Lufer

  • 首页
  • 编程
  • 学习笔记
  • 日常折腾
Lufer
Code the World
  1. 首页
  2. 学习笔记
  3. WriteUP
  4. 正文

攻防世界Crypto练习题WP

2025年3月27日 17点热度 0人点赞 0条评论

难度1

Broadcast

题目

粗心的Alice在制作密码的时候,把明文留下来,聪明的你能快速找出来吗?

题解

估计是个签到题,task.py里面直接可以看见flag。

hidden key

题目

你可以找到合适的key吗?

from Crypto.Util.number import *
from secret import flag
import  random
import hashlib
import os

key=os.urandom(8)
def rand(rng):
    return rng - random.randrange(rng)
m=[]
random.seed(int(hashlib.md5(key).hexdigest(), 16))
for i in range(len(flag)):
    rand(256)
    xor=flag[i]^rand(256)
    m.append(xor)
print(m)
print(bytes_to_long(key)>>12)

# [140, 96, 112, 178, 38, 180, 158, 240, 179, 202, 251, 138, 188, 185, 23, 67, 163, 22, 150, 18, 143, 212, 93, 87, 209, 139, 92, 252, 55, 137, 6, 231, 105, 12, 65, 59, 223, 25, 179, 101, 19, 215]
# 2669175714787937

题解

输出的m数组是每一位flag与随机数异或后的结果,但是随机数是用种子生成的,我们可以直接用同样的种子生成随机数,然后逐个异或就可以获得原flag。

但是因为随机数种子被右移位12次,需要遍历查找正确的flag,先讲其左移位12次,并遍历填充右12位,逐个试探看能否破解正确flag即可。

from Crypto.Util.number import *
import  random
import hashlib
import os


shifted_result=2669175714787937<<12

def rand(rng):
    return rng - random.randrange(rng)

m= [140, 96, 112, 178, 38, 180, 158, 240, 179, 202, 251, 138, 188, 185, 23, 67, 163, 22, 150, 18, 143, 212, 93, 87, 209, 139, 92, 252, 55, 137, 6, 231, 105, 12, 65, 59, 223, 25, 179, 101, 19, 215]

for offset in range(2**12):
    realflag=""
    key = long_to_bytes(shifted_result+offset)
    random.seed(int(hashlib.md5(key).hexdigest(), 16))
    for i in range(42):
        rand(256)
        realflag+=chr(m[i]^rand(256))
    if realflag.startswith("flag"):
        print(realflag)

baigeiRSA

题目

白给了,白给了,真白给!

import libnum
from Crypto.Util import number
from secret import flag

size = 128
e = 65537
p = number.getPrime(size)
q = number.getPrime(size)
n = p*q

m = libnum.s2n(flag)
c = pow(m, e, n)

print('n = %d' % n)
print('c = %d' % c)


# n = 88503001447845031603457048661635807319447136634748350130947825183012205093541
# c = 40876621398366534035989065383910105526025410999058860023908252093679681817257

题解

简单RSA,只要分解N就可以了。

直接yafu分解.\yafu-x64.exe "factor(88503001447845031603457048661635807319447136634748350130947825183012205093541)"

from Crypto.Util import number
# from secret import flag

size = 128
e = 65537

n = 88503001447845031603457048661635807319447136634748350130947825183012205093541
c = 40876621398366534035989065383910105526025410999058860023908252093679681817257

p = 322368694010594584041053487661458382819
q = 274539690398523616505159415195049044439

# 计算 φ(n)
phi_n = (p - 1) * (q - 1)

# 计算私钥指数 d
d = libnum.invmod(e, phi_n)

# 解密明文
m = pow(c, d, n)

# 将明文转换为字符串
flag = libnum.n2s(m).decode()
print(flag)

[简单] 初识RSA

题目

p和q藏起来了,你能帮我找到它们吗

from Crypto.Util.number import bytes_to_long,inverse,getPrime
from flag import flag

m = bytes_to_long(flag)

p = getPrime(1024)
q = getPrime(1024)
n = p*q
print(n)
e = 65537

c = pow(m,e,n)

pq = p*(q-1)
qp = q*(p-1)

print("c=",c)
print("n=",n)
print("pq=",pq)
print("qp=",qp)

'''
c= 8722269075970644434253339592758512788160408912707387632591552130175707843950684315083250494010055435391879036285103810263591951437829414438640307561645721347859659807138051841516634704123100270651976676182059252251162982609391666023674158274992400910869692389001622774140191223807887675081808561012755545464977015973615407965906513878979919700065923364884766974187303774330319143647840846354404070430118235352622445115153298578370521811697710289716188726587743282814946239856766713516166990341116198180068191759095913957606379780234116317390622824096667107736103270907349927467971817639795094030622157581511033950777
n= 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074584935050067254029262890188260006596141011807724688556673520261743199388391094490191001701011230322653422314758778116196105077883955436582364267530633358016652912054880813710531145973799193443828969535902856467548523653920307742364119002349899553478815101092655897400295925170383678499125295006364960124859003
pq= 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074488896197029704465200125337817646702009123916866455067019234171839614862660036737875747177391796376553159880972782837853473250804807544086701088829096838316550146794766718580877976153967582795248676367265069623900208276878140709691073369415161936376086988069213820933152601453587292943483693378833664901178324
qp= 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074475956379708898904933143429835002718457573266164923043251954374464149976302585916538814746811455883837138715445492053610047383292461097590195481556557381952895539341802954749542143253491617052100969586396996063822508764438280468492894012685918249843558593322831683872737943676955669923498182824352081785243246
'''

题解

已知:

  • pq = p*(q - 1)=pq - p
  • qp = q*(p - 1)=qp - q
  • n = p*q

由 pq = pq - p 可得 p = n - pq ,由 qp = qp - q 可得 q = n - qp 。

from Crypto.Util.number import bytes_to_long, getPrime
e = 65537

n = 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074584935050067254029262890188260006596141011807724688556673520261743199388391094490191001701011230322653422314758778116196105077883955436582364267530633358016652912054880813710531145973799193443828969535902856467548523653920307742364119002349899553478815101092655897400295925170383678499125295006364960124859003
pq = 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074488896197029704465200125337817646702009123916866455067019234171839614862660036737875747177391796376553159880972782837853473250804807544086701088829096838316550146794766718580877976153967582795248676367265069623900208276878140709691073369415161936376086988069213820933152601453587292943483693378833664901178324
qp = 10466186506773626671397261081802640650185744558208505628349249045496105597268556020207175016523119333667851114848452038431498926527983706092607207796937431312520131882751891731564121558651246025754915145600686076505962750195353958781726515647847167067621799990588328894365930423844435964506372428647802381074475956379708898904933143429835002718457573266164923043251954374464149976302585916538814746811455883837138715445492053610047383292461097590195481556557381952895539341802954749542143253491617052100969586396996063822508764438280468492894012685918249843558593322831683872737943676955669923498182824352081785243246

# 计算p和q
p = n - pq
q = n - qp

phi_n = (p - 1) * (q - 1)

# 计算私钥指数 d
d = libnum.invmod(e, phi_n)

c= 8722269075970644434253339592758512788160408912707387632591552130175707843950684315083250494010055435391879036285103810263591951437829414438640307561645721347859659807138051841516634704123100270651976676182059252251162982609391666023674158274992400910869692389001622774140191223807887675081808561012755545464977015973615407965906513878979919700065923364884766974187303774330319143647840846354404070430118235352622445115153298578370521811697710289716188726587743282814946239856766713516166990341116198180068191759095913957606379780234116317390622824096667107736103270907349927467971817639795094030622157581511033950777

# 解密明文
m = pow(c, d, n)

# 将明文转换为字符串
flag = libnum.n2s(m).decode()
print(flag)

难度2

flag_in_your_hand

题目

给了一个网页和一段JS脚本,输入值之后会给出flag。

题解

			function getFlag() {
				var token = document.getElementById("secToken").value;
				ic = checkToken(token);
				fg = bm(token);
				showFlag()
			}

			function showFlag() {
				var t = document.getElementById("flagTitle");
				var f = document.getElementById("flag");
				t.innerText = !!ic ? "You got the flag below!!" : "Wrong!";
				t.className = !!ic ? "rightflag" : "wrongflag";
				f.innerText = fg;
			}

核心函数是这两个函数,如输入正确,经过checkToken和bm两个函数处理之后,判断ic的值来给出正确的flag。

先看checkToken函数

function checkToken(s) {
    return s === "FAKE-TOKEN";
}

checkToken函数很简单,输入FAKE-TOKEN就会返回true给ic,但是测试之后发现不对,那就一定是其他的地方改变了ic的值。

检索js文件,发现只有下面这个函数会改变ic的值

function ck(s) {
    try {
        ic
    } catch (e) {
        return;
    }
    var a = [118, 104, 102, 120, 117, 108, 119, 124, 48,123,101,120];
    if (s.length == a.length) {
        for (i = 0; i < s.length; i++) {
            if (a[i] - s.charCodeAt(i) != 3)
                return ic = false;
        }
        return ic = true;
    }
    return ic = false;
}

这个逻辑就很简单了,只需要把输入串和a构造满足条件即可,给出代码。

a = [118, 104, 102, 120, 117, 108, 119, 124, 48,123,101,120]
flag=""
for i in range(len(a)):
    flag+=chr(a[i]-3)
print(flag)

得到flag输入网页即可得到真实flag。

safer-than-rot13

题目

XMVZGC RGC AMG RVMG HGFGMQYCD VT VWM BYNO, NSVWDS NSGO RAO XG UWFN AF HACDGMVWF. AIRVFN AII AMG JVRRVC-XVMC, FYRBIG TVIZ ESV SAH CGQGM XGGC RVMG NSAC A RYIG TMVR NSG SVWFG ESGMG NSGO EGMG XVMC WCNYI NSG HAO FVRG IVMH JARG MVWCH NV NAZG NSGR VTT NV EAM. OVWM TIAD YF "CV NSYF YF CVN JMOBNV RO HGAM", YC IVEGMJAFG, EYNS WCHGMFJVMGF YCFNGAH VT FBAJGF, FWMMVWCHGH XO NSG WFWAI "TIAD" NAD ACH JWMIO XMAJGF. GCUVO.

题解

看起来像是单表替换,直接一把梭。http://quipqiup.com/

0	-1.467	BROKEN MEN ARE MORE DESERVING OF OUR PITY, THOUGH THEY MAY BE JUST AS DANGEROUS. ALMOST ALL ARE COMMON-BORN, SIMPLE FOLK WHO HAD NEVER BEEN MORE THAN A MILE FROM THE HOUSE WHERE THEY WERE BORN UNTIL THE DAY SOME LORD CAME ROUND TO TAKE THEM OFF TO WAR. YOUR FLAG IS "NO THIS IS NOT CRYPTO MY DEAR", IN LOWERCASE, WITH UNDERSCORES INSTEAD OF SPACES, SURROUNDED BY THE USUAL "FLAG" TAG AND CURLY BRACES. ENJOY.

按照文字提示,需要转换小写并用下划线替换空格,比较坑的一点是文字提示要用flag包裹,但是实际上不用,flag就是no_this_is_not_crypto_my_dear

告诉你个秘密

题目

636A56355279427363446C4A49454A7154534230526D6843
56445A31614342354E326C4B4946467A5769426961453067

题解

先随波逐流一把梭,发现base16可以解出东西。

cjV5RyBscDlJIEJqTSB0RmhC
VDZ1aCB5N2lKIFFzWiBiaE0g

再梭一把,base64可以解出东西

r5yG lp9I BjM tFhB
T6uh y7iJ QsZ bhM

每一组在键盘上都可以围出一个字母,就是最终flag TONGYUAN。

你猜猜

题目

我们刚刚拦截了,敌军的文件传输获取一份机密文件,请君速速破解。

504B03040A0001080000626D0A49F4B5091F1E0000001200000008000000666C61672E7478746C9F170D35D0A45826A03E161FB96870EDDFC7C89A11862F9199B4CD78E7504B01023F000A0001080000626D0A49F4B5091F1E00000012000000080024000000000000002000000000000000666C61672E7478740A0020000000000001001800AF150210CAF2D1015CAEAA05CAF2D1015CAEAA05CAF2D101504B050600000000010001005A000000440000000000

题解

504B开头,先保存成zip文件,打开发现有密码,试了一下不是伪加密,爆破一下得到flag。

cr3-what-is-this-encryption

题目

Fady同学以为你是菜鸟,不怕你看到他发的东西。他以明文形式将下面这些东西发给了他的朋友 p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9 q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307 e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41 c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520 他严重低估了我们的解密能力

题解

给出了p,q,e,c,RSA解

import libnum
from Crypto.Util import number
# from secret import flag

size = 128
e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41 

p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9 
q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307 

c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520
# 计算 φ(n)
phi_n = (p - 1) * (q - 1)

n=p*q
# 计算私钥指数 d
d = libnum.invmod(e, phi_n)
print
# 解密明文
m = pow(c, d, n)

# 将明文转换为字符串
flag = libnum.n2s(m).decode()
print(flag)

cr4-poor-rsa

题目

两个文件,一个是公钥,一个是密文

-----BEGIN PUBLIC KEY-----
ME0wDQYJKoZIhvcNAQEBBQADPAAwOQIyUqmeJJ7nzzwMv5Y6AJZhdyvJzfbh4/v8
bkSgel4PiURXqfgcOuEyrFaD01soulwyQkMCAwEAAQ==
-----END PUBLIC KEY-----

Ni45iH4UnXSttNuf0Oy80+G5J7tm8sBJuDNN7qfTIdEKJow4siF2cpSbP/qIWDjSi+w=

公钥用openssl解密一下,得到N(Modulus)和E(Exponent)

Public-Key: (399 bit)
Modulus:
    52:a9:9e:24:9e:e7:cf:3c:0c:bf:96:3a:00:96:61:
    77:2b:c9:cd:f6:e1:e3:fb:fc:6e:44:a0:7a:5e:0f:
    89:44:57:a9:f8:1c:3a:e1:32:ac:56:83:d3:5b:28:
    ba:5c:32:42:43
Exponent: 65537 (0x10001)
Modulus=52A99E249EE7CF3C0CBF963A009661772BC9CDF6E1E3FBFC6E44A07A5E0F894457A9F81C3AE132AC5683D35B28BA5C324243
writing RSA key
-----BEGIN PUBLIC KEY-----
ME0wDQYJKoZIhvcNAQEBBQADPAAwOQIyUqmeJJ7nzzwMv5Y6AJZhdyvJzfbh4/v8
bkSgel4PiURXqfgcOuEyrFaD01soulwyQkMCAwEAAQ==
-----END PUBLIC KEY-----

在线分解pq之后用rsa库推算private key并解密串。

; openssl rsa -pubin -text -modulus -in key.pub


import libnum
from Crypto.Util import number
# from secret import flag
import rsa
from base64 import b64decode
size = 128
e=65537

p=863653476616376575308866344984576466644942572246900013156919
q=965445304326998194798282228842484732438457170595999523426901 
n=833810193564967701912362955539789451139872863794534923259743419423089229206473091408403560311191545764221310666338878019

b64c="Ni45iH4UnXSttNuf0Oy80+G5J7tm8sBJuDNN7qfTIdEKJow4siF2cpSbP/qIWDjSi+w="

# 计算 φ(n)
phi_n = (p - 1) * (q - 1)

n=p*q
# 计算私钥指数 d
d = libnum.invmod(e, phi_n)

privatekey = rsa.PrivateKey(n,e,d,p,q)

str = b64decode(b64c)
print(rsa.decrypt(str,privatekey).decode())

工业协议分析2

题目

在进行工业企业检查评估工作中,发现了疑似感染恶意软件的上位机。现已提取出上位机通信流量,尝试分析出异常点,获取FLAG。 flag形式为 flag{}

题解

流里面有疑似的字符串,16进制转字符后得到flag。

sherlock

题目

附件给了一个txt文件,夏洛克小说

题解

观察文本,发现有个别字母是大写字母,用正则把这部分筛选出来,发现是0和1构成的。

ZEROONEZEROZEROZEROZEROONEZEROZEROONEZEROZEROONEZEROZEROONEZEROONEZEROONEZEROONEZEROZEROZEROONEZEROONEZEROZEROONEONEZEROONEZEROZEROZEROZEROONEONEZEROONEZEROONEZEROONEZEROZEROZEROONEZEROZEROZEROONEONEZEROZEROONEONEONEONEZEROONEONEZEROONEONEZEROONEZEROZEROZEROZEROZEROONEONEZEROZEROZEROONEZEROONEONEZEROZEROONEZEROZEROZEROZEROONEONEZEROZEROONEONEZEROONEZEROONEONEONEONEONEZEROZEROONEONEZEROZEROZEROONEZEROONEONEZEROONEONEONEZEROZEROONEZEROONEONEONEONEONEZEROONEONEONEZEROZEROZEROZEROZEROONEONEZEROONEONEZEROZEROZEROZEROONEONEZEROONEZEROZEROZEROZEROONEONEZEROZEROZEROONEZEROONEONEZEROONEONEONEZEROZEROONEZEROONEONEONEONEONEZEROZEROONEONEZEROONEZEROONEZEROZEROONEONEZEROZEROZEROONEZEROZEROONEONEZEROONEONEONEZEROZEROONEONEZEROZEROONEONEZEROONEONEONEONEONEZEROONE

替换成01之后二进制转字符可以得到flag。

crypto垃圾邮件

题目

常常收到垃圾邮件都不知道是什么东西,这次我一定要搞清楚

题解

用到了一个网站,https://www.spammimic.com/decode.shtml ,具体可以参考另一篇文章 spammimic加密

cat's gift

题目

如图所示,下面这只好心的猫猫给你送来了跨年礼物。由于礼物不好拿,所以猫猫把礼物平均分成了四份,但是其中一份不小心掉在地上散落成了无数片,变成了 1 - 1/3 + 1/5 - 1/7 + …

聪明的你能算出或猜出猫猫的礼物是什么吗?

flag示例: CatCTF{apple} CatCTF{banana}

提示:没思路的话可以问下这只猫猫有关Leibniz的事哦

题解

1 - 1/3 + 1/5 - 1/7 + …求极限是PI/4,所以礼物就是PI,CatCTF{pie}。

baigeiRSA2

题目

既然白给,就多给一点吧!

import libnum
from Crypto.Util import number
from functools import reduce
from secret import flag

n = 5
size = 64
while True:
    ps = [number.getPrime(size) for _ in range(n)]
    if len(set(ps)) == n:
        break

e = 65537
n = reduce(lambda x, y: x*y, ps)
m = libnum.s2n(flag)
c = pow(m, e, n)



print('n = %d' % n)
print('c = %d' % c)

n = 175797137276517400024170861198192089021253920489351812147043687817076482376379806063372376015921
c = 144009221781172353636339988896910912047726260759108847257566019412382083853598735817869933202168

题解

n是5个素数相乘,先factordb梭一下

同理推算φ(n)=(q-1)*(p-1)*(r-1)*....

import libnum
from Crypto.Util import number
# from secret import flag
import rsa
from base64 import b64decode

n = 175797137276517400024170861198192089021253920489351812147043687817076482376379806063372376015921
c = 144009221781172353636339988896910912047726260759108847257566019412382083853598735817869933202168


n=9401433281508038261*10252499084912054759*11215197893925590897*11855687732085186571*13716847112310466417
phi_n=9401433281508038260*10252499084912054758*11215197893925590896*11855687732085186570*13716847112310466416
e = 65537
d = libnum.invmod(e, phi_n)

# 解密明文
m = pow(c, d, n)

# 将明文转换为字符串
flag = libnum.n2s(m).decode()
print(flag)

二元一次方程组

题目

import libnum
from Crypto.Util import number
from secret import flag


size = 256
e = 65537
p = number.getPrime(size)
q = number.getPrime(size)
avg = (p+q)/2
n = p*q

m = libnum.s2n(flag)
c = pow(m, e, n)

print('n = %d' % n)
print('avg = %d' % avg)
print('c = %d' % c)

n = 5700102857084805454304483466349768960970728516788155745115335016563400814300152521175777999545445613444815936222559357974566843756936687078467221979584601
avg = 75635892913589759545076958131039534718834447688923830032758709253942408722875
c = 888629627089650993173073530112503758717074884215641346688043288414489462472394318700014742820213053802180975816089493243275025049174955385229062207064503

题解

φ(n)=(q-1)*(p-1)=pq-(p+q)+1=n-2*avg+1

import libnum
from Crypto.Util import number
# from secret import flag
import rsa
from base64 import b64decode

e=65537

n = 5700102857084805454304483466349768960970728516788155745115335016563400814300152521175777999545445613444815936222559357974566843756936687078467221979584601
avg = 75635892913589759545076958131039534718834447688923830032758709253942408722875
c = 888629627089650993173073530112503758717074884215641346688043288414489462472394318700014742820213053802180975816089493243275025049174955385229062207064503


# 计算 φ(n)

phi_n=n-2*avg+1

# 计算私钥指数 d
d = libnum.invmod(e, phi_n)

# 解密明文
m = pow(c, d, n)

# 将明文转换为字符串
flag = libnum.n2s(m).decode()
print(flag)

babyFibo

题目

简单题,快做!

import os
import libnum
# from secret import flag
import sys
sys.setrecursionlimit(3000)

def fibo(n):
    assert n >= 0
    if n < 2:
        return n
    return fibo(n-1) + fibo(n-2)

s = fibo(1000)
m = libnum.s2n(flag+os.urandom((len(bin(s))-2)//8-len(flag)))
c = m^s
print(c)

s=43466557686937456435688527675040625802564660517371780402481729089536555417949051890403879840079255169295922593080322634775209689623239873322471161642996440906533187938298969649928516003704476137795166849228875

题解

用斐波那契生成了一个第1000位的数,然后和密文异或得到C,直接异或解密即可。

第1000位要循环很久,直接网上可以搜到。

import os
import libnum
# from secret import flag
import sys
sys.setrecursionlimit(3000)


s=43466557686937456435688527675040625802564660517371780402481729089536555417949051890403879840079255169295922593080322634775209689623239873322471161642996440906533187938298969649928516003704476137795166849228875

c=43104378128345818181217961835377190975779804452524643191544804229536124095677294719566215359919831933542699064892141754715180028183150724886016542388159082125737677224886528142312511700711365919689756090950704
m=c^s
print(libnum.n2s(m))

Xor很心疼你

题目

看了这么久题目了,Xor很心疼你,并打算考考你

# Python3
from secret import flag
import random
import base64

pool = 'qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNM'
r = random.randint(2, 250)
assert flag.startswith('hsctf{')


def generate(length):
    return ''.join(random.choices(pool, k=length))


def f(x):
    random.seed(x)
    return random.getrandbits(8)


def encrypt(plaintext, key):
    plaintext = list(map(ord, plaintext))
    for _ in range(20):
        key = f(key)
        assert key != 0
    for i in range(len(plaintext)):
        key = f(key)
        tmp = (key * r) % 251
        assert tmp != 0 and key != 0
        plaintext[i] = plaintext[i] ^ tmp
    plaintext = bytes(plaintext)
    return base64.b64encode(plaintext)


m = generate(random.randint(200, 300)) + flag + generate(random.randint(200, 300))
c = encrypt(m, random.getrandbits(128))
print(c)
# b'8OcTbAfL6/kOMQnC9v8SNmmSzvQMeGTT8vANM1T+7vIce2fo0fc2RnScrNxTSmeSyuMjMF//w8BWaXX91dsGcnvmreg0NQTw96ceVVXj3sQ3Znn51OU1S0bOyaMtNHTj36AcWFqewN4zRUXD6agGbAPE+tQtd3XG0doAa1Ll9fhcQ1zk0McTM1bv8PIQOAnn3vQ3UgLD3PsONXLs4KkXMnjTyMEQOFn/0uYVUwOY1PsleEHCyNopRVDr+Kc0e2PH9v0XNXfprfIPU3nw7KYTNX/G7twLSkHoyaUlQHXi3v02UHmdy/4iNgme3Pc8bgPp+tYWV1+YzPkXYkXM4ulUc27DrM4SNUPT2fQlckj1qP4Fal+YoPYJMlyZ8qhXfF3Y0tUDdUXl3vg0dFTi++VVOFfH/dgMS1ru9N8WU0HF9cUCTgPe+qVdSn/u7Mkda0GTw/QDcWPZ9KYGN2jSzfk0OVrMzt0yRHD64KMrUgPF2sFWcmP56KZSTAD61PUGeXrd49MgU1bL8OsVNWj91vIsalXwqf0qaWbwzv0lWETA4eElS3L99cYmU1nv9dRQTWbDyclScQTN6NIhV2j//+ZWbH7Z68kwM3Dy4dcUc1PQy8kRTl/4zcU9WGWfoakOMXuf69MXZQTEz+kJT1Dar8UN'

题解

先生成一个数字r是固定值。

生成一个数字key,然后每一轮用key作为种子生成下一个随机数key

使用key和r参与运算,进行加密。

key和r都不大,通过遍历的方式可以找出来key和r的值。

我们遍历r和key,用encrypt重新加密hsctf这个关键串,看看是否在密文中,即可确认r和key的值

from nt import environ
import random
import base64

from libnum import factorial_get_prime_pow

pool = 'qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNM'
# r = random.randint(2, 250)
# assert flag.startswith('hsctf{')


def generate(length):
    return ''.join(random.choices(pool, k=length))


def f(x):
    random.seed(x)
    return random.getrandbits(8)


def encrypt(plaintext, key):
    plaintext = list(map(ord, plaintext))
    for i in range(len(plaintext)):
        key = f(key)
        tmp = (key * r) % 251
        # assert tmp != 0 and key != 0
        plaintext[i] = plaintext[i] ^ tmp
    plaintext = bytes(plaintext)
    return plaintext

c= b'8OcTbAfL6/kOMQnC9v8SNmmSzvQMeGTT8vANM1T+7vIce2fo0fc2RnScrNxTSmeSyuMjMF//w8BWaXX91dsGcnvmreg0NQTw96ceVVXj3sQ3Znn51OU1S0bOyaMtNHTj36AcWFqewN4zRUXD6agGbAPE+tQtd3XG0doAa1Ll9fhcQ1zk0McTM1bv8PIQOAnn3vQ3UgLD3PsONXLs4KkXMnjTyMEQOFn/0uYVUwOY1PsleEHCyNopRVDr+Kc0e2PH9v0XNXfprfIPU3nw7KYTNX/G7twLSkHoyaUlQHXi3v02UHmdy/4iNgme3Pc8bgPp+tYWV1+YzPkXYkXM4ulUc27DrM4SNUPT2fQlckj1qP4Fal+YoPYJMlyZ8qhXfF3Y0tUDdUXl3vg0dFTi++VVOFfH/dgMS1ru9N8WU0HF9cUCTgPe+qVdSn/u7Mkda0GTw/QDcWPZ9KYGN2jSzfk0OVrMzt0yRHD64KMrUgPF2sFWcmP56KZSTAD61PUGeXrd49MgU1bL8OsVNWj91vIsalXwqf0qaWbwzv0lWETA4eElS3L99cYmU1nv9dRQTWbDyclScQTN6NIhV2j//+ZWbH7Z68kwM3Dy4dcUc1PQy8kRTl/4zcU9WGWfoakOMXuf69MXZQTEz+kJT1Dar8UN'
c=base64.b64decode(c)
for r in range(2,251):
    for key in range(1,2 ** 8):
        brute_c=encrypt('hsctf{',key)
        if brute_c in c:
            print(r)
            print(key)
            print(c.index(brute_c))

得到两种可能性,r=187,key=34,真正字符串的起始位置是247

直接再次异或得到flag。

from nt import environ
import random
import base64

from libnum import factorial_get_prime_pow

pool = 'qwertyuiopasdfghjklzxcvbnm1234567890QWERTYUIOPASDFGHJKLZXCVBNM'


def generate(length):
    return ''.join(random.choices(pool, k=length))


def f(x):
    random.seed(x)
    return random.getrandbits(8)


def decrypt(plaintext, key):
    plaintext=list(plaintext)
    for i in range(len(plaintext)):
        key = f(key)
        tmp = (key * r) % 251
        # assert tmp != 0 and key != 0
        plaintext[i] = plaintext[i] ^ tmp
    plaintext = bytes(plaintext)
    return plaintext

c= b'8OcTbAfL6/kOMQnC9v8SNmmSzvQMeGTT8vANM1T+7vIce2fo0fc2RnScrNxTSmeSyuMjMF//w8BWaXX91dsGcnvmreg0NQTw96ceVVXj3sQ3Znn51OU1S0bOyaMtNHTj36AcWFqewN4zRUXD6agGbAPE+tQtd3XG0doAa1Ll9fhcQ1zk0McTM1bv8PIQOAnn3vQ3UgLD3PsONXLs4KkXMnjTyMEQOFn/0uYVUwOY1PsleEHCyNopRVDr+Kc0e2PH9v0XNXfprfIPU3nw7KYTNX/G7twLSkHoyaUlQHXi3v02UHmdy/4iNgme3Pc8bgPp+tYWV1+YzPkXYkXM4ulUc27DrM4SNUPT2fQlckj1qP4Fal+YoPYJMlyZ8qhXfF3Y0tUDdUXl3vg0dFTi++VVOFfH/dgMS1ru9N8WU0HF9cUCTgPe+qVdSn/u7Mkda0GTw/QDcWPZ9KYGN2jSzfk0OVrMzt0yRHD64KMrUgPF2sFWcmP56KZSTAD61PUGeXrd49MgU1bL8OsVNWj91vIsalXwqf0qaWbwzv0lWETA4eElS3L99cYmU1nv9dRQTWbDyclScQTN6NIhV2j//+ZWbH7Z68kwM3Dy4dcUc1PQy8kRTl/4zcU9WGWfoakOMXuf69MXZQTEz+kJT1Dar8UN'
c=base64.b64decode(c)

r=187 
key=34
index=247

flag=decrypt(c[247:],key)
print(flag)
标签: Crypto 攻防世界
最后更新:2025年4月10日

Lufer

新的一天开始啦

点赞
< 上一篇
下一篇 >

文章评论

razz evil exclaim smile redface biggrin eek confused idea lol mad twisted rolleyes wink cool arrow neutral cry mrgreen drooling persevering
取消回复

文章目录
  • 难度1
    • Broadcast
      • 题目
      • 题解
    • hidden key
      • 题目
      • 题解
    • baigeiRSA
      • 题目
      • 题解
    • [简单] 初识RSA
      • 题目
      • 题解
  • 难度2
    • flag_in_your_hand
      • 题目
      • 题解
    • safer-than-rot13
      • 题目
      • 题解
    • 告诉你个秘密
      • 题目
      • 题解
    • 你猜猜
      • 题目
      • 题解
    • cr3-what-is-this-encryption
      • 题目
      • 题解
    • cr4-poor-rsa
      • 题目
    • 工业协议分析2
      • 题目
      • 题解
    • sherlock
      • 题目
      • 题解
    • crypto垃圾邮件
      • 题目
      • 题解
    • cat's gift
      • 题目
      • 题解
    • baigeiRSA2
      • 题目
      • 题解
    • 二元一次方程组
      • 题目
      • 题解
    • babyFibo
      • 题目
      • 题解
    • Xor很心疼你
      • 题目
      • 题解

COPYRIGHT © 2022 lufer.cc.

Theme Kratos Made By Seaton Jiang

鲁ICP备2021045819号