HGAME 2024 WEEK2 Crypto Misc
CRYPTOmidRSA
题目描述:兔兔梦到自己变成了帕鲁被crumbling抓去打黑工,醒来后连夜偷走了部分flagfrom Crypto.Util.number import *
from secret import flag
def padding(flag):
return flag+b'\xff'*(64-len(flag))
flag=padding(flag)
m=bytes_to_long(flag)
p=getPrime(512)
q=getPrime(512)
e=3
n=p*q
c=pow(m,e,n)
m0=m>>208
print(f'n={n}')
print(f'c={c}')
print(f'm0={m0}')
"""
n=120838778421252867808799302603972821425274682456261749029016472234934876266617266346399909705742862458970575637664059189613618956880430078774892479256301209695323302787221508556481196281420676074116272495278097275927604857336484564777404497914572606299810384987412594844071935546690819906920254004045391585427
c=118961547254465282603128910126369011072248057317653811110746611348016137361383017921465395766977129601435508590006599755740818071303929227578504412967513468921191689357367045286190040251695094706564443721393216185563727951256414649625597950957960429709583109707961019498084511008637686004730015209939219983527
m0=13292147408567087351580732082961640130543313742210409432471625281702327748963274496942276607
"""我的解答:
考点:m高位泄露exp:from Crypto.Util.number import long_to_bytes
e= 3
n=120838778421252867808799302603972821425274682456261749029016472234934876266617266346399909705742862458970575637664059189613618956880430078774892479256301209695323302787221508556481196281420676074116272495278097275927604857336484564777404497914572606299810384987412594844071935546690819906920254004045391585427
c=118961547254465282603128910126369011072248057317653811110746611348016137361383017921465395766977129601435508590006599755740818071303929227578504412967513468921191689357367045286190040251695094706564443721393216185563727951256414649625597950957960429709583109707961019498084511008637686004730015209939219983527
m_high=13292147408567087351580732082961640130543313742210409432471625281702327748963274496942276607
m_high <<= 208
R.<x> = PolynomialRing(Zmod(n))
m = m_high + x
f = m^e - c
x = f.small_roots(X = 2^208,beta = 0.4)
if x:
m = m_high + x
print(long_to_bytes(int(m)))
#hgame{0ther_cas3s_0f_c0ppr3smith}我的解答:背包密码签到题,直接梭。参考:戳我!!!exp:from Crypto.Util.number import *
import random
from secret import flag
a=
p=random.getrandbits(32)
assert len(bin(p))==32
bag=0
for i in a:
temp=p%2
bag+=temp*i
p=p>>1
enc=bytes_to_long(flag)^p
print(f'enc={enc}')
print(f'a={a}')
print(f'bag={bag}')
"""
enc=871114172567853490297478570113449366988793760172844644007566824913350088148162949968812541218339
a=
bag=45893025064
""" babyRSA
题目描述:emmm,找到e就好了,吧?
#sage
import libnum
enc = 871114172567853490297478570113449366988793760172844644007566824913350088148162949968812541218339
M =
S = 45893025064
n = len(M)
Ge = Matrix.identity(n)
last_row =
Ge_last_row = Matrix(ZZ, 1, len(last_row), last_row)
last_col = M[:]
last_col.append(S)
Ge_last_col = Matrix(ZZ, len(last_col), 1, last_col)
Ge = Ge.stack(Ge_last_row)
Ge = Ge.augment(Ge_last_col)
X = Ge.LLL()[-1]
X = X[:-1]
p = ""
for i in X:
if abs(i) == 1:
p += "1"
if abs(i) == 0:
p += "0"
print(p)
m = int(p,2) ^^ enc
print(m)
flag = bytes.fromhex(hex(int(m)))
print(flag)
# hgame{M@ster_0f ba3kpack_m4nag3ment!}我的解答:我们有:gift = (e+114514+pk)65537 (mod p)化简得:gift = (e+114514)65537 (mod p)解RSA可得到e,也就照应了题目所说。。另外,我们还发现e和phi不互素,可以使用nth_root(用法参考:HWS-random)处理exp:from Crypto.Util.number import *
from secret import flag,e
m=bytes_to_long(flag)
p=getPrime(64)
q=getPrime(256)
n=p**4*q
k=getPrime(16)
gift=pow(e+114514+p**k,0x10001,p)
c=pow(m,e,n)
print(f'p={p}')
print(f'q={q}')
print(f'c={c}')
print(f'gift={gift}')
"""
p=14213355454944773291
q=61843562051620700386348551175371930486064978441159200765618339743764001033297
c=105002138722466946495936638656038214000043475751639025085255113965088749272461906892586616250264922348192496597986452786281151156436229574065193965422841
gift=9751789326354522940
"""midRSA revenge
题目描述:兔兔梦到自己变成了帕鲁被crumbling抓去打黑工,醒来后连夜偷走了部分flag
from Crypto.Util.number import *
import gmpy2
p=14213355454944773291
q=61843562051620700386348551175371930486064978441159200765618339743764001033297
c=105002138722466946495936638656038214000043475751639025085255113965088749272461906892586616250264922348192496597986452786281151156436229574065193965422841
gift=9751789326354522940
n = p**4*q
d = gmpy2.invert(65537,p-1)
mm = pow(gift,d,p)
e = mm - 114514
print(e)
#73561
phi = p**3*(p-1)*(q-1)
#print(gmpy2.gcd(e,phi))
#73561
res = Zmod(n)(c).nth_root(e, all=True)
for m in res:
flag = long_to_bytes(int(m))
if b"hgame" in flag:
print(flag)
break
#hgame{Ad1eman_Mand3r_Mi11er_M3th0d} 我的解答:
直接用上一题的脚本就行。
exp:
from Crypto.Util.number import *
from secret import flag
m=bytes_to_long(flag)
p=getPrime(1024)
q=getPrime(1024)
e=5
n=p*q
c=pow(m,e,n)
m0=m>>128
print(f'n={n}')
print(f'c={c}')
print(f'm0={m0}')
"""
n=27814334728135671995890378154778822687713875269624843122353458059697288888640572922486287556431241786461159513236128914176680497775619694684903498070577307810263677280294114135929708745988406963307279767028969515305895207028282193547356414827419008393701158467818535109517213088920890236300281646288761697842280633285355376389468360033584102258243058885174812018295460196515483819254913183079496947309574392848378504246991546781252139861876509894476420525317251695953355755164789878602945615879965709871975770823484418665634050103852564819575756950047691205355599004786541600213204423145854859214897431430282333052121
c=456221314115867088638207203034494636244706611111621723577848729096069230067958132663018625661447131501758684502639383208332844681939698124459188571813527149772292464139530736717619741704945926075632064072125361516435631121845753186559297993355270779818057702973783391589851159114029310296551701456748698914231344835187917559305440269560613326893204748127999254902102919605370363889581136724164096879573173870280806620454087466970358998654736755257023225078147018537101
m0=9999900281003357773420310681169330823266532533803905637
"""我的解答:
参考:lazzzaro神yyds
exp:
from Crypto.Util.number import long_to_bytes
n=27814334728135671995890378154778822687713875269624843122353458059697288888640572922486287556431241786461159513236128914176680497775619694684903498070577307810263677280294114135929708745988406963307279767028969515305895207028282193547356414827419008393701158467818535109517213088920890236300281646288761697842280633285355376389468360033584102258243058885174812018295460196515483819254913183079496947309574392848378504246991546781252139861876509894476420525317251695953355755164789878602945615879965709871975770823484418665634050103852564819575756950047691205355599004786541600213204423145854859214897431430282333052121
c=456221314115867088638207203034494636244706611111621723577848729096069230067958132663018625661447131501758684502639383208332844681939698124459188571813527149772292464139530736717619741704945926075632064072125361516435631121845753186559297993355270779818057702973783391589851159114029310296551701456748698914231344835187917559305440269560613326893204748127999254902102919605370363889581136724164096879573173870280806620454087466970358998654736755257023225078147018537101
m_high=9999900281003357773420310681169330823266532533803905637
m_high <<= 128
e = 5
R.<x> = PolynomialRing(Zmod(n))
m = m_high + x
f = m^e - c
f = f.monic()
x = f.small_roots(X = 2^128,beta = 0.4)
if x:
m = m_high + x
print(long_to_bytes(int(m)))
#hgame{c0ppr3smith_St3re0typed_m3ssag3s} 二进制解码 100001001000111000110010100010101011010000101111 无果,逆一下试试
from Crypto.Util.number import *
import random
import hashlib
a=
p=random.getrandbits(48)
assert len(bin(p))==48
flag='hgame{'+hashlib.sha256(str(p).encode()).hexdigest()+'}'
bag=0
for i in a:
temp=p%2
bag+=temp*i
p=p>>1
print(f'a={a}')
print(f'bag={bag}')
"""
a=
bag=1202548196826013899006527314947
""" 也无果,考虑到进制转换:
二进制数为:0b111101000010110101010001010011000111000100100001
转换为十进制为:268475474669857
转换为八进制为:0o7502652123070441
转换为十六进制为:0xf42d514c7121
from sage.all import *
a =
bag =1202548196826013899006527314947
print(bag)
print(len(a))
n = len(a)
# Sanity check for application of low density attack
d = n / log(max(a), 2)
print(CDF(d))
assert CDF(d) < 0.9408
M = Matrix.identity(n) * 2
last_row =
M_last_row = Matrix(ZZ, 1, len(last_row), last_row)
last_col = a
last_col.append(bag)
M_last_col = Matrix(ZZ, len(last_col), 1, last_col)
M = M.stack(M_last_row)
M = M.augment(M_last_col)
X = M.BKZ()
sol = []
for i in range(n + 1):
testrow = X.row(i).list()[:-1]
if set(testrow).issubset([-1, 1]):
for v in testrow:
if v == 1:
sol.append(0)
elif v == -1:
sol.append(1)
break
s = sol
print(s)
#输出结果
1202548196826013899006527314947
48
0.5004362519031288
MISC
ek1ng_want_girlfriend
An introducation to Wireshark and also ek1ng.提示1尝试用Wireshark从HTTP流量中提取文件https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208213701239-715291367.png我的解答:题目说的很明显,一个简单的http提取文件签到题Wireshark打开流量包搜索httphttps://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208213820456-1978194543.png然后导出对象即可(发现有一个图片)https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208213848982-1269246404.png得到图片https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208214020515-323840229.jpghgame{ek1ng_want_girlfriend_qq_761042182}ezWord
通过破译图片的水印来解开文档里的秘密吧!
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208214437622-1828263124.png
我的解答:
打开附件是一个文档,里面信息如上图
说文件的内部有你想要的flag?结合题目描述试试盲水印
单图盲水印居然不行。。好好好,那我就分离word文档看看有什么
分离之后可在文件夹word --> media里面发现如下信息
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208220346776-1285587535.png
恭喜.txt里面说:恭喜你找到了这些东西,现在你离flag只差解开这个新的压缩包,然后对压缩包里的东西进行两层解密就能获得flag了。压缩包的密码和我放在这的两张图片有关。
很明显双图盲水印得到压缩包密码
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240208220541921-1233280380.png
解压时发现压缩包有提示:
你好,很高兴你看到了这个压缩包。请注意:这个压缩包的密码有11位数而且包含大写字母小写字母和数字。还有一个要注意的是,里面的这一堆英文decode之后看上去是一堆中文乱码实际上这是正常现象,如果看到它们那么你就离成功只差一步了。
先不管这个提示我们先试试盲水印出来的密码能不能解压(尝试发现可以)
解压得到:
查看代码s = '100001001000111000110010100010101011010000101111'
print(s[::-1])
#111101000010110101010001010011000111000100100001使用工具:https://spammimic.com/decode.cgi 解码得到压缩包提示所说的中文乱码
籱籰籪籶籮粄簹籴籨粂籸籾籨籼簹籵籿籮籨籪籵簺籨籽籱簼籨籼籮籬类簼籽粆
最后rot8000解码
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214145149104-2118301362.png
龙之舞
题目
新年快要到了,来看看龙年的龙之舞吧(~ ̄▽ ̄)~请注意,拿到正确的二维码后解码就是flag 但是一开始未必正确
一个wav文件
我的解答:
查看wav文件名字知道应该是使用deepsound,打开文件后要求输入密码
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214174044854-680506898.png
频谱图发现密码 5H8w1nlWCX3hQLG
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214174350277-1743110619.png
分离出一个压缩包,解压是个gif,GIF分离可找到二维码部分内容如下:
054.png
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214175407733-490665587.png
120.png
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214175452280-1383041592.png
152.png
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214175516760-219594391.png
231.png
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240214175558650-525228783.png
把二维码拼接起来 https://merri.cx/qrazybox/ 扫描发现扫不出来。。
修改一下掩码到M4得到flag
https://img2024.cnblogs.com/blog/3167109/202402/3167109-20240215221241369-631539618.png
hgame{drag0n_1s_d4nc1ng}
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!
页:
[1]