BUUCTF-Crypto详细完整Writeup(持续更新ing)
每一天都要努力啊 ----2024-01-01 18:11:36
1.一眼就解密
原题:下面的字符串解密后便能获得flag:ZmxhZ3tUSEVfRkxBR19PRl9USElTX1NUUklOR30= 注意:得到的 flag 请包上 flag{} 提交
由小写字母大写字母和数字组成,尾部是’=‘,猜测为base64编码,base64解密后得到flag:flag{THE_FLAG_OF_THIS_STRING}
特征:密文由64个字符(A-Z,a-z,0-9,+,/)组成,末尾可能会有1或2个’=’ 最多有2个。
2.MD5
原题:e00cf25ad42683b3df678c61f42c6bda
md5解密得到flag:admin1
md5
特征:MD5消息摘要算法,属Hash算法一类。MD5算法对输入任意长度的消息进行运行,产生一个128位的消息摘要(32位的数字字母混合码)。密文由数字和字母组成,大多为32位,同时具有不可逆的特点,即知道密文,无法得到原文。
推荐解题网站:https://www.somd5.com/
3.Url编码
原题:%66%6c%61%67%7b%61%6e%64%20%31%3d%31%7d
有很多百分号的就是url编码,直接url解码
得到flag:flag{and 1=1}
4.看我回旋踢
原题:synt{5pq1004q-86n5-46q8-o720-oro5on0417r1}
一看就是ceaser密码,直接网站工具或者脚本,我这里给出一个小写字母的暴力破解,每个偏移量都试一试。
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2023年12月27日
"""
import string
alphabet='abcdefghijklmnopqrstuvwxyz'
itoc=lambda i:alphabet[i] #返回字母表中对应的字符
ctoi=lambda c:alphabet.index(c)
def Caesar_dec(ciphertext,k):
plaintext=''
for ch in ciphertext:
if ch not in alphabet:
plaintext+=ch
else:
plaintext+=itoc((ctoi(ch)-k)%len(alphabet))
return plaintext
s="synt{5pq1004q-86n5-46q8-o720-oro5on0417r1}"
for i in range(1,27):
print(Caesar_dec(s, -i))
得出flag:flag{5cd1004d-86a5-46d8-b720-beb5ba0417e1}
5.摩丝
原题:.. .-.. --- ...- . -.-- --- ..-
直接toolsFX中的morse解密,得到flag:ILOVEYOU
6.password
原题:
姓名:张三
生日:19900315
key格式为key{xxxxxxxxxx}
社会工程,猜测密码为zs19900315
7.变异凯撒
原题:加密密文:afZ_r9VYfScOeO_UL^RWUc
格式:flag{ }
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2023年12月27日
"""
def dec_cipher(s,shift):
dec=""
for val in s:
dec+=chr(ord(val)+shift)
shift+=1
return dec
s="afZ_r9VYfScOeO_UL^RWUc"
for i in range(1,27):
print(dec_cipher(s, i))
得到flag:flag{Caesar_variation}
8.Quoted-printable
原题:=E9=82=A3=E4=BD=A0=E4=B9=9F=E5=BE=88=E6=A3=92=E5=93=A6
如题目一样:直接解密
得到flag:那你也很棒哦
9.Rabbit
原题:U2FsdGVkX1/+ydnDPowGbjjJXhZxm2MP2AgI
U2Fsd,典型的兔子流。
rabbit解密,得到flag:Cute_Rabbit
10.篱笆墙的影子
栅栏密码,W-type=14,得到flag:flag{wethinkw}ehavetheflag
11.RSA
24.old-fashion
原题:Os drnuzearyuwn, y jtkjzoztzoes douwlr oj y ilzwex eq lsdexosa kn pwodw tsozj eq ufyoszlbz yrl rlufydlx pozw douwlrzlbz, ydderxosa ze y rlatfyr jnjzli; mjy gfbmw vla xy wbfnsy symmyew (mjy vrwm qrvvrf), hlbew rd symmyew, mebhsymw rd symmyew, vbomgeyw rd mjy lxrzy, lfk wr dremj. Mjy eyqybzye kyqbhjyew mjy myom xa hyedrevbfn lf bfzyewy wgxwmbmgmbrf. Wr mjy dsln bw f1_2jyf-k3_jg1-vb-vl_l
看这个样式为字频分析,利用在线网站进行分析:https://quipqiup.com/#google_vignette
得到flag:flag is n1_2hen-d3_hu1-mi-ma_a(注意需要分析两次)
25.Unencode
原题:89FQA9WMD<V1A<V1S83DY.#<W3$Q,2TM]
题目说的很明白,直接unencode编码,得到flag:flag{dsdasdsa99877LLLKK}
26.[AFCTF2018]Morse
原题:-..../.----/-..../-..../-..../...--/--.../....-/-..../-..../--.../-.../...--/.----/--.../...--/..---/--.../--.../....-/...../..-./--.../...--/...--/-----/...../..-./...--/...--/...--/....-/...--/...../--.../----./--.../-..
直接用toolsFX的morse解密,得到61666374667B317327745F73305F333435797D,只有数字和字母A--F,猜测为16进制,再16进制转化为ascii码
得到flag:afctf{1s't_s0_345y}
27.RSA3
原题:c1,n,e1,c2,e2
显然公用了一个模数n,为共模攻击:当两个用户使用相同的模数,不同的私钥,加密同一明文信息的时候就存在共模攻击
关于共模攻击的详细介绍:https://blog.csdn.net/s_hiy_iyi/article/details/133684979,一下给出解题脚本:
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2023年12月25日
"""
from Crypto.Util.number import *
def edge(a,b):
u,u1=1,0
v,v1=0,1
while b:
q,r=divmod(a,b) #返回除数和商
u,u1=u1,u-q*u1
v,v1=v1,v-q*v1
a,b=b,r
return u,v,a
e1=1
e2=2
n=0;c1=1;c2=1
r,s,_=edge(e1,e2)
if r<0:
r=-r
c1=inverse(c1,n)
else:
s=-s
c2=inverse(c2,n) #取逆元
m = pow(c1,r,n)*pow(c2,s,n) %n
print(long_to_bytes(m))
得到flag:flag{49d91077a1abcb14f1a9d546c80be9ef}
28.RSA2 dp泄露
dp泄露
适用情况:题目提供dp\dq
有时候除了e,n,c之外题目还会给你像dp,dq这样的值,这是为了方便计算产生的,同时也给了我们另一种解题思路。首先,了解dp,dq是什么东西:
dp=d%(p-1)
然后就可以进行推导,简单过程如下:
d = dp + k1 * (p-1)
d * e = 1 + k2(p-1)(q-1)
把第二个式子的d代换掉:
e * (dp + k1(p-1)) = 1 + k2(p-1)(q-1)
两边同时对(p-1)取模,消去k
e * dp % (p - 1) = 1
e * dp = 1 + k(p - 1)
得到这个式子之后我们就可以通过爆破k的方式来求出p,进而求出d。
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月02日
"""
import gmpy2
from Crypto.Util.number import long_to_bytes
e = 65537
n = 248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113
dp = 905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657
c = 140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751
for i in range(1, e):
if (dp * e - 1) % i == 0:
if n % (((dp * e - 1) // i) + 1) == 0:
p = ((dp * e - 1) // i) + 1
q = n // (((dp * e - 1) // i) + 1)
d = gmpy2.invert(e, (p-1)*(q-1))
m = pow(c, d, n)
print(m)
print(long_to_bytes(m))
得到flag:flag{wow_leaking_dp_breaks_rsa?_98924743502}
29.还原大师
原题:我们得到了一串神秘字符串:TASC?O3RJMV?WDJKX?ZM,问号部分是未知大写字母,为了确定这个神秘字符串,我们通过了其他途径获得了这个字串的32位MD5码。但是我们获得它的32位MD5码也是残缺不全,E903???4DAB????08?????51?80??8A?,请猜出神秘字符串的原本模样,并且提交这个字串的32位MD5码作为答案。 注意:得到的 flag 请包上 flag{} 提交
直接暴力破解:上脚本
import string
from itertools import product
import hashlib
raw=list("TASC?O3RJMV?WDJKX?ZM")
md5="E903???4DAB????08?????51?80??8A"
table=string.ascii_uppercase
for val in product(table,repeat=3):
raw[4]=val[0];raw[11]=val[1];raw[-3]=val[2]
md=hashlib.md5("".join(raw).encode()).hexdigest().upper()
if md[:4]==md5[:4]:
print(md)
30.异性相吸
原题:最近出现了一个奇葩观点,说性别都不一样,怎么能谈恋爱?为了证明这个观点错误,请大家证明异性是相吸的。 注意:得到的 flag 请包上 flag{} 提交,下载附件,有两个文件,其中一个是key.txt:asadsasdasdasdasdasdasdasdasdasdqwesqf,另外一个密文打不开。
解题:本题一直强调异性,由此猜测是异或,网上大多wp都是要先转2进制010,但是其实并不用。以下给出解题代码:
from Crypto.Util.number import *
from binascii import unhexlify
with open("F:/百度网盘/b8c1caee-43d6-42ee-aecc-d72502a5ade2/key.txt","rb") as f:
file1=(bytes_to_long(f.read()))
with open("F:/百度网盘/b8c1caee-43d6-42ee-aecc-d72502a5ade2/密文.txt","rb") as f:
file2=(bytes_to_long(f.read()))
re=file1^file2
c=hex(re)[2:]
print(unhexlify(c))
得到flag:flag{ea1bc0988992276b7f95b54a7435e89e}
31.RSA
原题:给了两个文件flag.enc和pub.key。其中pub.key可以直接打开。我用的是脚本,但是还是解释一下把:一下是pub.key的内容
-----BEGIN PUBLIC KEY-----
MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMAzLFxkrkcYL2wch21CM2kQVFpY9+7+ --> n
/AvKr1rzQczdAgMBAAE= --> e
-----END PUBLIC KEY-----
关于key.pub文件的内容,请看这篇文章:https://blog.csdn.net/he25819/article/details/119467334
我们可以直接拿到网站上去得到n和e的值,不过那么太没有技术含量了,我们还是写脚本。
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2023年12月27日
"""
import rsa
import base64
from Crypto.PublicKey import RSA
from Crypto.Util.number import *
with open('****/pub.key' ,'r') as f:
key= RSA.importKey(f.read())
public_key=key.publickey().exportKey()
# private_key=key.exportKey()
# print(public_key.decode())
# print(private_key.decode())
n=key.n
print(n)
e=key.e
print(e) #得到n之后分解n
q=863653476616376575308866344984576466644942572246900013156919
p=965445304326998194798282228842484732438457170595999523426901
phi=(q-1)*(p-1)
d=inverse(e,phi)
private_key=rsa.PrivateKey(n,e,d,q,p) #直接得到私钥.
with open('****/flag.enc' ,'r') as fi:
m=fi.read()
print(m)
m=base64.b64decode(m)
print(rsa.decrypt(m,private_key))
32.RSAROLL
原题:题目.txt:RSA roll!roll!roll!Only number and a-z(don't use editor which MS provide)
查看代码
{920139713,19}
704796792
752211152
274704164
18414022
368270835
483295235
263072905
459788476
483295235
459788476
663551792
475206804
459788476
428313374
475206804
459788476
425392137
704796792
458265677
341524652
483295235
534149509
425392137
428313374
425392137
341524652
458265677
263072905
483295235
828509797
341524652
425392137
475206804
428313374
483295235
475206804
459788476
306220148
看到这题你或许会很懵,但是看到{920139713,19},你很容易想到给出了公钥,n和e。下面的数字需要一个一个解密:
from Crypto.Util.number import *
n=920139713
e=19
q=18443
p=49891
li=704796792
phi=(q-1)*(p-1)
d=inverse(e,phi)
with open("F:\百度网盘/02c01a13-3a86-47de-8648-f03328a5e5d8\RsaRoll/data.txt","r") as f:
f.readline();f.readline()
c=f.read().strip().split("\n");
m=""
for i in c:
m+=chr(pow(int(i),d,n))
print(m)
得到flag:flag{13212je2ue28fy71w8u87y31r78eu1e2}
33.Dangerous RSA
#n: 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793L
#e: 0x3
#c:0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
so,how to get the message?
可以看到n很大,e很小,为低加密指数攻击。
import gmpy2
import os
from functools import reduce
from Crypto.Util.number import long_to_bytes
def CRT(items):
N = reduce(lambda x, y: x * y, (i[1] for i in items))
result = 0
for a, n in items:
m = N // n
d, r, s = gmpy2.gcdext(n, m)
if d != 1:
raise Exception("Input not pairwise co-prime")
result += a * s * m
return result % N, N
# e, n, c
e = 0x3
n=[0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793]
c=[0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365]
data = list(zip(c, n))
x, n = CRT(data)
m = gmpy2.iroot(gmpy2.mpz(x), e)[0].digits()
print('m is: ' ,long_to_bytes(m))
34.[HDCTF2019]basic rsa
import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
flag = "*****************"
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p*q
c = pow(int(b2a_hex(flag),16),e,n)
print c
# 27565231154623519221597938803435789010285480123476977081867877272451638645710
非常简单给出解题代码
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月30日
"""
import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
# c = pow(int(b2a_hex(flag),16),e,n)
c=27565231154623519221597938803435789010285480123476977081867877272451638645710
m=pow(c,d,n)
m=long_to_bytes(m)
print(m)
35.[GXYCTF2019]CheckIn
原题:dikqTCpfRjA8fUBIMD5GNDkwMjNARkUwI0BFTg==
base64解码后得到:v)*L*_F0<}@H0>F49023@FE0#@EN
v对应G(GXY)或f(flag)
v到G位移47用ROT47解密 ,关于ROT位移密码,请看https://www.cnblogs.com/swordcreater/p/12562077.html
得到flag:GXY{Y0u_kNow_much_about_Rot}
36.Cipher
还能提示什么呢?公平的玩吧(密钥自己找) Dncnoqqfliqrpgeklwmppu 注意:得到的 flag 请包上 flag{} 提交, flag{小写字母}
试了各种都解不出来,看了网上的答案才知道是“普莱费尔密码”(playfair)
密钥是playfair,参考:https://blog.csdn.net/weixin_45859850/article/details/109822044
其实题目也暗示你了:“公平的玩吧”
flag:Itisnotaproblemhavefun
37.密码学的心声
二战时期,某国军官与一个音乐家情妇相好,然而自从那时起,他屡战屡败,敌人似乎料事如神。他也有怀疑过他的情妇,但是他经过24小时观察他的情妇,发现她每天都只是作曲,然后弹奏给战地电台,为士兵们鼓气,并未有任何逾越。那么,间谍到底是谁?这张曲谱是否有猫腻? (答案为一个明文字符串,提交获得的有意义语句通顺字符串即可) 注意:得到的 flag 请包上 flag{} 提交
思想8进制转十进制再转ASCII,以下给出解题脚本:
a="111,114,157,166,145,123,145,143,165,162,151,164,171,126,145,162,171,115,165,143,150"
li=a.split(",")
flag=""
for i in li:
flag+=chr(int(i,8))
print(flag)
得到flag:ILoveSecurityVeryMuch4
38.[GUET-CTF2019]BabyRSA
原题:
p+q : 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
(p+1)(q+1) : 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
e : 0xe6b1bee47bd63f615c7d0a43c529d219
d : 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
enc_flag : 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
(p+1)*(q+1)=n+q+p+1.
所以可以直接求出n。
而phi=(p-1)*(q-1)=n-q-p+1
给出解题脚本
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月30日
"""
import gmpy2
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
sum1 =0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
n1=0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
e =0xe6b1bee47bd63f615c7d0a43c529d219
d =0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
c=0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
n = n1-sum1-1
print(n)
phi=n-sum1+1
d=inverse(e,phi)
# c = pow(int(b2a_hex(flag),16),e,n)
m=pow(c,d,n)
m=long_to_bytes(m)
print(m)
39.[BJDCTF2020]这是base??
原题:dict:{0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
chipertext:
FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw
自己编的base64表,我们要将它还原
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月03日
"""
dict={0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
chipertext="FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw"
table="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
result=""
ds=''
for i in range(65):
ds+=dict[i]
for i in chipertext:
result+=table[ds.find(i)]
print(result)
转出来的东西,再经过base64转码,得到flag:BJD{D0_Y0u_kNoW_Th1s_b4se_map}
40.robomunication
整理后得到:.... . .-.. .-.. --- .-- .... .- - .. ... - .... . -.- . -.-- .. - .. ... -... --- --- .--. -... . . .--.
翻译得
密码是:HELLOWHATISTHEKEYITISBOOPBEEP
41.rsa2
原题:
N = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085
import hashlib
flag = "flag{" + hashlib.md5(hex(d)).hexdigest() + "}"
尝试分解n,e很大。尝试wiener利用。
这道题的确是wiener利用。但是解题网站的确能分出p和q。
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月30日
"""
import owiener
import hashlib
from Crypto.Util.number import *
n = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085
d = owiener.attack(e, n)
# q=9046853915223503351787031888977627106934564043204783593118678181991596316582877057556463152579621699010610569526573031954779520781448550677767565207407183
# p=11273732364123571293429600400343309403733952146912318879993851141423284675797325272321856863528776914709992821287788339848962916204774010644058033316303937
# phi=(p-1)*(q-1)
# d1=inverse(e,phi)
if d is None:
print("Failed")
else:
print("Hacked d={}".format(d))
print(hex(d))
flag = "flag{" + hashlib.md5((hex(d)+'L').encode()).hexdigest() + "}"
print(flag)
42.RSA5
给了很多c和n应该解出来都是明文m。寻找其中两个人的最大公因数。
给出解题代码。
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月31日
"""
nli=[]
cli=[]
from Crypto.Util.number import *
from functools import reduce
with open("F:/百度网盘/a60bcf65-3587-46cc-a595-0be5aaf2326f/1.txt","r") as f:
print(f.readline(),end="");print(f.readline(),end="");print(f.readline(),end="");
while True:
nli.append(int(f.readline()[4:-1]))
cli.append(int(f.readline()[4:-1]))
if str(cli[-1]).startswith("3862"):
break
f.readline()
for i in range(len(nli)):
for j in range(i+1,len(nli)):
if GCD(nli[i],nli[j]) != 1:
print(f"{i,j},{GCD(nli[i],nli[j])}")
n=nli[4]
c=cli[4]
p=132585806383798600305426957307612567604223562626764190211333136246643723811046149337852966828729052476725552361132437370521548707664977123165279305052971868012755509160408641100548744046621516877981864180076497524093201404558036301820216274968638825245150755772559259575544101918590311068466601618472464832499
q=n//p
print(q)
phi=(p-1)*(q-1)
d=inverse(65537,phi)
m=pow(c,d,n)
print(long_to_bytes(m))
43.达芬奇密码
参考WP:https://www.cnblogs.com/scarecr0w7/p/17377110.html
斐波那契数列还原顺序
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月31日
"""
a = "0 1 2 3 5 8 13 21 34 55 89 144 233 377 610 987 1597 2584 4181 6765 10946 17711 28657 46368 75025 121393 196418 317811 514229 832040 1346269 2178309"
b = "0 233 3 2584 1346269 144 5 196418 21 1597 610 377 10946 89 514229 987 8 55 6765 2178309 121393 317811 46368 4181 1 832040 2 28657 75025 34 13 17711"
a = a.split(" ")
b = b.split(" ")
flag = []
m = "36968853882116725547342176952286"
for i in range(len(a)):
for j in range(len(a)):
if a[i] == b[j]:
flag.append(m[j])
break
print(''.join(flag))
44.[WUSTCTF2020]佛说:只能四天
45.[MRCTF2020]古典密码知多少
猪圈密码加圣堂武士密码。
flag{CRYPTOFUN}
46.rot
原题:83 89 78 84 45 86 96 45 115 121 110 116 136 132 132 132 108 128 117 118 134 110 123 111 110 127 108 112 124 122 108 118 128 108 131 114 127 134 108 116 124 124 113 108 76 76 76 76 138 23 90 81 66 71 64 69 114 65 112 64 66 63 69 61 70 114 62 66 61 62 69 67 70 63 61 110 110 112 64 68 62 70 61 112 111 112
看样子很像ASCII码,但有些不是,结合rot。
ROT5、ROT13、ROT18、ROT47 编码是一种简单的码元位置顺序替换暗码。此类编码具有可逆性,可以自我解密,主要用于应对快速浏览,或者是机器的读取,而不让其理解其意。
ROT5 是 rotate by 5 places 的简写,意思是旋转5个位置,其它皆同。下面分别说说它们的编码方式:
ROT5:只对数字进行编码,用当前数字往前数的第5个数字替换当前数字,例如当前为0,编码后变成5,当前为1,编码后变成6,以此类推顺序循环。
ROT13:只对字母进行编码,用当前字母往前数的第13个字母替换当前字母,例如当前为A,编码后变成N,当前为B,编码后变成O,以此类推顺序循环。
ROT18:这是一个异类,本来没有,它是将ROT5和ROT13组合在一起,为了好称呼,将其命名为ROT18。
ROT47:对数字、字母、常用符号进行编码,按照它们的ASCII值进行位置替换,用当前字符ASCII值往前数的第47位对应字符替换当前字符,例如当前为小写字母z,编码后变成大写字母K,当前为数字0,编码后变成符号_。用于ROT47编码的字符其ASCII值范围是33-126,具体可参考ASCII编码。
前移13位后,得到提示
FLAG IS flag{www_shiyanbar_com_is_very_good_????}
MD5:38e4c352809e150186920aac37190cbc
看样子要破解后4位,于是开始编脚本:开始只用了小写字母表发现找不到,于是扩大范围。大约要运行几分钟。
import string
import itertools
import hashlib
a="83 89 78 84 45 86 96 45 115 121 110 116 136 132 132 132 108 128 117 118 134 110 123 111 110 127 108 112 124 122 108 118 128 108 131 114 127 134 108 116 124 124 113 108 76 76 76 76 138 23 90 81 66 71 64 69 114 65 112 64 66 63 69 61 70 114 62 66 61 62 69 67 70 63 61 110 110 112 64 68 62 70 61 112 111 112"
b=a.split(" ")
re=""
for i in b:
re+=chr(int(i)-13)
# print(re)
# FLAG IS flag{www_shiyanbar_com_is_very_good_????}
# MD5:38e4c352809e150186920aac37190cbc
FLAG="flag{www_shiyanbar_com_is_very_good_"
MD5="38e4c352809e150186920aac37190cbc"
table=string.printable[:96] #可打印字符
print("运行中......")
for j in itertools.product(table,repeat=4):
j="".join(j)
md=hashlib.md5((FLAG+str(j)+"}").encode()).hexdigest()
if md==MD5:
print(FLAG+j+"}")
break
else:print("NO FIND")
47.这是什么
查看16进制,发现一堆奇怪的字符。
将后缀改成html。
控制台运行。会弹出flag。
48.[NCTF2019]childRSA
原题:
n可以直接分解。也可以减1后分解质因数。
49.[HDCTF2019]bbbbbbrsa
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
c = ==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM
以下是解题代码
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月31日
"""
import base64
from base64 import b64encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import random
# e = random.randint(50000,70000)
# while True:
# if gcd(e,phi) == 1:
# break;
# else:
# e -= 1;
c = "==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM"
# print(base64.b64decode(c[::-1]))
# c = pow(int(b2a_hex(flag),16),e,n)
# print(b64encode(str(c))[::-1])
# 2373740699529364991763589324200093466206785561836101840381622237225512234632
p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
c=2373740699529364991763589324200093466206785561836101840381622237225512234632
q=n//p
phi = (p-1)*(q-1)
for i in range(50000,70000):
if GCD(phi,i)==1:
d=inverse(i,phi)
m=str(long_to_bytes(pow(c,d,n)))
if 'flag' in m or 'ctf' in m :
print(m)
# while True:
# if gcd(e,phi) == 1:
# break;
# else:
# e -= 1;
50.keyboard
原题:ooo yyy ii w uuu ee uuuu yyy uuuu y w uuu i i rr w i i rr rrr uuuu rrr uuuu t ii uuuu i w u rrr ee www ee yyy eee www w tt ee
脑洞实在是太大了,想不出来。
参考了其他人的博客:https://blog.csdn.net/m0_69764745/article/details/131473760
flag:flag{youaresosmartthatthisisjustapieceofcake}
51.RSA4
给了三组n与c。
对C开3次方就可以求出m
https://www.cnblogs.com/Mr-small/p/13615916.html
https://blog.csdn.net/sm1918451478/article/details/127351799
import gmpy2
import binascii
# 利用中国剩余定理求解同余方程,aList:余数,mList:模数
def CRT(aList, mList):
M = 1
for i in mList:
M = M * i # 计算M = ∏ mi
# print(M)
x = 0
for i in range(len(mList)):
Mi = M // mList[i] # 计算Mi
Mi_inverse = gmpy2.invert(Mi, mList[i]) # 计算Mi的逆元
x += aList[i] * Mi * Mi_inverse # 构造x各项
x = x % M
return x
if __name__ == "__main__":
# ========== n c ==========
n1 = "331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413033243132101010422240133122211400434023222214231402403403200012221023341333340042343122302113410210110221233241303024431330001303404020104442443120130000334110042432010203401440404010003442001223042211442001413004"
c1 = "310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243"
n2 = "302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114"
c2 = "112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344"
n3 = "332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323"
c3 = "10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242"
cList = [int(c1, 5), int(c2, 5), int(c3, 5)]
nList = [int(n1, 5), int(n2, 5), int(n3, 5)]
m_e = CRT(cList, nList) # 计算m^e
for e in range(1, 10): # 遍历e求解
m, f = gmpy2.iroot(m_e, e) # m_e开e次根
print("加密指数e = %d:" % e)
m = hex(m)[2:]
if len(m) % 2 == 1:
m = m + '0' # binascii.unhexlify()参数长度必须为偶数,因此做一下处理
flag = binascii.unhexlify(m)
print(flag)
52
53.[BJDCTF2020]RSA
模不互素
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2024年01月31日
"""
from Crypto.Util.number import *
#
# assert(e<100000)
# c=pow(m,e,n)
# print c,n
# print pow(294,e,n)
#
# p=getPrime(1024)
# n=p*q
# m=bytes_to_long("BJD"*32)
# c=pow(m,e,n)
# print c,n
c1=12641635617803746150332232646354596292707861480200207537199141183624438303757120570096741248020236666965755798009656547738616399025300123043766255518596149348930444599820675230046423373053051631932557230849083426859490183732303751744004874183062594856870318614289991675980063548316499486908923209627563871554875612702079100567018698992935818206109087568166097392314105717555482926141030505639571708876213167112187962584484065321545727594135175369233925922507794999607323536976824183162923385005669930403448853465141405846835919842908469787547341752365471892495204307644586161393228776042015534147913888338316244169120
n1=13508774104460209743306714034546704137247627344981133461801953479736017021401725818808462898375994767375627749494839671944543822403059978073813122441407612530658168942987820256786583006947001711749230193542370570950705530167921702835627122401475251039000775017381633900222474727396823708695063136246115652622259769634591309421761269548260984426148824641285010730983215377509255011298737827621611158032976420011662547854515610597955628898073569684158225678333474543920326532893446849808112837476684390030976472053905069855522297850688026960701186543428139843783907624317274796926248829543413464754127208843070331063037
c294=381631268825806469518166370387352035475775677163615730759454343913563615970881967332407709901235637718936184198930226303761876517101208677107311006065728014220477966000620964056616058676999878976943319063836649085085377577273214792371548775204594097887078898598463892440141577974544939268247818937936607013100808169758675042264568547764031628431414727922168580998494695800403043312406643527637667466318473669542326169218665366423043579003388486634167642663495896607282155808331902351188500197960905672207046579647052764579411814305689137519860880916467272056778641442758940135016400808740387144508156358067955215018
c2=979153370552535153498477459720877329811204688208387543826122582132404214848454954722487086658061408795223805022202997613522014736983452121073860054851302343517756732701026667062765906277626879215457936330799698812755973057557620930172778859116538571207100424990838508255127616637334499680058645411786925302368790414768248611809358160197554369255458675450109457987698749584630551177577492043403656419968285163536823819817573531356497236154342689914525321673807925458651854768512396355389740863270148775362744448115581639629326362342160548500035000156097215446881251055505465713854173913142040976382500435185442521721
n2=12806210903061368369054309575159360374022344774547459345216907128193957592938071815865954073287532545947370671838372144806539753829484356064919357285623305209600680570975224639214396805124350862772159272362778768036844634760917612708721787320159318432456050806227784435091161119982613987303255995543165395426658059462110056431392517548717447898084915167661172362984251201688639469652283452307712821398857016487590794996544468826705600332208535201443322267298747117528882985955375246424812616478327182399461709978893464093245135530135430007842223389360212803439850867615121148050034887767584693608776323252233254261047
q=GCD(n1,n2)
p=n1//q
for i in range(100000):
z=pow(294,i,n1)
if(z==c294):
e=i
phi=(p-1)*(q-1)
d=inverse(e,phi)
m=pow(c1,d,n1)
print(long_to_bytes(m))
54.[BJDCTF2020]rsa_output
n一样,共模攻击
# -*- coding:utf-8 -*-
"""
作者:Wang Xinwei
日期:2023年12月25日
"""
from Crypto.Util.number import *
def edge(a,b):
u,u1=1,0
v,v1=0,1
while b:
q,r=divmod(a,b) #返回除数和商
u,u1=u1,u-q*u1
v,v1=v1,v-q*v1
a,b=b,r
return u,v,a
n=21058339337354287847534107544613605305015441090508924094198816691219103399526800112802416383088995253908857460266726925615826895303377801614829364034624475195859997943146305588315939130777450485196290766249612340054354622516207681542973756257677388091926549655162490873849955783768663029138647079874278240867932127196686258800146911620730706734103611833179733264096475286491988063990431085380499075005629807702406676707841324660971173253100956362528346684752959937473852630145893796056675793646430793578265418255919376323796044588559726703858429311784705245069845938316802681575653653770883615525735690306674635167111
e1=2767
e2=3659
c1=20152490165522401747723193966902181151098731763998057421967155300933719378216342043730801302534978403741086887969040721959533190058342762057359432663717825826365444996915469039056428416166173920958243044831404924113442512617599426876141184212121677500371236937127571802891321706587610393639446868836987170301813018218408886968263882123084155607494076330256934285171370758586535415136162861138898728910585138378884530819857478609791126971308624318454905992919405355751492789110009313138417265126117273710813843923143381276204802515910527468883224274829962479636527422350190210717694762908096944600267033351813929448599
c2=11298697323140988812057735324285908480504721454145796535014418738959035245600679947297874517818928181509081545027056523790022598233918011261011973196386395689371526774785582326121959186195586069851592467637819366624044133661016373360885158956955263645614345881350494012328275215821306955212788282617812686548883151066866149060363482958708364726982908798340182288702101023393839781427386537230459436512613047311585875068008210818996941460156589314135010438362447522428206884944952639826677247819066812706835773107059567082822312300721049827013660418610265189288840247186598145741724084351633508492707755206886202876227
r,s,_=edge(e1,e2)
if r<0:
r=-r
c1=inverse(c1,n)
else:
s=-s
c2=inverse(c2,n) #取逆元
m = pow(c1,r,n)*pow(c2,s,n) %n
print(long_to_bytes(m))
55.[BJDCTF2020]signin
welcome to crypto world!!
密文:424a447b57653163306d655f74345f424a444354467d
16进制解密,BJD{We1c0me_t4_BJDCTF}
56.
57.[ACTF新生赛2020]crypto-rsa0
参考https://blog.csdn.net/sm1918451478/article/details/127415577
58.[WUSTCTF2020]babyrsa
c = 28767758880940662779934612526152562406674613203406706867456395986985664083182
n = 73069886771625642807435783661014062604264768481735145873508846925735521695159
e = 65537
59.[MRCTF2020]vigenere
在线网站:https://www.guballa.de/vigenere-solver