uint8_t rand0_32[32] = {0x67, 0xc6, 0x69, 0x73, 0x51, 0xff, 0x4a, 0xec, 0x29, 0xcd, 0xba, 0xab, 0xf2, 0xfb, 0xe3, 0x46, 0x7c, 0xc2, 0x54, 0xf8, 0x1b, 0xe8, 0xe7, 0x8d, 0x76, 0x5a, 0x2e, 0x63, 0x33, 0x9f, 0xc9, 0x9a};
for(int i=0;i<outlen;i++){
out[i] = rand0_32[i % 32];
}
第三关
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey,X25519PublicKey
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
rand0 = [0x67, 0xc6, 0x69, 0x73, 0x51, 0xff, 0x4a, 0xec, 0x29, 0xcd, 0xba, 0xab, 0xf2, 0xfb, 0xe3, 0x46, 0x7c, 0xc2, 0x54, 0xf8, 0x1b, 0xe8, 0xe7, 0x8d, 0x76, 0x5a, 0x2e, 0x63, 0x33, 0x9f, 0xc9, 0x9a]
sk = "".join(hex(i)[2:].rjust(2,'0') for i in rand0)
print(sk)
privatekey=X25519PrivateKey.from_private_bytes(bytes.fromhex(sk))
print((privatekey.public_key()._raw_public_bytes().hex()))
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey,X25519PublicKey
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
rand0 = [0x67, 0xc6, 0x69, 0x73, 0x51, 0xff, 0x4a, 0xec, 0x29, 0xcd, 0xba, 0xab, 0xf2, 0xfb, 0xe3, 0x46, 0x7c, 0xc2, 0x54, 0xf8, 0x1b, 0xe8, 0xe7, 0x8d, 0x76, 0x5a, 0x2e, 0x63, 0x33, 0x9f, 0xc9, 0x9a]
sk = "".join(hex(i)[2:].rjust(2,'0') for i in rand0)
# print(sk)
privatekey=X25519PrivateKey.from_private_bytes(bytes.fromhex(sk))
# print((privatekey.public_key()._raw_public_bytes().hex()))
publickey=X25519PublicKey.from_public_bytes(bytes.fromhex('a0022027e0390ead7d82e1e74ae2d2f045fbf72896b9846d7f28bfa184280e3e'))
result=privatekey.exchange(publickey)
print(result.hex())
7ff739dbe782d963e54e3242d83b3a01a6535aed3579f6a514a664b363915903
PMS_CLIENT_RANDOM[空格]Random[空格]sharekey
PMS_CLIENT_RANDOM 9d8f92cc2ac8f33293da5169d49c82794c660fc937bd0c1b05f5e062e491da85 7ff739dbe782d963e54e3242d83b3a01a6535aed3579f6a514a664b363915903
PMS_CLIENT_RANDOM 9d8f92cc2ac8f33293da5169d49c82794c660fc937bd0c1b05f5e062e491da85 7ff739dbe782d963e54e3242d83b3a01a6535aed3579f6a514a664b363915903
PMS_CLIENT_RANDOM b5dbfb40bc4c2b1a46bbc594fc89a56c17fe7db891beb7c111691516bd3117d1 4c8c1680018a8dd48749d642b6a6df5cc2104cb98842b82b0d748430108b8f61
伪造签名
//Generate Random Number
unsigned char randomScalar[32];
unsigned int i_time=0;
time_parse(message, &i_time);
if(derive_from_time(i_time,randomScalar,32))
goto err;
BN_bin2bn(randomScalar, 32, k);
int time_parse(char *str_time, unsigned int *i_time){
struct tm s_time;
/* strptime(str_time,"%Y年%m月%d日%H:%M:%S",&s_time);
s_time.tm_isdst = -1;
*i_time = mktime(&s_time); */
int year, month, day, hour, minute,second;
sscanf(str_time,"%d-%d-%d %d:%d:%d", &year, &month, &day, &hour, &minute, &second);
s_time.tm_year= year-1900;
s_time.tm_mon= month-1;
s_time.tm_mday= day;
s_time.tm_hour= hour;
s_time.tm_min= minute;
s_time.tm_sec= second;
s_time.tm_isdst= -1;
*i_time = mktime(&s_time);
return 0;
}
int derive_from_time(unsigned int seed, unsigned char *randomScalar, int length) {
if (randomScalar == NULL || length <= 0) {
return 1; // Invalid input
}
unsigned int currentSeed = seed;
int generatedLength = 0;
while (generatedLength < length) {
unsigned char shaOutput[SHA256_DIGEST_LENGTH];
SHA256((const unsigned char *)¤tSeed, sizeof(currentSeed), shaOutput);
int remainingLength = length - generatedLength;
int copyLength = remainingLength < SHA256_DIGEST_LENGTH ? remainingLength : SHA256_DIGEST_LENGTH;
memcpy(randomScalar + generatedLength, shaOutput, copyLength);
generatedLength += copyLength;
currentSeed++;
}
return 0; // Success
}
gcc tmpk.c -L. -l crypto -l ssl -o tmpk
(把 tmpk.c 放在 openssl 目录下) //Generate Random Number
unsigned char randomScalar[32];
unsigned int i_time=0;
time_parse(message, &i_time);
if(derive_from_time(i_time,randomScalar,32))
goto err;
BN_bin2bn(randomScalar, 32, k);
BN_print_fp(stdout, k);
printf("n");
D2D569D2A7250B2B27DF909C9AFC1FD9E0A555AEC4BFB5D80CD71F70ADACF414
from Crypto.Util.number import *
r = 0x37AF670C4742BD0C8D7CF68FCEBFE61885AA630695D50A15DF279CD64327466F
r = bytes_to_long(long_to_bytes(r)[::-1])
s = 0x6701CFB5F356887B9441323FDC08FBA900E1050109FD95F024DC9C178CEBE7A4
s = bytes_to_long(long_to_bytes(s)[::-1])
n = 0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123
k = 0xD2D569D2A7250B2B27DF909C9AFC1FD9E0A555AEC4BFB5D80CD71F70ADACF414
print((k-s)*inverse(s+r,n)%n)
104515905597970870556286963199400550747760654012576876144731059595513283165045
hex(bytes_to_long(long_to_bytes(sk::-1]))
)753bffd7cd2353cbe72702159162f8da8f7118d8b4944fe74ddbf7e2fee711e7
int main()
{
unsigned char pub[64];
unsigned char pri[64];
unsigned char message1[128] = "2023-8-10 09:11:13, A transfers 50000.00 to B.";
unsigned char message2[128] = "2023-8-10 11:31:01, B transfers 50000.00 to A.";
unsigned char digest[32];
unsigned char sig1[64];
unsigned char sig2[64];
int ret;
printf("msg1:t%sn",message2);
ret = Sign_Prifile(message2, sig1);
user_printf_hex("sig1:t",sig1,64);
ret = Verify_Pubfile(message2, sig1);
printf("verify:t%dn",ret);
return 0;
}
完结!撒花!
(PS:做到现在,仍然不知道 AAA 是怎么在没拿到 flag3 的情况下进入签名系统,完成签名计算的,疑惑。难道说他们找到了签名系统的洞可以注册用户?)
原文始发于微信公众号(Van1sh):2023 熵密杯 revenge
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论