BUUCTF Crypto 21-40

21、RSA1

p = 8637633767257008567099653486541091171320491509433615447539162437911244175885667806398411790524083553445158113502227745206205327690939504032994699902053229
q = 12640674973996472769176047937170883420927050821480010581593137135372473880595613737337630629752577346147039284030082593490776630572584959954205336880228469
dp = 6500795702216834621109042351193261530650043841056252930930949663358625016881832840728066026150264693076109354874099841380454881716097778307268116910582929
dq = 783472263673553449019532580386470672380574033551303889137911760438881683674556098098256795673512201963002175438762767516968043599582527539160811120550041
c = 24722305403887382073567316467649080662631552905960229399079107995602154418176056335800638887527614164073530437657085079676157350205351945222989351316076486573599576041978339872265925062764318536089007310270278526159678937431903862892400747915525118983959970607934142974736675784325993445942031372107342103852
由题目给出的信息,发现是dp、dq泄露

import gmpy2
I = gmpy2.invert(q,p)          #求逆元
mp = pow(c,dp,p)
mq = pow(c,dq,q)               #求幂取模运算

m = (((mp-mq)*I)%p)*q+mq       #求明文公式

print(hex(m))          #转为十六进制

十六进制转字符

Dp、Dq泄露

https://blog.csdn.net/m0_51507437/article/details/122440936
https://blog.csdn.net/weixin_45369385/article/details/109208109
dp ≡ d % (p - 1)
dq ≡ d % (q - 1)
已知dp、dq、p、q、c
image.png

22、权限获得第一步

MD5解密
image.png

23、old-fashion

Os drnuzearyuwn, y jtkjzoztzoes douwlr oj y ilzwex eq lsdexosa kn pwodw tsozj eq ufyoszlbz yrl rlufydlx pozw douwlrzlbz, ydderxosa ze y rlatfyr jnjzli; mjy gfbmw vla xy wbfnsy symmyew (mjy vrwm qrvvrf), hlbew rd symmyew, mebhsymw rd symmyew, vbomgeyw rd mjy lxrzy, lfk wr dremj. Mjy eyqybzye kyqbhjyew mjy myom xa hyedrevbfn lf bfzyewy wgxwmbmgmbrf. Wr mjy dsln bw f1_2jyf-k3_jg1-vb-vl_l
直接爆破(词频统计)
image.png

24、世上无难事

VIZZB IFIUOJBWO NVXAP OBC XZZ UKHVN IFIUOJBWO HB XVIXW XAW VXFI X QIXN VBD KQ IFIUOJBWO WBKAH NBWXO VBD XJBCN NKG QLKEIU DI XUI VIUI DKNV QNCWIANQ XN DXPIMKIZW VKHV QEVBBZ KA XUZKAHNBA FKUHKAKX XAW DI VXFI HBN QNCWIANQ NCAKAH KA MUBG XZZ XEUBQQ XGIUKEX MUBG PKAWIUHXUNIA NVUBCHV 12NV HUXWI XAW DI XUI SCQN QB HZXW NVXN XZZ EBCZW SBKA CQ NBWXO XAW DI DXAN NB NVXAP DXPIMKIZW MBU JIKAH QCEV XA BCNQNXAWKAH VBQN HKFI OBCUQIZFIQ X JKH UBCAW BM XLLZXCQI XAW NVI PIO KQ 640I11012805M211J0XJ24MM02X1IW09
同上题直接爆破
image.png

25、Unencode

UUencode解码
image.png

26、RSA3

c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1=11187289
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2=9647291
编写脚本:

from Crypto.Util.number import long_to_bytes
from gmpy2 import gcdext


def rsa(c1,c2,e1,e2,n):
    g,s1,s2 = gcdext(e1,e2)
    m = (pow(c1,s1,n)*pow(c2,s2,n))%n
    print(long_to_bytes(m)) # 正整数转化为byte类型字符串

if '__name__'=='__name__':
    c1 = 22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
    n = 22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
    e1 = 11187289
    c2 = 18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
    e2 = 9647291
    rsa(c1,c2,e1,e2,n)

共摸n攻击

https://blog.csdn.net/m0_51507437/article/details/122978218
攻击条件:c1,e1,c2,e2,n => m
已知n,同一份密文m用e1和e2两个公钥分别加密得到c1和c2两份密文
image.png
image.png
脚本:

from gmpy2 import *
from Crypto.Util.number import *

# c1,e1,c2,e2,n => m

def rsa(c1,c2,e1,e2,n):
    #扩展欧几里得算法,第一个返回结果是最大公因数,后面两个分别对应e1,e2的系数
    g,s1,s2=gcdext(e1,e2)
    m=(pow(c1,s1,n)*pow(c2,s2,n))%n
    print(long_to_bytes(m))

if __name__ == "__main__":
    rsa(c1,c2,e1,e2,n)

变式:若e1、e2不互素呢?
image.png

from gmpy2 import *
from Crypto.Util.number import *

e1 =
e2 =
n = 
c1 = 
c2 = 

a, s1, s2 = gcdext(e1, e2)
m = (pow(c1, s1, n)*pow(c2, s2, n)) % n
while True:
    if iroot(m, a)[1]:
        m = iroot(m, a)[0]
        print(long_to_bytes(m))
        break
    m += n

27、RSA2

Dp泄露,类型:dp + n + e + c = m
康康大佬脚本:

import gmpy2 as gp

e = 65537
n = 248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113
dp = 905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657

c = 140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751

for i in range(1, e):  # 在范围(1,e)之间进行遍历
    if (dp * e - 1) % i == 0:
        if n % (((dp * e - 1) // i) + 1) == 0:  # 存在p,使得n能被p整除
            p = ((dp * e - 1) // i) + 1
            q = n // (((dp * e - 1) // i) + 1)
            phi = (q - 1) * (p - 1)  # 欧拉定理
            d = gp.invert(e, phi)  # 求模逆
            m = pow(c, d, n)  # 快速求幂取模运算

print(m)  # 10进制明文
print('------------')
print(hex(m)[2:])  # 16进制明文
print('------------')
print(bytes.fromhex(hex(m)[2:]))  # 16进制转文本

28、Morse

摩斯解密
image.png
十六进制转文本得到flag

29、还原大师

:::tips
我们得到了一串神秘字符串:TASC?O3RJMV?WDJKX?ZM,问号部分是未知大写字母,为了确定这个神秘字符串,我们通过了其他途径获得了这个字串的32位MD5码。但是我们获得它的32位MD5码也是残缺不全,E903???4DAB????08?????51?80??8A?,请猜出神秘字符串的原本模样,并且提交这个字串的32位MD5码作为答案。
:::
MD5爆破,直接用大佬脚本

# -*- coding: utf-8 -*-
#!/usr/bin/env python
import hashlib

#print hashlib.md5(s).hexdigest().upper()
k = 'TASC?O3RJMV?WDJKX?ZM'                    #要还原的明文
for i in range(26):
	temp1 = k.replace('?',str(chr(65+i)),1) # 替换不超过1次
	for j in range(26):
		temp2 = temp1.replace('?',chr(65+j),1) 
		for n in range(26):
			temp3 = temp2.replace('?',chr(65+n),1) 
			s = hashlib.md5(temp3.encode('utf8')).hexdigest().upper() 
            # md5.hexdigest:返回摘要,作为十六进制数据字符串值 
            # upper:转成大写字母
			if s[:4] == 'E903':    #检查元素
				print (s)       #输出密文

30、异性相吸

看到提示就猜想是否是01异或这种,用十六进制编辑器打开给出的两个文件
image.png
image.png
发现这两个文件二进制流位数刚好相同,写个脚本异或一下

import binascii

a = '0110000101110011011000010110010001110011011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011000010111001101100100011100010111011101100101011100110111000101100110'
b = '0000011100011111000000000000001100001000000001000001001001010101000000110001000001010100010110000100101101011100010110000100101001010110010100110100010001010010000000110100010000000010010110000100011000000110010101000100011100000101010101100100011101010111010001000001001001011101010010100001010000011011'
c = ''

def hexStr_to_str(hex_str):
    hex = hex_str.encode('utf-8')
    str_bin = binascii.unhexlify(hex)
    return str_bin.decode('utf-8')


if __name__ == "__main__":
    for i in range(len(a)):
        if a[i] == b[i]:
            c += '0'
        else:
            c += '1'
    s = hex(int(c, 2))[2:]
    print(hexStr_to_str(s))
    # print(bytes.fromhex(s)) 直接十六进制转字符串

31、RSA

题目给出了公钥和密文,那先从公钥文件中提取出n、e、p、q
公钥解析
image.png
分解得到的n:
image.png
用得到的p、q解出逆元d
image.png
再写脚本解密即可:(将flag.enc改为flag.txt)

import rsa

e = 65537
n = 86934482296048119190666062003494800588905656017203025617216654058378322103517
p = 285960468890451637935629440372639283459
q = 304008741604601924494328155975272418463
d = 81176168860169991027846870170527607562179635470395365333547868786951080991441

key = rsa.PrivateKey(n, e, d, q, p)  # 在pkcs标准中,pkcs#1规定,私钥包含(n,e,d,p,q)

with open("flag.txt", "rb") as f:  # 以二进制读模式,读取密文
    f = f.read()
    print(rsa.decrypt(f, key))  # f:公钥加密结果  key:私钥

32、RASROLL

打开题目得到一个提示和一大串字符串
image.png
image.png
分解质数920139713,所以p=18443,q=49891
image.png
然后写脚本解密:(data.txt中删除第一行和第二行)

import gmpy2

N, p, q, e = 920139713, 18443, 49891, 19
d = gmpy2.invert(e, (p - 1) * (q - 1))
result = []

with open("data.txt", "r") as f:
    for line in f.readlines():
        line = line.strip('\n')  # 去掉列表中每一个元素的换行符
        result.append(chr(pow(int(line), d, N)))

for i in result:
    print(i, end='')

33、Dangerous RSA

n: 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793L
e: 0x3
c:0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365
so,how to get the message?

低指数加密攻击

(1)类型:n非常大,e一般很小
(2)

'''
当M^e < n 时,
 C = M^e ,所以对C开方就能得到M
'''
from gmpy2 import iroot
import libnum
n = 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793

c = 0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365

k = 0
while 1:
    res=iroot(c+k*n,3)
    if(res[1]==True): 
        print(libnum.n2s(int(res[0])))
        break
    k=k+1
'''

第二种写法
当M^e > n 时,此时用爆破的方法
 假设我们  M^e / n 商 k 余数为c,
 所以M^e  = k*n + C,对K进行爆破,只要k满足 k*n + C能够开方就可以
'''
'''
import gmpy2 
from libnum import*
n = 0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793
c = 0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365

i = 0
while 1:
    if(gmpy2.iroot(c+i*n,3)[1]==1):     #开根号
        print(gmpy2.iroot(c+i*n,3))
        break
    i=i+1

'''

34、basic rsa

import gmpy2 from Crypto.Util.number import * from binascii import a2b_hex,b2a_hex flag = "*****************" p = 262248800182277040650192055439906580479 q = 262854994239322828547925595487519915551 e = 65533 n = p*q c = pow(int(b2a_hex(flag),16),e,n) print c 27565231154623519221597938803435789010285480123476977081867877272451638645710
提示中给出了c p q e n那再求e关于欧拉数的逆元d即可解密

from Crypto.Util.number import *

p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
e = 65533
n = p * q
g = (p - 1) * (q - 1)  # 欧拉定理
c = 27565231154623519221597938803435789010285480123476977081867877272451638645710  # 密文
d = inverse(e, g)  # 逆元d
m = hex(pow(c, d, n))[2:]  # 明文
print(bytes.fromhex(m))

康康大佬的代码:

import random
from binascii import a2b_hex,b2a_hex
p = 262248800182277040650192055439906580479
q = 262854994239322828547925595487519915551
n = p * q
def multiplicative_inversr(a,b): # 求逆元
    x = 0
    y = 1
    lx = 1
    ly = 0
    oa = a
    ob = b
    while b != 0:
        q = a // b
        (a, b) = (b, a % b)
        (x, lx) = ((lx - (q * x)), x)
        (y, ly) = ((ly - (q * y)), y)
    if lx < 0:
        lx += ob
    if ly < 0:
        ly += oa
    return lx
def gcd(a,b): 
    while b != 0:
        a, b = b, a % b
    return a
def generate_keypair(p,q): 
    n = p * q
    phi = (p - 1) * (q -1)
    e = 65533
    g = gcd(e, phi)
    while g != 1:
        e = random.randrange(1, phi)
        g = gcd(e, phi)
    d = multiplicative_inversr(e, phi)
    return ((e,n),(d,n))
def encrypt(pk, plaintext): # 加密
    key, n = pk[0]
    print(b2a_hex(plaintext.encode()))
    cipher = pow(int(b2a_hex(plaintext.encode()),16), key , n)
    return cipher
def decrypt(pk, cipher): # 解密
    key, n = pk[1]
    cipher = pow(cipher, key ,n)
    cipher = a2b_hex(hex(cipher).split('0x')[1])
    return cipher
pk = generate_keypair(p,q)
cipher = 27565231154623519221597938803435789010285480123476977081867877272451638645710
plaintext = decrypt(pk, cipher)
print(plaintext)

35、Cipher

还能提示什么呢?公平的玩吧(密钥自己找) Dncnoqqfliqrpgeklwmppu
公平的玩吧 = play fair,是一种加密方式在线网站
image.png

PlayFair密码

https://blog.csdn.net/qq_44827634/article/details/124215535
(1)编制密码表
image.png
(2)加密(替换)
image.png
(3)移位和替换
image.png
image.png

36、[GXYCTF2019]CheckIn

dikqTCpfRjA8fUBIMD5GNDkwMjNARkUwI0BFTg==
打开题目得到一串字符串,怀疑是base64
image.png
控制台base64加解密函数:加密(btoa) 解密(atob)
解密得到一串类似乱码的字符串,题目是gxyctf于是先尝试前几位的移位
v到g移位47位,)到x移位47位于是尝试用ROT47解码
image.png

ROT移位密码

https://www.cnblogs.com/swordcreater/p/12562077.html

rot5

只将字符串中的数字进行加密,步数为5,同时在0-9十个数字进行循环,如1在rot5加密后为6,而6在rot5加密后为1

rot13

只将字符串中的字母进行加密,步数为13,加密方式上最接近凯撒密码,分别在A-Z或a-z之间循环,如A在rot13加密后为N,Z在rot13加密后为M

rot18

字面意思(5+13=18) 即将上述两种加密方式结合,分别对数字和字母进行相应的操作

rot47

由于无论是rot5、rot13或rot18都只能对数字和字母进行相应的加密,而对“!@#¥%&”之类的符号却缺少加密,因此在此基础上引入ASCII码,将步数改为47而已(同样存在循环)对数字、字母、常用符号进行编码,按照它们的ASCII值进行位置替换,用当前字符ASCII值往前数的第47位对应字符替换当前字符,例如当前为小写字母z,编码后变成大写字母K,当前为数字0,编码后变成符号_
用于ROT47编码的字符其ASCII值范围是33-126(原因是由于0-32以及127与字符表示无关!!)

37、robomunication

用Audacity分析发现是摩斯密码
image.png
整理得到.... . .-.. .-.. --- .-- .... .- - .. ... - .... . -.- . -.-- .. - .. ... -... --- --- .--. -... . . .--.
摩斯解密得到flag
image.png

38、BabyRSA

image.png
打开题目给的文件,得到p+q(p+1)*(q+1)ed加密的flag
我们已经获得了d因此再获得n就可以得到私钥(d,n)进行解密
n = (p+1)*(q+1) - (p+q) - 1

import libnum

# p+q
a = 0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea
# (p+1)(q+1)
b = 0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740
d = 0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5
c = 0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a
n = b - a - 1
m = pow(c, d, n)
print(libnum.n2s(m))  # 数字转字符串

39、密码学的心声

image.png
根据图片的提示,直接将简谱中三个数字一组将八进制转成十进制再转换对应ASCII

str = '111 114 157 166 145 123 145 143 165 162 151 164 171 126 145 162 171 115 165 143 150'
flag = []
result = ''
for i in range(len(str.split(' '))):
    flag.append(str.split(' ')[i])
for i in flag:
    result += chr(int(i, 8))
print('flag{' + result + '}')

40、RSA2

image.png
打开题目得到ne需要求解出d
维纳攻击脚本
image.png
将脚本放在rsa-wiener-attack中:

import RSAwienerHacker
import hashlib
N = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085

d = RSAwienerHacker.hack_RSA(e,N)
flag = "flag{" + hashlib.md5(hex(d).encode('utf-8')).hexdigest() + "}"
print(flag)

python3中hashlib这个库只接收byte数组数据,所以,将string变量转成byte数组即可即str.encode('utf-8')但是这里用python3得到的flag有误,于是尝试用python2可得到正确的flag

import RSAwienerHacker
import hashlib
N = 101991809777553253470276751399264740131157682329252673501792154507006158434432009141995367241962525705950046253400188884658262496534706438791515071885860897552736656899566915731297225817250639873643376310103992170646906557242832893914902053581087502512787303322747780420210884852166586717636559058152544979471
e = 46731919563265721307105180410302518676676135509737992912625092976849075262192092549323082367518264378630543338219025744820916471913696072050291990620486581719410354385121760761374229374847695148230596005409978383369740305816082770283909611956355972181848077519920922059268376958811713365106925235218265173085

d = RSAwienerHacker.hack_RSA(e,N)
flag = "flag{" + hashlib.md5(hex(d)).hexdigest() + "}"
print(flag)

关于python2和3的MD5的坑

https://blog.csdn.net/myli_binbin/article/details/84333071
python3中,在 num<128 的时候,使用 chr(num).encode('utf-8') 得到的是 一个 字符的ascii十六进制,而 num>128 的时候,使用chr(num).encode('utf-8') 得到的是两个字节的ascii十六进制


__EOF__

本文作者E=MC^2
本文链接https://www.cnblogs.com/zeroEMC/p/17226216.html
关于博主:评论和私信会在第一时间回复。或者直接私信我。
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
声援博主:如果您觉得文章对您有帮助,可以点击文章右下角推荐一下。您的鼓励是博主的最大动力!
posted @   EMCzero  阅读(533)  评论(0编辑  收藏  举报
相关博文:
· BUUCTF MISC 61-80
· BUUCTF Crypto 1-20
· crypto第一面后半部分
· 攻防世界-best_rsa
· ctfshow CRYPTO RSA系列
阅读排行:
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 单线程的Redis速度为什么快?
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 展开说说关于C#中ORM框架的用法!
点击右上角即可分享
微信分享提示
AI IDE Trae