前言
ciscn 2019,Crypto真的没有排面,题目都比较基础,最后总分也不到300,可以说是比较影响参赛体验了。
下面包括后三道的writeup,(puzzles做不出来还是去考研吧别打CTF了)。
0x00 partDES
题目内容:
Round n part_encode-> 0x92d915250119e12b
Key map -> 0xe0be661032d5f0b676f82095e4d67623628fe6d376363183aed373a60167af537b46abc2af53d97485591f5bd94b944a3f49d94897ea1f699d1cdc291f2d9d4a5c705f2cad89e938dbacaca15e10d8aeaed90236f0be2e954a8cf0bea6112e84
操作内容:
这个题有点脑洞,拿到手不太明白要做什么,可以先处理数据。
from Crypto.Util.number import long_to_bytes
key_map = 0xe0be661032d5f0b676f82095e4d67623628fe6d376363183aed373a60167af537b46abc2af53d97485591f5bd94b944a3f49d94897ea1f699d1cdc291f2d9d4a5c705f2cad89e938dbacaca15e10d8aeaed90236f0be2e954a8cf0bea6112e84
long_to_bytes(key_map)
#Out: b'xe0xbefx102xd5xf0xb6vxf8 x95xe4xd6v#bx8fxe6xd3v61x83xaexd3sxa6x01gxafS{Fxabxc2xafSxd9tx85Yx1f[xd9Kx94J?Ixd9Hx97xeax1fix9dx1cxdc)x1f-x9dJ\p_,xadx89xe98xdbxacxacxa1^x10xd8xaexaexd9x026xf0xbe.x95Jx8cxf0xbexa6x11.x84'
可以看到key_map是 96*8 = 768 位,恰好des子密钥也是768位(16*48),所以可以确定 key_map 就是子密钥,而0x92d915250119e12b为des进行n轮的中间输出。
那么对于这样一个中间结果,我们可以使用子密钥进行解密,解密时注意下面几点:
- 对于只进行了n轮的加密结果,解密时应依次使用密钥 n, n-1…, 1。
- 未完成的 des 没有交换左右两部分和逆初始置换,因此解密时我们也不应进行初始置换,并且需要交换密文左右两部分。
- 对于n,可以暴破,因为最多16种可能。
解题代码:
kkk = 16
def bit_rot_left(lst, pos):
return lst[pos:] + lst[:pos]
class DES:
IP = [
58,50,42,34,26,18,10,2,60,52,44,36,28,20,12,4,
62,54,46,38,30,22,14,6,64,56,48,40,32,24,16,8,
57,49,41,33,25,17,9,1,59,51,43,35,27,19,11,3,
61,53,45,37,29,21,13,5,63,55,47,39,31,23,15,7
]
IP_re = [
40,8,48,16,56,24,64,32,39,7,47,15,55,23,63,31,
38,6,46,14,54,22,62,30,37,5,45,13,53,21,61,29,
36,4,44,12,52,20,60,28,35,3,43,11,51,19,59,27,
34,2,42,10,50,18,58,26,33,1,41,9,49,17,57,25
]
Pbox = [
16,7,20,21,29,12,28,17,1,15,23,26,5,18,31,10,
2,8,24,14,32,27,3,9,19,13,30,6,22,11,4,25
]
E = [
32,1,2,3,4,5,4,5,6,7,8,9,
8,9,10,11,12,13,12,13,14,15,16,17,
16,17,18,19,20,21,20,21,22,23,24,25,
24,25,26,27,28,29,28,29,30,31,32,1
]
PC1 = [
57,49,41,33,25,17,9,1,58,50,42,34,26,18,
10,2,59,51,43,35,27,19,11,3,60,52,44,36,
63,55,47,39,31,23,15,7,62,54,46,38,30,22,
14,6,61,53,45,37,29,21,13,5,28,20,12,4
]
PC2 = [
14,17,11,24,1,5,3,28,15,6,21,10,
23,19,12,4,26,8,16,7,27,20,13,2,
41,52,31,37,47,55,30,40,51,45,33,48,
44,49,39,56,34,53,46,42,50,36,29,32
]
Sbox = [
[
[14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7],
[0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8],
[4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0],
[15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13],
],
[
[15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10],
[3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5],
[0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15],
[13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9],
],
[
[10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8],
[13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1],
[13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7],
[1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12],
],
[
[7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15],
[13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9],
[10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4],
[3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14],
],
[
[2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9],
[14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6],
[4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14],
[11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3],
],
[
[12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11],
[10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8],
[9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6],
[4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13],
],
[
[4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1],
[13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6],
[1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2],
[6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12],
],
[
[13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7],
[1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2],
[7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8],
[2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11],
]
]
rout = [1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1]
def __init__(self):
self.subkey = [[[1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1], [1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1], [1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1], [1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0], [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1], [0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0], [0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0], [1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0], [1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0]], [[1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0], [1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0], [1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0], [0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 0, 1], [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0], [0, 0, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 1], [1, 0, 1, 0, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0], [1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1], [1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1], [1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1], [1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1], [1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1]]]
def permute(self, lst, tb):
return [lst[i-1] for i in tb]
def f(self,riti,subkeyi):
tmp = [i^j for i,j in zip(subkeyi,self.permute(riti,DES.E))]
return self.permute(sum([[int(l) for l in str(bin(DES.Sbox[i][int(str(tmp[6*i])+str(tmp[6*i+5]),2)][int("".join(str(j) for j in tmp[6*i+1:6*i+5]),2)])[2:].zfill(4))] for i in range(8)],[]),DES.Pbox)
def des_main(self,m,mark):
sbkey = self.subkey[0]
#if mark == 'e' else self.subkey[1]
# tmp = self.permute([int(i) for i in list((m).ljust(64,"0"))],self.IP)
tmp = [int(i) for i in list((m).ljust(64,"0"))]
global kkk
print(kkk)
for i in range(kkk):
tmp = tmp[32:] + [j^k for j,k in zip(tmp[:32],self.f(tmp[32:],sbkey[i if mark != 'd' else kkk-1-i]))]
return "".join([str(i) for i in self.permute(tmp[32:]+tmp[:32],self.IP_re)])
def des_encipher(self,m):
m = "".join([bin(ord(i))[2:].zfill(8) for i in m])
des_en = self.des_main(m,'e')
return "".join([chr(int(des_en[i*8:i*8+8],2)) for i in range(8)])
def des_decipher(self,c):
c = "".join([bin(ord(i))[2:].zfill(8) for i in c])
des_de = self.des_main(c,'d')
return "".join([chr(int(des_de[i*8:i*8+8],2)) for i in range(8)])
def test():
import base64
global kkk
while kkk >=0:
desobj = DES()
# cipher = desobj.des_encipher("12345678")
cipher = 'x01x19xe1+x92xd9x15%'
message1 = desobj.des_decipher(cipher)
print(message1)
kkk -= 1
if __name__=='__main__':
test()
解密结果(部分):
16
▲↨^#Q
15
▲D0↑/
14
t-ÏEÏx§
13
y0ur9Ood
12
µp^Ûé=¹
11
)Á`rûÕû
10
Âoãªh♫áf
9
À¤Zz¢»‼
8
òðܤß
7
×Í♫9Ò↑5S
6
Bh¤~$)▲£
5
5£!P
ôËâ
4
&L
tT®
3
lÇ!@∟é
2
l§1?I}3{
1
/Ô☼5èB!±
0
¿B♣2t♂↑X
可以看出n为13,flag为flag{y0ur9Ood}
FLAG值:
flag{y0ur9Ood}
0x01 warmup
题目内容:
from Crypto.Cipher import AES
from Crypto.Util import Counter
from Crypto import Random
import binascii
import SocketServer
pad = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)
flag = "******************************************"
key = Random.get_random_bytes(16)
print binascii.b2a_hex(key)
prefix = Random.get_random_bytes(4)
suffix = Random.get_random_bytes(4)
def enc(plaintext):
count = Counter.new(64, prefix=prefix, suffix=suffix)
cipher = AES.new(key, AES.MODE_CTR, counter=count)
print(binascii.hexlify(pad(plaintext)))
return cipher.encrypt(pad(plaintext + flag))
class ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
class EncHandler(SocketServer.BaseRequestHandler):
def handle(self):
self.request.sendall("Welcome to flag getting systemn")
while 1:
self.request.sendall("plaintext>")
plaintext = self.request.recv(1024).strip()
ciphertext = binascii.hexlify(enc(plaintext))
self.request.sendall("result>" + ciphertext + 'n')
if __name__ == "__main__":
HOST, PORT = "0.0.0.0", 7777
server = ThreadedTCPServer((HOST, PORT), EncHandler)
server.serve_forever()
操作内容:
很容易的一个题,一开始看题的时候没注意,想复杂了。
对于任意输入,服务器返回输入+flag的加密结果,加密使用CRT模式,这种模式是在模仿流密钥,其加密解密过程是相同的,都是使用一个固定的串和明文/密文异或,因此我们可以输入'x00'*42骗到密钥流,输入空拿到密钥流异或flag,再恢复即可。
from pwn import *
c = connect("08560bfda40f2691789fc1b246a80c4e.kr-lab.com",54321)
c.recv()
c.send(b"x00"*48+b"n") #远大于flag长度
lll="e2b68dc585359b6dbcb59566d28a5e2d6a1d3f33d0104bae4e49dcad21b17be4b1cbd206a30062eccab03985f72cdd335c1a0c34784e0d9"
c.send(b"n")
c.recv()
fff = "84daeca2fe0cab5b8fd4a750e5a76c180b781207e5717883772aeac80c87498781aeb037c7625089f3cd3f83f12adb35"
lll = [lll[i*2:(i+1)*2] for i in range(len(lll)//2)]
fff = [fff[i*2:(i+1)*2] for i in range(len(fff)//2)]
"".join([chr(int(i,16)^int(j,16)) for i ,j in zip(lll,fff)])
#Out: 'flag{9063a267-25ae-45a3-9c6e-62c0eb1db2e9}x06x06x06x06x06x06'
FLAG值:
flag{9063a267-25ae-45a3-9c6e-62c0eb1db2e9}
0x02 Asymmetric
题目内容:
加密代码:
import gmpy2
import random
from Crypto.Util.number import *
from flag import flag
def generate_key(nbit):
p = getPrime(nbit)
r = random.randint(2, 10)
s = random.randint(r, nbit)
while True:
e = random.randint(3, p**r*(p-1))
if gmpy2.gcd(e, p**s*(p-1)) == 1:
break
pubkey = (long(e), long(p**r))
return pubkey
def crypt(msg, pkey):
e, n = pkey
m = bytes_to_long(msg)
assert m < n - 1
enc = pow(m, e, n)
return long_to_bytes(enc)
nbit = 1024
pubkey = generate_key(nbit)
print 'pubkey =', pubkey
msg = 'hi all' * 10
enc = crypt(msg, pubkey)
print 'enc =n', enc.encode('base64')
密文:
pubkey = (248309815142661136180073302980376803619705977366959693270058810404563021350338007281071383883831903024497596133229689774549213766349570956778715767539143970339908087304731528732564996040348115020609431227010200484497117772875250606299179587114075823811265905839014916703614278577968354369312451263091901390534945914292942970562870893708301865341953441632487803735211538243095165382323947906681651215791196650065823387203428114044501335592597819075394092043734179587377079955674671662188585221716102477984848953776465857188411599747246597328103152397666627655627005491689058916194813908858623274306110645928199662392872139642650671595093892107847799604703971172156119229953031815378106121345990077422974387220949797173711976787188913072108998779697772749938401406474626580049578975417587615147396792110346956937867348761995062133864363640767231588567781894065813828001740945758033599336067861379059956338356990135900504080617174555445136107814372760681551294646613252466183712199313977223613803686189678063250636555247448883195174298080468210768310277718744658002940987165125158577848671110839536506278215536576610503571560050726786412320215270852412958123787475255093453885464799925762520333712940605200199557027068045607345459686175L, 4006307385940912253570042286738053142617524847008607946541391516569779120316853980492316182904072540209214024288685737328789882847344519654614407687443672653525448815004632618499275791530547664890476357952142890004808452392363892486275621876520403569839433320423040694912893770147915665230998049003561944228763784333653730692631768525220945453209505079994348179014287995857873574506690160179935892048842106508910394241172372052281560488790564483218840698176403072987027734706203879569965860294327974048503563965223395943180216016469696098192276250299555690084872256682684254252105272552281670296067780176887666089426271639598305057005513602420778256623088970862826609088708369642042596173863202302528891978815309183890938374822185515946300490901423205096164963293545013390837648210987844036472136022431575741920101678062247840341951239454152418207004641573899650425382975774492764939456470152876875258935424956936626530116879L)
enc =
JAMUTe/ooQqWGxQvwLNgmGJXXS0vgBK/NGEQszHjAPwETPxDsujMvqYveyQ9sg+xXZJnrsG3UWBL
ZrI6DNdxAf7J69mUPeGH3hZ2FYogwQXujra1ljvtXE/b56rEwM5aGYvzriII5GFVrKhJc1cov3e7
OD7PiIWjvhBauFLoKVPJrtI6E0LqrS+rYhTt5/jvHJGCN2e9ZeB73DWQA0g+REDaWM51O4WG0AoI
3z6rP46XG/1wdP1B1i2faE2eLsZkA8H5pe9f8Z8av8TqAhm+23erBPNEz6y3gdOgC9HQRPiaSAX8
zWvFHicB20X8yo37Hn5P6SBbpJZJiwrAJRiXangSVgLYryTJk4P6Tpmg0Afwt4KGWjPBKcgyP5kE
PdSI7RUJh25jJEN0O0a7OFGfyYrFgqWVslshF6SXqBdCM1B4mpZqi/NlwMJs9mN66brfmMbu1qAO
XX8Ib7+PhCe4TEbeGquhIwwBASwsLWcbN2DOgLp6UdbR4Ie4HcxIQEPJ
操作内容:
使用p^k作为n,实际上和RSA是一样的,走RSA的流程即可。
- n = 754600786340927688096652328072061561501667781193760284816393637647032362908189628005150802929636396969230958922073774180726205402897453096041624408154494621307262657492560975357997726055874834308239749992507552325614973631556754707427580134609221878324704469965450463088892083264951442562525825243127575048386573246756312509362222667015490013299327398464802116909245529065994770788125182846841016932803939806558559335886481214931253578226314057242462834149031625361286317307273138514126289052003214703248070256059405676891634792175775697355408418965738663732479622148276007308404691800186837579126431484536836513358124181380166971922188839934522356902295160649189850427580493328509329115798694580347461641487270793993129066433242544366683131231903590153844590595882428219010673818765995719694470668924781499987923250883546686344997580959954960334567874040563037167422839228466141912000421309282727363913908613116739074234989825489075148091144771967111113068647060175231126374070143480727000247378471525286907200601035581143391602569836131345909055708005758380081303860198696570649330092070410465978479841469533490522594827330661914537170063053059393550673731195548189192109328158876774080143171304333338291909598353550442855717204721
- e = 58134567416061346246424950552806959952164141873988197038339318172373514096258823300468791726051378264715940131129676561677588167620420173326653609778206847514019727947838555201787320799426605222230914672691109516799571428125187628867529996213312357571123877040878478311539048041218856094075106182505973331343540958942283689866478426396304208219428741602335233702611371265705949787097256178588070830596507292566654989658768800621743910199053418976671932555647943277486556407963532026611905155927444039372549162858720397597240249353233285982136361681173207583516599418613398071006829129512801831381836656333723750840780538831405624097443916290334296178873601780814920445215584052641885068719189673672829046322594471259980936592601952663772403134088200800288081609498310963150240614179242069838645027877593821748402909503021034768609296854733774416318828225610461884703369969948788082261611019699410587591866516317251057371710851269512597271573573054094547368524415495010346641070440768673619729280827372954003276250541274122907588219152496998450489865181536173702554116251973661212376735405818115479880334020160352217975358655472929210184877839964775337545502851880977049299029101466287659419446724781305689536816523774995178046989696610897508786776845460908137698543091418571263630383061605011820139755322231913029643701770497299157169690586232187419462594477116374977216427311975598620616618808494138669546120288334682865354702356192972496556372279363023366842805886601834278434406709218165445335977049796015123909789363819484954615665668979
- 通过http://factordb.com/可以分解 n = 165740755190793304655854506052794072378181046252118367693457385632818329041540419488625472007710062128632942664366383551452498541560538744582922713808611320176770401587674618121885719953831122487280978418110380597358747915420928053860076414097300832349400288770613227105348835005596365488460445438176193451867 ** 4
- p= 165740755190793304655854506052794072378181046252118367693457385632818329041540419488625472007710062128632942664366383551452498541560538744582922713808611320176770401587674618121885719953831122487280978418110380597358747915420928053860076414097300832349400288770613227105348835005596365488460445438176193451867
- 计算欧拉函数tn = (p-1)*p**(4-1) = 754600786340927688096652328072061561501667781193760284816393637647032362908189628005150802929636396969230958922073774180726205402897453096041624408154494621307262657492560975357997726055874834308239749992507552325614973631556754707427580134609221878324704469965450463088892083264951442562525825243127575048382020348554103492066896028626609141603744573014997594974840364196576805574290230717797680784015606678220685175613006381685316530283364526806329843215344864978506611708014826575549754215603111871041127737248061508062509954515180590709902872102201787798519930648214171173734330373307910703014829049876710184952770778694470622205331452485580509360278286073515670426732153881001924269015959417981453605383620989390641130390792523774173999641657942858554351928480041128101430744740512436200403546664177520578640886989763652571240609759845865663456876950525457470394172235559993902647624689429529649263626096716499718400531042263880808947216977594793497148996021186364184681200282011188790384440121901199558788032273541957257900641788680426431582660017327290705017613450049252441247990490420192447135186479915776636136170081178597601023790620339458199878480372174554744535931108868071240358214957464961122323694111668928235098273358
- 求私钥 d = invert(e,tn) = 246147986232122522222945935166497181077425041862398601120195387712320320668518872220105275141998812980297487966166790627252138269690896904506351310111884097065720269620266438676878520737977175367219983199379896337289659505759915064579389742995197648778406174134619141885779959575893259706589078686468369934224819830380441408159157001221220006272848458925961856865957481441468977910310524702817391598685924029987182266666925247542967382511744481763491143359600475506219835081162285194819238822782586157524672021241688147776469107932108608614733173699997501684622008897839735803071479737831820615213472811927852485546491792632061225493011556559958048436081543373195780943616410013364904364189910609641011604973761655641640644240421733044416283033016214854248527848120863203309611651900474178577639838594642032729270144216036042626179871605108010066418412061098908069795528844683362447177767221536133092535251655422406812395458552873624709390942643779630423626540260879777817972852233172145227974851300408424539580993751911276200010091904304276075932206170667475223532012398457406488033971582373114546052355967855069052545027197494652214388104705729265794732282116974422654733131733167685515036576104862056823494603230646894054306744939
- m = pow(c,d,n) = 13040004482825639935833218643688743654206267733344606731646835124964035844807067414996138109
转成字符串flag{ec33f669d2d659e2bc27dbffdfeb0f38}
第一次给的文件居然忘记加密flag,但是两次产生的n均可在线分解,即使不能分解依然可以进行求多次开方的根,尝试不多于10次也能分解。
FLAG值:
flag{ec33f669d2d659e2bc27dbffdfeb0f38}
结语
今年初赛crypto比去年简单不少,甚至还拿出考研题凑数,希望后面的题目更have 4 fun。
发表评论
您还未登录,请先登录。
登录