iscc2018-Reverse-writeup

RSA256

解析公钥

 

yafu质因数分解

p=325045504186436346209877301320131277983

q=302825536744096741518546212761194311477

e=65537

生成

 1 import math
 2 import sys
 3 from Crypto.PublicKey import RSA
 4 
 5 keypair = RSA.generate(1024)
 6 
 7 keypair.p = 325045504186436346209877301320131277983
 8 keypair.q = 302825536744096741518546212761194311477
 9 keypair.e = 65537                                       
10 keypair.n = keypair.p * keypair.q
11 q = long((keypair.p-1) * (keypair.q-1))
12 i = 1
13 while True:
14     x=(q*i)+1
15     if (x % keypair.e == 0):
16         keypair.d = x / keypair.e
17         break
18     i += 1
19 print keypair.d #1958518567680136759381316911808879057130620824462099039954817237801766103617
20 private = open('private.pem','w')
21 private.write(keypair.exportKey())
22 private.close()

解密脚本

 1 #coding=utf-8
 2 import rsa,base64
 3 
 4 with open('private.pem','r') as f:
 5     privkey = rsa.PrivateKey.load_pkcs1(f.read().encode())
 6 
 7 f1=open('encrypted.message1','r')
 8 f2=open('encrypted.message2','r')
 9 f3=open('encrypted.message3','r')
10 a=f1.read()
11 message1 = rsa.decrypt(a, privkey).decode().rstrip()
12 a=f2.read()
13 message2 = rsa.decrypt(a, privkey).decode().rstrip()
14 a=f3.read()
15 message3 = rsa.decrypt(a, privkey).decode().rstrip()
16 print message1+message2+message3 #flag{3b6d3806-4b2b-11e7-95a0-000c29d7e93d}

leftleftrightright

peid查壳

手动脱壳

ida查看伪代码

 

还原flag:Flag{this_was_simple_isnt_it}

My math is bad

elf64ida查看,题目要求为两个四元方程组求解

 1 from sympy import *
 2 a=Symbol('a')
 3 b=Symbol('b')
 4 c=Symbol('c')
 5 d=Symbol('d')
 6 e=Symbol('e')
 7 f=Symbol('f')
 8 g=Symbol('g')
 9 h=Symbol('h')
10 print solve([
11 a*b-c*d-2652042832920173142,
12 3*c+4*d-b-2*a-397958918,
13 3*d*a-b*c-3345692380376715070,
14 27*b+a-11*d-c-40179413815
15 ],[a,b,c,d])[0]
16 print solve([
17 22*e-f-g+39*h-61799700179,
18 45*g-45*f+e+h-48753725643,
19 35*e+41*f-g-h-59322698861,
20 e-f+36*g-13*h-51664230587
21 ],[e,f,g,h])
 1 a=1869639009
 2 b=1801073242
 3 c=829124174
 4 d=862734414
 5 e=811816014
 6 f=828593230
 7 g=1867395930
 8 h=1195788129
 9 l=[a,b,c,d,e,f,g,h]
10 s=''
11 for i in l:
12     c=''
13     for j in range(4):
14         c+=chr(int(hex(i)[2+j*2:4+j*2],16))
15     s+=c[::-1]
16 print s #ampoZ2ZkNnk1NHl3NTc0NTc1Z3NoaGFG

obfuscation and encode

import string,base64
aphla='FeVYKw6a0lDIOsnZQ5EAf2MvjS1GUiLWPTtH4JqRgu3dbC8hrcNo9/mxzpXBky7+'
base='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
s='lUFBuT7hADvItXEGn7KgTEjqw8U5VQUq'
m=[2 ,2, 4, -5, 1 ,1, 3, -3, -1, -2, -3, 4, -1,0, -2, 2]
s1=''
for c in s:
    s1+=base[aphla.index(c)]
s1=base64.b64decode(s1)
for i in string.printable:
    for j in string.printable:
        for k in string.printable:
            for l in string.printable:
                s=i+j+k+l
                s0=''
                for n in range(4):
                    v10=0
                    for o in range(4):
                        v10+=ord(s[o])*m[4*n+o]
                    s0+=chr(v10%256)
                if s0==s1[0:4]:
                    print s,1  
                if s0==s1[4:8]:
                    print s,2
                if s0==s1[8:12]:
                    print s,3
                if s0==s1[12:16]:
                    print s,4
                if s0==s1[16:20]:
                    print s,5
                if s0==s1[20:24]:
                    print s,6
'''
s3='flag{dO_y0U_KNoW_0IlVm?}'

 

posted @ 2018-05-25 21:56  ~kagi~  阅读(474)  评论(0编辑  收藏  举报