御网杯 2024

篮之新喜 · 2024-9-25 03:03:14

Crypto

crypto1

题目：

# coding:utf-8
# python 3.6
from flag import flag
import re
s = "fst3Sem8Wgnobcd9+++++uv2JKpUViFGHz0QRMyjkA7NaBC14wXYxh5OP/DEqrZIl6LT"
assert re.match(r'^DASCTF\{[a-f0-9]+\}$',flag) != None
def encode(inputs):
bin_str = []
for i in inputs:
x = str(bin(ord(i))).replace('0b', '')
bin_str.append('{:0>8}'.format(x))
outputs = ""
nums = 0
while bin_str:
temp_list = bin_str[:3]
if (len(temp_list) != 3):
nums = 3 - len(temp_list)
while len(temp_list) < 3:
temp_list += ['0' * 8]
temp_str = "".join(temp_list)
temp_str_list = []
for i in range(0, 4):
temp_str_list.append(int(temp_str[i * 6:(i + 1) * 6], 2))
if nums:
temp_str_list = temp_str_list[0:4 - nums]
for i in temp_str_list:
outputs += s[i]
bin_str = bin_str[3:]
outputs += nums * '='
return outputs
c = encode(flag)
print(c)
# +Se++h+mF5u0d++Oc++RbQJYbyuMb++0cYuQc+SwdmK0d+fwcYRYG+==

复制代码

原题：[河北银行 2022 CTF]_ctf银行-CSDN博客
思路：

一个 base64 变表就是表中有多个 + ，就需要爆破一下。就行

复制代码

exp：

s = "fst3Sem8Wgnobcd9+++++uv2JKpUViFGHz0QRMyjkA7NaBC14wXYxh5OP/DEqrZIl6LT"
h = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
c = '+Se++h+mF5u0d++Oc++RbQJYbyuMb++0cYuQc+SwdmK0d+fwcYRYG+'
# +Se++h+mFYVPJv+zb+SYK+V4dvKRKQSXJ+uzJ++zJ+uRK3JXK+bYG+==
m = ''
for i in c:
print(s.index(i))
p = s.index(i)
m+=h[p]
print("m=",m)
#m = "fQ==" #
from base64 import *
import string
ss = b'0123456789abcdef-_{}'
#ss = string.printable.encode()
flag = ''
def decode(idx, mm):
#print(mm, idx)
if idx>=4:
#print(idx, mm)
try:
t = b64decode(mm)
except:
return
#print(t)
for v in t:
if v not in ss:
break
else:
print("xxx ",t)
return
if mm[idx] == 'Q':
for v in "QRSTU":
if idx == 0:
decode(idx+1, v+mm[1:])
elif idx==3:
decode(idx+1, mm[0:3]+v)
else:
decode(idx+1, mm[0:idx]+v+mm[idx+1:])
else:
decode(idx+1, mm)
m = 'QEFQQ1QGe2ViOQQ3NQQkMjYzMmVlMQQiNzVjNQExOGZiOQAxNzkzfQ=='
m = m[8:] #DASCTF
for v in range(0, len(m), 4):
print('---------',v, m[v: v+4])
decode(0, m[v: v+4])
# DASCTF{eb94754d2632ee14b75c5118fb901793}
# DASCTF{eb95754d2632ee14b75c5118fb901793}

复制代码

justmath

exp：

from sage.symbolic.relation import solve
x = var('x')
y_value = [3149069, 2271689, 2337632, 3068562, 67697, 2337632, 3068562, 67697, 2143547, 2543093, 1844472, 2206998, 67697, 1844472, 2686547, 2020317, 67697, 3149069, 2271689, 2081324, 67697, 2143547, 2543093, 1844472, 2206998, 67697, 2337632, 3068562, 67697, 2143547, 2543093, 1844472, 2206998, 3752378]
flag = ""
for i in y_value:
equation = 2*x^3 + 2*x^2 + 3*x + 17 == i
solutions = solve(equation, x)
flag += chr(solutions[2].rhs())
print(flag)
from Crypto.Util.number import *
flag = b"this is flag and the flag is flag{"
n = 2260375559104345425590426977960386256287009777233277062625487017885931446911942921201492850167115455071935831283269948569220356763988762825230315520633702443866690239945242948370781975714325308306543337600783340792458991506685843729962897796956171467876531084194426101796617903015810156717396227079274786269217370618477266867389155551378798713259843750289765858717627925689021561352438080039804957145513478767641674644346609224034274906228784593435462413278410143
e = 3
c = 1683427726786225271109289808778075351906457081282891335272956455076290407290946927840180672315908981114229434899424882579823897506730018911375238394076293908946844135295984336122170362703361647325169444373502665686779049846717305377396296752361918921007897449738856962248716579014267597667341690453460130215215256776249910808564677407383996700090361822122676428069577517468851642648993930679875398568383201032360229083338487146673018350740571719960730053254352184
R.<x> = PolynomialRing(Zmod(n))
for i in range(40):
mhigh = bytes_to_long(flag + b"\x00"*32 + b"}")
f = (mhigh + x)^e - c
res = f.small_roots(X=256^i,beta=0.4,epsilon=0.05)
if res != []:
print(res)
m = mhigh + int(res[0])
print(long_to_bytes(m))

复制代码

flag：flag{0f5a1806d07f030767e113352727ea2d}
base

题目：
<blockquote>

免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！更多信息从访问主页：qidao123.com:ToB企服之家，中国第一个企服评测及商务社交产业平台。

		自动登录	找回密码
密码			立即注册

御网杯 2024

0 个回复

快速回复

楼主热帖

标签云