2024 BuildCTF 公开赛|Crypto

1.OVO开门爽!开到南天门了兄弟

from Crypto.Util.number import *
flag = b'BuildCTF{******}'
#随机生成p,q
p = getPrime(1024)
q = getPrime(1024)
#计算模数n
n = p*q
e = 65537
m = bytes_to_long(flag)
#c=m^e%n
c = pow(m, e, n)
print('P = ',p**2)
print('Q = ',q**2)
print('n = ',n)
print('e = ',e)
print('c = ',c)

BuildCTF{We1c0Me_b@cK_To_7uNiOr_h19H!!!}

2.我这辈子就是被古典给害了

from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES
from secret import flag, key

dict1 = {'A': 0, 'B': 1, 'C': 2, 'D': 3, 'E': 4,
         'F': 5, 'G': 6, 'H': 7, 'I': 8, 'J': 9,
         'K': 10, 'L': 11, 'M': 12, 'N': 13, 'O': 14,
         'P': 15, 'Q': 16, 'R': 17, 'S': 18, 'T': 19,
         'U': 20, 'V': 21, 'W': 22, 'X': 23, 'Y': 24, 'Z': 25}

dict2 = {0: 'A', 1: 'B', 2: 'C', 3: 'D', 4: 'E',
         5: 'F', 6: 'G', 7: 'H', 8: 'I', 9: 'J',
         10: 'K', 11: 'L', 12: 'M', 13: 'N', 14: 'O',
         15: 'P', 16: 'Q', 17: 'R', 18: 'S', 19: 'T',
         20: 'U', 21: 'V', 22: 'W', 23: 'X', 24: 'Y', 25: 'Z'}

def generate_key(flag, key):
    i = 0
    while True:
        if len(key) == len(flag):
            break
        key += flag[i]
        i += 1
    return key

def cipherText(msg, key_new):
    cipher_text = ''
    i = 0
    for letter in msg:
        x = (dict1[letter] + dict1[key_new[i]]) % 26
        i += 1
        cipher_text += dict2[x]
    return cipher_text

def AES_enc(key, value):
    key = (key * 2).encode()
    cipher = AES.new(key, AES.MODE_ECB)
    value = value.encode()
    padded_text = pad(value, AES.block_size)

    ciphertext = cipher.encrypt(padded_text)
    print("AES Encrypted Text =", ciphertext)

def substitute(msg):
    msg = msg.replace('{', 'X')
    msg = msg.replace('_', 'X')
    msg = msg.replace('}', 'X')
    msg = msg.upper()
    assert msg.isupper()
    return msg

message = substitute(flag)
key_new = generate_key(message, key)
cipher = cipherText(message, key_new)
print("Encrypted Text =", cipher)
AES_enc(key, flag)

'''
Encrypted Text = HLMPWKGLYSWFACEWBYRSUKYFAXZFXDKOTZHHSLFCXNICAHPGRIFUF
AES Encrypted Text = b'\x92T{\x1f\x0f"\xbd\xbb\xfa|O\x11\x83\xa0\xec.\x15]\x9f\x9a\xe5\x85Z\x9f@yUm\xbb\xdc\x93\x08\xe5\x8b\xd5\x98\x84\xfa\x91\xe8\xde\x1b}\xcd\x9056\xa3\xbf\xdb\x85J\xcc\xec\x812T\x11\xa7Tl\x15\xf6"'
'''

dict1 = {'A': 0, 'B': 1, 'C': 2, 'D': 3, 'E': 4,
         'F': 5, 'G': 6, 'H': 7, 'I': 8, 'J': 9,
         'K': 10, 'L': 11, 'M': 12, 'N': 13, 'O': 14,
         'P': 15, 'Q': 16, 'R': 17, 'S': 18, 'T': 19,
         'U': 20, 'V': 21, 'W': 22, 'X': 23, 'Y': 24, 'Z': 25}

dict2 = {0: 'A', 1: 'B', 2: 'C', 3: 'D', 4: 'E',
         5: 'F', 6: 'G', 7: 'H', 8: 'I', 9: 'J',
         10: 'K', 11: 'L', 12: 'M', 13: 'N', 14: 'O',
         15: 'P', 16: 'Q', 17: 'R', 18: 'S', 19: 'T',
         20: 'U', 21: 'V', 22: 'W', 23: 'X', 24: 'Y', 25: 'Z'}

out = "HLMPWKGLYSWFACEWBYRSUKYFAXZFXDKOTZHHSLFCXNICAHPGRIFUF"
letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

##根据题目,flag开头是BuildCTF{转换为BUILDCTFX,至少可以爆破出9位key
##第一轮推出部分key
key = ""
flag = "BUILDCTFX"
n = len(flag)
for i in range(n):
    letter = flag[i]
    for j in letters:
        x = (dict1[letter] + dict1[j]) % 26
        if dict2[x] == out[i]:
            key = key + j
            break
print(key)
#key=GREETINGB

##根据题目,key参与AES加密,且key=key*2,通常key长度为16,推断出key长度是8,第一轮推出key为GREETINGB,那么正常的key是GREETING,从第9位B开始,是叠加flag,即BUILDCTFX。
##第二轮推出部分flag
flag = ""
while True:
    key_ = "GREETING"
    key = key_ + flag
    if len(key) > len(out):
        key = key[0:len(out)]

    m = len(key)
    for i in range(m):
        letter = key[i]
        for j in letters:
            x = (dict1[letter] + dict1[j]) % 26
            if dict2[x] == out[i]:
                flag = flag + j
                break
    print(flag)
    if len(flag) >= len(out):
        break
#flag=BUILDCTFBUILDCTFXYOUXALRBUILDCTFXYOUXALRAEJHRIFADZLLADZX
#替换为{}_

BuildCTF{YOU_ALREADY_KNOW_WHAT_A_CLASSICAL_CIPHER_IS}

3.ominous

from Crypto.Util.number import *
from secret import flag
import random
import string

Ominous_dic = ['啊', '米', '诺', '斯']
flag_word = (string.ascii_letters + string.digits + '{}@_!').encode()

assert all(char in flag_word for char in flag)

msg = bytes_to_long(flag)
random.shuffle(Ominous_dic)

def Ominous_enc(msg):
    res = 0
    for idx, word in enumerate(Ominous_dic):
        res += random.randint(0, 200) * ord(word) * (2 ** (50 * (idx + 1)))

    return res + msg

cipher = Ominous_enc(msg)
print(f'cipher = {cipher}')
# cipher = 11174132013050242293373893046306047184706656363469879247040688497021

from libnum import *
import itertools
import string
flag_word = (string.ascii_letters + string.digits + '{}@_!').encode()
cipher = 11174132013050242293373893046306047184706656363469879247040688497021
Ominous_dic = ['啊', '米', '诺', '斯']
all_list = []

for i in itertools.permutations(Ominous_dic,4):
	tmp = [i[0],i[1],i[2],i[3]]
	all_list.append(tmp)

for i in all_list:
	print(i)
	##因为j0最小,对结果影响也最小,先爆破出j1,j2,j3的范围
	for j0 in range(0,1):
		tmp0 = j0 * ord(i[0]) * (2 ** (50 * (0 + 1)))
		for j1 in range(0,201):
			tmp1 = j1 * ord(i[1]) * (2 ** (50 * (1 + 1)))
			for j2 in range(0,201):
				tmp2 = j2 * ord(i[2]) * (2 ** (50 * (2 + 1)))
				for j3 in range(0,201):
					tmp3 = j3 * ord(i[3]) * (2 ** (50 * (3 + 1)))
					res = tmp0 + tmp1 + tmp2 + tmp3

					out1 = cipher-res
					try:
						out = n2s(out1)
						if b"BuildCTF{" in out:
							print(j0,j1,j2,j3)
							pos = True
							for j in out:
								if j not in flag_word:
									pos = False
									break
							if pos == True:
								print(j0,j1,j2,j3)
								print(out1)
								print(out)
					except:
						pass
					res = 0

['诺', '斯', '米', '啊']
0 0 42 119
0 1 42 119
0 2 42 119
0 3 42 119
..................
['斯', '诺', '米', '啊']
0 0 42 119
0 1 42 119
0 2 42 119
0 3 42 119
.....................
发现规律,修正代码缩小爆破范围

from libnum import *
import itertools
import string
flag_word = (string.ascii_letters + string.digits + '{}@_!').encode()
cipher = 11174132013050242293373893046306047184706656363469879247040688497021
Ominous_dic = ['啊', '米', '诺', '斯']
all_list = [['诺', '斯', '米', '啊'],['斯', '诺', '米', '啊']]

for i in all_list:
	print(i)
	##因为j0最小,对结果影响也最小,先爆破出j1,j2,j3的范围
	for j0 in range(0,201):
		tmp0 = j0 * ord(i[0]) * (2 ** (50 * (0 + 1)))
		for j1 in range(0,201):
			tmp1 = j1 * ord(i[1]) * (2 ** (50 * (1 + 1)))
			for j2 in range(42,43):
				tmp2 = j2 * ord(i[2]) * (2 ** (50 * (2 + 1)))
				for j3 in range(119,120):
					tmp3 = j3 * ord(i[3]) * (2 ** (50 * (3 + 1)))
					res = tmp0 + tmp1 + tmp2 + tmp3

					out1 = cipher-res			
					try:
						out = n2s(out1)
						if b"BuildCTF{" in out:					
							pos = True
							for j in out:
								if j not in flag_word:
									pos = False
									break
							if pos == True:
								print(j0,j1,j2,j3)
								print(out1)
								print(out)
					except:
						pass
					res = 0

['诺', '斯', '米', '啊']
51 34 42 119
6998911667306495936139354047122483151410244697241827169626933502333
b'BuildCTF{Wh@wsuu_0mwkous!!!}'
51 79 42 119
6998911667306495936139354047120998231835390350462060938975672082813
b'BuildCTF{Wh@vUyE_0mwkous!!!}'
51 82 42 119
6998911667306495936139354047120899237197066727343409856932254654845
b'BuildCTF{Wh@vBhu_0mwkous!!!}'
51 113 42 119
6998911667306495936139354047119876292601055955117348675816941232509
b'BuildCTF{Wh@u}ee_0mwkous!!!}'
51 158 42 119
6998911667306495936139354047118391373026201608337582445165679812989
b'BuildCTF{Wh@t_i5_0mwkous!!!}'
51 161 42 119
6998911667306495936139354047118292378387877985218931363122262385021
b'BuildCTF{Wh@tLXe_0mwkous!!!}'
72 34 42 119
6998911667306495936139354047122483151410244696394571727129163145597
b'BuildCTF{Wh@wsuu_0mI}gus!!!}'
72 79 42 119
6998911667306495936139354047120998231835390349614805496477901726077
b'BuildCTF{Wh@vUyE_0mI}gus!!!}'
72 82 42 119
6998911667306495936139354047120899237197066726496154414434484298109
b'BuildCTF{Wh@vBhu_0mI}gus!!!}'
72 113 42 119
6998911667306495936139354047119876292601055954270093233319170875773
b'BuildCTF{Wh@u}ee_0mI}gus!!!}'
72 158 42 119
6998911667306495936139354047118391373026201607490327002667909456253
b'BuildCTF{Wh@t_i5_0mI}gus!!!}'
72 161 42 119
6998911667306495936139354047118292378387877984371675920624492028285
b'BuildCTF{Wh@tLXe_0mI}gus!!!}'
83 34 42 119
6998911667306495936139354047122483151410244695950771257249378673021
b'BuildCTF{Wh@wsuu_0m1nous!!!}'
83 79 42 119
6998911667306495936139354047120998231835390349171005026598117253501
b'BuildCTF{Wh@vUyE_0m1nous!!!}'
83 82 42 119
6998911667306495936139354047120899237197066726052353944554699825533
b'BuildCTF{Wh@vBhu_0m1nous!!!}'
83 113 42 119
6998911667306495936139354047119876292601055953826292763439386403197
b'BuildCTF{Wh@u}ee_0m1nous!!!}'
83 158 42 119
6998911667306495936139354047118391373026201607046526532788124983677
b'BuildCTF{Wh@t_i5_0m1nous!!!}'
83 161 42 119
6998911667306495936139354047118292378387877983927875450744707555709
b'BuildCTF{Wh@tLXe_0m1nous!!!}'
179 34 42 119
6998911667306495936139354047122483151410244692077603520116714185085
b'BuildCTF{Wh@wsuu_0l_wous!!!}'
179 79 42 119
6998911667306495936139354047120998231835390345297837289465452765565
b'BuildCTF{Wh@vUyE_0l_wous!!!}'
179 82 42 119
6998911667306495936139354047120899237197066722179186207422035337597
b'BuildCTF{Wh@vBhu_0l_wous!!!}'
179 113 42 119
6998911667306495936139354047119876292601055949953125026306721915261
b'BuildCTF{Wh@u}ee_0l_wous!!!}'
179 158 42 119
6998911667306495936139354047118391373026201603173358795655460495741
b'BuildCTF{Wh@t_i5_0l_wous!!!}'
179 161 42 119
6998911667306495936139354047118292378387877980054707713612043067773
b'BuildCTF{Wh@tLXe_0l_wous!!!}'
190 34 42 119
6998911667306495936139354047122483151410244691633803050236929712509
b'BuildCTF{Wh@wsuu_0lGhwus!!!}'
190 79 42 119
6998911667306495936139354047120998231835390344854036819585668292989
b'BuildCTF{Wh@vUyE_0lGhwus!!!}'
190 82 42 119
6998911667306495936139354047120899237197066721735385737542250865021
b'BuildCTF{Wh@vBhu_0lGhwus!!!}'
190 113 42 119
6998911667306495936139354047119876292601055949509324556426937442685
b'BuildCTF{Wh@u}ee_0lGhwus!!!}'
190 158 42 119
6998911667306495936139354047118391373026201602729558325775676023165
b'BuildCTF{Wh@t_i5_0lGhwus!!!}'
190 161 42 119
6998911667306495936139354047118292378387877979610907243732258595197
b'BuildCTF{Wh@tLXe_0lGhwus!!!}'
['斯', '诺', '米', '啊']
74 3 42 119
6998911667306495936139354047123468815669753357358225859397902475645
b'BuildCTF{Wh@x1Ju_0mqdOus!!!}'
74 27 42 119
6998911667306495936139354047122378615871147476421268270694027829629
b'BuildCTF{Wh@w_Su_0mqdOus!!!}'
74 59 42 119
6998911667306495936139354047120925016139672968505324819088861634941
b'BuildCTF{Wh@vG_u_0mqdOus!!!}'
74 83 42 119
6998911667306495936139354047119834816341067087568367230384986988925
b'BuildCTF{Wh@uuhu_0mqdOus!!!}'
115 3 42 119
6998911667306495936139354047123468815669753356156585539922068316541
b'BuildCTF{Wh@x1Ju_0m0@3us!!!}'
115 27 42 119
6998911667306495936139354047122378615871147475219627951218193670525
b'BuildCTF{Wh@w_Su_0m0@3us!!!}'
115 59 42 119
6998911667306495936139354047120925016139672967303684499613027475837
b'BuildCTF{Wh@vG_u_0m0@3us!!!}'
115 83 42 119
6998911667306495936139354047119834816341067086366726910909152829821
b'BuildCTF{Wh@uuhu_0m0@3us!!!}'

优先找出有意义有规律的字符,逐一提交尝试

BuildCTF{Wh@t_i5_0m1nous!!!}

4.gift

from Crypto.Util.number import *
from secret import flag

def get_gift(p, q):
    noise = getPrime(40)
    p, q = p + 2 * noise + 1, q - pow(noise, 2)
    gift = 2024 * (p + q)
    return gift

p = getPrime(512)
q = getPrime(512)
n = p * q
e = 0x10001
m = bytes_to_long(flag)

c = pow(m, e, n)
gift = get_gift(p, q)

print(f'c = {c}')
print(f'n = {n}')
print(f'gift = {gift}')
'''
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
'''

gift = 2024 * (p + q)
可以变换为
gift = 2024*(p1+p2-(noise-1)**2)
gift//2024 = p1+p2-(noise-1)**2
发现gift//2024的bit长度是513,p+q的bit长度是512-513,noise的bit长度是40,差距太大,可以构造右偏>>,抵消掉(noise-1)**2,仅泄露p+q的高位

#sage
from Crypto.Util.number import *
c = 101383046356447336426623798470530695448361708798731382238747567108067236241251384089401506320741815081024352908156466877907424203888923965647318146770258139921360377246187637085549628797640957048672797430217647039035455011311505942632107576730906489223641894279483592789523228409885925263914621255862261546919
n = 131097719698687108485813302886652389604731026998272796315024695395496199386497660846418712521921387496051077394308820230360184411431376692252923609505060476542577219656866593501271690536991944882324175509626138475159461332403161471880082192150081456601522403673111515117219716055561941951891570977025178643791
gift = 46635322848619790584491725916282901439691751328335921415278638528896063068132242718070261114525516272650970256270551306096774004921902972838212903368063625872
gift = (gift//2024) >> 233
print(gift)
e = 65537
BITS = 233

PR.<x> = PolynomialRing(RealField(1000))
f = x * ((gift << BITS) - x) - n
p2high = int(f.roots()[0][0])

PR.<x> = PolynomialRing(Zmod(n))
f = p2high + x
res = f.small_roots(X=2^(BITS+10), beta=0.4, epsilon=0.01)[0]
p2 = int(p2high + res)
#print(p2)
q2 = n // p2
#print(q2)
d2 = inverse_mod(e, (p2-1)*(q2-1))
leak2 = pow(c, d2, n)
#print(leak2)
print(long_to_bytes(int(leak2)))

BuildCTF{M@y_b3_S0m3th1ng_go_wr0ng}

5.mitm

from Crypto.Util.number import *
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
from random import *
from secret import flag

note = b'Crypt_AES*42$@'
r = 4
keys = []

for i in range(r):
    key = bytes(choices(note, k=3))
    print(key)
    print(sha256(key).digest())
    keys.append(sha256(key).digest())
print(keys)

leak = b'Hello_BuildCTF!!'
cipher = leak
for i in range(r):
    cipher = AES.new(keys[i], AES.MODE_ECB).encrypt(cipher)

enc_key = sha256(b"".join(keys)).digest()
enc_flag = AES.new(enc_key, AES.MODE_ECB).encrypt(pad(flag, AES.block_size))

print(f'cipher = {cipher}')
print(f'enc_flag = {enc_flag}')
# cipher = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'
# enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'

##第一轮,爆破出中间值,第二轮调整脚本,爆破出四个最初随机值
from Crypto.Util.number import *
from Crypto.Util.Padding import *
from hashlib import sha256
from Crypto.Cipher import AES
import itertools

note = b'Crypt_AES*42$@'
note_l = []
#for i in itertools.product(note,repeat=3):
for i in itertools.product(note,repeat=3):
    tmp = (chr(i[0]) + chr(i[1]) + chr(i[2])).encode()
    note_l.append(tmp)
print(len(note_l))

res1 = []
res2 = []
#xxx= []
#res = b'\xd0\xe8]\x1dIQ\x93S\x7f\xe1\xda\x90\xe5\x19\xe6\xb8'
n = 0
for i in itertools.permutations(note_l,2):
    cipher = b'Hello_BuildCTF!!'
    out = b'\xb9q\x04\xa3<\xf0\x11-\xe9\xfbo:\x9aQn\x81'

    for j in i:
        res2.append(j)
        key = sha256(j).digest()
        cipher = AES.new(key, AES.MODE_ECB).encrypt(cipher)
        out = AES.new(key, AES.MODE_ECB).decrypt(out)

    #if res == cipher:
    #    xxx.append(f"前:{str(i)},{str(n)}")
    #if res == out:
    #    xxx.append(f"后:{str(i)},{str(n)}")

    n = n + 1
    print(n)
    res1.append(cipher)
    res2.append(out)
res_ = set(res1) & set(res2)
print(res_)
#print(xxx)
#中间值为b'\xd0\xe8]\x1dIQ\x93S\x7f\xe1\xda\x90\xe5\x19\xe6\xb8'
#四个随机值["前:(b'ppS', b'4p4'),1752045", "后:(b'SS2', b'Cyr'),4638442"]

enc_flag = b'q\xcf\x08$%\xb0\x86\xee\x1a(b\x7f\xf8\x86\xbd\xd0\xa7\xee\xd9\x9d2\x82a7H=a\x13\x87e\xad\xd2b\x8e\x07\xa5\xddo\xc0\xf3N\xd4b\xc9o\x88$\xc7\xf4p\xc1\x1e,\xed\xcc\x94\x8c\xf4\x00\xa5\xe0-\xf7\xc5'
#调整随机值的顺序
keys = [b'ppS', b'4p4', b'Cyr',b'SS2']
x = []
for j in keys:
    x.append(sha256(j).digest())

enc_key = sha256(b"".join(x)).digest()
flag = AES.new(enc_key, AES.MODE_ECB).decrypt(enc_flag)
print(flag)
#b'BuildCTF{M1tm_i5_@_simple_w@y_t0_s0lve_pr0bl3m!}\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10\x10'

BuildCTF{M1tm_i5_@_simple_w@y_t0_s0lve_pr0bl3m!}

6.where is my n?

from Crypto.Util.number import*
from gmpy2 import*

flag = "..."
e=65537
p=getPrime(512)
q=gmpy2.next_prime(p)
n=p*q
phi=(p-1)*(q-1)
d=inverse(e,phi)
c=pow(flag,e,n)
print("c=",c)
print("e=",e)
print("d=",d)
# c= 107973408658512316248795675829719026556281556876279221462095299771897472835817102507431099132436173117611783572607408542140665445616624626408781699266046553444252772105867617770124779786841928535661872891635303381758336724610931502145965143374870804147444436791292512235485326451051756451904673491759905663466
# e= 65537
# d= 62036379179617188220635702722848631787124203142048526951004487465970915306760341332025319712290841316288636152355908585406155087541334717529113872233640624205650204907669681116401961584897042519881342485819364897891612540596760113597723865477121348794797592568686540283535491492936074500143092361821406613969

import sympy
import gmpy2
import binascii
import libnum
c= 107973408658512316248795675829719026556281556876279221462095299771897472835817102507431099132436173117611783572607408542140665445616624626408781699266046553444252772105867617770124779786841928535661872891635303381758336724610931502145965143374870804147444436791292512235485326451051756451904673491759905663466
e= 65537
d= 62036379179617188220635702722848631787124203142048526951004487465970915306760341332025319712290841316288636152355908585406155087541334717529113872233640624205650204907669681116401961584897042519881342485819364897891612540596760113597723865477121348794797592568686540283535491492936074500143092361821406613969
ed_1 = e * d -1
p=0
q=0
for k in range((2**24),1,-1):
    if ed_1 % k == 0:
        phin = (ed_1 // k)
        #print(phin)
        phin_2 = gmpy2.iroot(phin,2)
        #print(phin_2[0])
        p = sympy.prevprime(phin_2[0])
        q = sympy.nextprime(p)
        if (p-1)*(q-1)*k == ed_1:
            break
print(p)
print(q)
n=p*q
print(n)
m=gmpy2.powmod(c,d,n)
print(m)
print(libnum.n2s(int(m)))

BuildCTF{Y0u_F1nd_7he_n_success7u1_!}

7.ezzzzz_RSA

import libnum
from Crypto.Util.number import *

flag = b'BuildCTF{*******}'

m = libnum.s2n(flag)

e = 65537
q = getPrime(1024)
q1 = getPrime(1024)
p = getPrime(1024)
p1 = getPrime(1024)

n = p * q
n1 = q * p1
n2 = p * q1
c = pow(m, e, n)
h0 = pow(2023 * p + 2024, q1, n2)
h1 = pow(2024 * p1 + 2023 * q, 113, n1)
h2 = pow(2023 * p1 + 2024 * q, 629, n1)

print(f'n1 = {n1}')
print(f'n2 = {n2}')
print(f'c = {c}')
print(f"h0 = {h0}")
print(f"h1 = {h1}")
print(f"h2 = {h2}")

"""
n1 = 19957426023169626195602761840035904096149402534966487535713447987366768645542881124782551268978342063458430846877824210659778126281705984711061190351636497944943321988950188171159903717348936556346198638311950016136865425015037098270040031872702873264144372191898253134939805153141701819590164140250130420280491966786900651186941317959556066730959744279963976065565436153399679475410040773637142677936926894677919242351610457296203864806991539480593546084449323017670431590012312526757477514457145686070196978477495658962519391041011847512041022828710693830661412217389320600888361578917153088073678587422269955710471
n2 = 11933661747067216317642315621042074566046499785197709817779978157416906347669444374234313329064859622960743743511735672614999566264025648698589886185056758071718319964262619819143757922916624196354313322456534266520150543008117888101349920396737532937616502689667208207329048979872222563877933742673021891249520999021187404065706388700711208445628041386956459398271230236018476964839399245143666534359113777846535151773174701732284280083586580489995666306373839417946648196140879978268472361473557375951972193618245984950374326806423407152520541682571610372434453778172497925696535270204943842467472100237854318244291
c = 20080676122944896238797522372441559951736929534371084097400233944319893926800196694449564534150770085554349952433141815637324753386484549616573636001763815852095984830828952020047938406909274311785306299061021662484544371813739713520361343350959698642021322243662988875917088108399877176033404097457939417134483333264562602633853694382014472747500159100723626314928476484037666519857604568300967071868151508142784271042600815406853978696857309760951105852288354603503207383899902135741426285551161292195639862478256231538619968275273876467583013024899054710124331145912185471501398910765579441956531091561893256832468
h0 = 2996726009726260695732821166504040344731102637047682432884058857493935625094258046641569918904978173116793673563730117949606727933902262668880339210084101176866383602543966179840353633735507442926707342258391362245904850297416642271123328980812931025677857373199540129280097315832907023777052101133649877194495480543646472133854655383755313968952550827443970931104462445312146328606862802196901953935238972759852435882720786570965542286278549107402918041194008845717507735786897968734831064393337773557817839343449001368565856921138408039931608804233595980497557733714560035682416265029819340316734845279080134432704
h1 = 19843160604742228074331688651361052208481287636527838615063387670722213224954610448720065937378201545177278841575633697012434074186046556843292068835752113384756149944114298949115412819730843598288637259467085268861201775723817790428386595559040938133481222229290199923979132846871398172318539492741755408720073350962388138453341677009547616238262211176727424067946020683742262782319735286357465817786446238528187722959357444676512705451504136333336415880020502524009647940182721264953084120705872870651891290569527156804993340563927419561415555818468261824287933683736509372616293569615247228388443284457740072850735
h2 = 15147052684674827267989051566164167603473413362261253296001082161136918959833294463185335416662127368473980239667918561600741667513285708843081475074688239507330230558331408877583246661862040918410036936505307437329914363201630212163952357444441705663871720438955166472073576526814546767805314463827075388036712200327696168965762177567346966479399896578190111819130000991594490932388132188241726654756368698998232826340969288082645860324404980143489489946490266439447342461483490582149239131554246756547000945718737195930407251232848166108751122870333559461452459416252942341423373918245090162970624108991537972775066
"""

from gmpy2 import *
e = 65537
n1 = 19957426023169626195602761840035904096149402534966487535713447987366768645542881124782551268978342063458430846877824210659778126281705984711061190351636497944943321988950188171159903717348936556346198638311950016136865425015037098270040031872702873264144372191898253134939805153141701819590164140250130420280491966786900651186941317959556066730959744279963976065565436153399679475410040773637142677936926894677919242351610457296203864806991539480593546084449323017670431590012312526757477514457145686070196978477495658962519391041011847512041022828710693830661412217389320600888361578917153088073678587422269955710471
n2 = 11933661747067216317642315621042074566046499785197709817779978157416906347669444374234313329064859622960743743511735672614999566264025648698589886185056758071718319964262619819143757922916624196354313322456534266520150543008117888101349920396737532937616502689667208207329048979872222563877933742673021891249520999021187404065706388700711208445628041386956459398271230236018476964839399245143666534359113777846535151773174701732284280083586580489995666306373839417946648196140879978268472361473557375951972193618245984950374326806423407152520541682571610372434453778172497925696535270204943842467472100237854318244291
c = 20080676122944896238797522372441559951736929534371084097400233944319893926800196694449564534150770085554349952433141815637324753386484549616573636001763815852095984830828952020047938406909274311785306299061021662484544371813739713520361343350959698642021322243662988875917088108399877176033404097457939417134483333264562602633853694382014472747500159100723626314928476484037666519857604568300967071868151508142784271042600815406853978696857309760951105852288354603503207383899902135741426285551161292195639862478256231538619968275273876467583013024899054710124331145912185471501398910765579441956531091561893256832468
h0 = 2996726009726260695732821166504040344731102637047682432884058857493935625094258046641569918904978173116793673563730117949606727933902262668880339210084101176866383602543966179840353633735507442926707342258391362245904850297416642271123328980812931025677857373199540129280097315832907023777052101133649877194495480543646472133854655383755313968952550827443970931104462445312146328606862802196901953935238972759852435882720786570965542286278549107402918041194008845717507735786897968734831064393337773557817839343449001368565856921138408039931608804233595980497557733714560035682416265029819340316734845279080134432704
h1 = 19843160604742228074331688651361052208481287636527838615063387670722213224954610448720065937378201545177278841575633697012434074186046556843292068835752113384756149944114298949115412819730843598288637259467085268861201775723817790428386595559040938133481222229290199923979132846871398172318539492741755408720073350962388138453341677009547616238262211176727424067946020683742262782319735286357465817786446238528187722959357444676512705451504136333336415880020502524009647940182721264953084120705872870651891290569527156804993340563927419561415555818468261824287933683736509372616293569615247228388443284457740072850735
h2 = 15147052684674827267989051566164167603473413362261253296001082161136918959833294463185335416662127368473980239667918561600741667513285708843081475074688239507330230558331408877583246661862040918410036936505307437329914363201630212163952357444441705663871720438955166472073576526814546767805314463827075388036712200327696168965762177567346966479399896578190111819130000991594490932388132188241726654756368698998232826340969288082645860324404980143489489946490266439447342461483490582149239131554246756547000945718737195930407251232848166108751122870333559461452459416252942341423373918245090162970624108991537972775066
h1x = pow(h1 * pow(2023,113,n1),629,n1)
h2x = pow(h2 * pow(2024,629,n1),113,n1)
q = gcd(h2x-h1x,n1)
print("q",q)
#h0 = pow(2023 * p + 2024, q1, n2)
kp = h0-pow(2024,n2,n2)
p = gcd(n2,kp)
print("p",p)

f = (p-1)*(q-1)
d = invert(e,f)
m = pow(c,d,p*q)
print(bytes.fromhex(hex(m)[2:]))

BuildCTF{29g5blh5-7829-5k38-a836-9bk54h291h6}

8.Ju5t_d3c0de_1t!

e = 'VTJGc2RHVmtYMThUWGplSkN2YzJwazJ2KzJieQ=='
c = 10110011010010110101101101011110100001010100101110111011101101111101101001000010111010010011101111001111111000000001111000000010101
p = 1100010000110101100011011010101011111101001101010011001010110111100011110110101111000101100001011011001100110010010111111100110000001111010111111101111001100111100011100110110011101011111011100111010011000100011001101101111011010110000011011100101010010101110001011011010111001010101101100101011111101000110010111000011010111001101001
q = 11000010010010011110101110100011011100101101100100011011100010111000011110111000000011111100010100100000101101010101000101101101101011011100001101111010001010010011001010110010110101001100100011010110100011110011101110101110111110100000011110101010011011111010111100011000011111001000010101100100011110010000010001110010101100100111001
key = 592924741013363689040199750462798275514934297277010275281372369969899775117892551575873706970423924419480394766364097497072075403342004187895966953143489192628648965081601335846012859223829286606349019
# use m minus key to get the final flag!

先把数值统一转换成10进制
c = 1906584693582914593452011253925635223573
p = 26822418715463991126474380526303016593205006542806731721157536330312275372018305158474258610131152489
q = 53119776651079682777961960430388001309363199658704012861472783500082899623940177739319812176312097081
盲猜e=65537
标准RSA解密得到
m = 592924741013363689040199750462798275514934297277010275281372369969899775117892551575873706970423924419480394766364097497072075403342004187895966953170941195555713574085320418093758492523024516823025404 
根据提示m - key后转字符串

BuildCTF{I_l1k3_crypt0_5o_h4rd!}

9.girls_band_cry_pto

from Crypto.Util.number import *
import gmpy2

def getprime(kbit,FLAG):
    a = getPrime(kbit)
    b = getPrime(kbit)
    N = getPrime(kbit+5)
    seed = getPrime(kbit)
    t = seed
    list_t = []
    for i in range(10):
        t = (a*t+b)%N
        list_t.append(t)
    if FLAG:
        print(list_t)
    return seed

p = getprime(512,1)
q = getprime(512,0)
flag = b'...'
flag = bytes_to_long(flag)
n = p*q
e = 1384626

assert flag.bit_length() < n.bit_length()//2

c = pow(flag,e,n)
print('c=',c)

''''''
[37382128984932009103055100236038298684187701771245912912208816283882352432386956435965036367810667394024993955812239704879381327228911265588017046627348503, 78860822396220922181257740301787328387654351181949135165584053897837116358564567613593406267620270397593757280733139576593428399156673217202739776358215953, 71961258377748802736482119449608198361898650603044501972923193831637292104436919483148544126546157761435847502622416800596454167412705966674707485447149592, 87271087644907910379168026089161507515679859469787715709089631773745967695993043069981508275969979669395420678260957179827954920361899134388830957711827969, 72060448202158281754256475874109091993193239479491265267010728401711694585210195554635415348891139571830347004379216450772696235700910532153698412887476412, 198822737610698203376629161658629276556973499054887457432530950247888991546498594767954251786997515337433684733300663470799887569646159225800449429896258899, 186920895499932700150962847893153648403293237986492275627558112493385728113172211076262656795948951216023567806119078906412693819469136004563793414149643278, 56472634592713718635518027850351194341092172882542912776939953869983486542308422043454035086533070566859787384014556343587278097326244663175874047755695694, 42665120723108982921319232615099077060109901818313520605789700720605479528247045699344736360219784997528870841912999130951916510491705708498185762196467897, 205629005887807114384057131575309344114082007367662384600399313743755704623421415135564859072125246431180953419843187244789534372794288258609006920825136808]
c= 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
'''

先用LCG求seed,即p

p=11406146503880823399297963629845559494461007497449751823413253129053497454943898251983630826960583790125622063400069720120655389759003474122064810099132057

import sympy
from libnum import *
p = 11406146503880823399297963629845559494461007497449751823413253129053497454943898251983630826960583790125622063400069720120655389759003474122064810099132057
c= 51846448616255629242918159354807752786692784645460532308823434086479848425723111371477823327980874708898952566998637230358105087254392989515438172155717708590176244736140994735777168368143405720703501031813936741444894000217727880068767785957507824708838189619286341612305393812568642372035793481458142583420
e = 1384626

m = sympy.nthroot_mod(c,e,p,all_roots=True)
print(m)
print("")

for i in m:
    flag_int = int(i)
    print(flag_int)
    print(n2s(flag_int))
    print("")

BuildCTF{crypt0_15_s0_e@5y!}

10.QAQ补药把这道古典BuildCTF题爆了

lzs macfo ilpyj uylpiva ng ncfl vwtfavazig hywi{15 1g pth@?cq owex wpq ogr sjb e'o gwnxept wdbqv.qhylzpjp{60_r@a_^^kcdhv!!!}}

题目的提示
Siu!!!
看懂描述了吗罗

需要用到密码的古典加密,大概率是维吉尼亚

出现部分明文,估计要继续解密,密钥kfc

继续解密,密钥cronaldo

按照3轮维吉尼亚解密,共出现12种可能
BuildCTF{60_n@w_^^anqaq!!!}
BuildCTF{43_b@a_^^opnxr!!!}
BuildCTF{60_p@k_^^anqaq!!!}
BuildCTF{65_v@r_^^xvlxy!!!}
BuildCTF{48_j@v_^^lxiuz!!!}
BuildCTF{65_x@f_^^xvlxy!!!}
BuildCTF{82_l@m_^^mlgmo!!!}
BuildCTF{65_z@q_^^andjp!!!}
BuildCTF{82_n@a_^^mlgmo!!!}
BuildCTF{87_t@h_^^jtbjw!!!}
BuildCTF{60_h@l_^^xvygx!!!}
BuildCTF{87_v@v_^^jtbjw!!!}

BuildCTF{60_n@w_^^anqaq!!!}

11.ez_matrix

#SageMath 9.5
from Crypto.Util.number import *
from gmpy2 import powmod
from secret import msg

def pad(x, pad_length):
    return x + b'\x00' * (pad_length - len(x))

def rsa_gen(bits):
    p = getPrime(bits)
    q = getPrime(bits)
    return p, q

bits = 1024
pad_length = 200
matrix_size = 32
e = 65537

p, q = rsa_gen(bits)
n = p * q
m = bytes_to_long(pad(msg, pad_length))
c = powmod(m, e, n)

p_binary = bin(p).replace('0b', '').zfill(bits)
q_binary = bin(q).replace('0b', '').zfill(bits)

P = matrix(GF(2), [list(map(int, p_binary[i:i+matrix_size])) for i in range(0, len(p_binary), matrix_size)])
Q = matrix(GF(2), [list(map(int, q_binary[i:i+matrix_size])) for i in range(0, len(q_binary), matrix_size)])
gift = P.solve_right(Q)

with open('output', 'w') as file:
    file.write(f'c = {c}\n')
    file.write(f'p ^ q = {p ^^ q}\n')
    file.write('gift:\n')
    for row in gift:
        file.write(' '.join(map(str, row)) + '\n')

'''
c = 5750862006780374919287214285692236210204656897730327429454502213453716609006462693326927544526483929921956237739564314742381291228170724611684726314766300684189083862768843433748971907962075938141567163713163231477418107343867114651242407427262164467193346523730926798966915657982552864539513197192523866321569716738540583056085357621328692775578162692288348251605475475005408200801081747601745630186390866011595954211521326069111983199120520535552104591110478015154646709731714695120857959832894595677697407284511806934799265823961155753765208975629786832407640872204810033141414096894416317703257346937008503926274
p ^ q = 89144063720545532404936347749976033995959352088369581593483294017916269127126015515514164556238892315116219488234599276283755643115494368387307879815221830970632672104176330851649236203019768799744400071934922875736029236458980333704716550922984411453411523931115952319603510996580835848026227775168231757398
gift:
0 0 1 0 1 1 1 0 0 1 0 0 0 0 1 1 0 0 1 0 0 1 0 0 0 1 0 0 1 1 0 0
1 0 1 0 0 0 0 1 0 1 1 1 1 1 0 1 0 1 1 1 0 1 0 0 0 1 1 0 0 0 0 1
0 1 0 1 1 1 1 1 0 1 1 0 1 0 0 1 0 0 0 1 1 0 1 1 0 1 1 1 1 0 0 0
0 1 1 1 0 1 0 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 1 1 1 0 1 0 1 1 0 1
0 1 0 1 1 1 1 0 1 0 0 1 0 0 1 1 0 0 1 1 1 0 1 0 0 1 0 0 1 0 1 1
1 1 1 0 0 1 0 0 0 1 0 1 0 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 0 1 1
1 0 1 0 1 1 1 0 1 1 1 0 1 1 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 1 0 0
1 0 1 0 1 0 1 0 1 1 0 1 1 1 0 0 1 0 1 0 0 1 0 0 0 1 1 1 1 0 1 0
0 0 1 0 1 1 1 0 1 1 1 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 1 0 1 0 1 1
1 0 0 0 0 0 0 1 1 1 1 1 1 0 1 1 0 0 0 0 0 0 0 1 0 1 1 0 1 1 1 1
1 0 0 0 1 1 0 0 1 1 0 1 1 0 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 1 1 1
0 0 1 1 1 0 1 0 0 0 1 0 1 0 1 1 1 0 0 1 1 1 0 1 0 1 1 1 1 0 0 0
1 1 0 0 1 1 0 1 0 1 0 1 0 0 1 0 0 0 0 0 1 0 1 1 1 0 1 0 1 1 0 1
1 0 0 0 1 1 0 0 1 1 1 1 0 0 0 1 0 0 1 1 1 1 0 0 1 0 0 1 0 1 1 0
1 0 0 1 1 1 0 1 1 1 0 0 0 1 1 0 0 0 1 1 0 0 1 1 0 0 0 0 0 1 1 1
1 0 0 1 0 0 1 0 1 1 1 1 0 0 1 1 1 1 0 0 1 0 1 1 0 0 0 0 1 1 1 0
0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 1 0 1 1 0 0 1 0 1 1 1 1 1 0 0 1
0 0 0 1 0 1 1 1 1 0 1 1 1 1 0 0 0 0 1 0 0 0 0 0 0 1 1 0 1 1 0 1
0 0 1 1 1 1 1 0 0 1 0 0 1 1 1 0 0 0 0 1 1 1 0 0 1 0 0 1 0 1 0 0
0 1 0 0 0 0 1 0 1 1 0 1 0 1 0 1 1 0 0 1 0 0 0 0 0 0 1 1 0 0 1 1
1 0 0 0 0 0 0 0 1 1 1 1 0 1 1 0 0 1 0 1 0 1 1 1 1 0 1 1 0 0 0 1
0 0 0 0 0 0 1 0 1 1 1 1 1 0 1 0 0 0 1 1 0 1 1 1 0 0 1 1 1 1 1 1
0 1 0 1 1 0 0 1 0 0 1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 0 1 1 1
1 1 0 0 0 1 1 0 1 1 0 0 0 0 0 0 1 0 0 1 0 1 1 0 0 1 0 0 1 0 1 1
1 1 0 0 0 0 0 1 1 0 0 0 1 1 1 1 1 1 0 1 1 1 1 1 1 0 0 1 0 1 1 0
0 1 1 1 0 1 0 1 0 0 1 0 0 0 0 1 1 1 0 0 0 0 1 1 1 0 0 0 0 1 0 0
0 1 0 1 1 0 0 0 0 1 1 1 1 1 1 0 1 0 1 0 1 0 1 1 0 0 1 1 0 0 1 0
1 1 1 1 1 0 1 1 0 0 0 1 0 0 1 0 0 0 0 1 0 0 1 1 0 1 1 0 0 0 1 1
1 1 1 1 1 1 1 0 1 1 1 0 0 1 0 1 0 1 1 0 0 0 0 1 1 1 0 1 0 0 0 0
0 1 1 1 1 0 0 1 1 0 1 1 1 0 1 1 0 1 0 0 0 1 0 1 1 0 0 0 0 0 1 1
0 1 1 0 1 0 1 0 1 0 1 0 0 0 1 1 1 1 0 0 0 0 1 1 0 1 0 1 1 1 1 1
0 1 1 0 1 1 0 1 1 0 1 0 0 1 0 0 0 1 1 0 1 0 1 1 0 0 1 1 0 1 1 1
'''

#sage
from libnum import *
from gmpy2 import *
c = 5750862006780374919287214285692236210204656897730327429454502213453716609006462693326927544526483929921956237739564314742381291228170724611684726314766300684189083862768843433748971907962075938141567163713163231477418107343867114651242407427262164467193346523730926798966915657982552864539513197192523866321569716738540583056085357621328692775578162692288348251605475475005408200801081747601745630186390866011595954211521326069111983199120520535552104591110478015154646709731714695120857959832894595677697407284511806934799265823961155753765208975629786832407640872204810033141414096894416317703257346937008503926274
leak = 89144063720545532404936347749976033995959352088369581593483294017916269127126015515514164556238892315116219488234599276283755643115494368387307879815221830970632672104176330851649236203019768799744400071934922875736029236458980333704716550922984411453411523931115952319603510996580835848026227775168231757398
matrix_size = 32
I = matrix.identity(32)
G = [[0,0,1,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,0,0,1,0,0,0,1,0,0,1,1,0,0],
[1,0,1,0,0,0,0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,0,0,0,1],
[0,1,0,1,1,1,1,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0],
[0,1,1,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,1,0,1,1,0,1],
[0,1,0,1,1,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,1,0,0,1,0,0,1,0,1,1],
[1,1,1,0,0,1,0,0,0,1,0,1,0,0,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,1,1],
[1,0,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,0,0,1,0,0],
[1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,0,1,0,1,0,0,1,0,0,0,1,1,1,1,0,1,0],
[0,0,1,0,1,1,1,0,1,1,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,1,1],
[1,0,0,0,0,0,0,1,1,1,1,1,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,0,1,1,1,1],
[1,0,0,0,1,1,0,0,1,1,0,1,1,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1],
[0,0,1,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0],
[1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,0,0,0,0,0,1,0,1,1,1,0,1,0,1,1,0,1],
[1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,0,1,1,1,1,0,0,1,0,0,1,0,1,1,0],
[1,0,0,1,1,1,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1],
[1,0,0,1,0,0,1,0,1,1,1,1,0,0,1,1,1,1,0,0,1,0,1,1,0,0,0,0,1,1,1,0],
[0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1,0,0,1,0,1,1,1,1,1,0,0,1],
[0,0,0,1,0,1,1,1,1,0,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,1,1,0,1],
[0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,0,1,0,0,1,0,1,0,0],
[0,1,0,0,0,0,1,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,1,1,0,0,1,1],
[1,0,0,0,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,0,1,1,0,0,0,1],
[0,0,0,0,0,0,1,0,1,1,1,1,1,0,1,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1],
[0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1],
[1,1,0,0,0,1,1,0,1,1,0,0,0,0,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1],
[1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0,0,1,0,1,1,0],
[0,1,1,1,0,1,0,1,0,0,1,0,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0,0,0,1,0,0],
[0,1,0,1,1,0,0,0,0,1,1,1,1,1,1,0,1,0,1,0,1,0,1,1,0,0,1,1,0,0,1,0],
[1,1,1,1,1,0,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,1,0,1,1,0,0,0,1,1],
[1,1,1,1,1,1,1,0,1,1,1,0,0,1,0,1,0,1,1,0,0,0,0,1,1,1,0,1,0,0,0,0],
[0,1,1,1,1,0,0,1,1,0,1,1,1,0,1,1,0,1,0,0,0,1,0,1,1,0,0,0,0,0,1,1],
[0,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1],
[0,1,1,0,1,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,0,1,1,1]]

G = Matrix(GF(2),G)
leak_bin = bin(leak)[2:].zfill(1024)
# 初始化一个空列表来存储每一行
rows = []
# 循环遍历字符串,每次取 matrix_size 个字符
for i in range(0, len(leak_bin), matrix_size):
    # 取出子串
    sub_string = leak_bin[i:i+matrix_size]
    # 将子串转换为整数列表
    row = list(map(int, sub_string))
    # 将这一行添加到 rows 列表中
    rows.append(row)
# 创建矩阵
X = Matrix(GF(2), rows)

P = X *(G + I)^(-1)
p = ""
for line in P:
    for i in line:
        p = p + str(i)
p = int(p,2)
q = p ^^ leak
n = p*q
d = invert(65537,(p-1)*(q-1))
m = pow(c,d,n)
print(n2s(int(m)))

BuildCTF{78e09053-bc0a-4fdc-9dec-0f107bf9ba43}

相关推荐
景天科技苑2 分钟前
【Golang】Go语言中如何进行包管理
开发语言·后端·golang·go mod·go语言包管理·go包管理·go sum
wwangxu5 分钟前
Java 面向对象基础
java·开发语言
致奋斗的我们7 分钟前
RHCE的学习(7)
linux·服务器·网络·学习·redhat·rhce·rhcsa
秦朝胖子得加钱19 分钟前
Flask
后端·python·flask
wdxylb20 分钟前
Linux下编写第一个bash脚本
开发语言·chrome·bash
幽兰的天空23 分钟前
Python实现的简单时钟
开发语言·python
hanniuniu1324 分钟前
动态威胁场景下赋能企业安全,F5推出BIG-IP Next Web应用防火墙
网络协议·tcp/ip·安全
这题怎么做?!?31 分钟前
模板方法模式
开发语言·c++·算法
Gnevergiveup34 分钟前
源鲁杯2024赛题复现Web Misc部分WP
安全·网络安全·ctf·misc
NCU_AI1 小时前
Python 网络爬虫快速入门
python·网络爬虫