GDOUCTF2023 Crypto部分

抽空做了下这次比赛的密码部分，很开心ak了密码，下面简单记录下做法

Absolute_Baby_Encrytpion

这个题给了js代码以及加密过后的字符串，大概看一下可以知道js代码执行的是一个替换，我们只需要按照他的替换规律逆一下就能得到flag

a='+}!q")hiim)#}-nvm)i-$#mvn#0mnbm)im#n+}!qnm8)i-$#mvnoc#0nz<$9inm!>-n1:1-nm8)i-$~c58n!}qhij#0[noic##m8nc8n?!8c}w!n]>&'
flag=''
for i in a:
    if(i=='!'):
      flag+='a'
    if(i=='1'):
        flag+='b'
    if(i==')'):
        flag+='c'
    if(i=='v'):
        flag+='d'
    if(i=='m'):
        flag+='e'
    if(i=='+'):
        flag+='f'
    if(i=='q'):
        flag+='g'
    if(i=='0'):
        flag+='h'
    if(i=='c'):
        flag+='i'
    if(i==']'):
        flag+='j'
    if(i=='}'):
        flag+='l'
    if(i=='['):
        flag+='m'
    if(i=='8'):
        flag+='n'
    if(i=='5'):
        flag+='o'
    if(i=='$'):
        flag+='p'
    if(i=='i'):
        flag+='r'
    if(i=='>'):
        flag+='s'
    if(i=='#'):
        flag+='t'
    if(i=='<'):
        flag+='u'
    if(i=='?'):
        flag+='v'
    if(i=='o'):
        flag+='w'
    if(i=='-'):
        flag+='y'
    if(i=='h'):
        flag+='0'
    if(i=='w'):
        flag+='1'
    if(i=='9'):
        flag+='3'
    if(i=='z'):
        flag+='5'
    if(i=='b'):
        flag+='$'
    if(i=='n'):
        flag+='_'
    if(i=='&'):
        flag+='}'
    if(i==':'):
        flag+='@'
    if(i=='j'):
        flag+="!"
    if(i=='~'):
        flag+='7'
    if(i=='"'):
        flag+='{'
print(flag)
#flag{c0rrectly_decrypted_the_$ecret_flag_encrypted_with_5up3r_easy_b@by_encryp7ion_alg0r!thm_written_in_vanil1a_js}

babylua

这个题给的是两个lua的代码，md5那个其实就是实现md5所以可以不用细看了，前面的是加密过程，可以了解到先是随机生成了四个字符，然后将其md5编码两次，将得到的十六进制一个字符一个字符的与flag做加法，给了我们前十位，这就意味着我们可以通过爆破的方式将md5数字还原，然后还原flag即可

from hashlib import md5
key='b5e62abe84'
s=[200 ,161 ,198 ,157 ,173 ,169 ,199 ,150 ,105 ,163 ,193 ,175 ,173 ,194 ,135 ,131 ,135 ,225]
flag=''
# for i in range(65,123):
#     for j in range(65,123):
#         for k in range(65,123):
#             for l in range(65,123):
#                 o=chr(i)+chr(j)+chr(k)+chr(l)
#                 a=md5(o.encode()).hexdigest()
#                 b=md5(a.encode()).hexdigest()
#                 if(b[:10]==key):
#                     print(b)
key0='b5e62abe84bc8afbfd97c91a15aa0867'
for i in range(len(s)):
    flag+=chr(s[i]-ord(key0[i]))
print(flag)
#flag{He11o_Lua!!!}

Magic of Encoding

这个题呢其实很简单，只不过做起来很复杂，这一长串密文里面有很多干扰字符，观察一下发现是循环的，首先去除干扰字符，然后发现剩余的是一个压缩包格式的东西，这部分同样存在循环，只留下一组之后解base64就是一个压缩包了，打开压缩包里面就是flag，因为是手动去除的这里就贴一个去除后的base64以及flag

UEsDBBQACAAIAAZUilYAAAAAAAAAACUAAAAVACAATWFnaWMgb2YgRW5jb2RpbmcudHh0VVQNAAdNkTNkTpEzZE2RM2R1eAsAAQT1AQAABBQAAABLy0lMr84wKDCOrzQojc/JzDZOiS/JSI33NUnPTI43L8pMzq7lAgBQSwcIjmX6WicAAAAlAAAAUEsBAhQDFAAIAAgABlSKVo5l+lonAAAAJQAAABUAIAAAAAAAAAAAAKSBAAAAAE1hZ2ljIG9mIEVuY29kaW5nLnR4dFVUDQAHTZEzZE6RM2RNkTNkdXgLAAEE9QEAAAQUAAAAUEsFBgAAAAABAAEAYwAAAIoAAAAAAA==
flag：flag{h0p3_y0u_lik3d_the_M4gic_7rick}

Math Problem

题目代码：

#!/usr/bin/env sage
import secret
from Crypto.Util.number import *

p, q = getPrime(512), getPrime(512)
e, n = 0x10001, p * q
c = pow(bytes_to_long(secret.flag), e, n)
print(f"{e = }\n{n = }\n{c = }")

a, b = getPrime(512), getPrime(512)
E = EllipticCurve(GF(p), [a, b])
G = E.lift_x(ZZ(getPrime(64)))
print(f"{a = }\n{b = }\ny = {G.xy()[1]}")

'''
e = 65537
n = 79239019133008902130006198964639844798771408211660544649405418249108104979283858140199725213927656792578582828912684320882248828512464244641351915288069266378046829511827542801945752252863425605946379775869602719406340271702260307900825314967696531175183205977973427572862807386846990514994510850414958255877
c = 45457869965165575324534408050513326739799864850578881475341543330291990558135968254698676312246850389922318827771380881195754151389802803398367341521544667542828862543407738361578535730524976113729406101764290984943061582342991118766322793847422471903811686775249409300301726906738475446634950949059180072008
a = 9303981927028382051386918702900550228062240363697933771286553052631411452412621158116514735706670764224584958899184294505751247393129887316131576567242619
b = 9007779281398842447745292673398186664639261529076471011805234554666556577498532370235883716552696783469143334088312327338274844469338982242193952226631913
y = 970090448249525757357772770885678889252473675418473052487452323704761315577270362842929142427322075233537587085124672615901229826477368779145818623466854
'''

这个题可以构造copper还原x，然后按照圆锥曲线公式去得到k倍的p，和n做一个gcd就能得到p了，然后解一下rsa即可得到flag，要注意的是需要调一下copper的参数才能解出x

 from Crypto.Util.number import *
e = 65537
n = 79239019133008902130006198964639844798771408211660544649405418249108104979283858140199725213927656792578582828912684320882248828512464244641351915288069266378046829511827542801945752252863425605946379775869602719406340271702260307900825314967696531175183205977973427572862807386846990514994510850414958255877
c = 45457869965165575324534408050513326739799864850578881475341543330291990558135968254698676312246850389922318827771380881195754151389802803398367341521544667542828862543407738361578535730524976113729406101764290984943061582342991118766322793847422471903811686775249409300301726906738475446634950949059180072008
a = 9303981927028382051386918702900550228062240363697933771286553052631411452412621158116514735706670764224584958899184294505751247393129887316131576567242619
b = 9007779281398842447745292673398186664639261529076471011805234554666556577498532370235883716552696783469143334088312327338274844469338982242193952226631913
y = 970090448249525757357772770885678889252473675418473052487452323704761315577270362842929142427322075233537587085124672615901229826477368779145818623466854
R.<x> = PolynomialRing(Zmod(n))
f=x**3+a*x+b-y**2
f=f.monic()
x0 = f.small_roots(X=2^64, beta=0.4,epsilon=0.01)
print(x0)
x=9757458594430450711
kp=pow(y,2)-b-a*x-x**3
import gmpy2
p=gmpy2.gcd(kp,n)
q=n//p
d=gmpy2.invert(e,(p-1)*(q-1))
m=pow(c,d,n)
print(long_to_bytes(m))
#flag{c4edd6d0-d1b3-cbda-95e3-a323edc35be5}