老平台了…刷一刷

xman2019 xgm

共模攻击

1
flag{gongmogongji}

xman2019 xbk

低公钥指数

1
b'flag{let_me_do_sth_good}'

xman2019 xyf

yafu分解

1
b'flag{yafu_is_great_2}'

xman2019 xfz

image-20200424131013005

可以看到这个一个缩小版DSA加密,只有七轮.条件为给出了明文test,根据DSA加密原理我们得到下式

image-20200424164246939

可以发现我们已知x,y,可以在最后一行进行一次异或得到左密钥``k1k2k4k5`和右密钥`k0k2k3k5^k6`,那么对于包含了flag 的新密码我们则可以解密.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
test = '50543fc0bca1bb4f21300f0074990f846a8009febded0b2198324c1b31d2e2563c908dcabbc461f194e70527e03a807e9a478f9a56f7'
tk = '66bbd551d9847c1a10755987b43f8b214ee9c6ec2949eef01321b0bc42cffce6bdbd604924e5cbd99b7c56cf461561186921087fa1e9'
mk = '44fc6f82bdd0dff9aca3e0e82cbb9d6683516524c245494b89c272a83d2b88452ec0bfa0a73ffb42e304fe3748896111b9bdf4171903'


def xor(a, b):
assert len(a) == len(b)
c = bytearray()
for i in range(len(a)):
c.append(a[i] ^ b[i])
return bytes(c)

l = bytes.fromhex(test)[0:27]
r = bytes.fromhex(test)[27:54]
ltk = bytes.fromhex(tk)[0:27]
rtk = bytes.fromhex(tk)[27:54]
flag = bytes.fromhex(mk)
lk = xor(ltk, r)
rk = xor(l, xor(r, rtk))
rflag = xor(flag[0:27], lk)
lflag = xor(xor(flag[27:54], rk), rflag)
print(lflag + rflag)
>>> b'flag{festel_weak_666_10fjid9vh12h3nvm}\x0ei\x10\xf1B\xeaX\x99H\x95\x96\xe04\x00\xb55'

xman2019 xcaesar

1
2
3
4
5
6
7
8
9
10
11
12
13
c = 'bXNobgJyaHB6aHRwdGgE'

import base64
c = base64.b64decode(c)

for i in range(128):
temp = ''
for char in c:
temp += chr((char + i) % 128)
if 'flag' in temp:
print(temp)
break
>>> flag{kaisamima}

61dctf rsappend

1
flag{we_do_ctf_together_for_fun}

superexpress

仿射密码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
import sys
key = '****CENSORED***************'
flag = 'TWCTF{*******CENSORED********}'

c = '805eed80cbbccb94c36413275780ec94a857dfec8da8ca94a8c313a8ccf9'

encrypted = [int(c[i: i + 2], 16) for i in range(0, len(c), 2)]
x = ord(flag[1])-ord(flag[0])
y = encrypted[1] - encrypted[0]
import gmpy2
a = (y * gmpy2.invert(x, 251)) % 251
b = (encrypted[0] - a * ord(flag[0])) % 251
a_inv = gmpy2.invert(a, 251)


for c in encrypted:
print(chr((a_inv * (c - b)) % 251),end='')

简单ECC概念

自己写了一个类实现的…很好但是我选择sage

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
from Crypto.Util.number import *
from functools import reduce

class EllipseCurve:
def __init__(self, p, a, b):
self.a = a
self.b = b
self.p = p

def add(self, point1, point2):
if point1[0] == point2[0] and point1[1] == point2[1]:
s = ((3 * (point1[0] ** 2) + self.a) * inverse(2 * point1[1], self.p)) % self.p
else:
s = ((point2[1] - point1[1]) * \
inverse(point2[0] - point1[0], self.p)) % self.p
x = (s ** 2 - point1[0] - point2[0]) % self.p
y = (s * (point1[0] - x) - point1[1]) % self.p
return (x, y)

def mult(self, n, point):
return reduce(self.add, [point for i in range(n)])

p = 15424654874903
a = 16546484
b = 4548674875
ecc = EllipseCurve(p, a, b)
n = 546768
g = (6478678675, 5636379357093)
ans = ecc.mult(54676,g)
print(ans[0],ans[1])
1
2
3
4
5
6
7
8
F = Zmod(15424654874903)
Curve = EllipticCurve(F, [16546484, 4548674875])
G = Curve(6478678675, 5636379357093)
K = 546768 * G
x, y = K.xy()
print((G * 54676).xy())
print('XUSTCTF{%d}' % (int(x) + int(y)))
>>> XUSTCTF{19477226185390}

评论