[UTCTF 2024] crypto 部分

RSA-256

RSA签到太简单了

python 复制代码
N = 77483692467084448965814418730866278616923517800664484047176015901835675610073
e = 65537
c = 43711206624343807006656378470987868686365943634542525258065694164173101323321
p,q=1025252665848145091840062845209085931,75575216771551332467177108987001026743883
long_to_bytes(pow(c,invert(e,(p-1)*(q-1)),N))

#utflag{just_send_plaintext}

Beginner: Anti-dcode.fr

这题一开始还真虎了一下,给了caeser加密的flag并加了大量字符,只需要把26种情况列出来,然后用正则表达式找出来就行了

python 复制代码
import re 
import string 

def caeser(m,i):
    t = ''
    for v in m:
        if v in string.ascii_lowercase:
            t += chr(ord('a')+(ord(v)-ord('a')+i)%26)
        else:
            t += v 
    return t 

msg = open('c3_LoooongCaesarCipher.txt').read()

for i in range(26):
    tmsg = caeser(msg,i)
    it = re.finditer(r"utflag\{[a-zA-Z_]+\}",tmsg)
    for v in it:
         print(v.group())

#utflag{rip_dcode}

numbers go brrr

现在怎么弄个题就有远端,先是生成一个随机种子,然后生成key进行AES加密,远端提供加密和flag密文,但是由于seed太小只有10**6爆破一下即可。不过这个远端确实没大意思,手工得到密文再爆破即可。

python 复制代码
#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import random

seed = random.randint(0, 10 ** 6)
def get_random_number():
    global seed 
    seed = int(str(seed * seed).zfill(12)[3:9])
    return seed

def encrypt(message):
    key = b''
    for i in range(8):
        key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
    cipher = AES.new(key, AES.MODE_ECB)
    ciphertext = cipher.encrypt(pad(message, AES.block_size))
    return ciphertext.hex()

print("Thanks for using our encryption service! To get the encrypted flag, type 1. To encrypt a message, type 2.")
while True:
    print("What would you like to do (1 - get encrypted flag, 2 - encrypt a message)?")
    user_input = int(input())
    if(user_input == 1):
        break

    print("What is your message?")
    message = input()
    print("Here is your encrypted message:", encrypt(message.encode()))


flag = open('/src/flag.txt', 'r').read();
print("Here is the encrypted flag:", encrypt(flag.encode()))
python 复制代码
c = 'bafc0c65ea2e10ae53ae0c36cb2d7f622f8fedbc2aee2ccf18c8f63ec55026538ec4ffcd12d6d1e828ff19481e78a360'
c = bytes.fromhex(c)

from Crypto.Cipher import AES


def get_random_number():
    global seed 
    seed = int(str(seed * seed).zfill(12)[3:9])
    return seed

def encrypt(message):
    key = b''
    for i in range(8):
        key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
    cipher = AES.new(key, AES.MODE_ECB)
    ciphertext = cipher.decrypt(message)
    return ciphertext

for seed in range(10**6):
    flag = encrypt(c)
    if b'utflag{' in flag:
        print(flag)
        
#utflag{deep_seated_and_recurring_self-doubts}

numbers go brrr 2

与上题基本相似,但需要猜对3次,这个可以作到100次,这样如果爆破就会超时。所以这题先生成字典,其它直接查表回复即可。

python 复制代码
#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import random

seed = random.randint(0, 10 ** 6)
def get_random_number():
    global seed 
    seed = int(str(seed * seed).zfill(12)[3:9])
    return seed

def encrypt(message):
    key = b''
    for i in range(8):
        key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
    cipher = AES.new(key, AES.MODE_ECB)
    ciphertext = cipher.encrypt(pad(message, AES.block_size))
    return key.hex(), ciphertext.hex()


print("Thanks for using our encryption service! To get the start guessing, type 1. To encrypt a message, type 2.")
print("You will need to guess the key (you get 250 guesses for one key). You will do this 3 times!")

for i in range(3):
    seed = random.randint(0, 10 ** 6)
    print("Find the key " + str(i + 1) + " of 3!")
    key = encrypt(b"random text to initalize key")[0]
    while True:
        print("What would you like to do (1 - guess the key, 2 - encrypt a message)?")
        user_input = int(input())
        if(user_input == 1):
            break

        print("What is your message?")
        message = input()
        key, ciphertext = encrypt(message.encode())
        print("Here is your encrypted message:", ciphertext)
    print("You have 250 guesses to find the key!")
    
    found = False
    for j in range(250):
        print("What is your guess (in hex)?")
        guess = str(input()).lower()
        if guess == key:
            print("You found the key!")
            found = True
            break
        else:
            print("That is not the key!")

    if not found:
        print("You did not find the key!")
        exit(0)


flag = open('/src/flag.txt', 'r').read();
print("Here is the flag:", flag)
python 复制代码
from pwn import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Random import random

def get_random_number():
    global seed 
    seed = int(str(seed * seed).zfill(12)[3:9])
    return seed

def encrypt(message):
    key = b''
    for i in range(8):
        key += (get_random_number() % (2 ** 16)).to_bytes(2, 'big')
    cipher = AES.new(key, AES.MODE_ECB)
    ciphertext = cipher.encrypt(pad(message, AES.block_size))
    return key.hex(), ciphertext.hex()

# 字典 cipher:key
dic = {}
msg = b"random text to initalize key"
for seed in range(10**6):
    key,cipher = encrypt(msg)
    dic[cipher] = key 

#attack
p = remote('betta.utctf.live', 2435)
context(arch='amd64', log_level='debug')

for _ in range(3):
    p.sendlineafter(b"What would you like to do (1 - guess the key, 2 - encrypt a message)?\n", b'2')
    p.sendlineafter(b"What is your message?", msg)
    p.recvuntil(b"Here is your encrypted message:")
    c = p.recvline().decode().strip()
    key = dic[c]
    
    p.sendlineafter(b"What would you like to do (1 - guess the key, 2 - encrypt a message)?\n", b'1')
    p.sendlineafter(b"What is your guess (in hex)?\n", key.encode())
    p.recvline()

p.recvline()
p.interactive()

bits and pieces

回到RSA,给了3组n,e,c第1个n可以在factor.db分解,第2和第3有公因子

python 复制代码
n1=16895844090302140592659203092326754397916615877156418083775983326567262857434286784352755691231372524046947817027609871339779052340298851455825343914565349651333283551138205456284824077873043013595313773956794816682958706482754685120090750397747015038669047713101397337825418638859770626618854997324831793483659910322937454178396049671348919161991562332828398316094938835561259917841140366936226953293604869404280861112141284704018480497443189808649594222983536682286615023646284397886256209485789545675225329069539408667982428192470430204799653602931007107335558965120815430420898506688511671241705574335613090682013
e1= 65537
c1=7818321254750334008379589501292325137682074322887683915464861106561934924365660251934320703022566522347141167914364318838415147127470950035180892461318743733126352087505518644388733527228841614726465965063829798897019439281915857574681062185664885100301873341937972872093168047018772766147350521571412432577721606426701002748739547026207569446359265024200993747841661884692928926039185964274224841237045619928248330951699007619244530879692563852129885323775823816451787955743942968401187507702618237082254283484203161006940664144806744142758756632646039371103714891470816121641325719797534020540250766889785919814382

n2= 22160567763948492895090996477047180485455524932702696697570991168736807463988465318899280678030104758714228331712868417831523511943197686617200545714707332594532611440360591874484774459472586464202240208125663048882939144024375040954148333792401257005790372881106262295967972148685076689432551379850079201234407868804450612865472429316169948404048708078383285810578598637431494164050174843806035033795105585543061957794162099125273596995686952118842090801867908842775373362066408634559153339824637727686109642585264413233583449179272399592842009933883647300090091041520319428330663770540635256486617825262149407200317
e2= 65537
c2= 19690520754051173647211685164072637555800784045910293368304706863370317909953687036313142136905145035923461684882237012444470624603324950525342723531350867347220681870482876998144413576696234307889695564386378507641438147676387327512816972488162619290220067572175960616418052216207456516160477378246666363877325851823689429475469383672825775159901117234555363911938490115559955086071530659273866145507400856136591391884526718884267990093630051614232280554396776513566245029154917966361698708629039129727327128483243363394841238956869151344974086425362274696045998136718784402364220587942046822063205137520791363319144

n3= 30411521910612406343993844830038303042143033746292579505901870953143975096282414718336718528037226099433670922614061664943892535514165683437199134278311973454116349060301041910849566746140890727885805721657086881479617492719586633881232556353366139554061188176830768575643015098049227964483233358203790768451798571704097416317067159175992894745746804122229684121275771877235870287805477152050742436672871552080666302532175003523693101768152753770024596485981429603734379784791055870925138803002395176578318147445903935688821423158926063921552282638439035914577171715576836189246536239295484699682522744627111615899081
e3= 65537
c3= 17407076170882273876432597038388758264230617761068651657734759714156681119134231664293550430901872572856333330745780794113236587515588367725879684954488698153571665447141528395185542787913364717776209909588729447283115651585815847333568874548696816813748100515388820080812467785181990042664564706242879424162602753729028187519433639583471983065246575409341038859576101783940398158000236250734758549527625716150775997198493235465480875148169558815498752869321570202908633179473348243670372581519248414555681834596365572626822309814663046580083035403339576751500705695598043247593357230327746709126221695232509039271637
python 复制代码
from Crypto.Util.number import *

#第1段factor.db可分解
p = 129984014749130366259742130443330376923069118727641845190136006048911945242427603092160936004682857611235008521722596025476170673607376869837675885556290582081941522328978811710862857253777650447221864279732376499043513950683086803379743964370215090077032772967632331576620201195241241611325672953583711295127
q = n1//p 
m1 = pow(c1,invert(e1,(p-1)*(q-1)),n1)
long_to_bytes(m1)


#2,3有公因子
p = gcd(n2,n3)
q = n2//p
m2 = pow(c2,invert(e2,(p-1)*(q-1)),n2)
long_to_bytes(m2)

q = n3//p 
m3 = pow(c3,invert(e3,(p-1)*(q-1)),n3)
long_to_bytes(m3)

#utflag{oh_no_it_didnt_work_</3_i_guess_i_can_just_use_standard_libraries_in_the_future}

Cryptordle

这题有点意思,随机生成5个字节串a-z,然后可以猜6次,如果不正确会返回对应位置差的积模31。

假设串里没有yz,然后猜zzzzz这个差的积表示为a*b*c*d*e=k1 (mod 31),然后第2次猜zzzzy那么第2次结果就是a*b*c*d*(e-1)=k2 两式可以得到a*b*c*d=k1-k2,第3次a*b*c*(d-1)*e=k3得到a*b*c*e=k1-k3这样猜5次可能得到5个算式,从而求出与猜测数的差。在原串不包含的yz的情况(概率很大)即可猜对,得到flag

python 复制代码
#!/usr/bin/env python3
import random

wordlist = open('/src/wordlist.txt', 'r').read().split('\n')

for word in wordlist:
    assert len(word) == 5
    for letter in word:
        assert letter in 'abcdefghijklmnopqrstuvwxyz'

for attempt in range(3):
    answer = random.choice(wordlist)
    num_guesses = 0
    while True:
        num_guesses += 1

        print("What's your guess?")
        guess = input().lower()

        assert len(guess) == 5
        for letter in guess:
            assert letter in 'abcdefghijklmnopqrstuvwxyz'

        if guess == answer:
            break

        response = 1
        for x in range(5):
            a = ord(guess[x]) - ord('a')
            b = ord(answer[x]) - ord('a')
            response = (response * (a-b)) % 31
        print(response)
    if num_guesses > 6:
        print("Sorry, you took more than 6 tries. No flag for you :(")
        exit()
    else:
        print("Good job! Onward...")

if num_guesses <= 6:
    print('Nice! You got it :) Have a flag:')
    flag = open('/src/flag.txt', 'r').read()
    print(flag)
else:
    print("Sorry, you took more than 6 tries. No flag for you :(")
python 复制代码
from pwn import *

def getv(k):
  for a in range(1,26):
    for b in range(1,26):
      for c in range(1,26):
        for d in range(1,26):
          for e in range(1,26):
            if a*b*c*d*e%31 == k[0] and a*b*c*d%31 == (k[0]-k[1])%31 and a*b*c*e%31 == (k[0]-k[2])%31 and a*b*d*e%31 == (k[0]-k[3])%31 and a*c*d*e%31 == (k[0]-k[4])%31:
              print(a,b,c,d,e)
              return [a,b,c,d,e]

ss = 'zzzzz zzzzy zzzyz zzyzz zyzzz'.split()

p = remote('betta.utctf.live', 7496)
context(arch='amd64', log_level='debug')

for _ in range(3):
    k = [0]*5
    for i in range(5):
        p.sendlineafter(b"What's your guess?\n", ss[i].encode())
        k[i] = int(p.recvline())
    
    r = getv(k)
    ans = bytes([97+(25-i) for i in r])
    p.sendlineafter(b"What's your guess?\n", ans)

p.recvline()
p.recvline()
p.interactive()
#utflag{sometimes_pure_guessing_is_the_strat}

simple signature

这题始终没弄明白是怎么回事,没有附件,名字应该是说rsa签名,连接远端后输入数字会返回签名,相同的值连续输入后签名会不同。一直没弄明白要干嘛,但是连上以后发现如果先输入2,下交再输入1,就会得到与2一样的签名,也就达到预测的目的。

┌──(kali㉿kali)-[~/ctf/2403/vctf]

└─$ nc betta.utctf.live 4374

Welcome to the signature generator!

This service generates signatures for nonnegative integer messages.

Today's RSA parameters are:

n = 24818102468811742954179239941243000716474501576123062067907829905430437901641852824068409901460799845657311850995901841958536939006794455987320373541121185242495836205822506607976283699695770788514568794824731256744835172302608153871422130811421910736529023113284124417589940184203700106133856728315001792637498890342036475547535012939102224134530598151180826137497341472979647552555158629718259982288814053241627971023861718937371958732493006607656878622399979648296189545707685195805665555639904117900173399017646238696499618368773448507979239551946276657409846690226182166731587504995398512320220459430521589080197

e = 65537

Enter a message (enter 0 to stop): 1

Your signature is: 1

Enter a message (enter 0 to stop): 2

Your signature is: 8474196947803533415733926946288621167800325325962982251402337505581143635067918022935805728075817903116613113367989317039654273946476810366296878926097987190319563502071276868913046806449442742795695617672295024620405377123651429702461014503593444401165698658249755611191224870254493173733264700499121082221810383967811506072327295903811645987977053176877105892657538765579204957786823451883476290334010100831492394693738564096256123529393157254612699115968503772851780019438114403267463556541879055058987253847404097624963359390684308026600528231881065712324215649550650437522056177720235585099984088332628262942823

Enter a message (enter 0 to stop): 1

Your signature is: 8474196947803533415733926946288621167800325325962982251402337505581143635067918022935805728075817903116613113367989317039654273946476810366296878926097987190319563502071276868913046806449442742795695617672295024620405377123651429702461014503593444401165698658249755611191224870254493173733264700499121082221810383967811506072327295903811645987977053176877105892657538765579204957786823451883476290334010100831492394693738564096256123529393157254612699115968503772851780019438114403267463556541879055058987253847404097624963359390684308026600528231881065712324215649550650437522056177720235585099984088332628262942823

Enter a message (enter 0 to stop): 1

Your signature is: 23784380698418881947187441817753248953602582666015250006315895732072377551023297973305493503429229749498094850262405747043349452419523326581766478628643656190125043940275563647293283965939161810348720112888366878790117973130057449035086376268023838684367146711197158277795175379096567770182635820734141271885186936126036832490162107468141705519410469739114649621367488428457007357933727880467407081263423609508940612661504660084481093544695472778156750123473407819773407277749365125795727289062143626732871723931274810578532062756986914047787260372788280114883837170889065943861850733848359302117469870387055716205702

Enter a message (enter 0 to stop): 1

Your signature is: 15717917765030286634947085177672319844843662144464689727661189549005403620576417166560380356708124131369945465052199016087065005103192371199023021257752765744435976766220452956843484873701003328346459589837438366788790964925034212015549465531269393591529106522201870325394843957220433532193965795086295816558841647124670693531326819267529677780791798648068377431919322529878963496419268634341455387582378441147529298925195039335123704075857062512131770006073683529470336499500840854010294985809979440503533088389438388739057159792361854523232857038933446006449398830845788233272100898213169401327014565088788290933102

Enter a message (enter 0 to stop): 2

Your signature is: 15895820807604611641884387992674411592007518018579007510467725931909969718394325643052615463292826914612474291095732240705442912465514890650431300497476041921631388756141297981207460794049933856015303848687045557740279795292807002248034205031530423456759122573906183605230468655303159631689938987372719142119176571761056224050225767854035466398259804698786699558549469207404575982678590628995227771764981693037671178454799012693242378522572012507695668347198867734025830059898532306013468571392129006772564190463048243160428421930056829679932114957571809250594776289218937688359196728965059537599786360763909504526901

Enter a message (enter 0 to stop): 1

Your signature is: 15895820807604611641884387992674411592007518018579007510467725931909969718394325643052615463292826914612474291095732240705442912465514890650431300497476041921631388756141297981207460794049933856015303848687045557740279795292807002248034205031530423456759122573906183605230468655303159631689938987372719142119176571761056224050225767854035466398259804698786699558549469207404575982678590628995227771764981693037671178454799012693242378522572012507695668347198867734025830059898532306013468571392129006772564190463048243160428421930056829679932114957571809250594776289218937688359196728965059537599786360763909504526901

Enter a message (enter 0 to stop): 2

Your signature is: 4968829646702234813748834917867089760618485624820241505565033454925753393927663174731892684045264388687039088510331244619265399290666695483431766681288337496105280038241406206073532364202587602052230282413927198357843182527129582634282168656699411884422258935098341022499796481781971061602383259724726609388876616745337301835614289654363068699506922148593185065158291832010623434422119461965497746317027431994099446560574616148467995707356122859069024375423396730830008084403180478529980372159760813949593128845255526274311983622015423196424096262920922832675084332112869555671905730454566892630109479113776916484640

Enter a message (enter 0 to stop): 0

Now, come up with your own pair!

Enter a message: 1

Enter a signature: 4968829646702234813748834917867089760618485624820241505565033454925753393927663174731892684045264388687039088510331244619265399290666695483431766681288337496105280038241406206073532364202587602052230282413927198357843182527129582634282168656699411884422258935098341022499796481781971061602383259724726609388876616745337301835614289654363068699506922148593185065158291832010623434422119461965497746317027431994099446560574616148467995707356122859069024375423396730830008084403180478529980372159760813949593128845255526274311983622015423196424096262920922832675084332112869555671905730454566892630109479113776916484640

Congrats! Here is the flag: utflag{a1m05t_t3xtb00k_3x3rc153}

*Forgery

这题提示是rev,crypto,C++写的吧,没看懂,跟pwn似的。

相关推荐
qq_3216653344 分钟前
mysql 数据库迁移到达梦数据库
数据库·mysql
Hello.Reader2 小时前
Redis大Key问题全解析
数据库·redis·bootstrap
靖顺4 小时前
【OceanBase 诊断调优】—— packet fly cost too much time 的根因分析
数据库·oceanbase
liuxin334455664 小时前
学籍管理系统:实现教育管理现代化
java·开发语言·前端·数据库·安全
007php0075 小时前
linux服务器上CentOS的yum和Ubuntu包管理工具apt区别与使用实战
linux·运维·服务器·ubuntu·centos·php·ai编程
yuanbenshidiaos6 小时前
C++--------------树
java·数据库·c++
dengjiayue7 小时前
MySQL 查询大偏移量(LIMIT)问题分析
数据库·mysql
言之。8 小时前
【MySQL】在MySQL中如何定位慢查询?
数据库·mysql
DashVector8 小时前
如何通过HTTP API插入Doc
数据库·人工智能·http·阿里云·向量检索
DashVector8 小时前
如何通过HTTP API分组检索Doc
服务器·数据库·http·数据库开发·数据库架构