2023Ciscn初赛WriteUp

基于国密SM2算法的密钥密文分发

SM2 密钥在线生成工具 (const.net.cn)生成密钥，发送公钥

allkey接口返回服务器端pubkey明文，privatekey密文以及randomString密文

search接口可以直接拿到randomstring明文也就是C

用C作为密钥用SM4_CBC解密privatekey

quantum拿密文，用上面解出的privatekey解出明文，然后check通过

可信度量

传统艺能非预期：grep -ra “flag{” / 2>/dev/null

Sign_in_passwd

一共两行，第一行base64密文，用第二行URLdecode后作为base64换表，解出flag

BB84

exp：

f = open('info.csv', 'r')
l0 = [int(i) for i in f.readline().split(',')[1:]]
l1 = [int(i) for i in f.readline().split(',')[1:]]
l2 = [int(i) for i in f.readline().split(',')[1:]]
l3 = [int(i) for i in f.readline().split(',')[1:]]
l4 = [int(i) for i in f.readline().split(',')[1:]]
k = ''
for i in range(3000):
	if l1[i] + l2[i] + l3[i] + l4[i] == 1:
		if (l0[i] == 1 or l0[i] == 2) and (l1[i] != 1 and l2[i] != 1):
			continue
		elif (l0[i] == 3 or l0[i] == 4) and (l3[i] != 1 and l4[i] != 1):
			continue
		elif l0[i] == 1 or l0[i] == 3:
			k += '0'
		elif l0[i] == 2 or l0[i] == 4:
			k += '1'
		else:
			exit(0)

print(k)
m = len(k)
print(len(k))
a = 1709
b = 2003
x = 17
k1 = ''
for i in range(336):
	k1 += k[x]
	x = (x*a+b)%m
print(k1)
k1 = int(k1,2)
print(k1)
c = 
m = k1^c
from Crypto.Util.number import *
print(long_to_bytes(m))

badKey1

定位到唯一有可能会出问题的代码：

if Integer(n).gcd(d) != 1:
	raise ValueError("RSA private exponent is not coprime to modulus")
# Modulus must be product of 2 primes

考虑使\(d=k_1*p\)

\(e*d=k_2(p-1)(q-1)+1\)

\(ek_1p=k_2(p-1)(q-1)+1\)

可得\(p*[(q-1)*k_2-k_1*e]=(q-1)*k_2-1\)

对上式模e可得 \((q-1)*k_2-1 \equiv p*(q-1)*k_2 \pmod{e}\)

exp：

e = 65537
while True:
    q = getPrime(512)
    for k2 in range(e):
        x = (q-1)*k2
        x %= e
        if x == 0:
            continue
        if ((q-1)*k2-1) % x == 0:
            p = ((q-1)*k2-1)//x
            if isPrime(p) and p.bit_length()==512:
                print(p,q)
                break