DASCTF 2020 安恒七月赛 |

admin

101411
文章

87
评论

2021年10月11日22:38:16已关闭评论215 views字数 5095阅读16分59秒阅读模式

MISC

welcome to the misc world

解压得一张图red_blue.png和加密压缩包flag.rar，那么密码肯定在图里了。

由关键字red/blue想到lsb隐写，用Stegsolve工具查找无结果，放到zsteg命令下看，发现png图，提取出来：

得到压缩包密码 /*///1258/*/@#。

用360压缩打开直接能看到NTFS隐写文件： (23333~~)

打开flag.txt，得到一串字符，由包含的字符猜测为base85编码，尝试解码得到flag。

CRYPTO

bullshit

给定脚本

from flag import flag
def pairing(a,b):
    shell = max(a, b)
    step = min(a, b)
    if step == b:
        flag = 0
    else:
        flag = 1
    return shell ** 2 + step * 2 + flag

def encrypt(message):
    res = ''
    for i in range(0,len(message),2):
        res += str(pairing(message[i],message[i+1]))
    return res

print(encrypt(flag))

加密脚本思路：

将明文message每两个字符分别作为pairing()函数的参数，返回的int结果值连接，得到输出密文。

因flag可能包含的ASCII字符的十进制值 $48 \leq d \leq 126$

48 \leq d \leq 126

，由pairing()函数返回值知，得到的int结果值范围为

$48^{2} + 48 \cdot 2 + 0 \leq v \leq 126^{2} + 126 \cdot 2 + 1 \Rightarrow 2400 \leq v \leq 16129$

48^{2} + 48 \cdot 2 + 0 \leq v \leq 126^{2} + 126 \cdot 2 + 1 \Rightarrow 2400 \leq v \leq 16129

按范围分割密文，再分别爆破每个的输入参数：

import string
dic=string.printable[:-6]

def pairing(a,b):
    shell = max(a, b)
    step = min(a, b)
    if step == b:
        flag = 0
    else:
        flag = 1
    return shell ** 2 + step * 2 + flag

c=[11869,10804,15229,10199,3354,10105,3241,10519,9908,2499,10505,10103,9519,9519,3232,9711,9520,3127,15722]
flag=''
for k in c:
	for x in dic:
		for y in dic:
			if pairing(ord(x),ord(y))==k:
				flag+=x+y
print(flag)

ezrsa

给定脚本

from secret import flag
from Crypto.Util.number import getPrime,inverse,bytes_to_long,long_to_bytes
from sympy import isprime

m = bytes_to_long(flag)

i=0
p=getPrime(1024)
r=getPrime(1024)
while True:
    i+=1
    q = 5*p+i
    if isprime(q) :
        break

n=p*q*r
e = 65537
c = pow(m,e,n)
p3 = pow(p,3,n)
q3 = pow(q,3,n)
print c
print e
print n
print p3
print q3

由脚本知 $p, q$

p, q

为线性关系： $q = 5 p + k, k \in Z$

q = 5 p + k, k \in Z

又已知 $p, q$

p, q

用 $e = 3$

e = 3

得到的密文 $p 3, q 3$

p 3, q 3

，满足 Related Message Attack 条件，运行Sage脚本得到 $p, q$

p, q

，再求得 $r$

r

，按照常规RSA解法求出flag。

Related Message Attack Sage脚本：


def short_pad_attack(c1, c2, e, n):
    PRxy.<x,y> = PolynomialRing(Zmod(n))
    PRx.<xn> = PolynomialRing(Zmod(n))
    PRZZ.<xz,yz> = PolynomialRing(Zmod(n))
    g1 = x^e - c1
    g2 = (5*x+y)^e - c2
    q1 = g1.change_ring(PRZZ)
    q2 = g2.change_ring(PRZZ)
    h = q2.resultant(q1)
    h = h.univariate_polynomial()
    h = h.change_ring(PRx).subs(y=xn)
    h = h.monic()
    kbits = n.nbits()//(2*e*e)
    diff = h.small_roots(X=2^kbits, beta=0.4)[0]  
    return diff
def related_message_attack(c1, c2, diff, e, n):
    PRx.<x> = PolynomialRing(Zmod(n))
    g1 = x^e - c1
    g2 = (5*x+diff)^e - c2
    def gcd(g1, g2):
        while g2:
            g1, g2 = g2, g1 % g2
        return g1.monic()
    return -gcd(g1, g2)[0]
if __name__ == '__main__':
    n = 20361372240024088786698455948788052559208001789410016096382703853157107986024860262721685000417719260611935731634077852127432140361792767202581631816544546972750034494061276779878409544779707914261679633764772575040304712361634318086289783951555842021028438799649252652041211341825451500751760872572402250747982495384263677669526575825183733353800694161425360299521143726681387485097281832219009682768523304737252763907939642212542959846630464628135025203489075698699980715986689341069964387779523254203021424865355054215122316160201073604105317768112281914334065349420946717116563634883368316247495042216330408372176714499012778410160478384503335610321108263706243329745785632599707740534386988945259578897614317582546751658480917188464178997026284336861027299289073045677754342746386408505695243800685323283852020325044649604548575089927541935884800327121875191739922436199496098842684301207745090701158839031935190703347091
    e = 3
    c1 = 3639847731266473012111996909765465259684540134584180368372338570948892196816095838781423020996407457408188225238520927483809091079993151555076781372882518810174687150067903870448436299501557380508793238254471833275507634732947964907461619182112787911133054275872120243558556697900528427679352181961312958660881800731678134481664074711076672290178389996403357076809805422591851145306425951725627843352207233693810474618882394140691334742086008967260117740486955640068190440609984095657695423536016475468229419187489359563800737261212975921663803729112420222039005478830477455592167092520074509241894829304209406713781082959299623674294927249556083486223036858674077173104518013601628447504500606447821540687465361616447631579976579754996021653630804073535352129315413118764836270751250405649683786487251823247828947202336680538849571498780353357272103697510910576879383751704763858882439578045020243015928994208017750848637513
    c2 = 7030777127779173206633582847346001157991477456002191926122836599155148909465054067800807615361108442560942058865403188672629297039703065927801771646334817871335134889139894648729527452541098449842202838983982508551750669662540615534327150829869964429006130891731472099912937717406120443380283548571270317421722042835639732966975812764084015221255115940508456442279902250677665136380988902682370875602145833135937210740790528756301051981994351553247852018355526641012434670664732924491790949235519600899289515495046353559475806935200029321563549553167235419039924276406059858659476329718809657072997385947262654743181242885709558209249589482036673428723035300722280229192727192487772217518673838209646300548275957450994828221329299666216457961746189885356929698674294944243729739850927111231235060005119781652245234537583181232715964191675241206562888107252569566488402724441835466680342239244581162530424964324562530832713397
    diff = short_pad_attack(c1, c2, e, n)
    print("difference of two messages is %d" % diff)
    p = related_message_attack(c1, c2, diff, e, n)
    print("p:", p)
    print("q:", 5*p + diff)

左青龙
微信扫一扫

右白虎
微信扫一扫

DASCTF 2020 安恒七月赛 |

MISC

welcome to the misc world

CRYPTO

bullshit

ezrsa

PWNHUB Web第一题writeup

Vulnerable Docker VM WriteUp

2024 红明谷 dualrsa

2024第四届红明谷 WriteUp By Mini-Venom

第二届数据安全大赛暨首届数信杯数据安全大赛数据安全积分争夺赛预赛南区- WriteUp By EDISEC

来写点安卓逆向题吧③：dynamicRegReverse

东区-第二届数据安全大赛暨首届数信杯数据安全大赛 WP

第二届数据安全大赛暨首届数信杯北部赛区writeup

2024 数信杯

第二届数据安全大赛暨首届数信杯积分争夺赛实践预赛南区Writeup

在线咨询

微信