BuildCTFwp

自己本次比赛负责reverse,misc,crypto方向,web和pwn就不写了

Misc

FindYourWindows

告诉了key文件,应该是磁盘类的题,用veracrypt解决

提示桌面有问题,改成zip文件看看


BuildCTF{I2t_s0_e5sy!!!}

四妹?还是萍萍呢?

from PIL import Image
import qrcode

def stitch_images(image_paths, output_path):
    images = [Image.open(path) for path in image_paths]

    width, height = images[0].size
    stitched_image = Image.new('RGB', (width * 3, height * 3))

    for index, image in enumerate(images):
        x = index % 3 * width
        y = index // 3 * height
        stitched_image.paste(image, (x, y))

    stitched_image.save(output_path)
    print(f"拼接后的图像保存为: {output_path}")

def generate_qr_code(data, qr_output_path):
    qr = qrcode.make(data)
    qr.save(qr_output_path)
    print(f"二维码保存为: {qr_output_path}")

def main():
    image_paths = [
        'h.png', 'g.png', 'a.png',
        'e.png', 'c.png', 'f.png',
        'b.png', 'i.png', 'd.png'
    ]

    stitched_image_path = 'flag.png'
    stitch_images(image_paths, stitched_image_path)

if __name__ == "__main__":
    main()

拼凑二维码

需要恢复的内容应该在png里,看一下


有zip但是直接分离不了,直接提取,修补zip头


得到压缩包,需要密码


base64解密得到图片

修改高度

BuildCTF{PNG_@nd_H31Sh3nHu@}

食不食油饼

来吧b神小工具搜哈一下
我是一名种植草莓的农户,因为要控制泥土的PH值在合理区间,所以草莓产量一直上不去。直到我看见了一个哥哥打篮球把土和泥配成最好的状态,使得栽在泥上的草莓产量上去了。我把哥哥教我的过程写成一部记录文,叫《记泥态莓》。
我把密码记录在了这段话中,希望你可以找到可以破解鸽鸽的密码哦,可恶,真实可恶,究竟是什么隐写?
零宽,但是有点奇怪

base64解密key:7gkjT!opo
lsb没有结果,猜测是FFT


8GMdP3
打开flag.zip:IJ2WS3DEINKEM62XMF2DG4SNMFZGWXZRONPVGMC7MVQVG6L5

BuildCTF{Wat3rMark_1s_S0_eaSy}

Black&White

from PIL import Image
from Crypto.Util.number import long_to_bytes


bin_str = ''
height_data = ''  # 初始化 height_data
path = r"taich1"

for i in range(0, 1089):
    image_path = path + f"\{i}.jpg"
    image = Image.open(image_path)
    height = image.size[1]
    height_data += chr(int(str(height), 8))

    # 获取(0, 0)位置的像素
    pixel = image.getpixel((0, 0))
    # print(pixel)
    # 判断像素颜色
    if pixel == 0:  # 黑色
        bin_str += '1'
    elif pixel == 255:  # 白色
        bin_str += '0'



print(bin_str)
print(len(bin_str))
print(long_to_bytes(int(bin_str,2)).decode('utf-8'))


扫码得到字符串,base45解码

BuildCTF{Tich1?pAnDa?_HahA_U_w1n}

我太喜欢亢金星君了!

.gif帧率分解

黑色去掉,白色分号,亢金星君-,女的.
摩斯密码解密
BuildCTF{BUILDCTFW41COM4_N4W_F1SH}

Guesscoin

100不对,全赌0很快就完了

EZ_ZIP


另保存为zip,是一个多层嵌套解压,随波逐流就可以完成,不过每次有上线,多进行几次就好
BuildCTF{Z1p_p@ck@g3s_@r3_@_v3ry_1n73r3s7ing_thing}

what is this?

0110001101100011011000110010110001110000011100000111000001110000011100000010110001100011011000110111000001110000011000110111000000101100011100000010110001100011011000110110001101100011001011000110001101110000011100000111000001110000001011000110001101100011011000110010110001100011011000110111000001110000011000110111000000101100011000110111000001110000011100000111000000101100011000110110001101100011011000110110001100101100011000110110001101110000011100000110001101110000001011000111000001110000001011000111000001110000011100000111000001110000001011000110001101110000011000110010110001100011011000110110001101100011011000110010110001100011001011000110001101100011011100000111000001100011011100000010110001110000011000110111000001100011001011000111000001110000011100000111000001110000001011000111000001100011011000110010110001100011001011000110001101100011011100000111000001100011011100000010110001110000011000110111000001100011011100000111000000101100011100000110001101110000011000110111000001110000
二进制转字符
ccc,ppppp,ccppcp,p,cccc,cpppp,ccc,ccppcp,cpppp,ccccc,ccppcp,pp,ppppp,cpc,ccccc,c,ccppcp,pcpc,ppppp,pcc,c,ccppcp,pcpcpp,pcpcpp
摩斯

BuildCTF{S0_TH1S_15_M0R5E_C0DE_!!}

别真给我开盒了哥



距离比较近津霸客运专线,都是一下,是一个分段名字,津保铁路
Build{津保铁路}

一念愚即般若绝,一念智即般若生

随波逐流梭哈:
阴阳怪气解密

佛曰解密

天书曰解密

base58

老色批

lsb隐写

base64解密

如果再来一次,还会选择我吗?

010打开发现两两交换

def swap_pairs(hex_string):
    byte_pairs = hex_string.split()
    swapped_pairs = []

    for i in range(0, len(byte_pairs), 2):
        if i + 1 < len(byte_pairs):
            swapped_pairs.append(byte_pairs[i + 1])
            swapped_pairs.append(byte_pairs[i]
        else:
            swapped_pairs.append(byte_pairs[i])
    swapped_string = ' '.join(swapped_pairs)
    return swapped_string

def png_to_hex_string(file_path):
    with open(file_path, 'rb') as f:
        binary_data = f.read()
        hex_string = binary_data.hex()
        hex_string = ' '.join([hex_string[i:i+2] for i in range(0, len(hex_string), 2)])
    return hex_string

def hex_string_to_binary(hex_string):
    hex_string = hex_string.replace(' ', '')
    return bytes.fromhex(hex_string)

def save_binary_to_png(binary_data, output_file_path):
    with open(output_file_path, 'wb') as f:
        f.write(binary_data)

input_file_path = "enc.png"
output_file_path = "key.png"

hex_string = png_to_hex_string(input_file_path)
swapped_hex_string = swap_pairs(hex_string)
swapped_binary_data = hex_string_to_binary(swapped_hex_string)
save_binary_to_png(swapped_binary_data, output_file_path)
print(f"Swapped image saved as: {output_file_path}")



ps拉伸条形码

得到:key:wo_bu_shi_xiao_hei_zi!!!

一堆base64解密:

四妹,你听我解释--一血

010文件末尾

自由文明法治平等公正敬业公正友善公正公正自由自由和谐平等自由自由公正法治友善平等公正诚信文明公正民主公正诚信平等平等诚信平等法治和谐公正平等平等友善敬业法治富强和谐民主法治诚信和谐

修改高
自由文明法治平等公正敬业公正友善公正公正自由自由和谐平等自由自由公正法治友善平等公正诚信文明公正民主公正诚信平等平等诚信平等法治和谐公正平等平等友善敬业法治富强和谐民主法治诚信和谐
核心价值观解密
BuildCTF{lao_se_p1}

白白的真好看

000000.txt零宽隐写


white.docx隐藏文字

拼接二维码在异步社区回复雪


BuildCTF{Th3_wh1t3_wh1t3_y0u_s33_1s_n0t_wh1t3}
多了一个wh1t3
BuildCTF{Th3_wh1t3_y0u_s33_1s_n0t_wh1t3}

Hex的秘密

题目给出的字符串确实是16进制的,但每个16进制都是大于 7F 的,换算成10进制就是都大于 127 的,于是我们让每个16进制 都减去128 再用ASCII解密

#!/usr/bin/python3

s = 'c2f5e9ece4c3d4c6fbb3c5fafadfc1b5e3a1a1dfe2e9eee1f2f9f9f9fd'
ls = [ chr(int(f"{s[i]}{s[i+1]}",16)-128) for i in range(0,len(s),2) ]
print(''.join(ls))

有黑客

查看流量包哥斯拉流量,推断XOR密钥,依次分析upload/shell.php的后几个包

拖进cypherchef

什么?来玩玩心算吧

parselmouth-master工具
python沙箱逃逸

(超爱jail,可以看看:https://www.cnblogs.com/N1ng/p/18491520)

Crypto

ezzzRSA

题目:

import libnum
from Crypto.Util.number import *

flag = b'BuildCTF{*******}'

m = libnum.s2n(flag)

e = 65537
q = getPrime(1024)
q1 = getPrime(1024)
p = getPrime(1024)
p1 = getPrime(1024)

n = p * q
n1 = q * p1
n2 = p * q1
c = pow(m, e, n)
h0 = pow(2023 * p + 2024, q1, n2)
h1 = pow(2024 * p1 + 2023 * q, 113, n1)
h2 = pow(2023 * p1 + 2024 * q, 629, n1)

print(f'n1 = {n1}')
print(f'n2 = {n2}')
print(f'c = {c}')
print(f"h0 = {h0}")
print(f"h1 = {h1}")
print(f"h2 = {h2}")


"""
n1 = 19957426023169626195602761840035904096149402534966487535713447987366768645542881124782551268978342063458430846877824210659778126281705984711061190351636497944943321988950188171159903717348936556346198638311950016136865425015037098270040031872702873264144372191898253134939805153141701819590164140250130420280491966786900651186941317959556066730959744279963976065565436153399679475410040773637142677936926894677919242351610457296203864806991539480593546084449323017670431590012312526757477514457145686070196978477495658962519391041011847512041022828710693830661412217389320600888361578917153088073678587422269955710471
n2 = 11933661747067216317642315621042074566046499785197709817779978157416906347669444374234313329064859622960743743511735672614999566264025648698589886185056758071718319964262619819143757922916624196354313322456534266520150543008117888101349920396737532937616502689667208207329048979872222563877933742673021891249520999021187404065706388700711208445628041386956459398271230236018476964839399245143666534359113777846535151773174701732284280083586580489995666306373839417946648196140879978268472361473557375951972193618245984950374326806423407152520541682571610372434453778172497925696535270204943842467472100237854318244291
c = 20080676122944896238797522372441559951736929534371084097400233944319893926800196694449564534150770085554349952433141815637324753386484549616573636001763815852095984830828952020047938406909274311785306299061021662484544371813739713520361343350959698642021322243662988875917088108399877176033404097457939417134483333264562602633853694382014472747500159100723626314928476484037666519857604568300967071868151508142784271042600815406853978696857309760951105852288354603503207383899902135741426285551161292195639862478256231538619968275273876467583013024899054710124331145912185471501398910765579441956531091561893256832468
h0 = 2996726009726260695732821166504040344731102637047682432884058857493935625094258046641569918904978173116793673563730117949606727933902262668880339210084101176866383602543966179840353633735507442926707342258391362245904850297416642271123328980812931025677857373199540129280097315832907023777052101133649877194495480543646472133854655383755313968952550827443970931104462445312146328606862802196901953935238972759852435882720786570965542286278549107402918041194008845717507735786897968734831064393337773557817839343449001368565856921138408039931608804233595980497557733714560035682416265029819340316734845279080134432704
h1 = 19843160604742228074331688651361052208481287636527838615063387670722213224954610448720065937378201545177278841575633697012434074186046556843292068835752113384756149944114298949115412819730843598288637259467085268861201775723817790428386595559040938133481222229290199923979132846871398172318539492741755408720073350962388138453341677009547616238262211176727424067946020683742262782319735286357465817786446238528187722959357444676512705451504136333336415880020502524009647940182721264953084120705872870651891290569527156804993340563927419561415555818468261824287933683736509372616293569615247228388443284457740072850735
h2 = 15147052684674827267989051566164167603473413362261253296001082161136918959833294463185335416662127368473980239667918561600741667513285708843081475074688239507330230558331408877583246661862040918410036936505307437329914363201630212163952357444441705663871720438955166472073576526814546767805314463827075388036712200327696168965762177567346966479399896578190111819130000991594490932388132188241726654756368698998232826340969288082645860324404980143489489946490266439447342461483490582149239131554246756547000945718737195930407251232848166108751122870333559461452459416252942341423373918245090162970624108991537972775066
"""

参考:https://blog.csdn.net/XiongSiqi_blog/article/details/130175464

import gmpy2
from Crypto.Util.number import *
e = 65537
n1 = 19957426023169626195602761840035904096149402534966487535713447987366768645542881124782551268978342063458430846877824210659778126281705984711061190351636497944943321988950188171159903717348936556346198638311950016136865425015037098270040031872702873264144372191898253134939805153141701819590164140250130420280491966786900651186941317959556066730959744279963976065565436153399679475410040773637142677936926894677919242351610457296203864806991539480593546084449323017670431590012312526757477514457145686070196978477495658962519391041011847512041022828710693830661412217389320600888361578917153088073678587422269955710471
n2 = 11933661747067216317642315621042074566046499785197709817779978157416906347669444374234313329064859622960743743511735672614999566264025648698589886185056758071718319964262619819143757922916624196354313322456534266520150543008117888101349920396737532937616502689667208207329048979872222563877933742673021891249520999021187404065706388700711208445628041386956459398271230236018476964839399245143666534359113777846535151773174701732284280083586580489995666306373839417946648196140879978268472361473557375951972193618245984950374326806423407152520541682571610372434453778172497925696535270204943842467472100237854318244291
c = 20080676122944896238797522372441559951736929534371084097400233944319893926800196694449564534150770085554349952433141815637324753386484549616573636001763815852095984830828952020047938406909274311785306299061021662484544371813739713520361343350959698642021322243662988875917088108399877176033404097457939417134483333264562602633853694382014472747500159100723626314928476484037666519857604568300967071868151508142784271042600815406853978696857309760951105852288354603503207383899902135741426285551161292195639862478256231538619968275273876467583013024899054710124331145912185471501398910765579441956531091561893256832468
h0 = 2996726009726260695732821166504040344731102637047682432884058857493935625094258046641569918904978173116793673563730117949606727933902262668880339210084101176866383602543966179840353633735507442926707342258391362245904850297416642271123328980812931025677857373199540129280097315832907023777052101133649877194495480543646472133854655383755313968952550827443970931104462445312146328606862802196901953935238972759852435882720786570965542286278549107402918041194008845717507735786897968734831064393337773557817839343449001368565856921138408039931608804233595980497557733714560035682416265029819340316734845279080134432704
h1 = 19843160604742228074331688651361052208481287636527838615063387670722213224954610448720065937378201545177278841575633697012434074186046556843292068835752113384756149944114298949115412819730843598288637259467085268861201775723817790428386595559040938133481222229290199923979132846871398172318539492741755408720073350962388138453341677009547616238262211176727424067946020683742262782319735286357465817786446238528187722959357444676512705451504136333336415880020502524009647940182721264953084120705872870651891290569527156804993340563927419561415555818468261824287933683736509372616293569615247228388443284457740072850735
h2 = 15147052684674827267989051566164167603473413362261253296001082161136918959833294463185335416662127368473980239667918561600741667513285708843081475074688239507330230558331408877583246661862040918410036936505307437329914363201630212163952357444441705663871720438955166472073576526814546767805314463827075388036712200327696168965762177567346966479399896578190111819130000991594490932388132188241726654756368698998232826340969288082645860324404980143489489946490266439447342461483490582149239131554246756547000945718737195930407251232848166108751122870333559461452459416252942341423373918245090162970624108991537972775066
x3 = pow(h1 * pow(2023,113,n1),629,n1) % n1
x4 = pow(h2 * pow(2024,629,n1),113,n1) % n1
q = gmpy2.gcd(n1,x3 - x4)
print(q)
kp = h0 - pow(2024 , n2 , n2)
p = gmpy2.gcd(kp , n2)
print(p)
n = p * q
phi = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)

print(long_to_bytes(m))BuildCTF{29g5blh5-7829-5k38-a836-9bk54h291h6}

Ju5t_d3c0de_1t!

e = 'VTJGc2RHVmtYMThUWGplSkN2YzJwazJ2KzJieQ=='
c = 10110011010010110101101101011110100001010100101110111011101101111101101001000010111010010011101111001111111000000001111000000010101
p = 1100010000110101100011011010101011111101001101010011001010110111100011110110101111000101100001011011001100110010010111111100110000001111010111111101111001100111100011100110110011101011111011100111010011000100011001101101111011010110000011011100101010010101110001011011010111001010101101100101011111101000110010111000011010111001101001
q = 11000010010010011110101110100011011100101101100100011011100010111000011110111000000011111100010100100000101101010101000101101101101011011100001101111010001010010011001010110010110101001100100011010110100011110011101110101110111110100000011110101010011011111010111100011000011111001000010101100100011110010000010001110010101100100111001
key = 592924741013363689040199750462798275514934297277010275281372369969899775117892551575873706970423924419480394766364097497072075403342004187895966953143489192628648965081601335846012859223829286606349019
# use m minus key to get the final flag!

exp:

import gmpy2
from Crypto.Util.number import long_to_bytes

e = 65537
c = 10110011010010110101101101011110100001010100101110111011101101111101101001000010111010010011101111001111111000000001111000000010101
p = 1100010000110101100011011010101011111101001101010011001010110111100011110110101111000101100001011011001100110010010111111100110000001111010111111101111001100111100011100110110011101011111011100111010011000100011001101101111011010110000011011100101010010101110001011011010111001010101101100101011111101000110010111000011010111001101001
q = 11000010010010011110101110100011011100101101100100011011100010111000011110111000000011111100010100100000101101010101000101101101101011011100001101111010001010010011001010110010110101001100100011010110100011110011101110101110111110100000011110101010011011111010111100011000011111001000010101100100011110010000010001110010101100100111001
key = 592924741013363689040199750462798275514934297277010275281372369969899775117892551575873706970423924419480394766364097497072075403342004187895966953143489192628648965081601335846012859223829286606349019

c_int = int(str(c), 2)
p_int = int(str(p), 2)
q_int = int(str(q), 2)

n = p_int * q_int
phi = (p_int - 1) * (q_int - 1)

phi_mpz = gmpy2.mpz(phi)
d = gmpy2.invert(e, phi_mpz)
m = pow(c_int, d, n)
m = m - key
print(long_to_bytes(m))

BuildCTF{I_l1k3_crypt0_5o_h4rd!}

where is my n?

题目:

from Crypto.Util.number import*
from gmpy2 import*

flag = "..."
e=65537
p=getPrime(512)
q=gmpy2.next_prime(p)
n=p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
c=pow(flag,e,n)
print("c=",c)
print("e=",e)
print("d=",d)
# c= 107973408658512316248795675829719026556281556876279221462095299771897472835817102507431099132436173117611783572607408542140665445616624626408781699266046553444252772105867617770124779786841928535661872891635303381758336724610931502145965143374870804147444436791292512235485326451051756451904673491759905663466
# e= 65537
# d= 62036379179617188220635702722848631787124203142048526951004487465970915306760341332025319712290841316288636152355908585406155087541334717529113872233640624205650204907669681116401961584897042519881342485819364897891612540596760113597723865477121348794797592568686540283535491492936074500143092361821406613969

exp:

c= 107973408658512316248795675829719026556281556876279221462095299771897472835817102507431099132436173117611783572607408542140665445616624626408781699266046553444252772105867617770124779786841928535661872891635303381758336724610931502145965143374870804147444436791292512235485326451051756451904673491759905663466
e= 65537
d= 62036379179617188220635702722848631787124203142048526951004487465970915306760341332025319712290841316288636152355908585406155087541334717529113872233640624205650204907669681116401961584897042519881342485819364897891612540596760113597723865477121348794797592568686540283535491492936074500143092361821406613969

import gmpy2,libnum
k_phi = e*d -1

for k in range(2,e):
    if k_phi % k == 0:
       phi = k_phi // k
       r, _ = gmpy2.iroot(phi,2)
       q = gmpy2.next_prime(r)
       if phi % (q-1) == 0:
          p = phi // (q-1) + 1
          m = pow(c,d,p*q)
          print(k)
          print(libnum.n2s(int(m)))

BuildCTF{Y0u_F1nd_7he_n_success7u1_!}

gift

题目:

from Crypto.Util.number import *
from secret import flag

def get_gift(p, q):
    noise = getPrime(40)
    p, q = p + 2 * noise + 1, q - pow(noise, 2)
    gift = 2024 * (p + q)
    return gift

p = getPrime(512)
q = getPrime(512)
n = p * q
e = 0x10001
m = bytes_to_long(flag)

c = pow(m, e, n)
gift = get_gift(p, q)

print(f'c = {c}')
print(f'n = {n}')
print(f'gift = {gift}')
'''
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
'''思路没问题,时间太长
import gmpy2
from Crypto.Util.number import isPrime, long_to_bytes

# Constants
e = 65537
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791

# Efficient prime checking and calculation
def find_flag():
    for m in range(100000000000, 999999999999):
        if isPrime(m):
            phi = n + 1 - (gift // 2024) - (m**2) + 2 * m + 1
            try:
                d = gmpy2.invert(e, phi)
                # Only compute m if d is valid
                if d > 0:
                    # Decrypt message
                    m_decoded = pow(c, d, n)
                    flag = long_to_bytes(m_decoded)
                    # Check for the flag
                    if b'BuildCTF' in flag:
                        print(flag)
                        return  # Exit on finding the first valid flag
            except ZeroDivisionError:
                # In case of invalid phi, skip
                continue

find_flag()
exp:小根攻击

from Crypto.Util.number import *

c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
e = 65537

h = gift // 2024
R.<p,q> = PolynomialRing(RealField(1000))

f1 = p + q + 1 - h
f2 = p*q - n

res = f1.sylvester_matrix(f2,q).det().univariate_polynomial().roots()
ph = int(res[0][0]) >> 90 << 90

R.<x> = PolynomialRing(Zmod(n))

f = ph + x
root = f.small_roots(X=2^90,beta=0.49)

p = ph + int(root[0])
q = n // p
d = inverse(e,(p-1)*(q-1))
m = pow(c,d,n)
print(long_to_bytes(m))

BuildCTF{M@y_b3_S0m3th1ng_go_wr0ng}

mitm

中间相遇攻击
明密文分别两次加密两次解密

from Crypto.Util.number import *
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from random import *
from secret import flag

note = b'Crypt_AES*42$@'
r = 4
keys = []

for i in range(r):
    key = bytes(choices(note, k=3))
    print(key)
    print(sha256(key).digest())
    keys.append(sha256(key).digest())
print(keys)

leak = b'Hello_BuildCTF!!'
cipher = leak
for i in range(r):
    cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)

enc_key = sha256(b"".join(keys)).digest()
enc_flag = AES.new(enc_key, AES.MODE_ECB).encrypt(pad(flag, AES.block_size))

print(f'cipher = {cipher}')
print(f'enc_flag = {enc_flag}')
# cipher = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
# enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'
from Crypto.Util.number import *
from itertools import product
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from tqdm import tqdm
from random import choices

note = b'Crypt_AES*42$@'
key_length = 3

# Generate all possible keys of the specified length
all_keys = [bytes(p) for p in product(note, repeat=key_length)]
key_pairs = [[sha256(key1).digest(), sha256(key2).digest()] for key1 in all_keys for key2 in all_keys]

r = 2
ciphers = []
cipher_keys = []  


for keys in tqdm(key_pairs, desc="Encrypting"):
    leak = b'Hello_BuildCTF!!'
    cipher = leak
    for i in range(r):
        cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)
    ciphers.append(cipher)
    cipher_keys.append(keys) 

plains = []
plain_keys = []  

for keys in tqdm(key_pairs, desc="Decrypting"):
    cipher2 = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
    plain = cipher2
    for i in range(r):
        plain = AES.new(keys[i], AES.MODE_ECB).decrypt(plain)
    plains.append(plain)
    plain_keys.append(keys)

common = set(plains) & set(ciphers)

for item in common:
    index_plain = plains.index(item)
    index_cipher = ciphers.index(item)

    print(f'Common Item: {item}')
    print(f'Keys for Plain: {plain_keys[index_plain]}')
    print(f'Keys for Cipher: {cipher_keys[index_cipher]}')
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
from hashlib import sha256

# Assume these values are known
keys = [b'T\xeb\x9f13\xa7w\x1ft`\x8e\xd5v\x80\xd8\x89\xf3\xf4-\xd7\xc2,\xec\x00\x85\x1b\xdd\x06\x1e\xce\xbe\x99', b'\xae\xe7\xc3\xff&k\x15\xc5Q\x89HD.\xb3\xb3\x83\x11:\xd2\x1e\x04\xfc\xb1\x00\x03DQ\x1eF\xc4r^', b'\xf0\xb6\x8c\x1f\x85\x9f\x1a\xff\xe7\xd1r\x9a\x0c\xf3\xc7"\x159+\x85\xc5\xc6\xe0\x9ef\x13\xd1\xf2\x9c\xb2B\xdf', b'%\x99f\x8f/\x93\x84X)\x8e\xfd\xb6(\x1f^>\xaf\xcd\xd4\xf3\xc0\xc2\x15\xef \x83X\xd6\x02\xa8~\x11']
enc_key = sha256(b"".join(keys)).digest()
enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'  # Your actual encrypted flag here

cipher = AES.new(enc_key, AES.MODE_ECB)

decrypted_data = cipher.decrypt(enc_flag)

try:
    flag = unpad(decrypted_data, AES.block_size)
    print(f'Decrypted flag: {flag.decode()}')  
except ValueError:
    print("Incorrect decryption, possibly due to padding error.")

ominous

from Crypto.Util.number import *
from secret import flag
import random
import string

Ominous_dic = ['啊', '米', '诺', '斯']
flag_word = (string.ascii_letters + string.digits + '{}@_!').encode()
assert all(char in flag_word for char in flag)

msg = bytes_to_long(flag)
random.shuffle(Ominous_dic)

def Ominous_enc(msg):
    res = 0
    for idx, word in enumerate(Ominous_dic):
        res += random.randint(0, 200) * ord(word) * (2 ** (50 * (idx + 1))) 
    
    return res + msg

cipher = Ominous_enc(msg)
print(f'cipher = {cipher}')
# cipher = 11174132013050242293373893046306047184706656363469879247040688497021

思路没问题,时间太长

from Crypto.Util.number import *
import random
key = [['啊','米','诺','斯'],['啊','米','斯','诺'],['啊','诺','米','斯'],['啊','诺','斯','米'],['啊','斯','米','诺'],['啊','斯','诺','米'],
       ['米','啊','诺','斯'],['米','啊','斯','诺'],['米','诺','啊','斯'],['米','诺','斯','啊'],['米','斯','啊','诺'],['米','斯','诺','啊'],
       ['诺','啊','米','斯'],['诺','啊','斯','米'],['诺','米','啊','斯'],['诺','米','斯','啊'],['诺','斯','啊','米'],['诺','斯','米','啊'],
       ['斯','啊','米','诺'],['斯','啊','诺','米'],['斯','米','啊','诺'],['斯','米','诺','啊'],['斯','诺','啊','米'],['斯','诺','米','啊']]
cipher = 11174132013050242293373893046306047184706656363469879247040688497021
#for Ominous_dic in key:
Ominous_dic = ['米', '啊', '斯', '诺']
res = 0
while True:
    for idx, word in enumerate(Ominous_dic):
        i = random.randint(0, 200)
        res += i * ord(word) * (2 ** (50 * (idx + 1)))
        if cipher - res > 0:
            flag = long_to_bytes(cipher - res)
            if b'BuildCTF' in flag:
                print(flag)
                break['啊','米','诺','斯'],['米', '啊', '斯', '诺'],['斯','诺','米','啊'],['啊','诺','米','斯'],['啊','米','斯','诺'],['诺','米','啊','斯'],['诺','米','斯','啊'],['斯','米','啊','诺'],['斯','米','诺','啊']

最后在这个脚本里面爆出来啦

from Crypto.Util.number import *
from tqdm import tqdm  # 导入 tqdm

cipher = 11174132013050242293373893046306047184706656363469879247040688497021
enc = [['诺','啊','米','斯'],['诺','啊','斯','米'],['诺','米','啊','斯'],['诺','米','斯','啊'],['诺','斯','啊','米'],['诺','斯','米','啊']]

for Ominous_dic in enc:
    for i0 in tqdm(range(200)):
        res0 = i0 * ord(Ominous_dic[0]) * (2 ** 50)
        for i1 in range(200):
            res1 = res0 + i1 * ord(Ominous_dic[1]) * (2 ** 100)
            for i2 in range(200):
                res2 = res1 + i2 * ord(Ominous_dic[2]) * (2 ** 150)
                for i3 in range(200):
                    res3 = res2 + i3 * ord(Ominous_dic[3]) * (2 ** 200)

                    if cipher - res3 > 0:
                        flag = long_to_bytes(cipher - res3)
                        if b'BuildCTF' in flag:
                            print(flag)
                            break

我这辈子就是被古典给害了

from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES
from secret import flag, key

dict1 = {'A': 0, 'B': 1, 'C': 2, 'D': 3, 'E': 4,
         'F': 5, 'G': 6, 'H': 7, 'I': 8, 'J': 9,
         'K': 10, 'L': 11, 'M': 12, 'N': 13, 'O': 14,
         'P': 15, 'Q': 16, 'R': 17, 'S': 18, 'T': 19,
         'U': 20, 'V': 21, 'W': 22, 'X': 23, 'Y': 24, 'Z': 25}

dict2 = {0: 'A', 1: 'B', 2: 'C', 3: 'D', 4: 'E',
         5: 'F', 6: 'G', 7: 'H', 8: 'I', 9: 'J',
         10: 'K', 11: 'L', 12: 'M', 13: 'N', 14: 'O',
         15: 'P', 16: 'Q', 17: 'R', 18: 'S', 19: 'T',
         20: 'U', 21: 'V', 22: 'W', 23: 'X', 24: 'Y', 25: 'Z'}

def generate_key(flag, key):
    i = 0
    while True:
        if len(key) == len(flag):
            break
        key += flag[i]
        i += 1
    return key

def cipherText(msg, key_new):
    cipher_text = ''
    i = 0
    for letter in msg:
        x = (dict1[letter] + dict1[key_new[i]]) % 26
        i += 1
        cipher_text += dict2[x]
    return cipher_text

def AES_enc(key, value):
    key = (key * 2).encode()
    cipher = AES.new(key, AES.MODE_ECB)
    value = value.encode()
    padded_text = pad(value, AES.block_size)

    ciphertext = cipher.encrypt(padded_text)
    print("AES Encrypted Text =", ciphertext)

def substitute(msg):
    msg = msg.replace('{', 'X')
    msg = msg.replace('_', 'X')
    msg = msg.replace('}', 'X')
    msg = msg.upper()
    assert msg.isupper()
    return msg

message = substitute(flag)
key_new = generate_key(message, key)
cipher = cipherText(message, key_new)
print("Encrypted Text =", cipher)
AES_enc(key, flag)

'''
Encrypted Text = HLMPWKGLYSWFACEWBYRSUKYFAXZFXDKOTZHHSLFCXNICAHPGRIFUF
AES Encrypted Text = b'\x92T{\x1f\x0f"\xbd\xbb\xfa|O\x11\x83\xa0\xec.\x15]\x9f\x9a\xe5\x85Z\x9f@yUm\xbb\xdc\x93\x08\xe5\x8b\xd5\x98\x84\xfa\x91\xe8\xde\x1b}\xcd\x9056\xa3\xbf\xdb\x85J\xcc\xec\x812T\x11\xa7Tl\x15\xf6"'
'''

手撕key
根据BUILDCTFX反推出GREETING是我们的key
aes-cbc解密:

from Crypto.Util.Padding import unpad
from Crypto.Cipher import AES


def AES_dec(key, ciphertext):
    key = (key * 2)
    cipher = AES.new(key, AES.MODE_ECB)

    decrypted_padded_text = cipher.decrypt(ciphertext)
    try:
        decrypted_text = unpad(decrypted_padded_text, AES.block_size)
        return decrypted_text.decode()
    except ValueError:
        return "Incorrect decryption"


key = b'GREETING'
ciphertext = b'\x92T{\x1f\x0f"\xbd\xbb\xfa|O\x11\x83\xa0\xec.\x15]\x9f\x9a\xe5\x85Z\x9f@yUm\xbb\xdc\x93\x08\xe5\x8b\xd5\x98\x84\xfa\x91\xe8\xde\x1b}\xcd\x9056\xa3\xbf\xdb\x85J\xcc\xec\x812T\x11\xa7Tl\x15\xf6"'

decrypted_flag = AES_dec(key, ciphertext)
print(decrypted_flag)

BuildCTF{YOU_ALREADY_KNOW_WHAT_A_CLASSICAL_CIPHER_IS}

OVO开门爽!开到南天门了兄弟

from Crypto.Util.number import *

flag = b'BuildCTF{******}'

#随机生成p,q
p = getPrime(1024)
q = getPrime(1024)

#计算模数n
n = p*q

e = 65537

m = bytes_to_long(flag)

#c=m^e%n
c = pow(m, e, n)

print('P = ',p**2)
print('Q = ',q**2)
print('n = ',n)
print('e = ',e)
print('c = ',c)


# P =  8279853330757234669136483032750824826175777927506575083710166412897012079466955769715275604152872242147320194640165649152928984919315754419447729793483984130396358578571137956571302516202649076619076831997922675572705848199504309232044502957866317011212505985284129365522570368395368427388904223782742850616983130885152785650513046301920305069822348366931825404271695876688539675285303882189060671184911139742554710018755565518014777733322795522710234091353878298486498244829638878949389690384488573338138825642381687749888102341379254137445546306796258092762099409409285871651688611387507673794784257901946892698481
# Q =  9406643503176766688113904226702477322706664731714272632525763533395380298320140341860043591350428258361089106233876240175767826293976534568274153276542755524620138714767338820334748140365080856474253334033236457092764244994983837914955286808153784628739327217539701134939748313123071347697827279169952810727995681780717719971161661561936180553161888359929479143712061627854343656949334882218260141557768868222151468471946884225370009706900640851492798538458384449294042930831359723799893581568677433868531699360789800449077751798535497117004059734670912829358793175346866262442550715622833013235677926312075950550681
# n =  8825283482190476005946253343638820879559355306860912268128891241513310054066424567824202757539757712177309282694997613217968336164050770152277369601415394249781577415456224120102543968285035647514461364611734338073523454354376992783551035395558194171202680855182868766563277697325690226849316944101739491659812174054898519492145495098671439125714086449826697343692081109131564556220174583970363431110462222473013021825770267803249515893736989430146194199936335153936611196467225599746830873958085287665223190767137404366840055297859554490123389877396965710177279558954630222879974581602069901175074777191362537419581
# e =  65537
# c =  27915082942179758159664000908789091022294710566838766903802097394437507062054409033932303966820096232375646873480427485844733381298467171069985418237873120984132166343258345389477844339261488318588760125230979340678006871754125487279212120945061845738130108370814509280317816067243605608952074687396728904772649873860508240809541545939219624254878900291126739390967820141036260712208555574522131446556595562330969209665291757386246648060990840787769772160549862538116370905306402293764494501838709895355570646716245976733542014165663539815972755562821443411642647981898636761822107221203966296758350547477576411216744594534002057673625678188824476543288048956124565509473100550838563085585434675727358831610724920550213350035792170323729397796947598697983084347567191009236345815968927729025919066227704728180060805553787151862426034275526605154807840695498644070184681962311639338273469859838505348823417234722270798882384367058630064108155240680307754557472476430983184039474907188578578484589833812196216551783354411797156409948499012005963943728564803898150155735762695825658678475746559900705796814512838380193603178657226033406812810314960142251012223576984115642351463684724512456778548853002653596485899854303126091917273560```
方法一:
```python
from Crypto.Util.number import long_to_bytes, inverse
from math import isqrt

# 给出的 P 和 Q (实际上是 p^2 和 q^2)
P = 8279853330757234669136483032750824826175777927506575083710166412897012079466955769715275604152872242147320194640165649152928984919315754419447729793483984130396358578571137956571302516202649076619076831997922675572705848199504309232044502957866317011212505985284129365522570368395368427388904223782742850616983130885152785650513046301920305069822348366931825404271695876688539675285303882189060671184911139742554710018755565518014777733322795522710234091353878298486498244829638878949389690384488573338138825642381687749888102341379254137445546306796258092762099409409285871651688611387507673794784257901946892698481
Q = 9406643503176766688113904226702477322706664731714272632525763533395380298320140341860043591350428258361089106233876240175767826293976534568274153276542755524620138714767338820334748140365080856474253334033236457092764244994983837914955286808153784628739327217539701134939748313123071347697827279169952810727995681780717719971161661561936180553161888359929479143712061627854343656949334882218260141557768868222151468471946884225370009706900640851492798538458384449294042930831359723799893581568677433868531699360789800449077751798535497117004059734670912829358793175346866262442550715622833013235677926312075950550681
n = 8825283482190476005946253343638820879559355306860912268128891241513310054066424567824202757539757712177309282694997613217968336164050770152277369601415394249781577415456224120102543968285035647514461364611734338073523454354376992783551035395558194171202680855182868766563277697325690226849316944101739491659812174054898519492145495098671439125714086449826697343692081109131564556220174583970363431110462222473013021825770267803249515893736989430146194199936335153936611196467225599746830873958085287665223190767137404366840055297859554490123389877396965710177279558954630222879974581602069901175074777191362537419581
e = 65537
c = 27915082942179758159664000908789091022294710566838766903802097394437507062054409033932303966820096232375646873480427485844733381298467171069985418237873120984132166343258345389477844339261488318588760125230979340678006871754125487279212120945061845738130108370814509280317816067243605608952074687396728904772649873860508240809541545939219624254878900291126739390967820141036260712208555574522131446556595562330969209665291757386246648060990840787769772160549862538116370905306402293764494501838709895355570646716245976733542014165663539815972755562821443411642647981898636761822107221203966296758350547477576411216744594534002057673625678188824476543288048956124565509473100550838563085585434675727358831610724920550213350035792170323729397796947598697983084347567191009236345815968927729025919066227704728180060805553787151862426034275526605154807840695498644070184681962311639338273469859838505348823417234722270798882384367058630064108155240680307754557472476430983184039474907188578578484589833812196216551783354411797156409948499012005963943728564803898150155735762695825658678475746559900705796814512838380193603178657226033406812810314960142251012223576984115642351463684724512456778548853002653596485899854303126091917273560

# Step 1: 计算 p 和 q
p = isqrt(P)  # 对 P 求平方根
q = isqrt(Q)  # 对 Q 求平方根

# Step 2: 计算 phi(n)
phi = n - isqrt(P + Q + 2 * n) + 1

# Step 3: 计算 d (私钥)
d = inverse(e, phi)

# Step 4: 解密 c
m = pow(c, d, n)

# 将解密后的明文转换为字节
flag = long_to_bytes(m)

print("解密后的 flag:", flag.decode())

方法二:
双开根,用sage自带函数

from Crypto.Util.number import *
P =  8279853330757234669136483032750824826175777927506575083710166412897012079466955769715275604152872242147320194640165649152928984919315754419447729793483984130396358578571137956571302516202649076619076831997922675572705848199504309232044502957866317011212505985284129365522570368395368427388904223782742850616983130885152785650513046301920305069822348366931825404271695876688539675285303882189060671184911139742554710018755565518014777733322795522710234091353878298486498244829638878949389690384488573338138825642381687749888102341379254137445546306796258092762099409409285871651688611387507673794784257901946892698481
Q =  9406643503176766688113904226702477322706664731714272632525763533395380298320140341860043591350428258361089106233876240175767826293976534568274153276542755524620138714767338820334748140365080856474253334033236457092764244994983837914955286808153784628739327217539701134939748313123071347697827279169952810727995681780717719971161661561936180553161888359929479143712061627854343656949334882218260141557768868222151468471946884225370009706900640851492798538458384449294042930831359723799893581568677433868531699360789800449077751798535497117004059734670912829358793175346866262442550715622833013235677926312075950550681
n =  8825283482190476005946253343638820879559355306860912268128891241513310054066424567824202757539757712177309282694997613217968336164050770152277369601415394249781577415456224120102543968285035647514461364611734338073523454354376992783551035395558194171202680855182868766563277697325690226849316944101739491659812174054898519492145495098671439125714086449826697343692081109131564556220174583970363431110462222473013021825770267803249515893736989430146194199936335153936611196467225599746830873958085287665223190767137404366840055297859554490123389877396965710177279558954630222879974581602069901175074777191362537419581
e =  65537
c =  27915082942179758159664000908789091022294710566838766903802097394437507062054409033932303966820096232375646873480427485844733381298467171069985418237873120984132166343258345389477844339261488318588760125230979340678006871754125487279212120945061845738130108370814509280317816067243605608952074687396728904772649873860508240809541545939219624254878900291126739390967820141036260712208555574522131446556595562330969209665291757386246648060990840787769772160549862538116370905306402293764494501838709895355570646716245976733542014165663539815972755562821443411642647981898636761822107221203966296758350547477576411216744594534002057673625678188824476543288048956124565509473100550838563085585434675727358831610724920550213350035792170323729397796947598697983084347567191009236345815968927729025919066227704728180060805553787151862426034275526605154807840695498644070184681962311639338273469859838505348823417234722270798882384367058630064108155240680307754557472476430983184039474907188578578484589833812196216551783354411797156409948499012005963943728564803898150155735762695825658678475746559900705796814512838380193603178657226033406812810314960142251012223576984115642351463684724512456778548853002653596485899854303126091917273560
n0 = P+Q
p, q = two_squares(n0)
n=p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
print(long_to_bytes(int(pow(c, int(d), n))))

BuildCTF{We1c0Me_b@cK_To_7uNiOr_h19H!!!}

girls_band_cry_pto

题目:

from Crypto.Util.number import *
import gmpy2


def getprime(kbit,FLAG):
    a = getPrime(kbit)
    b = getPrime(kbit)
    N = getPrime(kbit+5)
    seed = getPrime(kbit)
    t = seed
    list_t = []
    for i in range(10):
        t = (a*t+b)%N
        list_t.append(t)
    if FLAG:
        print(list_t)
    return seed



p = getprime(512,1)
q = getprime(512,0)
flag = b'...'
flag = bytes_to_long(flag)
n = p*q
e = 1384626

assert flag.bit_length() < n.bit_length()//2

c = pow(flag,e,n)

print('c=',c)

''''''
[37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]
c= 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
''''''

先求p,根据题目给的函数可知,p是LCG的原始seed

from Crypto.Util.number import *
from sympy import isprime

def gcd(a, b):
    if (b == 0):
        return a
    else:
        return gcd(b, a % b)


s = [37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]

t = []
for i in range(9):
    t.append(s[i] - s[i - 1])
all_n = []
for i in range(7):
    all_n.append(gcd((t[i + 1] * t[i - 1] - t[i] * t[i]), (t[i + 2] * t[i] - t[i + 1] * t[i + 1])))

MMI = lambda A, n, s=1, t=0, N=0: (n < 2 and t % N or MMI(n, A % n, t, s - A // n * t, N or n), -1)[n < 1]  # 逆元计算
for n in all_n:
    n = abs(n)
    if n == 1:
        continue
    a = (s[2] - s[1]) * MMI((s[1] - s[0]), n) % n
    ani = MMI(a, n)
    b = (s[1] - a * s[0]) % n
    seed = (ani * (s[0] - b)) % n
    plaintext = seed


if isprime(seed):
    print(f"Found prime p: {seed}")
else:
    print(f"Seed is not prime: {seed}")

print(seed)

1306971501389667405355339984446001963306823960180518559102900074209906822479823648175928437467992667758988690268887352531564749276373500569799174613448137062

from Crypto.Util.number import *
import gmpy2

# 已知参数
p = 1306971501389667405355339984446001963306823960180518559102900074209906822479823648175928437467992667758988690268887352531564749276373500569799174613448137062
c = 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
e = 1384626

d = gmpy2.invert(e, p - 1)

m = pow(c, d, p)

flag = long_to_bytes(m)
print(flag)

if b'BuildCTF' in flag:
    print(flag)

BuildCTF{crypt0_15_s0_e@5y!}

Reverse

新?Android路

androlua 编译后的 base64 加密方式,AndroLua 所使用的Lua工具 LuaJava 会加载依赖库 libluajava.so,我们使用 IDA 打开这个文件。LuaJava会使用 luaL_loadbuffer 或者 luaL_loadbufferx 函数对 Lua 脚本进行加载,这个函数也是一个加入 Lua 脚本解密代码的常见位置,我们在 IDA 中找到这一函数,并使用自带插件对其进行反编译得到以下内容

首先判断第一个字符为 = ,之后根据base64解码表映射解密base64,其中将第一个字符替换为 0x1d,即为 0x1d+0x2b=H,接着判断第一个字符,如果是 0x1c 则进行异或解密,最后再将第一个字符替换为 0x78,进行 inflate(zlib) 解码,解码完成后将第一个字符替换为 0x1c,最后得到 Luas 的文件,说明解密算法正确。于是,用 unluac.jar 解密
java -jar unluac_2023_01_14.jar main.lua_dec

local L0_1, L1_1, L2_1
L0_1 = _ENV

function L1_1()
  local L0_2, L1_2, L2_2, L3_2, L4_2, L5_2, L6_2
  L0_2 = L0_1
  L1_2 = L0_2["u\229\136\006\133\020\186"]
  L2_2 = "o\024\148;\177G"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "l\021\141*\169\\\199<\225\158-\229\016"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "m\023\130&\174F\248$\024\151|\149"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "q\239\150\022\186.\220\004\236d\026\136\004\166j\159"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "o\019\136.\164R\2064\255\145\r\160i\156"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "j\025\1472\1866"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "G#\240\151V\v"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "v\225l\242\151\024\141L\185<\1650\217[\217\b\221x\225|\229\128\005"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "y\255o\246\146\030\148D\1494\179'\231\"\210_\194H\214u\250a\166("
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "A\207G\214I\206M\132M\195F\221S\199\\\217V\151t\222T\218\"\182\005\171.\165+\191\"\188"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "x\253j\250l\020\147\\\156\021\142*\1915\1744\238h\208D\222L\241}\231"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "f\227\142\014\2035\189g\249_\192F"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "K\219%\1907\138\v\212\225`\252Y\220)\168$\204\n\139\228f\253J\223Z\228\017\147\f\156\237u\245S\246L\168\"\129\014\155\230"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "x\253j\250l\020\147\\\139\021\128,\1908\1685\238o\204@\207C\254y\241"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "n\017\139\018\191(\213\f\252f\a\205\001\182\\"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "w\227a\014\156\002\134t\178&\174L\202I\2348\196k\b\150\005\150"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "w\227a\014\156\002\134t\182;\161H\199N\253e\163F\019\159\004\144"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "x\253j\250l\020\147\\\129\002\1335\183\127\134#\164R\212`\198D\230\127\230"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "}\247s\230}\230i\164o\247b\240\149\018\155\005\221!\135\020\140\v\162\r\1730\187,"
  L1_2(L2_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "a\029\185"
  L1_2(L2_2)
  L1_2 = L0_2["i\018\174-\219~\244\144"]
  L1_2 = L1_2["{\230\138.\157\020\129\r"]
  L2_2 = L0_2.S
  L2_2 = L2_2["_\002\172D\237\184\005\202g\006\175"]
  L1_2(L2_2)
  L1_2 = L0_2["i\018\174-\219~\244\144"]
  L1_2 = L1_2["{\230\138.\156\005\128\r"]
  L2_2 = "e\017\187:\243z\n"
  L1_2(L2_2)
  L1_2 = L0_2["i\018\174-\219~\244\144"]
  L1_2 = L1_2["}\234e\209{\251c\253t\239K\247E\214"]
  L2_2 = L0_2["f\239\151\t\143;\169(\200@"]
  L3_2 = L0_2["j\025\1472\1866"]
  L2_2, L3_2, L4_2, L5_2, L6_2 = L2_2(L3_2)
  L1_2(L2_2, L3_2, L4_2, L5_2, L6_2)
  L1_2 = L0_2["o\024\148;\177G"]
  L2_2 = "d\003\184u\130-\177"
  L1_2(L2_2)
  L1_2 = L0_2["\230\146\145\017ed\002}Q&jY\\\019#"]
  L1_2()
  L1_2 = L0_2["\233\183s\022Sd5B\bR*!p,\r"]
  L1_2()

  function L1_2(A0_3, A1_3, A2_3, A3_3, A4_3)
    local L5_3, L6_3, L7_3, L8_3, L9_3, L10_3, L11_3, L12_3, L13_3, L14_3, L15_3
    L5_3 = L0_2
    L6_3 = L5_3["o\024\148;\177G"]
    L7_3 = "K\219%\1907\138\v\212\225`\252Y\220)\168$\204\n\139\228f\253J\223Z\228\017\147\f\156\237u\245S\246L\168\"\129\014\155\230"
    L6_3(L7_3)
    L6_3 = L5_3["W\021\223r\004\161r\a\142P\024\167I\029\186K"]
    L6_3 = L6_3()
    L5_3["l\006\129:\216D\254\155"] = L6_3
    L6_3 = L5_3["l\006\129:\216D\254\155"]
    L6_3 = L6_3["{\230\138)\157\016\156\r"]
    L7_3 = L5_3["W\021\223r\004\161r\a\142P\024\167I\029\186K"]
    L7_3 = L7_3["[!\252O7\159j\196\166"]
    L6_3(L7_3)
    L6_3 = L5_3["l\006\129:\216D\254\155"]
    L6_3 = L6_3["z\224v-\142\005\156\027\137"]
    L7_3 = A1_3
    L8_3 = A2_3
    L6_3(L7_3, L8_3)
    L6_3 = L5_3["l\006\129:\216D\254\155"]
    L6_3 = L6_3["{\230\1389\154\029\131\026"]
    L7_3 = A3_3
    L6_3(L7_3)
    L6_3 = L5_3["l\006\129:\216D\254\155"]
    L6_3 = L6_3["}\234e\209{\231y\253h\201|\250I\200"]
    L7_3 = {}
    L8_3 = A4_3
    L9_3 = A4_3
    L10_3 = A4_3
    L11_3 = A4_3
    L12_3 = A4_3
    L13_3 = A4_3
    L14_3 = A4_3
    L15_3 = A4_3
    L7_3[1] = L8_3
    L7_3[2] = L9_3
    L7_3[3] = L10_3
    L7_3[4] = L11_3
    L7_3[5] = L12_3
    L7_3[6] = L13_3
    L7_3[7] = L14_3
    L7_3[8] = L15_3
    L6_3(L7_3)
    L6_3 = A0_3["f\248R\236V\220#\183+\142\031\156\031@\254t\234G\204[\218"]
    L7_3 = L5_3["l\006\129:\216D\254\155"]
    L6_3(L7_3)
  end

  L0_2["\228\175K\rbz!\000\nN<\020"] = L1_2
  L1_2 = L0_2["\228\175K\rbz!\000\nN<\020"]
  L2_2 = L0_2["\227^[.\021 "]
  L3_2 = 3
  L4_2 = 4294967295
  L5_2 = 0
  L6_2 = 10
  L1_2(L2_2, L3_2, L4_2, L5_2, L6_2)

  function L1_2(A0_3)
    local L1_3, L2_3, L3_3, L4_3, L5_3
    L1_3 = L0_2
    L2_3 = L1_3["d\003\184u\130-\177"]
    L2_3 = L2_3["c\031\191'\215z"]
    L3_3 = A0_3
    L2_3 = L2_3(L3_3)
    L1_3["h\020\166"] = "J'\245\175U8\145V"
    L3_3 = L1_3["a\029\185"]
    L4_3 = L1_3["h\020\166"]
    L5_3 = L2_3
    L3_3 = L3_3(L4_3, L5_3)
    L2_3 = L3_3
    L3_3 = L1_3["d\003\184u\130-\177"]
    L3_3 = L3_3["c\031\191'\215z"]
    L4_3 = L2_3
    L3_3 = L3_3(L4_3)
    L2_3 = L3_3
    if L2_3 == "t\1329\160\r\247a\182w\141\023\133\031\147O\185\2400\189h\234C\252a\193\030\228x\195^\138\f\156\023\169}\184\018\213\r\174\t\191\b\206\246c\222'\250K\240q\192\017\141" then
      L3_3 = true
      return L3_3
    else
      L3_3 = false
      return L3_3
    end
  end

  L0_2["f\005\176]\205"] = L1_2
  L1_2 = L0_2["\224Q_*&\003"]

  function L2_2()
    local L0_3, L1_3, L2_3, L3_3
    L0_3 = L0_2
    L1_3 = L0_3["\227^[.\021 "]
    L1_3 = L1_3["p\025\140\025"]
    L1_3 = #L1_3
    if L1_3 == 0 then
      L1_3 = L0_3["\224}O+\029\028"]
      L2_3 = "\229\172O\006ZI5C\025\212\196\255\243"
      L1_3(L2_3)
    else
      L1_3 = L0_3["\224Q_*&\003"]
      L1_3 = L1_3["t\228\143\"\149\019\145"]
      L2_3 = "\235\172W\r@x-\018 H;\tR"
      L1_3(L2_3)
      L1_3 = L0_3["\224}O+\029\028"]
      L2_3 = "\234]q\002HoY\b\014\184\167R"
      L1_3(L2_3)
      L1_3 = L0_3["p\029\135\006"]
      L2_3 = 800

      function L3_3()
        local L0_4, L1_4, L2_4, L3_4
        L0_4 = L0_3
        L1_4 = L0_4["\224Q_*&\003"]
        L1_4 = L1_4["t\228\143\"\149\019\145"]
        L2_4 = "\232\174T\t}~\"j9B0\021\167P"
        L1_4(L2_4)
        L1_4 = L0_4["p\029\135\006"]
        L2_4 = 800

        function L3_4()
          local L0_5, L1_5, L2_5, L3_5
          L0_5 = L0_4
          L1_5 = L0_5["\224Q_*&\003"]
          L1_5 = L1_5["t\228\143\"\149\019\145"]
          L2_5 = "\233\168Y\021zt;b2\\\005!\184\162\172"
          L1_5(L2_5)
          L1_5 = L0_5["p\029\135\006"]
          L2_5 = 800

          function L3_5()
            local L0_6, L1_6, L2_6
            L0_6 = L0_5
            L1_6 = L0_6["f\005\176]\205"]
            L2_6 = L0_6["\227^[.\021 "]
            L2_6 = L2_6["p\025\140\025"]
            L1_6 = L1_6(L2_6)
            if L1_6 then
              L1_6 = L0_6["\224}O+\029\028"]
              L2_6 = "\243\144\160\236\147\157\024ET\031Pi\002hL=^O(rB"
              L1_6(L2_6)
              L1_6 = L0_6["\224Q_*&\003"]
              L1_6 = L1_6["t\228\143\"\149\019\145"]
              L2_6 = "\243\144\160\236\147\157\024ET\031Pi\002hL=^O(rB"
              L1_6(L2_6)
            else
              L1_6 = L0_6["\224}O+\029\028"]
              L2_6 = "l\022\139<\"\1685\245\"R"
              L1_6(L2_6)
              L1_6 = L0_6["\224Q_*&\003"]
              L1_6 = L1_6["t\228\143\"\149\019\145"]
              L2_6 = "\224Q_*&\003"
              L1_6(L2_6)
            end
          end

          L1_5(L2_5, L3_5)
        end

        L1_4(L2_4, L3_4)
      end

      L1_3(L2_3, L3_3)
    end
  end

  L1_2["h\019\176\006\1374\166"] = L2_2
  L1_2 = L0_2["u\026\155\029\133\001"]

  function L2_2()
    local L0_3, L1_3, L2_3
    L0_3 = L0_2
    L1_3 = L0_3["\224}O+\029\028"]
    L2_3 = "\232\154w\020vj\185\191\173Z\0158D\a\020"
    L1_3(L2_3)
  end

  L1_2["h\019\176\006\1374\166"] = L2_2
  L1_2 = L0_2["h\027\1331"]
  L2_2 = "/\028"
  L3_2 = "\v"
  L2_2 = L2_2 .. L3_2
  L1_2 = L1_2(L2_2)
  L1_2()
end

L2_1 = "\200\170\248\006\015\020\029*38ANW\\er{\128\137\150\159\164\173\186\195\200\159\169\132\189\170\v\000\241\138\173\204\161\200\171\196\211\134\251\254\157\030\025x5$W(O2Oj\tbu\229\134\145\192\189\188\223\208\199\186\247\226\145\234\rl\001(K$3&[^=~y\024\146\133\244\137\160\211\172\203\174\195\214\133\230\241`\029\028\1270'ZWB1Jm\fa\137\232\133\148\199\184\191\162\223\218\185\242\229\148\233\000s\f+N#6%FQ\000}|\031\145\152\251\180\163\214\171\206\173\206\233\136\229\244g\024\031B?:YRE4I`\019l\140\239\128\151\202\167\178\161\218\221\188\241\248\155\020\003v\v.M.I(ET\ax\127\227\156\155\254\179\166=\162\223\218\185\240\237\148\235\bs\014#N!>%FQ\000}|\031\147\144\251\180\163\214\169\198\173\206\233\136\231\252g\026\023B=2YRE4Kh\019l\140\239\128\151\202\167\178\161\216\213\188\243\240\155\022\vv\t&M.I(ET\azw\227\158\147\254\177\174\213\212\201\176\205\236\143\226\255j\005\026A85\\QX;vk\022i\135\242\141\162\201\162\181\164\219\216\131\254\243\158\017\014u4)P-L/B_\nez\230\153\150\253\188\177\216\213\196\183\202\231\146\237\002i\000\029D;8#\\[>qn\021\151\130\241\138\173\204\161\200\171\196\211n\143\224\247j\005\026A:=\\QX;vk\022i\135\242\143\170\201\160\189\164\217\208\131\254\243\158\019\006u6!P/D/@W\ngr\230\153\150\253\190\185\216\213\196\183\200\239\146\237\002i\002\021D90#^S>qn\021\151\130\241\136\165\204\161\200\171\196\211\134\249\246\157\030\025x5$W*G2Oj\tbu\229\132\153\192\189\188\223\208\199\186\247\226\145\232\005l\001(K$3&YV=~y\024\144\141\244\137\160\211\172\203\174\193\222\133\230\241`\031\020\1270'ZWB1He\fa\137\232\135\156\199\184\191\162\223\218\185\240\237\148\233\000\155x5$W*G2Mb\t`}\229\132\153\192\189\188\223\208\199\186\245\234\145\234\rl\003 K$3&[^=|q\024\146\133\244\137\160\211\174\195\174\195\214\133\230\241`\029\028\1272/ZWB1Jm\fc\129\232\135\156\199\184\191\162\221\210\185\242\229\148\233\000s\f+N#6%FQ\000\127t\031\145\152\251\180\163\214\169\198\173\204\225\136\231\252g\024\031B?:YRE4Kh\019n\132\239\128\151\202\165\186\161\218\221\188\241\248\155\022\vv\v.M.I(ET\azw\227\158\147\254\179\166\213\212\201\176\207\228\143\226\255j\005\026A:=\180%FQ\000\127t\031\145\152\251\180\163\214\169\198\173\204\225\136\229\244g\026\023B?:YPM4I`\019l\140\239\130\159\202\167\178\161\218\221\188\243\240\155\020\003v\v.M.I(G\\\ax\127\227\156\155\254\177\174\213\212\201\176\205\236\143\226\255j\a\018A:=\\SP;tc\022k\143\242\141\162\201\162\181\164\217\208\131\254\243\158\019\006u6!P-L/B_\nez\230\155\158\253\190\185\216\213\196\183\202\231\146\239\ni\002\021D;8#\\[>qn\021\149\138\241\138\173\204\161\200\171\196\211\134\251\254\157\030\025x5$W*G2Oj\225\022k\143\242\141\162\201\160\189\164\219\216\131\254\243\158\019\006u6!P/D/B_\nez\230\155\158\253\188\177\216\215\204\183\202\231\146\239\ni\000\029D;8#^S>sf\021\149\138\241\136\165\204\163\192\171\198\219\134\251\254\157\030\025x7,W*G2Mb\t`}\229\134\145\192\189\188\223\210\207\186\247\226\145\234\rl\003 K$3&[^=~y\024\144\141\244\139\168\211\174\195\174\193\222\133\230\241`\031\020\1272/ZUJ1He\fa\137\232\135\156\199\186\183\162\221\210\185\240\237\148\233\000s\f+N#6%FQ\000\127t\031\145\152\019\192\189\188\223\208\199\186\247\226\145\234\rl\001(K$3&[^=~y\024\146\133\244\137\160\211\172\203\174\195\214\133\230\241`\029\028\1270'ZWB1Jm\fa\137\232\133\148\199\184\191\162\223\218\185\242\229\148\233\000s\f+N#6%FQ\000}|\031\145\152\251\180\163\214\171\206\173\206\233\136\229\244g\024\031B?:YRE4I`\019l\140\239\128\151\202\167\178\161\218\221\188\241\248\155\020\003v\v.M.I(ET\ax\127\227\156\155\254\179\166\213\214\193\176\205\236\143\224\247j\a\018A:=\\QX;tc\022k\143\242\143\170\201\162\181LExAJS\\\165\174\183\128\137\146\155\228\237\246\255\200\209\218$-6?\b\017\026clu~GPY\162\171\180\189\134\143\152\225\234\243\252\197\206\215!*3<\005\014\023`ir{DMV_\168\177\186\131\166W(O2Oj\t`}\229\134\145\192\189\188\223\210\207\186\247\226\145\234\rl\001(K&;&[^=~y\024\146\133\244\137\160\211\174\195\174\195\214\133\230\241`\029\028\1270'ZUJ1Jm\fa\137\232\133\148\199\184\191\162\221\210Q\134\249\246\157\030\025x5$W(O2Mb\t`}\229\132\153\192\189\188\223\210\207\186\245\234\145\234\rl\003 K&;&YV=|q\024\146\133\244\139\168\211\174\195\174\195\214\133\228\249`\029\028\1272/ZUJ1Jm\fa\137\000\241\136\165\204\163\192\171\196\211\134\249\246\157\028\017x7,W*G2Oj\t`}\229\132\153\192\189\188\223\210\207\186\247\226\145\234\rl\003 K$3&YV=|q\024\146\133\244\139\168\211\172\203\174\193\222\133\228\249`\029\028\1270'\178#^S>qn\021\151\130\241\136\165\204\163\192\171\198\219\134\249\246\157\030\025x7,W*G2Oj\t`}\229\132\153\192\189\188\223\210\207\186\247\226\145\232\005l\003 K$3&YV=~y\024\144\141\244\139\168\211\172\203\174\195\214m\146\237\002i\000\029D90#^S>qn\021\149\138\241\138\173\204\161\200\171\196\211\134\249\246\157\030\025x5$W(O2Oj\t`}\229\134\145\192\189\188\223\208\199\186\247\226\145\232\005l\001(K$3&[^=~y\024\144\141\028\021N][$7dlTDL\180\188\172\164\150\210\178$w@;aX\031\190\147\245\132\138\203\182\199\174\200\223n\138\205\216o*7F<\018Q{\\<hK\018O\190\026"
L1_1 = L1_1(L2_1)

字符串被加密了,逆向加密逻辑

but.lua

-- filename: 
-- version: lua53
-- line: [0, 0] id: 0
local r0_0 = _u0
r0_0["H\u{2}\xde"] = function(r0_1)
  -- line: [4, 23] id: 1
  local r1_1 = r0_0
  local r2_1 = r1_1["u\u{b}\x8a\u{1b}\x85\u{2}"]["o\u{17}\x8f"](r0_1)
  local r3_1 = {}
  local r4_1 = {}
  for r8_1 = 0, 255, 1 do
    r3_1[r8_1] = r8_1
  end
  for r8_1 = 1, r2_1, 1 do
    r4_1[r8_1 - 1] = r1_1["u\u{b}\x8a\u{1b}\x85\u{2}"]["f\u{13}\xa4R"](r0_1, r8_1, r8_1)
  end
  local r5_1 = 0
  for r9_1 = 0, 255, 1 do
    r5_1 = (r5_1 + r3_1[r9_1] + r4_1[r9_1 % r2_1]) % 256
    r3_1[r5_1] = r3_1[r9_1]
    r3_1[r9_1] = r3_1[r5_1]
  end
  return r3_1
end
r0_0["T\n\xeb@"] = function(r0_2, r1_2)
  -- line: [25, 39] id: 2
  local r2_2 = r0_0
  local r3_2 = 0
  local r4_2 = 0
  local r5_2 = {}
  for r9_2 = 1, r1_2, 1 do
    r3_2 = (r3_2 + 1) % 256
    r4_2 = (r4_2 + r0_2[r3_2]) % 256
    r0_2[r4_2] = r0_2[r3_2]
    r0_2[r3_2] = r0_2[r4_2]
    r5_2[r9_2] = r0_2[(r0_2[r3_2] + r0_2[r4_2]) % 256]
  end
  return r5_2
end
r0_0["a\u{1d}\xb9"] = function(r0_3, r1_3)
  -- line: [41, 47] id: 3
  local r2_3 = r0_0
  return r2_3["i\u{e}\x84\u{16}\xae%"](r2_3["T\n\xeb@"](r2_3["H\u{2}\xde"](r0_3), r2_3["u\u{b}\x8a\u{1b}\x85\u{2}"]["o\u{17}\x8f"](r1_3)), r1_3)
end
r0_0["i\u{e}\x84\u{16}\xae%"] = function(r0_4, r1_4)
  -- line: [49, 58] id: 4
  local r2_4 = r0_0
  local r3_4 = r2_4["u\u{b}\x8a\u{1b}\x85\u{2}"]["o\u{17}\x8f"](r1_4)
  local r4_4 = nil
  local r5_4 = {}
  for r9_4 = 1, r3_4, 1 do
    r5_4[r9_4] = r2_4["u\u{b}\x8a\u{1b}\x85\u{2}"]["g\u{3}\xb3H"](r2_4["f\u{12}\xbfE"](r0_4[r9_4], r2_4["u\u{b}\x8a\u{1b}\x85\u{2}"]["f\u{13}\xa4R"](r1_4, r9_4, r9_4)))
  end
  return r2_4["q\u{1f}\x95\u{1d}\x8f"]["e\0\xb6!\xcaa"](r5_4)
end
local r1_0 = {
  ["k\u{1c}\xb0.\xea@\xe2\x93"] = function(r0_5, r1_5)
    -- line: [66, 68] id: 5
    local r2_5 = r0_0
    local r3_5 = r0_5 + r1_5
    if r3_5 == 2 then
      r3_5 = 1 or 0
    else
      goto label_7    -- block#2 is visited secondly
    end
    return r3_5
  end,
  ["k\u{1c}\xb0.\xeaY\xe3\x85"] = function(r0_6, r1_6)
    -- line: [70, 72] id: 6
    local r2_6 = r0_0
    local r3_6 = r0_6 + r1_6
    if r3_6 == 1 then
      r3_6 = 1 or 0
    else
      goto label_7    -- block#2 is visited secondly
    end
    return r3_6
  end,
  ["d\u{1e}\xb5\"\xeft\xf7"] = function(r0_7, r1_7)
    -- line: [74, 76] id: 7
    local r2_7 = r0_0
    local r3_7 = r0_7 + r1_7
    if r3_7 > 0 then
      r3_7 = 1 or 0
    else
      goto label_7    -- block#2 is visited secondly
    end
    return r3_7
  end,
  ["f\u{b}\xa3R"] = function(r0_8, r1_8, r2_8)
    -- line: [78, 96] id: 8
    local r3_8 = r0_0
    if r1_8 < r2_8 then
      r2_8 = r1_8
      r1_8 = r2_8
    end
    local r4_8 = 0
    local r5_8 = 1
    while r1_8 ~= 0 do
      r3_8["q\'\x8c"] = r1_8 % 2
      r3_8["q\'\x8f"] = r2_8 % 2
      r4_8 = r5_8 * r1_0[r0_8](r3_8["q\'\x8c"], r3_8["q\'\x8f"]) + r4_8
      r5_8 = r5_8 * 2
      r1_8 = r3_8["i\u{14}\x920"]["i\u{1a}\x82>"](r1_8 / 2)
      r2_8 = r3_8["i\u{14}\x920"]["i\u{1a}\x82>"](r2_8 / 2)
    end
    return r4_8
  end,
}
r0_0["f\u{12}\xbfE"] = function(r0_9, r1_9)
  -- line: [98, 100] id: 9
  local r2_9 = r0_0
  return r1_0["f\u{b}\xa3R"]("k\u{1c}\xb0.\xeaY\xe3\x85", r0_9, r1_9)
end
r0_0["f\u{b}\xbeS"] = function(r0_10, r1_10)
  -- line: [102, 104] id: 10
  local r2_10 = r0_0
  return r1_0["f\u{b}\xa3R"]("k\u{1c}\xb0.\xea@\xe2\x93", r0_10, r1_10)
end
r0_0["a\u{7}\xbf"] = function(r0_11, r1_11)
  -- line: [106, 108] id: 11
  local r2_11 = r0_0
  return r1_0["f\u{b}\xa3R"]("d\u{1e}\xb5\"\xeft\xf7", r0_11, r1_11)
end

base64+rc4

ez_asm

hint:小Yi最近在学傅里叶变换,于是他想起了以前遇到的跟它相关的一种变换……
哈哈哈,有幸遇到离散余弦变换,在2024DASCTF暑期挑战赛当中,有点复杂,复习一下
找不到密文,我好菜
复现:
找到了,小小浮点数存储拿下拿下,上个自己写的exp吧

import struct
from scipy.fftpack import idct

hex_bytes = b'\x40\x80\x69\x89\xCE\x4A\x7B\x4E\x40\x2e\x08\x92\x89\xda\xdf\xb5\xc0\x3e\xd0\xc2\x82\xc6\xef\x3d\x40\x3a\xbd\xa0\x59\xa7\x3b\x43\x40\x2e\xd8\x7f\x88\x76\x5b\xa7\xc0\x1f\x5c\x88\x1e\x47\x12\xe4\x40\x40\x28\x5b\x29\x1b\x82\x3d\xc0\x43\xc3\x97\xb3\x0f\x8c\x65\x40\x29\x29\x18\x5c\xee\x17\xa0\xc0\x47\xc6\xb2\x31\x40\x13\xec\x40\x38\x8e\xb1\xa2\xa4\xdb\x16\xc0\x1e\xb3\x6e\x71\xcd\xa2\xb6\xc0\x46\x4e\x42\x95\xa6\xc5\xd2\xc0\x39\xb1\x3a\x2d\xf9\x37\x8f\xc0\x37\x79\x8a\x97\x9e\x16\xd7\x40\x34\xe0\xb1\x46\x5e\x89\x22\x40\x31\x8d\x5a\x8d\xeb\x0f\xae\xc0\x1a\x24\xfa\x8b\x4b\xf8\xfd\x40\x1e\xa1\x1b\xa3\xca\x75\x04\xc0\x48\x09\x1b\x8a\xa0\x01\x93\x40\x21\x28\x1c\x4f\xc1\xdf\x33\xc0\x41\xdf\xba\x12\xb5\xe5\x2a\x40\x1e\x86\xd5\x06\x57\x32\x16\x40\x39\xdc\xeb\xaa\xde\x65\x7c\x40\x16\x4d\x01\x3a\x92\xa3\x05\xc0\x46\xf9\x42\x0b\x3d\x4a\xe4\xc0\x40\x66\xbe\xbe\x16\x50\xa4\xc0\x12\xde\xd4\xe4\xc9\x42\xd5\x40\x30\x45\x3f\xc0\x09\x6f\xeb\xc0\x1f\x69\xa5\xa8\x9b\x95\x1c\x3f\xf3\xf3\x05\x10\x0a\x39\x3f\x40\x0b\x0f\xc6\x97\x28\xa6\x11\x40\x3e\x67\x1a\xc1\x4c\x66\x0a'

float_words = []
for i in range(0, len(hex_bytes), 8):
    float_word = struct.unpack('>d', hex_bytes[i:i+8])[0]
    float_words.append(float_word)

print(float_words)

def inverse_dct(float_words):
    return idct(float_words, norm='ortho')

recovered_signal = inverse_dct(float_words)

print("Recovered signal (after IDCT):")
print(recovered_signal)

print("Recovered signal (rounded to nearest integer):")
for value in recovered_signal:
    print(chr(round(value)),end="")

BuildCTF{H0vv_w0ndevfUl_arm&&DTC}

ez_VM

main函数

sub_7FF7B31E1000(v6);
printf(std::cout, "Welcome to my virtual PC.Please input your flag :");
encrypto(v6, &key);                           // key作为调节器使用dword数据类型
for ( i = 0; flag[i] == enc[i] && flag[i]; ++i )// 函数实现一个内部计算器
// 密文:1354,21825,1637,26325,1896,1897,1926,30954,1927,30957,1727,27747,1363,21956,1527,24537
;
  if ( i < 16 ){
    printf(std::cout, "Try again!");
  }else{
    LODWORD(v3) = printf(std::cout, "You did it! Flag is BuildCTF{your_input}");
    std::ostream::operator<<(v3, sub_7FF7B31E1D60);
  }
return 0;

大分支:

__int64 __fastcall encrypto(__int64 a1, __int64 a2){
  __int64 result; // rax
  int v3; // [rsp+20h] [rbp-18h]
  while ( 1 ){
    result = *(a1 + 4128);
    if ( *(a2 + 4 * result) == 256 )
      break;
    v3 = *(a2 + 4i64 * *(a1 + 4128));
    switch ( v3 ){
      case 1:
        ++*(a1 + 4128);
        sub_7FF7B31E1060(a1, a2);               // 基础运算+-*/和取值
        break;
      case 2:
        ++*(a1 + 4128);
        sub_7FF7B31E1340(a1, a2);               // 位运算
        break;
      case 3:
        ++*(a1 + 4128);
        sub_7FF7B31E1580(a1, a2);               // 1--,2++
        break;
      case 4:
        ++*(a1 + 4128);
        init(a1, a2);                           // 获取输入进行转换
        break;
    }
  }
  return result;
}

获取opcode:

from ida_bytes import *
from idaapi import *
addr = 0x7FF7B31E50D0
enc = []
for i in range(2128//4):
    enc.append(get_dword(addr + i * 4))
print(enc)
[4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 65, 0, 4, 65, 1, 1, 21, 4, 1, 1, 21, 5, 1, 1, 22, 7, 4, 2, 33, 4, 7, 2, 34, 5, 7, 2, 35, 4, 5, 1, 17, 0, 4, 1, 21, 2, 0, 1, 21, 3, 0, 2, 33, 2, 7, 2, 34, 3, 7, 2, 35, 2, 3, 1, 17, 1, 2, 3, 50, 0, 0, 3, 50, 1, 0, 4, 66, 0, 256]
#print((ord('1')+((ord('1')<<4)|(ord('1')>>4))))
#print((ord('1')+(((ord('1')+((ord('1')<<4)|(ord('1')>>4)))<<4)|((ord('1')+((ord('1')<<4)|(ord('1')>>4)))>>4))))
enc = [1354,1637,1896,1926,1927,1727,1363,1527]
#1354,21825,1637,26325,1896,1897,1926,30954,1927,30957,1727,27747,1363,21956,1527,24537

for w in range(256):
    b = (ord(w)+((i<<4)|(i>>4)))
    print(b)
    if b == 835:
        print(w)

for j in range(0,len(enc),2):
    for i in range(256):
        a = i + ((enc[j]<<4)|(enc[j]>>4))
        if a == enc[j+1]:
            print(chr(i))

1926?少了一组猜是1s
BuildCTF{vMp_1s_r0u9h_ORZ}

EzMfc

非预期:字节码

BuildCTF反推出加密方式异或0x17

BuildCTF{WindowsApi_is_easy!!!}

ez_xor?

思路对的但是不知道同样的方法,之前不行,现在可以了
动态调节输入32*1

再ida中将1修改为密文
19 68 A2 EF 7B BA 0E C5 5D 80 EF 9 0B D1 81 F1
F0 33 A6 11 23 58 5C 2B 38 8D 80 60 61 27 48 35
遇到key修改一下为37 68 31 73 5F 31 35 5F 40 5F 6B 65 79 40 41 40 00(相当于执行TLS)
修改sub为add


BuildCTF{5trE4m_EncrYpt_15_eAsy_t0_cRaCk!}

babyre

有点抽象,多了一个0x56,浪费好长时间,动调出来了

enc1 = [0x48,0x7f,0x63,0x66,0x6e,0x69,0x7e,0x6C,
        0x71,0x6f,0x39,0x32,0x69,0x32,0x3f,0x3f,
        0x3E,0x27,0x38,0x3D,0x69,0x3B,0x27]
for i in range(len(enc1)):
    print(chr(enc1[i]^0xA), end='')

enc2 = [0x19, 0x57, 0x51, 0x51, 0x4e, 0x14, 0x00, 0x58,
        0x05, 0x49, 0x1D, 0x51, 0x57, 0x52, 0x57, 0x56,
        0x01, 0x52, 0x00, 0x52, 0x55, 0x52, 0x1E]
key = [0x19]
for i in range(1,len(enc2)):
    key.append(enc2[i]^key[i-1])
#print(key, end='')
enc3 = [25, 78, 31, 78, 0, 20, 20, 76, 73, 0, 29, 76, 27, 73, 30, 72, 73, 27, 27, 73, 28, 78, 80]
for i in range(len(enc3)):
    print(chr(enc3[i]^ord('-')), end='')

Buildctf{e38c8554-27c1-4c2c-99ad-0a6d3ed66d1c}

ez?否

自己写的壳子,加了两个调试检测,壳子脱下来了,但是没有找到密文(总结:我太菜了)

自是花中第一流

去花指令

jz74改90,call48改90两次
简单rc4

encryption_key = [0x77, 0x00, 0x01, 0x5E, 0x46, 0x54, 0x43]
encrypted_data = [0x7E, 0x58, 0x36, 0xF5, 0xC5, 0xF3, 0x39, 0xD4, 0x65, 0xCF,
  0x67, 0x85, 0x37, 0x8C, 0x0C, 0xD4, 0x46, 0x88, 0x95, 0x2F,
  0xDB, 0xB6, 0xA7, 0x56, 0xDC, 0xFE, 0xA9, 0x99, 0x92, 0x60,
  0xA6, 0xC9, 0xE7, 0xCF, 0xBD, 0xB5, 0x62]
for i in range(len(encryption_key)):
    encryption_key[i] ^= 0X31
def rc4_decrypt(ciphertext, key):
    S = list(range(256))
    j = 0
    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) % 256
        S[i], S[j] = S[j], S[i]

    i = j = 0
    plaintext = []
    for byte in ciphertext:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        k = S[(S[i] + S[j]) % 256]
        plaintext.append(byte ^ k)

    return bytes(plaintext)

decrypted_data = rc4_decrypt(encrypted_data, encryption_key)
print(decrypted_data.decode('utf-8'))

晴窗细乳戏分茶

#include <stdio.h>
#include <stdint.h>

void XTEA(uint32_t* temp, uint32_t* key) {
    unsigned int i;
    uint32_t v0=temp[0], v1=temp[1], delta=0x9E3779B9, sum=delta*32;
    for (i=0; i < 32; i++) {
        v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + key[(sum>>11) & 3]);
        sum -= delta;
        v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + key[sum & 3]);
    }
    temp[0]=v0; 
    temp[1]=v1;
}
void TEA(uint32_t* temp, uint32_t* key){
    uint32_t v0=temp[0], v1=temp[1], sum=0xC6EF3720, i;
    uint32_t delta=0x9e3779b9;              
    uint32_t k0=key[0], k1=key[1], k2=key[2], k3=key[3];  
    for (i=0; i<32; i++) {                    
        v1 -= ((v0<<4) + k2) ^ (v0 + sum) ^ ((v0>>5) + k3);
        v0 -= ((v1<<4) + k0) ^ (v1 + sum) ^ ((v1>>5) + k1);
        sum -= delta;
    }                                         
    temp[0]=v0; 
    temp[1]=v1;
}
int main() {
    uint32_t key1[]= {0x192021,0x28256,0x28257,0x282931};
    uint32_t flag1[]= {0xA30C700E,0xF68BD6E3,0xC0D489F0,0x12BEFB25,0x80EEC5B3,0x2B95BCD0};
    uint32_t flag2[]= {0x876E3624,0xA8612878,0x3F089D1C,0x4A250D5C};
    uint32_t key2[] = {0x15574396,0x114514,0x5201314,0x7355608};
    for (int i = 0; i < 6; i += 2) {
        uint32_t temp[2];
        temp[0] = flag1[i];
        temp[1] = flag1[i + 1];
        TEA(temp, key1);
        printf("%c%c%c%c%c%c%c%c", *((char*)&temp[0] + 0), *((char*)&temp[0] + 1), *((char*)&temp[0] + 2), *((char*)&temp[0] + 3), 
            *((char*)&temp[1] + 0), *((char*)&temp[1] + 1), *((char*)&temp[1] + 2), *((char*)&temp[1] + 3));
    }

    for (int i = 0; i < 4; i += 2) {
        uint32_t temp[2];
        temp[0] = flag2[i];
        temp[1] = flag2[i + 1];
        XTEA(temp, key2);
        printf("%c%c%c%c%c%c%c%c", *((char*)&temp[0] + 0), *((char*)&temp[0] + 1), *((char*)&temp[0] + 2), *((char*)&temp[0] + 3), 
            *((char*)&temp[1] + 0), *((char*)&temp[1] + 1), *((char*)&temp[1] + 2), *((char*)&temp[1] + 3));
    }
    return 0;
}

PYC

找在线网站反编译

#!/usr/bin/env python
# visit https://tool.lu/pyc/ for more information
# Version: Python 3.8

import base64

def encode(message):
    s = bytearray()
    for i in message:
        x = ord(i) ^ 32
        x = x + 16
        if x > 255:
            x -= 256
        s.append(x)
    return base64.b64encode(bytes(s)).decode('utf-8')

correct = 'cmVZXFRzhHZrYFNpjyFjj1VRVWmPVl9ij4kgZW0='
flag = input('Input flag: ')
if encode(flag) == correct:
    print('正确的回答,awa!!!')
else:
    print('就差一点了,QWQ!!')

exp:

import base64

def decode(encoded_message):
    decoded_bytes = base64.b64decode(encoded_message)
    original_chars = bytearray()

    for b in decoded_bytes:
        x = b - 16
        if x < 0:
            x += 256
        original_char = x ^ 32
        original_chars.append(original_char)

    return original_chars.decode('utf-8')

correct = 'cmVZXFRzhHZrYFNpjyFjj1VRVWmPVl9ij4kgZW0='
decoded_flag = decode(correct)

print(decoded_flag)BuildCTF{pcy_1s_eaey_for_Y0u}

posted @ 2024-10-27 09:09  w1hake2  阅读(274)  评论(3编辑  收藏  举报