西瓜杯CTF2024

前言

闲着无聊做一下，也是出了一道很简单的密码，也是被秒了

最后结果，misc差一题，reverse当misc做了也差一题，web就第一题，pwn没有。
更加坚定了只搞密码的决心了。

crypto

奇怪的条形码

硬看，然后根据base64解密结果微调

关键点：大小写字母大写J和小写p

最后因为题目flag设置错误，后面才提交成功

简单密码

输出一下ctfshow的十六进制就很容易看出来了

 from Crypto.Util.number import *
a=b'ctfshow'
print(a.hex())
#      63746673686f77
flag=0x647669776d757e83817372816e707479707c888789757c92788d84838b878d9d
flag=long_to_bytes(flag)
k=1
for i in flag:
    print(chr(i-k),end="")
    k=k+1
#ctfshow{xiguabei_just_ez_signin}

factor

将leak1和leak2异或后就是p异或q

套dfs剪枝代码即可

 """from Crypto.Util.number import *
import gmpy2
import os
from enc import flag
 
hint = os.urandom(36)
tmp = bytes_to_long(hint)
m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
d = getPrime(400)
phi = (p-1)*(q-1)
e = gmpy2.invert(d,phi)
n = p*q
c = pow(m,e,n)
leak1 = p^tmp
leak2 = q^tmp
print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
print(f"leak1 = {leak1}")
print(f"leak2 = {leak2}")"""
from Crypto.Util.number import *
from gmpy2 import *
import os
hint = os.urandom(36)
 
 
n = 145462084881728813723574366340552281785604069047381248513937024180816353963950721541845665931261230969450819680771925091152670386983240444354412170994932196142227905635227116456476835756039585419001941477905953429642459464112871080459522266599791339252614674500304621383776590313803782107531212756620796159703
e = 10463348796391625387419351013660920157452350067191419373870543363741187885528042168135531161031114295856009050029737547684735896660393845515549071092389128688718675573348847489182651631515852744312955427364280891600765444324519789452014742590962030936762237037273839906251320666705879080373711858513235704113
c = 60700608730139668338977678601901211800978306010063875269252006068222163102100346920465298044880066999492746508990629867396189713753873657197546664480233269806308415874191048149900822050054539774370134460339681949131037133783273410066318511508768512778132786573893529705068680583697574367357381635982316477364
leak1 = 13342820281239625174817085182586822673810894195223942279061039858850534510679297962596800315875604798047264337469828123370586584840078728059729121435462780
leak2 = 10901899434728393473569359914062349292412269512201554924835672710780580634465799069211035290729536290605761024818770843901501694556825737462457471235151530
 
leak= leak1^leak2
 
#https://skatexu.github.io/2023/11/30/RSA-p-q/
sys.setrecursionlimit(3000)  # 将默认的递归深度修改为3000
pq = []
leak_bits = 1024
xor = bin(leak)[2:].zfill(1024)
 
def pq_high_xor(p="", q=""):
    lp, lq = len(p), len(q)
    tp0 = int(p + (1024-lp) * "0", 2)
    tq0 = int(q + (1024-lq) * "0", 2)
    tp1 = int(p + (1024-lp) * "1", 2)
    tq1 = int(q + (1024-lq) * "1", 2)
 
    if tp0 * tq0 > n or tp1 * tq1 < n:
        return
    if lp == leak_bits:
        pq.append(tp0)
        return
 
    if xor[lp] == "1":
        pq_high_xor(p + "0", q + "1")
        pq_high_xor(p + "1", q + "0")
    else:
        pq_high_xor(p + "0", q + "0")
        pq_high_xor(p + "1", q + "1")
 
pq_high_xor()
p,q=pq
print(long_to_bytes(pow(c,invert(e,p-1),p)))
#b'cftshow{do_you_know_what_is_xor_and_prune!!!}'

给你d又怎样

讲一下出题思路：

单纯是因为之前有一次看错了，把print(n,e,c)看成pow(n,e,c)，然后想了半天

出题时需要具体数据，需要保证 c>n-c

然后我不想搞其他的了，就直接让sage可以计算c的欧拉函数，然后给d直接解就好了

解题

n = c + a h i n t = n^{e} m o d (c) 二 项 式 定 理 ： h i n t = a^{e} m o d (c) e * d_{c} = 1 m o d (ϕ (c)) h i n t^{d_{c}} = a^{e * d_{c}} = a m o d (c)

$n=c+a\\ hint=n^e\quad mod(c)\\ 二项式定理：hint=a^e\quad mod(c)\\ e*d_c=1\quad mod(\phi(c))\\ hint^{d_c}=a^{e*d_c}=a\quad mod(c)$

之后给了d就正常解了

 #sage
from Crypto.Util.number import *
from gmpy2 import *
 
c= 48794779998818255539069127767619606491113391594501378173579539128476862598083
hint= 7680157534215495795423318554486996424970862185001934572714615456147511225105
e= 65537
d= 45673813678816865674850575264609274229013439838298838024467777157494920800897
 
 
phic=euler_phi(c)
 
print(gcd(e,phic))
 
dc=invert(e,phic)
 
a=pow(hint,dc,c)
 
n=int(a)+int(c)
 
print(long_to_bytes(int(pow(c,d,n))))
#ctfshow{Oh_u_knOw_4uler}

混合密码体系

正常解rsa，然后知道key和iv直接解密aes即可

 """# 库
from Crypto.Util.number import bytes_to_long,getPrime
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
 
# 对称加密
flag = b'ctfshow{***}'      # 密文，隐藏
key = b'flag{***}'      # 会话密钥，隐藏
iv = b'flag{1fake_flag}'       # AES偏移向量，已知
# 对明文进行填充，使其长度符合AES加密的要求
padded_plaintext = pad(flag, AES.block_size)
 
# 创建AES加密对象
cipher = AES.new(key, AES.MODE_CBC, iv)
 
# 加密
ciphertext = cipher.encrypt(padded_plaintext)
 
# 加密后的文本通常是字节串，转成整数便于进行会话密钥的RSA加密
c1 = bytes_to_long(ciphertext)
 
print(f'c1 = {c1}')
 
# 非对称加密
m = bytes_to_long(key)
e = 0x10001
p = getPrime(1024)
q = getPrime(1024)
n = p * q
c = pow(m,e,n)
print(f'p = {p}')
print(f'q = {q}')
print(f'n = {n}')
print(f'c2 = {c}')
# print("hint:key需要转成字节流也就是b''")
"""
from Crypto.Util.number import *
from Crypto.Cipher import AES
from gmpy2 import *
c1 = 10274623386006297478525964130173470046355982953419353351509177330015001060887455252482567718546651504491658563014875
p = 126682770761631193509957156425049279522830651950325320826580754739365086374362604934854454428815835196844469535588686149210573266628767888593088817059600076401582225549728184309047483547810100015820325082976781284679340880386138390518973395696206374336712856387090369022746536868747455939074262253452873845903
q = 99825079362327808334563489684167271427241139432727401182808888165552821217781929397837262324242177528386988701584385208395369790542025175917752058047649096340776854252623173162664426065810683048016574420043010318337693586527652970534982946701493024718805916479479658257730226388868060010370893747360166996939
n = 12646117645119414744807511144503229609414192869007113075368323921021672404219693075011763838210400633721060798765473421092201704833591315689681668160927426685183273670665030724394172000165517517884654100267567861284096827407481978978840602383267875832034344793848710383473014512122260278131503985961857107838296047172582364612603344429943715046318283653354068887129071531081918798285138812386418361474496678248683513378861801570673376726388110813411011818940310547686977359605296489433805717348250520973842927175837164120905300831792358190183785344002217291207378744610039145999012939983693891188308725179098958690917
c2 = 5211902378262010726785508340196935051860438587769647187076059600864676774592415052428465708887047312982844957691943180258845015420187239772414768121857728821510440178906193308448250067671679439841031484589864038401572589752057423667532898133171822921282769652197139455317095891357335645435094243006629469245881345449943250189771998449015275390517315432969774421721243965028796050948747282387052634211032729131656214346307483397410725129682422969273915759947596313513270946529649661334582775282060624547405060499311618257517792321792697831000977711752728887999320311631022598717946355057272761740061999974856808147244
e = 0x10001
 
key=long_to_bytes(pow(c2,invert(e,p-1),p))
iv = b'flag{1fake_flag}'
 
cipher = AES.new(key, AES.MODE_CBC, iv)
flag = cipher.decrypt(long_to_bytes(c1))
print(flag)
# b'ctfshow{Hybrid_password_system_is_chaos}\x08\x08\x08\x08\x08\x08\x08\x08'

misc

她说她想结婚

提示：图片上的汉字是某个key

010打开搜索IEND

有之前比赛的经历知道9E97BA2A是oursecret加密的特征，先提取出来，后面还有压缩包提取出来

压缩包内有0-10.txt，flag.txt，tips.txt

flag.txt后面特征是snow加密，根据提示得到密码

解密得到ctfshow{W1sh1ng_every0ne_4_

之后根据tips的时间是2012/5/20 13:14，然后0-10.txt属性打开里面修改时间很奇怪，根据之前ISCC有一题的思路，先提取一下看看。

 import os
for i in range(11):
    filename = "./暧昧/{0}.txt".format(i)
    file_attr = os.stat(filename)
    create_time = str(file_attr.st_mtime)
    print(file_attr.st_mtime)
    #print(chr(int(create_time[7:10])),end='')

会发现最后三位都在ascii可显示字符范围内，提取一下得到 lfz:dtfTh0x

到这里卡住了，想了一会，感觉这一串很奇怪，应该是有特殊意义英文才对，放随波逐流里看一下。

得到key:cseSg0w，但是会发现不成功，最后看里面字符感觉跟ctfshow有关，然后跟一开始得到的一对比

就得到key:ctfSh0w，这就是一开始oursecret的密钥

你是我的眼

jebpro打开看伪代码即可

二维码拼图

拼接然后根据边缘对齐一下（不会ps，我直接在word里搞了

然后直接手绘，累死我了

之前在dk的群里面有Tokeii 发的项目地址：

Tokeii0/LoveLy-QRCode-Scanner: A script to brute force decode QR codes, mainly for decoding blurred or AI-generated QR codes that can't be scanned by WeChat. (github.com)

找来解码之后会发现预计二维码个数是1的话，会解出来2:QRc0de_所以猜测要改一下，这边改成三个就是全部了。

ctfshow{Ai_Art_QRc0de_iS_Amz!}

web

CodeInject

直接命令执行

关键点：system里面语句要加双引号

reverse

pe

直接strings秒了

一个西瓜切两半你一半我一半

python反汇编得到代码，将密文密钥复制过来改一下就好了

 """#https://tool.lu/pyc/
flag = 'ctfshow{this_is_fake_flag}'
key = '这是假的密钥'
tmp = ''
for i in flag:
    tmp += chr(ord(i) - 32)
 
crypt = ''
for i in range(len(tmp)):
    crypt += chr(ord(tmp[i]) + ord(key[i % len(key)]))
 
print(crypt)
"""
 
crypt = '乃乾觅甯剏乳厡侻丨厏扝乌博丿乜规甲剌乶厝侥丿卻扚丠厘丿乎覟瓬剤'
key = '一个西瓜切两半你一半我一半'
flag = ''
for i in range(len(crypt)):
    flag += chr(ord(crypt[i]) - ord(key[i % len(key)]))
    
tmp = ''
 
for i in flag:
    tmp += chr(ord(i) + 32)
 
print(tmp)
#ctfshow{Hell0_Reverse_Qi@n_D@0}

探索进制转换的奥秘

ida打开得到十六进制串，直接解码就是flag

E

直接OD调试就出来了？？？？？？？？？？？？？？

posted on 2024-07-07 20:05 Naby 阅读(1003) 评论(1) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· ISCC2024-练武

· SHCTF2024-week1-crypto&其他

· ctf刷题wp

· LitCTF 2024 -- WP

· CTFshow菜狗杯-misc-wp（详解脚本过程全）

阅读排行：
· 单线程的Redis速度为什么快？
· 展开说说关于C#中ORM框架的用法！
· Pantheons：用 TypeScript 打造主流大模型对话的一站式集成库
· SQL Server 2025 AI相关能力初探
· 为什么退出登录或修改密码无法使 token 失效

naby

导航

统计

公告

搜索

常用链接

随笔分类

随笔档案

阅读排行榜

评论排行榜

推荐排行榜

最新评论