21、RSA1
:::tips
p = 8637633767257008567099653486541091171320491509433615447539162437911244175885667806398411790524083553445158113502227745206205327690939504032994699902053229
q = 12640674973996472769176047937170883420927050821480010581593137135372473880595613737337630629752577346147039284030082593490776630572584959954205336880228469
dp = 6500795702216834621109042351193261530650043841056252930930949663358625016881832840728066026150264693076109354874099841380454881716097778307268116910582929
dq = 783472263673553449019532580386470672380574033551303889137911760438881683674556098098256795673512201963002175438762767516968043599582527539160811120550041
c = 24722305403887382073567316467649080662631552905960229399079107995602154418176056335800638887527614164073530437657085079676157350205351945222989351316076486573599576041978339872265925062764318536089007310270278526159678937431903862892400747915525118983959970607934142974736675784325993445942031372107342103852
:::
由题目给出的信息,发现是dp、dq泄露
import gmpy2
I = gmpy2.invert(q,p) #求逆元
mp = pow(c,dp,p)
mq = pow(c,dq,q) #求幂取模运算
m = (((mp-mq)*I)%p)*q+mq #求明文公式
print(hex(m)) #转为十六进制
Dp、Dq泄露
https://blog.csdn.net/m0_51507437/article/details/122440936
https://blog.csdn.net/weixin_45369385/article/details/109208109
dp ≡ d % (p - 1)
dq ≡ d % (q - 1)
已知dp、dq、p、q、c
22、权限获得第一步
23、old-fashion
:::tips
Os drnuzearyuwn, y jtkjzoztzoes douwlr oj y ilzwex eq lsdexosa kn pwodw tsozj eq ufyoszlbz yrl rlufydlx pozw douwlrzlbz, ydderxosa ze y rlatfyr jnjzli; mjy gfbmw vla xy wbfnsy symmyew (mjy vrwm qrvvrf), hlbew rd symmyew, mebhsymw rd symmyew, vbomgeyw rd mjy lxrzy, lfk wr dremj. Mjy eyqybzye kyqbhjyew mjy myom xa hyedrevbfn lf bfzyewy wgxwmbmgmbrf. Wr mjy dsln bw f1_2jyf-k3_jg1-vb-vl_l
:::
直接爆破(词频统计)
24、世上无难事
:::tips
VIZZB IFIUOJBWO NVXAP OBC XZZ UKHVN IFIUOJBWO HB XVIXW XAW VXFI X QIXN VBD KQ IFIUOJBWO WBKAH NBWXO VBD XJBCN NKG QLKEIU DI XUI VIUI DKNV QNCWIANQ XN DXPIMKIZW VKHV QEVBBZ KA XUZKAHNBA FKUHKAKX XAW DI VXFI HBN QNCWIANQ NCAKAH KA MUBG XZZ XEUBQQ XGIUKEX MUBG PKAWIUHXUNIA NVUBCHV 12NV HUXWI XAW DI XUI SCQN QB HZXW NVXN XZZ EBCZW SBKA CQ NBWXO XAW DI DXAN NB NVXAP DXPIMKIZW MBU JIKAH QCEV XA BCNQNXAWKAH VBQN HKFI OBCUQIZFIQ X JKH UBCAW BM XLLZXCQI XAW NVI PIO KQ 640I11012805M211J0XJ24MM02X1IW09
:::
同上题直接爆破
25、Unencode
26、RSA3
:::tips
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291
:::
编写脚本:
from Crypto.Util.number import long_to_bytes
from gmpy2 import gcdext
def rsa(c1,c2,e1,e2,n):
g,s1,s2 = gcdext(e1,e2)
m = (pow(c1,s1,n)*pow(c2,s2,n))%n
print(long_to_bytes(m)) # 正整数转化为byte类型字符串
if '__name__'=='__name__':
c1 = 22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n = 22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1 = 11187289
c2 = 18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2 = 9647291
rsa(c1,c2,e1,e2,n)
共摸n攻击
https://blog.csdn.net/m0_51507437/article/details/122978218
攻击条件:c1,e1,c2,e2,n => m
已知n,同一份密文m用e1和e2两个公钥分别加密得到c1和c2两份密文
脚本:
from gmpy2 import *
from Crypto.Util.number import *
# c1,e1,c2,e2,n => m
def rsa(c1,c2,e1,e2,n):
#扩展欧几里得算法,第一个返回结果是最大公因数,后面两个分别对应e1,e2的系数
g,s1,s2=gcdext(e1,e2)
m=(pow(c1,s1,n)*pow(c2,s2,n))%n
print(long_to_bytes(m))
if __name__ == "__main__":
rsa(c1,c2,e1,e2,n)
变式:若e1、e2不互素呢?
from gmpy2 import *
from Crypto.Util.number import *
e1 =
e2 =
n =
c1 =
c2 =
a, s1, s2 = gcdext(e1, e2)
m = (pow(c1, s1, n)*pow(c2, s2, n)) % n
while True:
if iroot(m, a)[1]:
m = iroot(m, a)[0]
print(long_to_bytes(m))
break
m += n
27、RSA2
Dp泄露,类型:dp + n + e + c = m
康康大佬脚本:
import gmpy2 as gp
e = 65537
n = 248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113
dp = 905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657
c = 140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751
for i in range(1, e): # 在范围(1,e)之间进行遍历
if (dp * e - 1) % i == 0:
if n % (((dp * e - 1) // i) + 1) == 0: # 存在p,使得n能被p整除
p = ((dp * e - 1) // i) + 1
q = n // (((dp * e - 1) // i) + 1)
phi = (q - 1) * (p - 1) # 欧拉定理
d = gp.invert(e, phi) # 求模逆
m = pow(c, d, n) # 快速求幂取模运算
print(m) # 10进制明文
print('------------')
print(hex(m)[2:]) # 16进制明文
print('------------')
print(bytes.fromhex(hex(m)[2:])) # 16进制转文本
28、Morse
29、还原大师
:::tips
我们得到了一串神秘字符串:TASC?O3RJMV?WDJKX?ZM,问号部分是未知大写字母,为了确定这个神秘字符串,我们通过了其他途径获得了这个字串的32位MD5码。但是我们获得它的32位MD5码也是残缺不全,E903???4DAB????08?????51?80??8A?,请猜出神秘字符串的原本模样,并且提交这个字串的32位MD5码作为答案。
:::
MD5爆破,直接用大佬脚本
# -*- coding: utf-8 -*-
#!/usr/bin/env python
import hashlib
#print hashlib.md5(s).hexdigest().upper()
k = 'TASC?O3RJMV?WDJKX?ZM' #要还原的明文
for i in range(26):
temp1 = k.replace('?',str(chr(65+i)),1) # 替换不超过1次
for j in range(26):
temp2 = temp1.replace('?',chr(65+j),1)
for n in range(26):
temp3 = temp2.replace('?',chr(65+n),1)
s = hashlib.md5(temp3.encode('utf8')).hexdigest().upper()
# md5.hexdigest:返回摘要,作为十六进制数据字符串值
# upper:转成大写字母
if s[:4] == 'E903': #检查元素
print (s) #输出密文
30、异性相吸
看到提示就猜想是否是01异或这种,用十六进制编辑器打开给出的两个文件
发现这两个文件二进制流位数刚好相同,写个脚本异或一下
import binascii
a = '0110000101110011011000010110010001110011011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011100010111011101100101011100110111000101100110'
b = '0000011100011111000000000000001100001000000001000001001001010101000000110001000001010100010110000100101101011100010110000100101001010110010100110100010001010010000000110100010000000010010110000100011000000110010101000100011100000101010101100100011101010111010001000001001001011101010010100001010000011011'
c = ''
def hexStr_to_str(hex_str):
hex = hex_str.encode('utf-8')
str_bin = binascii.unhexlify(hex)
return str_bin.decode('utf-8')
if __name__ == "__main__":
for i in range(len(a)):
if a[i] == b[i]:
c += '0'
else:
c += '1'
s = hex(int(c, 2))[2:]
print(hexStr_to_str(s))
# print(bytes.fromhex(s)) 直接十六进制转字符串
31、RSA
题目给出了公钥和密文,那先从公钥文件中提取出n、e、p、q
公钥解析
再分解得到的n:
用得到的p、q解出逆元d
再写脚本解密即可:(将flag.enc改为flag.txt)
import rsa
e = 65537
n = 86934482296048119190666062003494800588905656017203025617216654058378322103517
p = 285960468890451637935629440372639283459
q = 304008741604601924494328155975272418463
d = 81176168860169991027846870170527607562179635470395365333547868786951080991441
key = rsa.PrivateKey(n, e, d, q, p) # 在pkcs标准中,pkcs#1规定,私钥包含(n,e,d,p,q)
with open("flag.txt", "rb") as f: # 以二进制读模式,读取密文
f = f.read()
print(rsa.decrypt(f, key)) # f:公钥加密结果 key:私钥
32、RASROLL
打开题目得到一个提示和一大串字符串
分解质数920139713,所以p=18443,q=49891
然后写脚本解密:(data.txt中删除第一行和第二行)
import gmpy2
N, p, q, e = 920139713, 18443, 49891, 19
d = gmpy2.invert(e, (p - 1) * (q - 1))
result = []
with open("data.txt", "r") as f:
for line in f.readlines():
line = line.strip('\n') # 去掉列表中每一个元素的换行符
result.append(chr(pow(int(line), d, N)))
for i in result:
print(i, end='')
33、Dangerous RSA
:::tips
n: 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793L
e: 0x3
c:0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
so,how to get the message?
:::
低指数加密攻击
(1)类型:n非常大,e一般很小
(2)
'''
当M^e < n 时,
C = M^e ,所以对C开方就能得到M
'''
from gmpy2 import iroot
import libnum
n = 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793
c = 0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
k = 0
while 1:
res=iroot(c+k*n,3)
if(res[1]==True):
print(libnum.n2s(int(res[0])))
break
k=k+1
'''
第二种写法
当M^e > n 时,此时用爆破的方法
假设我们 M^e / n 商 k 余数为c,
所以M^e = k*n + C,对K进行爆破,只要k满足 k*n + C能够开方就可以
'''
'''
import gmpy2
from libnum import*
n = 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793
c = 0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
i = 0
while 1:
if(gmpy2.iroot(c+i*n,3)[1]==1): #开根号
print(gmpy2.iroot(c+i*n,3))
break
i=i+1
'''
34、basic rsa
:::tips
import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
flag = "*****************"
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p*q
c = pow(int(b2a_hex(flag),16),e,n)
print c
27565231154623519221597938803435789010285480123476977081867877272451638645710
:::
提示中给出了c p q e n那再求e关于欧拉数的逆元d即可解密
from Crypto.Util.number import *
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p * q
g = (p - 1) * (q - 1) # 欧拉定理
c = 27565231154623519221597938803435789010285480123476977081867877272451638645710 # 密文
d = inverse(e, g) # 逆元d
m = hex(pow(c, d, n))[2:] # 明文
print(bytes.fromhex(m))
康康大佬的代码:
import random
from binascii import a2b_hex,b2a_hex
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
n = p * q
def multiplicative_inversr(a,b): # 求逆元
x = 0
y = 1
lx = 1
ly = 0
oa = a
ob = b
while b != 0:
q = a // b
(a, b) = (b, a % b)
(x, lx) = ((lx - (q * x)), x)
(y, ly) = ((ly - (q * y)), y)
if lx < 0:
lx += ob
if ly < 0:
ly += oa
return lx
def gcd(a,b):
while b != 0:
a, b = b, a % b
return a
def generate_keypair(p,q):
n = p * q
phi = (p - 1) * (q -1)
e = 65533
g = gcd(e, phi)
while g != 1:
e = random.randrange(1, phi)
g = gcd(e, phi)
d = multiplicative_inversr(e, phi)
return ((e,n),(d,n))
def encrypt(pk, plaintext): # 加密
key, n = pk[0]
print(b2a_hex(plaintext.encode()))
cipher = pow(int(b2a_hex(plaintext.encode()),16), key , n)
return cipher
def decrypt(pk, cipher): # 解密
key, n = pk[1]
cipher = pow(cipher, key ,n)
cipher = a2b_hex(hex(cipher).split('0x')[1])
return cipher
pk = generate_keypair(p,q)
cipher = 27565231154623519221597938803435789010285480123476977081867877272451638645710
plaintext = decrypt(pk, cipher)
print(plaintext)
35、Cipher
:::tips
还能提示什么呢?公平的玩吧(密钥自己找) Dncnoqqfliqrpgeklwmppu
:::
公平的玩吧 = play fair,是一种加密方式在线网站
PlayFair密码
https://blog.csdn.net/qq_44827634/article/details/124215535
(1)编制密码表
(2)加密(替换)
(3)移位和替换
36、[GXYCTF2019]CheckIn
:::tips
dikqTCpfRjA8fUBIMD5GNDkwMjNARkUwI0BFTg==
:::
打开题目得到一串字符串,怀疑是base64
:::info
控制台base64加解密函数:加密(btoa) 解密(atob)
:::
解密得到一串类似乱码的字符串,题目是gxyctf于是先尝试前几位的移位
v到g移位47位,)到x移位47位于是尝试用ROT47解码
ROT移位密码
https://www.cnblogs.com/swordcreater/p/12562077.html
rot5
只将字符串中的数字进行加密,步数为5,同时在0-9十个数字进行循环,如1在rot5加密后为6,而6在rot5加密后为1
rot13
只将字符串中的字母进行加密,步数为13,加密方式上最接近凯撒密码,分别在A-Z或a-z之间循环,如A在rot13加密后为N,Z在rot13加密后为M
rot18
字面意思(5+13=18) 即将上述两种加密方式结合,分别对数字和字母进行相应的操作
rot47
由于无论是rot5、rot13或rot18都只能对数字和字母进行相应的加密,而对“!@#¥%&”之类的符号却缺少加密,因此在此基础上引入ASCII码,将步数改为47而已(同样存在循环)对数字、字母、常用符号进行编码,按照它们的ASCII值进行位置替换,用当前字符ASCII值往前数的第47位对应字符替换当前字符,例如当前为小写字母z,编码后变成大写字母K,当前为数字0,编码后变成符号_
用于ROT47编码的字符其ASCII值范围是33-126(原因是由于0-32以及127与字符表示无关!!)
37、robomunication
用Audacity分析发现是摩斯密码
整理得到.... . .-.. .-.. --- .-- .... .- - .. ... - .... . -.- . -.-- .. - .. ... -... --- --- .--. -... . . .--.
摩斯解密得到flag
38、BabyRSA
打开题目给的文件,得到p+q、(p+1)*(q+1)、e、d、加密的flag
我们已经获得了d因此再获得n就可以得到私钥(d,n)进行解密
n = (p+1)*(q+1) - (p+q) - 1
import libnum
# p+q
a = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
# (p+1)(q+1)
b = 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
c = 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
n = b - a - 1
m = pow(c, d, n)
print(libnum.n2s(m)) # 数字转字符串
39、密码学的心声
根据图片的提示,直接将简谱中三个数字一组将八进制转成十进制再转换对应ASCII
str = '111 114 157 166 145 123 145 143 165 162 151 164 171 126 145 162 171 115 165 143 150'
flag = []
result = ''
for i in range(len(str.split(' '))):
flag.append(str.split(' ')[i])
for i in flag:
result += chr(int(i, 8))
print('flag{' + result + '}')
40、RSA2
打开题目得到n和e需要求解出d
维纳攻击脚本
将脚本放在rsa-wiener-attack中:
import RSAwienerHacker
import hashlib
N = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085
d = RSAwienerHacker.hack_RSA(e,N)
flag = "flag{" + hashlib.md5(hex(d).encode('utf-8')).hexdigest() + "}"
print(flag)
python3中hashlib这个库只接收byte数组数据,所以,将string变量转成byte数组即可即str.encode('utf-8')但是这里用python3得到的flag有误,于是尝试用python2可得到正确的flag
import RSAwienerHacker
import hashlib
N = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085
d = RSAwienerHacker.hack_RSA(e,N)
flag = "flag{" + hashlib.md5(hex(d)).hexdigest() + "}"
print(flag)
关于python2和3的MD5的坑
https://blog.csdn.net/myli_binbin/article/details/84333071
python3中,在 num<128 的时候,使用 chr(num).encode('utf-8') 得到的是 一个 字符的ascii十六进制,而 num>128 的时候,使用chr(num).encode('utf-8') 得到的是两个字节的ascii十六进制