2021 NUAACTF crypto

crypto

checkin

oclz{loovyd_vb_l_bvnucd_hqpumj}
//(11x + 11) mod 26

仿射密码,网站解密即可

easyRSA

给了两个文件C₁ C₂,题目提示共模攻击

import random
N = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c478bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74ba8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e611c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739ce00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb2222a965cc30b3929L
def pad_even(x):
	return ('', '0')[len(x)%2] + x
e1 = 17
e2 = 65537
fi = open('flag.txt','rb')
fo1 = open('flag.enc1','wb')
fo2 = open('flag.enc2','wb')
data = fi.read()
fi.close()
while (len(data)<512-11):
	data  =  chr(random.randint(0,255))+data
data_num = int(data.encode('hex'),16)
encrypt1 = pow(data_num,e1,N)
encrypt2 = pow(data_num,e2,N)
fo1.write(pad_even(format(encrypt1,'x')).decode('hex'))
fo2.write(pad_even(format(encrypt2,'x')).decode('hex'))
fo1.close()
fo2.close()

代码如下:

from Crypto.Util.number import *
import gmpy2
from rsa import transform,core
def exgcd(a,b):
    if b==0:return 1,0
    x,y=exgcd(b,a%b)
    return y,x-a//b*y
def attack(e1,e2,m1,m2,n):
    a,b=exgcd(e1,e2)
    m=pow(m1,a,n)*pow(m2,b,n)%n
    if gmpy2.gcd(e1,e2)==1:
        print(long_to_bytes(m))
    else:
        print(gmpy2.gcd(e1,e2))
        print(m)
def main():
    file1 = open("flag.enc1" ,'rb').read()
    c1 = transform.bytes2int(file1)
    file2 = open("flag.enc2" ,'rb').read()
    c2 = transform.bytes2int(file2)
    N =0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c478bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74ba8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e611c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739ce00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb2222a965cc30b3929
    e1 = 17
    e2 = 65537
    attack(e1,e2,c1,c2,N)
if __name__ == '__main__':
    main()

Guessgame

from secret import flag
import random
BITS = 100
num = random.randint(0,1 << BITS)
print("[~] Guess Dawn_whisper's number! [~]")
SCORE = 0
for _ in range(50):
    print("[+] Please input a number: ",end='')
    try:
        guess = int(input())
    except:
        print("[!] ERROR!")
        continue
    if guess == num:
        SCORE += 1
    else:
        print("[-] Sorry, please try again~")
    if SCORE >= 7:
        print("[~] Congratulations!")
        print("[-] Here's your flag!")
        print("[-]",flag)
    for i in range(BITS):
        if (1<<i) & num:
            mask = guess << i
            while mask:
                num = (num ^ (mask & ((1<<BITS)-1)))
                mask >>= BITS
            break

根据最后一个for循环的作用,当我们输入1时,对于num的二进制位上不为0的部分异或上一个1,此步骤即可将num二进制中的一个1变为0

而我们需要七次猜对数字才能得到flag,故我们前43次输入写1,最后7次输入0;我们需要1的个数<=43,需要多试几次

代码如下:

from pwn import *
p=remote('ctf.asuri.club',10000)
for i in range(43):
	p.sendline('1')
for i in range(7):
	p.sendline('0')
p.interactive()

Numbers

from random import randint
from secret import flag
import time
def gen_parameter(para):
    a = randint(1,para)
    b = randint(1,para)
    if a < b:
        a, b = b, a
    return a, b
print("Let's play a fun game!")
print("Do you know 'ax-by' means what?")
print("Just try to find the answer!")
print("Are you ready?")
res = [1, 1, 1, randint(2,100), randint(2,100)]
for i in range(5):
    print(f"Level {i+1}")
    a, b = gen_parameter(1<<10)
    print(f"{a}*x-{b}*y={res[i]}")
    print("Please give me x and y in one second!")
    start = time.time()
    x = int(input())
    y = int(input())
    end = time.time()
    if a*x - b*y == res[i]:
        if end - start >= 1:
            print("Sorry, You are too slow!")
            exit(0)
        else:
            print("That's right!")
    else:
        print("Worng!")
        exit(0)
print("Congratulations to you! Here is your flag:")
print(flag)

大概就是让你写个扩展欧几里得算法然后改一改去交互就行(这里同样也是一定概率出flag一定概率报错)

代码如下:

from pwn import *
import gmpy2
p=remote('ctf.asuri.club',10001)
def gcd(x, y): 
   while(y):
       x, y = y, x % y  
   return x 
def exgcd(a,b,c):
    if b==0:return 1,0
    x,y=exgcd(b,a%b,c)
    return y,(x-a//b*y)
p.recvuntil('ready?\n')
for i in range(5):
	p.recvline()
	a=int(p.recvuntil('*')[:-1],10)
	p.recvuntil('-')
	b=int(p.recvuntil('*')[:-1],10)
	p.recvuntil('=')
	c=int(p.recvuntil('\n')[:-1],10)
	p.recv()
	x,y=exgcd(a,b,c)
	k=c//gmpy2.gcd(a,b)
	x=k*x
	y=-k*y
	print([x,y])
	p.sendline(str(x))
	p.sendline(str(y))
	p.recvuntil('right!\n')
p.interactive()

MLWE Challenge(Kyber是一个格密码算法你了解他么)

是个读论文的题目,暂时不会,以后补上

posted @ 2021-12-13 21:12 hash_hash 阅读(377) 评论(0) 收藏举报

刷新页面返回顶部

hash_hash

2021 NUAACTF crypto

crypto

checkin

easyRSA

Guessgame

Numbers

MLWE Challenge(Kyber是一个格密码算法你了解他么)

公告