SHCTF2024-week1-crypto&其他
写密码+其他的稍微看看
Week1
Crypto
d_known
from Crypto.Util.number import *
from gmpy2 import*
from flag import flag
m = bytes_to_long(flag)
p = getPrime(1024)
q = next_prime(p)
n = p * q
e = 0x10001
d = inverse(e, (p-1) * (q-1))
c = pow(m, e, n)
print(c)
print(d)
\(e*d=1+k(p-1)*(q-1)\)
我们知道p和q相近,且知道p和q的位数,也可以计算出\(k(p-1)(q-1)\)
我们就可以爆破kphi,然后直接开根,在一个小范围里找出flag
from Crypto.Util.number import *
from gmpy2 import*
c = 6732251865518539816164424072881268319031331097652330813280683433357801335392912177839752934223666820817426632127352928430012362924774912477109386830642999347655174646486445749282081282131296883166737218186933150962954375021792510359249354608393910760866285720493437099307009772363622740758020450195058117428033257931181355503862561253831338555714889714354329478309157001314105412865222237034290374400091189055727376519273128476126263310458266841590313023188003911952343519869473445661561073623892887752662030827442327135879769080060164402731521556649771103135168057114303776160563813899618546785999749664177453632113
d = 11371580488052460364061084069704641839174413746220695175554663449524234948335256195937545669217400540775148109520252191887923992650699774976840228129947067273971611578960093458221417649211802998948255284549550327209608951277790691750176306647013841775784127208779682066022248206322448435923296521731067094090722931128289230166731316016559509613812382769439697093763600981220856565912350418801087801159700549049260015100996680924659351921989952140635505978192913908332000472530408585162635570201105801365273780636017489787165910874274076972387901429211792329811097435011802258823111183660801103517212211007626963313585
e=0x10001
p_bits=1024
q_bits=1024
k_phi = e*d -1
pphi = []
for k in range(e,2,-1):
if k_phi % k == 0:
tmp = k_phi // k
if int(tmp).bit_length()==p_bits+q_bits:
pphi.append(tmp)
print(len(pphi))
for k in pphi:
pp=iroot(k,2)[0]
pp=next_prime(pp)
for i in range(100):
flag=long_to_bytes(pow(c,invert(e,pp-1),pp))
if b'SHCTF' in flag:
print(flag)
exit()
pp=next_prime(pp)
#b'SHCTF{a47dee42-f097-4aa8-b0a4-5183df80b230}'
baby_mod
from Crypto.Util.number import *
from enc import flag
m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
r = getPrime(777)
t = getPrime(777)
tmp = getPrime(15)
e = 65537
n = p*q
print(f"c = {pow(m,e,n)}")
print(f"leak = {p*r-q*t-tmp}")
print(f"r = {r}")
print(f"t = {t}")
我们知道\(leak=p*r-q*t-tmp\)
tmp的值在15位bit,范围较小我们可以爆破,这里不考虑,记\(leak=laek+tmp=p*r-q*t\)
关键点在于r和t的bits位数都大于p和q,而且t和r都素数,可以互相求模逆元,所以我们直接计算出p和q
\[leak\mod r=-q*t \mod r\\
q=leak*(-t)^{-1}\mod r
\]
(同理可以求出p)
from Crypto.Util.number import *
from gmpy2 import *
c = 71234358574362873102364773802615022440394390446444390689714741290273256497624990382730338332158663555287988268595847316457126725465934797593513638874080685234812619607085870642413735129064333224013231845589579968352149987746733082038743926312136617735737911790112644979985292337941440005746915062896129072777
leak = 2217488402566151788696168373426094740519351868786430669391214527591322807736221920621550927091543088314007690386894840897074614743933753244173854967425133479984993125811498747715413075715060875227040103463552575330232198985262343584404068367662218021241516914268202429825385451154716855517698999217286233212883976929431520295647139310474770195069360507813140653593200423906263689190196941
r = 646318094023677204527871439846728286610915145770782515880490500338118827547552454143674595295593483857447183764297927877955433524028721434976463867920536240963456378175496414765880178663672652425288097309012713851733051985028662176767
t = 411152195791514027140198841770649225930812047768916179668614369267330226695072559818563655559461575922343428542543751957306358237424055209296982269437988221098480220776423566575802287022940784911752257706236556835428048277615354900397
tmp=1<<14
tmp=next_prime(tmp)
while int(tmp).bit_length()==15:
x=leak+tmp
pr=x%t
p=pr*invert(r,t)%t
qt=x%r
q=qt*invert(-t,r)%r
flag=long_to_bytes(pow(c,invert(65537,(p-1)*(q-1)),p*q))
if b'SHCTF' in flag:
print(flag)
break
tmp=next_prime(tmp)
#b'SHCTF{004df497-194a-4adb-a675-498ff80946a4}'
factor
from Crypto.Util.number import *
import random
from enc import flag
m = bytes_to_long(flag)
e = 65537
def prod(iterable):
result = 1
for num in iterable:
result *= num
return result
prime_list = [getPrime(64) for _ in range(10) ]
N = prod(prime_list)
p_list = random.sample(prime_list,7)
n = prod(p_list)
c = pow(m,e,n)
print(f"c = {c}")
print(f"N = {N}")
使用yafu分解N,得到10个素数
之后使用itertools.combinations获取排列组合
from Crypto.Util.number import *
from gmpy2 import *
import itertools
c = 23004755116878607073624694120649904898102485842323826177902487373065772894122205918826511683597922430010180764018700722556516290641869
N = 308344305874645376015963727981914039707486624508596925086819461347045249729842794308066615705021259865026113651546331354369349779234219625886470244077292562936505251860168155667929860129834587
e=65537
primes=[14012092775618402167,13411249231920803309,13425784317996046501,17819491002447687233,13449070583582228873,17539224329491937077,13718852851547077441,11174013735392576779,11951915451339701093,15869438763119386439]
combination = list(itertools.combinations(primes, 7))
for i in combination:
tn=1
tphi=1
for j in i:
tn=tn*j
tphi=tphi*(j-1)
flag=long_to_bytes(pow(c,invert(e,tphi),tn))
if b'SHCTF' in flag:
print(flag)
exit()
#b'SHCTF{67413ad2-075b-47d8-9d86-1d29ccbc4cdb}'
Hello Crypto
"""from Crypto.Util.number import bytes_to_long
from secret import flag
m = bytes_to_long(flag)
print("m =",m)"""
# In cryptography, m stands for message, also plaintext
# so, why this m is number?
# decrypt this Message to get flag!
# m = 215055650564999213791247133289347770846757311250337484801655810524947866273730401062021630962586238680586194198876914922365
print(bytes.fromhex(hex(215055650564999213791247133289347770846757311250337484801655810524947866273730401062021630962586238680586194198876914922365)[2:]))
#b'SHCTF{H3LlO_C71Er_wELC0M3_70_crypTO_w0RLd_lf8D5D33}'
EzAES
from Crypto.Cipher import AES
import os
iv = os.urandom(16)
key = os.urandom(16)
my_aes = AES.new(key, AES.MODE_CBC, iv)
flag = open('flag.txt', 'rb').read()
flag += (16 - len(flag) % 16) * b'???'
c = my_aes.encrypt(flag)
print(c)
print(iv)
print(key)
'''
b'd\x0c[\x99v\x07\xa4\x03\xbd_\x1bR-\xcf\xbd\x87\xe9\xf4\xfe4\x80&\x15&\xfbZ\xfa\xb4\xcd\x9b\xd7\xba\xf0\x92t\x0e\x81K\xe8J\xbcF\x1b_\x0cm\x91\x08'
b'\xa1%\x95\x9d<?C\x01~Qs\xc6\xcfNb\x07'
b'"\xb5\x18!p\tt\x93\xa0\xd8\xe0\xaa;\'2\x14'
直接解密就好了
from Crypto.Cipher import AES
import os
c=b'd\x0c[\x99v\x07\xa4\x03\xbd_\x1bR-\xcf\xbd\x87\xe9\xf4\xfe4\x80&\x15&\xfbZ\xfa\xb4\xcd\x9b\xd7\xba\xf0\x92t\x0e\x81K\xe8J\xbcF\x1b_\x0cm\x91\x08'
iv=b'\xa1%\x95\x9d<?C\x01~Qs\xc6\xcfNb\x07'
key=b'"\xb5\x18!p\tt\x93\xa0\xd8\xe0\xaa;\'2\x14'
my_aes = AES.new(key, AES.MODE_CBC, iv)
print(my_aes.decrypt(c))
#b'SHCTF{78202b88-e856-4055-9f1f-dbdbcdfa8399}\x00\x00\x00\x00\x00'
Misc
Quarantine
查到一个视频wp
但是里面代码没找到现成的,我直接照着敲了
import struct
def mse_ksa():
# hardcoded key obtained from mpengine.dll
key = [
0x1E, 0x87, 0x78, 0x1B, 0x8D, 0xBA, 0xA8, 0x44, 0xCE, 0x69,
0x70, 0x2C, 0x0C, 0x78, 0xB7, 0x86, 0xA3, 0xF6, 0x23, 0xB7,
0x38, 0xF5, 0xED, 0xF9, 0xAF, 0x83, 0x53, 0x0F, 0xB3, 0xFC,
0x54, 0xFA, 0xA2, 0x1E, 0xB9, 0xCF, 0x13, 0x31, 0xFD, 0x0F,
0x0D, 0xA9, 0x54, 0xF6, 0x87, 0xCB, 0x9E, 0x18, 0x27, 0x96,
0x97, 0x90, 0x0E, 0x53, 0xFB, 0x31, 0x7C, 0x9C, 0xBC, 0xE4,
0x8E, 0x23, 0xD0, 0x53, 0x71, 0xEC, 0xC1, 0x59, 0x51, 0xB8,
0xF3, 0x64, 0x9D, 0x7C, 0xA3, 0x3E, 0xD6, 0x8D, 0xC9, 0x04,
0x7E, 0x82, 0xC9, 0xBA, 0xAD, 0x97, 0x99, 0xD0, 0xD4, 0x58,
0xCB, 0x84, 0x7C, 0xA9, 0xFF, 0xBE, 0x3C, 0x8A, 0x77, 0x52,
0x33, 0x55, 0x7D, 0xDE, 0x13, 0xA8, 0xB1, 0x40, 0x87, 0xCC,
0x1B, 0xC8, 0xF1, 0x0F, 0x6E, 0xCD, 0xD0, 0x83, 0xA9, 0x59,
0xCF, 0xF8, 0x4A, 0x9D, 0x1D, 0x50, 0x75, 0x5E, 0x3E, 0x19,
0x18, 0x18, 0xAF, 0x23, 0xE2, 0x29, 0x35, 0x58, 0x76, 0x6D,
0x2C, 0x07, 0xE2, 0x57, 0x12, 0xB2, 0xCA, 0x0B, 0x53, 0x5E,
0xD8, 0xF6, 0xC5, 0x6C, 0xE7, 0x3D, 0x24, 0xBD, 0xD0, 0x29,
0x17, 0x71, 0x86, 0x1A, 0x54, 0xB4, 0xC2, 0x85, 0xA9, 0xA3,
0xDB, 0x7A, 0xCA, 0x6D, 0x22, 0x4A, 0xEA, 0xCD, 0x62, 0x1D,
0xB9, 0xF2, 0xA2, 0x2E, 0xD1, 0xE9, 0xE1, 0x1D, 0x75, 0xBE,
0xD7, 0xDC, 0x0E, 0xCB, 0x0A, 0x8E, 0x68, 0xA2, 0xFF, 0x12,
0x63, 0x40, 0x8D, 0xC8, 0x08, 0xDF, 0xFD, 0x16, 0x4B, 0x11,
0x67, 0x74, 0xCD, 0x0B, 0x9B, 0x8D, 0x05, 0x41, 0x1E, 0xD6,
0x26, 0x2E, 0x42, 0x9B, 0xA4, 0x95, 0x67, 0x6B, 0x83, 0x98,
0xDB, 0x2F, 0x35, 0xD3, 0xC1, 0xB9, 0xCE, 0xD5, 0x26, 0x36,
0xF2, 0x76, 0x5E, 0x1A, 0x95, 0xCB, 0x7C, 0xA4, 0xC3, 0xDD,
0xAB, 0xDD, 0xBF, 0xF3, 0x82, 0x53
]
sbox = list(range(256))
j = 0
for i in range(256):
j = (j + sbox[i] + key[i]) % 256
tmp = sbox[i]
sbox[i] = sbox[j]
sbox[j] = tmp
return sbox
def rc4_decrypt(sbox, data):
out = bytearray(len(data))
i = 0
j = 0
for k in range(len(data)):
i = (i + 1) % 256
j = (j + sbox[i]) % 256
tmp = sbox[i]
sbox[i] = sbox[j]
sbox[j] = tmp
val = sbox[(sbox[i] + sbox[j]) % 256]
out[k] = val ^ data[k]
return out
def mse_unquarantine(f):
with open(f, "rb") as quarfile:
data = bytearray(quarfile.read())
fsize = len(data)
if fsize < 12 or data[0] != 0x0B or data[1] != 0xAD or data[2] != 0x00:
return None
sbox = mse_ksa()
outdata = rc4_decrypt(sbox, data)
with open("unquar-with-meta.bin", "wb") as f:
f.write(outdata)
headerlen = 0x28 + struct.unpack("<I", outdata[8:12])[0]
origlen = struct.unpack("<I", outdata[headerlen-12:headerlen-8])[0]
if origlen + headerlen == fsize:
with open("unquar.bin", "wb") as f:
f.write(outdata[headerlen:])
mse_unquarantine("5760650163482280EF03C48A97277F7E490A0761")
得到这个文件
将后面base64拿去解密,得到一个压缩包
之后使用zip2john转成hash然后爆破得到密码
最后解压得到flag
Rasterizing Traffic
wireshark打开最后一个tcp流有一个png图片,保存下来(前面不用管,是fakeflag)
得到
经过搜索(题目)知道,是光栅图,找到一个项目AabyssZG/Raster-Terminator: CTF之光栅图秒杀器 (github.com)
下载下来后需要将第75行的三维数组改为二维,这题才能用
执行
python Raster-Terminator.py -x 1.png
就能在output下看到flag了
SHCTF{1111z_tr@ff1c_aNaLys13}
真真假假?遮遮掩掩!
7z直接解压第一层
第二层掩码爆破6位数字
Web
MD5 master
使用fastcoll生成相同的md5
-p参数代表前缀,这里src.txt文本里内容为MD5 master!
之后使用yakit会比较方便,可以直接上传文件数据。
(上传文件时需要将1.txt和2.txt中前面的MD5 master!删除,最好在010中删除)
Reverse
ezapk
自己想了半天为什么出不来,后面研究一下,直接base64解码转十进制看怎么有奇数,直接给我整红温了。
后来问了AI才发现原来是UTF-8编码搞得
(顺便让AI帮我写解密脚本了)
import base64
# 密钥
key = [12, 15, 25, 30, 36]
# Base64 解码
encrypted_str = "woLDgMOgw7hEwoJQw7zDtsKow7TDpMOMZMOow75QxIbDnsKmw6Z4UMK0w7rCklDCrMKqwqbDtMOOw6DDsg=="
decoded_bytes = base64.b64decode(encrypted_str)
decoded_str = decoded_bytes.decode('utf-8')
# 逆向操作
original_str = ""
for i in range(len(decoded_str)):
# 获取字符的ASCII值,进行逆向运算
char = ord(decoded_str[i]) // 2 - 6
# XOR 密钥
original_char = chr(char ^ key[i % len(key)])
original_str += original_char
print("解密后的字符串为:", original_str)
#7Ush87-akjxcy2Ju-dwia9;JSO-IQixnsm
AI
用base喵喵的直接出
blockchain
非预期
去找这个地址,然后取下面的交易地址
这里有数据
转hex就好了
