window.onload=function(){ /*页面加载完成之后生成博客目录*/ BlogDirectory.createBlogDirectory("cnblogs_post_body","h2","h3",20); }

HGAME 2024 WEEK2 Crypto Misc

CRYPTO

midRSA

题目描述:兔兔梦到自己变成了帕鲁被crumbling抓去打黑工,醒来后连夜偷走了部分flag
from Crypto.Util.number import *
from secret import flag

def padding(flag):
    return flag+b'\xff'*(64-len(flag))

flag=padding(flag)
m=bytes_to_long(flag)
p=getPrime(512)
q=getPrime(512)
e=3
n=p*q
c=pow(m,e,n)
m0=m>>208

print(f'n={n}')
print(f'c={c}')
print(f'm0={m0}')

"""
n=120838778421252867808799302603972821425274682456261749029016472234934876266617266346399909705742862458970575637664059189613618956880430078774892479256301209695323302787221508556481196281420676074116272495278097275927604857336484564777404497914572606299810384987412594844071935546690819906920254004045391585427
c=118961547254465282603128910126369011072248057317653811110746611348016137361383017921465395766977129601435508590006599755740818071303929227578504412967513468921191689357367045286190040251695094706564443721393216185563727951256414649625597950957960429709583109707961019498084511008637686004730015209939219983527
m0=13292147408567087351580732082961640130543313742210409432471625281702327748963274496942276607
"""
我的解答:
考点:m高位泄露
exp:
from Crypto.Util.number import long_to_bytes

e= 3
n=120838778421252867808799302603972821425274682456261749029016472234934876266617266346399909705742862458970575637664059189613618956880430078774892479256301209695323302787221508556481196281420676074116272495278097275927604857336484564777404497914572606299810384987412594844071935546690819906920254004045391585427
c=118961547254465282603128910126369011072248057317653811110746611348016137361383017921465395766977129601435508590006599755740818071303929227578504412967513468921191689357367045286190040251695094706564443721393216185563727951256414649625597950957960429709583109707961019498084511008637686004730015209939219983527
m_high=13292147408567087351580732082961640130543313742210409432471625281702327748963274496942276607
m_high <<= 208

R.<x> = PolynomialRing(Zmod(n))
m = m_high + x
f = m^e - c
x = f.small_roots(X = 2^208,beta = 0.4)
if x:
	m = m_high + x[0]
	print(long_to_bytes(int(m)))

#hgame{0ther_cas3s_0f_c0ppr3smith}

backpack

题目描述:crumbling的游戏已经玩到了中期,打算带着帕鲁搬家到新据点,你来帮他研究一下背包管理

from Crypto.Util.number import *
import random
from secret import flag
a=[getPrime(32) for _ in range(20)]
p=random.getrandbits(32)
assert len(bin(p)[2:])==32
bag=0
for i in a:
    temp=p%2
    bag+=temp*i
    p=p>>1

enc=bytes_to_long(flag)^p

print(f'enc={enc}')
print(f'a={a}')
print(f'bag={bag}')
"""
enc=871114172567853490297478570113449366988793760172844644007566824913350088148162949968812541218339
a=[3245882327, 3130355629, 2432460301, 3249504299, 3762436129, 3056281051, 3484499099, 2830291609, 3349739489, 2847095593, 3532332619, 2406839203, 4056647633, 3204059951, 3795219419, 3240880339, 2668368499, 4227862747, 2939444527, 3375243559]
bag=45893025064
"""
我的解答:
背包密码签到题,直接梭。
exp:
#sage
import libnum

enc = 871114172567853490297478570113449366988793760172844644007566824913350088148162949968812541218339
M = [3245882327, 3130355629, 2432460301, 3249504299, 3762436129, 3056281051, 3484499099, 2830291609, 3349739489, 2847095593, 3532332619, 2406839203, 4056647633, 3204059951, 3795219419, 3240880339, 2668368499, 4227862747, 2939444527, 3375243559]
S = 45893025064

n = len(M)
Ge = Matrix.identity(n)
last_row = [0 for x in range(n)]
Ge_last_row = Matrix(ZZ, 1, len(last_row), last_row)

last_col = M[:]
last_col.append(S)
Ge_last_col = Matrix(ZZ, len(last_col), 1, last_col)

Ge = Ge.stack(Ge_last_row)
Ge = Ge.augment(Ge_last_col)

X = Ge.LLL()[-1]
X = X[:-1]

p = ""
for i in X:
    if abs(i) == 1:
        p += "1"
    if abs(i) == 0:
        p += "0"
        
print(p)
m = int(p,2) ^^ enc
print(m)
flag = bytes.fromhex(hex(int(m))[2:])
print(flag)
# hgame{M@ster_0f ba3kpack_m4nag3ment!}

 babyRSA

题目描述:emmm,找到e就好了,吧?

from Crypto.Util.number import *
from secret import flag,e
m=bytes_to_long(flag)
p=getPrime(64)
q=getPrime(256)
n=p**4*q
k=getPrime(16)
gift=pow(e+114514+p**k,0x10001,p)
c=pow(m,e,n)
print(f'p={p}')
print(f'q={q}')
print(f'c={c}')
print(f'gift={gift}')
"""
p=14213355454944773291
q=61843562051620700386348551175371930486064978441159200765618339743764001033297
c=105002138722466946495936638656038214000043475751639025085255113965088749272461906892586616250264922348192496597986452786281151156436229574065193965422841
gift=9751789326354522940
"""
我的解答:
我们有:
gift = (e+114514+pk)65537 (mod p)
化简得:
gift = (e+114514)65537 (mod p)
解RSA可得到e,也就照应了题目所说。。
另外,我们还发现e和phi不互素,可以使用nth_root(用法参考:HWS-random)处理
exp:
from Crypto.Util.number import *
import gmpy2

p=14213355454944773291
q=61843562051620700386348551175371930486064978441159200765618339743764001033297
c=105002138722466946495936638656038214000043475751639025085255113965088749272461906892586616250264922348192496597986452786281151156436229574065193965422841
gift=9751789326354522940

n = p**4*q
d = gmpy2.invert(65537,p-1)
mm = pow(gift,d,p)
e = mm - 114514
print(e)
#73561
phi = p**3*(p-1)*(q-1)
#print(gmpy2.gcd(e,phi))
#73561
res = Zmod(n)(c).nth_root(e, all=True)

for m in res:
    flag = long_to_bytes(int(m))
    if b"hgame" in flag:
        print(flag)
        break
#hgame{Ad1eman_Mand3r_Mi11er_M3th0d}

midRSA revenge

题目描述:兔兔梦到自己变成了帕鲁被crumbling抓去打黑工,醒来后连夜偷走了部分flag

from Crypto.Util.number import *
from secret import flag
m=bytes_to_long(flag)
p=getPrime(1024)
q=getPrime(1024)
e=5
n=p*q
c=pow(m,e,n)
m0=m>>128

print(f'n={n}')
print(f'c={c}')
print(f'm0={m0}')

"""
n=27814334728135671995890378154778822687713875269624843122353458059697288888640572922486287556431241786461159513236128914176680497775619694684903498070577307810263677280294114135929708745988406963307279767028969515305895207028282193547356414827419008393701158467818535109517213088920890236300281646288761697842280633285355376389468360033584102258243058885174812018295460196515483819254913183079496947309574392848378504246991546781252139861876509894476420525317251695953355755164789878602945615879965709871975770823484418665634050103852564819575756950047691205355599004786541600213204423145854859214897431430282333052121
c=456221314115867088638207203034494636244706611111621723577848729096069230067958132663018625661447131501758684502639383208332844681939698124459188571813527149772292464139530736717619741704945926075632064072125361516435631121845753186559297993355270779818057702973783391589851159114029310296551701456748698914231344835187917559305440269560613326893204748127999254902102919605370363889581136724164096879573173870280806620454087466970358998654736755257023225078147018537101
m0=9999900281003357773420310681169330823266532533803905637
"""

 我的解答:

直接用上一题的脚本就行。

exp:

from Crypto.Util.number import long_to_bytes

n=27814334728135671995890378154778822687713875269624843122353458059697288888640572922486287556431241786461159513236128914176680497775619694684903498070577307810263677280294114135929708745988406963307279767028969515305895207028282193547356414827419008393701158467818535109517213088920890236300281646288761697842280633285355376389468360033584102258243058885174812018295460196515483819254913183079496947309574392848378504246991546781252139861876509894476420525317251695953355755164789878602945615879965709871975770823484418665634050103852564819575756950047691205355599004786541600213204423145854859214897431430282333052121
c=456221314115867088638207203034494636244706611111621723577848729096069230067958132663018625661447131501758684502639383208332844681939698124459188571813527149772292464139530736717619741704945926075632064072125361516435631121845753186559297993355270779818057702973783391589851159114029310296551701456748698914231344835187917559305440269560613326893204748127999254902102919605370363889581136724164096879573173870280806620454087466970358998654736755257023225078147018537101
m_high=9999900281003357773420310681169330823266532533803905637 
m_high <<= 128
e = 5

R.<x> = PolynomialRing(Zmod(n))
m = m_high + x
f = m^e - c
f = f.monic()

x = f.small_roots(X = 2^128,beta = 0.4)
if x:
    m = m_high + x[0]
    print(long_to_bytes(int(m)))
    #hgame{c0ppr3smith_St3re0typed_m3ssag3s}

backpack revenge

题目

题目描述:crumbling的游戏已经玩到了中期,打算带着帕鲁搬家到新据点,你来帮他研究一下背包管理

from Crypto.Util.number import *
import random
import hashlib

a=[getPrime(96) for _ in range(48)]
p=random.getrandbits(48)
assert len(bin(p)[2:])==48
flag='hgame{'+hashlib.sha256(str(p).encode()).hexdigest()+'}'

bag=0
for i in a:
    temp=p%2
    bag+=temp*i
    p=p>>1

print(f'a={a}')
print(f'bag={bag}')

"""
a=[74763079510261699126345525979, 51725049470068950810478487507, 47190309269514609005045330671, 64955989640650139818348214927, 68559937238623623619114065917, 72311339170112185401496867001, 70817336064254781640273354039, 70538108826539785774361605309, 43782530942481865621293381023, 58234328186578036291057066237, 68808271265478858570126916949, 61660200470938153836045483887, 63270726981851544620359231307, 42904776486697691669639929229, 41545637201787531637427603339, 74012839055649891397172870891, 56943794795641260674953676827, 51737391902187759188078687453, 49264368999561659986182883907, 60044221237387104054597861973, 63847046350260520761043687817, 62128146699582180779013983561, 65109313423212852647930299981, 66825635869831731092684039351, 67763265147791272083780752327, 61167844083999179669702601647, 55116015927868756859007961943, 52344488518055672082280377551, 52375877891942312320031803919, 69659035941564119291640404791, 52563282085178646767814382889, 56810627312286420494109192029, 49755877799006889063882566549, 43858901672451756754474845193, 67923743615154983291145624523, 51689455514728547423995162637, 67480131151707155672527583321, 59396212248330580072184648071, 63410528875220489799475249207, 48011409288550880229280578149, 62561969260391132956818285937, 44826158664283779410330615971, 70446218759976239947751162051, 56509847379836600033501942537, 50154287971179831355068443153, 49060507116095861174971467149, 54236848294299624632160521071, 64186626428974976108467196869]
bag=1202548196826013899006527314947
"""

我的解答:

参考:lazzzaro神yyds

exp:

from sage.all import *

a =  [74763079510261699126345525979, 51725049470068950810478487507, 47190309269514609005045330671, 64955989640650139818348214927, 68559937238623623619114065917, 72311339170112185401496867001, 70817336064254781640273354039, 70538108826539785774361605309, 43782530942481865621293381023, 58234328186578036291057066237, 68808271265478858570126916949, 61660200470938153836045483887, 63270726981851544620359231307, 42904776486697691669639929229, 41545637201787531637427603339, 74012839055649891397172870891, 56943794795641260674953676827, 51737391902187759188078687453, 49264368999561659986182883907, 60044221237387104054597861973, 63847046350260520761043687817, 62128146699582180779013983561, 65109313423212852647930299981, 66825635869831731092684039351, 67763265147791272083780752327, 61167844083999179669702601647, 55116015927868756859007961943, 52344488518055672082280377551, 52375877891942312320031803919, 69659035941564119291640404791, 52563282085178646767814382889, 56810627312286420494109192029, 49755877799006889063882566549, 43858901672451756754474845193, 67923743615154983291145624523, 51689455514728547423995162637, 67480131151707155672527583321, 59396212248330580072184648071, 63410528875220489799475249207, 48011409288550880229280578149, 62561969260391132956818285937, 44826158664283779410330615971, 70446218759976239947751162051, 56509847379836600033501942537, 50154287971179831355068443153, 49060507116095861174971467149, 54236848294299624632160521071, 64186626428974976108467196869]
bag =  1202548196826013899006527314947
print(bag)
print(len(a))
n = len(a)

# Sanity check for application of low density attack
d = n / log(max(a), 2)
print(CDF(d))
assert CDF(d) < 0.9408

M = Matrix.identity(n) * 2

last_row = [1 for x in a]
M_last_row = Matrix(ZZ, 1, len(last_row), last_row)

last_col = a
last_col.append(bag)
M_last_col = Matrix(ZZ, len(last_col), 1, last_col)

M = M.stack(M_last_row)
M = M.augment(M_last_col)

X = M.BKZ()

sol = []
for i in range(n + 1):
    testrow = X.row(i).list()[:-1]
    if set(testrow).issubset([-1, 1]):
        for v in testrow:
            if v == 1:
                sol.append(0)
            elif v == -1:
                sol.append(1)
        break

s = sol
print(s)

#输出结果
1202548196826013899006527314947
48
0.5004362519031288
[1, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1]

 二进制解码 100001001000111000110010100010101011010000101111 无果,逆一下试试

s = '100001001000111000110010100010101011010000101111'
print(s[::-1])
#111101000010110101010001010011000111000100100001

 也无果,考虑到进制转换:

二进制数为:0b111101000010110101010001010011000111000100100001
转换为十进制为:268475474669857
转换为八进制为:0o7502652123070441
转换为十六进制为:0xf42d514c7121

import hashlib
p = 268475474669857
assert len(bin(p)[2:])==48
flag='hgame{'+hashlib.sha256(str(p).encode()).hexdigest()+'}'
print(flag)
#hgame{04b1d0b0fb805a70cda94348ec5a33f900d4fd5e9c45e765161c434fa0a49991}

MISC

ek1ng_want_girlfriend

An introducation to Wireshark and also ek1ng.
提示1尝试用Wireshark从HTTP流量中提取文件
我的解答:
题目说的很明显,一个简单的http提取文件签到题
Wireshark打开流量包搜索http
然后导出对象即可(发现有一个图片)
得到图片
hgame{ek1ng_want_girlfriend_qq_761042182}

ezWord

通过破译图片的水印来解开文档里的秘密吧!

我的解答:

打开附件是一个文档,里面信息如上图

说文件的内部有你想要的flag?结合题目描述试试盲水印

单图盲水印居然不行。。好好好,那我就分离word文档看看有什么

分离之后可在文件夹word --> media里面发现如下信息

恭喜.txt里面说:恭喜你找到了这些东西,现在你离flag只差解开这个新的压缩包,然后对压缩包里的东西进行两层解密就能获得flag了。压缩包的密码和我放在这的两张图片有关。

很明显双图盲水印得到压缩包密码

解压时发现压缩包有提示:

你好,很高兴你看到了这个压缩包。请注意:这个压缩包的密码有11位数而且包含大写字母小写字母和数字。还有一个要注意的是,里面的这一堆英文decode之后看上去是一堆中文乱码实际上这是正常现象,如果看到它们那么你就离成功只差一步了。

先不管这个提示我们先试试盲水印出来的密码能不能解压(尝试发现可以)

解压得到:

查看代码
 Dear E-Commerce professional ; This letter was specially
selected to be sent to you . We will comply with all
removal requests ! This mail is being sent in compliance
with Senate bill 1620 ; Title 3 ; Section 308 ! This
is not a get rich scheme ! Why work for somebody else
when you can become rich in 27 MONTHS . Have you ever
noticed more people than ever are surfing the web and
more people than ever are surfing the web . Well, now
is your chance to capitalize on this ! WE will help
YOU use credit cards on your website plus turn your
business into an E-BUSINESS . You are guaranteed to
succeed because we take all the risk ! But don't believe
us . Ms Simpson who resides in Maine tried us and says
"I've been poor and I've been rich - rich is better"
. We are a BBB member in good standing ! We urge you
to contact us today for your own future financial well-being
. Sign up a friend and you'll get a discount of 50%
. Thank-you for your serious consideration of our offer
! Dear Friend ; This letter was specially selected
to be sent to you ! We will comply with all removal
requests . This mail is being sent in compliance with
Senate bill 2316 ; Title 8 , Section 301 ! Do NOT confuse
us with Internet scam artists . Why work for somebody
else when you can become rich as few as 24 WEEKS !
Have you ever noticed more people than ever are surfing
the web plus how many people you know are on the Internet
. Well, now is your chance to capitalize on this .
We will help you decrease perceived waiting time by
200% and turn your business into an E-BUSINESS . You
are guaranteed to succeed because we take all the risk
. But don't believe us . Mrs Simpson of Illinois tried
us and says "Now I'm rich many more things are possible"
! We assure you that we operate within all applicable
laws ! Do not delay - order today . Sign up a friend
and your friend will be rich too . Warmest regards
! Dear Sir or Madam ; Especially for you - this hot
information . We will comply with all removal requests
! This mail is being sent in compliance with Senate
bill 1916 ; Title 2 , Section 301 ! THIS IS NOT MULTI-LEVEL
MARKETING ! Why work for somebody else when you can
become rich in 89 days . Have you ever noticed most
everyone has a cellphone plus most everyone has a cellphone
! Well, now is your chance to capitalize on this !
WE will help YOU sell more & SELL MORE . You can begin
at absolutely no cost to you . But don't believe us
. Mr Jones of Minnesota tried us and says "I was skeptical
but it worked for me" ! We assure you that we operate
within all applicable laws ! We beseech you - act now
. Sign up a friend and you'll get a discount of 90%
. Thanks . Dear Cybercitizen ; Your email address has
been submitted to us indicating your interest in our
newsletter . If you are not interested in our publications
and wish to be removed from our lists, simply do NOT
respond and ignore this mail ! This mail is being sent
in compliance with Senate bill 2016 , Title 2 , Section
304 . This is different than anything else you've seen
! Why work for somebody else when you can become rich
in 48 weeks ! Have you ever noticed more people than
ever are surfing the web plus people love convenience
! Well, now is your chance to capitalize on this .
WE will help YOU deliver goods right to the customer's
doorstep & turn your business into an E-BUSINESS .
You can begin at absolutely no cost to you . But don't
believe us . Ms Anderson who resides in New York tried
us and says "My only problem now is where to park all
my cars" ! We are a BBB member in good standing . If
not for you then for your LOVED ONES - act now ! Sign
up a friend and you'll get a discount of 20% ! God
Bless . Dear Colleague , Your email address has been
submitted to us indicating your interest in our publication
. If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our mailing list . This
mail is being sent in compliance with Senate bill 2416
, Title 9 ; Section 308 ! This is NOT unsolicited bulk
mail . Why work for somebody else when you can become
rich within 24 MONTHS ! Have you ever noticed most
everyone has a cellphone and people love convenience
. Well, now is your chance to capitalize on this !
We will help you decrease perceived waiting time by
190% and sell more ! The best thing about our system
is that it is absolutely risk free for you ! But don't
believe us . Mrs Anderson of Indiana tried us and says
"Now I'm rich, Rich, RICH" . This offer is 100% legal
. So make yourself rich now by ordering immediately
. Sign up a friend and your friend will be rich too
. God Bless ! Dear Colleague ; We know you are interested
in receiving amazing information ! If you are not interested
in our publications and wish to be removed from our
lists, simply do NOT respond and ignore this mail !
This mail is being sent in compliance with Senate bill
1619 , Title 7 , Section 303 ! This is not multi-level
marketing . Why work for somebody else when you can
become rich within 37 days ! Have you ever noticed
nobody is getting any younger plus people love convenience
! Well, now is your chance to capitalize on this .
WE will help YOU decrease perceived waiting time by
140% plus deliver goods right to the customer's doorstep
. You can begin at absolutely no cost to you . But
don't believe us ! Mrs Simpson of Illinois tried us
and says "I was skeptical but it worked for me" . We
are licensed to operate in all states ! Because the
Internet operates on "Internet time" you must make
a commitment soon ! Sign up a friend and you get half
off ! Thank-you for your serious consideration of our
offer . Dear Friend ; We know you are interested in
receiving amazing info ! We will comply with all removal
requests . This mail is being sent in compliance with
Senate bill 2716 , Title 5 , Section 303 ! This is
not a get rich scheme . Why work for somebody else
when you can become rich within 52 days ! Have you
ever noticed how many people you know are on the Internet
and the baby boomers are more demanding than their
parents ! Well, now is your chance to capitalize on
this . WE will help YOU decrease perceived waiting
time by 170% and turn your business into an E-BUSINESS
. You are guaranteed to succeed because we take all
the risk ! But don't believe us ! Mrs Anderson who
resides in Alabama tried us and says "Now I'm rich,
Rich, RICH" ! We are a BBB member in good standing
. So make yourself rich now by ordering immediately
! Sign up a friend and you get half off ! Thanks .
Dear Salaryman ; Especially for you - this red-hot
news ! We will comply with all removal requests . This
mail is being sent in compliance with Senate bill 1618
, Title 4 , Section 308 . THIS IS NOT MULTI-LEVEL MARKETING
. Why work for somebody else when you can become rich
inside 27 days ! Have you ever noticed nearly every
commercial on television has a .com on in it & nearly
every commercial on television has a .com on in it
! Well, now is your chance to capitalize on this !
WE will help YOU decrease perceived waiting time by
180% plus turn your business into an E-BUSINESS . You
can begin at absolutely no cost to you ! But don't
believe us ! Prof Ames who resides in Washington tried
us and says "I was skeptical but it worked for me"
. We assure you that we operate within all applicable
laws ! We implore you - act now . Sign up a friend
and you'll get a discount of 10% . Thank-you for your
serious consideration of our offer ! Dear Friend ;
This letter was specially selected to be sent to you
! If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our club ! This mail is
being sent in compliance with Senate bill 1622 , Title
7 ; Section 303 ! Do NOT confuse us with Internet scam
artists . Why work for somebody else when you can become
rich in 10 weeks ! Have you ever noticed people will
do almost anything to avoid mailing their bills & people
love convenience ! Well, now is your chance to capitalize
on this . WE will help YOU turn your business into
an E-BUSINESS & SELL MORE . You can begin at absolutely
no cost to you ! But don't believe us . Mr Ames of
Louisiana tried us and says "Now I'm rich, Rich, RICH"
. We are licensed to operate in all states . We BESEECH
you - act now . Sign up a friend and you'll get a discount
of 50% ! Thank-you for your serious consideration of
our offer .

使用工具:https://spammimic.com/decode.cgi 解码得到压缩包提示所说的中文乱码

籱籰籪籶籮粄簹籴籨粂籸籾籨籼簹籵籿籮籨籪籵簺籨籽籱簼籨籼籮籬类簼籽粆

最后rot8000解码

龙之舞

题目

新年快要到了,来看看龙年的龙之舞吧(~ ̄▽ ̄)~请注意,拿到正确的二维码后解码就是flag 但是一开始未必正确

一个wav文件

我的解答:

查看wav文件名字知道应该是使用deepsound,打开文件后要求输入密码

频谱图发现密码 5H8w1nlWCX3hQLG

分离出一个压缩包,解压是个gif,GIF分离可找到二维码部分内容如下:

054.png

120.png

152.png

231.png

把二维码拼接起来 https://merri.cx/qrazybox/ 扫描发现扫不出来。。

修改一下掩码到M4得到flag

hgame{drag0n_1s_d4nc1ng}

 
posted @ 2024-02-15 22:15  Kicky_Mu  阅读(564)  评论(0编辑  收藏  举报