自己本次比赛负责reverse,misc,crypto方向,web和pwn就不写了
Misc
FindYourWindows
告诉了key文件,应该是磁盘类的题,用veracrypt解决
提示桌面有问题,改成zip文件看看
BuildCTF{I2t_s0_e5sy!!!}
四妹?还是萍萍呢?
from PIL import Image
import qrcode
def stitch_images(image_paths, output_path):
images = [Image.open(path) for path in image_paths]
width, height = images[0].size
stitched_image = Image.new('RGB', (width * 3, height * 3))
for index, image in enumerate(images):
x = index % 3 * width
y = index // 3 * height
stitched_image.paste(image, (x, y))
stitched_image.save(output_path)
print(f"拼接后的图像保存为: {output_path}")
def generate_qr_code(data, qr_output_path):
qr = qrcode.make(data)
qr.save(qr_output_path)
print(f"二维码保存为: {qr_output_path}")
def main():
image_paths = [
'h.png', 'g.png', 'a.png',
'e.png', 'c.png', 'f.png',
'b.png', 'i.png', 'd.png'
]
stitched_image_path = 'flag.png'
stitch_images(image_paths, stitched_image_path)
if __name__ == "__main__":
main()
拼凑二维码
需要恢复的内容应该在png里,看一下
有zip但是直接分离不了,直接提取,修补zip头
得到压缩包,需要密码
base64解密得到图片
修改高度
BuildCTF{PNG_@nd_H31Sh3nHu@}
食不食油饼
来吧b神小工具搜哈一下
我是一名种植草莓的农户,因为要控制泥土的PH值在合理区间,所以草莓产量一直上不去。直到我看见了一个哥哥打篮球把土和泥配成最好的状态,使得栽在泥上的草莓产量上去了。我把哥哥教我的过程写成一部记录文,叫《记泥态莓》。
我把密码记录在了这段话中,希望你可以找到可以破解鸽鸽的密码哦,可恶,真实可恶,究竟是什么隐写?
零宽,但是有点奇怪
base64解密key:7gkjT!opo
lsb没有结果,猜测是FFT
8GMdP3
打开flag.zip:IJ2WS3DEINKEM62XMF2DG4SNMFZGWXZRONPVGMC7MVQVG6L5
BuildCTF{Wat3rMark_1s_S0_eaSy}
Black&White
from PIL import Image
from Crypto.Util.number import long_to_bytes
bin_str = ''
height_data = '' # 初始化 height_data
path = r"taich1"
for i in range(0, 1089):
image_path = path + f"\{i}.jpg"
image = Image.open(image_path)
height = image.size[1]
height_data += chr(int(str(height), 8))
# 获取(0, 0)位置的像素
pixel = image.getpixel((0, 0))
# print(pixel)
# 判断像素颜色
if pixel == 0: # 黑色
bin_str += '1'
elif pixel == 255: # 白色
bin_str += '0'
print(bin_str)
print(len(bin_str))
print(long_to_bytes(int(bin_str,2)).decode('utf-8'))
扫码得到字符串,base45解码
BuildCTF{Tich1?pAnDa?_HahA_U_w1n}
我太喜欢亢金星君了!
.gif帧率分解
黑色去掉,白色分号,亢金星君-,女的.
摩斯密码解密
BuildCTF{BUILDCTFW41COM4_N4W_F1SH}
Guesscoin
100不对,全赌0很快就完了
EZ_ZIP
另保存为zip,是一个多层嵌套解压,随波逐流就可以完成,不过每次有上线,多进行几次就好
BuildCTF{Z1p_p@ck@g3s_@r3_@_v3ry_1n73r3s7ing_thing}
what is this?
0110001101100011011000110010110001110000011100000111000001110000011100000010110001100011011000110111000001110000011000110111000000101100011100000010110001100011011000110110001101100011001011000110001101110000011100000111000001110000001011000110001101100011011000110010110001100011011000110111000001110000011000110111000000101100011000110111000001110000011100000111000000101100011000110110001101100011011000110110001100101100011000110110001101110000011100000110001101110000001011000111000001110000001011000111000001110000011100000111000001110000001011000110001101110000011000110010110001100011011000110110001101100011011000110010110001100011001011000110001101100011011100000111000001100011011100000010110001110000011000110111000001100011001011000111000001110000011100000111000001110000001011000111000001100011011000110010110001100011001011000110001101100011011100000111000001100011011100000010110001110000011000110111000001100011011100000111000000101100011100000110001101110000011000110111000001110000
二进制转字符
ccc,ppppp,ccppcp,p,cccc,cpppp,ccc,ccppcp,cpppp,ccccc,ccppcp,pp,ppppp,cpc,ccccc,c,ccppcp,pcpc,ppppp,pcc,c,ccppcp,pcpcpp,pcpcpp
摩斯
BuildCTF{S0_TH1S_15_M0R5E_C0DE_!!}
别真给我开盒了哥
距离比较近津霸客运专线,都是一下,是一个分段名字,津保铁路
Build{津保铁路}
一念愚即般若绝,一念智即般若生
随波逐流梭哈:
阴阳怪气解密
佛曰解密
天书曰解密
base58
老色批
lsb隐写
base64解密
如果再来一次,还会选择我吗?
010打开发现两两交换
def swap_pairs(hex_string):
byte_pairs = hex_string.split()
swapped_pairs = []
for i in range(0, len(byte_pairs), 2):
if i + 1 < len(byte_pairs):
swapped_pairs.append(byte_pairs[i + 1])
swapped_pairs.append(byte_pairs[i]
else:
swapped_pairs.append(byte_pairs[i])
swapped_string = ' '.join(swapped_pairs)
return swapped_string
def png_to_hex_string(file_path):
with open(file_path, 'rb') as f:
binary_data = f.read()
hex_string = binary_data.hex()
hex_string = ' '.join([hex_string[i:i+2] for i in range(0, len(hex_string), 2)])
return hex_string
def hex_string_to_binary(hex_string):
hex_string = hex_string.replace(' ', '')
return bytes.fromhex(hex_string)
def save_binary_to_png(binary_data, output_file_path):
with open(output_file_path, 'wb') as f:
f.write(binary_data)
input_file_path = "enc.png"
output_file_path = "key.png"
hex_string = png_to_hex_string(input_file_path)
swapped_hex_string = swap_pairs(hex_string)
swapped_binary_data = hex_string_to_binary(swapped_hex_string)
save_binary_to_png(swapped_binary_data, output_file_path)
print(f"Swapped image saved as: {output_file_path}")
ps拉伸条形码
得到:key:wo_bu_shi_xiao_hei_zi!!!
一堆base64解密:
四妹,你听我解释--一血
010文件末尾
自由文明法治平等公正敬业公正友善公正公正自由自由和谐平等自由自由公正法治友善平等公正诚信文明公正民主公正诚信平等平等诚信平等法治和谐公正平等平等友善敬业法治富强和谐民主法治诚信和谐
修改高
自由文明法治平等公正敬业公正友善公正公正自由自由和谐平等自由自由公正法治友善平等公正诚信文明公正民主公正诚信平等平等诚信平等法治和谐公正平等平等友善敬业法治富强和谐民主法治诚信和谐
核心价值观解密
BuildCTF{lao_se_p1}
白白的真好看
000000.txt零宽隐写
white.docx隐藏文字
拼接二维码在异步社区回复雪
BuildCTF{Th3_wh1t3_wh1t3_y0u_s33_1s_n0t_wh1t3}
多了一个wh1t3
BuildCTF{Th3_wh1t3_y0u_s33_1s_n0t_wh1t3}
Hex的秘密
题目给出的字符串确实是16进制的,但每个16进制都是大于 7F 的,换算成10进制就是都大于 127 的,于是我们让每个16进制 都减去128 再用ASCII解密
#!/usr/bin/python3
s = 'c2f5e9ece4c3d4c6fbb3c5fafadfc1b5e3a1a1dfe2e9eee1f2f9f9f9fd'
ls = [ chr(int(f"{s[i]}{s[i+1]}",16)-128) for i in range(0,len(s),2) ]
print(''.join(ls))
有黑客
查看流量包哥斯拉流量,推断XOR密钥,依次分析upload/shell.php的后几个包
拖进cypherchef
什么?来玩玩心算吧
parselmouth-master工具
python沙箱逃逸
(超爱jail,可以看看:https://www.cnblogs.com/N1ng/p/18491520)
Crypto
ezzzRSA
题目:
import libnum
from Crypto.Util.number import *
flag = b'BuildCTF{*******}'
m = libnum.s2n(flag)
e = 65537
q = getPrime(1024)
q1 = getPrime(1024)
p = getPrime(1024)
p1 = getPrime(1024)
n = p * q
n1 = q * p1
n2 = p * q1
c = pow(m, e, n)
h0 = pow(2023 * p + 2024, q1, n2)
h1 = pow(2024 * p1 + 2023 * q, 113, n1)
h2 = pow(2023 * p1 + 2024 * q, 629, n1)
print(f'n1 = {n1}')
print(f'n2 = {n2}')
print(f'c = {c}')
print(f"h0 = {h0}")
print(f"h1 = {h1}")
print(f"h2 = {h2}")
"""
n1 = 19957426023169626195602761840035904096149402534966487535713447987366768645542881124782551268978342063458430846877824210659778126281705984711061190351636497944943321988950188171159903717348936556346198638311950016136865425015037098270040031872702873264144372191898253134939805153141701819590164140250130420280491966786900651186941317959556066730959744279963976065565436153399679475410040773637142677936926894677919242351610457296203864806991539480593546084449323017670431590012312526757477514457145686070196978477495658962519391041011847512041022828710693830661412217389320600888361578917153088073678587422269955710471
n2 = 11933661747067216317642315621042074566046499785197709817779978157416906347669444374234313329064859622960743743511735672614999566264025648698589886185056758071718319964262619819143757922916624196354313322456534266520150543008117888101349920396737532937616502689667208207329048979872222563877933742673021891249520999021187404065706388700711208445628041386956459398271230236018476964839399245143666534359113777846535151773174701732284280083586580489995666306373839417946648196140879978268472361473557375951972193618245984950374326806423407152520541682571610372434453778172497925696535270204943842467472100237854318244291
c = 20080676122944896238797522372441559951736929534371084097400233944319893926800196694449564534150770085554349952433141815637324753386484549616573636001763815852095984830828952020047938406909274311785306299061021662484544371813739713520361343350959698642021322243662988875917088108399877176033404097457939417134483333264562602633853694382014472747500159100723626314928476484037666519857604568300967071868151508142784271042600815406853978696857309760951105852288354603503207383899902135741426285551161292195639862478256231538619968275273876467583013024899054710124331145912185471501398910765579441956531091561893256832468
h0 = 2996726009726260695732821166504040344731102637047682432884058857493935625094258046641569918904978173116793673563730117949606727933902262668880339210084101176866383602543966179840353633735507442926707342258391362245904850297416642271123328980812931025677857373199540129280097315832907023777052101133649877194495480543646472133854655383755313968952550827443970931104462445312146328606862802196901953935238972759852435882720786570965542286278549107402918041194008845717507735786897968734831064393337773557817839343449001368565856921138408039931608804233595980497557733714560035682416265029819340316734845279080134432704
h1 = 19843160604742228074331688651361052208481287636527838615063387670722213224954610448720065937378201545177278841575633697012434074186046556843292068835752113384756149944114298949115412819730843598288637259467085268861201775723817790428386595559040938133481222229290199923979132846871398172318539492741755408720073350962388138453341677009547616238262211176727424067946020683742262782319735286357465817786446238528187722959357444676512705451504136333336415880020502524009647940182721264953084120705872870651891290569527156804993340563927419561415555818468261824287933683736509372616293569615247228388443284457740072850735
h2 = 15147052684674827267989051566164167603473413362261253296001082161136918959833294463185335416662127368473980239667918561600741667513285708843081475074688239507330230558331408877583246661862040918410036936505307437329914363201630212163952357444441705663871720438955166472073576526814546767805314463827075388036712200327696168965762177567346966479399896578190111819130000991594490932388132188241726654756368698998232826340969288082645860324404980143489489946490266439447342461483490582149239131554246756547000945718737195930407251232848166108751122870333559461452459416252942341423373918245090162970624108991537972775066
"""
参考:https://blog.csdn.net/XiongSiqi_blog/article/details/130175464
import gmpy2
from Crypto.Util.number import *
e = 65537
n1 = 19957426023169626195602761840035904096149402534966487535713447987366768645542881124782551268978342063458430846877824210659778126281705984711061190351636497944943321988950188171159903717348936556346198638311950016136865425015037098270040031872702873264144372191898253134939805153141701819590164140250130420280491966786900651186941317959556066730959744279963976065565436153399679475410040773637142677936926894677919242351610457296203864806991539480593546084449323017670431590012312526757477514457145686070196978477495658962519391041011847512041022828710693830661412217389320600888361578917153088073678587422269955710471
n2 = 11933661747067216317642315621042074566046499785197709817779978157416906347669444374234313329064859622960743743511735672614999566264025648698589886185056758071718319964262619819143757922916624196354313322456534266520150543008117888101349920396737532937616502689667208207329048979872222563877933742673021891249520999021187404065706388700711208445628041386956459398271230236018476964839399245143666534359113777846535151773174701732284280083586580489995666306373839417946648196140879978268472361473557375951972193618245984950374326806423407152520541682571610372434453778172497925696535270204943842467472100237854318244291
c = 20080676122944896238797522372441559951736929534371084097400233944319893926800196694449564534150770085554349952433141815637324753386484549616573636001763815852095984830828952020047938406909274311785306299061021662484544371813739713520361343350959698642021322243662988875917088108399877176033404097457939417134483333264562602633853694382014472747500159100723626314928476484037666519857604568300967071868151508142784271042600815406853978696857309760951105852288354603503207383899902135741426285551161292195639862478256231538619968275273876467583013024899054710124331145912185471501398910765579441956531091561893256832468
h0 = 2996726009726260695732821166504040344731102637047682432884058857493935625094258046641569918904978173116793673563730117949606727933902262668880339210084101176866383602543966179840353633735507442926707342258391362245904850297416642271123328980812931025677857373199540129280097315832907023777052101133649877194495480543646472133854655383755313968952550827443970931104462445312146328606862802196901953935238972759852435882720786570965542286278549107402918041194008845717507735786897968734831064393337773557817839343449001368565856921138408039931608804233595980497557733714560035682416265029819340316734845279080134432704
h1 = 19843160604742228074331688651361052208481287636527838615063387670722213224954610448720065937378201545177278841575633697012434074186046556843292068835752113384756149944114298949115412819730843598288637259467085268861201775723817790428386595559040938133481222229290199923979132846871398172318539492741755408720073350962388138453341677009547616238262211176727424067946020683742262782319735286357465817786446238528187722959357444676512705451504136333336415880020502524009647940182721264953084120705872870651891290569527156804993340563927419561415555818468261824287933683736509372616293569615247228388443284457740072850735
h2 = 15147052684674827267989051566164167603473413362261253296001082161136918959833294463185335416662127368473980239667918561600741667513285708843081475074688239507330230558331408877583246661862040918410036936505307437329914363201630212163952357444441705663871720438955166472073576526814546767805314463827075388036712200327696168965762177567346966479399896578190111819130000991594490932388132188241726654756368698998232826340969288082645860324404980143489489946490266439447342461483490582149239131554246756547000945718737195930407251232848166108751122870333559461452459416252942341423373918245090162970624108991537972775066
x3 = pow(h1 * pow(2023,113,n1),629,n1) % n1
x4 = pow(h2 * pow(2024,629,n1),113,n1) % n1
q = gmpy2.gcd(n1,x3 - x4)
print(q)
kp = h0 - pow(2024 , n2 , n2)
p = gmpy2.gcd(kp , n2)
print(p)
n = p * q
phi = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))BuildCTF{29g5blh5-7829-5k38-a836-9bk54h291h6}
Ju5t_d3c0de_1t!
e = 'VTJGc2RHVmtYMThUWGplSkN2YzJwazJ2KzJieQ=='
c = 10110011010010110101101101011110100001010100101110111011101101111101101001000010111010010011101111001111111000000001111000000010101
p = 1100010000110101100011011010101011111101001101010011001010110111100011110110101111000101100001011011001100110010010111111100110000001111010111111101111001100111100011100110110011101011111011100111010011000100011001101101111011010110000011011100101010010101110001011011010111001010101101100101011111101000110010111000011010111001101001
q = 11000010010010011110101110100011011100101101100100011011100010111000011110111000000011111100010100100000101101010101000101101101101011011100001101111010001010010011001010110010110101001100100011010110100011110011101110101110111110100000011110101010011011111010111100011000011111001000010101100100011110010000010001110010101100100111001
key = 592924741013363689040199750462798275514934297277010275281372369969899775117892551575873706970423924419480394766364097497072075403342004187895966953143489192628648965081601335846012859223829286606349019
# use m minus key to get the final flag!
exp:
import gmpy2
from Crypto.Util.number import long_to_bytes
e = 65537
c = 10110011010010110101101101011110100001010100101110111011101101111101101001000010111010010011101111001111111000000001111000000010101
p = 1100010000110101100011011010101011111101001101010011001010110111100011110110101111000101100001011011001100110010010111111100110000001111010111111101111001100111100011100110110011101011111011100111010011000100011001101101111011010110000011011100101010010101110001011011010111001010101101100101011111101000110010111000011010111001101001
q = 11000010010010011110101110100011011100101101100100011011100010111000011110111000000011111100010100100000101101010101000101101101101011011100001101111010001010010011001010110010110101001100100011010110100011110011101110101110111110100000011110101010011011111010111100011000011111001000010101100100011110010000010001110010101100100111001
key = 592924741013363689040199750462798275514934297277010275281372369969899775117892551575873706970423924419480394766364097497072075403342004187895966953143489192628648965081601335846012859223829286606349019
c_int = int(str(c), 2)
p_int = int(str(p), 2)
q_int = int(str(q), 2)
n = p_int * q_int
phi = (p_int - 1) * (q_int - 1)
phi_mpz = gmpy2.mpz(phi)
d = gmpy2.invert(e, phi_mpz)
m = pow(c_int, d, n)
m = m - key
print(long_to_bytes(m))
BuildCTF{I_l1k3_crypt0_5o_h4rd!}
where is my n?
题目:
from Crypto.Util.number import*
from gmpy2 import*
flag = "..."
e=65537
p=getPrime(512)
q=gmpy2.next_prime(p)
n=p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
c=pow(flag,e,n)
print("c=",c)
print("e=",e)
print("d=",d)
# c= 107973408658512316248795675829719026556281556876279221462095299771897472835817102507431099132436173117611783572607408542140665445616624626408781699266046553444252772105867617770124779786841928535661872891635303381758336724610931502145965143374870804147444436791292512235485326451051756451904673491759905663466
# e= 65537
# d= 62036379179617188220635702722848631787124203142048526951004487465970915306760341332025319712290841316288636152355908585406155087541334717529113872233640624205650204907669681116401961584897042519881342485819364897891612540596760113597723865477121348794797592568686540283535491492936074500143092361821406613969
exp:
c= 107973408658512316248795675829719026556281556876279221462095299771897472835817102507431099132436173117611783572607408542140665445616624626408781699266046553444252772105867617770124779786841928535661872891635303381758336724610931502145965143374870804147444436791292512235485326451051756451904673491759905663466
e= 65537
d= 62036379179617188220635702722848631787124203142048526951004487465970915306760341332025319712290841316288636152355908585406155087541334717529113872233640624205650204907669681116401961584897042519881342485819364897891612540596760113597723865477121348794797592568686540283535491492936074500143092361821406613969
import gmpy2,libnum
k_phi = e*d -1
for k in range(2,e):
if k_phi % k == 0:
phi = k_phi // k
r, _ = gmpy2.iroot(phi,2)
q = gmpy2.next_prime(r)
if phi % (q-1) == 0:
p = phi // (q-1) + 1
m = pow(c,d,p*q)
print(k)
print(libnum.n2s(int(m)))
BuildCTF{Y0u_F1nd_7he_n_success7u1_!}
gift
题目:
from Crypto.Util.number import *
from secret import flag
def get_gift(p, q):
noise = getPrime(40)
p, q = p + 2 * noise + 1, q - pow(noise, 2)
gift = 2024 * (p + q)
return gift
p = getPrime(512)
q = getPrime(512)
n = p * q
e = 0x10001
m = bytes_to_long(flag)
c = pow(m, e, n)
gift = get_gift(p, q)
print(f'c = {c}')
print(f'n = {n}')
print(f'gift = {gift}')
'''
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
'''思路没问题,时间太长
import gmpy2
from Crypto.Util.number import isPrime, long_to_bytes
# Constants
e = 65537
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
# Efficient prime checking and calculation
def find_flag():
for m in range(100000000000, 999999999999):
if isPrime(m):
phi = n + 1 - (gift // 2024) - (m**2) + 2 * m + 1
try:
d = gmpy2.invert(e, phi)
# Only compute m if d is valid
if d > 0:
# Decrypt message
m_decoded = pow(c, d, n)
flag = long_to_bytes(m_decoded)
# Check for the flag
if b'BuildCTF' in flag:
print(flag)
return # Exit on finding the first valid flag
except ZeroDivisionError:
# In case of invalid phi, skip
continue
find_flag()
exp:小根攻击
from Crypto.Util.number import *
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
e = 65537
h = gift // 2024
R.<p,q> = PolynomialRing(RealField(1000))
f1 = p + q + 1 - h
f2 = p*q - n
res = f1.sylvester_matrix(f2,q).det().univariate_polynomial().roots()
ph = int(res[0][0]) >> 90 << 90
R.<x> = PolynomialRing(Zmod(n))
f = ph + x
root = f.small_roots(X=2^90,beta=0.49)
p = ph + int(root[0])
q = n // p
d = inverse(e,(p-1)*(q-1))
m = pow(c,d,n)
print(long_to_bytes(m))
BuildCTF{M@y_b3_S0m3th1ng_go_wr0ng}
mitm
中间相遇攻击
明密文分别两次加密两次解密
from Crypto.Util.number import *
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from random import *
from secret import flag
note = b'Crypt_AES*42$@'
r = 4
keys = []
for i in range(r):
key = bytes(choices(note, k=3))
print(key)
print(sha256(key).digest())
keys.append(sha256(key).digest())
print(keys)
leak = b'Hello_BuildCTF!!'
cipher = leak
for i in range(r):
cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)
enc_key = sha256(b"".join(keys)).digest()
enc_flag = AES.new(enc_key, AES.MODE_ECB).encrypt(pad(flag, AES.block_size))
print(f'cipher = {cipher}')
print(f'enc_flag = {enc_flag}')
# cipher = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
# enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'
from Crypto.Util.number import *
from itertools import product
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from tqdm import tqdm
from random import choices
note = b'Crypt_AES*42$@'
key_length = 3
# Generate all possible keys of the specified length
all_keys = [bytes(p) for p in product(note, repeat=key_length)]
key_pairs = [[sha256(key1).digest(), sha256(key2).digest()] for key1 in all_keys for key2 in all_keys]
r = 2
ciphers = []
cipher_keys = []
for keys in tqdm(key_pairs, desc="Encrypting"):
leak = b'Hello_BuildCTF!!'
cipher = leak
for i in range(r):
cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)
ciphers.append(cipher)
cipher_keys.append(keys)
plains = []
plain_keys = []
for keys in tqdm(key_pairs, desc="Decrypting"):
cipher2 = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
plain = cipher2
for i in range(r):
plain = AES.new(keys[i], AES.MODE_ECB).decrypt(plain)
plains.append(plain)
plain_keys.append(keys)
common = set(plains) & set(ciphers)
for item in common:
index_plain = plains.index(item)
index_cipher = ciphers.index(item)
print(f'Common Item: {item}')
print(f'Keys for Plain: {plain_keys[index_plain]}')
print(f'Keys for Cipher: {cipher_keys[index_cipher]}')
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from hashlib import sha256
# Assume these values are known
keys = [b'T\xeb\x9f13\xa7w\x1ft`\x8e\xd5v\x80\xd8\x89\xf3\xf4-\xd7\xc2,\xec\x00\x85\x1b\xdd\x06\x1e\xce\xbe\x99', b'\xae\xe7\xc3\xff&k\x15\xc5Q\x89HD.\xb3\xb3\x83\x11:\xd2\x1e\x04\xfc\xb1\x00\x03DQ\x1eF\xc4r^', b'\xf0\xb6\x8c\x1f\x85\x9f\x1a\xff\xe7\xd1r\x9a\x0c\xf3\xc7"\x159+\x85\xc5\xc6\xe0\x9ef\x13\xd1\xf2\x9c\xb2B\xdf', b'%\x99f\x8f/\x93\x84X)\x8e\xfd\xb6(\x1f^>\xaf\xcd\xd4\xf3\xc0\xc2\x15\xef \x83X\xd6\x02\xa8~\x11']
enc_key = sha256(b"".join(keys)).digest()
enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5' # Your actual encrypted flag here
cipher = AES.new(enc_key, AES.MODE_ECB)
decrypted_data = cipher.decrypt(enc_flag)
try:
flag = unpad(decrypted_data, AES.block_size)
print(f'Decrypted flag: {flag.decode()}')
except ValueError:
print("Incorrect decryption, possibly due to padding error.")
ominous
from Crypto.Util.number import *
from secret import flag
import random
import string
Ominous_dic = ['啊', '米', '诺', '斯']
flag_word = (string.ascii_letters + string.digits + '{}@_!').encode()
assert all(char in flag_word for char in flag)
msg = bytes_to_long(flag)
random.shuffle(Ominous_dic)
def Ominous_enc(msg):
res = 0
for idx, word in enumerate(Ominous_dic):
res += random.randint(0, 200) * ord(word) * (2 ** (50 * (idx + 1)))
return res + msg
cipher = Ominous_enc(msg)
print(f'cipher = {cipher}')
# cipher = 11174132013050242293373893046306047184706656363469879247040688497021
思路没问题,时间太长
from Crypto.Util.number import *
import random
key = [['啊','米','诺','斯'],['啊','米','斯','诺'],['啊','诺','米','斯'],['啊','诺','斯','米'],['啊','斯','米','诺'],['啊','斯','诺','米'],
['米','啊','诺','斯'],['米','啊','斯','诺'],['米','诺','啊','斯'],['米','诺','斯','啊'],['米','斯','啊','诺'],['米','斯','诺','啊'],
['诺','啊','米','斯'],['诺','啊','斯','米'],['诺','米','啊','斯'],['诺','米','斯','啊'],['诺','斯','啊','米'],['诺','斯','米','啊'],
['斯','啊','米','诺'],['斯','啊','诺','米'],['斯','米','啊','诺'],['斯','米','诺','啊'],['斯','诺','啊','米'],['斯','诺','米','啊']]
cipher = 11174132013050242293373893046306047184706656363469879247040688497021
#for Ominous_dic in key:
Ominous_dic = ['米', '啊', '斯', '诺']
res = 0
while True:
for idx, word in enumerate(Ominous_dic):
i = random.randint(0, 200)
res += i * ord(word) * (2 ** (50 * (idx + 1)))
if cipher - res > 0:
flag = long_to_bytes(cipher - res)
if b'BuildCTF' in flag:
print(flag)
break['啊','米','诺','斯'],['米', '啊', '斯', '诺'],['斯','诺','米','啊'],['啊','诺','米','斯'],['啊','米','斯','诺'],['诺','米','啊','斯'],['诺','米','斯','啊'],['斯','米','啊','诺'],['斯','米','诺','啊']
最后在这个脚本里面爆出来啦
from Crypto.Util.number import *
from tqdm import tqdm # 导入 tqdm
cipher = 11174132013050242293373893046306047184706656363469879247040688497021
enc = [['诺','啊','米','斯'],['诺','啊','斯','米'],['诺','米','啊','斯'],['诺','米','斯','啊'],['诺','斯','啊','米'],['诺','斯','米','啊']]
for Ominous_dic in enc:
for i0 in tqdm(range(200)):
res0 = i0 * ord(Ominous_dic[0]) * (2 ** 50)
for i1 in range(200):
res1 = res0 + i1 * ord(Ominous_dic[1]) * (2 ** 100)
for i2 in range(200):
res2 = res1 + i2 * ord(Ominous_dic[2]) * (2 ** 150)
for i3 in range(200):
res3 = res2 + i3 * ord(Ominous_dic[3]) * (2 ** 200)
if cipher - res3 > 0:
flag = long_to_bytes(cipher - res3)
if b'BuildCTF' in flag:
print(flag)
break
我这辈子就是被古典给害了
from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES
from secret import flag, key
dict1 = {'A': 0, 'B': 1, 'C': 2, 'D': 3, 'E': 4,
'F': 5, 'G': 6, 'H': 7, 'I': 8, 'J': 9,
'K': 10, 'L': 11, 'M': 12, 'N': 13, 'O': 14,
'P': 15, 'Q': 16, 'R': 17, 'S': 18, 'T': 19,
'U': 20, 'V': 21, 'W': 22, 'X': 23, 'Y': 24, 'Z': 25}
dict2 = {0: 'A', 1: 'B', 2: 'C', 3: 'D', 4: 'E',
5: 'F', 6: 'G', 7: 'H', 8: 'I', 9: 'J',
10: 'K', 11: 'L', 12: 'M', 13: 'N', 14: 'O',
15: 'P', 16: 'Q', 17: 'R', 18: 'S', 19: 'T',
20: 'U', 21: 'V', 22: 'W', 23: 'X', 24: 'Y', 25: 'Z'}
def generate_key(flag, key):
i = 0
while True:
if len(key) == len(flag):
break
key += flag[i]
i += 1
return key
def cipherText(msg, key_new):
cipher_text = ''
i = 0
for letter in msg:
x = (dict1[letter] + dict1[key_new[i]]) % 26
i += 1
cipher_text += dict2[x]
return cipher_text
def AES_enc(key, value):
key = (key * 2).encode()
cipher = AES.new(key, AES.MODE_ECB)
value = value.encode()
padded_text = pad(value, AES.block_size)
ciphertext = cipher.encrypt(padded_text)
print("AES Encrypted Text =", ciphertext)
def substitute(msg):
msg = msg.replace('{', 'X')
msg = msg.replace('_', 'X')
msg = msg.replace('}', 'X')
msg = msg.upper()
assert msg.isupper()
return msg
message = substitute(flag)
key_new = generate_key(message, key)
cipher = cipherText(message, key_new)
print("Encrypted Text =", cipher)
AES_enc(key, flag)
'''
Encrypted Text = HLMPWKGLYSWFACEWBYRSUKYFAXZFXDKOTZHHSLFCXNICAHPGRIFUF
AES Encrypted Text = b'\x92T{\x1f\x0f"\xbd\xbb\xfa|O\x11\x83\xa0\xec.\x15]\x9f\x9a\xe5\x85Z\x9f@yUm\xbb\xdc\x93\x08\xe5\x8b\xd5\x98\x84\xfa\x91\xe8\xde\x1b}\xcd\x9056\xa3\xbf\xdb\x85J\xcc\xec\x812T\x11\xa7Tl\x15\xf6"'
'''
手撕key
根据BUILDCTFX反推出GREETING是我们的key
aes-cbc解密:
from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES
def AES_dec(key, ciphertext):
key = (key * 2)
cipher = AES.new(key, AES.MODE_ECB)
decrypted_padded_text = cipher.decrypt(ciphertext)
try:
decrypted_text = unpad(decrypted_padded_text, AES.block_size)
return decrypted_text.decode()
except ValueError:
return "Incorrect decryption"
key = b'GREETING'
ciphertext = b'\x92T{\x1f\x0f"\xbd\xbb\xfa|O\x11\x83\xa0\xec.\x15]\x9f\x9a\xe5\x85Z\x9f@yUm\xbb\xdc\x93\x08\xe5\x8b\xd5\x98\x84\xfa\x91\xe8\xde\x1b}\xcd\x9056\xa3\xbf\xdb\x85J\xcc\xec\x812T\x11\xa7Tl\x15\xf6"'
decrypted_flag = AES_dec(key, ciphertext)
print(decrypted_flag)
BuildCTF{YOU_ALREADY_KNOW_WHAT_A_CLASSICAL_CIPHER_IS}
OVO开门爽!开到南天门了兄弟
from Crypto.Util.number import *
flag = b'BuildCTF{******}'
#随机生成p,q
p = getPrime(1024)
q = getPrime(1024)
#计算模数n
n = p*q
e = 65537
m = bytes_to_long(flag)
#c=m^e%n
c = pow(m, e, n)
print('P = ',p**2)
print('Q = ',q**2)
print('n = ',n)
print('e = ',e)
print('c = ',c)
# P = 8279853330757234669136483032750824826175777927506575083710166412897012079466955769715275604152872242147320194640165649152928984919315754419447729793483984130396358578571137956571302516202649076619076831997922675572705848199504309232044502957866317011212505985284129365522570368395368427388904223782742850616983130885152785650513046301920305069822348366931825404271695876688539675285303882189060671184911139742554710018755565518014777733322795522710234091353878298486498244829638878949389690384488573338138825642381687749888102341379254137445546306796258092762099409409285871651688611387507673794784257901946892698481
# Q = 9406643503176766688113904226702477322706664731714272632525763533395380298320140341860043591350428258361089106233876240175767826293976534568274153276542755524620138714767338820334748140365080856474253334033236457092764244994983837914955286808153784628739327217539701134939748313123071347697827279169952810727995681780717719971161661561936180553161888359929479143712061627854343656949334882218260141557768868222151468471946884225370009706900640851492798538458384449294042930831359723799893581568677433868531699360789800449077751798535497117004059734670912829358793175346866262442550715622833013235677926312075950550681
# n = 8825283482190476005946253343638820879559355306860912268128891241513310054066424567824202757539757712177309282694997613217968336164050770152277369601415394249781577415456224120102543968285035647514461364611734338073523454354376992783551035395558194171202680855182868766563277697325690226849316944101739491659812174054898519492145495098671439125714086449826697343692081109131564556220174583970363431110462222473013021825770267803249515893736989430146194199936335153936611196467225599746830873958085287665223190767137404366840055297859554490123389877396965710177279558954630222879974581602069901175074777191362537419581
# e = 65537
# c = 27915082942179758159664000908789091022294710566838766903802097394437507062054409033932303966820096232375646873480427485844733381298467171069985418237873120984132166343258345389477844339261488318588760125230979340678006871754125487279212120945061845738130108370814509280317816067243605608952074687396728904772649873860508240809541545939219624254878900291126739390967820141036260712208555574522131446556595562330969209665291757386246648060990840787769772160549862538116370905306402293764494501838709895355570646716245976733542014165663539815972755562821443411642647981898636761822107221203966296758350547477576411216744594534002057673625678188824476543288048956124565509473100550838563085585434675727358831610724920550213350035792170323729397796947598697983084347567191009236345815968927729025919066227704728180060805553787151862426034275526605154807840695498644070184681962311639338273469859838505348823417234722270798882384367058630064108155240680307754557472476430983184039474907188578578484589833812196216551783354411797156409948499012005963943728564803898150155735762695825658678475746559900705796814512838380193603178657226033406812810314960142251012223576984115642351463684724512456778548853002653596485899854303126091917273560```
方法一:
```python
from Crypto.Util.number import long_to_bytes, inverse
from math import isqrt
# 给出的 P 和 Q (实际上是 p^2 和 q^2)
P = 8279853330757234669136483032750824826175777927506575083710166412897012079466955769715275604152872242147320194640165649152928984919315754419447729793483984130396358578571137956571302516202649076619076831997922675572705848199504309232044502957866317011212505985284129365522570368395368427388904223782742850616983130885152785650513046301920305069822348366931825404271695876688539675285303882189060671184911139742554710018755565518014777733322795522710234091353878298486498244829638878949389690384488573338138825642381687749888102341379254137445546306796258092762099409409285871651688611387507673794784257901946892698481
Q = 9406643503176766688113904226702477322706664731714272632525763533395380298320140341860043591350428258361089106233876240175767826293976534568274153276542755524620138714767338820334748140365080856474253334033236457092764244994983837914955286808153784628739327217539701134939748313123071347697827279169952810727995681780717719971161661561936180553161888359929479143712061627854343656949334882218260141557768868222151468471946884225370009706900640851492798538458384449294042930831359723799893581568677433868531699360789800449077751798535497117004059734670912829358793175346866262442550715622833013235677926312075950550681
n = 8825283482190476005946253343638820879559355306860912268128891241513310054066424567824202757539757712177309282694997613217968336164050770152277369601415394249781577415456224120102543968285035647514461364611734338073523454354376992783551035395558194171202680855182868766563277697325690226849316944101739491659812174054898519492145495098671439125714086449826697343692081109131564556220174583970363431110462222473013021825770267803249515893736989430146194199936335153936611196467225599746830873958085287665223190767137404366840055297859554490123389877396965710177279558954630222879974581602069901175074777191362537419581
e = 65537
c = 27915082942179758159664000908789091022294710566838766903802097394437507062054409033932303966820096232375646873480427485844733381298467171069985418237873120984132166343258345389477844339261488318588760125230979340678006871754125487279212120945061845738130108370814509280317816067243605608952074687396728904772649873860508240809541545939219624254878900291126739390967820141036260712208555574522131446556595562330969209665291757386246648060990840787769772160549862538116370905306402293764494501838709895355570646716245976733542014165663539815972755562821443411642647981898636761822107221203966296758350547477576411216744594534002057673625678188824476543288048956124565509473100550838563085585434675727358831610724920550213350035792170323729397796947598697983084347567191009236345815968927729025919066227704728180060805553787151862426034275526605154807840695498644070184681962311639338273469859838505348823417234722270798882384367058630064108155240680307754557472476430983184039474907188578578484589833812196216551783354411797156409948499012005963943728564803898150155735762695825658678475746559900705796814512838380193603178657226033406812810314960142251012223576984115642351463684724512456778548853002653596485899854303126091917273560
# Step 1: 计算 p 和 q
p = isqrt(P) # 对 P 求平方根
q = isqrt(Q) # 对 Q 求平方根
# Step 2: 计算 phi(n)
phi = n - isqrt(P + Q + 2 * n) + 1
# Step 3: 计算 d (私钥)
d = inverse(e, phi)
# Step 4: 解密 c
m = pow(c, d, n)
# 将解密后的明文转换为字节
flag = long_to_bytes(m)
print("解密后的 flag:", flag.decode())
方法二:
双开根,用sage自带函数
from Crypto.Util.number import *
P = 8279853330757234669136483032750824826175777927506575083710166412897012079466955769715275604152872242147320194640165649152928984919315754419447729793483984130396358578571137956571302516202649076619076831997922675572705848199504309232044502957866317011212505985284129365522570368395368427388904223782742850616983130885152785650513046301920305069822348366931825404271695876688539675285303882189060671184911139742554710018755565518014777733322795522710234091353878298486498244829638878949389690384488573338138825642381687749888102341379254137445546306796258092762099409409285871651688611387507673794784257901946892698481
Q = 9406643503176766688113904226702477322706664731714272632525763533395380298320140341860043591350428258361089106233876240175767826293976534568274153276542755524620138714767338820334748140365080856474253334033236457092764244994983837914955286808153784628739327217539701134939748313123071347697827279169952810727995681780717719971161661561936180553161888359929479143712061627854343656949334882218260141557768868222151468471946884225370009706900640851492798538458384449294042930831359723799893581568677433868531699360789800449077751798535497117004059734670912829358793175346866262442550715622833013235677926312075950550681
n = 8825283482190476005946253343638820879559355306860912268128891241513310054066424567824202757539757712177309282694997613217968336164050770152277369601415394249781577415456224120102543968285035647514461364611734338073523454354376992783551035395558194171202680855182868766563277697325690226849316944101739491659812174054898519492145495098671439125714086449826697343692081109131564556220174583970363431110462222473013021825770267803249515893736989430146194199936335153936611196467225599746830873958085287665223190767137404366840055297859554490123389877396965710177279558954630222879974581602069901175074777191362537419581
e = 65537
c = 27915082942179758159664000908789091022294710566838766903802097394437507062054409033932303966820096232375646873480427485844733381298467171069985418237873120984132166343258345389477844339261488318588760125230979340678006871754125487279212120945061845738130108370814509280317816067243605608952074687396728904772649873860508240809541545939219624254878900291126739390967820141036260712208555574522131446556595562330969209665291757386246648060990840787769772160549862538116370905306402293764494501838709895355570646716245976733542014165663539815972755562821443411642647981898636761822107221203966296758350547477576411216744594534002057673625678188824476543288048956124565509473100550838563085585434675727358831610724920550213350035792170323729397796947598697983084347567191009236345815968927729025919066227704728180060805553787151862426034275526605154807840695498644070184681962311639338273469859838505348823417234722270798882384367058630064108155240680307754557472476430983184039474907188578578484589833812196216551783354411797156409948499012005963943728564803898150155735762695825658678475746559900705796814512838380193603178657226033406812810314960142251012223576984115642351463684724512456778548853002653596485899854303126091917273560
n0 = P+Q
p, q = two_squares(n0)
n=p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
print(long_to_bytes(int(pow(c, int(d), n))))
BuildCTF{We1c0Me_b@cK_To_7uNiOr_h19H!!!}
girls_band_cry_pto
题目:
from Crypto.Util.number import *
import gmpy2
def getprime(kbit,FLAG):
a = getPrime(kbit)
b = getPrime(kbit)
N = getPrime(kbit+5)
seed = getPrime(kbit)
t = seed
list_t = []
for i in range(10):
t = (a*t+b)%N
list_t.append(t)
if FLAG:
print(list_t)
return seed
p = getprime(512,1)
q = getprime(512,0)
flag = b'...'
flag = bytes_to_long(flag)
n = p*q
e = 1384626
assert flag.bit_length() < n.bit_length()//2
c = pow(flag,e,n)
print('c=',c)
''''''
[37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]
c= 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
''''''
先求p,根据题目给的函数可知,p是LCG的原始seed
from Crypto.Util.number import *
from sympy import isprime
def gcd(a, b):
if (b == 0):
return a
else:
return gcd(b, a % b)
s = [37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]
t = []
for i in range(9):
t.append(s[i] - s[i - 1])
all_n = []
for i in range(7):
all_n.append(gcd((t[i + 1] * t[i - 1] - t[i] * t[i]), (t[i + 2] * t[i] - t[i + 1] * t[i + 1])))
MMI = lambda A, n, s=1, t=0, N=0: (n < 2 and t % N or MMI(n, A % n, t, s - A // n * t, N or n), -1)[n < 1] # 逆元计算
for n in all_n:
n = abs(n)
if n == 1:
continue
a = (s[2] - s[1]) * MMI((s[1] - s[0]), n) % n
ani = MMI(a, n)
b = (s[1] - a * s[0]) % n
seed = (ani * (s[0] - b)) % n
plaintext = seed
if isprime(seed):
print(f"Found prime p: {seed}")
else:
print(f"Seed is not prime: {seed}")
print(seed)
1306971501389667405355339984446001963306823960180518559102900074209906822479823648175928437467992667758988690268887352531564749276373500569799174613448137062
from Crypto.Util.number import *
import gmpy2
# 已知参数
p = 1306971501389667405355339984446001963306823960180518559102900074209906822479823648175928437467992667758988690268887352531564749276373500569799174613448137062
c = 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
e = 1384626
d = gmpy2.invert(e, p - 1)
m = pow(c, d, p)
flag = long_to_bytes(m)
print(flag)
if b'BuildCTF' in flag:
print(flag)
BuildCTF{crypt0_15_s0_e@5y!}
Reverse
新?Android路
androlua 编译后的 base64 加密方式,AndroLua 所使用的Lua工具 LuaJava 会加载依赖库 libluajava.so,我们使用 IDA 打开这个文件。LuaJava会使用 luaL_loadbuffer 或者 luaL_loadbufferx 函数对 Lua 脚本进行加载,这个函数也是一个加入 Lua 脚本解密代码的常见位置,我们在 IDA 中找到这一函数,并使用自带插件对其进行反编译得到以下内容
首先判断第一个字符为 = ,之后根据base64解码表映射解密base64,其中将第一个字符替换为 0x1d,即为 0x1d+0x2b=H,接着判断第一个字符,如果是 0x1c 则进行异或解密,最后再将第一个字符替换为 0x78,进行 inflate(zlib) 解码,解码完成后将第一个字符替换为 0x1c,最后得到 Luas 的文件,说明解密算法正确。于是,用 unluac.jar 解密
java -jar unluac_2023_01_14.jar main.lua_dec
local L0_1, L1_1, L2_1
L0_1 = _ENV
function L1_1()
local L0_2, L1_2, L2_2, L3_2, L4_2, L5_2, L6_2
L0_2 = L0_1
L1_2 = L0_2["u\229\136\006\133\020\186"]
L2_2 = "o\024\148;\177G"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "l\021\141*\169\\\199<\225\158-\229\016"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "m\023\130&\174F\248$\024\151|\149"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "q\239\150\022\186.\220\004\236d\026\136\004\166j\159"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "o\019\136.\164R\2064\255\145\r\160i\156"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "j\025\1472\1866"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "G#\240\151V\v"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "v\225l\242\151\024\141L\185<\1650\217[\217\b\221x\225|\229\128\005"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "y\255o\246\146\030\148D\1494\179'\231\"\210_\194H\214u\250a\166("
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "A\207G\214I\206M\132M\195F\221S\199\\\217V\151t\222T\218\"\182\005\171.\165+\191\"\188"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "x\253j\250l\020\147\\\156\021\142*\1915\1744\238h\208D\222L\241}\231"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "f\227\142\014\2035\189g\249_\192F"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "K\219%\1907\138\v\212\225`\252Y\220)\168$\204\n\139\228f\253J\223Z\228\017\147\f\156\237u\245S\246L\168\"\129\014\155\230"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "x\253j\250l\020\147\\\139\021\128,\1908\1685\238o\204@\207C\254y\241"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "n\017\139\018\191(\213\f\252f\a\205\001\182\\"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "w\227a\014\156\002\134t\178&\174L\202I\2348\196k\b\150\005\150"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "w\227a\014\156\002\134t\182;\161H\199N\253e\163F\019\159\004\144"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "x\253j\250l\020\147\\\129\002\1335\183\127\134#\164R\212`\198D\230\127\230"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "}\247s\230}\230i\164o\247b\240\149\018\155\005\221!\135\020\140\v\162\r\1730\187,"
L1_2(L2_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "a\029\185"
L1_2(L2_2)
L1_2 = L0_2["i\018\174-\219~\244\144"]
L1_2 = L1_2["{\230\138.\157\020\129\r"]
L2_2 = L0_2.S
L2_2 = L2_2["_\002\172D\237\184\005\202g\006\175"]
L1_2(L2_2)
L1_2 = L0_2["i\018\174-\219~\244\144"]
L1_2 = L1_2["{\230\138.\156\005\128\r"]
L2_2 = "e\017\187:\243z\n"
L1_2(L2_2)
L1_2 = L0_2["i\018\174-\219~\244\144"]
L1_2 = L1_2["}\234e\209{\251c\253t\239K\247E\214"]
L2_2 = L0_2["f\239\151\t\143;\169(\200@"]
L3_2 = L0_2["j\025\1472\1866"]
L2_2, L3_2, L4_2, L5_2, L6_2 = L2_2(L3_2)
L1_2(L2_2, L3_2, L4_2, L5_2, L6_2)
L1_2 = L0_2["o\024\148;\177G"]
L2_2 = "d\003\184u\130-\177"
L1_2(L2_2)
L1_2 = L0_2["\230\146\145\017ed\002}Q&jY\\\019#"]
L1_2()
L1_2 = L0_2["\233\183s\022Sd5B\bR*!p,\r"]
L1_2()
function L1_2(A0_3, A1_3, A2_3, A3_3, A4_3)
local L5_3, L6_3, L7_3, L8_3, L9_3, L10_3, L11_3, L12_3, L13_3, L14_3, L15_3
L5_3 = L0_2
L6_3 = L5_3["o\024\148;\177G"]
L7_3 = "K\219%\1907\138\v\212\225`\252Y\220)\168$\204\n\139\228f\253J\223Z\228\017\147\f\156\237u\245S\246L\168\"\129\014\155\230"
L6_3(L7_3)
L6_3 = L5_3["W\021\223r\004\161r\a\142P\024\167I\029\186K"]
L6_3 = L6_3()
L5_3["l\006\129:\216D\254\155"] = L6_3
L6_3 = L5_3["l\006\129:\216D\254\155"]
L6_3 = L6_3["{\230\138)\157\016\156\r"]
L7_3 = L5_3["W\021\223r\004\161r\a\142P\024\167I\029\186K"]
L7_3 = L7_3["[!\252O7\159j\196\166"]
L6_3(L7_3)
L6_3 = L5_3["l\006\129:\216D\254\155"]
L6_3 = L6_3["z\224v-\142\005\156\027\137"]
L7_3 = A1_3
L8_3 = A2_3
L6_3(L7_3, L8_3)
L6_3 = L5_3["l\006\129:\216D\254\155"]
L6_3 = L6_3["{\230\1389\154\029\131\026"]
L7_3 = A3_3
L6_3(L7_3)
L6_3 = L5_3["l\006\129:\216D\254\155"]
L6_3 = L6_3["}\234e\209{\231y\253h\201|\250I\200"]
L7_3 = {}
L8_3 = A4_3
L9_3 = A4_3
L10_3 = A4_3
L11_3 = A4_3
L12_3 = A4_3
L13_3 = A4_3
L14_3 = A4_3
L15_3 = A4_3
L7_3[1] = L8_3
L7_3[2] = L9_3
L7_3[3] = L10_3
L7_3[4] = L11_3
L7_3[5] = L12_3
L7_3[6] = L13_3
L7_3[7] = L14_3
L7_3[8] = L15_3
L6_3(L7_3)
L6_3 = A0_3["f\248R\236V\220#\183+\142\031\156\031@\254t\234G\204[\218"]
L7_3 = L5_3["l\006\129:\216D\254\155"]
L6_3(L7_3)
end
L0_2["\228\175K\rbz!\000\nN<\020"] = L1_2
L1_2 = L0_2["\228\175K\rbz!\000\nN<\020"]
L2_2 = L0_2["\227^[.\021 "]
L3_2 = 3
L4_2 = 4294967295
L5_2 = 0
L6_2 = 10
L1_2(L2_2, L3_2, L4_2, L5_2, L6_2)
function L1_2(A0_3)
local L1_3, L2_3, L3_3, L4_3, L5_3
L1_3 = L0_2
L2_3 = L1_3["d\003\184u\130-\177"]
L2_3 = L2_3["c\031\191'\215z"]
L3_3 = A0_3
L2_3 = L2_3(L3_3)
L1_3["h\020\166"] = "J'\245\175U8\145V"
L3_3 = L1_3["a\029\185"]
L4_3 = L1_3["h\020\166"]
L5_3 = L2_3
L3_3 = L3_3(L4_3, L5_3)
L2_3 = L3_3
L3_3 = L1_3["d\003\184u\130-\177"]
L3_3 = L3_3["c\031\191'\215z"]
L4_3 = L2_3
L3_3 = L3_3(L4_3)
L2_3 = L3_3
if L2_3 == "t\1329\160\r\247a\182w\141\023\133\031\147O\185\2400\189h\234C\252a\193\030\228x\195^\138\f\156\023\169}\184\018\213\r\174\t\191\b\206\246c\222'\250K\240q\192\017\141" then
L3_3 = true
return L3_3
else
L3_3 = false
return L3_3
end
end
L0_2["f\005\176]\205"] = L1_2
L1_2 = L0_2["\224Q_*&\003"]
function L2_2()
local L0_3, L1_3, L2_3, L3_3
L0_3 = L0_2
L1_3 = L0_3["\227^[.\021 "]
L1_3 = L1_3["p\025\140\025"]
L1_3 = #L1_3
if L1_3 == 0 then
L1_3 = L0_3["\224}O+\029\028"]
L2_3 = "\229\172O\006ZI5C\025\212\196\255\243"
L1_3(L2_3)
else
L1_3 = L0_3["\224Q_*&\003"]
L1_3 = L1_3["t\228\143\"\149\019\145"]
L2_3 = "\235\172W\r@x-\018 H;\tR"
L1_3(L2_3)
L1_3 = L0_3["\224}O+\029\028"]
L2_3 = "\234]q\002HoY\b\014\184\167R"
L1_3(L2_3)
L1_3 = L0_3["p\029\135\006"]
L2_3 = 800
function L3_3()
local L0_4, L1_4, L2_4, L3_4
L0_4 = L0_3
L1_4 = L0_4["\224Q_*&\003"]
L1_4 = L1_4["t\228\143\"\149\019\145"]
L2_4 = "\232\174T\t}~\"j9B0\021\167P"
L1_4(L2_4)
L1_4 = L0_4["p\029\135\006"]
L2_4 = 800
function L3_4()
local L0_5, L1_5, L2_5, L3_5
L0_5 = L0_4
L1_5 = L0_5["\224Q_*&\003"]
L1_5 = L1_5["t\228\143\"\149\019\145"]
L2_5 = "\233\168Y\021zt;b2\\\005!\184\162\172"
L1_5(L2_5)
L1_5 = L0_5["p\029\135\006"]
L2_5 = 800
function L3_5()
local L0_6, L1_6, L2_6
L0_6 = L0_5
L1_6 = L0_6["f\005\176]\205"]
L2_6 = L0_6["\227^[.\021 "]
L2_6 = L2_6["p\025\140\025"]
L1_6 = L1_6(L2_6)
if L1_6 then
L1_6 = L0_6["\224}O+\029\028"]
L2_6 = "\243\144\160\236\147\157\024ET\031Pi\002hL=^O(rB"
L1_6(L2_6)
L1_6 = L0_6["\224Q_*&\003"]
L1_6 = L1_6["t\228\143\"\149\019\145"]
L2_6 = "\243\144\160\236\147\157\024ET\031Pi\002hL=^O(rB"
L1_6(L2_6)
else
L1_6 = L0_6["\224}O+\029\028"]
L2_6 = "l\022\139<\"\1685\245\"R"
L1_6(L2_6)
L1_6 = L0_6["\224Q_*&\003"]
L1_6 = L1_6["t\228\143\"\149\019\145"]
L2_6 = "\224Q_*&\003"
L1_6(L2_6)
end
end
L1_5(L2_5, L3_5)
end
L1_4(L2_4, L3_4)
end
L1_3(L2_3, L3_3)
end
end
L1_2["h\019\176\006\1374\166"] = L2_2
L1_2 = L0_2["u\026\155\029\133\001"]
function L2_2()
local L0_3, L1_3, L2_3
L0_3 = L0_2
L1_3 = L0_3["\224}O+\029\028"]
L2_3 = "\232\154w\020vj\185\191\173Z\0158D\a\020"
L1_3(L2_3)
end
L1_2["h\019\176\006\1374\166"] = L2_2
L1_2 = L0_2["h\027\1331"]
L2_2 = "/\028"
L3_2 = "\v"
L2_2 = L2_2 .. L3_2
L1_2 = L1_2(L2_2)
L1_2()
end
L2_1 = "\200\170\248\006\015\020\029*38ANW\\er{\128\137\150\159\164\173\186\195\200\159\169\132\189\170\v\000\241\138\173\204\161\200\171\196\211\134\251\254\157\030\025x5$W(O2Oj\tbu\229\134\145\192\189\188\223\208\199\186\247\226\145\234\rl\001(K$3&[^=~y\024\146\133\244\137\160\211\172\203\174\195\214\133\230\241`\029\028\1270'ZWB1Jm\fa\137\232\133\148\199\184\191\162\223\218\185\242\229\148\233\000s\f+N#6%FQ\000}|\031\145\152\251\180\163\214\171\206\173\206\233\136\229\244g\024\031B?:YRE4I`\019l\140\239\128\151\202\167\178\161\218\221\188\241\248\155\020\003v\v.M.I(ET\ax\127\227\156\155\254\179\166=\162\223\218\185\240\237\148\235\bs\014#N!>%FQ\000}|\031\147\144\251\180\163\214\169\198\173\206\233\136\231\252g\026\023B=2YRE4Kh\019l\140\239\128\151\202\167\178\161\216\213\188\243\240\155\022\vv\t&M.I(ET\azw\227\158\147\254\177\174\213\212\201\176\205\236\143\226\255j\005\026A85\\QX;vk\022i\135\242\141\162\201\162\181\164\219\216\131\254\243\158\017\014u4)P-L/B_\nez\230\153\150\253\188\177\216\213\196\183\202\231\146\237\002i\000\029D;8#\\[>qn\021\151\130\241\138\173\204\161\200\171\196\211n\143\224\247j\005\026A:=\\QX;vk\022i\135\242\143\170\201\160\189\164\217\208\131\254\243\158\019\006u6!P/D/@W\ngr\230\153\150\253\190\185\216\213\196\183\200\239\146\237\002i\002\021D90#^S>qn\021\151\130\241\136\165\204\161\200\171\196\211\134\249\246\157\030\025x5$W*G2Oj\tbu\229\132\153\192\189\188\223\208\199\186\247\226\145\232\005l\001(K$3&YV=~y\024\144\141\244\137\160\211\172\203\174\193\222\133\230\241`\031\020\1270'ZWB1He\fa\137\232\135\156\199\184\191\162\223\218\185\240\237\148\233\000\155x5$W*G2Mb\t`}\229\132\153\192\189\188\223\208\199\186\245\234\145\234\rl\003 K$3&[^=|q\024\146\133\244\137\160\211\174\195\174\195\214\133\230\241`\029\028\1272/ZWB1Jm\fc\129\232\135\156\199\184\191\162\221\210\185\242\229\148\233\000s\f+N#6%FQ\000\127t\031\145\152\251\180\163\214\169\198\173\204\225\136\231\252g\024\031B?:YRE4Kh\019n\132\239\128\151\202\165\186\161\218\221\188\241\248\155\022\vv\v.M.I(ET\azw\227\158\147\254\179\166\213\212\201\176\207\228\143\226\255j\005\026A:=\180%FQ\000\127t\031\145\152\251\180\163\214\169\198\173\204\225\136\229\244g\026\023B?:YPM4I`\019l\140\239\130\159\202\167\178\161\218\221\188\243\240\155\020\003v\v.M.I(G\\\ax\127\227\156\155\254\177\174\213\212\201\176\205\236\143\226\255j\a\018A:=\\SP;tc\022k\143\242\141\162\201\162\181\164\217\208\131\254\243\158\019\006u6!P-L/B_\nez\230\155\158\253\190\185\216\213\196\183\202\231\146\239\ni\002\021D;8#\\[>qn\021\149\138\241\138\173\204\161\200\171\196\211\134\251\254\157\030\025x5$W*G2Oj\225\022k\143\242\141\162\201\160\189\164\219\216\131\254\243\158\019\006u6!P/D/B_\nez\230\155\158\253\188\177\216\215\204\183\202\231\146\239\ni\000\029D;8#^S>sf\021\149\138\241\136\165\204\163\192\171\198\219\134\251\254\157\030\025x7,W*G2Mb\t`}\229\134\145\192\189\188\223\210\207\186\247\226\145\234\rl\003 K$3&[^=~y\024\144\141\244\139\168\211\174\195\174\193\222\133\230\241`\031\020\1272/ZUJ1He\fa\137\232\135\156\199\186\183\162\221\210\185\240\237\148\233\000s\f+N#6%FQ\000\127t\031\145\152\019\192\189\188\223\208\199\186\247\226\145\234\rl\001(K$3&[^=~y\024\146\133\244\137\160\211\172\203\174\195\214\133\230\241`\029\028\1270'ZWB1Jm\fa\137\232\133\148\199\184\191\162\223\218\185\242\229\148\233\000s\f+N#6%FQ\000}|\031\145\152\251\180\163\214\171\206\173\206\233\136\229\244g\024\031B?:YRE4I`\019l\140\239\128\151\202\167\178\161\218\221\188\241\248\155\020\003v\v.M.I(ET\ax\127\227\156\155\254\179\166\213\214\193\176\205\236\143\224\247j\a\018A:=\\QX;tc\022k\143\242\143\170\201\162\181LExAJS\\\165\174\183\128\137\146\155\228\237\246\255\200\209\218$-6?\b\017\026clu~GPY\162\171\180\189\134\143\152\225\234\243\252\197\206\215!*3<\005\014\023`ir{DMV_\168\177\186\131\166W(O2Oj\t`}\229\134\145\192\189\188\223\210\207\186\247\226\145\234\rl\001(K&;&[^=~y\024\146\133\244\137\160\211\174\195\174\195\214\133\230\241`\029\028\1270'ZUJ1Jm\fa\137\232\133\148\199\184\191\162\221\210Q\134\249\246\157\030\025x5$W(O2Mb\t`}\229\132\153\192\189\188\223\210\207\186\245\234\145\234\rl\003 K&;&YV=|q\024\146\133\244\139\168\211\174\195\174\195\214\133\228\249`\029\028\1272/ZUJ1Jm\fa\137\000\241\136\165\204\163\192\171\196\211\134\249\246\157\028\017x7,W*G2Oj\t`}\229\132\153\192\189\188\223\210\207\186\247\226\145\234\rl\003 K$3&YV=|q\024\146\133\244\139\168\211\172\203\174\193\222\133\228\249`\029\028\1270'\178#^S>qn\021\151\130\241\136\165\204\163\192\171\198\219\134\249\246\157\030\025x7,W*G2Oj\t`}\229\132\153\192\189\188\223\210\207\186\247\226\145\232\005l\003 K$3&YV=~y\024\144\141\244\139\168\211\172\203\174\195\214m\146\237\002i\000\029D90#^S>qn\021\149\138\241\138\173\204\161\200\171\196\211\134\249\246\157\030\025x5$W(O2Oj\t`}\229\134\145\192\189\188\223\208\199\186\247\226\145\232\005l\001(K$3&[^=~y\024\144\141\028\021N][$7dlTDL\180\188\172\164\150\210\178$w@;aX\031\190\147\245\132\138\203\182\199\174\200\223n\138\205\216o*7F<\018Q{\\<hK\018O\190\026"
L1_1 = L1_1(L2_1)
字符串被加密了,逆向加密逻辑
but.lua
-- filename:
-- version: lua53
-- line: [0, 0] id: 0
local r0_0 = _u0
r0_0["H\u{2}\xde"] = function(r0_1)
-- line: [4, 23] id: 1
local r1_1 = r0_0
local r2_1 = r1_1["u\u{b}\x8a\u{1b}\x85\u{2}"]["o\u{17}\x8f"](r0_1)
local r3_1 = {}
local r4_1 = {}
for r8_1 = 0, 255, 1 do
r3_1[r8_1] = r8_1
end
for r8_1 = 1, r2_1, 1 do
r4_1[r8_1 - 1] = r1_1["u\u{b}\x8a\u{1b}\x85\u{2}"]["f\u{13}\xa4R"](r0_1, r8_1, r8_1)
end
local r5_1 = 0
for r9_1 = 0, 255, 1 do
r5_1 = (r5_1 + r3_1[r9_1] + r4_1[r9_1 % r2_1]) % 256
r3_1[r5_1] = r3_1[r9_1]
r3_1[r9_1] = r3_1[r5_1]
end
return r3_1
end
r0_0["T\n\xeb@"] = function(r0_2, r1_2)
-- line: [25, 39] id: 2
local r2_2 = r0_0
local r3_2 = 0
local r4_2 = 0
local r5_2 = {}
for r9_2 = 1, r1_2, 1 do
r3_2 = (r3_2 + 1) % 256
r4_2 = (r4_2 + r0_2[r3_2]) % 256
r0_2[r4_2] = r0_2[r3_2]
r0_2[r3_2] = r0_2[r4_2]
r5_2[r9_2] = r0_2[(r0_2[r3_2] + r0_2[r4_2]) % 256]
end
return r5_2
end
r0_0["a\u{1d}\xb9"] = function(r0_3, r1_3)
-- line: [41, 47] id: 3
local r2_3 = r0_0
return r2_3["i\u{e}\x84\u{16}\xae%"](r2_3["T\n\xeb@"](r2_3["H\u{2}\xde"](r0_3), r2_3["u\u{b}\x8a\u{1b}\x85\u{2}"]["o\u{17}\x8f"](r1_3)), r1_3)
end
r0_0["i\u{e}\x84\u{16}\xae%"] = function(r0_4, r1_4)
-- line: [49, 58] id: 4
local r2_4 = r0_0
local r3_4 = r2_4["u\u{b}\x8a\u{1b}\x85\u{2}"]["o\u{17}\x8f"](r1_4)
local r4_4 = nil
local r5_4 = {}
for r9_4 = 1, r3_4, 1 do
r5_4[r9_4] = r2_4["u\u{b}\x8a\u{1b}\x85\u{2}"]["g\u{3}\xb3H"](r2_4["f\u{12}\xbfE"](r0_4[r9_4], r2_4["u\u{b}\x8a\u{1b}\x85\u{2}"]["f\u{13}\xa4R"](r1_4, r9_4, r9_4)))
end
return r2_4["q\u{1f}\x95\u{1d}\x8f"]["e\0\xb6!\xcaa"](r5_4)
end
local r1_0 = {
["k\u{1c}\xb0.\xea@\xe2\x93"] = function(r0_5, r1_5)
-- line: [66, 68] id: 5
local r2_5 = r0_0
local r3_5 = r0_5 + r1_5
if r3_5 == 2 then
r3_5 = 1 or 0
else
goto label_7 -- block#2 is visited secondly
end
return r3_5
end,
["k\u{1c}\xb0.\xeaY\xe3\x85"] = function(r0_6, r1_6)
-- line: [70, 72] id: 6
local r2_6 = r0_0
local r3_6 = r0_6 + r1_6
if r3_6 == 1 then
r3_6 = 1 or 0
else
goto label_7 -- block#2 is visited secondly
end
return r3_6
end,
["d\u{1e}\xb5\"\xeft\xf7"] = function(r0_7, r1_7)
-- line: [74, 76] id: 7
local r2_7 = r0_0
local r3_7 = r0_7 + r1_7
if r3_7 > 0 then
r3_7 = 1 or 0
else
goto label_7 -- block#2 is visited secondly
end
return r3_7
end,
["f\u{b}\xa3R"] = function(r0_8, r1_8, r2_8)
-- line: [78, 96] id: 8
local r3_8 = r0_0
if r1_8 < r2_8 then
r2_8 = r1_8
r1_8 = r2_8
end
local r4_8 = 0
local r5_8 = 1
while r1_8 ~= 0 do
r3_8["q\'\x8c"] = r1_8 % 2
r3_8["q\'\x8f"] = r2_8 % 2
r4_8 = r5_8 * r1_0[r0_8](r3_8["q\'\x8c"], r3_8["q\'\x8f"]) + r4_8
r5_8 = r5_8 * 2
r1_8 = r3_8["i\u{14}\x920"]["i\u{1a}\x82>"](r1_8 / 2)
r2_8 = r3_8["i\u{14}\x920"]["i\u{1a}\x82>"](r2_8 / 2)
end
return r4_8
end,
}
r0_0["f\u{12}\xbfE"] = function(r0_9, r1_9)
-- line: [98, 100] id: 9
local r2_9 = r0_0
return r1_0["f\u{b}\xa3R"]("k\u{1c}\xb0.\xeaY\xe3\x85", r0_9, r1_9)
end
r0_0["f\u{b}\xbeS"] = function(r0_10, r1_10)
-- line: [102, 104] id: 10
local r2_10 = r0_0
return r1_0["f\u{b}\xa3R"]("k\u{1c}\xb0.\xea@\xe2\x93", r0_10, r1_10)
end
r0_0["a\u{7}\xbf"] = function(r0_11, r1_11)
-- line: [106, 108] id: 11
local r2_11 = r0_0
return r1_0["f\u{b}\xa3R"]("d\u{1e}\xb5\"\xeft\xf7", r0_11, r1_11)
end
base64+rc4
ez_asm
hint:小Yi最近在学傅里叶变换,于是他想起了以前遇到的跟它相关的一种变换……
哈哈哈,有幸遇到离散余弦变换,在2024DASCTF暑期挑战赛当中,有点复杂,复习一下
找不到密文,我好菜
ez_VM
main函数
sub_7FF7B31E1000(v6);
printf(std::cout, "Welcome to my virtual PC.Please input your flag :");
encrypto(v6, &key); // key作为调节器使用dword数据类型
for ( i = 0; flag[i] == enc[i] && flag[i]; ++i )// 函数实现一个内部计算器
// 密文:1354,21825,1637,26325,1896,1897,1926,30954,1927,30957,1727,27747,1363,21956,1527,24537
;
if ( i < 16 ){
printf(std::cout, "Try again!");
}else{
LODWORD(v3) = printf(std::cout, "You did it! Flag is BuildCTF{your_input}");
std::ostream::operator<<(v3, sub_7FF7B31E1D60);
}
return 0;
大分支:
__int64 __fastcall encrypto(__int64 a1, __int64 a2){
__int64 result; // rax
int v3; // [rsp+20h] [rbp-18h]
while ( 1 ){
result = *(a1 + 4128);
if ( *(a2 + 4 * result) == 256 )
break;
v3 = *(a2 + 4i64 * *(a1 + 4128));
switch ( v3 ){
case 1:
++*(a1 + 4128);
sub_7FF7B31E1060(a1, a2); // 基础运算+-*/和取值
break;
case 2:
++*(a1 + 4128);
sub_7FF7B31E1340(a1, a2); // 位运算
break;
case 3:
++*(a1 + 4128);
sub_7FF7B31E1580(a1, a2); // 1--,2++
break;
case 4:
++*(a1 + 4128);
init(a1, a2); // 获取输入进行转换
break;
}
}
return result;
}
获取opcode:
from ida_bytes import *
from idaapi import *
addr = 0x7FF7B31E50D0
enc = []
for i in range(2128//4):
enc.append(get_dword(addr + i * 4))
print(enc)
[4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 66, 0, 256]
#print((ord('1')+((ord('1')<<4)|(ord('1')>>4))))
#print((ord('1')+(((ord('1')+((ord('1')<<4)|(ord('1')>>4)))<<4)|((ord('1')+((ord('1')<<4)|(ord('1')>>4)))>>4))))
enc = [1354,1637,1896,1926,1927,1727,1363,1527]
#1354,21825,1637,26325,1896,1897,1926,30954,1927,30957,1727,27747,1363,21956,1527,24537
for w in range(256):
b = (ord(w)+((i<<4)|(i>>4)))
print(b)
if b == 835:
print(w)
for j in range(0,len(enc),2):
for i in range(256):
a = i + ((enc[j]<<4)|(enc[j]>>4))
if a == enc[j+1]:
print(chr(i))
1926?少了一组猜是1s
BuildCTF{vMp_1s_r0u9h_ORZ}
EzMfc
非预期:字节码
BuildCTF反推出加密方式异或0x17
BuildCTF{WindowsApi_is_easy!!!}
ez_xor?
思路对的但是不知道同样的方法,之前不行,现在可以了
动态调节输入32*1
再ida中将1修改为密文
19 68 A2 EF 7B BA 0E C5 5D 80 EF 9 0B D1 81 F1
F0 33 A6 11 23 58 5C 2B 38 8D 80 60 61 27 48 35
遇到key修改一下为37 68 31 73 5F 31 35 5F 40 5F 6B 65 79 40 41 40 00(相当于执行TLS)
修改sub为add
BuildCTF{5trE4m_EncrYpt_15_eAsy_t0_cRaCk!}
babyre
有点抽象,多了一个0x56,浪费好长时间,动调出来了
enc1 = [0x48,0x7f,0x63,0x66,0x6e,0x69,0x7e,0x6C,
0x71,0x6f,0x39,0x32,0x69,0x32,0x3f,0x3f,
0x3E,0x27,0x38,0x3D,0x69,0x3B,0x27]
for i in range(len(enc1)):
print(chr(enc1[i]^0xA), end='')
enc2 = [0x19, 0x57, 0x51, 0x51, 0x4e, 0x14, 0x00, 0x58,
0x05, 0x49, 0x1D, 0x51, 0x57, 0x52, 0x57, 0x56,
0x01, 0x52, 0x00, 0x52, 0x55, 0x52, 0x1E]
key = [0x19]
for i in range(1,len(enc2)):
key.append(enc2[i]^key[i-1])
#print(key, end='')
enc3 = [25, 78, 31, 78, 0, 20, 20, 76, 73, 0, 29, 76, 27, 73, 30, 72, 73, 27, 27, 73, 28, 78, 80]
for i in range(len(enc3)):
print(chr(enc3[i]^ord('-')), end='')
Buildctf{e38c8554-27c1-4c2c-99ad-0a6d3ed66d1c}
ez?否
自己写的壳子,加了两个调试检测,壳子脱下来了,但是没有找到密文(总结:我太菜了)
自是花中第一流
去花指令
jz74改90,call48改90两次
简单rc4
encryption_key = [0x77, 0x00, 0x01, 0x5E, 0x46, 0x54, 0x43]
encrypted_data = [0x7E, 0x58, 0x36, 0xF5, 0xC5, 0xF3, 0x39, 0xD4, 0x65, 0xCF,
0x67, 0x85, 0x37, 0x8C, 0x0C, 0xD4, 0x46, 0x88, 0x95, 0x2F,
0xDB, 0xB6, 0xA7, 0x56, 0xDC, 0xFE, 0xA9, 0x99, 0x92, 0x60,
0xA6, 0xC9, 0xE7, 0xCF, 0xBD, 0xB5, 0x62]
for i in range(len(encryption_key)):
encryption_key[i] ^= 0X31
def rc4_decrypt(ciphertext, key):
S = list(range(256))
j = 0
for i in range(256):
j = (j + S[i] + key[i % len(key)]) % 256
S[i], S[j] = S[j], S[i]
i = j = 0
plaintext = []
for byte in ciphertext:
i = (i + 1) % 256
j = (j + S[i]) % 256
S[i], S[j] = S[j], S[i]
k = S[(S[i] + S[j]) % 256]
plaintext.append(byte ^ k)
return bytes(plaintext)
decrypted_data = rc4_decrypt(encrypted_data, encryption_key)
print(decrypted_data.decode('utf-8'))
晴窗细乳戏分茶
#include <stdio.h>
#include <stdint.h>
void XTEA(uint32_t* temp, uint32_t* key) {
unsigned int i;
uint32_t v0=temp[0], v1=temp[1], delta=0x9E3779B9, sum=delta*32;
for (i=0; i < 32; i++) {
v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
sum -= delta;
v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
}
temp[0]=v0;
temp[1]=v1;
}
void TEA(uint32_t* temp, uint32_t* key){
uint32_t v0=temp[0], v1=temp[1], sum=0xC6EF3720, i;
uint32_t delta=0x9e3779b9;
uint32_t k0=key[0], k1=key[1], k2=key[2], k3=key[3];
for (i=0; i<32; i++) {
v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
sum -= delta;
}
temp[0]=v0;
temp[1]=v1;
}
int main() {
uint32_t key1[]= {0x192021,0x28256,0x28257,0x282931};
uint32_t flag1[]= {0xA30C700E,0xF68BD6E3,0xC0D489F0,0x12BEFB25,0x80EEC5B3,0x2B95BCD0};
uint32_t flag2[]= {0x876E3624,0xA8612878,0x3F089D1C,0x4A250D5C};
uint32_t key2[] = {0x15574396,0x114514,0x5201314,0x7355608};
for (int i = 0; i < 6; i += 2) {
uint32_t temp[2];
temp[0] = flag1[i];
temp[1] = flag1[i + 1];
TEA(temp, key1);
printf("%c%c%c%c%c%c%c%c", *((char*)&temp[0] + 0), *((char*)&temp[0] + 1), *((char*)&temp[0] + 2), *((char*)&temp[0] + 3),
*((char*)&temp[1] + 0), *((char*)&temp[1] + 1), *((char*)&temp[1] + 2), *((char*)&temp[1] + 3));
}
for (int i = 0; i < 4; i += 2) {
uint32_t temp[2];
temp[0] = flag2[i];
temp[1] = flag2[i + 1];
XTEA(temp, key2);
printf("%c%c%c%c%c%c%c%c", *((char*)&temp[0] + 0), *((char*)&temp[0] + 1), *((char*)&temp[0] + 2), *((char*)&temp[0] + 3),
*((char*)&temp[1] + 0), *((char*)&temp[1] + 1), *((char*)&temp[1] + 2), *((char*)&temp[1] + 3));
}
return 0;
}
PYC
找在线网站反编译
#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
# Version: Python 3.8
import base64
def encode(message):
s = bytearray()
for i in message:
x = ord(i) ^ 32
x = x + 16
if x > 255:
x -= 256
s.append(x)
return base64.b64encode(bytes(s)).decode('utf-8')
correct = 'cmVZXFRzhHZrYFNpjyFjj1VRVWmPVl9ij4kgZW0='
flag = input('Input flag: ')
if encode(flag) == correct:
print('正确的回答,awa!!!')
else:
print('就差一点了,QWQ!!')
exp:
import base64
def decode(encoded_message):
decoded_bytes = base64.b64decode(encoded_message)
original_chars = bytearray()
for b in decoded_bytes:
x = b - 16
if x < 0:
x += 256
original_char = x ^ 32
original_chars.append(original_char)
return original_chars.decode('utf-8')
correct = 'cmVZXFRzhHZrYFNpjyFjj1VRVWmPVl9ij4kgZW0='
decoded_flag = decode(correct)
print(decoded_flag)BuildCTF{pcy_1s_eaey_for_Y0u}
标签:r0,BuildCTFwp,r3,flag,key,print,import From: https://www.cnblogs.com/N1ng/p/18506738