321628516365811583310346553402215907938918891908853234881284620764982626375301219763593402089309909155204943747718536894186749932544428588048770663458669109073657836937287831725958017345747881678942488157429000
    '''

已知 n = p ∗ q n=p*q n=pq h i n t = 2 p + 7 q hint=2p+7q hint=2p+7q,可推
2 ∗ p 2 + 7 ∗ p ∗ q = p ( 2 p + 7 q ) = p ∗ h i n t 2*p^2+7*p*q=p(2p+7q)=p*hint 2p2+7pq=p(2p+7q)=phint
由此,我们可构建方程, f = 2 x 2 + 7 n − x ∗ h i n t f=2x^2+7n-x*hint f=2x2+7nxhint,解方程得到p,进而得到q=n//p。

#sage
R.<x> = Zmod()[]
f = 2*x^2 + 7*n - hint*x
p = int(f.roots()[0][0])
q = n//p

Mypow(b,e,mod)函数相当于pow(m,e,n)函数,但是对于不同的幂e结果不同。当e为偶数时,相当于pow(m,e,n);当e为奇数时,相当于pow(m,e-1,n)。本题的e = next_prime(666),显然是一个素数(必然是奇数),因此真正的e = next_prime(666)-1
经计算,gcd(e,phi)=e,因此演变为有限域下开根问题。分别在 G F ( p ) , G F ( q ) GF(p),GF(q) GF(p),GF(q)上开e次方根,之后crt组合一下,求出所有的m,再判断字符串中是否含有DASCTF即可得到flag。

#sage
import gmpy2
from Crypto.Util.number import  *

n = 36443283250594259606482132779262570582448178589602577809591307671554949253094255209079689901493052116793388954529442162972106210862341856282788030374324677114528044629385805693771773377070021111949953333360526159026822968061585876873187059674130307295006486032106471182393880915860569773206853864515489855553
hint = 57792516722001523643789088224096258172899052039145876393373730235406451592173971020702024058282699663364267742428240581839287357212741266617791207580236457
ct = 24482128269957355675512496312977308128712253968496848873519792376434347925427116612997489113223781321628516365811583310346553402215907938918891908853234881284620764982626375301219763593402089309909155204943747718536894186749932544428588048770663458669109073657836937287831725958017345747881678942488157429000

R.<x> = Zmod()[]
f = 2*x^2 + 7*n - hint*x
p = int(f.roots()[0][0])
q = n//p

e = gmpy2.next_prime(666)-1

R.<x> = Zmod(p)[]
f = x^e-ct
f = f.monic()
results1 = f.roots()

R.<x> = Zmod(q)[]
f = x^e-ct
f = f.monic()
results2 = f.roots()

for i in results1:
	for j in results2:
		param1 = [int(i[0]),int(j[0])]
		param2 = [p,q]
		m = CRT_list(param1,param2)
		flag = long_to_bytes(int(m))
		if b'DASCTF' in flag:
			print(flag)
			break

flag:

DASCTF{FastP0w3r_4nd_AMM_0f_R5A}

baby_RSA

题目:

n=18941897966618549590482921932069269855566887560846003853615076099963108817185327262750999516754222357223603475688339480435312583490395860452876528267241529839128983282347116489462087590022946148697811918490562357700477812317981112859801696914920157218261227248163354934594592989948835696126525303358401172927693681573257245675773302383672536531760449692312660789004434502847176542175872828631412512434830044930393378761413148832473147778681111895140827684384523695468243679431394541437405220444389502412532816429448282704044345362927781837263473315252015292522704945829965688617978850430082494284515433755194353439337
c1=16526118626986017587535672306501535736692950947614409401612053801360048305344788074060161991592465238423703152619212847540401135865568611456448069291895155754469395615728785061984518496536397902069681784511121811306784617822082388392704359591309731536503001254216652492074215090776170134134687632575101823975955490855193514898535824814240480721772488425500309069255541262657807513487602741417690129808594555617044051707040663245698288030031495680697068057476361442627006464925235000245587220216985373423116156019250717175060849008225344903717354712612845144538174414672321666720723995449432568958322357146091477808460
c2=13095063120062097779974070527081507876693191121709938699390212467606444451673018463188917059026307468646743035133125440725404382070023081106408921203784833033918414311077921555812942741835149413503118131837527750773914147553704346395325785033066932850586170939707921231437443228445877551150362056106182544493023070856816826868331368624823083157497076460097194318268087043896775120421878080384043405389184733148396101712952408224574223075652024582768672259152893749081236671766957797998433416800582010130500789821457750906031155425082685565945551613263143888863898305690312122595860844005317675247247221445967298905015
e= 51359

hint: e = e 1 ∗ e 2 e = e_1*e_2 e=e1e2

使用divisors函数分解e,然后遍历所有的因子,再进行共模攻击,再判断字符串中是否包含flag即可。

#sage
from Crypto.Util.number import *
import gmpy2

n=18941897966618549590482921932069269855566887560846003853615076099963108817185327262750999516754222357223603475688339480435312583490395860452876528267241529839128983282347116489462087590022946148697811918490562357700477812317981112859801696914920157218261227248163354934594592989948835696126525303358401172927693681573257245675773302383672536531760449692312660789004434502847176542175872828631412512434830044930393378761413148832473147778681111895140827684384523695468243679431394541437405220444389502412532816429448282704044345362927781837263473315252015292522704945829965688617978850430082494284515433755194353439337
c1=16526118626986017587535672306501535736692950947614409401612053801360048305344788074060161991592465238423703152619212847540401135865568611456448069291895155754469395615728785061984518496536397902069681784511121811306784617822082388392704359591309731536503001254216652492074215090776170134134687632575101823975955490855193514898535824814240480721772488425500309069255541262657807513487602741417690129808594555617044051707040663245698288030031495680697068057476361442627006464925235000245587220216985373423116156019250717175060849008225344903717354712612845144538174414672321666720723995449432568958322357146091477808460
c2=13095063120062097779974070527081507876693191121709938699390212467606444451673018463188917059026307468646743035133125440725404382070023081106408921203784833033918414311077921555812942741835149413503118131837527750773914147553704346395325785033066932850586170939707921231437443228445877551150362056106182544493023070856816826868331368624823083157497076460097194318268087043896775120421878080384043405389184733148396101712952408224574223075652024582768672259152893749081236671766957797998433416800582010130500789821457750906031155425082685565945551613263143888863898305690312122595860844005317675247247221445967298905015
e = 51359
e_list = divisors(e)
for e1 in e_list:
    for e2 in e_list:
        if gmpy2.gcd(e1, e2) == 1:
            g, s1, s2 = gmpy2.gcdext(e1, e2)
            m = pow(c1, s1, n) * pow(c2, s2, n) % n
            flag = long_to_bytes(int(m))
            if b'flag' in flag:
                print(flag)
                break
        else:
            pass

flag:

flag{qwdu534qwf45qf23156qf165vurt54h}

EasyRSA

题目:

from Crypto.Util.number import *
from gmpy2 import *
from secret import flag
from random import *

gift = 0x98efa1cac6d4a1031759ddfb2cb2a1361b76a0327802e5b99e2f98a1a410705fe93f36979441c6b5eab2737bacc66565d425c56c434d04cbc2b3d756d264995f8b198d6887ec2dddfa640d88932604115d80a9f1f0d18538a738016292057518e02b8520d1322f2cc8c500438d24e041ef9d3e70244e327e28d03c371b7d119a387bf7dfaf7b1ad89ce68f0bdf5858d961b48a6080c589a7e5ac9505cb3893510670299d2f4570acca050e26f828056a4276387b69f64a1498552754ede89e21a1c4a5e0754b41aa2c17823b6d84666896d865c9627a3be5cb8ede76461b44f7ed2398cb29f52073f23c5b0b5ac1af048d310ddec9b683ae0535670195ea510012eb16fb60186a5c26f6c516addeade9bed3dea308fc9196de5b5e99b8f8354b9116995dffb350b5b71ee8ae21b776e122508bf4acd8c9c69bb67a8003291b9a217301656ff332d6802db63605aee2a881e0ddf08904e5c8ace0cd44bffdeee7b10e1b5d868b25ddb1248802c7341267f9862b9319cbaada6d7b557425273256505470d2d610232c00d53475693db249299594ee62271589ec4ebd92c0f37d05ca24c556948dd30b3e6b124f059e4776ef219766e805bf7b1003734172e8d2cda130966bd6c5643071efef3e39bc11f6bdfef4ba6e9fa450f7605bcf9ca22c5f12fdec2f8b3ead07a34a427e3602792939873a2481a8dd0e454305b5ce374a77

def make_gift(p, q):
    n_bits = len(bin(p * q)) - 2
    phi = (p - 1) * (q - 1)
    r = randint(11, 111)
    while True:
        a = getPrime(n_bits // 4 - r)
        if gcd(a, phi) != 1:
            continue
        b = invert(a, phi)
        e = invert(b, gift)
        if gcd(e, phi) == 1:
            break
    d = invert(e, phi)
    return (e, d)

p = getPrime(2048)
q = getPrime(2048)
n = p * q
e, d = make_gift(p, q)
c = pow(bytes_to_long(flag), e, n)

print("n:", hex(n))
print("e:", hex(e))
print("c:", hex(c))

'''
n: 0xf5da802f4a0d148a957254c9287bf1515c81088416067574fb614342d15757b84014125fa9b0b2e8158a7321a0bcde32c6b98abede5da9e526dd2e67c148f89ac0787fa55dd2a2922bc0595e67cb347ab923ee251b1e7c395706a8956335032914f152fe30556feb48592be713c120186266a085a96dee08d86283362dd2593c0df06d83050ad7d3ce5a0ae482b32800a80f66f5d8bfa306b365faec72f4cfc02846c222602a660bd024c8b05055ee824a7a14d6c3d1227ecff1c5b95016ba4ac82f3d493c51ba5e07f3d220ec633358165c97062ffe35abba6745cb7e9182aade6f867fe1ade89515ef61e1c20f08b81b19afbc09be357b2cb328fbb341408bc2ac3fbd66ab7eb7470123e8bea12c3f46082c1f37dd9eb9716d2fe92c090b63f64b8fe3e456f08ced64068e9232309c1d71f9723a2cdf643aa3eca2c0d5fcb1ffe95f9c25bd090ea94f408411e1e030016a91b024eba077fd709d69feec798a86160b921fdc058a5d6b041997737789cd4afbab4a92a80f53152ef4c6cfed432de2bf5c1cb53e33cbed6776a1f7ea4b543f688f34c7765eb441246fdccd34f0c07dca305649375d59f62087d5b2bb863f1fc6d74fe47ab1e8cbf948473e7bc08d6bb8801518d908548624a6eea403ac7ec8531920bbb319681887e70fe1c67def9a431e3ed342fae3fe4bbed35f3081ffe54b8d41409a9d017963ceb1261745
e: 0x324029b96d92446e3315b04d321db7228b30a3d0f0be3d16b7356b4259bf54e9203756fbb08713b88dbdc4986cc7ca676888f7b286b648028428af30175f4568d6443ba8f3a96a168fbe60a71addaf63b307e619c1047c24c88f2619c54b565a20fb066639c74bd7187f66e641384acca5dd59ae652873ebf715de7e1ccaa13187377e1a3c2f7ef2a3607a03bd216ef34ba3788bdb4a23b2a0ae158282c773e19635494907f65798e2a8927d6df96a4eb24ff3b40689d8ea4a82587d6dc7a268e5094c049e2321689c9d0f3fe6e261642970946d7454911518198b6e3cf7227a8e5467a6efa2ffff369307121216c65670e1319cfa20da72b4b5f5cd4a2115f360d9da94b84469466ca886d30184059dec26caca654e601c62c17b33dc30dcd66e1b89578267df7cbc4fe5270b72a23861d54426e86e3dfd7a6ae5a38168229d3f6352dfcd3d21674f349af741cc6a858a3e67c55329fb8c0fd21fb50fd2c3174b0ec2e365b0a0f444de1759ecb98a56dbd7830401e663782a564b4de2208606bee3aa98e0970d6f7cdf923c12852caaf86ef75ff438b1879da69b30564fcc7cc9aa38691ce1353fec995eaf4b8d97792b4f627bb7b631ec0dfcf8ee9333f592462ca6f16e99ef5ecece276c25ddb57b03f87266be0038bc78d374161bb8f558b8fca419a7716c984499bf17832ea2eb2e68fd4118fdb2e5a6d49d08dba0db69
c: 0x5951976397efab4db75cecd1d669f64e31da28c82f383b920fe83a1b99a913d1cb60db9d5fc58795ae011a5c5949cc0b1f53ce28e1505aad93a5ffc9e71418f32aff300ff7d9d5de83c5f53535ea6f25bbc31b56bb7f785d95edf10672bb458f6dba81acc3fd9c2de79506ea7520068b17018359642f34c365580a8e200d411f5a80f38b673706b365f0e6d2e6fb3732208acc0ab64e6159310f8fe4076f9cff17192cb8cbf37c0278e5772c1ac7c80314fc8ec6eaa39852a8e67c5592a5d87dd406e189c19c8db635f8d50e48051dc6e29d1d52e233a490cb53e1d1a592fd3883ef25f02beaf90eb4323a6e3b37c814969689c11e696422125ccd7f8a2e4fcb5276784f1d2cb5aaa2b5a5944f6330684c1c9b9c8da6ca25b18b4024d6e859014ed488643193fe1f8a4b7fdc94ad59965e00cc6cfcbb123a04c13bacbfdf2a3fc240d08c416cbb0acfaa416c81aa351c43ab62020ab39ffa3d2ccde402cb7afbde6dcb61ad0270c44560dced8eb70ae6eeb4c3c092428e94fcf334afab39e10eb1a48a02444358d32ca2ebee3045b473c3b7f9629bbce56d599969c2e2e43d6c2d10079c0e7358f5e944020f77d5f79f6cf78952434cc038ffdadccc6ef1e88f0b8cf6cfe1a6b3f0f5ac1492b387c1dc29f6624f6b20fa86c0ed5d71296275df3388467680bf5208afbb39277045f0dd6a3230418e8220ee7a213888a712d682
'''

e ∗ b ≡ 1   m o d   g i f t e*b \equiv1 \space mod \space gift eb1 mod gift,那么可求出b = gmpy2.invert(a,gift)
因为a非常大,满足维纳攻击的条件,我们使用维纳攻击计算出a。现在相当于RSA中已知n,e,d,我们可以根据这三个条件分解n得到p,q,最后简单RSA解密即可。

from Crypto.Util.number import *
import gmpy2
import random

n = 0xf5da802f4a0d148a957254c9287bf1515c81088416067574fb614342d15757b84014125fa9b0b2e8158a7321a0bcde32c6b98abede5da9e526dd2e67c148f89ac0787fa55dd2a2922bc0595e67cb347ab923ee251b1e7c395706a8956335032914f152fe30556feb48592be713c120186266a085a96dee08d86283362dd2593c0df06d83050ad7d3ce5a0ae482b32800a80f66f5d8bfa306b365faec72f4cfc02846c222602a660bd024c8b05055ee824a7a14d6c3d1227ecff1c5b95016ba4ac82f3d493c51ba5e07f3d220ec633358165c97062ffe35abba6745cb7e9182aade6f867fe1ade89515ef61e1c20f08b81b19afbc09be357b2cb328fbb341408bc2ac3fbd66ab7eb7470123e8bea12c3f46082c1f37dd9eb9716d2fe92c090b63f64b8fe3e456f08ced64068e9232309c1d71f9723a2cdf643aa3eca2c0d5fcb1ffe95f9c25bd090ea94f408411e1e030016a91b024eba077fd709d69feec798a86160b921fdc058a5d6b041997737789cd4afbab4a92a80f53152ef4c6cfed432de2bf5c1cb53e33cbed6776a1f7ea4b543f688f34c7765eb441246fdccd34f0c07dca305649375d59f62087d5b2bb863f1fc6d74fe47ab1e8cbf948473e7bc08d6bb8801518d908548624a6eea403ac7ec8531920bbb319681887e70fe1c67def9a431e3ed342fae3fe4bbed35f3081ffe54b8d41409a9d017963ceb1261745
e = 0x324029b96d92446e3315b04d321db7228b30a3d0f0be3d16b7356b4259bf54e9203756fbb08713b88dbdc4986cc7ca676888f7b286b648028428af30175f4568d6443ba8f3a96a168fbe60a71addaf63b307e619c1047c24c88f2619c54b565a20fb066639c74bd7187f66e641384acca5dd59ae652873ebf715de7e1ccaa13187377e1a3c2f7ef2a3607a03bd216ef34ba3788bdb4a23b2a0ae158282c773e19635494907f65798e2a8927d6df96a4eb24ff3b40689d8ea4a82587d6dc7a268e5094c049e2321689c9d0f3fe6e261642970946d7454911518198b6e3cf7227a8e5467a6efa2ffff369307121216c65670e1319cfa20da72b4b5f5cd4a2115f360d9da94b84469466ca886d30184059dec26caca654e601c62c17b33dc30dcd66e1b89578267df7cbc4fe5270b72a23861d54426e86e3dfd7a6ae5a38168229d3f6352dfcd3d21674f349af741cc6a858a3e67c55329fb8c0fd21fb50fd2c3174b0ec2e365b0a0f444de1759ecb98a56dbd7830401e663782a564b4de2208606bee3aa98e0970d6f7cdf923c12852caaf86ef75ff438b1879da69b30564fcc7cc9aa38691ce1353fec995eaf4b8d97792b4f627bb7b631ec0dfcf8ee9333f592462ca6f16e99ef5ecece276c25ddb57b03f87266be0038bc78d374161bb8f558b8fca419a7716c984499bf17832ea2eb2e68fd4118fdb2e5a6d49d08dba0db69
c = 0x5951976397efab4db75cecd1d669f64e31da28c82f383b920fe83a1b99a913d1cb60db9d5fc58795ae011a5c5949cc0b1f53ce28e1505aad93a5ffc9e71418f32aff300ff7d9d5de83c5f53535ea6f25bbc31b56bb7f785d95edf10672bb458f6dba81acc3fd9c2de79506ea7520068b17018359642f34c365580a8e200d411f5a80f38b673706b365f0e6d2e6fb3732208acc0ab64e6159310f8fe4076f9cff17192cb8cbf37c0278e5772c1ac7c80314fc8ec6eaa39852a8e67c5592a5d87dd406e189c19c8db635f8d50e48051dc6e29d1d52e233a490cb53e1d1a592fd3883ef25f02beaf90eb4323a6e3b37c814969689c11e696422125ccd7f8a2e4fcb5276784f1d2cb5aaa2b5a5944f6330684c1c9b9c8da6ca25b18b4024d6e859014ed488643193fe1f8a4b7fdc94ad59965e00cc6cfcbb123a04c13bacbfdf2a3fc240d08c416cbb0acfaa416c81aa351c43ab62020ab39ffa3d2ccde402cb7afbde6dcb61ad0270c44560dced8eb70ae6eeb4c3c092428e94fcf334afab39e10eb1a48a02444358d32ca2ebee3045b473c3b7f9629bbce56d599969c2e2e43d6c2d10079c0e7358f5e944020f77d5f79f6cf78952434cc038ffdadccc6ef1e88f0b8cf6cfe1a6b3f0f5ac1492b387c1dc29f6624f6b20fa86c0ed5d71296275df3388467680bf5208afbb39277045f0dd6a3230418e8220ee7a213888a712d682
gift = 0x98efa1cac6d4a1031759ddfb2cb2a1361b76a0327802e5b99e2f98a1a410705fe93f36979441c6b5eab2737bacc66565d425c56c434d04cbc2b3d756d264995f8b198d6887ec2dddfa640d88932604115d80a9f1f0d18538a738016292057518e02b8520d1322f2cc8c500438d24e041ef9d3e70244e327e28d03c371b7d119a387bf7dfaf7b1ad89ce68f0bdf5858d961b48a6080c589a7e5ac9505cb3893510670299d2f4570acca050e26f828056a4276387b69f64a1498552754ede89e21a1c4a5e0754b41aa2c17823b6d84666896d865c9627a3be5cb8ede76461b44f7ed2398cb29f52073f23c5b0b5ac1af048d310ddec9b683ae0535670195ea510012eb16fb60186a5c26f6c516addeade9bed3dea308fc9196de5b5e99b8f8354b9116995dffb350b5b71ee8ae21b776e122508bf4acd8c9c69bb67a8003291b9a217301656ff332d6802db63605aee2a881e0ddf08904e5c8ace0cd44bffdeee7b10e1b5d868b25ddb1248802c7341267f9862b9319cbaada6d7b557425273256505470d2d610232c00d53475693db249299594ee62271589ec4ebd92c0f37d05ca24c556948dd30b3e6b124f059e4776ef219766e805bf7b1003734172e8d2cda130966bd6c5643071efef3e39bc11f6bdfef4ba6e9fa450f7605bcf9ca22c5f12fdec2f8b3ead07a34a427e3602792939873a2481a8dd0e454305b5ce374a77
#find b,  e*b = 1 mod gift
b = gmpy2.invert(e,gift)

def continuedFra(x, y):
    """计算连分数
    :param x: 分子
    :param y: 分母
    :return: 连分数列表
    """
    cf = []
    while y:
        cf.append(x // y)
        x, y = y, x % y
    return cf


def gradualFra(cf):
    """计算传入列表最后的渐进分数
    :param cf: 连分数列表
    :return: 该列表最后的渐近分数
    """
    numerator = 0
    denominator = 1
    for x in cf[::-1]:
        # 这里的渐进分数分子分母要分开
        numerator, denominator = denominator, x * denominator + numerator
    return numerator, denominator


def solve_pq(a, b, c):
    """使用韦达定理解出pq,x^2−(p+q)∗x+pq=0
    :param a:x^2的系数
    :param b:x的系数
    :param c:pq
    :return:p,q
    """
    par = gmpy2.isqrt(b * b - 4 * a * c)
    return (-b + par) // (2 * a), (-b - par) // (2 * a)


def getGradualFra(cf):
    """计算列表所有的渐近分数
    :param cf: 连分数列表
    :return: 该列表所有的渐近分数
    """
    gf = []
    for i in range(1, len(cf) + 1):
        gf.append(gradualFra(cf[:i]))
    return gf


def wienerAttack(e, n):
    """
    :param e:
    :param n:
    :return: 私钥d
    """
    cf = continuedFra(e, n)
    gf = getGradualFra(cf)
    for d, k in gf:
        if k == 0: continue
        if (e * d - 1) % k != 0:
            continue
        phi = (e * d - 1) // k
        p, q = solve_pq(1, n - phi + 1, n)
        if p * q == n:
            return d

# find a by wiener attack ,which means d in rsa
a = wienerAttack(b,n)

def divide_pq(e, d, n):
    k = e*d - 1
    while True:
        g = random.randint(2, n-1)
        t = k
        while True:
            if t % 2 != 0:
                break
            t //= 2
            x = pow(g, t, n)
            if x > 1 and gmpy2.gcd(x-1, n) > 1:
                p = gmpy2.gcd(x-1, n)
                return (p, n//p)

# known e,d,n  divide p and q
p,q = divide_pq(a,b,n)
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
flag = long_to_bytes(m)
print(flag)

flag:

flag{W1nn3r_4tt4ck_1s_0k_!}

你懂RSA吗

题目:

from gmpy2 import *
from secret import flag, hint
from Crypto.Util.number import *
from sympy import *

m1 = bytes_to_long(flag[:len(flag) // 2])
m2 = bytes_to_long(flag[len(flag) // 2:])

def gete(e, phi):
    while True:
        if gcd(e, phi) == 1:
            return e
        else:
            e = nextprime(e)


# RSA#1
p1 = getPrime(1024)
q1 = nextprime(p1)
n1 = p1 * q1
phi1 = (p1 - 1) * (q1 - 1)
e1 = gete(getPrime(18), phi1)
d1 = invert(e1, phi1)
c1 = pow(m1, e1, n1)
print('c1 = ' + str(c1))
# print('n1 = ' + str(n1) + '\n' +
#       'e1 = ' + str(e1) + '\n')

# RSA#2
p2 = getPrime(1024)
q2 = getPrime(1024)
n2 = q2 * p2
phi2 = (p2 - 1) * (q2 - 1)
e2 = gete(getPrime(17), phi2)
d2 = invert(e2, phi2)
c2 = pow(m2, e2, n2)
print('c2 = ' + str(c2))
# print('p2 = ' + str(p2) + '\n' +
#       'q2 = ' + str(q2) + '\n' +
#       'n2 = ' + str(n2) + '\n' +
#       'e2 = ' + str(e2) + '\n' +
#       'd2 = ' + str(d2))

# RSA#3
p3 = getPrime(512)
q3 = getPrime(512)
n3 = q3 * p3
phi3 = (p3 - 1) * (q3 - 1)
e3 = gete(getPrime(18), phi3)
d3 = invert(e3, phi3)
c3 = pow(bytes_to_long(hint), e3, n3)
print('p3 = ' + str(p3) + '\n' +
      'q3 = ' + str(q3) + '\n' +
      'dp3 = ' + str(d3 % (p3 - 1)) + '\n' +
      'dq3 = ' + str(d3 % (q3 - 1)) + '\n' +
      'c3 = ' + str(c3) + '\n')

'''
c1 = 22174029170472408206925317076073043420894146164245984513340870318355661512525991461242672876579919328182461896419967224664448944167711125659536698909328115475500945822640519133190059966264237324981949930399526364419738220809569927722192868778639813090738131657587264840367644694061115160773023580543920084929748399148178702225712911176256956224775128704303027831752557351932432075076157070898061567672702897151144619971875201217685327600270527780313430553318062411578705980314887424183403168239225614870874838731789712153752400767845145106178451674432872533188785420237737349888569724838577725179304747976155836528847
c2 = 10006956750702744303137845836730927141799706624172551459783330437667128195604549377600905839723612359687545817501794804478132211323657104751029372453359464026864968972464883675500595304223093507632350492084010491130081665728182685954048949109653693249111253069794108059350353213391544115840233839828208072185801721609295479840358583549661814221304084750980072823512963591716048308048539407543323924798329369799578602466336065436323363597239602321921514918868038140356589054841516163876544415605778360640782130481614039149302608722444909890759048138800702326642667527192623969418036087996474429011639448153049587797462
p3 = 687104299205124+2891353553828899476415458203263978116790716337081548776068741385334659024997003813526251309677426804084745771024501352235018170100684175461
q3 = 6834465353091839104371740967212016644595780246793635968655238380829500111702811200820371080007560944435951010124236903046782106679767154721052005084109581
dp3 = 467439171809080897562812158716113371309992932574365431517842223709652090731602413652476839178504114432476940007157603066114339287906444433126732288932893
dq3 = 3431333508698715944036764699886242262043494073402064203167658489949139507430255388444870068919384813249331639339226259968646375217058269607167202636893253
c3 = 37748087350954498108276083391021015026310493963518031097482650818277570058294408094828106125531413903496569964230242579745002006918502804782348770630190106624647053817071228704522300210169354364199058884898426724603517264523516972890674703377695391122729953449202278272630556978735605677793006582502650005834
'''

Challenge.txt:

由于在生成公钥对的过程中电脑卡了卡,导致转为{hint}后部分数据混乱,公钥部分无法正常解析,私钥部分少了前三个数据和最后一个数据,但幸运的是重要数据并没有损坏

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGjK21FO8/FjPZM+gGJ3
TvykTBocH9CReiBWuzkZwZmVt6wTJzerWS+DPRFJo7IviUxR0VOncEwxNgBzy5Ii
DXDvR6gwSXRjCvKD8fHBg3I96Lj2yV29t0J0mVyCoWqVAnxv09cUBIa25K5vmUIU
Pd1pA1m2xDLCQ54knHUjwK/fayGMrHHrT+bhSSFSIIguqKUOQ5ucgwWApTTF8CF7
yXITpq3kkYoZtSS4XewWr90xE+4v6vXNJ6vWJnxjaztEJ5meThH0DTgGTyq2/R59
jlCQ7suLqjH0S8HtSGQ4bM7sJkL+3WWDoyCgqKNvMpJmx9cQ5Gq8qgQ5ZZnqEI+0
MQIDAjKf
-----END RSA PUBLIC KEY-----

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKBgQD3z3W6ws4Svfnng1Cw6MpyM/V25hiIUR0JYkJg3FsfQ4C2mIET
Cf38dVSoyqDmyelOGTN34RH/h+tA5t/qXZwsdx+xVyT1eL5He2DRdO6jZb+NIn4a
mbEAAWIeBEgLXTZ4YKVLw+WluoFhaFyLILPWEDalfuc35gyF7BEIU8hK5QKBgQDS
JFoZ30p9ysWinUf5vHppnHxR14J7wFs+gXg1cDT64/cQNlcj4/DpJmAL52yAexbm
Wi5VtiD3o7+qjNH+X8l6Z5+uIOSouj4Vnnz6z5xfmO4DlR7DSNO5wa6Elt/zGZt0
OulmGJqaNftLEK2Tp4EE63fuMww15aBOyuNBhMNTLQKBgBwPfNhKCMWsh2jEwNVX
dt0ZrxjokyyUasJOQw/uw861eRS0DiGWxxDYRF7cmv2nLWjvh5lyffQ+ctAllINY
WD/cuVT+divpoTo86Uiugfs0oU0c88SVVKqYfYDCoVnQE0PsRatfolhy1wWtqJUE
ffimW1nAFfSJcy+S/JbBzfNVAoGAeLRAvNOxagfq9bj5+sz0U217S1dKr+KRhpm/
fpJxHBuNclaEPy1S19kfGjdX74TEZpQuQTVYQmZgVYqFpGNIy3JyGgby0KgJuUlL
6JUP8Slardwdy3Yth2lk4Ov4vx5aWKzuG6LOSv3u1fNCgKmaRkUqojvYK602I4wO
dTfZKhE=
-----END RSA PRIVATE KEY-----

RSA1
这一部分考虑 pem公钥格式的解析

在PKCS#1 RSA算法标准中定义RSA共钥语法为:

RSAPublicKey ::= SEQUENCE {
    modulus           INTEGER,  -- n
    publicExponent    INTEGER   -- e
}

将base64字符串解码后,再转换为16进制

30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc68cadb514ef3f1633d933e806277
4efca44c1a1c1fd0917a2056bb3919c19995b7ac132737ab592f833d1149a3b22f894c51d153a7704c31360073cb9222
0d70ef47a8304974630af283f1f1c183723de8b8f6c95dbdb74274995c82a16a95027c6fd3d7140486b6e4ae6f994214
3ddd690359b6c432c2439e249c7523c0afdf6b218cac71eb4fe6e149215220882ea8a50e439b9c830580a534c5f0217b
c97213a6ade4918a19b524b85dec16afdd3113ee2feaf5cd27abd6267c636b3b4427999e4e11f40d38064f2ab6fd1e7d
8e5090eecb8baa31f44bc1ed4864386cceec2642fedd6583a320a0a8a36f329266c7d710e46abcaa04396599ea108fb4
31020302329f

30820122:表示后面是一个SEQUENCE,总长度为0x122,即使290字节
02820101:表示后面是一个INTEGER,长度是0101即257字节,后面跟的00 …即为n的内容,257字节
0203:表示后面是一个INTEGER,长度是03即3字节,内容 0x02329f,这就是e。

获取到的数据如下:

n1 = 0xcc68cadb514ef3f1633d933e8062774efca44c1a1c1fd0917a2056bb3919c19995b7ac132737ab592f833d1149a3b22f894c51d153a7704c31360073cb92220d70ef47a8304974630af283f1f1c183723de8b8f6c95dbdb74274995c82a16a95027c6fd3d7140486b6e4ae6f9942143ddd690359b6c432c2439e249c7523c0afdf6b218cac71eb4fe6e149215220882ea8a50e439b9c830580a534c5f0217bc97213a6ade4918a19b524b85dec16afdd3113ee2feaf5cd27abd6267c636b3b4427999e4e11f40d38064f2ab6fd1e7d8e5090eecb8baa31f44bc1ed4864386cceec2642fedd6583a320a0a8a36f329266c7d710e46abcaa04396599ea108fb431
e1 = 0x2329f

又因为p和q相近,所以直接对n1进行开方,然后往后循环取下一个素数直到能被n1整除为止,此时q为所求。

common_key = '''MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGjK21FO8/FjPZM+gGJ3
TvykTBocH9CReiBWuzkZwZmVt6wTJzerWS+DPRFJo7IviUxR0VOncEwxNgBzy5Ii
DXDvR6gwSXRjCvKD8fHBg3I96Lj2yV29t0J0mVyCoWqVAnxv09cUBIa25K5vmUIU
Pd1pA1m2xDLCQ54knHUjwK/fayGMrHHrT+bhSSFSIIguqKUOQ5ucgwWApTTF8CF7
yXITpq3kkYoZtSS4XewWr90xE+4v6vXNJ6vWJnxjaztEJ5meThH0DTgGTyq2/R59
jlCQ7suLqjH0S8HtSGQ4bM7sJkL+3WWDoyCgqKNvMpJmx9cQ5Gq8qgQ5ZZnqEI+0
MQIDAjKf'''
#common_key = "".join(common_key.split("\n"))
common_key = common_key.split("\n")
for i in common_key:
    print(base64.b64decode(i).hex())

c1 = 22174029170472408206925317076073043420894146164245984513340870318355661512525991461242672876579919328182461896419967224664448944167711125659536698909328115475500945822640519133190059966264237324981949930399526364419738220809569927722192868778639813090738131657587264840367644694061115160773023580543920084929748399148178702225712911176256956224775128704303027831752557351932432075076157070898061567672702897151144619971875201217685327600270527780313430553318062411578705980314887424183403168239225614870874838731789712153752400767845145106178451674432872533188785420237737349888569724838577725179304747976155836528847
n1 = 0xcc68cadb514ef3f1633d933e8062774efca44c1a1c1fd0917a2056bb3919c19995b7ac132737ab592f833d1149a3b22f894c51d153a7704c31360073cb92220d70ef47a8304974630af283f1f1c183723de8b8f6c95dbdb74274995c82a16a95027c6fd3d7140486b6e4ae6f9942143ddd690359b6c432c2439e249c7523c0afdf6b218cac71eb4fe6e149215220882ea8a50e439b9c830580a534c5f0217bc97213a6ade4918a19b524b85dec16afdd3113ee2feaf5cd27abd6267c636b3b4427999e4e11f40d38064f2ab6fd1e7d8e5090eecb8baa31f44bc1ed4864386cceec2642fedd6583a320a0a8a36f329266c7d710e46abcaa04396599ea108fb431
e1 = 0x2329f
q1_near = gmpy2.iroot(n1,2)[0]
while n1%q1_near!=0:
    q1_near = gmpy2.next_prime(q1_near)
q1 = q1_near
p1 = n1//q1
phi1 = (p1 - 1) * (q1 - 1)
d1 = gmpy2.invert(e1,phi1)
m1 = pow(c1,d1,n1)
flag1 = long_to_bytes(m1)

RSA2
这一部分考虑 pem私钥格式的解析
在PKCS#1 RSA算法标准中定义RSA私钥语法为:

RSAPrivateKey ::= SEQUENCE {

version Version,

modulus INTEGER, -- n

publicExponent INTEGER, -- e

privateExponent INTEGER, -- d

prime1 INTEGER, -- p

prime2 INTEGER, -- q

exponent1 INTEGER, -- d mod (p-1)

exponent2 INTEGER, -- d mod (q-1)

coefficient INTEGER, -- (inverse of q) mod p

otherPrimeInfos OtherPrimeInfos OPTIONAL

}

将base64字符串解码后,再转换为16进制

308204a202010002818100f7cf75bac2ce12bdf9e78350b0e8ca7233f576e61888511d09624260dc5b1f4380b6988113
09fdfc7554a8caa0e6c9e94e193377e111ff87eb40e6dfea5d9c2c771fb15724f578be477b60d174eea365bf8d227e1a
99b10001621e04480b5d367860a54bc3e5a5ba8161685c8b20b3d61036a57ee737e60c85ec110853c84ae502818100d2
245a19df4a7dcac5a29d47f9bc7a699c7c51d7827bc05b3e8178357034fae3f710365723e3f0e926600be76c807b16e6
5a2e55b620f7a3bfaa8cd1fe5fc97a679fae20e4a8ba3e159e7cfacf9c5f98ee03951ec348d3b9c1ae8496dff3199b74
3ae966189a9a35fb4b10ad93a78104eb77ee330c35e5a04ecae34184c3532d0281801c0f7cd84a08c5ac8768c4c0d557
76dd19af18e8932c946ac24e430feec3ceb57914b40e2196c710d8445edc9afda72d68ef8799727df43e72d025948358
583fdcb954fe762be9a13a3ce948ae81fb34a14d1cf3c49554aa987d80c2a159d01343ec45ab5fa25872d705ada89504
7df8a65b59c015f489732f92fc96c1cdf35502818078b440bcd3b16a07eaf5b8f9faccf4536d7b4b574aafe2918699bf
7e92711c1b8d7256843f2d52d7d91f1a3757ef84c466942e413558426660558a85a46348cb72721a06f2d0a809b9494b
e8950ff1295aaddc1dcb762d876964e0ebf8bf1e5a58acee1ba2ce4afdeed5f34280a99a46452aa23bd82bad36238c0e
7537d92a11

根据题目提示:私钥部分少了前三个数据和最后一个数据
也就是说私钥的数据只剩下p,q,dp,dq。
第一个028181:表示INTEGER,长度为129 bytes,其内容为:p
第二个028181:表示INTEGER,长度为129 bytes,其内容为:q
第一个028180:表示INTEGER,长度为128 bytes,其内容为:dp
第二个028180:表示INTEGER,长度为128 bytes,其内容为:dq
获取到的数据如下:

p = 0x00f7cf75bac2ce12bdf9e78350b0e8ca7233f576e61888511d09624260dc5b1f4380b698811309fdfc7554a8caa0e6c9e94e193377e111ff87eb40e6dfea5d9c2c771fb15724f578be477b60d174eea365bf8d227e1a99b10001621e04480b5d367860a54bc3e5a5ba8161685c8b20b3d61036a57ee737e60c85ec110853c84ae5
q = 0x00d2245a19df4a7dcac5a29d47f9bc7a699c7c51d7827bc05b3e8178357034fae3f710365723e3f0e926600be76c807b16e65a2e55b620f7a3bfaa8cd1fe5fc97a679fae20e4a8ba3e159e7cfacf9c5f98ee03951ec348d3b9c1ae8496dff3199b743ae966189a9a35fb4b10ad93a78104eb77ee330c35e5a04ecae34184c3532d
dp = 0x1c0f7cd84a08c5ac8768c4c0d55776dd19af18e8932c946ac24e430feec3ceb57914b40e2196c710d8445edc9afda72d68ef8799727df43e72d025948358583fdcb954fe762be9a13a3ce948ae81fb34a14d1cf3c49554aa987d80c2a159d01343ec45ab5fa25872d705ada895047df8a65b59c015f489732f92fc96c1cdf355
dq = 0x78b440bcd3b16a07eaf5b8f9faccf4536d7b4b574aafe2918699bf7e92711c1b8d7256843f2d52d7d91f1a3757ef84c466942e413558426660558a85a46348cb72721a06f2d0a809b9494be8950ff1295aaddc1dcb762d876964e0ebf8bf1e5a58acee1ba2ce4afdeed5f34280a99a46452aa23bd82bad36238c0e7537d92a11

由前一半flag可知,后一半flag为20字节,显然flag长度远比p短。
那么我们就可以直接利用dp和p进行解密获得m。

import gmpy2
from Crypto.Util.number import  *
import base64

#find flag1
common_key = '''MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGjK21FO8/FjPZM+gGJ3
TvykTBocH9CReiBWuzkZwZmVt6wTJzerWS+DPRFJo7IviUxR0VOncEwxNgBzy5Ii
DXDvR6gwSXRjCvKD8fHBg3I96Lj2yV29t0J0mVyCoWqVAnxv09cUBIa25K5vmUIU
Pd1pA1m2xDLCQ54knHUjwK/fayGMrHHrT+bhSSFSIIguqKUOQ5ucgwWApTTF8CF7
yXITpq3kkYoZtSS4XewWr90xE+4v6vXNJ6vWJnxjaztEJ5meThH0DTgGTyq2/R59
jlCQ7suLqjH0S8HtSGQ4bM7sJkL+3WWDoyCgqKNvMpJmx9cQ5Gq8qgQ5ZZnqEI+0
MQIDAjKf'''
#common_key = common_key.split("\n")
#for i in common_key:
#    print(base64.b64decode(i).hex())

c1 = 22174029170472408206925317076073043420894146164245984513340870318355661512525991461242672876579919328182461896419967224664448944167711125659536698909328115475500945822640519133190059966264237324981949930399526364419738220809569927722192868778639813090738131657587264840367644694061115160773023580543920084929748399148178702225712911176256956224775128704303027831752557351932432075076157070898061567672702897151144619971875201217685327600270527780313430553318062411578705980314887424183403168239225614870874838731789712153752400767845145106178451674432872533188785420237737349888569724838577725179304747976155836528847
n1 = 0xcc68cadb514ef3f1633d933e8062774efca44c1a1c1fd0917a2056bb3919c19995b7ac132737ab592f833d1149a3b22f894c51d153a7704c31360073cb92220d70ef47a8304974630af283f1f1c183723de8b8f6c95dbdb74274995c82a16a95027c6fd3d7140486b6e4ae6f9942143ddd690359b6c432c2439e249c7523c0afdf6b218cac71eb4fe6e149215220882ea8a50e439b9c830580a534c5f0217bc97213a6ade4918a19b524b85dec16afdd3113ee2feaf5cd27abd6267c636b3b4427999e4e11f40d38064f2ab6fd1e7d8e5090eecb8baa31f44bc1ed4864386cceec2642fedd6583a320a0a8a36f329266c7d710e46abcaa04396599ea108fb431
e1 = 0x2329f
q1_near = gmpy2.iroot(n1,2)[0]
while n1%q1_near!=0:
    q1_near = gmpy2.next_prime(q1_near)
q1 = q1_near
p1 = n1//q1
phi1 = (p1 - 1) * (q1 - 1)
d1 = gmpy2.invert(e1,phi1)
m1 = pow(c1,d1,n1)
flag1 = long_to_bytes(m1)


#find flag2
private_key = '''MIIEogIBAAKBgQD3z3W6ws4Svfnng1Cw6MpyM/V25hiIUR0JYkJg3FsfQ4C2mIET
Cf38dVSoyqDmyelOGTN34RH/h+tA5t/qXZwsdx+xVyT1eL5He2DRdO6jZb+NIn4a
mbEAAWIeBEgLXTZ4YKVLw+WluoFhaFyLILPWEDalfuc35gyF7BEIU8hK5QKBgQDS
JFoZ30p9ysWinUf5vHppnHxR14J7wFs+gXg1cDT64/cQNlcj4/DpJmAL52yAexbm
Wi5VtiD3o7+qjNH+X8l6Z5+uIOSouj4Vnnz6z5xfmO4DlR7DSNO5wa6Elt/zGZt0
OulmGJqaNftLEK2Tp4EE63fuMww15aBOyuNBhMNTLQKBgBwPfNhKCMWsh2jEwNVX
dt0ZrxjokyyUasJOQw/uw861eRS0DiGWxxDYRF7cmv2nLWjvh5lyffQ+ctAllINY
WD/cuVT+divpoTo86Uiugfs0oU0c88SVVKqYfYDCoVnQE0PsRatfolhy1wWtqJUE
ffimW1nAFfSJcy+S/JbBzfNVAoGAeLRAvNOxagfq9bj5+sz0U217S1dKr+KRhpm/
fpJxHBuNclaEPy1S19kfGjdX74TEZpQuQTVYQmZgVYqFpGNIy3JyGgby0KgJuUlL
6JUP8Slardwdy3Yth2lk4Ov4vx5aWKzuG6LOSv3u1fNCgKmaRkUqojvYK602I4wO
dTfZKhE='''
#private_key = private_key.split("\n")
#for i in private_key:
#    print(base64.b64decode(i).hex())
c2 = 10006956750702744303137845836730927141799706624172551459783330437667128195604549377600905839723612359687545817501794804478132211323657104751029372453359464026864968972464883675500595304223093507632350492084010491130081665728182685954048949109653693249111253069794108059350353213391544115840233839828208072185801721609295479840358583549661814221304084750980072823512963591716048308048539407543323924798329369799578602466336065436323363597239602321921514918868038140356589054841516163876544415605778360640782130481614039149302608722444909890759048138800702326642667527192623969418036087996474429011639448153049587797462
p = 0x00f7cf75bac2ce12bdf9e78350b0e8ca7233f576e61888511d09624260dc5b1f4380b698811309fdfc7554a8caa0e6c9e94e193377e111ff87eb40e6dfea5d9c2c771fb15724f578be477b60d174eea365bf8d227e1a99b10001621e04480b5d367860a54bc3e5a5ba8161685c8b20b3d61036a57ee737e60c85ec110853c84ae5
dp = 0x1c0f7cd84a08c5ac8768c4c0d55776dd19af18e8932c946ac24e430feec3ceb57914b40e2196c710d8445edc9afda72d68ef8799727df43e72d025948358583fdcb954fe762be9a13a3ce948ae81fb34a14d1cf3c49554aa987d80c2a159d01343ec45ab5fa25872d705ada895047df8a65b59c015f489732f92fc96c1cdf355
m2 = pow(c2,dp,p)
flag2 = long_to_bytes(m2)
print(flag1+flag2)

flag:

DASCTF{c67a14c8aff505b6bfe85fb167d1a096}

【当个好人能理直气壮,可如果知道当好人要付出这么大的代价,还有几个人敢当好人?】

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/840944.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

APP外包开发的开发语言对比

在开发iOS APP时有两种语言可以选择&#xff0c;Swift&#xff08;Swift Programming Language&#xff09;和 Objective-C&#xff08;Objective-C Programming Language&#xff09;&#xff0c;它们是两种不同的编程语言&#xff0c;都被用于iOS和macOS等苹果平台的软件开发…

Kafka入门,保姆级教学

文章目录 Kafka概念消息中间件对比消息中间件对比-选择建议Kafka常用名词介绍Kafka入门1. Kafka安装配置2.Kafka生产者与消费者关系3.Kafka依赖4.生产者发消息5.消费者接受消息6.Kafka高可用性设计6.1集群Kafka备份机制(Reolication) 7.kafka生产者详解7.1 发送类型7.2参数详解…

五分钟帮您理解Linux网络核心知识点——socket和epoll

关于linux网络相关的基础知识点&#xff0c;最热的两个就是socket和epoll&#xff0c;接下来我就用最简单的方式把他俩说清楚便于大家理解&#xff01; Socket Socket 是一种进程间通信的方法&#xff0c;它允许位于同一主机&#xff08;计算机&#xff09;或使用网络连接起来…

【链表OJ 3】链表的中间结点

前言: 本文收录于http://t.csdn.cn/n6UEP数据结构刷题的博客中,首先欢迎大家的来访&#xff0c;其次如有错误&#xff0c;非常欢迎大家的指正&#xff01;我会及时更正错误&#xff01; 目录 一.链表的中间结点 1.1原理:快慢指针的使用 链表元素个数为奇数时 链表元素个数…

只会用插件可不行,这些前端动画技术同样值得收藏-JavaScript篇(下)

目录 前言 介绍 基本使用 关键帧 KeyframeEffect的三种类的声明 keyframes options 动画对象 全局Animation类 标签中的animate函数 总结 相关代码&#xff1a; 前言 接着上文往下介绍&#xff0c;上篇文章我们对JS原生动画和贝塞尔曲线有了一个详细的认识&#x…

了解IL汇编异常处理语法

从网上拷过来一个IL汇编程序&#xff0c;编译时先报如下错&#xff0c; 看它是把空格识别为了下注红线的字符&#xff0c;这是字符编码的问题&#xff0c;用记事本替换功能替换了&#xff1b; 然后又报如下的错&#xff0c; 看不出来问题&#xff0c;拷一句正确的来&#xff0…

Netty面试题3

讲一讲你在网络通讯中遇到的坑或者比较棘手的问题 1、网络延迟问题 2、网络拥塞问题 某公司的Java项目需要向远程服务器发送大量的HTTP请求并获取响应&#xff0c;由于请求量较大&#xff0c;导致网络拥塞&#xff0c;请求响应延迟较高。针对这个问题&#xff0c;我们可以采取…

「2024」预备研究生mem-等差等比数列片段和 一般数列

一、等差数列 片段和 二、等比数列 片段和 三、一般数列

数据结构 | 树的定义及实现

目录 一、树的术语及定义 二、树的实现 2.1 列表之列表 2.2 节点与引用 一、树的术语及定义 节点&#xff1a; 节点是树的基础部分。它可以有自己的名字&#xff0c;我们称作“键”。节点也可以带有附加信息&#xff0c;我们称作“有效载荷”。有效载荷信息对于很多树算法…

AcWing 379. 捉迷藏(最小路径点覆盖匈牙利算法)

输入样例&#xff1a; 7 5 1 2 3 2 2 4 4 5 4 6输出样例&#xff1a; 3 #include<bits/stdc.h> using namespace std; typedef long long ll; const int N220; int n,m,t; int d[N][N],vis[N]; int match[N]; bool find(int x){for(int i1;i<n;i){if(d[x][i]&&…

Mac unsupported architecture

&#xff08;瓜是长大在营养肥料里的最甜&#xff0c;天才是长在恶性土壤中的最好。——培根&#xff09; unsupported architecture 在mac的m系列芯片中容易出现此类问题&#xff0c;因为m系列是arm64的芯片架构&#xff0c;而有些nodejs版本或npm包的芯片架构是x86的&#x…

Visual Studio配置PCL库

Visual Studio配置PCL库 Debug和Release配置新建项目配置属性表测试参考 Debug和Release Debug和Release的配置过程一模一样&#xff0c;唯一区别就在于最后一步插入的附加依赖项不同&#xff0c;因此下面以debug为例。 配置新建项目 1、新建一个C空项目&#xff0c;模式设置…

Linux ——实操篇

Linux ——实操篇 前言vi 和 vim 的基本介绍vi和vim常用的三种模式正常模式插入模式命令行模式 vi和vim基本使用各种模式的相互切换vi和vim快捷键关机&重启命令基本介绍注意细节 用户登录和注销基本介绍使用细节 用户管理基本介绍添加用户基本语法应用案例细节说明 指定/修…

ROS实现机器人移动

开源项目 使用是github上六合机器人工坊的项目。 https://github.com/6-robot/wpr_simulation.git 机器人运动模型 运动模型如下所示&#xff1a;&#x1f447; 机器人运动的消息包&#xff1a; 实现思路&#xff1a;&#x1f447;   为什么要使用/cmd_vel话题。因为这…

Spring Cloud +UniApp 智慧工地云平台源码,智能监控和AI分析系统,危大工程管理、视频监控管理、项目人员管理、绿色施工管理

一套智慧工地云平台源码&#xff0c;PC管理端APP端平板端可视化数据大屏端源码 智慧工地可视化系统利用物联网、人工智能、云计算、大数据、移动互联网等新一代信息技术&#xff0c;通过工地中台、三维建模服务、视频AI分析服务等技术支撑&#xff0c;实现智慧工地高精度动态仿…

项目实战 — 消息队列(4){消息持久化}

目录 一、消息存储格式设计 &#x1f345; 1、queue_data.txt&#xff1a;保存消息的内容 &#x1f345; 2、queue_stat.txt&#xff1a;保存消息的统计信息 二、消息序列化 三、自定义异常类 四、创建MessageFileManger类 &#x1f345; 1、约定消息文件所在的目录和文件名…

重锤式表面电阻测试仪的原理和特点

重锤式表面电阻测试仪是一种用于测量材料表面电阻的仪器。它采用了重锤敲击和测量电流的方式进行测试。 工作原理&#xff1a; 重锤式表面电阻测试仪通过将一个金属锤头敲击在待测物体表面&#xff0c;产生一个封闭电路。测量仪器通过检测在敲击区域上下电极之间距离的电流流…

C语言代码的x86-64汇编指令分析过程记录

先通过Xcode创建一个terminal APP&#xff0c;语言选择C。代码如下&#xff1a; #include <stdio.h>int main(int argc, const char * argv[]) {int a[7]{1,2,3,4,5,6,7};int *ptr (int*)(&a1);printf("%d\n",*(ptr));return 0; } 在return 0处打上断点&…

相机传感器格式与镜头光圈参数

相机靶面大小 CCD/CMOS图像传感器尺寸&#xff08;sensor format&#xff09;1/2’‘、1/3’‘、1/4’实际是多大 1英寸——靶面尺寸为宽12.7mm*高9.6mm&#xff0c;对角线16mm。 2/3英寸——靶面尺寸为宽8.8mm*高6.6mm&#xff0c;对角线11mm。 1/2英寸——靶面尺寸为宽6.…

第4章 变量、作用域与内存

引言 由于js是一门只有在声明变量后才能明确类型的语言&#xff0c;并且在任意时刻都可以改变数据类型。这也引起了一些问题 原始值与引用值 原始值就是基本数据类型&#xff0c;引言值就是复杂数据类型 变量在赋值的时候。js会判断如果是原始值&#xff0c;访问时就是按值访问…