2023安洵杯
各位师傅若发现有问题,评论戳我
Crypto
signin
from Crypto.Util.number import *
from random import *
from sage.all import *
flag = b'--hidden_message--'
data1 = getPrime(256)
data2 = getPrime(256)
m = bytes_to_long(flag)+data2
prec = 600
ring = RealField(prec)
data3 = ring(data1) / ring(data2)
print(data3)
while True:
p = randint(2**255, data1)
q = randint(2**255, data2)
if isPrime(p) and isPrime(q) and p!=q:
break
n = p*q
e = 65537
leak = pow(p-q, data1, data1*data2)
c = pow(m, e, n)
print(c)
print(n)
print(leak)
'''
1.42870767357206600351348423521722279489230609801270854618388981989800006431663026299563973511233193052826781891445323183272867949279044062899046090636843802841647378505716932999588
1046004343125860480395943301139616023280829254329678654725863063418699889673392326217271296276757045957276728032702540618505554297509654550216963442542837
2793178738709511429126579729911044441751735205348276931463015018726535495726108249975831474632698367036712812378242422538856745788208640706670735195762517
1788304673303043190942544050868817075702755835824147546758319150900404422381464556691646064734057970741082481134856415792519944511689269134494804602878628
'''
求解data1和data2想到的是应用连分数攻击,找到分子分母256bit的渐进分数逼近data3
#sage
data3=1.42870767357206600351348423521722279489230609801270854618388981989800006431663026299563973511233193052826781891445323183272867949279044062899046090636843802841647378505716932999588
c = continued_fraction(data3)
alist = c.convergents()
for i in alist:
a = str(i).split('/')
if len(a)>1 and gcd(int(a[0]),int(a[1])) == 1 and is_prime(int(a[0])) and is_prime(int(a[1])) and int(a[0]).bit_length()==256 and int(a[1]).bit_length()==256:
print(a)
#['97093002077798295469816641595207740909547364338742117628537014186754830773717','67958620138887907577348085925738704755742144710390414146201367031822084270769']
然后就是求解p,q了
\[leak=(p-q)^{data1}\pmod {data1*data2}
\]
\[(p-q)^{data1}\pmod{data1}=leak\pmod{data1}
\]
\[p-q=leak\pmod {data1}
\]
所以解方程即可得到p和q,最终wp:
#sage
from Crypto.Util.number import *
import sympy
data3=1.42870767357206600351348423521722279489230609801270854618388981989800006431663026299563973511233193052826781891445323183272867949279044062899046090636843802841647378505716932999588
c=1046004343125860480395943301139616023280829254329678654725863063418699889673392326217271296276757045957276728032702540618505554297509654550216963442542837
n=2793178738709511429126579729911044441751735205348276931463015018726535495726108249975831474632698367036712812378242422538856745788208640706670735195762517
leak=1788304673303043190942544050868817075702755835824147546758319150900404422381464556691646064734057970741082481134856415792519944511689269134494804602878628
e=65537
c1 = continued_fraction(data3)
alist = c1.convergents()
for i in alist:
a = str(i).split('/')
if len(a)>1 and gcd(int(a[0]),int(a[1])) == 1 and is_prime(int(a[0])) and is_prime(int(a[1])) and int(a[0]).bit_length()==256 and int(a[1]).bit_length()==256:
data1=int(a[0])
data2=int(a[1])
leak1=leak%data1
p,q = sympy.symbols("p q")
h = sympy.solve([p*q-n,p-q-leak1],[p,q])
p=h[1][0]
q=h[1][1]
d=inverse(e,(p-1)*(q-1))
m=pow(c,d,n)
print(long_to_bytes(m-data2))
CrazyTreat
from Crypto.Util.number import *
from random import randint
from secret import flag
def TrickPrime(bits):
p = getPrime(bits)
q = getPrime(bits)
cut = randint(1,256)
temp = p*q
print('clown =',temp)
game = (p&(2**bits-1)) >>cut<<cut #p高位需要给出
print("trick =",game)
return p,q
def CrazyPrime(nbits):
p = getPrime(nbits)
q = getPrime(nbits)
r = getPrime(nbits)
n = p * q * r
print("n =", n)
m = getPrime(256)
P = pow(m, p, n)
Q = pow(m, q, n)
R = pow(m, r, n)
print("P =", P)
print("Q =", Q)
print("R =", R)
return m
P,Q = TrickPrime(512)
R = CrazyPrime(512)
N =P*Q*R
phi = (P-1)*(Q-1)*(R-1)
e = 65537
d = inverse(e,phi)
m = bytes_to_long(flag)
c = pow(m,e,N)
print("c = ",c)
'''
clown = 128259792862716016839189459678072057136816726330154776961595353705839428880480571473066446384217522987161777524953373380960754160008765782711874445778198828395697797884436326877471408867745183652189648661444125231444711655242478825995283559948683891100547458186394738621410655721556196774451473359271887941209
trick = 13053422630763887754872929794631414002868675984142851995620494432706465523574529389771830464455212126838976863742628716168391373019631629866746550551576576
n = 924936528644761261915490226270682878749572154775391302241867565751616615723850084742168094776229761548826664906020127037598880909798055174894996273670320006942669796769794827782190025101253693980249267932225152093301291975335342891074711919668098647971235568200490825183676601392038486178409517985098598981313504275523679007669267428032655295176395420598988902864122270470643591017567271923728446920345242491655440745259071163984046349191793076143578695363467259
P = 569152976869063146023072907832518894975041333927991456910198999345700391220835009080679006115013808845384796762879536272124713177039235766835540634080670611913370463720348843789609330086898067623866793724806787825941048552075917807777474750280276411568158631295041513060119750713892787573668959642318994049493233526305607509996778047209856407800405714104373282610244944206314614906974275396096712817649817035559000245832673082730407216670764400076473183825246052
Q = 600870923560313304359037202752076267074889238956345564584928427345594724253036201151726541881494799597966727749590645445697106549304014936202421316051605075583257261728145977582815350958084624689934980044727977015857381612608005101395808233778123605070134652480191762937123526142746130586645592869974342105683948971928881939489687280641660044194168473162316423173595720804934988042177232172212359550196783303829050288001473419477265817928976860640234279193511499
R = 502270534450244040624190876542726461324819207575774341876202226485302007962848054723546499916482657212105671666772860609835378197021454344356764800459114299720311023006792483917490176845781998844884874288253284234081278890537021944687301051482181456494678641606747907823086751080399593576505166871905600539035162902145778102290387464751040045505938896117306913887015838631862800918222056118527252590990688099219298296427609455224159445193596547855684004680284030
c = 10585127810518527980133202456076703601165893288538440737356392760427497657052118442676827132296111066880565679230142991175837099225733564144475217546829625689104025101922826124473967963669155549692317699759445354198622516852708572517609971149808872997711252940293211572610905564225770385218093601905012939143618159265562064340937330846997881816650140361013457891488134685547458725678949
'''
主要目的就是求P,Q,R
求P,Q:
很简单,爆破cut,p高位攻击即可
def decrypto1(high_p, n):
R.<x> = PolynomialRing(Zmod(n))
p = high_p + x
for cut in tqdm(range(1,256)):
x0 = p.small_roots(X = 2^cut, beta = 0.4)
if x0!=[] and isPrime(x0[0]+high_p):
return x0[0]+high_p
求R:
需要化简一下了
\[m^p\pmod n,m^q\pmod n,m^r\pmod n
\]
\[根据费马定理得:m=P\pmod p,m=Q\pmod q,m=R\pmod r
\]
\[P=m+i*p,Q=m+j*q,R=m+k*r
\]
\[为了方便,设i*p=x1,j*q=x2,k*r=x3
\]
\[P*Q*R=(m+x1)(m+x2)(m+x3)
\]
\[化简得:m^3+(x1+x2+x3)*m^2+(x1x2+x1x3+x2x3)*m+x1x2x3 \space---- (1)
\]
\[P+Q+R=3*m+x1+x2+x3
\]
\[(P+Q+R)*m^2=3*m^3+(x1+x2+x3)*m^2
\]
\[m^3+(x1+x2+x3)*m^2=(P+Q+R)*m^2-2*m^3 \space---- (2)
\]
\[x1=P-m
\]
\[x2=Q-m
\]
\[x3=R-m
\]
\[x1*x2=P*Q-(P+Q)*m+m^2
\]
\[x1*x3=P*R-(P+R)*m+m^2
\]
\[x2*x3=Q*R-(Q+R)*m+m^2
\]
\[(x1x2+x1x3+x2x3)*m=3*m^3-(2P+2Q+2R)*m^2+(PQ+PR+QR)*m \space---- (3)
\]
\[将2式和3式带入1式得:
\]
\[P*Q*R=m^3-(P+Q+R)*m^2+(P*Q+Q*R+P*R)*m+x1x2x3
\]
\[P*Q*R=m^3-(P+Q+R)*m^2+(P*Q+Q*R+P*R)*m+i*j*k*n
\]
\[m^3-(P+Q+R)*m^2+(P*Q+Q*R+P*R)*m-P*Q*R\equiv 0\pmod n
\]
运用Coppersmith原理解等式即可
最终wp:
from tqdm import *
from Crypto.Util.number import *
clown = 128259792862716016839189459678072057136816726330154776961595353705839428880480571473066446384217522987161777524953373380960754160008765782711874445778198828395697797884436326877471408867745183652189648661444125231444711655242478825995283559948683891100547458186394738621410655721556196774451473359271887941209
trick = 13053422630763887754872929794631414002868675984142851995620494432706465523574529389771830464455212126838976863742628716168391373019631629866746550551576576
n = 924936528644761261915490226270682878749572154775391302241867565751616615723850084742168094776229761548826664906020127037598880909798055174894996273670320006942669796769794827782190025101253693980249267932225152093301291975335342891074711919668098647971235568200490825183676601392038486178409517985098598981313504275523679007669267428032655295176395420598988902864122270470643591017567271923728446920345242491655440745259071163984046349191793076143578695363467259
P = 569152976869063146023072907832518894975041333927991456910198999345700391220835009080679006115013808845384796762879536272124713177039235766835540634080670611913370463720348843789609330086898067623866793724806787825941048552075917807777474750280276411568158631295041513060119750713892787573668959642318994049493233526305607509996778047209856407800405714104373282610244944206314614906974275396096712817649817035559000245832673082730407216670764400076473183825246052
Q = 600870923560313304359037202752076267074889238956345564584928427345594724253036201151726541881494799597966727749590645445697106549304014936202421316051605075583257261728145977582815350958084624689934980044727977015857381612608005101395808233778123605070134652480191762937123526142746130586645592869974342105683948971928881939489687280641660044194168473162316423173595720804934988042177232172212359550196783303829050288001473419477265817928976860640234279193511499
R = 502270534450244040624190876542726461324819207575774341876202226485302007962848054723546499916482657212105671666772860609835378197021454344356764800459114299720311023006792483917490176845781998844884874288253284234081278890537021944687301051482181456494678641606747907823086751080399593576505166871905600539035162902145778102290387464751040045505938896117306913887015838631862800918222056118527252590990688099219298296427609455224159445193596547855684004680284030
c = 10585127810518527980133202456076703601165893288538440737356392760427497657052118442676827132296111066880565679230142991175837099225733564144475217546829625689104025101922826124473967963669155549692317699759445354198622516852708572517609971149808872997711252940293211572610905564225770385218093601905012939143618159265562064340937330846997881816650140361013457891488134685547458725678949
def decrypto1(high_p, n):
R.<x> = PolynomialRing(Zmod(n))
p = high_p + x
for cut in tqdm(range(1,256)):
x0 = p.small_roots(X = 2^cut, beta = 0.4)
if x0!=[] and isPrime(x0[0]+high_p):
return x0[0]+high_p
def decrypto2(P,Q,R,n):
PR.<m> = PolynomialRing(Zmod(n))
f = m^3-(P+Q+R)*m^2+(P*Q+Q*R+P*R)*m-P*Q*R
f=f.monic()
x0 = f.small_roots(X=2^256)
return x0[0]
P1=int(decrypto1(trick,clown))
Q1=clown//P1
R1=int(decrypto2(P,Q,R,n))
N =P1*Q1*R1
phi = (P1-1)*(Q1-1)*(R1-1)
d=inverse(e,phi)
m=pow(c,d,N)
print(long_to_bytes(m))
#SYC{N0b0dy_Kn0vvs_CryPt0_be7t3r_7haN_Me}
Alexei needs help
from random import randint
import gmpy2 as gp
from Crypto.Util.number import *
from Crypto.Cipher import AES
from hashlib import md5
from binascii import *
from secret import flag
a,b = randint(2,2**512), randint(2,2**512)
m = getPrime(512)
n = 2023
seq = [randint(2,2**512) for _ in range(10)]
def seqsum(i):
ans = 0
for j in range(len(seq)):
ans += gp.powmod(i,j,m)*seq[j]
return ans
def homework(i):
if i == 1:
return 1
if i == 2:
return 1
else:
return (a*homework(i-1)+b*homework(i-2)+seqsum(i))%m
ans = homework(n)
k = unhexlify(md5(str(ans).encode()).hexdigest())
aes = AES.new(k,AES.MODE_ECB)
data = flag + (16-len(flag)%16)*b"\x00"
ct = hexlify(aes.encrypt(data))
print('a = ',a)
print('b = ',b)
print('m = ',m)
print('seq = ',seq)
print('ct = ',ct)
'''
a = 12760960185046114319373228302773710922517145043260117201359198182268919830481221094839217650474599663154368235126389153552714679678111020813518413419360215
b = 10117047970182219839870108944868089481578053385699469522500764052432603914922633010879926901213308115011559044643704414828518671345427553143525049573118673
m = 9088893209826896798482468360055954173455488051415730079879005756781031305351828789190798690556659137238815575046440957403444877123534779101093800357633817
seq = [1588310287911121355041550418963977300431302853564488171559751334517653272107112155026823633337984299690660859399029380656951654033985636188802999069377064, 12201509401878255828464211106789096838991992385927387264891565300242745135291213238739979123473041322233985445125107691952543666330443810838167430143985860, 13376619124234470764612052954603198949430905457204165522422292371804501727674375468020101015195335437331689076325941077198426485127257539411369390533686339, 8963913870279026075472139673602507483490793452241693352240197914901107612381260534267649905715779887141315806523664366582632024200686272718817269720952005, 5845978735386799769835726908627375251246062617622967713843994083155787250786439545090925107952986366593934283981034147414438049040549092914282747883231052, 9415622412708314171894809425735959412573511070691940566563162947924893407832253049839851437576026604329005326363729310031275288755753545446611757793959050, 6073533057239906776821297586403415495053103690212026150115846770514859699981321449095801626405567742342670271634464614212515703417972317752161774065534410, 3437702861547590735844267250176519238293383000249830711901455900567420289208826126751013809630895097787153707874423814381309133723519107897969128258847626, 2014101658279165374487095121575610079891727865185371304620610778986379382402770631536432571479533106528757155632259040939977258173977096891411022595638738, 10762035186018188690203027733533410308197454736009656743236110996156272237959821985939293563176878272006006744403478220545074555281019946284069071498694967]
ct = 37dc072bdf4cdc7e9753914c20cbf0b55c20f03249bacf37c88f66b10b72e6e678940eecdb4c0be8466f68fdcd13bd81
'''
这a,b,m,seq都给你了,直接求ans即可
不够直接用原题的函数解ans,报错maximum recursion depth exceeded in comparison.
直接丢进chatgpt改一下函数即可
最终wp:
from Crypto.Cipher import AES
from binascii import *
import gmpy2
import hashlib
a = 12760960185046114319373228302773710922517145043260117201359198182268919830481221094839217650474599663154368235126389153552714679678111020813518413419360215
b = 10117047970182219839870108944868089481578053385699469522500764052432603914922633010879926901213308115011559044643704414828518671345427553143525049573118673
m = 9088893209826896798482468360055954173455488051415730079879005756781031305351828789190798690556659137238815575046440957403444877123534779101093800357633817
seq = [1588310287911121355041550418963977300431302853564488171559751334517653272107112155026823633337984299690660859399029380656951654033985636188802999069377064,12201509401878255828464211106789096838991992385927387264891565300242745135291213238739979123473041322233985445125107691952543666330443810838167430143985860,13376619124234470764612052954603198949430905457204165522422292371804501727674375468020101015195335437331689076325941077198426485127257539411369390533686339,8963913870279026075472139673602507483490793452241693352240197914901107612381260534267649905715779887141315806523664366582632024200686272718817269720952005,5845978735386799769835726908627375251246062617622967713843994083155787250786439545090925107952986366593934283981034147414438049040549092914282747883231052,9415622412708314171894809425735959412573511070691940566563162947924893407832253049839851437576026604329005326363729310031275288755753545446611757793959050,6073533057239906776821297586403415495053103690212026150115846770514859699981321449095801626405567742342670271634464614212515703417972317752161774065534410,3437702861547590735844267250176519238293383000249830711901455900567420289208826126751013809630895097787153707874423814381309133723519107897969128258847626,2014101658279165374487095121575610079891727865185371304620610778986379382402770631536432571479533106528757155632259040939977258173977096891411022595638738,10762035186018188690203027733533410308197454736009656743236110996156272237959821985939293563176878272006006744403478220545074555281019946284069071498694967]
ct = '37dc072bdf4cdc7e9753914c20cbf0b55c20f03249bacf37c88f66b10b72e6e678940eecdb4c0be8466f68fdcd13bd81'
def homework(n):
if n <= 2:
return 1
a1, a2 = 1, 1
for i in range(3, n+1):
# 计算 seqsum
ans = 0
for k in range(len(seq)):
ans += gmpy2.powmod(i, k, m) * seq[k]
# 更新 a1 和 a2
a1, a2 = a2, (a*a2 + b*a1 + ans) % m
return a2
ans = homework(2023)
k = unhexlify(hashlib.md5(str(ans).encode()).hexdigest())
aes = AES.new(k, AES.MODE_ECB)
c=unhexlify(ct)
flag=aes.decrypt(c)
print(flag)
#c7ceedc7197a0d350025fff478f667293ebbaa6b'\x00\x00\x00\x00\x00\x00\x00
Alexei needs help again
想看原理转:https://tl2cents.github.io/2023/06/11/SYCTF-2023-安洵杯-Crypto-题解/
# sagemath 9.2
from random import *
import gmpy2 as gp
from Crypto.Util.number import *
from Crypto.Cipher import AES
from hashlib import md5
from binascii import *
from extend_mt19937_predictor import ExtendMT19937Predictor
seq = [2595326515, 23180772, 3997687803, 3326360477, 2276157283, 2467209954, 2500673804, 1143199883, 2641431550, 1419029027, 350264058, 4053087274, 4053958055, 2513326751, 339420864, 1011193327, 271856605, 1513947525, 2020417055, 883563173, 1547578383, 547304334, 351829798, 3642312362, 2921110987, 3148301320, 817993595, 1421185599, 1799335143, 835191090, 2150648746, 3967401199, 3003502005, 643104359, 2609214076, 3840706282, 686462863, 2978749817, 2989880195, 4116411541, 638017306, 4120616638, 1597189550, 3011705547, 3083335311, 2675246638, 2686884427, 3499126467, 4092013115, 1613371790, 1970975028, 969658130, 99110934, 3607741353, 1759331867, 2676116875, 2773617686, 2361770583, 89532012, 3083783497, 2234712564, 541053324, 2626904587, 3087162337, 2640404694, 3300233207, 3647200745, 3547410617, 3582999314, 2465603703, 2126377719, 4149124654, 138476758, 523401679, 2433383115, 3669851616, 86525204, 1374898657, 4045200933, 2868686313, 2337739152, 2281926848, 3989569066, 4070566171, 857308185, 2713842069, 1899103910, 805038016, 3704354207, 1581480981, 736387671, 2741130638, 507077521, 2206337801, 922151594, 2838078904, 3505028480, 3420665932, 1284793827, 2523062091, 3401665715, 3623189546, 1809973029, 3894323261, 2258205953, 1426203731, 2207475504, 1421407269, 712883663, 3025774184, 1437505487, 354824074, 4279560597, 2188573763, 1179625177, 2579894844, 3194995724, 1283521420, 1135324449, 1473616416, 715835593, 2107056108, 691042641, 2371082653, 1254628608, 3158228295, 818000855, 2557001734, 2040988505, 52312640, 252680184, 1981836677, 3089079663, 480804531, 1761541936, 126588265, 1210366606, 3737411248, 781392104, 3783893270, 3425167192, 792267934, 614551393, 2806921629, 2637795287, 382775306, 1478063635, 2461883536, 3584856992, 3573870252, 3398089673, 3977329470, 1810189120, 2563127601, 2610993483, 3703813521, 176152943, 934506937, 4075489690, 2159461914, 1711569283, 3681905316, 2391446598, 2802858914, 1599608333, 582339237, 4083811130, 3603659097, 1820065766, 1940652046, 1601051937, 1686029702, 3214225708, 626096315, 3303210795, 845320257, 1628905577, 2623206441, 3863048561, 3282287714, 2093932519, 691822855, 2810972244, 2734202132, 3103273726, 3374394469, 99122473, 1198473250, 2850988793, 475290944, 355799740, 2007358658, 1832567807, 409261747, 4128221233, 3186243510, 1505678597, 118934195, 2801556035, 2831148108, 3633663226, 2383066815, 4029162187, 4186049492, 1557349332, 3767979960, 3786287408, 2944862336, 2641414000, 586491880, 1158885215, 609689300, 3716903319, 1189655822, 1285350048, 3626771802, 1630239597, 4232045507, 2836741297, 3540650942, 873784185, 3956580871, 1654596190, 828962693, 2241103382, 987968067, 2867681479, 542661969, 2732885133, 2291511952, 107639675, 1199900588, 3503460002, 4037358916, 3353436988, 3106421078, 2979993076, 2923808598, 1857157100, 2827347292, 2609932672, 2584524205, 2089293405, 3129636000, 2220950206, 3138359470, 1932925027, 2234221191, 1370581559, 3028901069, 3710562178, 1131137053, 4080224718, 2924102520, 3276138392, 2605901145, 2273060669, 3877110064, 3177786839, 3410727907, 4132091933, 2481607479, 879351358, 3418049200, 3609105477, 2813795936, 2260936777, 617558951, 3157207817, 2488107340, 2898477888, 2524829762, 172627595, 822059892, 2860011718, 1684712121, 1984236044, 3688136037, 2078776978, 480328333, 93141946, 3474173863, 1234020763, 2249863005, 3745921519, 1457081143, 2385853482, 2248913964, 820071300, 3718075972, 1324074018, 475088565, 2958253316, 1341289223, 1620637057, 3994397025, 93449389, 308791574, 3490958092, 2540967073, 2310889365, 702942123, 117751104, 4018639883, 2248435460, 2843381024, 3574659543, 2452028923, 2132263591, 3476164200, 8954269, 3206697476, 2853057742, 1456365483, 1082982734, 1068636703, 667607909, 219824541, 3870245303, 2091060006, 2964047264, 4029811900, 2356039555, 1908336693, 3718355579, 3638876848, 3216566492, 416832882, 2828647873, 4001012267, 2807111458, 1792797750, 1734892518, 3375708100, 3207637928, 3046584777, 945849513, 3073419563, 3271332119, 3883933284, 4186848929, 4097911388, 3612544183, 1194826711, 1233284669, 3482512536, 1404018410, 2078197945, 2926152771, 63919719, 1330565043, 3837864559, 4116517348, 2691851961, 811807617, 2918150785, 2106740789, 1189082063, 874346773, 273086454, 1163652664, 2711964943, 1934985821, 1958980279, 8173558, 3264410820, 2294316976, 3314567282, 1502597925, 1468525675, 4119644439, 2120100930, 3903541325, 3149609846, 681075835, 2586592743, 1927148755, 506338789, 3624911484, 3657313748, 1914029921, 1384381536, 1529509472, 1616387737, 2680552716, 551196734, 588351272, 904040766, 3795641990, 3697883395, 1783651815, 2132576849, 197369352, 3175716923, 2597870651, 3658263056, 70001269, 1014930358, 2158445352, 221540231, 585585263, 2122302668, 399937442, 3210646977, 2268011990, 1721927806, 2865058856, 364263286, 2727747683, 4195126833, 3245443564, 3976083696, 177640136, 3701720923, 1394773300, 2926912972, 2574226055, 3768190066, 409666084, 1435373724, 14365298, 3121902131, 2944018561, 2671982360, 1683156955, 161015936, 3135869882, 497046853, 2857165322, 1651104105, 4136468209, 1310516600, 2915061784, 3073788860, 2777209233, 481503339, 3411502921, 472775448, 1956651704, 41551628, 1694173440, 1530788479, 3048560079, 1990395570, 3597635648, 3096309687, 1316587810, 190303266, 1755799976, 2733339124, 1962984809, 3086256135, 1304353757, 1808355161, 3526607550, 540366595, 2137389092, 4165091800, 3868217849, 865298295, 3967375579, 934437269, 842158193, 2145833847, 907161725, 1063817862, 3917584131, 1382471752, 2290848699, 217016948, 2078740054, 3512023515, 3034471208, 822114632, 3290750093, 80754213, 2158167962, 1154816936, 2272639070, 3071834023, 3843663245, 2524329183, 3132931396, 729789660, 1086713161, 1479517061, 1203195638, 729214877, 2913728711, 2022939474, 1233771489, 2303109708, 2428751488, 4282556167, 1836561513, 3558386301, 2505864835, 2016641451, 108653676, 4098077830, 905952785, 1814034784, 2901745130, 1189887853, 1681683501, 1198355966, 936372521, 3898325049, 215824261, 4116789808, 2820232323, 2890038521, 4182729512, 604732871, 4016768031, 2321663893, 2515037504, 4050314636, 702794677, 2961459925, 40400416, 4095059760, 956219451, 3849649494, 1922015975, 1744193407, 1138648647, 3315175304, 1115571875, 552591714, 3854175337, 3989311045, 2085781317, 1614257910, 3011965436, 3162375497, 829393285, 1201153327, 771917993, 360299656, 3759219688, 1308014821, 1367955176, 3953655004, 2282274211, 442767499, 2183054867, 3358816752, 3212849234, 4020234505, 372924337, 622276414, 713136280, 2268577293, 1001460604, 584394700, 2535981592, 860213893, 1796518622, 2383281908, 225709650, 459353092, 1336677515, 3045944304, 1977786023, 2401414751, 2849468597, 1795713298, 2614581318, 1328455769, 3784827954, 1405248029, 1260540058, 1644012036, 3503196746, 2708457053, 1650697250, 1129515384, 4190369094, 3722054749, 1478291090, 4241183563, 484701892, 2549014848, 1447709776, 4212153585, 1797864056, 3600764365, 3404412904, 3329305753, 2650982244, 963111196, 4092022285, 1756942112, 3265977672, 2386627115, 3144670390, 3914974036, 3446371882, 290290818, 3862974638, 2566756978, 3542661279, 2191748912, 825063906, 4059545118, 4038340163, 1979460431, 3062262439, 4067702476, 2717224905, 285845768, 530036375, 2325511596, 1272518080, 1758606610, 256991409, 1878156850, 3580339279, 2107013750, 1170026025, 681215682, 2911622954, 698626001, 332605315, 3488313095, 2132113161, 2726482290, 1222080383, 2978934938, 2181753820, 3161618585, 3692850587, 4051216623, 2686955509, 3015070988, 1112203990, 34245660, 3339982780, 220670341, 3589606923, 1115872535, 29967396, 2774865228, 4125098481, 1476995888, 78926061, 2482265247, 1609184053, 2012706446, 1451065950, 2674196994, 2927007707, 1436218421, 2064582175, 2197505437, 1107809803, 2138239872, 3731147470, 473071614, 2243697427, 2977343456, 3723291677, 480836923, 1777047244, 2758559347]
predictor=ExtendMT19937Predictor()
for _ in range(666):
predictor.setrandbits(seq[_],32)
_=[predictor.backtrack_getrandbits(32) for _ in range(666)]
m=predictor.backtrack_getrandbits(512)
M=(predictor.backtrack_getrandbits(512))
ct = b'b8bbc6d03690b53f01f3076fe530a80c7d98d367ce6fe766f3cd78584f3d5bda1fca3ea4ec1a37689c22a3302ebc182c735c4c7b62cd95165b8db1c810bf93defe2ffb5c5bcacb60f3e3facee2e69449'
m0 = [
[1,1],
[1,0]
]
_M = matrix(Zmod(M),m0)
def cseq(i, seq = seq):
ct = 0
for j in seq:
if i%j == 0:
ct+=1
return ct
def homework(i, seq = seq):
if i == 1: return 1
if i == 2: return 1
else:
return (homework(i-2, seq)+homework(i-1,seq)+cseq(i-1, seq) )%M
def Fib(n):
if n <=2 :
return 1
else:
return (_M^(n -1))[0][0]
def extra_cal(m, num):
a0 = m % num - 1
max_exp = m - num - 1
assert (max_exp - a0) % num == 0
k = (max_exp - a0)//num + 1
q = _M^num
if a0 == -1:
k = k - 1
a0 = a0 + num
A0 = _M^a0
MM = (1/(1-q))*A0*(1-q^k)
return MM[0][0]
def Fib_plus(n, seq = seq):
R = Fib(n)
for num in seq:
R += extra_cal(n, num)
return int(R % M)
# seq_test = [3,5]
# print(Fib_plus(15,seq_test))
# print(homework(15, seq_test))
ans = Fib_plus(m,seq)
k = unhexlify(md5(str(ans).encode()).hexdigest())
aes = AES.new(k,AES.MODE_ECB)
msg = aes.decrypt(ct)
print(msg)
这题解出来之后是乱码,看wp说还套了MISC,我真不晓得套了啥,知道的师傅告知。
MISC
sudoku_easy
一道nc数独题,但是时间充足,直接chatpgt解数独,需要解5次
数独代码:
def print_sudoku(sudoku):
"""用于打印数独"""
for i in range(9):
for j in range(9):
print(sudoku[i][j],end='')
print()
def find_empty(sudoku):
"""查找数独中未填数的位置"""
for i in range(9):
for j in range(9):
if sudoku[i][j] == 0:
return (i, j)
return None
def valid(sudoku, num, pos):
"""判断填入的数字是否合法"""
row, col = pos
# 检查行和列是否有重复数字
for i in range(9):
if sudoku[row][i] == num or sudoku[i][col] == num:
return False
# 检查3x3宫格内是否有重复数字
box_row = (row // 3) * 3
box_col = (col // 3) * 3
for i in range(box_row, box_row + 3):
for j in range(box_col, box_col + 3):
if sudoku[i][j] == num:
return False
return True
def solve(sudoku):
# 寻找数独中未填数的位置
find = find_empty(sudoku)
if not find:
return True
else:
row, col = find
# 尝试填入数字
for num in range(1, 10):
if valid(sudoku, num, (row, col)):
sudoku[row][col] = num
# 递归调用自身
if solve(sudoku):
return True
# 回溯,将当前位置的数字重置为0
sudoku[row][col] = 0
return False
sudoku = [
[0, 0, 2, 1, 0, 8, 4, 7, 6],
[0, 0, 0, 0, 6, 0, 0, 3, 5],
[6, 3, 0, 0, 5, 7, 0, 0, 0],
[0, 0, 5, 0, 4, 2, 9, 0, 8],
[0, 0, 6, 5, 0, 0, 0, 2, 0],
[7, 2, 0, 0, 8, 0, 0, 5, 0],
[0, 0, 1, 8, 0, 0, 0, 4, 0],
[2, 0, 0, 9, 0, 5, 0, 0, 0],
[8, 6, 0, 3, 2, 0, 5, 9, 0]
]
# 解决数独
solve(sudoku)
# 打印解决后的数独
print_sudoku(sudoku)
最后cat flag即可
烦人的压缩包
下载附件一个压缩包,010打开,发现是真加密,直接爆破一下
解压下来,有个hint文件,提示压缩包藏在图片里,binwalk分离出来一个压缩包,解压报错CRC校验失败
修改这个位置为08
即可,解压除flag.txt,是一个ook解密,在线网站解一下
sudoku_speedrun
方法一(使用pwntools库)
和第一题差不多,就是提取数据有点困难
from pwn import *
import re
import sudokum
def getanswer(data):
split_one = re.sub(r"\\x1b\[(\d);32m(\d)\\x1b\[0m", "0", str(data)).split("|")
split_two = []
for tmp in split_one:
if len(tmp) == 7:
split_two.append(tmp)
puzzle_str = ""
for tmp in split_two:
for i in range(3):
puzzle_str += tmp[1 + i * 2]
puzzle = []
for i in range(9):
tmp = []
for j in range(9):
tmp.append(int(puzzle_str[i * 9 + j]))
puzzle.append(tmp)
solution = sudokum.solve(puzzle)[1]
answer = ""
for i in range(9):
if i % 2 == 0:
for j in range(9):
if puzzle[i][j] == 0:
answer += str(solution[i][j])
answer += "d"
else:
for j in range(8, -1, -1):
if puzzle[i][j] == 0:
answer += str(solution[i][j])
answer += "a"
answer = answer[:-1] + "s"
return answer[:-2]
conn = remote("47.108.165.60", 39961)
# 连接并获取数独
print(conn.recv())
print(conn.recv().decode())
conn.sendline("1".encode())
print(conn.recv().decode())
print(conn.recv().decode())
conn.sendline("5".encode())
print(conn.recv().decode())
data = conn.recv()
print(data.decode())
conn.sendline(getanswer(data).encode())
while True:
print(conn.recv().decode())
conn.sendline("cat flag".encode())
print(conn.recv().decode())
print(conn.recv().decode())
方法二(使用telnetlib库)
import telnetlib
def solve_sudoku(board):
if is_complete(board):
return board
row, col = find_empty_cell(board)
for num in range(1, 10):
if is_valid(board, row, col, num):
board[row][col] = num
if solve_sudoku(board):
return board
board[row][col] = 0
return None
def is_complete(board):
for row in board:
if 0 in row:
return False
return True
def find_empty_cell(board):
for i in range(9):
for j in range(9):
if board[i][j] == 0:
return i, j
return None, None
def is_valid(board, row, col, num):
# Check row
if num in board[row]:
return False
# Check column
for i in range(9):
if board[i][col] == num:
return False
# Check 3x3 box
box_row = (row // 3) * 3
box_col = (col // 3) * 3
for i in range(box_row, box_row + 3):
for j in range(box_col, box_col + 3):
if board[i][j] == num:
return False
return True
def parse_input(input_string):
rows = input_string.strip().split('\n')
board = []
for row in rows:
row = row.replace('-', '').replace('|', '').split()
nums = [int(num) if num != '0' else 0 for num in row]
if nums!=[]:
board.append(nums)
return board
def solve(input_string):
original_board = parse_input(input_string)# 创建原始数组的副本
board_copy = [row[:] for row in original_board]
solution = solve_sudoku(original_board)
# print(board_copy)
# print(solution)
lists = []
for i in range(9):
for j in range(9):
if board_copy[i][j] == 0:
lists.append(str(solution[i][j]))
if j != 8:
lists.append('d')
lists.extend('saaaaaaaa')
# print(f"索引为 ({i}, {j}) 的位置,填入数字 {solution[i][j]}")
return lists
tn = telnetlib.Telnet('47.108.165.60',36697)
welcome_msg = tn.read_until(b"Please input")
print(welcome_msg.decode("utf-8"))
# 发送返回值到服务器
tn.write("1".encode("utf-8") + b"\n")
msg = tn.read_until(b"hard(7)")
print(msg.decode("utf-8"))
tn.write("5".encode("utf-8") + b"\n")
msg = ''
for i in range(15):
response = tn.read_until(b"\n")
# print((response))
response = response.replace(b'\x1b[7;32m',b'').replace(b'\x1b[0m',b'').replace(b'\x1b[1;32m',b'').replace(b'\x1b[H\x1b[2J',b'')
msg += response.decode().strip('> 5')
tn.write(str(solve(msg)).encode("utf-8") + b"\n")
tn.interact()
