首页 > 其他分享 >Crypto|[GWCTF 2019]BabyRSA

Crypto|[GWCTF 2019]BabyRSA

时间:2023-05-06 14:34:27浏览次数:36  
标签:F1 F2 pow Crypto long GWCTF 2019 c2 import

encrypt.py

import hashlib
import sympy
from Crypto.Util.number import *

flag = 'GWHT{******}'
secret = '******'

assert(len(flag) == 38)

half = len(flag) / 2

flag1 = flag[:half]
flag2 = flag[half:]

secret_num = getPrime(1024) * bytes_to_long(secret)

p = sympy.nextprime(secret_num)
q = sympy.nextprime(p)

N = p * q

e = 0x10001

F1 = bytes_to_long(flag1)
F2 = bytes_to_long(flag2)

c1 = F1 + F2
c2 = pow(F1, 3) + pow(F2, 3)
assert(c2 < N)

m1 = pow(c1, e, N)
m2 = pow(c2, e, N)

output = open('secret', 'w')
output.write('N=' + str(N) + '\n')
output.write('m1=' + str(m1) + '\n')
output.write('m2=' + str(m2) + '\n')
output.close()

scret

N=636585149594574746909030160182690866222909256464847291783000651837227921337237899651287943597773270944384034858925295744880727101606841413640006527614873110651410155893776548737823152943797884729130149758279127430044739254000426610922834573094957082589539445610828279428814524313491262061930512829074466232633130599104490893572093943832740301809630847541592548921200288222432789208650949937638303429456468889100192613859073752923812454212239908948930178355331390933536771065791817643978763045030833712326162883810638120029378337092938662174119747687899484603628344079493556601422498405360731958162719296160584042671057160241284852522913676264596201906163
m1=90009974341452243216986938028371257528604943208941176518717463554774967878152694586469377765296113165659498726012712288670458884373971419842750929287658640266219686646956929872115782173093979742958745121671928568709468526098715927189829600497283118051641107305128852697032053368115181216069626606165503465125725204875578701237789292966211824002761481815276666236869005129138862782476859103086726091860497614883282949955023222414333243193268564781621699870412557822404381213804026685831221430728290755597819259339616650158674713248841654338515199405532003173732520457813901170264713085107077001478083341339002069870585378257051150217511755761491021553239
m2=487443985757405173426628188375657117604235507936967522993257972108872283698305238454465723214226871414276788912058186197039821242912736742824080627680971802511206914394672159240206910735850651999316100014691067295708138639363203596244693995562780286637116394738250774129759021080197323724805414668042318806010652814405078769738548913675466181551005527065309515364950610137206393257148357659666687091662749848560225453826362271704292692847596339533229088038820532086109421158575841077601268713175097874083536249006018948789413238783922845633494023608865256071962856581229890043896939025613600564283391329331452199062858930374565991634191495137939574539546

分析

F1 = bytes_to_long(flag1)、F2 = bytes_to_long(flag2),只需要示到F1和F2就可以得到flag
c1 = F1 + F2、c2 = pow(F1, 3) + pow(F2, 3),将两个等式相加再位移可列出等式,
F1 + F2 - c1 = pow(F1, 3) + pow(F2, 3) - c2
根据scret中的n可分解出p和q,e已知,可以求出d
c = pow(m, d, n),可求出c,所以最终可以求出f

解密脚本

import libnum
from sympy import *
from sympy.abc import a, b, c
import Crypto.Util.number as cun

p = 797862863902421984951231350430312260517773269684958456342860983236184129602390919026048496119757187702076499551310794177917920137646835888862706126924088411570997141257159563952725882214181185531209186972351469946269508511312863779123205322378452194261217016552527754513215520329499967108196968833163329724620251096080377747699
q = 797862863902421984951231350430312260517773269684958456342860983236184129602390919026048496119757187702076499551310794177917920137646835888862706126924088411570997141257159563952725882214181185531209186972351469946269508511312863779123205322378452194261217016552527754513215520329499967108196968833163329724620251096080377748737
e = 0x10001
n=636585149594574746909030160182690866222909256464847291783000651837227921337237899651287943597773270944384034858925295744880727101606841413640006527614873110651410155893776548737823152943797884729130149758279127430044739254000426610922834573094957082589539445610828279428814524313491262061930512829074466232633130599104490893572093943832740301809630847541592548921200288222432789208650949937638303429456468889100192613859073752923812454212239908948930178355331390933536771065791817643978763045030833712326162883810638120029378337092938662174119747687899484603628344079493556601422498405360731958162719296160584042671057160241284852522913676264596201906163
m1=90009974341452243216986938028371257528604943208941176518717463554774967878152694586469377765296113165659498726012712288670458884373971419842750929287658640266219686646956929872115782173093979742958745121671928568709468526098715927189829600497283118051641107305128852697032053368115181216069626606165503465125725204875578701237789292966211824002761481815276666236869005129138862782476859103086726091860497614883282949955023222414333243193268564781621699870412557822404381213804026685831221430728290755597819259339616650158674713248841654338515199405532003173732520457813901170264713085107077001478083341339002069870585378257051150217511755761491021553239
m2=487443985757405173426628188375657117604235507936967522993257972108872283698305238454465723214226871414276788912058186197039821242912736742824080627680971802511206914394672159240206910735850651999316100014691067295708138639363203596244693995562780286637116394738250774129759021080197323724805414668042318806010652814405078769738548913675466181551005527065309515364950610137206393257148357659666687091662749848560225453826362271704292692847596339533229088038820532086109421158575841077601268713175097874083536249006018948789413238783922845633494023608865256071962856581229890043896939025613600564283391329331452199062858930374565991634191495137939574539546

phi_n = (p-1)*(q-1)
d = libnum.invmod(e, phi_n)
c1 = pow(m1, d, n)
c2 = pow(m2, d, n)

# 求f1, f2
res = solve([a + b - c1, pow(a, 3) + pow(b, 3) - c2], [a, b])
# [(1141553212031156130619789508463772513350070909, 1590956290598033029862556611630426044507841845), (1590956290598033029862556611630426044507841845, 1141553212031156130619789508463772513350070909)]

f1 = res[0][1]
f2 = res[0][0]

print(cun.long_to_bytes(f1) + cun.long_to_bytes(f2))

b'GWHT{f709e0e2cfe7e530ca8972959a1033b2}'

标签:F1,F2,pow,Crypto,long,GWCTF,2019,c2,import
From: https://www.cnblogs.com/scarecr0w7/p/17377218.html

相关文章

  • Crypto|[NCTF2019]babyRSA
    task.pyfromCrypto.Util.numberimport*fromflagimportflagdefnextPrime(n):n+=2ifn&1else1whilenotisPrime(n):n+=2returnnp=getPrime(1024)q=nextPrime(p)n=p*qe=0x10001d=inverse(e,(p-1)*(q-1))......
  • Crypto|[AFCTF2018]可怜的RSA
    public.key-----BEGINPUBLICKEY-----MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQMlsYv184kJfRcjeGa7Uc/43pIkU3SevEA7CZXJfA44bUbBYcrf93xphg2uR5HCFM+Eh6qqnybpIKl3g0kGA4rvtcMIJ9/PP8npdpVE+U4Hzf4IcgOaOmJiEWZ4smH7LWudMlOekqFTs2dWKbqzlC59NeMPfu9avxxQ15fQzIjhvc......
  • Reverse|[GXYCTF2019]luck_guy
    ida64打开文件,搜索字符串进入pleaseinputaluckynumber伪代码输入数字进入patch_me(v4);,输入数字为偶数进入get_flag()函数unsigned__int64get_flag(){unsignedintv0;//eaxcharv1;//alsignedinti;//[rsp+4h][rbp-3Ch]signedintj;//[rsp......
  • Web|Buuctf [NCTF2019]SQLi
    直接给出了查询语句select*fromuserswhereusername=''andpasswd=''构造语句查询,发现有过滤fuzz一下,很多参数都被过滤robots协议下发现hint.txt文件hint.txt文件,有被过滤的参数,但是没有过滤"、|和\,并且提示只要密码与admin的密码相同就可以获得flag解题思路无......
  • Reverse|[GWCTF 2019]pyre
    pyc文件反编译uncompyle6-opcat.pyattachment.pycpcat.py#uncompyle6version3.8.0#Pythonbytecode2.7(62211)#Decompiledfrom:Python3.10.6(main,Aug302022,04:58:14)[Clang13.1.6(clang-1316.0.21.2.5)]#Embeddedfilename:encode.py#Compiled......
  • [HDCTF2019]Maze 1
    查壳有壳,脱了进入IDA:会发现我们看不了伪代码,那么看看爆在哪了:这有标红的,那么把这里改了(IDA改的有点麻烦,建议用OD贼快)这里注意哦,报错点上边还有一个jnz跳转指令,这个是指向报错点的,那么要不要改呢?小小的期待一下:接下来演示怎么改,这里注意这个call占了很多个字节,我们只要改一......
  • Unity 2019中对象池的用法
    usingSystem.Collections;usingSystem.Collections.Generic;usingUnityEngine;publicclassExamplePool:MonoBehaviour{privateObjectPool<GameObject>objectPool;publicGameObjectobjectType;publicintpoolSize=10;voidStart()......
  • cryptohack wp day(3)
    第二节模运算----第一题(GCD)在做这道题前,了解下欧几里得算法:欧几里得算法,也叫辗转相除法,用于求解两个非负整数a和b的最大公约数(GreatestCommonDivisor,GCD),即能够同时整除它们的最大正整数。算法的基本思想是,通过不断求解a和b的余数的最大公约数,最终可以得到a和b的最大公约......
  • cryptohack wp day (2)
    接着昨天的题目第五题看题目,一道简单的xor题,就是将“label中每个字符与13进行异或处理”,直接上代码:s="label"result=""foriins:result+=chr(ord(i)^13)print(result)或者按照题目所说,用pwntools库中的xor函数来进行异或操作,具体操作如下:frompwnimportxor......
  • [2019红帽杯]easyRE 1
    查壳:64位,进IDA找主函数:挺长的,慢慢来吧,先找正确的判断输出:涉及到了v11,又涉及到到方法sub_400E44,跟进方法看看:出现位运算,和aAbcdefghijklmn,跟进看看:标准base64编码,那就是说v11是根据v18base64加密了10次得到的,我们再看看,sub_400360的另一个参数off_6CC090,跟进:拿这个去解密......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99