NSSCTF Round_11 Basic

ez_enc

from Crypto.Util.number import long_to_bytes
c = 'ABAABBBAABABAABBABABAABBABAAAABBABABABAAABAAABBAABBBBABBABBABBABABABAABBAABBABAAABBAABBBABABABAAAABBAAABABAABABBABBBABBAAABBBAABABAABBAAAABBBAAAABAABBBAABBABABAABABAAAAABBBBABAABBBBAAAABBBBBAB'

c1 = c.replace('A','0')
c2 = c1.replace('B','1')
m = int(c2,2)
print(long_to_bytes(m))

MyGame

#pwn
recvline() 接收一行输出
sendline(payload) 发送payload，并进行换行（末尾\n）
recvuntil(some_string) 接收到 some_string 为止
#re
e,c = re.findall(r'Cipher_(\d+): (\d+)', data1)[0]

#转Probius
from gmpy2 import *
from Crypto.Util.number import *
from pwn import *
import re
import binascii,gmpy2
from functools import reduce
import libnum

# ------------ 交互部分 ------------
host = 'node3.anna.nssctf.cn'
port = 28965
conn = remote(host,port)       # 连接端口
# conn.interactive()
data1 = conn.recvline().decode()              #这是接收吧感觉好像啊  需要解码一下，本来是bytes部分
n = int(re.findall(r'n: (\d+)', data1)[0])

#Cipher_(\d+): (\d+)
#Cipher_31: 78359884507662058131495606640691505936244852581613821855552613445518233491767179453902251108635060682854644598286023862813267588394104135551460975114335263234384402926436716093039422920003776337571925742437089223221871237418321127213931902478848713154050908090571694338108792053835049649156882123091054489738

def interact_with_server(conn):
    conn.sendline(b"2")
    data1 = conn.recvline().decode()
    print(data1)
    e, c = re.findall(r'Cipher_(\d+): (\d+)', data1)[0]
    e = int(e)
    c = int(c)
    return e,c

# 开始攻击
def attack():
    e1,c1 = interact_with_server(conn)
    e2,c2 = interact_with_server(conn)

    g,x,y = gcdext(e1,e2)
    m = pow(c1,x,n)*pow(c2,y,n)%n
    m = long_to_bytes(m)
    return m

def get_flag():
    m = attack()
    print(m)
    conn.sendline(b"1")
    conn.sendline(m)
    flag = conn.recvline().decode()
    return flag

i = 0
while (i < 3):
    flag = get_flag()
    print(flag)
    i += 1

MyMessage

小指数明文加密，中国剩余定理crt，还不会交互，只用了8个c，发现不够用

#转Probius

from pwn import *
# context.log_level = 'debug'
from Crypto.Util.number import *
from gmpy2 import iroot,mpz,gcd,gcdext,invert
import re
from functools import reduce

host = 'node3.anna.nssctf.cn'
port = 28857
conn = remote(host, port)
# conn.interactive()

def interact_with_server(conn):

    conn.recvuntil("Input message")
    conn.sendline(b"a")


    data1 = conn.recvline().decode()
    data2 = conn.recvline().decode()

    n = int(re.findall(r'n: (\d+)', data1)[0])
    c = int(re.findall(r'Token: 0x(\w+)', data2)[0],16)

    return n,c

n_value = []
c_value = []
for i in range(127):
    n,c = interact_with_server(conn)
    n_value.append(n)
    c_value.append(c)


e = 127

def CRT(mi, ai):
    assert(reduce(gcd,mi)==1)
    assert (isinstance(mi, list) and isinstance(ai, list))
    M = reduce(lambda x, y: x * y, mi)
    ai_ti_Mi = [a * (M // m) * invert(M // m, m) for (m, a) in zip(mi, ai)]
    return reduce(lambda x, y: x + y, ai_ti_Mi) % M

n = n_value
c = c_value
m_127 = CRT(n,c)
m = iroot(m_127,127)[0]
print(long_to_bytes(m))

ez_signin

from Crypto.Util.number import *
from gmpy2 import *
from pwn import *

# p = remote('node3.anna.nssctf.cn',28709)
# p.interactive()

num1 = 37206049993113274886413510529448100859799346400001054851018814507367039029712872866646025917073477567715637027438876324946016837659608833048555818555188101775102658322991506593013040552946202783538939793779046127521694324292827091410804974201608009540186112673552404535392015050999074070808715962453301065455
num2 = 109311344535354397672353920943339721357207537778610421498177245133099253532234099241350454682229475545779720055820961032368516459750562195015295369937031679827282733566382114183572376429676479705139846391402263805486179872011341363906330152631182661438382712149850564299110100732771850857034340097606335802719
n = 113220913515862839224042031386139436395940025510207117303736101421148063449582985014706809605693791632064045336650292776943379992861815213065469715899206033058141677197410503403637811950883015311547949693371699059876472305195117097457941207636545485468404987588289661051243495616377694181669157407802553233321
c = 47445409914296189594561446609750234381433062713067633451149313815116038810414901262903189929518537538385023738557136853341735822119371127097166833374722309746333653754439792436376757735839566161349160193393467824740349606530031507059772331793670981140212495160392216132806383499056855709273604618676859468619

e = 65536

p = gcd(n,(num1 + num2 ) % n)
q = n//p

cs = [c]

def rabin_decrypt(c,p,q):
    mp = pow(c, (p + 1) // 4, p)
    mq = pow(c, (q + 1) // 4, q)

    yp = inverse(p,q)
    yq = inverse(q,p)

    r = (yp * p * mq + yq * q * mp) % n
    r_ = n - r
    s = (yp * p * mq - yq * q * mp) % n
    s_ = n - s
    return r,r_,s,s_

for i in range(16):
    ps = []

    for c2 in cs:
        r,r_,s,s_ = rabin_decrypt(c2,p,q)
        if r not in ps:
            ps.append(r)
        if r_ not in ps:
            ps.append(r_)
        if s not in ps:
            ps.append(s)
        if s_ not in ps:
            ps.append(s_)
   # print(ps)
    cs = ps

for i in range(len(cs)):
    print(long_to_bytes(cs[i]))

ez_fac

\(n = a_{0}^{2} + e*b_{0}^{2}\)

\(n = a_{1}^{2} + e*b_{1}^{2}\)

\(\Rightarrow b_{0}^{2}*n - b_{1}^{2}*n = b_{0}^{2}*(a_{1}^{2} + e*b_{1}^{2}) - b_{1}^{2}*(a_{0}^{2} + e*b_{0}^{2})\)

\(\Rightarrow (b_{0}^{2} - b_{1}^{2})*n = b_{0}^{2}*a_{1}^{2} - b_{1}^{2}*a_{0}^{2}\)

\(\Rightarrow (b_{0}^{2} - b_{1}^{2})*n = (b_{0}*a_{1} - b_{1}*a_{0})*(b_{0}*a_{1}+b_{1}*a_{0})\)

\(\Rightarrow p = gcd(n,(b_{0}*a_{1}+b_{1}*a_{0}))\)

from gmpy2 import *
from Crypto.Util.number import *
from pwn import *

# ------------ 交互部分 ------------
host = 'node4.anna.nssctf.cn'
port = 28052
conn = remote(host, port)
conn.interactive()

c= 49822450398039686880486254487101437483448254235092826961284551737144212205646111791465056733438285393367754585052991076631696140669884384676693226693791434596401668014694011823602484287090368863296079154607793929218086795310022728031178434548513882909541668680069229104955244132194029196891849965782273357589
n= 85727473305545653447808079210618243755608471863792992171396768139703519284776826565159685035542577584485964108550078191335468847145300913886481048062801304524021242407675493302783019253912127439252772393431533857654128073208678027945554558319866096431675861939482542499339069772092888573070105917491017426299
a0= 9258913181661530918742635495443953035742795143905324057951823942319649598855774377635643743597167186161050684365640332709405353605768272605622477358719082
a1= 9258913181661530918742634745288912680596662661021506088139076157908383249960356364839651537235383678810400723341378148819628103544366819978284243753200182
b0= 42915799843775492921042849752381809791532781265400578518092836975695368224449477009762606251800581675105098420248057044335
b1= 213787302482413175545111447355422661984444503473122071005677522836057175203098934672699337171319743669140250265475479604305

p = GCD(a1*b0 + a0*b1,n)
print(p)
q = n//p
e = ( n - pow(a0,2) )//pow(b0,2)
print(e)
phi = (p-1)*(q-1)
d = inverse(e,phi)
m = pow(c,d,n)
flag = long_to_bytes(m)
print(flag)

hengxinyan

https://hengxinyan.github.io/2023/08/10/Round11/

本博客所有文章除特別声明外，均采用 CC BY 4.0 许可协议。转载请注明来源 hengxinyan !

无标签

RSA加密及签名

2023-08-10 hengxinyan

CISCN 2023

2023-08-10 hengxinyan