buu 水题记录(二)
时间:2022-08-07 18:30:00
buuctf crypto
-
- Before
- Crypto
-
- 还原大师
- 传感器
- Cipher
- rot
- Unencode
- 密码学的心声
- 这是什么
- 一张谍报
- RSA
- RSA2
- RSA3
- rsa 2
- RSA5
- RSAROLL
- Dangerous RSA
- SameMod
- [AFCTF2018]Morse
- [NCTF2019]Keyboard
- [GXYCTF2019]CheckIn
- [HDCTF2019]basic_rsa
- [HDCTF2019]bbbbbbrsa
Before
这也是水题的记录~
还是crypto哦~
最近做了很多rsa的题
准备好整理~
然后最近的比赛太多了,考试月又快到了,甘!
Crypto
还原大师
TASC?O3RJMV?WDJKX?ZM
E903???4DAB???5180A?
import hashlib s='TASC?O3RJMV?WDJKX?ZM' for i in range(26): temp1=s.replace('?',chr(65 i),1) for j in range(26): temp2=temp1.replace('?',chr(65 j),1) for k in range(26): temp3=temp2.replace('?',chr(65 k),1) res=hashlib.md5(temp3.encode('utf8')).hexdigest().upper() if res[:4]=='E903':
print(res)
flag{E9032994DABAC08080091151380478A2}
传感器
思路:有提示1:曼联
谷歌搜一下,曼联全称为曼彻斯特联足球俱乐部,然后密码里有一个曼彻斯特编码,nice,解就完事了
曼彻斯特
差分曼彻斯特
flag{FFFFFED31F645055F9}
Cipher
Dncnoqqfliqrpgeklwmppu
思路:公平的玩吧,就是指playfair密码
解码
Itisnotaproblemhavefun
感觉自己好傻逼啊,这题最开始没仔细弄,然后解密时搞成了加密,我tm说这怎么不是个句子,还去问了师傅,淦
rot
思路:ROT ,左移或者右移几位
import hashlib
a="83 89 78 84 45 86 96 45 115 121 110 116 136 132 132 132 108 128 117 118 134 110 123 111 110 127 108 112 124 122 108 118 128 108 131 114 127 134 108 116 124 124 113 108 76 76 76 76 138 23 90 81 66 71 64 69 114 65 112 64 66 63 69 61 70 114 62 66 61 62 69 67 70 63 61 110 110 112 64 68 62 70 61 112 111 112"
b=a.split(" ")
flag=""
for j in range(0,26):
flag=""
for i in range(len(b)):
flag+=chr(int(b[i])-j)
print(flag)
跑完发现他flag出来个????
不过我们注意到他下面有一个md5,我们可以通过md5还原最后四位
import hashlib
m='38e4c352809e150186920aac37190cbc'
flag='flag{www_shiyanbar_com_is_very_good_????}'
for i in range(21,127):
temp1=flag.replace('?',chr(i),1)
for j in range(21,127):
temp2=temp1.replace('?',chr(j),1)
for k in range(21,127):
temp3=temp2.replace('?',chr(k),1)
for l in range(21,127):
temp4=temp3.replace('?',chr(l),1)
#print(temp4)
res=hashlib.md5(temp4.encode('utf8')).hexdigest()
#print(res)
if(res==m):
print(temp4)
break
flag{www_shiyanbar_com_is_very_good_@8Mu}
Unencode
思路:其实这是我在做rot那题的时候发现的一个blog里面有涉及到xxencode&&uuencode解码,我觉得很像就解了。
解码
flag{dsdasdsa99877LLLKK}
密码学的心声
思路:埃塞克码(ascll码),八进制
111 114 157 166 145 123 145 143 165 162 151 164 171 126 145 162 171 115 165 143 150
flag{ILoveSecurityVeryMuch}
这是什么
思路:winhex打开,后面一串奇奇怪怪的[+!+[]]……(JSfuck编码)改成txt
JSfuck
flag{a0448fd730b62c13ca80200c4529daa2}
一张谍报
思路:前两段就是密文和明文,最后一段要根据前两段之间的关系解出明文
flag{南天菩萨放鹰捉猴头}
RSA
-----BEGIN PUBLIC KEY-----
MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMAzLFxkrkcYL2wch21CM2kQVFpY9+7+
/AvKr1rzQczdAgMBAAE=
-----END PUBLIC KEY-----
公钥解析
n=86934482296048119190666062003494800588905656017203025617216654058378322103517
e=65537
factor分解n,得到p,q
RSA tools可以拿到d,python也行
python用这个
d=gmpy2.invert(e,(p-1)*(q-1))
d=81176168860169991027846870170527607562179635470395365333547868786951080991441
import gmpy2
import rsa
e=65537
n=86934482296048119190666062003494800588905656017203025617216654058378322103517
q=304008741604601924494328155975272418463
p=285960468890451637935629440372639283459
d=81176168860169991027846870170527607562179635470395365333547868786951080991441
key=rsa.PrivateKey(n,e,d,p,q)
f=open("flag.enc","rb+")
fr=f.read()
print(rsa.decrypt(fr,key))
flag{decrypt_256}
RSA2
思路:n e dp c dp泄露安全
import gmpy2
import rsa
e = 65537
n = 248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113
dp = 905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657
c = 140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751
for i in range(1,e):
if (dp*e-1)%i==0:
if n%((dp*e-1)//i+1)==0:
p=((dp*e-1)//i)+1
q=n//p
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
def n2s(num):
t = hex(num)[2:]
if len(t) % 2 == 1:
t = '0' + t
return ''.join([chr(int(b, 16)) for b in [t[i:i + 2] for i in range(0, len(t), 2)]])
print(n2s(m))
flag{wow_leaing_dp_breaks_rsa?_98924743502}
RSA3
思路:rsa共模攻击
import gmpy2
import rsa
def agcd(a,b):
if a==0:
return(b,0,1)
else:
g,y,x=agcd(b%a,a)
return (g,x-(b//a)*y,y)
def n2s(num):
t = hex(num)[2:]
if len(t) % 2 == 1:
t = '0' + t
return ''.join([chr(int(b, 16)) for b in [t[i:i + 2] for i in range(0, len(t), 2)]])
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291
d=agcd(e1,e2)
d1=d[1]
d2=d[2]
if d1<0:
d1=-d1
c1=gmpy2.invert(c1,n)
elif d2<0:
d2=-d2
c2=gmpy2.invert(c2,n)
m=pow(c1,d1,n)*pow(c2,d2,n)%n
print (n2s(m))
flag{49d91077a1abcb14f1a9d546c80be9ef}
rsa 2
思路:明确求d
github上有公开轮子
import RSAwienerHacker
import hashlib
N = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085
d=RSAwienerHacker.hack_RSA(e,N)
print(d)
flag = "flag{" + hashlib.md5(hex(d)).hexdigest() + "}"
print(flag)
Hacked!
8920758995414587152829426558580025657357328745839747693739591820283538307445
flag{47bf28da384590448e0b0d23909a25a4}
RSA5
思路:给了多组n、c和一组e,共用一个m
有点低加密指数广播攻击那味儿了
原理
from gmpy2 import *
n=[n0,n1,n2,n3,n4,n5,n6,n7,n8,n9,n10,n11,n12,n13,n14,n15,n16,n17,n18,n19]
c=[c0,c1,c2,c3,c4,c5,c6,c7,c8,c9,c10,c11,c12,c13,c14,c15,c16,c17,c18,c19]
for i in range(len(n)):
for j in range(len(n)):
if(i!=j):
if(gcd(n[i],n[j])!=1):
print(i,j)
print("p=",gcd(n[i],n[j]))
from gmpy2 import*
n4 = 22822039733049388110936778173014765663663303811791283234361230649775805923902173438553927805407463106104699773994158375704033093471761387799852168337898526980521753614307899669015931387819927421875316304591521901592823814417756447695701045846773508629371397013053684553042185725059996791532391626429712416994990889693732805181947970071429309599614973772736556299404246424791660679253884940021728846906344198854779191951739719342908761330661910477119933428550774242910420952496929605686154799487839923424336353747442153571678064520763149793294360787821751703543288696726923909670396821551053048035619499706391118145067
c4 = 15406498580761780108625891878008526815145372096234083936681442225155097299264808624358826686906535594853622687379268969468433072388149786607395396424104318820879443743112358706546753935215756078345959375299650718555759698887852318017597503074317356745122514481807843745626429797861463012940172797612589031686718185390345389295851075279278516147076602270178540690147808314172798987497259330037810328523464851895621851859027823681655934104713689539848047163088666896473665500158179046196538210778897730209572708430067658411755959866033531700460551556380993982706171848970460224304996455600503982223448904878212849412357
p = mpz(132585806383798600305426957307612567604223562626764190211333136246643723811046149337852966828729052476725552361132437370521548707664977123165279305052971868012755509160408641100548744046621516877981864180076497524093201404558036301820216274968638825245150755772559259575544101918590311068466601618472464832499)
q = n4//p
phi = (p-1)*(q-1)
e = 65537
d = invert(e,phi)
m = pow(c4,d,n4)
def n2s(num):
t = hex(num)[2:]
if len(t) % 2 == 1:
t = '0' + t
return ''.join([chr(int(b, 16)) for b in [t[i:i + 2] for i in range(0, len(t), 2)]])
print(n2s(m))
flag{abdcbe5fd94e23b3de429223ab9c2fdf}
RSAROLL
思路:把数据进行解密(n、e、c)
n分解:18443*49891
import gmpy2
n=920139713
e=19
p=18443
q=49891
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
s=[]
with open("data.txt","r") as f:
for i in f.readlines():
i=i.strip('\n')
s.append(chr(pow(int(i),d,n)))
print(s)
flag{13212je2ue28fy71w8u87y31r78eu1e2}
Dangerous RSA
思路:e=3
很容易联想到低加密指数攻击(e非常小(通常为3))
思路:直接爆破或者低指数广播攻击
import gmpy2
import libnum
n=0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793
c=0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
i=0
def n2s(num):
t = hex(num)[2:]
if len(t) % 2 == 1:
t = '0' + t
return ''.join([chr(int(b, 16)) for b in [t[i:i + 2] for i in range(0, len(t), 2)]])
while 1:
res=gmpy2.iroot(c+i*n,3)
if(res[1]==True):
print(n2s(res[0]))
break
i=i+1
flag{25df8caf006ee5db94d48144c33b2c3b}
SameMod
思路:共膜攻击
import gmpy2
import rsa
def agcd(a,b):
if a==0:
return(b,0,1)
else:
g,y,x=agcd(b%a,a)
return (g,x-(b//a)*y,y)
def n2s(num):
t = hex(num)[2:]
if len(t) % 2 == 1:
t = '0' + t
return ''.join([chr(int(b, 16)) for b in [t[i:i + 2] for i in range(0, len(t), 2)]])
c1=3453520592723443935451151545245025864232388871721682326408915024349804062041976702364728660682912396903968193981131553111537349
n=6266565720726907265997241358331585417095726146341989755538017122981360742813498401533594757088796536341941659691259323065631249
e1=773
c2=5672818026816293344070119332536629619457163570036305296869053532293105379690793386019065754465292867769521736414170803238309535
e2=839
d=agcd(e1,e2)
d1=d[1]
d2=d[2]
if d1<0:
d1=-d1
c1=gmpy2.invert(c1,n)
elif d2<0:
d2=-d2
c2=gmpy2.invert(c2,n)
m=pow(c1,d1,n)*pow(c2,d2,n)%n
print (m)
#m=1021089710312311910410111011910111610410511010710511610511511211111511510598108101125
感觉m是ascii 拼接起来的
flag=""
i=0
while i < len(m):
if m[i]=='1':
c=chr(int(m[i:i+3]))
i+=3
else:
c=chr(int(m[i:i+2]))
i+=2
flag+=c
print(flag)
flag{whenwethinkitispossible}
[AFCTF2018]Morse
思路:摩斯密码
61666374667B317327745F73305F333435797D
错了,继续,试一下16进制转字符
afctf{1s’t_s0_345y}
flag{1s’t_s0_345y}
[NCTF2019]Keyboard
思路:全部都是键盘上第一行字母,但他应该是要对应其他字母的(就是三个o代表一个字母这类的)然后我就想到了九键,因为所用的字母又刚好是九个,重复的字母也不超过四个,然后根据他在26键上的顺序(q为0开始)推测出 ooo 999 即9键的第9格第三个字母
youaresosmartthatthisisjustapieceofcake
flag{youaresosmartthatthisisjustapieceofcake}
[GXYCTF2019]CheckIn
思路:base64
v)L_F0}@H0F49023@FE0#@EN
无了,不知道了
谷歌找wp了,哦可能是ROT47加密
GXY{Y0u_kNow_much_about_Rot}
[HDCTF2019]basic_rsa
import gmpy2 from Crypto.Util.number import * from binascii import a2b_hex,b2a_hex flag = "*****************" p = 262248800182277040650192055439906580479 q = 262854994239322828547925595487519915551 e = 65533 n = p*q c = 元器件数据手册、IC替代型号,打造电子元器件IC百科大全!
