RSA-256
RSA签到太简单了
python
N = 77483692467084448965814418730866278616923517800664484047176015901835675610073
e = 65537
c = 43711206624343807006656378470987868686365943634542525258065694164173101323321
p,q=1025252665848145091840062845209085931,75575216771551332467177108987001026743883
long_to_bytes(pow(c,invert(e,(p-1)*(q-1)),N))
#utflag{just_send_plaintext}
Beginner: Anti-dcode.fr
这题一开始还真虎了一下,给了caeser加密的flag并加了大量字符,只需要把26种情况列出来,然后用正则表达式找出来就行了
python
import re
import string
def caeser(m,i):
t = ''
for v in m:
if v in string.ascii_lowercase:
t += chr(ord('a')+(ord(v)-ord('a')+i)%26)
else:
t += v
return t
msg = open('c3_LoooongCaesarCipher.txt').read()
for i in range(26):
tmsg = caeser(msg,i)
it = re.finditer(r"utflag\{[a-zA-Z_]+\}",tmsg)
for v in it:
print(v.group())
#utflag{rip_dcode}
numbers go brrr
现在怎么弄个题就有远端,先是生成一个随机种子,然后生成key进行AES加密,远端提供加密和flag密文,但是由于seed太小只有10**6爆破一下即可。不过这个远端确实没大意思,手工得到密文再爆破即可。
python
#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import random
seed = random.randint(0, 10 ** 6)
def get_random_number():
global seed
seed = int(str(seed * seed).zfill(12)[3:9])
return seed
def encrypt(message):
key = b''
for i in range(8):
key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = cipher.encrypt(pad(message, AES.block_size))
return ciphertext.hex()
print("Thanks for using our encryption service! To get the encrypted flag, type 1. To encrypt a message, type 2.")
while True:
print("What would you like to do (1 - get encrypted flag, 2 - encrypt a message)?")
user_input = int(input())
if(user_input == 1):
break
print("What is your message?")
message = input()
print("Here is your encrypted message:", encrypt(message.encode()))
flag = open('/src/flag.txt', 'r').read();
print("Here is the encrypted flag:", encrypt(flag.encode()))
python
c = 'bafc0c65ea2e10ae53ae0c36cb2d7f622f8fedbc2aee2ccf18c8f63ec55026538ec4ffcd12d6d1e828ff19481e78a360'
c = bytes.fromhex(c)
from Crypto.Cipher import AES
def get_random_number():
global seed
seed = int(str(seed * seed).zfill(12)[3:9])
return seed
def encrypt(message):
key = b''
for i in range(8):
key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = cipher.decrypt(message)
return ciphertext
for seed in range(10**6):
flag = encrypt(c)
if b'utflag{' in flag:
print(flag)
#utflag{deep_seated_and_recurring_self-doubts}
numbers go brrr 2
与上题基本相似,但需要猜对3次,这个可以作到100次,这样如果爆破就会超时。所以这题先生成字典,其它直接查表回复即可。
python
#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import random
seed = random.randint(0, 10 ** 6)
def get_random_number():
global seed
seed = int(str(seed * seed).zfill(12)[3:9])
return seed
def encrypt(message):
key = b''
for i in range(8):
key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = cipher.encrypt(pad(message, AES.block_size))
return key.hex(), ciphertext.hex()
print("Thanks for using our encryption service! To get the start guessing, type 1. To encrypt a message, type 2.")
print("You will need to guess the key (you get 250 guesses for one key). You will do this 3 times!")
for i in range(3):
seed = random.randint(0, 10 ** 6)
print("Find the key " + str(i + 1) + " of 3!")
key = encrypt(b"random text to initalize key")[0]
while True:
print("What would you like to do (1 - guess the key, 2 - encrypt a message)?")
user_input = int(input())
if(user_input == 1):
break
print("What is your message?")
message = input()
key, ciphertext = encrypt(message.encode())
print("Here is your encrypted message:", ciphertext)
print("You have 250 guesses to find the key!")
found = False
for j in range(250):
print("What is your guess (in hex)?")
guess = str(input()).lower()
if guess == key:
print("You found the key!")
found = True
break
else:
print("That is not the key!")
if not found:
print("You did not find the key!")
exit(0)
flag = open('/src/flag.txt', 'r').read();
print("Here is the flag:", flag)
python
from pwn import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import random
def get_random_number():
global seed
seed = int(str(seed * seed).zfill(12)[3:9])
return seed
def encrypt(message):
key = b''
for i in range(8):
key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
cipher = AES.new(key, AES.MODE_ECB)
ciphertext = cipher.encrypt(pad(message, AES.block_size))
return key.hex(), ciphertext.hex()
# 字典 cipher:key
dic = {}
msg = b"random text to initalize key"
for seed in range(10**6):
key,cipher = encrypt(msg)
dic[cipher] = key
#attack
p = remote('betta.utctf.live', 2435)
context(arch='amd64', log_level='debug')
for _ in range(3):
p.sendlineafter(b"What would you like to do (1 - guess the key, 2 - encrypt a message)?\n", b'2')
p.sendlineafter(b"What is your message?", msg)
p.recvuntil(b"Here is your encrypted message:")
c = p.recvline().decode().strip()
key = dic[c]
p.sendlineafter(b"What would you like to do (1 - guess the key, 2 - encrypt a message)?\n", b'1')
p.sendlineafter(b"What is your guess (in hex)?\n", key.encode())
p.recvline()
p.recvline()
p.interactive()
bits and pieces
回到RSA,给了3组n,e,c第1个n可以在factor.db分解,第2和第3有公因子
python
n1=16895844090302140592659203092326754397916615877156418083775983326567262857434286784352755691231372524046947817027609871339779052340298851455825343914565349651333283551138205456284824077873043013595313773956794816682958706482754685120090750397747015038669047713101397337825418638859770626618854997324831793483659910322937454178396049671348919161991562332828398316094938835561259917841140366936226953293604869404280861112141284704018480497443189808649594222983536682286615023646284397886256209485789545675225329069539408667982428192470430204799653602931007107335558965120815430420898506688511671241705574335613090682013
e1= 65537
c1=7818321254750334008379589501292325137682074322887683915464861106561934924365660251934320703022566522347141167914364318838415147127470950035180892461318743733126352087505518644388733527228841614726465965063829798897019439281915857574681062185664885100301873341937972872093168047018772766147350521571412432577721606426701002748739547026207569446359265024200993747841661884692928926039185964274224841237045619928248330951699007619244530879692563852129885323775823816451787955743942968401187507702618237082254283484203161006940664144806744142758756632646039371103714891470816121641325719797534020540250766889785919814382
n2= 22160567763948492895090996477047180485455524932702696697570991168736807463988465318899280678030104758714228331712868417831523511943197686617200545714707332594532611440360591874484774459472586464202240208125663048882939144024375040954148333792401257005790372881106262295967972148685076689432551379850079201234407868804450612865472429316169948404048708078383285810578598637431494164050174843806035033795105585543061957794162099125273596995686952118842090801867908842775373362066408634559153339824637727686109642585264413233583449179272399592842009933883647300090091041520319428330663770540635256486617825262149407200317
e2= 65537
c2= 19690520754051173647211685164072637555800784045910293368304706863370317909953687036313142136905145035923461684882237012444470624603324950525342723531350867347220681870482876998144413576696234307889695564386378507641438147676387327512816972488162619290220067572175960616418052216207456516160477378246666363877325851823689429475469383672825775159901117234555363911938490115559955086071530659273866145507400856136591391884526718884267990093630051614232280554396776513566245029154917966361698708629039129727327128483243363394841238956869151344974086425362274696045998136718784402364220587942046822063205137520791363319144
n3= 30411521910612406343993844830038303042143033746292579505901870953143975096282414718336718528037226099433670922614061664943892535514165683437199134278311973454116349060301041910849566746140890727885805721657086881479617492719586633881232556353366139554061188176830768575643015098049227964483233358203790768451798571704097416317067159175992894745746804122229684121275771877235870287805477152050742436672871552080666302532175003523693101768152753770024596485981429603734379784791055870925138803002395176578318147445903935688821423158926063921552282638439035914577171715576836189246536239295484699682522744627111615899081
e3= 65537
c3= 17407076170882273876432597038388758264230617761068651657734759714156681119134231664293550430901872572856333330745780794113236587515588367725879684954488698153571665447141528395185542787913364717776209909588729447283115651585815847333568874548696816813748100515388820080812467785181990042664564706242879424162602753729028187519433639583471983065246575409341038859576101783940398158000236250734758549527625716150775997198493235465480875148169558815498752869321570202908633179473348243670372581519248414555681834596365572626822309814663046580083035403339576751500705695598043247593357230327746709126221695232509039271637
python
from Crypto.Util.number import *
#第1段factor.db可分解
p = 129984014749130366259742130443330376923069118727641845190136006048911945242427603092160936004682857611235008521722596025476170673607376869837675885556290582081941522328978811710862857253777650447221864279732376499043513950683086803379743964370215090077032772967632331576620201195241241611325672953583711295127
q = n1//p
m1 = pow(c1,invert(e1,(p-1)*(q-1)),n1)
long_to_bytes(m1)
#2,3有公因子
p = gcd(n2,n3)
q = n2//p
m2 = pow(c2,invert(e2,(p-1)*(q-1)),n2)
long_to_bytes(m2)
q = n3//p
m3 = pow(c3,invert(e3,(p-1)*(q-1)),n3)
long_to_bytes(m3)
#utflag{oh_no_it_didnt_work_</3_i_guess_i_can_just_use_standard_libraries_in_the_future}
Cryptordle
这题有点意思,随机生成5个字节串a-z,然后可以猜6次,如果不正确会返回对应位置差的积模31。
假设串里没有yz,然后猜zzzzz这个差的积表示为a*b*c*d*e=k1 (mod 31),然后第2次猜zzzzy那么第2次结果就是a*b*c*d*(e-1)=k2 两式可以得到a*b*c*d=k1-k2,第3次a*b*c*(d-1)*e=k3得到a*b*c*e=k1-k3这样猜5次可能得到5个算式,从而求出与猜测数的差。在原串不包含的yz的情况(概率很大)即可猜对,得到flag
python
#!/usr/bin/env python3
import random
wordlist = open('/src/wordlist.txt', 'r').read().split('\n')
for word in wordlist:
assert len(word) == 5
for letter in word:
assert letter in 'abcdefghijklmnopqrstuvwxyz'
for attempt in range(3):
answer = random.choice(wordlist)
num_guesses = 0
while True:
num_guesses += 1
print("What's your guess?")
guess = input().lower()
assert len(guess) == 5
for letter in guess:
assert letter in 'abcdefghijklmnopqrstuvwxyz'
if guess == answer:
break
response = 1
for x in range(5):
a = ord(guess[x]) - ord('a')
b = ord(answer[x]) - ord('a')
response = (response * (a-b)) % 31
print(response)
if num_guesses > 6:
print("Sorry, you took more than 6 tries. No flag for you :(")
exit()
else:
print("Good job! Onward...")
if num_guesses <= 6:
print('Nice! You got it :) Have a flag:')
flag = open('/src/flag.txt', 'r').read()
print(flag)
else:
print("Sorry, you took more than 6 tries. No flag for you :(")
python
from pwn import *
def getv(k):
for a in range(1,26):
for b in range(1,26):
for c in range(1,26):
for d in range(1,26):
for e in range(1,26):
if a*b*c*d*e%31 == k[0] and a*b*c*d%31 == (k[0]-k[1])%31 and a*b*c*e%31 == (k[0]-k[2])%31 and a*b*d*e%31 == (k[0]-k[3])%31 and a*c*d*e%31 == (k[0]-k[4])%31:
print(a,b,c,d,e)
return [a,b,c,d,e]
ss = 'zzzzz zzzzy zzzyz zzyzz zyzzz'.split()
p = remote('betta.utctf.live', 7496)
context(arch='amd64', log_level='debug')
for _ in range(3):
k = [0]*5
for i in range(5):
p.sendlineafter(b"What's your guess?\n", ss[i].encode())
k[i] = int(p.recvline())
r = getv(k)
ans = bytes([97+(25-i) for i in r])
p.sendlineafter(b"What's your guess?\n", ans)
p.recvline()
p.recvline()
p.interactive()
#utflag{sometimes_pure_guessing_is_the_strat}
simple signature
这题始终没弄明白是怎么回事,没有附件,名字应该是说rsa签名,连接远端后输入数字会返回签名,相同的值连续输入后签名会不同。一直没弄明白要干嘛,但是连上以后发现如果先输入2,下交再输入1,就会得到与2一样的签名,也就达到预测的目的。
┌──(kali㉿kali)-[~/ctf/2403/vctf]
└─$ nc betta.utctf.live 4374
Welcome to the signature generator!
This service generates signatures for nonnegative integer messages.
Today's RSA parameters are:
n = 24818102468811742954179239941243000716474501576123062067907829905430437901641852824068409901460799845657311850995901841958536939006794455987320373541121185242495836205822506607976283699695770788514568794824731256744835172302608153871422130811421910736529023113284124417589940184203700106133856728315001792637498890342036475547535012939102224134530598151180826137497341472979647552555158629718259982288814053241627971023861718937371958732493006607656878622399979648296189545707685195805665555639904117900173399017646238696499618368773448507979239551946276657409846690226182166731587504995398512320220459430521589080197
e = 65537
Enter a message (enter 0 to stop): 1
Your signature is: 1
Enter a message (enter 0 to stop): 2
Your signature is: 8474196947803533415733926946288621167800325325962982251402337505581143635067918022935805728075817903116613113367989317039654273946476810366296878926097987190319563502071276868913046806449442742795695617672295024620405377123651429702461014503593444401165698658249755611191224870254493173733264700499121082221810383967811506072327295903811645987977053176877105892657538765579204957786823451883476290334010100831492394693738564096256123529393157254612699115968503772851780019438114403267463556541879055058987253847404097624963359390684308026600528231881065712324215649550650437522056177720235585099984088332628262942823
Enter a message (enter 0 to stop): 1
Your signature is: 8474196947803533415733926946288621167800325325962982251402337505581143635067918022935805728075817903116613113367989317039654273946476810366296878926097987190319563502071276868913046806449442742795695617672295024620405377123651429702461014503593444401165698658249755611191224870254493173733264700499121082221810383967811506072327295903811645987977053176877105892657538765579204957786823451883476290334010100831492394693738564096256123529393157254612699115968503772851780019438114403267463556541879055058987253847404097624963359390684308026600528231881065712324215649550650437522056177720235585099984088332628262942823
Enter a message (enter 0 to stop): 1
Your signature is: 23784380698418881947187441817753248953602582666015250006315895732072377551023297973305493503429229749498094850262405747043349452419523326581766478628643656190125043940275563647293283965939161810348720112888366878790117973130057449035086376268023838684367146711197158277795175379096567770182635820734141271885186936126036832490162107468141705519410469739114649621367488428457007357933727880467407081263423609508940612661504660084481093544695472778156750123473407819773407277749365125795727289062143626732871723931274810578532062756986914047787260372788280114883837170889065943861850733848359302117469870387055716205702
Enter a message (enter 0 to stop): 1
Your signature is: 15717917765030286634947085177672319844843662144464689727661189549005403620576417166560380356708124131369945465052199016087065005103192371199023021257752765744435976766220452956843484873701003328346459589837438366788790964925034212015549465531269393591529106522201870325394843957220433532193965795086295816558841647124670693531326819267529677780791798648068377431919322529878963496419268634341455387582378441147529298925195039335123704075857062512131770006073683529470336499500840854010294985809979440503533088389438388739057159792361854523232857038933446006449398830845788233272100898213169401327014565088788290933102
Enter a message (enter 0 to stop): 2
Your signature is: 15895820807604611641884387992674411592007518018579007510467725931909969718394325643052615463292826914612474291095732240705442912465514890650431300497476041921631388756141297981207460794049933856015303848687045557740279795292807002248034205031530423456759122573906183605230468655303159631689938987372719142119176571761056224050225767854035466398259804698786699558549469207404575982678590628995227771764981693037671178454799012693242378522572012507695668347198867734025830059898532306013468571392129006772564190463048243160428421930056829679932114957571809250594776289218937688359196728965059537599786360763909504526901
Enter a message (enter 0 to stop): 1
Your signature is: 15895820807604611641884387992674411592007518018579007510467725931909969718394325643052615463292826914612474291095732240705442912465514890650431300497476041921631388756141297981207460794049933856015303848687045557740279795292807002248034205031530423456759122573906183605230468655303159631689938987372719142119176571761056224050225767854035466398259804698786699558549469207404575982678590628995227771764981693037671178454799012693242378522572012507695668347198867734025830059898532306013468571392129006772564190463048243160428421930056829679932114957571809250594776289218937688359196728965059537599786360763909504526901
Enter a message (enter 0 to stop): 2
Your signature is: 4968829646702234813748834917867089760618485624820241505565033454925753393927663174731892684045264388687039088510331244619265399290666695483431766681288337496105280038241406206073532364202587602052230282413927198357843182527129582634282168656699411884422258935098341022499796481781971061602383259724726609388876616745337301835614289654363068699506922148593185065158291832010623434422119461965497746317027431994099446560574616148467995707356122859069024375423396730830008084403180478529980372159760813949593128845255526274311983622015423196424096262920922832675084332112869555671905730454566892630109479113776916484640
Enter a message (enter 0 to stop): 0
Now, come up with your own pair!
Enter a message: 1
Enter a signature: 4968829646702234813748834917867089760618485624820241505565033454925753393927663174731892684045264388687039088510331244619265399290666695483431766681288337496105280038241406206073532364202587602052230282413927198357843182527129582634282168656699411884422258935098341022499796481781971061602383259724726609388876616745337301835614289654363068699506922148593185065158291832010623434422119461965497746317027431994099446560574616148467995707356122859069024375423396730830008084403180478529980372159760813949593128845255526274311983622015423196424096262920922832675084332112869555671905730454566892630109479113776916484640
Congrats! Here is the flag: utflag{a1m05t_t3xtb00k_3x3rc153}
*Forgery
这题提示是rev,crypto,C++写的吧,没看懂,跟pwn似的。