UNCTF-Crypto wp

冬雨财经  金牌会员 | 2024-1-21 19:08:39 | 显示全部楼层 | 阅读模式
打印 上一主题 下一主题
楼主

主题 842|帖子 842|积分 2526

2020年

easy_rsa

题目
  1. from Crypto.Util import number
  2. import gmpy2
  3. from Crypto.Util.number import bytes_to_long
  5. p = number.getPrime(1024)
  6. q = number.getPrime(1024)
  7. if p > q:
  8.     a = p + q
  9.     b = p - q
  10.     print(a,b)
  12. n = p * q
  13. e = 65537
  14. phi = (p-1)*(q-1)
  15. d = gmpy2.invert(e,phi)
  16. m = bytes_to_long(b'msg')
  17. c = pow(m,e,n)
  18. print(c)
  20. #320398687477638913975700270017132483556404036982302018853617987417039612400517057680951629863477438570118640104253432645524830693378758322853028869260935243017328300431595830632269573784699659244044435107219440036761727692796855905230231825712343296737928172132556195116760954509270255049816362648350162111168
  21. #9554090001619033187321857749048244231377711861081522054479773151962371959336936136696051589639469653074758469644089407114039221055688732553830385923962675507737607608026140516898146670548916033772462331195442816239006651495200436855982426532874304542570230333184081122225359441162386921519665128773491795370
  22. #22886015855857570934458119207589468036427819233100165358753348672429768179802313173980683835839060302192974676103009829680448391991795003347995943925826913190907148491842575401236879172753322166199945839038316446615621136778270903537132526524507377773094660056144412196579940619996180527179824934152320202452981537526759225006396924528945160807152512753988038894126566572241510883486584129614281936540861801302684550521904620303946721322791533756703992307396221043157633995229923356308284045440648542300161500649145193884889980827640680145641832152753769606803521928095124230843021310132841509181297101645567863161780
复制代码
我的解答:
已知
a = p + q
b = p - q
故:a + b = 2p   由此可得出p 同理相减可得q
exp:
  1. import gmpy2
  2. from Crypto.Util.number import *
  4. a = 320398687477638913975700270017132483556404036982302018853617987417039612400517057680951629863477438570118640104253432645524830693378758322853028869260935243017328300431595830632269573784699659244044435107219440036761727692796855905230231825712343296737928172132556195116760954509270255049816362648350162111168
  5. b = 9554090001619033187321857749048244231377711861081522054479773151962371959336936136696051589639469653074758469644089407114039221055688732553830385923962675507737607608026140516898146670548916033772462331195442816239006651495200436855982426532874304542570230333184081122225359441162386921519665128773491795370
  6. c = 22886015855857570934458119207589468036427819233100165358753348672429768179802313173980683835839060302192974676103009829680448391991795003347995943925826913190907148491842575401236879172753322166199945839038316446615621136778270903537132526524507377773094660056144412196579940619996180527179824934152320202452981537526759225006396924528945160807152512753988038894126566572241510883486584129614281936540861801302684550521904620303946721322791533756703992307396221043157633995229923356308284045440648542300161500649145193884889980827640680145641832152753769606803521928095124230843021310132841509181297101645567863161780
  7. e = 65537
  8. p = (a+b)//2
  9. q = (a-b)//2
  10. n = p * q
  11. phi = (p-1) * (q-1)
  12. d = gmpy2.invert(e,phi)
  13. m = pow(c,d,n)
  14. print(long_to_bytes(m))
  15. #UNCTF{welcome_to_rsa}
复制代码
鞍山大法官开庭之缺的营养这一块怎么补

题目:
某日,鞍山大法官在点外卖时点了2个韭菜盒子,商家只送了1个,大法官给了该商家一个差评
次日,该大法官又在该商家点了1个韭菜盒子,希望商家能补上上次的韭菜盒子,而商家又只发了一个韭菜盒子
这名大法官一天正常要吃2个韭菜盒子,而该商家每天只给他1个韭菜盒子,请问该名大法官缺的营养这一块怎么补
ottttootoootooooottoootooottotootttootooottotttooootttototoottooootoooottotoottottooooooooottotootto
flag格式:unctf{}
我的解答:
考点:培根密码
分别把o和t替换为A和B,培根解密
ABBBBAABAAABAAAAABBAAABAAABBABAABBBAABAAABBABBBAAAABBBABABAABBAAAABAAAABBABAABBABBAAAAAAAAABBABAABBA
unctf{PEIGENHENYOUYINGYANG}
简单的RSA

题目
你们都不会百度的吗
  1. e= 18437613570247445737704630776150775735509244525633303532921813122997549954741828855898842356900537746647414676272022397989161180996467240795661928117273837666615415153571959258847829528131519423486261757569454011940318849589730152031528323576997801788206457548531802663834418381061551227544937412734776581781
  2. n= 147282573611984580384965727976839351356009465616053475428039851794553880833177877211323318130843267847303264730088424552657129314295117614222630326581943132950689147833674506592824134135054877394753008169629583742916853056999371985307138775298080986801742942833212727949277517691311315098722536282119888605701
  3. c= 140896698267670480175739817539898638657099087197096836734243016824204113452987617610944986742919793506024892638851339015015706164412994514598564989374037762836439262224649359411190187875207060663509777017529293145434535056275850555331099130633232844054767057175076598741233988533181035871238444008366306956934
复制代码
我的解答:
考点:维纳攻击
exp:
  1. import gmpy2from Crypto.Util.number import *def transform(x, y):  # 使用辗转相处将分数 x/y 转为连分数的形式    res = []    while y:        res.append(x // y)        x, y = y, x % y    return resdef continued_fraction(sub_res):    numerator, denominator = 1, 0    for i in sub_res[::-1]:  # 从sublist的后面往前循环        denominator, numerator = numerator, i * numerator + denominator    return denominator, numerator  # 得到渐进分数的分母和分子,并返回# 求解每个渐进分数def sub_fraction(x, y):    res = transform(x, y)    res = list(map(continued_fraction, (res[0:i] for i in range(1, len(res)))))  # 将连分数的结果逐一截取以求渐进分数    return resdef get_pq(a, b, c):  # 由p+q和pq的值通过维达定理来求解p和q    par = gmpy2.isqrt(b * b - 4 * a * c)  # 由上述可得,开根号一定是整数,因为有解    x1, x2 = (-b + par) // (2 * a), (-b - par) // (2 * a)    return x1, x2def wienerAttack(e, n):    for (d, k) in sub_fraction(e, n):  # 用一个for循环来注意试探e/n的连续函数的渐进分数,直到找到一个满足条件的渐进分数        if k == 0:  # 可能会出现连分数的第一个为0的情况,排除            continue        if (e * d - 1) % k != 0:  # ed=1 (mod φ(n)) 因此如果找到了d的话,(ed-1)会整除φ(n),也就是存在k使得(e*d-1)//k=φ(n)            continue        phi = (e * d - 1) // k  # 这个结果就是 φ(n)        px, qy = get_pq(1, n - phi + 1, n)        if px * qy == n:            p, q = abs(int(px)), abs(int(qy))  # 可能会得到两个负数,负负得正未尝不会出现            d = gmpy2.invert(e, (p - 1) * (q - 1))  # 求ed=1 (mod  φ(n))的结果,也就是e关于 φ(n)的乘法逆元d            return d    print("该方法不适用")e= 18437613570247445737704630776150775735509244525633303532921813122997549954741828855898842356900537746647414676272022397989161180996467240795661928117273837666615415153571959258847829528131519423486261757569454011940318849589730152031528323576997801788206457548531802663834418381061551227544937412734776581781
  2. n= 147282573611984580384965727976839351356009465616053475428039851794553880833177877211323318130843267847303264730088424552657129314295117614222630326581943132950689147833674506592824134135054877394753008169629583742916853056999371985307138775298080986801742942833212727949277517691311315098722536282119888605701
  3. c= 140896698267670480175739817539898638657099087197096836734243016824204113452987617610944986742919793506024892638851339015015706164412994514598564989374037762836439262224649359411190187875207060663509777017529293145434535056275850555331099130633232844054767057175076598741233988533181035871238444008366306956934 d = wienerAttack(e, n)print("d=", d)m = pow(c, d, n)print(long_to_bytes(m))#unctf{wi3n3r_Att@ck}
复制代码
wing

你过office二级了吗
我的解答:
题目提示office,猜测为word中某种字体,打开word输入字母+数字,再切换各字体核对,发现为Wingdings 2字体,对照替换得flag。

unctf{wingdings_is_incomprehensible}
signin

Really baby problem about block cipher
flag 格式: flag{}
题目
查看代码
  1.  import random
  2. from Crypto.Cipher import AES
  3. from os import urandom
  4. from string import printable
  5. from binascii import hexlify
  6. from secret import flag
  8. random.seed(urandom(32))
  10. key1 = '0'*13 + ''.join([random.choice(printable) for _ in range(3)])
  11. key2 = ''.join([random.choice(printable) for _ in range(3)]) + '0'*13
  13. cipher1 = AES.new(key=key1.encode(), mode=AES.MODE_ECB)
  14. cipher2 = AES.new(key=key2.encode(), mode=AES.MODE_ECB)
  16. pt = input("You have a chance to get something: ")
  17. pt = pt.encode()
  19. val = len(pt) % 16
  20. if not val == 0:
  21.     pt += b'\x00'*(16 - val)
  23. c1 = cipher1.encrypt(pt)
  24. c2 = cipher2.encrypt(c1)
  25. print('Your cipher:{}'.format(hexlify(c2)))
  27. assert(len(flag) % 16 == 0)
  28. c3 = cipher1.encrypt(flag)
  29. c4 = cipher2.encrypt(c3)
  30. print('Your flag:{}'.format(hexlify(c4)))
复制代码
  1. You have a chance to get something: UNCTF2020_Enjoy_Crypto~
  2. Your cipher:b'01a4e429e76db218fa0eb18f03ec69c9200a2362d8b4d7ea46170ce698389bbd'
  3. Your flag:b'196cc94c2d685beb54beeaa14c1dc0a6f3794d65fca0d1a1274515166e4255ab367383092e42d774992f74bc138faaad'
复制代码
我的解答:
AES-ECB模式两次加密,且密钥已知位较多,爆破一下即可
exp:
  1. from string import printable
  2. import itertools
  3. from Crypto.Cipher import AES
  4. from binascii import hexlify, unhexlify
  6. pt = b'UNCTF2020_Enjoy_Crypto~'
  7. val = len(pt) % 16
  8. if not val == 0:
  9.     pt += b'\x00'*(16 - val)
  10.     print("pt==",pt)
  11. yan= unhexlify(b'01a4e429e76db218fa0eb18f03ec69c9200a2362d8b4d7ea46170ce698389bbd')
  12. print(yan)
  14. table = {}
  16. for p1 in itertools.product(printable, repeat=3):
  17.     key = "".join(p1)
  18.     key1 = "0000000000000"+key
  19.     cipher1 = AES.new(key=key1.encode(), mode=AES.MODE_ECB)
  20.     c1 = cipher1.encrypt(pt)
  21.     table[c1] = key1
  23. for p2 in itertools.product(printable, repeat=3):
  24.     key = "".join(p2)
  25.     key2 = key+"0000000000000"
  26.     cipher2 = AES.new(key=key2.encode(), mode=AES.MODE_ECB)
  27.     c2 = cipher2.decrypt(yan)
  28.     # print("c2==",c2)
  29.     if c2 in table:
  30.         key1 = table[c2]
  31.         print(key1, key2)
  32.         break
  34. flag = b"196cc94c2d685beb54beeaa14c1dc0a6f3794d65fca0d1a1274515166e4255ab367383092e42d774992f74bc138faaad"
  35. flag = unhexlify(flag)
  36. for key in [key2, key1]:
  37.     cipher = AES.new(key=key.encode(), mode=AES.MODE_ECB)
  38.     flag = cipher.decrypt(flag)
  39.     print(flag)
  40. #unctf{524e314a-5843-3030-5939-333230323541}
复制代码
快乐数学_0x00

刚才我问扎克利,扎总发生甚么事了。扎总说怎么回事。我给扎总发了几张截图。
扎总一看,噢,原来是昨天,几个大学生,二十多岁,他们说,哎~。
有一个说,我在 UNCTF 打比赛,头都做疼了,扎总,你能不能教教我怎么做题,哎,帮我分数弄高一点。
扎总说,可以,你在 UNCTF 死做题,不好用。他不服气。
扎总说,我说小朋友,你多长两个脑子来做我这新题。他做不动,他说你这个没用。
扎总说,我这个有用,他是数学,数学对计算机基础很重要,二百多个人做不出我这题。他非要和我试试。
扎总说,可以。扎总一说他啪站起来了,很快啊,然后上来一个左正蹬,一个右鞭腿,一个左刺拳。
扎总全部防出去了啊,防出去以后,自然是传统功夫以点到为止,右手把数学题摁在他鼻子上,没打他,扎总笑了一下,准备收拳。
后面我暂时编不下去了,你们来跟扎总打吧。
数学题,可能存在异议的,群里私聊 Hanser 的老公。
链接: https://pan.baidu.com/s/1nB8j4TN3HFe_SXvrwzyE2g 密码: ca04
我的解答:
纯高数计算,我们可采用wolframalpha辅助计算。
首先对与:

我们可以用wolframalpha观察规律:

以此类推得到:

然后对与:

我们使用wolframalpha编写:
limit (integrate (integrate (u^2-3sin(u-t)^2),t=0 to u),u=0 to x)/(x^8) as x->+∞
可以计算出:

对于第三个,设

求:

我们需要转换到极坐标求解,设

wolframalpha编写:
(integrate dθ,θ=0 to 2*pi)(integrate r/sqrt(r^2+z) dr, r=0 to sqrt(3z))
integrate 2*pi*sqrt(z) dz, z=1 to 4
计算得到:

最后,三个结果合并为\sqrt[2020]{2020!}-\frac{1}{112}-\frac{28\pi}{3},md5值即为flag。
2021年

easy_rsa

题目
  1. q= 9961202707366965556741565662110710902919441271996809241009358666778850435448710324711706845973820669201482939820488174382325795134659313309606698334978471
  2. p= 12525187149887628510447403881107442078833803097302579419605689530714690308437476207855511625840027119860834633695330551080761572835309850579517639206740101
  3. c= 28587419802025513525354713621431206010395084854419372005671024739235625817936539010481222419824634956610184430308528941304950093228826213143262329902946812513518444587906469224383320964300417189270202019231856531012143472434842753891213128487132962453421971000901646523331476667655739056951415917218673801225
  4. e = 65537
复制代码
我的解答:
exp:
  1. import gmpy2from Crypto.Util.number import long_to_bytesq= 9961202707366965556741565662110710902919441271996809241009358666778850435448710324711706845973820669201482939820488174382325795134659313309606698334978471
  2. p= 12525187149887628510447403881107442078833803097302579419605689530714690308437476207855511625840027119860834633695330551080761572835309850579517639206740101
  3. c= 28587419802025513525354713621431206010395084854419372005671024739235625817936539010481222419824634956610184430308528941304950093228826213143262329902946812513518444587906469224383320964300417189270202019231856531012143472434842753891213128487132962453421971000901646523331476667655739056951415917218673801225
  4. e = 65537n = p*qphi = (p-1) * (q-1)d = gmpy2.invert(e, phi)m = pow(c, d, n)print(long_to_bytes(m))#UNCTF{Th1s_1s_f1ag_f0r_unctf_2021!!}
复制代码
探秘中世纪城堡

贝拉在参观一个中世纪的古堡时,在桌上看到了一串一奇怪的字符和描述。你能帮大聪明破解皇珈骑士留下来的谜团吗?
年轻的大帝率领着64位皇珈骑士冲破了双重阻栏夺下了城池。
AZSLh2OofBA0C2qzi25mg2KsYqW7iCSdDq9aBLKsDBWyi259
我的解答:
根据题目提示64代表base64,双重代表栅栏密码,栏数为2,还有凯撒加密
凯撒加密偏移21得到
VUNGc2JjaWV0X2lud25hb2FnTlR7dXNyYl9vWGFnYWRtd259
base64解码得到
UCFsbciet_inwnaoagNT{usrb_oXagadmwn}
栏栅解码
UNCTF{subscribe_to_Xiangwandamowang}
分析badusb流量

一日,某企业的安全管理员发现企业中的电脑遭到了badusb的侵害,以下他分离出来的有问题USB流量,而这似乎跟键盘的键位映射有关。
2018 2011 2006 2017 2009 202f 201C 0027 0018 002D 2004 0015 0008 002D 0019 0008 0015 001C 002D 0011 001E 0006 0008 2030
我的解答
前两位20代表大写,00代表小写,后两位为键码,对照写flag。
exp:
  1. f = open('1.txt','r').readlines()
  2. mappings = { 0x04:"A",  0x05:"B",  0x06:"C", 0x07:"D", 0x08:"E", 0x09:"F", 0x0A:"G",  0x0B:"H", 0x0C:"I",  0x0D:"J", 0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O",  0x13:"P", 0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V", 0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2", 0x20:"3", 0x21:"4", 0x22:"5",  0x23:"6", 0x24:"7", 0x25:"8", 0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]",  0X2B:"    ", 0x2C:" ",  0x2D:"-", 0x2E:"=", 0x2F:"[",  0x30:"]",  0x31:"\", 0x32:"~", 0x33:";",  0x34:"'", 0x36:",",  0x37:"." }
  3. for i in range(len(f)):
  4.     num = int(f[i][2:4],16)
  5.     if(f[i][0] == '2'):
  6.         if(num in mappings):
  7.             print(mappings[num].upper(),end='')
  8.     else:
  9.         if (num in mappings):
  10.             print(mappings[num].lower(), end='')
  11.             
  12.             
  13. #output:UNCTF[Y0u-Are-very-n1ce]
复制代码
UNCTF{Y0u-Are-very-n1ce}

baby_rsa
  1. import gmpy2
  2. import libnum
  3. import random
  4. import uuid
  5. flag="unctf{"+str(uuid.uuid4())+"}"
  6. m=libnum.s2n(flag)
  8. p=libnum.generate_prime(1024)
  9. q=libnum.generate_prime(1024)
  10. n=p*q
  11. e=65537
  12. c=pow(m*p+n,e,n)
  13. print("n=",n)
  14. print("c=",c)
  15. print("e=",e)
  16. #n= 27023180567533176673625876001733765250439008888496677405372613659387969480500400831799338479404533734632060401129194207025095826786316107611502577395964365591899893794206238112244571942694129959717225168573059987542436467778426312967832431595178558711258027999897974942046398583397445299861338203860420721585460676138091828032223153425728023656897880166788811969523526091221520293020106530587453637600349533427641518473788620430866128331962450325767202417824455886116760280239705754222948387172102353564657340216229891342124971948458724351338597649821310431397426705701275774039588035776573373417654649168810548916141
  17. #c= 3489599657527403893851973553294684608504140532554562294027722218597464669848608337663997115805201027340092733823019661706872544231209523772845492398492677185660213963118144668038183924970370481476141221609706208064428560732214361469135212057355342825193598971775551833240699393482839422273480793244841531126642199202744610656153155545415859410361595564197685655133074582118230993519133935533313364233668337427608419528430102794052261190930670933657287272452581248934890029409559234507626012423255430699687038808658327174609660874748540185589263800447650242593224189976058739054174360024536594384447518687126891675059
  18. #e= 65537
复制代码
我的解答:
考点:dp泄露
exp:
  1. import gmpy2
  2. import libnum
  3. n= 27023180567533176673625876001733765250439008888496677405372613659387969480500400831799338479404533734632060401129194207025095826786316107611502577395964365591899893794206238112244571942694129959717225168573059987542436467778426312967832431595178558711258027999897974942046398583397445299861338203860420721585460676138091828032223153425728023656897880166788811969523526091221520293020106530587453637600349533427641518473788620430866128331962450325767202417824455886116760280239705754222948387172102353564657340216229891342124971948458724351338597649821310431397426705701275774039588035776573373417654649168810548916141
  4. c= 3489599657527403893851973553294684608504140532554562294027722218597464669848608337663997115805201027340092733823019661706872544231209523772845492398492677185660213963118144668038183924970370481476141221609706208064428560732214361469135212057355342825193598971775551833240699393482839422273480793244841531126642199202744610656153155545415859410361595564197685655133074582118230993519133935533313364233668337427608419528430102794052261190930670933657287272452581248934890029409559234507626012423255430699687038808658327174609660874748540185589263800447650242593224189976058739054174360024536594384447518687126891675059
  5. e= 65537
  6. p = gmpy2.gcd(n,c)
  7. q = n//p
  8. phi = (q-1)*(p-1)
  9. d = gmpy2.invert(e,phi)
  10. m = pow(c,d,n)
  11. print(libnum.n2s(int(m//p)))
  12. #unctf{rsa_s1mp1e_0kk}
复制代码
电信诈骗pro

朕是秦始皇,其实朕没有死,朕在西安兵马俑第四个坑第七排,朕是吃了长生不老药的,朕告诉你啊,朕在陕西有3000吨黄金和300万秦兵被封印,现在只需要30元就能解封,只要你打钱给朕,朕明天直接带部队复活,让你统领三军!建立像古罗马一样的帝国,君无戏言! 朕的账户是5.#4&;Sw)2Ti%*Sj1eUU9kTwi*Sj)1S"a8S0)6x-8(x7=
flag格式为unctf{}
我的解答:
ROT47
相减发现和unctf相差64

2022年

md5-1

爆破可见字符得到md5表,再依次遍历密文取出相应字符。
  1. from hashlib import md5
  3. c = '''4c614360da93c0a041b22e537de151eb
  4. 8d9c307cb7f3c4a32822a51922d1ceaa
  5. 0d61f8370cad1d412f80b84d143e1257
  6. b9ece18c950afbfa6b0fdbfa4ff731d3
  7. 800618943025315f869e4e1f09471012
  8. f95b70fdc3088560732a5ac135644506
  9. e1671797c52e15f763380b45e841ec32
  10. c9f0f895fb98ab9159f51fd0297e236d
  11. a87ff679a2f3e71d9181a67b7542122c
  12. 8fa14cdd754f91cc6554c9e71929cce7
  13. e1671797c52e15f763380b45e841ec32
  14. 8277e0910d750195b448797616e091ad
  15. cfcd208495d565ef66e7dff9f98764da
  16. c81e728d9d4c2f636f067f89cc14862c
  17. c9f0f895fb98ab9159f51fd0297e236d
  18. 92eb5ffee6ae2fec3ad71c777531578f
  19. 45c48cce2e2d7fbdea1afc51c7c6ad26
  20. cfcd208495d565ef66e7dff9f98764da
  21. a87ff679a2f3e71d9181a67b7542122c
  22. 1679091c5a880faf6fb5e6087eb1b2dc
  23. 8fa14cdd754f91cc6554c9e71929cce7
  24. 4a8a08f09d37b73795649038408b5f33
  25. cfcd208495d565ef66e7dff9f98764da
  26. e1671797c52e15f763380b45e841ec32
  27. c9f0f895fb98ab9159f51fd0297e236d
  28. 8fa14cdd754f91cc6554c9e71929cce7
  29. cfcd208495d565ef66e7dff9f98764da
  30. c9f0f895fb98ab9159f51fd0297e236d
  31. cfcd208495d565ef66e7dff9f98764da
  32. e1671797c52e15f763380b45e841ec32
  33. 45c48cce2e2d7fbdea1afc51c7c6ad26
  34. 1679091c5a880faf6fb5e6087eb1b2dc
  35. e1671797c52e15f763380b45e841ec32
  36. 8f14e45fceea167a5a36dedd4bea2543
  37. c81e728d9d4c2f636f067f89cc14862c
  38. c4ca4238a0b923820dcc509a6f75849b
  39. c9f0f895fb98ab9159f51fd0297e236d
  40. a87ff679a2f3e71d9181a67b7542122c
  41. cbb184dd8e05c9709e5dcaedaa0495cf'''.split('\n')
  43. s = list(range(32,127))
  44. t = {}
  46. for k in s:
  47.     t[md5(chr(k).encode()).hexdigest()] = chr(k)
  49. flag=''
  50. for k in c:
  51.     flag += t[k]
  53. print(flag)
  54. # UNCTF{e84fed028b9046fc0e8f080e96e72184}
复制代码
dddd

题目
110/01/0101/0/1101/0000100/0100/11110/111/110010/0/1111/10000/111/110010/1000/110/111/0/110010/00/00000/101/111/1/0000010

我的解答
1换为 .,0换为 -,摩斯密码解密得:UNCTF{Y4S_TH1S_JUST_M0RSE}。
caesar


对照base64的表
B6vAy—UNCTF
B-U=1-20(增加了19)
6-N=58-13(减少了45)
以此类推后面3个字母发现,当字母表值小于19时,就加上19,大于45时就减去45
最终得到
UNCTF{w0w_Th1s_d1fFerent_c4eSar}
exp:
  1. import string
  3. s = 'B6vAy{dhd_AOiZ_KiMyLYLUa_JlL/HY_}'
  4. dic = string.ascii_uppercase+string.ascii_lowercase+string.digits+'+/'
  5. print(dic)
  7. d = ord('U')-ord('B')
  9. t = ''
  10. for i in range(len(s)):
  11.   if s[i] == '{' or s[i] == '}' or s[i] == '_':
  12.     t += s[i]
  13.   else:
  14.     t += dic[(dic.index(s[i])+d)%64]
  16. print(t)
  18. # UNCTF{w0w_Th1s_d1fFerent_c4eSar_}
复制代码
md5-2

比md5-1多了一层异或操作,还原即可。
  1. from hashlib import md5
  3. c = '''4c614360da93c0a041b22e537de151eb
  4. c1fd731c6d60040369908b4a5f309f41
  5. 80fdc84bbb5ed9e207a21d5436efdcfd
  6. b48d19bb99a7e6bb448f63b75bc92384
  7. 39eaf918a52fcaa5ed9195e546b021c1
  8. 795d6869f32db43ff5b414de3c235514
  9. f59a054403f933c842e9c3235c136367
  10. c80b37816048952a3c0fc9780602a2fa
  11. 810ecef68e945c3fe7d6accba8b329bd
  12. cad06891e0c769c7b02c228c8c2c8865
  13. 470a96d253a639193530a15487fea36f
  14. 470a96d253a639193530a15487fea36f
  15. 4bdea6676e5335f857fa8e47249fa1d8
  16. 810ecef68e945c3fe7d6accba8b329bd
  17. edbb7ab78cde98a07b9b5a2ab284bf0a
  18. 44b43e07e9af05e3b9b129a287e5a8df
  19. a641c08ed66b55c9bd541fe1b22ce5c0
  20. abed1f675819a2c0f65c9b7da8cab301
  21. 738c486923803a1b59ef17329d70bbbd
  22. 7e209780adf2cd1212e793ae8796ed7c
  23. a641c08ed66b55c9bd541fe1b22ce5c0
  24. a641c08ed66b55c9bd541fe1b22ce5c0
  25. 636a84a33e1373324d64463eeb8e7614
  26. 6ec65b4ab061843b066cc2a2f16820d5
  27. a4a39b59eb036a4a8922f7142f874114
  28. 8c34745bd5b5d42cb3efe381eeb88e4b
  29. 5b1ba76b1d36847d632203a75c4f74e2
  30. d861570e7b9998dbafb38c4f35ba08bc
  31. 464b7d495dc6019fa4a709da29fc7952
  32. 8eb69528cd84b73d858be0947f97b7cc
  33. dd6ac4c783a9059d11cb0910fc95d4a
  34. 4b6b0ee5d5f6b24e6898997d765c487c
  35. b0762bc356c466d6b2b8f6396f2e041
  36. 8547287408e2d2d8f3834fc1b90c3be9
  37. 82947a7d007b9854fa62efb18c9fd91f
  38. 8ddafe43b36150de851c83d80bd22b0a
  39. c7b36c5f23587e285e528527d1263c8b
  40. 2a0816e8af86e68825c9df0d63a28381
  41. 63ce72a42cf62e6d0fdc6c96df4687e3'''.split('\n')
  43. cc = [int(k,16) for k in c]
  44. for i in range(1,len(cc)):
  45.     cc[i] ^= cc[i-1]
  46.    
  47. cc = [hex(k)[2:].rjust(32,'0') for k in cc]
  48. print(cc)
  50. s=list(range(32,127))
  51. t={}
  53. for k in s:
  54.     t[md5(chr(k).encode()).hexdigest()]=chr(k)
  56. flag = ''
  57. for k in cc:
  58.     flag += t[k]
  60. print(flag)
  62. # UNCTF{a197271943ceb3c3fe98bcadf10c29d4}
复制代码
ezRSA
  1. import libnum
  3. p=libnum.generate_prime(256)
  4. e=65537
  5. m=flag
  7. m=libnum.s2n(m)
  8. n=p**4
  9. phi_n=p**4-p**3
  10. d=libnum.invmod(e,phi_n)
  11. c=pow(m,e,n)
  13. print ("n=",n)
  14. print ("e=",e)
  15. print ("c=",c)
  16. 62927872600012424750752897921698090776534304875632744929068546073325488283530025400224435562694273281157865037525456502678901681910303434689364320018805568710613581859910858077737519009451023667409223317546843268613019139524821964086036781112269486089069810631981766346242114671167202613483097500263981460561
  17. 65537 56959646997081238078544634686875547709710666590620774134883288258992627876759606112717080946141796037573409168410595417635905762691247827322319628226051756406843950023290877673732151483843276348210800329658896558968868729658727981445607937645264850938932045242425625625685274204668013600475330284378427177504
复制代码
我的解答:
  1. import gmpy2
  2. n = 62927872600012424750752897921698090776534304875632744929068546073325488283530025400224435562694273281157865037525456502678901681910303434689364320018805568710613581859910858077737519009451023667409223317546843268613019139524821964086036781112269486089069810631981766346242114671167202613483097500263981460561
  3. e = 65537
  4. c = 56959646997081238078544634686875547709710666590620774134883288258992627876759606112717080946141796037573409168410595417635905762691247827322319628226051756406843950023290877673732151483843276348210800329658896558968868729658727981445607937645264850938932045242425625625685274204668013600475330284378427177504
  5. p = gmpy2.iroot(n,4)[0]
  6. f = p**3*(p-1)
  7. d = gmpy2.invert(e,f)
  8. m = pow(c,d,n)
  9. print(bytes.fromhex(hex(m)[2:]))
  10. # b'unctf{pneum0n0ultram01cr0sc0p01cs01l01c0v0lcan0c0n010s01s}'
复制代码
Single table

根据题目:单表置换,按照所给例子的规律,我们排出来一个表

然后每两个字母一组,取表上两个字母分别为原点的坐标系的交点的字母来代换原字母可得到:
UNCTF{GODY_OUK_NOWP_LAYFAIRX}
格式整理一下:
UNCTF{GOD_YOU_KNOW_PLAYFAIR}
Multi table

变表维吉尼亚密码,先根据前4字符确定key值,再遍历爆破。
  1. from string import ascii_uppercase
  3. base_table = ['J', 'X', 'I', 'S', 'E', 'C', 'R', 'Z', 'L', 'U', 'K', 'Q', 'Y', 'F', 'N', 'V', 'T', 'P', 'O', 'G', 'A', 'H', 'D', 'W', 'M', 'B']
  5. table={}
  6. for i in range(26):
  7.   table[i]=ascii_uppercase[i:]+ascii_uppercase[:i]
  9. ori = 'UNCT'
  10. res = 'SDCG'
  11. key = []
  13. for i in range(4):
  14.   for k,v in table.items():
  15.     if v[base_table.index(ori[i])] == res[i]:
  16.       key.append(k)
  17.       break
  19. print(key)
  21. c = 'SDCGW{MPN_VHG_AXHU_GERA_SM_EZJNDBWN_UZHETD}'
  22. flag = ''
  23. x = 0
  24. for i in range(len(c)):
  25.   if c[i] in ascii_uppercase:
  26.     now = table[key[x%4]].index(c[i])
  27.     flag += base_table[now]
  28.     x += 1
  29.   else:
  30.     flag += c[i]
  32. print(flag)
  34. # [9, 15, 23, 16]
  35. # UNCTF{WOW_YOU_KNOW_THIS_IS_VIGENERE_CIPHER}
复制代码
babyRSA

m高位泄露的Coppersmith攻击。
  1. n = 25300208242652033869357280793502260197802939233346996226883788604545558438230715925485481688339916461848731740856670110424196191302689278983802917678262166845981990182434653654812540700781253868833088711482330886156960638711299829638134615325986782943291329606045839979194068955235982564452293191151071585886524229637518411736363501546694935414687215258794960353854781449161486836502248831218800242916663993123670693362478526606712579426928338181399677807135748947635964798646637084128123883297026488246883131504115767135194084734055003319452874635426942328780711915045004051281014237034453559205703278666394594859431
  2. c = 15389131311613415508844800295995106612022857692638905315980807050073537858857382728502142593301948048526944852089897832340601736781274204934578234672687680891154129252310634024554953799372265540740024915758647812906647109145094613323994058214703558717685930611371268247121960817195616837374076510986260112469914106674815925870074479182677673812235207989739299394932338770220225876070379594440075936962171457771508488819923640530653348409795232033076502186643651814610524674332768511598378284643889355772457510928898105838034556943949348749710675195450422905795881113409243269822988828033666560697512875266617885514107
  3. e =  6
  4. mbar = 11941439146252171444944646015445273361862078914338385912062672317789429687879409370001983412365416202240
  5. kbits = 60
  6. nbits = n.nbits()
  7. print("upper {} bits of {} bits is given".format(nbits - kbits, nbits))
  8. PR.<x> = PolynomialRing(Zmod(n))
  9. f = (mbar + x)^e - c
  10. x0 = f.small_roots(X=2^kbits, beta=0.4)[0]  # find root < 2^kbits with factor = n
  11. m = mbar + x0
  12. print(bytes.fromhex(hex(m)[2:]))
  14. # b'UNCTF{27a0aac7-76cb-427d-9129-1476360d5d1b}'
复制代码
easy_RSA

题目
  1. from Crypto.Util.number import *
  2. from gmpy2 import *
  3. from secret import flag
  4. import random
  5. assert flag.startwith(b"flag{")
  6. e=0x10001
  7. c=6423951485971717307108570552094997465421668596714747882611104648100280293836248438862138501051894952826415798421772671979484920170142688929362334687355938148152419374972520025565722001651499172379146648678015238649772132040797315727334900549828142714418998609658177831830859143752082569051539601438562078140
  8. n=102089505560145732952560057865678579074090718982870849595040014068558983876754569662426938164259194050988665149701199828937293560615459891835879217321525050181965009152805251750575379985145711513607266950522285677715896102978770698240713690402491267904700928211276700602995935839857781256403655222855599880553
  10. m=bytes_to_long(flag)
  11. p=getprime(512)
  12. q=getprime(512)
  13. n=p*q
  14. c=pow(m,e,n)
  15. print("n={}".format(n))
  16. print("c={}".format(c))
  17. tmp=random.randint(100,300)   #生成从100-300的随机数
  18. print("p>>tmp={}".format(p>>tmp))
  20. #c=6423951485971717307108570552094997465421668596714747882611104648100280293836248438862138501051894952826415798421772671979484920170142688929362334687355938148152419374972520025565722001651499172379146648678015238649772132040797315727334900549828142714418998609658177831830859143752082569051539601438562078140
  22. #n=102089505560145732952560057865678579074090718982870849595040014068558983876754569662426938164259194050988665149701199828937293560615459891835879217321525050181965009152805251750575379985145711513607266950522285677715896102978770698240713690402491267904700928211276700602995935839857781256403655222855599880553
  24. #p>>200=8183408885924573625481737168030555426876736448015512229437332241283388177166503450163622041857   
复制代码
p高位泄露的Coppersmith攻击。
[code]c = 6423951485971717307108570552094997465421668596714747882611104648100280293836248438862138501051894952826415798421772671979484920170142688929362334687355938148152419374972520025565722001651499172379146648678015238649772132040797315727334900549828142714418998609658177831830859143752082569051539601438562078140n = 102089505560145732952560057865678579074090718982870849595040014068558983876754569662426938164259194050988665149701199828937293560615459891835879217321525050181965009152805251750575379985145711513607266950522285677715896102978770698240713690402491267904700928211276700602995935839857781256403655222855599880553p4 = 8183408885924573625481737168030555426876736448015512229437332241283388177166503450163622041857e =  0x10001pbits = 512kbits = 200print(p4.nbits())p4 = p4

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

x
回复

使用道具 举报

0 个回复

倒序浏览
返回列表

快速回复

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 or 立即注册

本版积分规则

冬雨财经

金牌会员
这个人很懒什么都没写!

楼主热帖

标签云

挺好的 服务器
微信订阅号
微信服务号
微信客服
小程序
H5
关于我们 商务合作 网站地图
©Copyright 2022-2024 杭州祥升科技有限公司 版权所有 浙ICP备20004199号
快速回复 返回顶部 返回列表