前言
上一年年底划水的比赛,忘记发 WriteUp 了,补发一下。
Crypto - Warm Up
先用 wireshark 打开数据包文件分析看见了常见的 P,N,Q 参数。
N 大于 512bit 不可分解因数求解 e 也并不是小指数。
接着往下分析包发现两个使用相同模数N加密的密文
This is a message distribute system. Please tell me your name:
Alice
Hi Alice, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 7669
Last but not least, your secret is: 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
You will know the secret after I give you P,Q.
See you next time!
This is a message distribute system. Please tell me your name:
Dave
Hi Dave, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 6947
Last but not least, your secret is: 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
You will know the secret after I give you P,Q.
See you next time!
想到 rsa共模攻击(以前做过类似的题目)
参考 https://www.anquanke.com/post/id/84
这里贴下解密脚本:
from libnum import n2s,s2n
from gmpy2 import invert
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def main():
n = 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
#dave
c1 = 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
#alice
c2 = 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
#dave
e1 = 7669
e2 = 6947
s = egcd(e1, e2)
s1 = s[1]
s2 = s[2]
if s1<0:
s1 = - s1
c1 = invert(c1, n)
elif s2<0:
s2 = - s2
c2 = invert(c2, n)
m = pow(c1,s1,n)*pow(c2,s2,n) % n
print n2s(m)
if __name__ == '__main__':
main()
Flag: FLAG{g00d_Luck_&_Hav3_Fun}
Web - ezdotso
<?php
$param = array();
parse_str($_SERVER['QUERY_STRING']);
if (isset($action)){
switch($action){
case "php_info":
echo call_user_func_array("php_info",$param);
break;
case "cmd":
if(isset($cmd)){
if(is_string($cmd)){
if (strlen($cmd)>9){
die();
}
$pat1 = "/[^0-9a-zA-Z /*]/";
if (preg_match($pat1, $cmd)>0){
die();
}
$pat2 = "/^[a-zA-Z]+ [0-9a-zA-Z/*]+$/";
if (preg_match($pat2, $cmd)==0){
die();
}
system("busybox " . $cmd);
}
}
break;
default:
echo call_user_func_array("hello",$param);
break;
}
}else{
show_source(__FILE__);
}
直接走 cmd 的流程,要求 cmd 不超过 9 位,要求正则 /[^0-9a-zA-Z /*]/
的匹配结果为 0, 要求 /^[a-zA-Z]+ [0-9a-zA-Z/*]+$/ 的匹配结果不为 0
可以知道 cat /flag 刚好满足上述要求
直接使用 /?action=cmd&cmd=cat%20/flag 带入 URL 中得到 flag
Flag: flag{dc76b51c-01bb-46dc-a549-5d336a8c3430}
Reverse - Code Interpreter
指令解释类的逆向题目
流程:读入 code 文件到 ptr 堆块,读入 3 个数字到 bss 段,sub_400806 对 ptr 内的指令进行解释、执行处理,处理完返回,判断满足 4 个条件,输出 flag。
根据 sub_400806,对 code 文件进行人工解释,可以得到
输入: num1,num2,num3
090404 [4]^=[4]
090000 [0]^=[0]
080100 [1]=num1
080201 [2]=num2
080302 [3]=num3
060104 [1]>>=4
050115 [1]*=0x15
070001 [0]=[1]
040003 [0]-=[3]
016bcc7e1d num4=0x1d7ecc6b
080103 [1]=num4
040001 [0]-=[1]
02
0a0400 [4]|=[0]
090000 [0]^=[0]
080100 [1]=num1
080201 [2]=num2
080302 [3]=num3
060308 [3]>>=8
050303 [3]*=3
070003 [0]=[3]
030002 [0]+=[2]
017c797960 num4=0x6079797c
080103 [1]=num4
040001 [0]-=[1]
02
0a0400 [4]|=[0]
090000 [0]^=[0]
080100 [1]=num1
080201 [2]=num2
080302 [3]=num3
060108 [1]>>=8
070001 [0]=[1]
030002 [0]+=[2]
01bdbdbc5f num4=0x5fbcbdbd
080103 [1]=num4
040001 [0]-=[1]
02
0a0400 [4]|=[0]
00
结果需要满足:
[4]==0
num1&0xff==0x5e
num2&0xff0000==0x5e0000
num3&0xff==0x5e
根据结果需要满足的条件,写个脚本爆破一下
a=0
while True:
if (a/3)%0x100000==0: print (a/3)/float(0x1000000)
a+=3
num2=0x6079797c-a
b=(0x5fbcbdbd-num2)&0xffffffff
if num2&0xff0000==0x5e0000 and (a/3)>>24==0 and b>>24==0:
num1=(b<<8)+0x5e
num3=((a/3)<<8)+0x5e
if ((num1>>4)*0x15-num3)&0xffffffff==0x1d7ecc6b:
print 'X-NUCA{%s%s%s}' % (hex(num1)[2:],hex(num2)[2:],hex(num3)[2:])
break
if (a/3)>0x1000000:
print 'err'
break
得到 Flag
Flag: X-NUCA{5e5f5e5e5f5e5e5f5e5e5f5e}
Reverse - Strange Interpreter
有点像 看雪国庆CTF墓碑之墙 那题,也是 llvm 混淆的,不过这题简单多了。
采用旧方法,用之前那个脚本,把流程图画出来
从后往前推,在 0x412385 的代码段,可以看到 dword_6130D0 和 byte_613050 进行比较
byte_613050 的值为:012345abcdefghijklmnopqrstuvwxyz
那么在 0x412385 的位置下断,输入假 flag: 012345abcdefghijklmnopqrstuvwxyz
可以看到,前半部分的真 flag 出来了,将它拼接到假 flag 里,继续输入 X-NUCA{5e775e5e7klmnopqrstuvwxyz
后半部分的也出来了,接着验证一下 flag
验证成功
Flag: X-NUCA{5e775e5e775e5e775e5e775e}
Source: impakho.com | Author:impakho
相关推荐: CVE-2017-2416 GIF表情引发的远程代码执行
ImageIO 适用于:iPhone 5 及更新机型、iPad 第 4 代及更新机型、iPod touch 第 6 代及更新机型 影响:处理恶意制作的图像可能会导致任意代码执行 说明:内存损坏问题已通过改进输入验证得到解决。 CVE-2017-2416:腾讯科…
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论