PragyanCTF crypto WriteUp

该部分为本科期间wp备份。

1、Spoiler

题目：

Bran Stark, wants to convey an important information to the Sansa back at winterfell. He sends her a message. The message however, is encrypted though. Can you find out what Bran is trying to convey?? key.pdf

解题过程：

打开key.pdf之后，发现文档内容为：

3a2c3a35152538272c2d213e332e3c25383030373a15

于是尝试用hex解码，得到如下结果：

:,:5%8',-!>3.<%8007:

此时分析：key.pdf文件的表面内容为key，而不应该是ciphertext。尝试分析pdf的bin内容，发现在EOF处有这样一段内容：

%%EOF0000006a0000006f0000006e000000730000006e0000006f000000770000006900000073000000640000007200000061000000670000006f0000006e00000062000000790000006200000069000000720000007400000068

尝试将EOF后面内容进行hex解码，发现以下内容：

jonsnowisdragonbybirth

有了key，有了ciphertext，但是接下来不好处理。仔细观察key与ciphertext，发现两者长度相同。所以我们尝试将对应的内容进行xor运算。尝试成功，得到flag为：

PCTF{JON_IS_TARGARYEN}

python脚本附上：

#python3.6.5
from binascii import *
s = "jonsnowisdragonbybirth"
key = unhexlify("3a2c3a35152538272c2d213e332e3c25383030373a15")
res = ""
for i in range(len(s)):
    res += chr(ord(s[i])^key[i])
print(res)

2、Easy RSA

题目：

Deeraj is experimenting with RSA. He is given the necessary RSA parameters. He realizes something is off, but doesn't know what. Can you help him figure it out? parameters.txt

解题过程：

打开txt，得到以下内容：

e=217356749319385698521929657544628507680950813122965981036139317973675569442588326220293299168756490163223201593446006249622787212268918299733683908813777695992195006830244088685311059537057855442978678020950265617092637544349098729925492477391076560770615398034890984685084288600014953201593750327846808762513 n=413514550275673527863957027545525175432824699510881864021105557583918890022061739148026915990124447164572528944722263717357237476264481036272236727160588284145055425035045871562541038353702292714978768468806464985590036061328334595717970895975121788928626837881214128786266719801269965024179019247618967408217 c=337907824405966440030495671003069758278111764297629248609638912154235544001123799434176915113308593275372838266739188034566867280295804636556069233774555055521212823481663542294565892061947925909547184805760988117713501561339405677394457210062631040728412334490054091265643226842490973415231820626551757008360

本题e特别大，因此解题可以参考Bugku-RSA那题。柴佬用的脚本和我用的脚本不一样，我用的是RsaCtfTool。 Kali内打开脚本文件夹，依次输入以下命令：

$ python RsaCtfTool.py --createpub -n 413514550275673527863957027545525175432824699510881864021105557583918890022061739148026915990124447164572528944722263717357237476264481036272236727160588284145055425035045871562541038353702292714978768468806464985590036061328334595717970895975121788928626837881214128786266719801269965024179019247618967408217 -e 217356749319385698521929657544628507680950813122965981036139317973675569442588326220293299168756490163223201593446006249622787212268918299733683908813777695992195006830244088685311059537057855442978678020950265617092637544349098729925492477391076560770615398034890984685084288600014953201593750327846808762513 >a.pem

$ python RsaCtfTool.py --publickey a.pem --private > a.key

$ python RsaCtfTool.py --key a.key --dumpkey

得到以下结果：

d:12978409760901509356642421072925801006324287746872153539187221529835976408177 p:19833611777350261527711079937022117212864220836350357905133650650024955479645832765842667370773048457804959743454987087255447637313845649824446832388600281 q:20849180417451853710316597265206450290754170726980118770375941268686670371486003295019076447328939684328124148947495424092191017095312378807096231649456257

使用gmpy2库写RSA解密脚本：

#python3.6.5
n=413514550275673527863957027545525175432824699510881864021105557583918890022061739148026915990124447164572528944722263717357237476264481036272236727160588284145055425035045871562541038353702292714978768468806464985590036061328334595717970895975121788928626837881214128786266719801269965024179019247618967408217
d=12978409760901509356642421072925801006324287746872153539187221529835976408177
c=337907824405966440030495671003069758278111764297629248609638912154235544001123799434176915113308593275372838266739188034566867280295804636556069233774555055521212823481663542294565892061947925909547184805760988117713501561339405677394457210062631040728412334490054091265643226842490973415231820626551757008360
import gmpy2,binascii
a=gmpy2.powmod(c,d,n)
print(binascii.unhexlify(hex(a)[2:]))

因此得到flag：

pctf{Sup3r_st4nd4rd_W31n3r_4tt4ck}

3、The Order of the Phoenix

题目：

It's a new age Order of the Phoenix. The current members are:

1. Harry
2. Hermione
3. Ron
4. George
5. Charlie
6. Bill
7. Ginny
8. Fleur
9. Luna
10. Neville

Each of them has a secret QR code associated with him/her which is given to you. At the entrance of the Grimmauld place, is a system to scan their QR codes. Any 5 or more of them can enter at once, but not less than 5. This is in place to prevent any rash decisions made by very few people regarding the matters concerning the Order. However, now is an emergency time. Malfoy is causing trouble again, and Harry needs to enter Grimmauld Place for which he needs to know the secret associated with the entry system to let him in. Help him out.

Hint:Eleven scientists are working on a secret project.......?

Bill.png Charlie.png Fleur.png George.png Ginny.png Harry.png Hermione.png Luna.png Neville.png Ron.png

解题过程：

本题提供了10张二维码，并且告诉我们5个或5个以上能进入以及hint，因此可以断定问题是秘密共享方面的内容，进一步地：Shamir密钥分享。先将二维码用CQResearch提取内容：

1-d301da5536a5d8b8e2be50a7584127eb3704025f048cf72335f1b301b852b30a

2-e1af01e2f7887b63c068823cbcd812f91899678656456db71dfa9ab1fbb1bd26

3-dc60d55a411ccfd4a44e6a9799774dd6207dffdfcab4b442075ead165fa7ecb

4-510c9c8f6aaacebf16bb5fd9e2cd8c0845ec483bd49bf57fa4151e5b672c73b0

5-bd4f58a846bb9e47a7402e22df13002aef3bf3048011674269eaff39154c62bf

6-7c61f3ee00ab759a6853f041e74ae2378144a96b662230888d6ba6412c646190

7-d01f29e42de0ab1fb183a35d06a2ac6117acaad2b3017671846c7b380e83d6bb

8-1268bf4430c0b1a4c568a302da92421bc672aceb57fef3401f2434cfc3bf740b

9-b52781fd38b0185bd1a8a92a92dbf01c99eddbb50b86f65a882ad8a7fa313e9d

a-424b493442128adbeef5ce33f18c6c5996cdd97e4922644a4479bb4e05f8846f

得到的内容为二维码内容，我们可以用QR secret Sharing这个脚本工具，输入5个或以上内容后选择“I don't have next share”。 得到flag：

pctf{sh4m1r3_w4s_4_gr34t_m4n}

4、Add them Sneaky Polynomials

题目：

Rahul, the geek boy of his class, doesn't like doing things the conventional way. He's just learned polynomials in class, and wants to prove a point to his friend Sandhya. But Sandhya is sitting in the first bench, so Ram decides to write what he wants to convey on a chit and pass it through the guys sitting in front of him. The guys in between try to read it, but do not understand. Sadly, nor does Sandhya. Can you help him out? polynomials.txt

hint:XOR is your best friend

解题过程:

打开polynomials.txt，发现以下内容：

p = x^406 + x^405 + x^402 + x^399 + x^397 + x^391 + x^390 + x^387 + x^386 + x^378 + x^374 + x^372 + x^371 + x^369 + x^367 + x^364 + x^360 + x^358 + x^357 + x^352 + x^350 + x^345 + x^344 + x^341 + x^336 + x^335 + x^334 + x^333 + x^331 + x^330 + x^329 + x^328 + x^327 + x^324 + x^322 + x^320 + x^314 + x^311 + x^308 + x^307 + x^303 + x^300 + x^299 + x^296 + x^295 + x^290 + x^289 + x^287 + x^279 + x^271 + x^266 + x^264 + x^262 + x^260 + x^257 + x^256 + x^252 + x^249 + x^248 + x^246 + x^243 + x^239 + x^238 + x^236 + x^233 + x^230 + x^227 + x^225 + x^223 + x^222 + x^220 + x^218 + x^216 + x^215 + x^209 + x^208 + x^207 + x^204 + x^202 + x^199 + x^190 + x^189 + x^185 + x^184 + x^180 + x^177 + x^176 + x^175 + x^172 + x^167 + x^166 + x^162 + x^160 + x^159 + x^155 + x^154 + x^149 + x^147 + x^143 + x^137 + x^135 + x^131 + x^129 + x^126 + x^124 + x^122 + x^116 + x^110 + x^108 + x^105 + x^104 + x^100 + x^99 + x^97 + x^94 + x^93 + x^90 + x^88 + x^87 + x^86 + x^85 + x^83 + x^75 + x^73 + x^69 + x^63 + x^62 + x^57 + x^54 + x^51 + x^44 + x^41 + x^38 + x^37 + x^36 + x^34 + x^29 + x^28 + x^26 + x^25 + x^21 + x^20 + x^19 + x^16 + x^15 + x^14 + x^13 + x^6 + x^5 + x^2

q = x^399 + x^398 + x^396 + x^393 + x^392 + x^391 + x^388 + x^386 + x^384 + x^381 + x^377 + x^376 + x^368 + x^364 + x^360 + x^355 + x^354 + x^353 + x^352 + x^348 + x^346 + x^345 + x^344 + x^343 + x^335 + x^334 + x^329 + x^326 + x^325 + x^321 + x^318 + x^317 + x^315 + x^314 + x^311 + x^307 + x^306 + x^304 + x^300 + x^296 + x^293 + x^291 + x^282 + x^277 + x^270 + x^263 + x^261 + x^260 + x^256 + x^254 + x^253 + x^252 + x^251 + x^248 + x^245 + x^242 + x^241 + x^239 + x^238 + x^236 + x^232 + x^226 + x^225 + x^222 + x^220 + x^219 + x^214 + x^209 + x^208 + x^207 + x^206 + x^202 + x^200 + x^196 + x^191 + x^190 + x^186 + x^181 + x^180 + x^178 + x^177 + x^169 + x^168 + x^165 + x^164 + x^163 + x^162 + x^161 + x^159 + x^157 + x^156 + x^151 + x^149 + x^148 + x^147 + x^146 + x^144 + x^141 + x^140 + x^138 + x^137 + x^136 + x^134 + x^133 + x^132 + x^130 + x^129 + x^128 + x^126 + x^123 + x^121 + x^113 + x^109 + x^103 + x^101 + x^100 + x^95 + x^93 + x^91 + x^85 + x^84 + x^81 + x^74 + x^73 + x^71 + x^68 + x^67 + x^54 + x^52 + x^51 + x^50 + x^48 + x^46 + x^45 + x^43 + x^39 + x^35 + x^32 + x^31 + x^30 + x^29 + x^21 + x^15 + x^14 + x^9 + x^8 + x^5 + x^4 + x^2 + 1

r = x^404 + x^402 + x^396 + x^389 + x^387 + x^386 + x^384 + x^382 + x^376 + x^373 + x^367 + x^366 + x^365 + x^362 + x^361 + x^358 + x^356 + x^355 + x^354 + x^353 + x^352 + x^349 + x^348 + x^347 + x^345 + x^343 + x^340 + x^334 + x^332 + x^331 + x^328 + x^327 + x^326 + x^322 + x^317 + x^316 + x^314 + x^313 + x^312 + x^310 + x^309 + x^308 + x^305 + x^304 + x^303 + x^301 + x^300 + x^299 + x^296 + x^295 + x^292 + x^291 + x^290 + x^288 + x^287 + x^286 + x^285 + x^283 + x^279 + x^278 + x^274 + x^271 + x^269 + x^268 + x^266 + x^265 + x^263 + x^261 + x^260 + x^259 + x^258 + x^256 + x^254 + x^252 + x^251 + x^250 + x^249 + x^244 + x^243 + x^242 + x^237 + x^236 + x^228 + x^225 + x^224 + x^223 + x^222 + x^221 + x^215 + x^214 + x^213 + x^212 + x^205 + x^201 + x^200 + x^199 + x^197 + x^193 + x^192 + x^191 + x^190 + x^189 + x^188 + x^187 + x^182 + x^180 + x^175 + x^174 + x^173 + x^167 + x^166 + x^163 + x^158 + x^156 + x^155 + x^153 + x^151 + x^150 + x^149 + x^143 + x^142 + x^140 + x^139 + x^136 + x^135 + x^133 + x^129 + x^126 + x^125 + x^123 + x^121 + x^118 + x^117 + x^116 + x^115 + x^113 + x^110 + x^106 + x^105 + x^104 + x^103 + x^102 + x^98 + x^95 + x^92 + x^89 + x^87 + x^85 + x^81 + x^80 + x^77 + x^76 + x^75 + x^74 + x^71 + x^70 + x^67 + x^66 + x^64 + x^63 + x^60 + x^59 + x^58 + x^56 + x^54 + x^53 + x^48 + x^44 + x^41 + x^39 + x^38 + x^35 + x^34 + x^31 + x^29 + x^28 + x^27 + x^22 + x^21 + x^20 + x^17 + x^14 + x^12 + x^11 + x^10 + x^9 + x^6 + x^4 + x^3 + x + 1

根据hint，我们需要xor这些数据。因此我们先将多项式转化成二进制内容：

p=“11001001010000011001100000001000101101010010001011000010100001100100001111011111001010100000100100110001001100110000110100000001000000010000101010100110001001101001000110100100100101011010101100000111001010010000000011000110001001110010000110001011000110000101000100000101000101001010100000100000101001100011010011001011110100000001010001000001100001001001000000100100111010000110110001110011110000001100100”

q=“00000001101001110010101001000110000000100010001000011110001011110000000110000100110001001101100100011010001000100101000000001000010000001000000101100010111100100100110110100010000011001011000010000111100010100010000110001000011011000000011001111101011000010111101001101110111011101001010000000100010000010110000101010000011001000000110100110000000000001011101011010001000100111100000001000001100001100110101”

r=“00101000001000000101101010000010010000011100110010111110011101010010000010110011100010000110111011100111011100110011101111010001100010010110110101111010101111000011100001100000001001111100000111100000010001110100011111110000101000011100000110010000101101011100000110110011010001001101010011110100100011111000100100100101010001100111100110011011001110101100001000100101100110010111000011100100101111001011011”

进行三者xor，得到结果：

11100000110001101110100011001100111101101100110001100010110111000110001011101000011001101011111011001100011000100110011011011000110010001110011010111110011010001110010001100110101111101101101001100000111001000110011010111110111010101110011001100110110011001110101011011000101111101110100011010000011010001101110010111110111100100110000011101010101111101110100011010000011000101101110011010110111110100001010

据说这串字符串转ASCII码包含了flag，试试找出来得出flag:)

pctf{f1n1t3_f13lds_4r3_m0r3_us3ful_th4n_y0u_th1nk} 注意：407bits需要补一位凑408bits，因为长度必须为byte整数倍。

也可以写个脚本将多项式转二进制数字并进行XOR以及string出结果:

#python3.6.5
import binascii
pl =" x^406 + x^405 + x^402 + x^399 + x^397 + x^391 + x^390 + x^387 + x^386 + x^378 + x^374 + x^372 + x^371 + x^369 + x^367 + x^364 + x^360 + x^358 + x^357 + x^352 + x^350 + x^345 + x^344 + x^341 + x^336 + x^335 + x^334 + x^333 + x^331 + x^330 + x^329 + x^328 + x^327 + x^324 + x^322 + x^320 + x^314 + x^311 + x^308 + x^307 + x^303 + x^300 + x^299 + x^296 + x^295 + x^290 + x^289 + x^287 + x^279 + x^271 + x^266 + x^264 + x^262 + x^260 + x^257 + x^256 + x^252 + x^249 + x^248 + x^246 + x^243 + x^239 + x^238 + x^236 + x^233 + x^230 + x^227 + x^225 + x^223 + x^222 + x^220 + x^218 + x^216 + x^215 + x^209 + x^208 + x^207 + x^204 + x^202 + x^199 + x^190 + x^189 + x^185 + x^184 + x^180 + x^177 + x^176 + x^175 + x^172 + x^167 + x^166 + x^162 + x^160 + x^159 + x^155 + x^154 + x^149 + x^147 + x^143 + x^137 + x^135 + x^131 + x^129 + x^126 + x^124 + x^122 + x^116 + x^110 + x^108 + x^105 + x^104 + x^100 + x^99 + x^97 + x^94 + x^93 + x^90 + x^88 + x^87 + x^86 + x^85 + x^83 + x^75 + x^73 + x^69 + x^63 + x^62 + x^57 + x^54 + x^51 + x^44 + x^41 + x^38 + x^37 + x^36 + x^34 + x^29 + x^28 + x^26 + x^25 + x^21 + x^20 + x^19 + x^16 + x^15 + x^14 + x^13 + x^6 + x^5 + x^2 "
ql =" x^399 + x^398 + x^396 + x^393 + x^392 + x^391 + x^388 + x^386 + x^384 + x^381 + x^377 + x^376 + x^368 + x^364 + x^360 + x^355 + x^354 + x^353 + x^352 + x^348 + x^346 + x^345 + x^344 + x^343 + x^335 + x^334 + x^329 + x^326 + x^325 + x^321 + x^318 + x^317 + x^315 + x^314 + x^311 + x^307 + x^306 + x^304 + x^300 + x^296 + x^293 + x^291 + x^282 + x^277 + x^270 + x^263 + x^261 + x^260 + x^256 + x^254 + x^253 + x^252 + x^251 + x^248 + x^245 + x^242 + x^241 + x^239 + x^238 + x^236 + x^232 + x^226 + x^225 + x^222 + x^220 + x^219 + x^214 + x^209 + x^208 + x^207 + x^206 + x^202 + x^200 + x^196 + x^191 + x^190 + x^186 + x^181 + x^180 + x^178 + x^177 + x^169 + x^168 + x^165 + x^164 + x^163 + x^162 + x^161 + x^159 + x^157 + x^156 + x^151 + x^149 + x^148 + x^147 + x^146 + x^144 + x^141 + x^140 + x^138 + x^137 + x^136 + x^134 + x^133 + x^132 + x^130 + x^129 + x^128 + x^126 + x^123 + x^121 + x^113 + x^109 + x^103 + x^101 + x^100 + x^95 + x^93 + x^91 + x^85 + x^84 + x^81 + x^74 + x^73 + x^71 + x^68 + x^67 + x^54 + x^52 + x^51 + x^50 + x^48 + x^46 + x^45 + x^43 + x^39 + x^35 + x^32 + x^31 + x^30 + x^29 + x^21 + x^15 + x^14 + x^9 + x^8 + x^5 + x^4 + x^2 + x^0 "
rl =" x^404 + x^402 + x^396 + x^389 + x^387 + x^386 + x^384 + x^382 + x^376 + x^373 + x^367 + x^366 + x^365 + x^362 + x^361 + x^358 + x^356 + x^355 + x^354 + x^353 + x^352 + x^349 + x^348 + x^347 + x^345 + x^343 + x^340 + x^334 + x^332 + x^331 + x^328 + x^327 + x^326 + x^322 + x^317 + x^316 + x^314 + x^313 + x^312 + x^310 + x^309 + x^308 + x^305 + x^304 + x^303 + x^301 + x^300 + x^299 + x^296 + x^295 + x^292 + x^291 + x^290 + x^288 + x^287 + x^286 + x^285 + x^283 + x^279 + x^278 + x^274 + x^271 + x^269 + x^268 + x^266 + x^265 + x^263 + x^261 + x^260 + x^259 + x^258 + x^256 + x^254 + x^252 + x^251 + x^250 + x^249 + x^244 + x^243 + x^242 + x^237 + x^236 + x^228 + x^225 + x^224 + x^223 + x^222 + x^221 + x^215 + x^214 + x^213 + x^212 + x^205 + x^201 + x^200 + x^199 + x^197 + x^193 + x^192 + x^191 + x^190 + x^189 + x^188 + x^187 + x^182 + x^180 + x^175 + x^174 + x^173 + x^167 + x^166 + x^163 + x^158 + x^156 + x^155 + x^153 + x^151 + x^150 + x^149 + x^143 + x^142 + x^140 + x^139 + x^136 + x^135 + x^133 + x^129 + x^126 + x^125 + x^123 + x^121 + x^118 + x^117 + x^116 + x^115 + x^113 + x^110 + x^106 + x^105 + x^104 + x^103 + x^102 + x^98 + x^95 + x^92 + x^89 + x^87 + x^85 + x^81 + x^80 + x^77 + x^76 + x^75 + x^74 + x^71 + x^70 + x^67 + x^66 + x^64 + x^63 + x^60 + x^59 + x^58 + x^56 + x^54 + x^53 + x^48 + x^44 + x^41 + x^39 + x^38 + x^35 + x^34 + x^31 + x^29 + x^28 + x^27 + x^22 + x^21 + x^20 + x^17 + x^14 + x^12 + x^11 + x^10 + x^9 + x^6 + x^4 + x^3 + x^1 + x^0"
#注意：请将多项式的一次项和常数项改写成"x^1"和"x^0"
res=""

def polytobin(p):

p=p.replace(' ','')

p=p[2:].split("+x^")

p=p[::-1]

p2=''

for i in range(0,407):

if str(i) in p:

p2+='1'

else:

p2+='0'

return p2

#转化多项式
def binXOR(p,q,r):

res=''

for i in range(len(p)):

num=int(p[i])int(q[i])int(r[i])

res+=str(num)

return res

#XOR处理
def bintostr(res):

sum=0

num=1

res2=''

if len(res)%8!=0:

for i in range(8-len(res)%8):

res+='0'

for i in range(len(res)):

if i%8==0 and i!=0:

res2+=chr(sum)

sum=0

num=1

if int(res[i]) == 1:

sum += num

num*=2

res2+=chr(sum)

return res2[::-1]

#bin转化str输出
p=polytobin(pl)

q=polytobin(ql)

r=polytobin(rl)

str1=bintostr(binXOR(p,q,r))

print(str1)

5、Help Rabin

题目：

Rabin has received a text from someone special, but it's all in ciphertext and he is unable to make head or tail of it. He requested her for a little hint, and she sent him the encryption algorithm. He's still unable to decode the text. Not wanting to look dumb to her again, he needs your help in figuring out what she's written for him. So help him out. ciphertext.txt publickey.pem encrypto.py

解题过程：

首先，从标题上本题就明确提示了一种密码体制：Rabin公钥密码 ，但我们不能确定它一定是，所以我们打开encrypto.py文件看看：

from Crypto.Util.number import *
import random
def nextPrime(prim):

if isPrime(prim):

return prim

else:

return nextPrime(prim+1)
p = getPrime(512)

q = nextPrime(p+1)

while p%4 != 3 or q%4 !=3:

p = getPrime(512)

q = nextPrime(p+1)
n = p*q

m = open('secret.txt').read()

m = bytes_to_long(m)
m = m**e

c = (m*m)%n

c = long_to_bytes(c)

c = c.encode('hex')
cipherfile = open('ciphertext.txt','w')

cipherfile.write(c)

根据encrypto.py，我们能注意到这里生成了两个素数，其中p是一个随机的512位素数，q则是p的下一个素数，因此这两个素数是相连的素数。从加密code中我们并不能直接看出来加密体制，因为这里:c=m^(2*e)(mod n)，而不是：c=m^2(mod n)。再看下提供的publickey.pem。使用openssl进行查看。

kali中命令输入：

$ openssl rsa -noout -text -inform PEM -in publickey.pem -pubin

得到以下结果：

Public-Key: (1023 bit) Modulus: 61:5b:e0:98:72:7a:e6:10:de:9c:10:48:19:f3:a1: f7:cc:5b:31:44:81:0b:38:d4:f4:d5:1b:be:11:d9: ca:20:f2:87:ee:d0:23:6b:ce:d1:fe:44:3a:33:5a: 2f:33:c7:a8:ac:68:f0:9f:c5:f3:8b:fe:37:4a:92: 07:d3:07:3d:40:2c:7a:65:a3:0b:60:f7:5b:10:e4: 3a:29:67:30:aa:22:d3:25:27:f7:20:3e:c9:be:cc: 6a:7a:0d:d7:0a:5c:e3:d1:d5:f2:a8:db:98:68:e8: a4:53:4e:ef:70:5f:2c:6a:83:26:c8:8a:53:6b:82: 7c:88:bc:00:05:22:7a:c9 Exponent: 1 (0x1)

从结果中我们能明显看出：e=1。因此我们可以断定本题采用的就是Rabin加密。将Modulus中的n值进行处理，转成dec后得到的值为：

68367741643352408657735068643514841659753216083862769094847066695306696933618090026602354837201210914348646470450259642887798188510482019698636160200778870456236361521880907328722252080005877088416283896813311117096542977573101128888124000494645965045855288082328139311932783360168599377647677632122110245577

因为p、q是相连的两个素数，因此我们只需要在sqrt(n)周围做个素数筛查就能知道p、q的确切值。python脚本如下 （需要安装gmpy2、PyCryptodome。PyCrypto已经三年没更新，所以建议之后都用PyCryptodome/PyCryptodomex。)

#python2.7
import gmpy2
from Cryptodome.Util.number import *
n = 68367741643352408657735068643514841659753216083862769094847066695306696933618090026602354837201210914348646470450259642887798188510482019698636160200778870456236361521880907328722252080005877088416283896813311117096542977573101128888124000494645965045855288082328139311932783360168599377647677632122110245577

ct="4f741fe93dd7e383ff527caa9a2f27d27fd74b53b62123837b74a2b024d0fbbe052f3b330ce5208ba989fc68e2f5235ac4e9dd9e091e7cb80c02745d9b2aad10cab9431590ae63117ce539ebf747b4bc81f2a293aea52f0b1fee746158dc45d0c8d60769a8a8e671fb049b52669a010a1ca6f5de851d715bf1821d8771bbeb47"
def egcd(a, b):

if a == 0:

return (b, 0, 1)

else:

g, y, x = egcd(b % a, a)

return (g, x - (b // a) * y, y)
sq,b = gmpy2.iroot(n,2)
while n%sq != 0:

sq += 1
p = sq

q = n / sq

ct = bytes_to_long(ct.decode('hex'))
q = int(q)

p = int(p)

assert(p * q == n)
mp = pow(ct, (p+1)/4, p)

mq = pow(ct, (q+1)/4, q)

g, yp, yq = egcd(p, q)
r = (yppmq + yqqmp) % n

mr = n - r

s = (yppmq - yqqmp) % n

ms = n - s
for num in [r,mr,s,ms]:

print long_to_bytes(num)

结果内容：

Hey Rabin, would you like to be the front end to my back end? Here is your flag: pctf{R4b1n_1s_th3_cut3st}

6、Decode This

题目：

Ram has something to show you, which can be of great help. It definitely contains the piece of text "pctf" and whatever follows it is the flag. Can you figure out what it is? Note: Enclose it in pctf{} chiphertext.txt encrypt.py

解题过程：

首先看下题目提供的encrypt.py文件：

import random
file = open("secret.txt","r")

secret = file.read()
flag = ""

for i in secret:

if i.isalpha():

flag += i

l = len(flag)
key = [[int(random.random()*10000) for e in range(2)] for e in range(2)]
i = 0

ciphertext = ""
while i <= (l-2):

x = ord(flag[i]) - 97

y = ord(flag[i+1]) - 97

z = (xkey[0][0] + ykey[0][1])%26 + 97

w = (xkey[1][0] + ykey[1][1])%26 + 97

ciphertext = ciphertext + chr(z) + chr(w)

i = i+2
cipherfile = open('ciphertext.txt','w')

cipherfile.write(ciphertext)

再看下密文：

vuqxyugfyzfjgoccjkxlqvguczymjhpmjkyzoilsxlwtmccclwizqbetwthkkvilkruufwuu

根据encrypt.py以及密文，我们可以知道以下内容：

1. flag仅仅包含字母
2. 本题加密是对称加密，更进一步地观察key与x、y、z、w可知为：2*2矩阵密钥的Hill加密
3. 其中涉及到的元素有x、y、z、w，但我们根据第一条可以知道爆破复杂度最少为26^4，最多为10^16。

关于Hill密码：

对于一个矩阵P：

矩阵的(a,b,c,d)取自于集合{0,1,...,25}，对于模26，有：p(ad-bc)≡1(mod26)。 将明文分成两部分，用P当作key进行加密可以得到：

因此，解密的结果为：

本题的key为random取到的，因此我们只好采取暴力破解的方式，python脚本如下。

cipher_txt = "vuqxyugfyzfjgoccjkxlqvguczymjhpmjkyzoilsxlwtmccclwizqbetwthkkvilkruufwuu"
cipher_num = []
for i in range(72):

cipher_num.append(ord(cipher_txt[i]) - 97)
p_num = ord("p") - 97

c_num = ord("c") - 97

t_num = ord("t") - 97

f_num = ord("f") - 97
# try all key

for a in range(26):

for b in range(26):

for c in range(26):

for d in range(26):

for i in range(34):

# make sure ciphertext matches

res1 = (a * p_num + b * c_num) % 26

res2 = (c * p_num + d * c_num) % 26

res3 = (a * t_num + b * f_num) % 26

res4 = (c * t_num + d * f_num) % 26

if (

(cipher_num[i * 2] == res1)

and (cipher_num[i * 2 + 1] == res2)

and (cipher_num[i * 2 + 2] == res3)

and (cipher_num[i * 2 + 3] == res4)

):

print("\nkey is", a, b, c, d)

# decode all ciphertext

for item in range(36):

for x in range(26):

for y in range(26):

if (

(cipher_num[item * 2] == (a * x + b * y) % 26)

and (cipher_num[item * 2 + 1] == (c * x + d * y) % 26)

):

print(chr(x + 97), chr(y + 97), end=" ")

得到如下满足条件的结果：

key is 0 16 6 14 c i c v p i p v c c c p p c p p g f g s t f t s d c d p q c q p f i f v s i s v c j c w p j p w e e e r r e r r g f g s t f t s i l i y v l v y i l i y v l v y

key is 0 16 14 9 b b o b a i n i a p n p f v s v j c w c j s w s m b z b c c p c g f t f f i s i f v s v f w s w f d s d f e s e j s w s b h o h f b s b h x u x f d s d e z r z a h n h a z n z m y z y m y z y

key is 2 5 24 6 a z n z c e p e c q p q g y t y m x z x d a q a f i s i m t z t m x z x c c p c g f t f e g r g g y t y l d y d c l p l i g v g h t u t i g v g

key is 4 7 21 21 b v d i a w n m p g i l o e o w b x i v x e g q f q c g s r f d b x p g c m h f i v p c c i o w t n d s p q v w p c t f z c n q n u k m v l k m

key is 4 23 18 22 l z y z k o x o i a v a c c p c g f t f d c q c i u v u l b y b g f t f g m t m d j q j d a q a c c p c e t r t l v y v h u u u g p t p h u u u

key is 6 6 17 15 l w y j g y t l i t v g c p p c g i t v f r s e k x x k j f w s k z x m c c p p c p p c g s t f i n v a m q z d f r s e j o w b a h n u l u y h i n v a l i y v c v p i j k w x l b y o l b y o

key is 6 8 21 11 j s w f a q n d a r n e g f t s d f q s d l q y e z r m f x s k c p p c g s t f g f t s g u t h g v t i g k t x d l q y j e w r g r t e l c y p g v t i k x x k a b n o a l n y e g r t e g r t

key is 6 21 4 10 m f z f b m o m a e n e c c p c f z s z c w p w h o u o b t o t f z s z m w z w j t w t a i n i c c p c g f t f i d v d h u u u c r p r h u u u

key is 7 4 12 19 b k i d y q g r k v b t m a i g p c t f y b q g g d k i n z t q p c k v a k b o t f i l y a i g v s a p c h a b i l r y e p i b k l c i b g c i

key is 8 10 23 5 j k w x k k x x j w w j a f n s e a r n l h y u a z n m f h s u e x r k a s n f a f n s l d y q k p x c i a v n l h y u k l x y b g o t f m s z k p x c h y u l m z z m c p p c g s t f g s t f

key is 9 21 12 11 p c t f a q n r r f q h c s c y p u q t h z m k x p e s k l x c p u r f e u b k q t r v e k c y z w t r r r d p r v z c l x n b n l u g d u u g

key is 10 15 5 14 b u d k f a h q j g l w n m p c r s t i v y x o z e b r d h f x h n j d l t n j p z r p t f v v x l z b b q d g f w h m j c l s n i p y r o t e v u x k z a a m c c e s g i i y k o m e o u q k s a u q w g y w b u d k f a h q j g l w n m p c r s t i v y x o z e a x c n e d g t i j k z m p o f q v s l u b w r y h a j c z e p g f i v k l m b o r q h s x u n w d y t

key is 10 24 21 23 c p p c g s t f i l v y j u w h d z q m c w p j g j t w e e r r i n v a j h w u j u w h a g n t c z p m g y t l c w p j a j n w h o u b a l n y c z p m b a o n c t p g j o w b h z u m h z u m

key is 12 16 17 12 d c d p k h k u j f j s j l j y c h c u w i w v t d t q g e g r h d h q w l w y j l j y u h u u t f t s e b e o w i w v r e r r x a x n p c p p t f t s j c j p z l z y p e p r m c m p m c m p

key is 13 9 11 13 d h q u c p p c g s t f m g z t b e o r d f q s h h u u d o q b j d w q b e o r m k z x m g z t d v q i d v q i

key is 13 25 22 15 r s j x w c z h l p s v a u s y t e c d d x s u j l y c k r j y t e l p e m d c c d h r a o s y p c t f v x d j h r h g t d d f h d y g f i y g

key is 14 11 16 3 l a y a i v v v i o v o e o r o a v n v f g s g c c p c g f t f f c s c a v n v d c q c e o r o b k o k b k o k

key is 15 10 18 17 r a m h a s a l i t t l e s e c r e t f o r y o u r i g h t h e r e i t i s p c t f i l i k e c l i m b i n g h i l l s w h a t a b o u t y o u

key is 16 14 9 16 a l a y c f c s e m e z g g g t i a i n k h k u m b m o o i o v q c q p s j s w u d u q w k w x y e y r b d b q d k d x f e f r h l h y j f j s l m l z n g n t p a p n r h r u t b t o v i v v x c x p z j z w b f b s d m d z f g f t h a h n j h j u l b l o n i n v p c p p r j r w t d t q v k v x x e x r z l z y b h b u d b d o f i f v h c h p j j j w l d l q n k n x p e p r r l r y t f t s v m v z x g x t z a z n

key is 16 18 23 10 b a b n g j g w v m v z r f r s u k u x g c g p h m h z c a c n p h p u e f e s r f r s i l i y x b x o o h o u g c g p z k z x p c p p t f t s x b x o x j x w p d p q j h j u i h i u i h i u

key is 17 1 13 12 u t n d y g t v j b x e s m o y i d p c t f a g x b w o r g k b i d j b m s e v p c h h k y o y s r f b b z j h h h o d l f v p x j k g k r k g

key is 17 10 6 0 z j z w m i m v y e y r w h w u t f t s m b m o c m c z p c p p t f t s k a k n d j d w w i w v w h w u v h v u t k t x m f m s v j v w m f m s

key is 18 16 13 17 d w q j h f u s f y s l d q q d d x q k e u r h c p p c g s t f j q w d d d q q d q q d m c z p k v x i g u t h e u r h f q s d f k s x j i w v k v x i g p t c l g y t e b r o b f o s b f o s

key is 20 3 24 12 d n q n g u t u j u w u i i v i a d n d b e o e i y v y m d z d a d n d m u z u a v n v f o s o i i v i m t z t l h y h c c p c g f t f c c p c

key is 21 3 0 5 t e l p i e p b t f y h o i e q p c e x r z w e n f g s y r n s p c t f u m b o e x b j c q e q p u r f z v p j b j f c n z h x z t o e l u o e

key is 22 2 13 3 c z p m g y t l i t v g j e w r d j q w c s p f g h t u e y r l i r v e j r w e j e w r a u n h c p p c g s t f c s p f a r n e h w u j a p n c c p p c b u o h c v p i j k w x h l u y h l u y

key is 22 8 23 22 z i z v e f e s b l b y d l d y u b u o c l c y p d p q y d y q n k n x q l q y d l d y k k k x h d h q o c o p c l c y p c p p t f t s b b b o h d h q n l n y x g x t t b t o u g u t u g u t

key is 22 20 19 16 l d l q i i i v p c p p t f t s o h o u e k e x r m r z w g w t n e n r g f g s t f t s u g u t b a b n c b c o e k e x r j r w z l z y p l p y b a b n n h n u h h h u z m z z o j o w o j o w

key is 22 22 17 0 j a j n s c s p l h l u d e d r k i k v u m u z p h p u s a s n d d d q q e q r d e d r c b c o v g v t u d u q u m u z d i d v x m x z v e v r v g v t p c p p t f t s b d b q s d s q s d s q

key is 23 21 11 14 b a d e f i h m j q l u n y p c r g t k v o x s z w b a d e f i h m j q l u n y p c r g t k v o x s z w b v d z f d h h j l l p n t p x r b t f v j x n z r b v d z f d h h j l l p n t p x r b t f v j x n z r

key is 24 8 10 4 j c j p w c w p b b b o o b o o g f g s t f t s l k l x y k y x a d a q n d n q g a g n t a t n c c c p p c p p g f g s t f t s i l i y v l v y i l i y v l v y

key is 24 14 20 3 a y b a c c d e e g f i g k h m i o j q k s l u m w n y o a p c q e r g s i t k u m v o w q x s y u z w a t b v c x d z e b f d g f h h i j j l k n l p m r n t o v p x q z r b s d t f u h v j w l x n y p z r a v b x c z d b e d f f g h h j i l j n k p l r m t n v o x p z q b r d s f t h u j v l w n x p y r z t a x b z c b d d e f f h g j h l i n j p k r l t m v n x o z p b q d r f s h t j u l v n w p x r y t z v

key is 25 11 22 9 l k l t o u x f f f u h m e o s r a y j z z w m j b s s m j j o r a f f k o p a y j t z y i o s n o p v j h b r t z p c t f j l v r k y h u k y

key is 25 12 1 9 v x k n q m e d e l d s y w e u n r p o u d u a g f e y p c t f n r e l g g n p p o u x w s e u t j w j q h y l u x z h e z o r y f o s d f o s

当结果为：

key is 15 10 18 17 r a m h a s a l i t t l e s e c r e t f o r y o u r i g h t h e r e i t i s p c t f i l i k e c l i m b i n g h i l l s w h a t a b o u t y o u

明显观察到合理的英语语句。因此flag为：

pctf{ilikeclimbinghillswhataboutyou}

参考

1. wani-hackase
2. ViaRézo
3. reasonably_suspicious_activity