fizzbuzz100
题目代码:
#!/usr/local/bin/python from Crypto.Util.number import * from os import urandom flag = open("flag.txt", "rb").read() flag = bytes_to_long(urandom(16) + flag + urandom(16)) p = getPrime(512) q = getPrime(512) n = p * q e = 0x10001 d = pow(e, -1, (p-1)*(q-1)) assert flag < n ct = pow(flag, e, n) print(f"{n = }") print(f"{e = }") print(f"{ct = }") while True: ct = int(input("> ")) pt = pow(ct, d, n) out = "" if pt == flag: exit(-1) if pt % 3 == 0: out += "Fizz" if pt % 5 == 0: out += "Buzz" if not out: out = pt print(out)
典型的选择密文攻击,由于对解密过后的pt有限制,直接写脚本一直传输各种我们所构造的ct,直到回显数字过来,然后手动解密一下即可
from Crypto.Util.number import * from pwn import * # a=remote("be.ax",31100) # l=a.recv().split(b'=') # print(l) # while True: # X = getPrime(10) # c = int(l[3][:-2]) # n = int(l[1][:-2]) # Y = (c * (X ** 65537)) % n # a.sendline(str(Y).encode()) # print(X) # print(Y) # print(a.recvline()) n=109235908866342288271346584662343329621605469702598068759472999551170947232996590557964241534101853321789427925631360625471407190264507981047481840604577029503316535875248549400561470650694604159439358769594819721166974367763712018514398742922521556119264931745691626361879268890616276343169833999231861189833 c=54154300348903111005066683187322110240325256042602814495907789220256344603932965149221705493685749178531643137134769583336652306519327753298004337131622195496840709892914894693840688844013339917136532406319553405215428628337555863105880457193242611315359206147315741465280238895273742546724024586290588394695 w=907 y=26641182241400186140764833732531788410188640530460941989584702007887972922089308897736657230632495490138397006968382235153358170724154868714588801750507397028728784901215019435825808542306682388514239090900283743849756631160550184102438364341973285800800919002105937122573558829974207210810107339187277577768 ct=1617872921486161438959529626097492037660629295223293116750255222467849722125817349217082369174984216697864465452996697846569528891027592080706141175012700498085383500035413467709314885420625836615662777908956038879208002465859460678671983566645413919704836898065353721740490145081034 flag=ct*inverse(w,n)%n print(long_to_bytes(flag)) #corctf{h4ng_0n_th15_1s_3v3n_34s13r_th4n_4n_LSB_0r4cl3...4nyw4y_1snt_f1zzbuzz_s0_fun}
eyes
题目代码:
from Crypto.Util.number import bytes_to_long, getPrime # my NEW and IMPROVED secret sharing scheme!! (now with multivariate quadratics) with open('flag.txt', 'rb') as f: flag = f.read() s = bytes_to_long(flag) p = getPrime(len(bin(s))) print(p) F = GF(p) N = 1024 conv = lambda n: matrix(F, N, 1, [int(i) for i in list(bin(n)[2:][::-1].ljust(N, '0'))]) A = random_matrix(F, N, N) for i in range(0, N): for j in range(0, i): A[i, j] = 0 B = random_matrix(F, N, 1) C = matrix(F, [F(s)]) fn = lambda x: (x.T * A * x + B.T * x + C)[0][0] L = [] for i in range(7): L.append(fn(conv(i + 1))) print(L)
这个题目看起来很复杂,其实实质很简单,通过观察conv矩阵可以发现可以将每一次计算出的L用A,B,C里面的元素表达出来,具体表达如下:
通过等式变形可以得到:c=(L[6]-(L[2]+L[4]+L[5]-2*(L[0]+L[1]+L[3]))-(L[0]+L[1]+L[3]))%p
我们便可以轻松求出flag了
from Crypto.Util.number import * p=1873089703968291141600166892623234932796169766648225659075834963115683566265697596115468506218441065194050127470898727249982614285036691594726454694776985338487833409983284911305295748861807972501521427415609 L=[676465814304447223312460173335785175339355609820794166139539526721603814168727462048669021831468838980965201045011875121145342768742089543742283566458551844396184709048082643767027680757582782665648386615861, 1472349801957960100239689272370938102886275962984822725248081998254467608384820156734807260120564701715826694945455282899948399224421878450502219353392390325275413701941852603483746312758400819570786735148132, 202899433056324646894243296394578497549806047448163960638380135868871336000334692955799247243847240605199996942959637958157086977051654225700427599193002536157848015527462060033852150223217790081847181896018, 1065982806799890615990995824412253076607488063240855100580513221962298598002468338823225586171107539104635808108356492123167315175110515086192932230998426512947581115358738651206273178867911944034690138825583, 1676559204037482856674710667663849447914859348633288513196735253002541076530170853584406282605482862202276451646974549657672382936948091649764874334064431407644457518190694888175499630744741620199798070517691, 13296702617103868305327606065418801283865859601297413732594674163308176836719888973529318346255955107009306239107173490429718438658382402463122134690438425351000654335078321056270428073071958155536800755626, 1049859675181292817835885218912868452922769382959555558223657616187915018968273717037070599055754118224873924325840103339766227919051395742409319557746066672267640510787473574362058147262440814677327567134194] F = GF(p) N = 1024 conv = lambda n: matrix(F, N, 1, [int(i) for i in list(bin(n)[2:][::-1].ljust(N, '0'))]) c=(L[6]-(L[2]+L[4]+L[5]-2*(L[0]+L[1]+L[3]))-(L[0]+L[1]+L[3]))%p print(long_to_bytes(c)) #corctf{mind your ones and zeroes because zero squared is zero and one squared is one}
cbc
题目代码:
import random def random_alphastring(size): return "".join(random.choices(alphabet, k=size)) def add_key(key, block): ct_idxs = [(k_a + pt_a) % len(alphabet) for k_a, pt_a in zip([alphabet.index(k) for k in key], [alphabet.index(pt) for pt in block])] return "".join([alphabet[idx] for idx in ct_idxs]) def cbc(key, plaintext): klen = len(key) plaintext = pad(klen, plaintext) iv = random_alphastring(klen) blocks = [plaintext[i:i+klen] for i in range(0, len(plaintext), klen)] prev_block = iv ciphertext = "" for block in blocks: block = add_key(prev_block, block) prev_block = add_key(key, block) ciphertext += prev_block return iv, ciphertext def pad(block_size, plaintext): plaintext += "X" * (-len(plaintext) % block_size) return plaintext alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" bs = 16 message = open("message.txt").read().upper() message = "".join([char for char in message if char in alphabet]) flag = open("flag.txt").read() flag = flag.lstrip("corctf{").rstrip("}") message += flag assert all([char in alphabet for char in message]) key = random_alphastring(bs) iv, ct = cbc(key, pad(bs, message)) print(f"{iv = }") print(f"{ct = }")
很有趣的一个题目,我们可以先用ct-iv这样可以获得pt+key,由于key不知道,但是我们可以把pt+key当作维吉尼亚加密过后的密文,由于文本长度很长,直接使用在线工具对其分析就可以还原出flag:https://www.guballa.de/vigenere-solver
iv = 'RLNZXWHLULXRLTNP' ct = 'ZQTJIHLVWMPBYIFRQBUBUESOOVCJHXXLXDKPBQCUXWGJDHJPQTHXFQIQMBXNVOIPJBRHJQOMBMNJSYCRAHQBPBSMMJWJKTPRAUYZVZTHKTPUAPGAIJPMZZZDZYGDTKFLWAQTSKASXNDRRQQDJVBREUXFULWGNSIINOYULFXLDNMGWWVSCEIORQESVPFNMWZKPIYMYVFHTSRDJWQBTWHCURSBPUKKPWIGXERMPXCHSZKYMFLPIAHKTXOROOJHUCSGINWYEILFIZUSNRVRBHVCJPVPSEGUSYOAMXKSUKSWSOJTYYCMEHEUNPJAYXXJWESEWNSCXBPCCIZNGOVFRTGKYHVSZYFNRDOVPNWEDDJYITHJUBVMWDNNNZCLIPOSFLNDDWYXMYVCEOHZSNDUXPIBKUJIJEYOETXWOJNFQAHQOVTRRXDCGHSYNDYMYWVGKCCYOBDTZZEQQEFGSPJJIAAWVDXFGPJKQJCZMTPMFZDVRMEGMPUEMOUVGJXXBRFCCCRVTUXYTTORMSQBLZUEHLYRNJAAIVCRFSHLLPOANFKGRWBYVSOBLCTDAUDVMMHYSYCDZTBXTDARWRTAFTCVSDRVEENLHOHWBOPYLMSDVOZRLENWEKGAWWCNLOKMKFWWAZJJPFDSVUJFCODFYIMZNZTMAFJHNLNMRMLQRTJJXJCLMQZMOFOGFPXBUTOBXUCWMORVUIIXELTVIYBLPEKKOXYUBNQONZLPMGWMGRZXNNJBUWBEFNVXUIAEGYKQSLYSDTGWODRMDBHKCJVWBNJFTNHEWGOZFEZMTRBLHCMHIFLDLORMVMOOHGXJQIIYHZFMROGUUOMXBTFMKERCTYXFIHVNFWWIUFTGLCKPJRFDRWDXIKLJJLNTWNQIOFWSIUQXMFFVIIUCDEDFEJNLKLQBALRKEYWSHESUJJXSHYWNRNPXCFUEFRJKSIGXHFTKNJXSYVITDOGYIKGJIOOHUFILWYRBTCQPRPNOKFKROTFZNOCZXZEYUNWJZDPJDGIZLWBBDGZJNRQRPFFGOTGFBACCRKLAPFLOGVYFXVIIJMBBMXWJGLPOQQHMNBCINRGZRBVSMLKOAFGYRUDOPCCULRBE' alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" bs = 16 import random def random_alphastring(size): return "".join(random.choices(alphabet, k=size)) def add_key(key, block): ct_idxs = [(k_a + pt_a) % len(alphabet) for k_a, pt_a in zip([alphabet.index(k) for k in key], [alphabet.index(pt) for pt in block])] return "".join([alphabet[idx] for idx in ct_idxs]) def sub_key(key, block): ct_idxs = [(pt_a - k_a) % len(alphabet) for k_a, pt_a in zip([alphabet.index(k) for k in key], [alphabet.index(pt) for pt in block])] return "".join([alphabet[idx] for idx in ct_idxs]) def cbc(key, plaintext): klen = len(key) plaintext = pad(klen, plaintext) iv = random_alphastring(klen) blocks = [plaintext[i:i + klen] for i in range(0, len(plaintext), klen)] prev_block = iv ciphertext = "" for block in blocks: block = add_key(prev_block, block) prev_block = add_key(key, block) ciphertext += prev_block return iv, ciphertext def decode(key, ciphertext): klen = len(key) blocks = [ciphertext[i:i + klen] for i in range(0, len(ciphertext), klen)] plaintext = "" for block in blocks: block = sub_key(key, block) plaintext += block return plaintext def pad(block_size, plaintext): plaintext += "X" * (-len(plaintext) % block_size) return plaintext blocks = [ct[i:i + bs] for i in range(0, len(ct), bs)] ct_noiv = "" prev_block = iv for block in blocks: sblock = sub_key(prev_block, block) ct_noiv += sblock prev_block = block print(ct_noiv) #IDJUSTLIKETOINTERJECTFORAMOMENTWHATYOUREREFERINGTOASLINUXISINFACTGNULINUXORASIVERECENTLYTAKENTOCALLINGITGNUPLUSLINUXLINUXISNOTANOPERATINGSYSTEMUNTOITSELFBUTRATHERANOTHERFREECOMPONENTOFAFULLYFUNCTIONINGGNUSYSTEMMADEUSEFULBYTHEGNUCORELIBSSHELLUTILITIESANDVITALSYSTEMCOMPONENTSCOMPRISINGAFULLOSASDEFINEDBYPOSIXMANYCOMPUTERUSERSRUNAMODIFIEDVERSIONOFTHEGNUSYSTEMEVERYDAYWITHOUTREALIZINGITTHROUGHAPECULIARTURNOFEVENTSTHEVERSIONOFGNUWHICHISWIDELYUSEDTODAYISOFTENCALLEDLINUXANDMANYOFITSUSERSARENOTAWARETHATITISBASICALLYTHEGNUSYSTEMDEVELOPEDBYTHEGNUPROJECTTHEREREALLYISALINUXANDTHESEPEOPLEAREUSINGITBUTITISJUSTAPARTOFTHESYSTEMTHEYUSELINUXISTHEKERNELTHEPROGRAMINTHESYSTEMTHATALLOCATESTHEMACHINESRESOURCESTOTHEOTHERPROGRAMSTHATYOURUNTHEKERNELISANESSENTIALPARTOFANOPERATINGSYSTEMBUTUSELESSBYITSELFITCANONLYFUNCTIONINTHECONTEXTOFACOMPLETEOPERATINGSYSTEMLINUXISNORMALLYUSEDINCOMBINATIONWITHTHEGNUOPERATINGSYSTEMTHEWHOLESYSTEMISBASICALLYGNUWITHLINUXADDEDORGNULINUXALLTHESOCALLEDLINUXDISTRIBUTIONSAREREALLYDISTRIBUTIONSOFGNULINUXANYWAYHERECOMESTHEFLAGITSEVERYTHINGAFTERTHISATLEASTITSNOTAGENERICROTTHIRTEENCHALLENGEIGUESS #corctf{ATLEASTITSNOTAGENERICROTTHIRTEENCHALLENGEIGUESS}
后面的题目会逐渐复现的,大家可以期待一波!
标签:pt,plaintext,flag,key,corctf2023,block,ct From: https://www.cnblogs.com/Sone070805/p/17594145.html