题目:
from Crypto.Util.number import *
flag = b'NSSCTF{******}'
class LCG:
def __init__(self, seed, a, b, m):
self.seed = seed # 初始种子
self.a = a # 乘数
self.b = b # 增量
self.m = m # 模数
def generate(self):
self.seed = (self.a * self.seed + self.b) % self.m
return self.seed
lcg = LCG(bytes_to_long(flag), getPrime(256), getPrime(256), getPrime(256))
for i in range(getPrime(16)):
lcg.generate()
print(lcg.generate())
print(lcg.generate())
print(lcg.generate())
print(lcg.generate())
print(lcg.generate())
'''
47513456973995038401745402734715062697203139056061145149400619356555247755807
57250853157569177664354712595458385047274531304709190064872568447414717938749
30083421760501477670128918578491346192479634327952674530130693136467154794135
38739029019071698539301566649413274114468266283936163804522278316663267625091
42506270962409723585330663340839465445484970240895653869393419413017237427900
'''
解题思路:
- 首先,我们要先求出m
- 为什么m//=2?
- 我们虽然得到了m的倍数,通过求解GCD也确实能得到m,但是在数据不够多的情况下,我们可能得到的是km(可以输出一下
isPrime(m)发现m确实不是素数),这时就需要我们遍历一些小数,手动去除k
解答:
import gmpy2
import libnum
from Crypto.Util.number import GCD, isPrime, long_to_bytes
c=[47513456973995038401745402734715062697203139056061145149400619356555247755807,
57250853157569177664354712595458385047274531304709190064872568447414717938749,
30083421760501477670128918578491346192479634327952674530130693136467154794135,
38739029019071698539301566649413274114468266283936163804522278316663267625091,
42506270962409723585330663340839465445484970240895653869393419413017237427900]
t=[]
for i in range(1,len(c)):
t.append(c[i]-c[i-1])
m = 0
for i in range(1,len(t)-1):
m = GCD(t[i+1]*t[i-1]-t[i]**2, m)
# print(isPrime(m)) False
m//=2
# print(isPrime(m))
a = (c[3]-c[2])*gmpy2.invert(c[2]-c[1],m) % m
b = (c[2]-a*c[1]) % m
# print(gmpy2.gcd(a,m))
# print(gmpy2.gcd(b,m))
a_1=gmpy2.invert(a,m)
for i in range(2**16):
c[1] = (c[1]-b) * a_1 % m
flag = long_to_bytes(c[1])
if b'NSSCTF{' in flag:
print(flag)
break
#NSSCTF{recover_module_number}
浙公网安备 33010602011771号