首页 > 其他分享 >[MRCTF2020]Easy_RSA

[MRCTF2020]Easy_RSA

时间:2024-02-17 14:44:45浏览次数:33  
标签:qq pp factor2 RSA value solved Easy print MRCTF2020

[MRCTF2020]Easy_RSA

首先,RSA计算的5个基本公式
n=pq
φ(n)=(p-1)
(q-1) 求φ(n)
e*d mod φ(n) =1 求e d其中之一
c=m^e mod n 加密
m=c^d mod n 解密

题目:

import sympy
from gmpy2 import gcd, invert
from random import randint
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
import base64

from zlib import *
flag = b"MRCTF{XXXX}"
base = 65537

def gen_prime(N):
    A = 0
    while 1:
        A = getPrime(N)
        if A % 8 == 5:
            break
    return A

def gen_p():
    p = getPrime(1024)
    q = getPrime(1024)
    assert (p < q)
    n = p * q
    print("P_n = ", n)
    F_n = (p - 1) * (q - 1)
    print("P_F_n = ", F_n)
    factor2 = 2021 * p + 2020 * q
    if factor2 < 0:
        factor2 = (-1) * factor2
    return sympy.nextprime(factor2)


def gen_q():
    p = getPrime(1024)
    q = getPrime(1024)
    assert (p < q)
    n = p * q
    print("Q_n = ", n)
    e = getRandomNBitInteger(53)
    F_n = (p - 1) * (q - 1)
    while gcd(e, F_n) != 1:
        e = getRandomNBitInteger(53)
    d = invert(e, F_n)
    print("Q_E_D = ", e * d)
    factor2 = 2021 * p - 2020 * q
    if factor2 < 0:
        factor2 = (-1) * factor2
    return sympy.nextprime(factor2)


if __name__ == "__main__":
    _E = base
    _P = gen_p()
    _Q = gen_q()
    assert (gcd(_E, (_P - 1) * (_Q - 1)) == 1)
    _M = bytes_to_long(flag)
    _C = pow(_M, _E, _P * _Q)
    print("Ciphertext = ", _C)
'''
P_n =  14057332139537395701238463644827948204030576528558543283405966933509944444681257521108769303999679955371474546213196051386802936343092965202519504111238572269823072199039812208100301939365080328518578704076769147484922508482686658959347725753762078590928561862163337382463252361958145933210306431342748775024336556028267742021320891681762543660468484018686865891073110757394154024833552558863671537491089957038648328973790692356014778420333896705595252711514117478072828880198506187667924020260600124717243067420876363980538994101929437978668709128652587073901337310278665778299513763593234951137512120572797739181693
P_F_n =  14057332139537395701238463644827948204030576528558543283405966933509944444681257521108769303999679955371474546213196051386802936343092965202519504111238572269823072199039812208100301939365080328518578704076769147484922508482686658959347725753762078590928561862163337382463252361958145933210306431342748775024099427363967321110127562039879018616082926935567951378185280882426903064598376668106616694623540074057210432790309571018778281723710994930151635857933293394780142192586806292968028305922173313521186946635709194350912242693822450297748434301924950358561859804256788098033426537956252964976682327991427626735740
Q_n =  20714298338160449749545360743688018842877274054540852096459485283936802341271363766157976112525034004319938054034934880860956966585051684483662535780621673316774842614701726445870630109196016676725183412879870463432277629916669130494040403733295593655306104176367902352484367520262917943100467697540593925707162162616635533550262718808746254599456286578409187895171015796991910123804529825519519278388910483133813330902530160448972926096083990208243274548561238253002789474920730760001104048093295680593033327818821255300893423412192265814418546134015557579236219461780344469127987669565138930308525189944897421753947
Q_E_D =  100772079222298134586116156850742817855408127716962891929259868746672572602333918958075582671752493618259518286336122772703330183037221105058298653490794337885098499073583821832532798309513538383175233429533467348390389323225198805294950484802068148590902907221150968539067980432831310376368202773212266320112670699737501054831646286585142281419237572222713975646843555024731855688573834108711874406149540078253774349708158063055754932812675786123700768288048445326199880983717504538825498103789304873682191053050366806825802602658674268440844577955499368404019114913934477160428428662847012289516655310680119638600315228284298935201
Ciphertext =  40855937355228438525361161524441274634175356845950884889338630813182607485910094677909779126550263304194796000904384775495000943424070396334435810126536165332565417336797036611773382728344687175253081047586602838685027428292621557914514629024324794275772522013126464926990620140406412999485728750385876868115091735425577555027394033416643032644774339644654011686716639760512353355719065795222201167219831780961308225780478482467294410828543488412258764446494815238766185728454416691898859462532083437213793104823759147317613637881419787581920745151430394526712790608442960106537539121880514269830696341737507717448946962021
'''

求P:

n=pq
φ(n)=(p-1)
(q-1)

联立这两个式子,将n=P_n, φ(n)=P_F_n带入,使用sympy可求解:

def get_p():

    pp = Symbol('pp',integer=True)
    qq =  Symbol('qq',integer=True)
    solved_value = solve([pp* qq -P_n  , (pp-1)* (qq-1) -P_F_n], [pp, qq])
    # # int(solved_value[0][0])
    # print(solved_value[0][0])
    # print(solved_value[0][1])
    ppp = int(min([solved_value[0][0],solved_value[0][1]]))
    qqq = int(max([solved_value[0][0],solved_value[0][1]]))
    # print(ppp)
    # print(qqq)
    factor2 = 2021 * ppp + 2020 * qqq
    if factor2 < 0:
        factor2 = (-1) * factor2
    return sympy.nextprime(factor2)

并按照源码使用的方法生成P

求Q:

与求P不同:此处无φ(n),只有Q_E_D,

根据e*d mod φ(n) =1 来求φ(n)

首先:

φ(n)=(p-1)*(q-1)

e*d = kφ(n) +1=k(pq -p -q +1) +1 ==> k = (e * d -1)/(pq - p - q +1)

k值无法确定,上式难以求解。

p,q均为大质数,并且1<< p < q, 那么:

(pq - p - q +1) ≈( p-2)q≈ pq

k = (e * d -1)/(pq - p - q +1) ≈ (Q_E_D -1)/Q_n

由于分母放大,所求k值略小: k = ((Q_E_D-1)//Q_n)+1

则可求解Q:

def get_q():

    pp = Symbol('pp',integer=True)
    qq =  Symbol('qq',integer=True)
    k = ((Q_E_D-1)//Q_n)+1
    solved_value = solve([pp* qq -Q_n  , k*(pp-1)* (qq-1) -Q_E_D+1], [pp, qq])
    ppp = int(min([solved_value[0][0],solved_value[0][1]]))
    qqq = int(max([solved_value[0][0],solved_value[0][1]]))
    # print(ppp)
    # print(qqq)
    factor2 =  2021 * ppp - 2020 * qqq
    if factor2 < 0:
        factor2 = (-1) * factor2
    return sympy.nextprime(factor2)
    # print(solved_value)    

完整的write up :

import sympy 
from gmpy2 import gcd, invert
from random import randint
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
import base64
from sympy import *

from zlib import *
# flag = b"MRCTF{XXXX}"
flag = ''
base = 65537
P_n =  14057332139537395701238463644827948204030576528558543283405966933509944444681257521108769303999679955371474546213196051386802936343092965202519504111238572269823072199039812208100301939365080328518578704076769147484922508482686658959347725753762078590928561862163337382463252361958145933210306431342748775024336556028267742021320891681762543660468484018686865891073110757394154024833552558863671537491089957038648328973790692356014778420333896705595252711514117478072828880198506187667924020260600124717243067420876363980538994101929437978668709128652587073901337310278665778299513763593234951137512120572797739181693
P_F_n =  14057332139537395701238463644827948204030576528558543283405966933509944444681257521108769303999679955371474546213196051386802936343092965202519504111238572269823072199039812208100301939365080328518578704076769147484922508482686658959347725753762078590928561862163337382463252361958145933210306431342748775024099427363967321110127562039879018616082926935567951378185280882426903064598376668106616694623540074057210432790309571018778281723710994930151635857933293394780142192586806292968028305922173313521186946635709194350912242693822450297748434301924950358561859804256788098033426537956252964976682327991427626735740
Q_n =  20714298338160449749545360743688018842877274054540852096459485283936802341271363766157976112525034004319938054034934880860956966585051684483662535780621673316774842614701726445870630109196016676725183412879870463432277629916669130494040403733295593655306104176367902352484367520262917943100467697540593925707162162616635533550262718808746254599456286578409187895171015796991910123804529825519519278388910483133813330902530160448972926096083990208243274548561238253002789474920730760001104048093295680593033327818821255300893423412192265814418546134015557579236219461780344469127987669565138930308525189944897421753947
Q_E_D =  100772079222298134586116156850742817855408127716962891929259868746672572602333918958075582671752493618259518286336122772703330183037221105058298653490794337885098499073583821832532798309513538383175233429533467348390389323225198805294950484802068148590902907221150968539067980432831310376368202773212266320112670699737501054831646286585142281419237572222713975646843555024731855688573834108711874406149540078253774349708158063055754932812675786123700768288048445326199880983717504538825498103789304873682191053050366806825802602658674268440844577955499368404019114913934477160428428662847012289516655310680119638600315228284298935201
Ciphertext =  40855937355228438525361161524441274634175356845950884889338630813182607485910094677909779126550263304194796000904384775495000943424070396334435810126536165332565417336797036611773382728344687175253081047586602838685027428292621557914514629024324794275772522013126464926990620140406412999485728750385876868115091735425577555027394033416643032644774339644654011686716639760512353355719065795222201167219831780961308225780478482467294410828543488412258764446494815238766185728454416691898859462532083437213793104823759147317613637881419787581920745151430394526712790608442960106537539121880514269830696341737507717448946962021



def get_p():

    pp = Symbol('pp',integer=True)
    qq =  Symbol('qq',integer=True)
    solved_value = solve([pp* qq -P_n  , (pp-1)* (qq-1) -P_F_n], [pp, qq])
    # # int(solved_value[0][0])
    # print(solved_value[0][0])
    # print(solved_value[0][1])
    ppp = int(min([solved_value[0][0],solved_value[0][1]]))
    qqq = int(max([solved_value[0][0],solved_value[0][1]]))
    # print(ppp)
    # print(qqq)
    factor2 = 2021 * ppp + 2020 * qqq
    if factor2 < 0:
        factor2 = (-1) * factor2
    return sympy.nextprime(factor2)


def get_q():

    pp = Symbol('pp',integer=True)
    qq =  Symbol('qq',integer=True)
    k = ((Q_E_D-1)//Q_n)+1
  
    solved_value = solve([pp* qq -Q_n  , k*(pp-1)* (qq-1) -Q_E_D+1], [pp, qq])
    # print(solved_value[0][0])
    # print(solved_value[0][1])
    ppp = int(min([solved_value[0][0],solved_value[0][1]]))
    qqq = int(max([solved_value[0][0],solved_value[0][1]]))
    # print(ppp)
    # print(qqq)
    factor2 =  2021 * ppp - 2020 * qqq
    if factor2 < 0:
        factor2 = (-1) * factor2
    return sympy.nextprime(factor2)
    # print(solved_value)
    
if __name__ == "__main__":
    _E = base

    solved_p =get_p()

    # print("solved_p: {}".format(solved_p))

    # print("**************")
    k = (Q_E_D-1)//Q_n
    
    solved_q =get_q()

    # print("solved_q: {}".format(solved_q))

    NNN =solved_p * solved_q
    F_nnn = (solved_p - 1) * (solved_q - 1)
    assert (gcd(_E,  F_nnn ) == 1)
    ddd = invert(_E, F_nnn)

    flag = pow(Ciphertext, int(ddd), NNN)
    print("flag = ", long_to_bytes(flag))


flag = b'MRCTF{Ju3t_@_31mp13_que3t10n}'

标签:qq,pp,factor2,RSA,value,solved,Easy,print,MRCTF2020
From: https://www.cnblogs.com/SSRtiger/p/18017962

相关文章

  • 创新技巧|迁移到 Google Analytics 4 时如何保存历史 Universal Analytics 数据
    GoogleUniversalAnalytics从2023年7月起停止收集数据(除了付费GA360之外)。它被GoogleAnalytics4取代。为此,不少用户疑惑:是否可以将累积(历史)数据从GoogleAnalyticsUniversal传输到GoogleAnalytics4?您无法将数据传输到新的GA4界面。但您可以将数据保存在Goog......
  • HackTheBox - Codify [easy]
    打这台靶机时及其古怪。总是莫名其妙断开连接,请求没有响应。提交时表示flag错误等问题访问80端口的web服务,发现使用nodjs和vm2库。搜索到vm2漏洞:SandboxBypassinvm2|CVE-2023-32314|Snyk 可远程执行代码查看当前用户,可登录使用ssh登录,使用linpeas.sh等工具枚举,发......
  • [NISACTF 2022]easyssrf
    先按照最简单的试试 那就试试/fl4g,需要使用file伪协议进行文件读取,然后得到新的提示 进入新的目录 直接构造路劲进行flag的读取 也可以利用别的伪协议url?file=php://filter/read=convert.base64-encode/resource=/flag  ......
  • 利用RSA加密打造强大License验证,确保软件正版合法运行
     概述:C#软件开发中,License扮演着确保软件合法使用的重要角色。采用RSA非对称加密方案,服务端生成带签名的License,客户端验证其有效性,从而实现对软件的授权与安全保障。License应用场景:License(许可证)在C#软件开发中被广泛应用,以确保软件在合法授权的环境中运行。常见场景包括......
  • 小白也行的:Easy OCR做一款免费的图片转文字
    \text{EasyOCR}支持超过$80$种语言的识别,包括英语、中文(简繁)、阿拉伯文、日文等,并且该库在不断更新中,未来会支持更多的语言。像市面上所有的图片识别都用的是$\text{OCR}$,如微信,百度。个人推荐软件:微信,网站https://web.baimiaoapp.com,该网站识别准确率是真的高,且收费也很人性......
  • C1. Good Subarrays (Easy Version)
    找子数组的个数双指针#include<bits/stdc++.h>#defineintlonglongusingnamespacestd;constintN=2e5+10;inta[N];voidsolve(){ intn; cin>>n; for(inti=1;i<=n;i++)cin>>a[i]; intl=1,r=1; intans=0; while(l<=r){ if(l>n||r>......
  • [MRCTF2020]Hello_ misc
    [MRCTF2020]Hello_misc压缩包里有1个压缩包和png图片压缩包有密码,先对图片进行解析发现红色通道里还藏有一张图片得到zip压缩包密码:!@#$%67*()-+这个密码是图片中藏着的压缩包的密码,输入后打开里面有一个out.txt文件12725563191127191631271272556319163......
  • 【国产化】禁止使用不安全的密码算法:DES、RC2,RSA(1024位及以下),MD5,SHA1
    一、引言随着互联网的普及和技术的发展,网络安全问题日益严重。密码算法作为网络安全的基石,其安全性直接关系到用户数据的安全。一些不安全的密码算法不断被曝光,给用户带来了极大的安全隐患。二、不安全的密码算法1.DESDES(DataEncryptionStandard)是一种对称加密算法,自1977年......
  • springboot集成easypoi导出多sheet页
    pom文件<dependency> <groupId>cn.afterturn</groupId> <artifactId>easypoi-base</artifactId> <version>4.1.0</version></dependency>导出模板:编辑后端代码示例:/***导出加油卡进便利店大额审批列表*@throwsIOException......
  • 关于easyExcel解析未添加@ExcelProperty报错问题分析
    在一次做辅料商品导出列表的需求,并且上线之后发现,怎么商品列表的导出没有反应,一看日志,发现报错了:这里新加了两个字段用于做转换使用。因为之前很少用easyExcel,所以以为只要不加@ExcelProperty,easyExcel就不会去解析字段,没想到easyExcel还是去做了解析。源码分析通过上面的......