西瓜杯CTF2024
前言
闲着无聊做一下,也是出了一道很简单的密码,也是被秒了
最后结果,misc差一题,reverse当misc做了也差一题,web就第一题,pwn没有。
更加坚定了只搞密码的决心了。
crypto
奇怪的条形码
硬看,然后根据base64解密结果微调
关键点:大小写 字母大写J和小写p
最后因为题目flag设置错误,后面才提交成功
简单密码
输出一下ctfshow的十六进制就很容易看出来了
from Crypto.Util.number import *
a=b'ctfshow'
print(a.hex())
# 63746673686f77
flag=0x647669776d757e83817372816e707479707c888789757c92788d84838b878d9d
flag=long_to_bytes(flag)
k=1
for i in flag:
print(chr(i-k),end="")
k=k+1
#ctfshow{xiguabei_just_ez_signin}
factor
将leak1和leak2异或后就是p异或q
套dfs剪枝代码即可
"""from Crypto.Util.number import *
import gmpy2
import os
from enc import flag
hint = os.urandom(36)
tmp = bytes_to_long(hint)
m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
d = getPrime(400)
phi = (p-1)*(q-1)
e = gmpy2.invert(d,phi)
n = p*q
c = pow(m,e,n)
leak1 = p^tmp
leak2 = q^tmp
print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
print(f"leak1 = {leak1}")
print(f"leak2 = {leak2}")"""
from Crypto.Util.number import *
from gmpy2 import *
import os
hint = os.urandom(36)
n = 145462084881728813723574366340552281785604069047381248513937024180816353963950721541845665931261230969450819680771925091152670386983240444354412170994932196142227905635227116456476835756039585419001941477905953429642459464112871080459522266599791339252614674500304621383776590313803782107531212756620796159703
e = 10463348796391625387419351013660920157452350067191419373870543363741187885528042168135531161031114295856009050029737547684735896660393845515549071092389128688718675573348847489182651631515852744312955427364280891600765444324519789452014742590962030936762237037273839906251320666705879080373711858513235704113
c = 60700608730139668338977678601901211800978306010063875269252006068222163102100346920465298044880066999492746508990629867396189713753873657197546664480233269806308415874191048149900822050054539774370134460339681949131037133783273410066318511508768512778132786573893529705068680583697574367357381635982316477364
leak1 = 13342820281239625174817085182586822673810894195223942279061039858850534510679297962596800315875604798047264337469828123370586584840078728059729121435462780
leak2 = 10901899434728393473569359914062349292412269512201554924835672710780580634465799069211035290729536290605761024818770843901501694556825737462457471235151530
leak= leak1^leak2
#https://skatexu.github.io/2023/11/30/RSA-p-q/
sys.setrecursionlimit(3000) # 将默认的递归深度修改为3000
pq = []
leak_bits = 1024
xor = bin(leak)[2:].zfill(1024)
def pq_high_xor(p="", q=""):
lp, lq = len(p), len(q)
tp0 = int(p + (1024-lp) * "0", 2)
tq0 = int(q + (1024-lq) * "0", 2)
tp1 = int(p + (1024-lp) * "1", 2)
tq1 = int(q + (1024-lq) * "1", 2)
if tp0 * tq0 > n or tp1 * tq1 < n:
return
if lp == leak_bits:
pq.append(tp0)
return
if xor[lp] == "1":
pq_high_xor(p + "0", q + "1")
pq_high_xor(p + "1", q + "0")
else:
pq_high_xor(p + "0", q + "0")
pq_high_xor(p + "1", q + "1")
pq_high_xor()
p,q=pq
print(long_to_bytes(pow(c,invert(e,p-1),p)))
#b'cftshow{do_you_know_what_is_xor_and_prune!!!}'
给你d又怎样
讲一下出题思路:
单纯是因为之前有一次看错了,把print(n,e,c)看成pow(n,e,c),然后想了半天
出题时需要具体数据,需要保证 c>n-c
然后我不想搞其他的了,就直接让sage可以计算c的欧拉函数,然后给d直接解就好了
解题
\[n=c+a\\
hint=n^e\quad mod(c)\\
二项式定理:hint=a^e\quad mod(c)\\
e*d_c=1\quad mod(\phi(c))\\
hint^{d_c}=a^{e*d_c}=a\quad mod(c)
\]
之后给了d就正常解了
#sage
from Crypto.Util.number import *
from gmpy2 import *
c= 48794779998818255539069127767619606491113391594501378173579539128476862598083
hint= 7680157534215495795423318554486996424970862185001934572714615456147511225105
e= 65537
d= 45673813678816865674850575264609274229013439838298838024467777157494920800897
phic=euler_phi(c)
print(gcd(e,phic))
dc=invert(e,phic)
a=pow(hint,dc,c)
n=int(a)+int(c)
print(long_to_bytes(int(pow(c,d,n))))
#ctfshow{Oh_u_knOw_4uler}
混合密码体系
正常解rsa,然后知道key和iv直接解密aes即可
"""# 库
from Crypto.Util.number import bytes_to_long,getPrime
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
# 对称加密
flag = b'ctfshow{***}' # 密文,隐藏
key = b'flag{***}' # 会话密钥,隐藏
iv = b'flag{1fake_flag}' # AES偏移向量,已知
# 对明文进行填充,使其长度符合AES加密的要求
padded_plaintext = pad(flag, AES.block_size)
# 创建AES加密对象
cipher = AES.new(key, AES.MODE_CBC, iv)
# 加密
ciphertext = cipher.encrypt(padded_plaintext)
# 加密后的文本通常是字节串,转成整数便于进行会话密钥的RSA加密
c1 = bytes_to_long(ciphertext)
print(f'c1 = {c1}')
# 非对称加密
m = bytes_to_long(key)
e = 0x10001
p = getPrime(1024)
q = getPrime(1024)
n = p * q
c = pow(m,e,n)
print(f'p = {p}')
print(f'q = {q}')
print(f'n = {n}')
print(f'c2 = {c}')
# print("hint:key需要转成字节流也就是b''")
"""
from Crypto.Util.number import *
from Crypto.Cipher import AES
from gmpy2 import *
c1 = 10274623386006297478525964130173470046355982953419353351509177330015001060887455252482567718546651504491658563014875
p = 126682770761631193509957156425049279522830651950325320826580754739365086374362604934854454428815835196844469535588686149210573266628767888593088817059600076401582225549728184309047483547810100015820325082976781284679340880386138390518973395696206374336712856387090369022746536868747455939074262253452873845903
q = 99825079362327808334563489684167271427241139432727401182808888165552821217781929397837262324242177528386988701584385208395369790542025175917752058047649096340776854252623173162664426065810683048016574420043010318337693586527652970534982946701493024718805916479479658257730226388868060010370893747360166996939
n = 12646117645119414744807511144503229609414192869007113075368323921021672404219693075011763838210400633721060798765473421092201704833591315689681668160927426685183273670665030724394172000165517517884654100267567861284096827407481978978840602383267875832034344793848710383473014512122260278131503985961857107838296047172582364612603344429943715046318283653354068887129071531081918798285138812386418361474496678248683513378861801570673376726388110813411011818940310547686977359605296489433805717348250520973842927175837164120905300831792358190183785344002217291207378744610039145999012939983693891188308725179098958690917
c2 = 5211902378262010726785508340196935051860438587769647187076059600864676774592415052428465708887047312982844957691943180258845015420187239772414768121857728821510440178906193308448250067671679439841031484589864038401572589752057423667532898133171822921282769652197139455317095891357335645435094243006629469245881345449943250189771998449015275390517315432969774421721243965028796050948747282387052634211032729131656214346307483397410725129682422969273915759947596313513270946529649661334582775282060624547405060499311618257517792321792697831000977711752728887999320311631022598717946355057272761740061999974856808147244
e = 0x10001
key=long_to_bytes(pow(c2,invert(e,p-1),p))
iv = b'flag{1fake_flag}'
cipher = AES.new(key, AES.MODE_CBC, iv)
flag = cipher.decrypt(long_to_bytes(c1))
print(flag)
# b'ctfshow{Hybrid_password_system_is_chaos}\x08\x08\x08\x08\x08\x08\x08\x08'
misc
她说她想结婚
提示:图片上的汉字是某个key
010打开搜索IEND
有之前比赛的经历知道9E97BA2A是oursecret加密的特征,先提取出来,后面还有压缩包提取出来
压缩包内有0-10.txt,flag.txt,tips.txt
flag.txt后面特征是snow加密,根据提示得到密码
解密得到ctfshow{W1sh1ng_every0ne_4_
之后根据tips的时间是2012/5/20 13:14,然后0-10.txt属性打开里面修改时间很奇怪,根据之前ISCC有一题的思路,先提取一下看看。
import os
for i in range(11):
filename = "./暧昧/{0}.txt".format(i)
file_attr = os.stat(filename)
create_time = str(file_attr.st_mtime)
print(file_attr.st_mtime)
#print(chr(int(create_time[7:10])),end='')
会发现最后三位都在ascii可显示字符范围内,提取一下得到 lfz:dtfTh0x
到这里卡住了,想了一会,感觉这一串很奇怪,应该是有特殊意义英文才对,放随波逐流里看一下。
得到key:cseSg0w,但是会发现不成功,最后看里面字符感觉跟ctfshow有关,然后跟一开始得到的一对比
就得到key:ctfSh0w,这就是一开始oursecret的密钥
你是我的眼
jebpro打开看伪代码即可
二维码拼图
拼接然后根据边缘对齐一下(不会ps,我直接在word里搞了
然后直接手绘,累死我了
signin
之前在dk的群里面有Tokeii 发的项目地址:
找来解码之后会发现预计二维码个数是1的话,会解出来2:QRc0de_所以猜测要改一下,这边改成三个就是全部了。
ctfshow{Ai_Art_QRc0de_iS_Amz!}
web
CodeInject
直接命令执行
关键点:system里面语句要加双引号
reverse
pe
直接strings秒了
一个西瓜切两半你一半我一半
python反汇编得到代码,将密文密钥复制过来改一下就好了
"""#https://tool.lu/pyc/
flag = 'ctfshow{this_is_fake_flag}'
key = '这是假的密钥'
tmp = ''
for i in flag:
tmp += chr(ord(i) - 32)
crypt = ''
for i in range(len(tmp)):
crypt += chr(ord(tmp[i]) + ord(key[i % len(key)]))
print(crypt)
"""
crypt = '乃乾觅甯剏乳厡侻丨厏扝乌博丿乜规甲剌乶厝侥丿卻扚丠厘丿乎覟瓬剤'
key = '一个西瓜切两半你一半我一半'
flag = ''
for i in range(len(crypt)):
flag += chr(ord(crypt[i]) - ord(key[i % len(key)]))
tmp = ''
for i in flag:
tmp += chr(ord(i) + 32)
print(tmp)
#ctfshow{Hell0_Reverse_Qi@n_D@0}
探索进制转换的奥秘
ida打开得到十六进制串,直接解码就是flag
E
直接OD调试就出来了??????????????
