[HNCTF 2022 Week1]baby_rsa

源代码：

from Crypto.Util.number import bytes_to_long, getPrime
from gmpy2 import *
from secret import flag
m = bytes_to_long(flag)
p = getPrime(128)
q = getPrime(128)
n = p * q
e = 65537
c = pow(m,e,n)
print(n,c)
# 62193160459999883112594854240161159254035770172137079047232757011759606702281
# 17331436837911040930486942133359735652484926528331507431552667656734821231501

攻击代码：

from Crypto.Util.number import *
n=62193160459999883112594854240161159254035770172137079047232757011759606702281
c=17331436837911040930486942133359735652484926528331507431552667656734821231501
p= 234560843346150602519484260867514743467
q=n//p
d=inverse(65537,(p-1)*(q-1))
m=pow(c,d,n)
print(long_to_bytes(m))
# b'NSSCTF{Welc0m3_t0_7h3_RSA_w0r1d}'

得到flag：

NSSCTF{Welc0m3_t0_7h3_RSA_w0r1d}