忙里偷闲做做题wwwwwwwwwwwww

Intro to Hashing

  1. 1
    2
    3
    4
    5
 
  1.  
  2. import hashlib
    hashlib.md5(hashlib.sha256('id0-rsa.pub').hexdigest()).hexdigest()
    # 'b25d449d86aa07981d358d3b71b891de'

Intro to PGP

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
 
  1. # bash
  2.  
  3. root@kali:~/Documents/id0-rsa# touch Intro_to_PGP.key
    root@kali:~/Documents/id0-rsa# gpg --import Intro_to_PGP.key 
    gpg: key 2503D0F1A81B09D4: public key "id0-rsa.pub (http://id0-rsa.pub) <id0rsa.pub@gmail.com>" imported
    gpg: Total number processed: 1
    gpg:               imported: 1
    root@kali:~/Documents/id0-rsa# touch Intro_to_PGP.txt
    root@kali:~/Documents/id0-rsa# gpg -d Intro_to_PGP.txt
  4.  
  5. # Thank you Phil Zimmermann!

Hello PGP

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
 
  1. #!/bin/bash
  2.  
  3. count=1
  4.  
  5. while read WORD; do
    	gpg --batch --passphrase $WORD --decrypt test.txt 2>/dev/null
    	if [ $? -eq 0 ]; then
    		echo 
    		echo $WORD
    		exit
    	fi
    	count=$(( count + 1 ))
    	if [ $((count % 1000)) -eq 0 ]; then
    		echo $count
    	fi
    done < words
  6.  
  7. # passionately apathetic
    # seamanship
    # gpg: AES256 encrypted data
    # gpg: encrypted with 1 passphrase

Hello OpenSSL

繁琐的解法

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
 
  1. # bash
    root@kali:~/Documents/id0-rsa/Hello_OpenSSL# openssl rsa -in priva.pem -text
    Private-Key: (256 bit)
    modulus:
        00:e6:dc:a0:a5:26:5d:39:95:0c:7e:e3:b7:a1:31:
        96:47:87:00:2c:1b:56:ba:2e:54:ce:b4:30:db:ff:
        09:95:9d
    publicExponent: 65537 (0x10001)
    privateExponent:
        00:8f:67:e1:8a:75:28:57:ca:94:76:85:f1:dd:79:
        b6:05:0e:35:05:e7:f9:ed:da:23:e6:de:14:aa:22:
        d9:78:a9
    prime1:
        00:fd:99:07:3e:67:03:c1:72:2a:96:81:ab:9a:29:
        db:d7
    prime2:
        00:e9:0c:76:fe:de:98:c1:9d:d3:c8:30:c0:e4:3a:
        8b:ab
    exponent1:
        00:b4:a6:37:17:c7:d0:50:14:20:ac:58:30:c2:c0:
        00:bf
    exponent2:
        00:c5:87:27:25:07:8e:fa:2c:c7:e0:9a:52:24:1f:
        eb:59
    coefficient:
        00:e3:bd:9b:a2:47:11:68:33:2d:80:fe:7d:ed:34:
        de:fc
    writing RSA key
    -----BEGIN RSA PRIVATE KEY-----
    MIGtAgEAAiEA5tygpSZdOZUMfuO3oTGWR4cALBtWui5UzrQw2/8JlZ0CAwEAAQIh
    AI9n4Yp1KFfKlHaF8d15tgUONQXn+e3aI+beFKoi2XipAhEA/ZkHPmcDwXIqloGr
    minb1wIRAOkMdv7emMGd08gwwOQ6i6sCEQC0pjcXx9BQFCCsWDDCwAC/AhEAxYcn
    JQeO+izH4JpSJB/rWQIRAOO9m6JHEWgzLYD+fe003vw=
    -----END RSA PRIVATE KEY-----
 
  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
 
  1. n = 0xe6dca0a5265d39950c7ee3b7a131964787002c1b56ba2e54ceb430dbff09959d
  2.  
  3. d = 0x8f67e18a752857ca947685f1dd79b6050e3505e7f9edda23e6de14aa22d978a9
  4.  
  5. c = 0x6794893f3c47247262e95fbed846e1a623fc67b1dd96e13c7f9fc3b880642e42
  6.  
  7. >>> hex(pow(c,d,n))
    '0x310f2eb0634ed1ab'

一行

  1. 1
    2
    3
 
  1. # bash
    root@kali:~/Documents/id0-rsa/Hello_OpenSSL# openssl rsautl -decrypt -in <(xxd -r -p cipher) -inkey priva.pem -raw | xxd -p -c 8 | tail -n1
    # 310f2eb0634ed1ab

Intro to RSA

  1. 1
    2
    3
    4
    5
    6
    7
    8
 
  1. >>> (e, N) = (0x3, 0x64ac4671cb4401e906cd273a2ecbc679f55b879f0ecb25eefcb377ac724ee3b1)
    >>> d = 0x431d844bdcd801460488c4d17487d9a5ccc95698301d6ab2e218e4b575d52ea3
  2.  
  3. >>> c = 0x599f55a1b0520a19233c169b8c339f10695f9e61c92bd8fd3c17c8bba0d5677e
  4.  
  5. >>> hex(pow(c,d,N))
    '0x4d801868d894740b2be29309fcd3edcd51bd2c2a685028b89290f9268c727581'

Caesar

但是交了以后就显示错误,不知道为什么……

破案了,因为凯撒之后的原文是

Hello Bitcoin

按资料算就是了

然而我找到了在线计算的工具;D

按照比特币wiki的说法,计算过程大概是这样的:

  1. 首先我们生成一个私钥
  2. 获取对应的公钥
  3. 获得公钥的SHA256散列值
  4. 获取上一步结果的RIPEMD-160散列值
  5. 在散列值前加入版本号
  6. 计算上一步结果的SHA-256散列
  7. 取第二个SHA-256散列值的前四字节作为地址校验和
  8. 在第四步的结果末尾加入校验和
  9. 进行Base28编码

You already solved this one! Solution: 18GZRs5nx8sVhF1xVAaEjKrYJga4hMbYc2

Ps and Qs

factordb.com 完成

噫,年老体衰也就算了,眼神也不好了,其实没有分解成功

然后开了个yafu,结果还是很不错的,我做出来了以后依然没有分解出答案

先是打开题目看了下,说是生成的素数low entropy(低熵)吗,然后打开论文大概看了下,就说生成素数有毛病,就猜测是不是共同素数的锅

结果还真是

先读两个公钥,然后gcd了一波,成功

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
 
  1. # python
    def (a, b):
    	if b == 0:
    		return a
    	else:
    		return gcd(b, a%b)
  2.  
  3. #q = gcd(3367646059138877442579820972831876412006279917097809082279412851693123955964282545145500497393579598954859534731890460229194372339215098506788375050698427369, 9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141)
    #print(q)

然后懒得写求拓展欧几里得求逆元了,直接拿工具了

补全代码

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
 
  1. # python
    def (a, b):
    	if b == 0:
    		return a
    	else:
    		return gcd(b, a%b)
  2.  
  3. #q = gcd(3367646059138877442579820972831876412006279917097809082279412851693123955964282545145500497393579598954859534731890460229194372339215098506788375050698427369, 9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141)
    #print(q)
  4.  
  5. #print(9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141//q)
  6.  
  7. n = 9055404640500300109405801152935663267176218320785348541566663982172162265778445107320065187449062375525002632043722734566593185461999286625234528036605141
  8.  
  9. d = 5595429548525262877923879998920954875376781621351655927785581040054379710925982991727871918848397312612397095534700830662119225899345003601005897300178945
  10.  
  11. c = 0xf5ed9da29d8d260f22657e091f34eb930bc42f26f1e023f863ba13bee39071d1ea988ca62b9ad59d4f234fa7d682e22ce3194bbe5b801df3bd976db06b944da
  12.  
  13. print(hex(pow(c,d,n))[2:])
  14.  
  15. # f6a1df363229c6ec

Affine Cipher

暴力一下肉眼看吧

是的,暴力以后搜索THE,出现次数最多的那个基本就确定了

不过得感叹一下 ……自己越来越蠢了……求个逆元,不是a*b%c==1则mod c下ab互为逆元么,我™a的b次方是要闹哪样……

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
 
  1. # python
    plain = "BOHHIKBI,OZ,REI,WZRIKZIR,EX.,BOHI,RO,KISU,XSHO.R,ICBSG.WYISU,OZ, WZXZBWXS,WZ.RWRGRWOZ.,.IKYWZP,X.RKG.RIT,REWKT,DXKRWI.,RO,DKOBI..,ISIBRKOZWB,DXUHIZR.F,NEWSI,REI,.U.RIH,NOKA.,NISS,IZOGPE, OKHO.R,RKXZ.XBRWOZ.Q,WR,.RWSS,.G  IK., KOH,REI,WZEIKIZR,NIXAZI..I.,O ,REI,RKG.R,MX.IT,HOTISF,BOHDSIRISU,ZOZKIYIK.WMSI,RKXZ.XBRWOZ.,XKI,ZOR,KIXSSU,DO..WMSIQ,.WZBI, WZXZBWXS,WZ.RWRGRWOZ.,BXZZORXYOWT,HITWXRWZP,TW.DGRI.F,REI,BO.R,O ,HITWXRWOZ,WZBKIX.I.,RKXZ.XBRWOZ,BO.R.Q,SWHWRWZP,REIHWZWHGH,DKXBRWBXS,RKXZ.XBRWOZ,.WJI,XZT,BGRRWZP,O  ,REI,DO..WMWSWRU, OK,.HXSS,BX.GXS,RKXZ.XBRWOZ.QXZT,REIKI,W.,X,MKOXTIK,BO.R,WZ,REI,SO..,O ,XMWSWRU,RO,HXAI,ZOZKIYIK.WMSI,DXUHIZR., OK,ZOZKIYIK.WMSI.IKYWBI.F,NWRE,REI,DO..WMWSWRU,O ,KIYIK.XSQ,REI,ZIIT, OK,RKG.R,.DKIXT.F,HIKBEXZR.,HG.RMI,NXKU,O ,REIWK,BG.ROHIK.Q,EX..SWZP,REIH, OK,HOKI,WZ OKHXRWOZ,REXZ,REIU,NOGST,OREIKNW.I,ZIITF,X,BIKRXWZ,DIKBIZRXPI,O , KXGT,W.,XBBIDRIT,X.,GZXYOWTXMSIF,REI.I,BO.R.,XZT,DXUHIZR,GZBIKRXWZRWI.BXZ,MI,XYOWTIT,WZ,DIK.OZ,MU,G.WZP,DEU.WBXS,BGKKIZBUQ,MGR,ZO,HIBEXZW.H,ICW.R.,RO,HXAI,DXUHIZR.OYIK,X,BOHHGZWBXRWOZ.,BEXZZIS,NWREOGR,X,RKG.RIT,DXKRUF"
    mp = "ABCDEFGHIJKLMNOPQRSTUVWXYZ ,."
    dict = {}
    inv_dict = {}
    for i in range(0, len(mp)):
        dict[i] = mp[i]
        dict[mp[i]] = i
  2.  
  3. # print(dict)
  4.  
  5. for i in range(1, 29):
        for j in range(1, 29):
            if i*j%29 == 1:
                inv_dict[i] = j
                break
  6.  
  7. print(inv_dict)
  8.  
  9. newarr = []
  10.  
  11. for i in range(0, len(plain)):
        newarr.append(dict[plain[i]])
  12.  
  13. # print(newarr)
  14.  
  15. def decry(c, a, b):
        s = ""
        for i in range(0, len(c)):
            s += dict[(c[i]-b+29)*inv_dict[a]%29]
  16.  
  17.     return s
  18.  
  19. for i in range(1, 29):
        for j in range(0, 29):
            print(decry(newarr, i, j))
            print(i, j)
  20.  
  21. for j in range(0, 29):
        print(decry(newarr, 0, j))
        print(0, j)
  22.  
  23. # plain = "RLZZC SCIZJB"
    #
    # newarr = []
    #
    # for i in range(0, len(plain)):
    #     newarr.append(dict[plain[i]])
    #
    # print(decry(newarr, 2, 3))
 
  1. 1
    2
    3
    4
    5
    6
    7
 
  1. λ python
    Python 3.6.1 on win32
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import hashlib
    >>> plain = "COMMERCE ON THE INTERNET HAS COME TO RELY ALMOST EXCLUSIVELY ON FINANCIAL INSTITUTIONS SERVING ASTRUSTED THIRD PARTIES TO PROCESS ELECTRONIC PAYMENTS. WHILE THE SYSTEM WORKS WELL ENOUGH FORMOST TRANSACTIONS, IT STILL SUFFERS FROM THE INHERENT WEAKNESSES OF THE TRUST BASED MODEL. COMPLETELY NONREVERSIBLE TRANSACTIONS ARE NOT REALLY POSSIBLE, SINCE FINANCIAL INSTITUTIONS CANNOTAVOID MEDIATING DISPUTES. THE COST OF MEDIATION INCREASES TRANSACTION COSTS, LIMITING THEMINIMUM PRACTICAL TRANSACTION SIZE AND CUTTING OFF THE POSSIBILITY FOR SMALL CASUAL TRANSACTIONS,AND THERE IS A BROADER COST IN THE LOSS OF ABILITY TO MAKE NONREVERSIBLE PAYMENTS FOR NONREVERSIBLESERVICES. WITH THE POSSIBILITY OF REVERSAL, THE NEED FOR TRUST SPREADS. MERCHANTS MUSTBE WARY OF THEIR CUSTOMERS, HASSLING THEM FOR MORE INFORMATION THAN THEY WOULD OTHERWISE NEED. A CERTAIN PERCENTAGE OF FRAUD IS ACCEPTED AS UNAVOIDABLE. THESE COSTS AND PAYMENT UNCERTAINTIESCAN BE AVOIDED IN PERSON BY USING PHYSICAL CURRENCY, BUT NO MECHANISM EXISTS TO MAKE PAYMENTSOVER A COMMUNICATIONS CHANNEL WITHOUT A TRUSTED PARTY."
    >>> hashlib.md5(plain.encode()).hexdigest()
    '880cabd53df2f03050a7214d3ae30a07'

Cut and Paste Attack On AES-ECB

截取一哈就行

ECB的问题就在于同样的明文总是对应相同的密文,而AES又是分组加密,所以我们只需要16字节截一段,然后从截出来的字段里拼出Deposit amount: One million dollars就吼啦

然后把对应的密文组合提交就好啦

Rail Fence

栅栏密码

不是栅栏密码,丢人

就是这个名字,密码是17

然而提交又失败……是不是要加空格???

和凯撒那题一样的问题

Factoring RSA With CRT Optimization

看看论文

论文结论放得挺快的,喜欢

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
 
  1. >>> e = 0x10001
    >>> n = 0x90def3c2c91ae9bf6089ec8857960d567fdbcd7c2c3ea713046977231e65f44e1b91550971d4e5d43b51675fae4ba640add3af02dad4bf68c3ddef3a98907e1e01156de7a4474d9fce2ba8c055f44673c703a72a111a06f8a7b2fe582463938d802e91630e1e1b5483b1774e608eb4368c6bbf4da375319d9a2799bf8a5ae453
    >>> x = 0xdeadc0de
    >>> y = 0x17d7f90a4597fb2bbbb41d1a70f505f0d8c5cb53faaafea259150eb6910fb08fbf1ba40e42de70c596fb0032d132c9c6ce46c650999ad5f14a990d205984260146e2949b819dc8732beceed452701d88b2c8723b410fce739009df89930424c566af5102403981c26c3e75d9c62065a347e815b26984dcd3b5f02fc8a8092051
    >>> def (a,b):
    ...     if b == 0:
    ...             return a
    ...     else:
    ...             return gcd(b,a%b)
    ...
    >>> gcd(pow(y,e,n)-x,n)
    9966524937284363425885222065976539626835093420150865305435384403545526100948308275937186399398105835105908301433416877915451315435074364352622884631548129
    >>> p = gcd(pow(y,e,n)-x,n)
    >>> q = n//p
    >>> n%p
    0
    >>> print(p)
    9966524937284363425885222065976539626835093420150865305435384403545526100948308275937186399398105835105908301433416877915451315435074364352622884631548129
    >>> print(q)
    10207350221528968021374239537567355734439270587735020516681487302155761468885207397982418037573103389660473080952277752719230542349569271803978030721660851

Easy Passwords

暴力/去他们推特看看

Hint for 1: the "easy" passwords are all standard English words

很惭愧,原本没思路的,又学习了一下别人怎么用John the Ripper的

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
 
  1. root@kali:~# touch crackit
    root@kali:~# john --wordlist=/usr/share/dict/words crackit 
    Created directory: /root/.john
    Warning: detected hash type "md5crypt", but the string is also recognized as "aix-smd5"
    Use the "--format=aix-smd5" option to force loading these as that type instead
    Using default input encoding: UTF-8
    Loaded 10 password hashes with no different salts (md5crypt, crypt(3) $1$ [MD5 128/128 SSE2 4x3])
    Press 'q' or Ctrl-C to abort, almost any other key for status
    each             (?)
    in               (?)
    letter           (?)
    list             (?)
    of               (?)
    order            (?)
    second           (?)
    the              (?)
    this             (?)
    word             (?)
    10g 0:00:00:04 DONE (2018-05-07 07:53) 2.421g/s 24502p/s 24502c/s 176147C/s woolly..word's
    Warning: passwords printed above might not be all those cracked
  2.  
  3. # 这里直接看是不知道交什么的,id0-rsa好像都是这样做的
    root@kali:~# john --show crackit
    ?:the
    ?:second
    ?:letter
    ?:of
    ?:each
    ?:word
    ?:in
    ?:this
    ?:list
    大专栏  id0-rsa WP合集 class="line">?:in
    ?:order
  4.  
  5. 11 password hashes cracked, 0 left

RSA Modulus Factorization

有公钥、私钥,分解N

有人提示

You may want to look at end of section 1 of this paper to get an idea of how to tackle this.

但是懒人选择直接用工具

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
 
  1. λ python rsatool.py -f PEM key.pem -n 2575379069244619122811590270693932708961682118615086945187580561953482470842235 5391264253236312033342930767629026955594380914791828872789640882880456756317355718989951748134910495292317107822354638062542536621806610548119524360577494257082085388892230653871347635789064083634194556923152378748383913055689941464591534636606264605505256200032003073128045380287795929441895659897956729518691264242454587153279087011099643014705274937963488514996712634166563179373202236856266518026166326484283485368106496495400924862033175617707157820195751946135848383888076352630565287208026865192435711425148588227314034233872575399 -d 17105402368913594732268140576016021009260884834703468214454459966320267707293844817833310635571150638333054368126620841170740802501167335402566350357845884586982802288930597441429262542859551082213714762867946512961388972561696317770839625342858127315991460791480206023627821121730752214777828377914024156239192555174948311918712437146465305330571121417401154082076772433310857936602097318370602240544385942653856271345622469333448979309288295132145434251447399809135938564905989171217097472641153308592366164932415033656821923922166211242186853476413476873462490965233576571621275866183349806774845359965178419609761
    Using (n, d) to initialise RSA instance
  2.  
  3. n =
    cc0262c3764f6d1bfa485a88c0566a6d68cb89ac382fbbc577a4862bdbce111bb59960ea787f132e3fddb9c914d0d11d156dd433a2adab9084d48cf58f58b42804805966ecd318ad19218791e14e19a8d0cf3441e219e5e1395eb5dba1fba11d94321a34eb536c51f4c44c5987e74a467b5fe2eae8d2725d63f24feebfd9ca746de93b6fd74ed82fed7dbfc3a84b0a425f52503ab71908a13ac11a9d52211042290ae2886626f67935dc78b7d86ba76d3c5e085a003dff06f914187acc368f904613cbd3d52f36c8b0535f9dfeec2737744ad8be51f66e1d470261a7fd7c6da277dbd2f213b44d9e8242a8a5b121acc8710baed3d244004e4ca560d58e756ba7
  4.  
  5. e = 65537 (0x10001)
  6.  
  7. d =
    87803a2b0b44dbfa8e354a74b41371a2f3cce4c74f965cc85e9c1745c03bd15f2f320d8e0eb4907fd289a9a16642fff1aa4f0577ba6051a8aea12272e3600e60da0489dcf4058dc942fce337c0870841f956f6a59fd085c01f43c9d474755660f81283178d0a1ed31c98d9014a6414105657acb74c26a3316676062354a80a70335a670675f439dec08803def4892c4d99e20fbe1975d7673679ac6f16835307ce59971c865d71edeea9ed1a93c70a37e283f270dea8499271268d86f7fc4a1b4f64041833c62a057dfb0b48f1c4f6d351673238a3de3b4506eb2472aaf90b914e791c3a723464d9169d5eab8e0a3f8a42dedb065829e8b533a89dd3ba0a00a1
  8.  
  9. p =
    cd8872868e62777d31e8cf8a694df3096bfa246463d4cfbda7f22f31d0b0f2d6d99996a099c79f312915018c475b2a5090f08ffa67400985dbbc8c04466ddf07414b40be264b98f8422ae053dfd53d4845eda2fda826cabb9237bb432f9e99862c6b75aeebc1b79e3a780fd813e05e73c9bbb521c05539e998031c876a2e7497
  10.  
  11. q = fe1a2971eee591830144ccb525befca29aa5a84c7b63510c60a491f09a185a787250bc5ea8c024896a4ec6312a8bf391fe76e15a50d7609cfb27ac18342b7dfd3d20ed94a85d62f83454ea77aa26471881aad95c63b0e890daabc71991f8051c2ec5956f8855a13e34c1e11e3a8d9abc43d813c6f9f42e34e0c75b35d2f15371

Fast Hashing Passwords

母鸡

就是给了一个简单密码表,顺着跑个散列值表,然后排序,找出散列值最大最小的两个

有点考验电脑

Python写的排序那一步会有Memory Error(主要是ACM遗留下来的习惯,写算法写cpp比较习惯)

首先是下载rockyou list,算SHA-256值(其实这里没必要,但是我觉得可能会有用,所以算一个保存着了)

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
 
  1. import hashlib
  2.  
  3. def hash(strings):
        return str(hashlib.sha256(strings).hexdigest())
  4.  
  5. f = open(r"rockyou.txt", "rb")
    w = open(r"rawsha256.txt", "w")
  6.  
  7. s = f.readline()[:-1]
    arr = []
    print(hash("".encode()))
    i = 1
    while s != "":
        w.write(hash(s)+'n')
        arr.append(hash(s))
        s = f.readline()[:-1]
  8.  
  9. f.close()
    w.close()

然后排序输出最低最高的位置

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
 
  1. #include <bits/stdc++.h>
    using namespace std;
    int arr[14344391];
    vector<string> st;
    inline bool cmp(int a, int b){
    	return st[a]<st[b];
    }
    int main()
    {
    	ios::sync_with_stdio(0); //加速输入输出用,其实为了效率应该考虑用scanf/printf + char*的组合,不过也能接受了
    	freopen("rawsha256.txt", "r", stdin);
    	string a;
    	int pos=0;
    	while(cin>>a){
    		st.push_back(a);
    		arr[pos]=pos;
    		++pos;
    	}
    	sort(arr,arr+14344391,cmp);
    	cout<<arr[0]<<endl<<arr[14344390]<<endl;
    	return 0;
    }
  2.  
  3. //2637658
    //9682632
    //--------------------------------
    //Process exited after 67.14 seconds with return value 0

然后找到对应单词测试一下就行

  1. 1
    2
    3
    4
    5
    6
    7
    8
 
  1. >>> import hashlib
    >>> def hash(strings):
    ...     return str(hashlib.sha256(strings.encode()).hexdigest())
    ...
    >>> print(hash("yame1bore"))
    0000010e433cfc497373957df2ea9af41ec17edc43672c413558f62d09842190
    >>> print(hash("bert7quinn,3"))
    fffffdaa4034dadd8b4cf8a18f92a230a92423ee24ad6dfb24adb758a8487ca2

Vigenère

多表,工具即可

https://f00l.de/hacking/vigenere.php

成功

You already solved this one! Solution: BARLEY

Monoalphabetic Cipher

单表,工具解决

https://quipqiup.com/

成功

You already solved this one! Solution: c21c7f2384dabd723c6d265b1315ddb5

Salt Alone Won't Save You

暴力?字典暴力?

是字典

先去hashcat了解了形式以后,写个脚本读

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
 
  1. import base64, binascii
    f = open("crack.txt", "r")
    s = f.readlines()
    f.close()
    f = open("crack.txt", "w")
    for ss in s:
    	ss = ss.split("$")[1:]
    	ss[1] = ss[1][:-1]
    	f.write(binascii.hexlify(base64.b64decode(ss[1])).decode('ascii')+':'+ss[0]+'n')
    f.close()

然后上hashcat

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
 
  1. A:DownloadsCompressedhashcat-4.1.0
    λ hashcat64.exe -m 1410 crack.txt rockyou.txt
    hashcat (v4.1.0) starting...
  2.  
  3. * Device #1: WARNING! Kernel exec timeout is not disabled.
                 This may cause "CL_OUT_OF_RESOURCES" or related errors.
                 To disable the timeout, see: https://hashcat.net/q/timeoutpatch
    * Device #2: Intel's OpenCL runtime (GPU only) is currently broken.
                 We are waiting for updated OpenCL drivers from Intel.
                 You can use --force to override, but do not report related errors.
    nvmlDeviceGetFanSpeed(): Not Supported
  4.  
  5. OpenCL Platform #1: NVIDIA Corporation
    ======================================
    * Device #1: GeForce GTX 965M, 512/2048 MB allocatable, 8MCU
  6.  
  7. OpenCL Platform #2: Intel(R) Corporation
    ========================================
    * Device #2: Intel(R) HD Graphics 530, skipped.
    * Device #3: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz, skipped.
  8.  
  9. Hashes: 7 digests; 7 unique digests, 7 unique salts
    Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
    Rules: 1
  10.  
  11. Applicable optimizers:
    * Zero-Byte
    * Early-Skip
    * Not-Iterated
    * Raw-Hash
  12.  
  13. Minimum password length supported by kernel: 0
    Maximum password length supported by kernel: 256
    Minimim salt length supported by kernel: 0
    Maximum salt length supported by kernel: 256
  14.  
  15. ATTENTION! Pure (unoptimized) OpenCL kernels selected.
    This enables cracking passwords and salts > length 32 but for the price of drastically reduced performance.
    If you want to switch to optimized OpenCL kernels, append -O to your commandline.
  16.  
  17. Watchdog: Temperature abort trigger set to 90c
  18.  
  19. Dictionary cache built:
    * Filename..: rockyou.txt
    * Passwords.: 14344390
    * Bytes.....: 139921496
    * Keyspace..: 14344383
    * Runtime...: 1 sec
  20.  
  21. 0603ae874b416862ad705b1c42f770141b1c802fa960a5b5aa91430f04c94400:kPD)T)=~1K{r:totoloco1990
    6f2da1836ac6d7c40a93da4ca9afc56fdbe7279fcd12f479aa983d495772de73:4.9.mHSbiQ]^:phuck123
    97ddc547c46af1af9821475c0b629d6a47bbfeb952535cc0afff72022459548d:b*.m,%~&<"^6:nc27360
    e91ba9f0ff28267c4af7c6976bc1e119138b76fc2cf719a06b097baec8761391:(y3]<+9zmi4|:imberly1999
    573fa001661fffc3c82aeec82f16951670dc342cc071eadc8bc71a8826209b66:{4[1m"WqdR0s:cowmen7
    Cracking performance lower than expected?
  22.  
  23. * Append -O to the commandline.
      This lowers the maximum supported password- and salt-length (typically down to 32).
  24.  
  25. * Append -w 3 to the commandline.
      This can cause your screen to lag.
  26.  
  27. * Update your OpenCL runtime / driver the right way:
      https://hashcat.net/faq/wrongdriver
  28.  
  29. * Create more work items to make use of your parallelization power:
      https://hashcat.net/faq/morework
  30.  
  31. Approaching final keyspace - workload adjusted.
  32.  
  33. Session..........: hashcat
    Status...........: Exhausted
    Hash.Type........: sha256($pass.$salt)
    Hash.Target......: crack.txt
    Time.Started.....: Fri May 11 15:37:43 2018 (5 secs)
    Time.Estimated...: Fri May 11 15:37:48 2018 (0 secs)
    Guess.Base.......: File (rockyou.txt)
    Guess.Queue......: 1/1 (100.00%)
    Speed.Dev.#1.....: 11989.9 kH/s (9.69ms) @ Accel:128 Loops:1 Thr:384 Vec:1
    Recovered........: 5/7 (71.43%) Digests, 5/7 (71.43%) Salts
    Progress.........: 100410681/100410681 (100.00%)
    Rejected.........: 0/100410681 (0.00%)
    Restore.Point....: 14344383/14344383 (100.00%)
    Candidates.#1....: $HEX[3032313342] -> $HEX[042a0337c2a156616d6f732103]
    HWMon.Dev.#1.....: Temp: 63c Util: 50% Core:1151MHz Mem:2505MHz Bus:16
  34.  
  35. Started: Fri May 11 15:37:31 2018
    Stopped: Fri May 11 15:37:48 2018

排序输入得到答案

CCA on Textbook RSA

RSA的选择密文攻击。

假设爱丽丝创建了密文 $C=P^emodn$并且把 $C$ 发送给鲍勃,同时假设我们要对爱丽丝加密后的任意密文解密,而不是只解密 $C$,那么我们可以拦截$ C$,并运用下列步骤求出 $P$:

  1. 选择任意的 $X∈Z^∗_n$,即 $X$ 与 $N$ 互素
  2. 计算 $Y=C×X^emod n$
  3. 由于我们可以进行选择密文攻击,那么我们求得 $Y$ 对应的解密结果 $Z=Y^d$
  4. 那么,由于 $Z=Y^d=(C×X^e)^d=C^dX=P^{ed}X=PXmodn$,由于 $X$ 与 $N$ 互素,我们很容易求得相应的逆元,进而可以得到 $P$

于是先读公钥

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
 
  1. λ openssl rsa -pubin -in pubkey.pem -text -modulus
    Public-Key: (2048 bit)
    Modulus:
        00:a9:a9:60:8d:4b:d1:be:ee:e3:ce:11:51:cc:2d:
        1a:72:b8:76:df:63:e4:9f:70:aa:c8:da:e5:04:f5:
        91:7c:aa:f7:9f:5a:16:ae:5a:0b:8f:c2:e5:59:b6:
        46:8f:b4:9b:64:8d:02:96:6e:a2:30:03:f2:08:d7:
        56:b6:31:11:2d:86:ae:85:5e:04:82:e7:df:db:d5:
        e9:0d:06:d5:6b:58:12:36:db:9a:9b:d5:24:2f:2e:
        ca:82:b5:c2:f9:52:88:50:ad:be:78:b7:d1:83:e2:
        b1:ee:3b:2e:89:f2:45:33:9e:88:04:67:40:a0:d0:
        50:49:f5:76:a3:7a:ca:a9:45:0c:51:c7:7c:f5:b5:
        ba:85:e5:72:39:c2:a0:55:8e:eb:a1:f0:e6:06:7a:
        d3:b9:c6:50:08:7b:6b:35:ea:72:eb:8a:c6:8c:00:
        5d:4a:38:a4:c7:d8:d4:0c:b2:91:59:4a:83:21:ff:
        6c:08:78:81:2a:65:9a:83:59:f7:67:65:cd:55:97:
        15:96:ec:20:1a:30:63:8f:39:c5:23:08:5e:13:c7:
        55:9d:07:22:44:ea:70:df:84:f3:7b:a8:13:19:51:
        76:fc:62:c7:58:63:78:38:3f:5a:52:93:b0:3f:54:
        43:26:5d:f8:e7:50:5f:27:9f:e5:60:6d:36:bc:f1:
        47:f9
    Exponent: 65537 (0x10001)
    Modulus=A9A9608D4BD1BEEEE3CE1151CC2D1A72B876DF63E49F70AAC8DAE504F5917CAAF79F5A16AE5A0B8FC2E559B6468FB49B648D02966EA23003F208D756B631112D86AE855E0482E7DFDBD5E90D06D56B581236DB9A9BD5242F2ECA82B5C2F9528850ADBE78B7D183E2B1EE3B2E89F245339E88046740A0D05049F576A37ACAA9450C51C77CF5B5BA85E57239C2A0558EEBA1F0E6067AD3B9C650087B6B35EA72EB8AC68C005D4A38A4C7D8D40CB291594A8321FF6C0878812A659A8359F76765CD55971596EC201A30638F39C523085E13C7559D072244EA70DF84F37BA813195176FC62C7586378383F5A5293B03F5443265DF8E7505F279FE5606D36BCF147F9
    writing RSA key
    -----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqalgjUvRvu7jzhFRzC0a
    crh232Pkn3CqyNrlBPWRfKr3n1oWrloLj8LlWbZGj7SbZI0Clm6iMAPyCNdWtjER
    LYauhV4Eguff29XpDQbVa1gSNtuam9UkLy7KgrXC+VKIUK2+eLfRg+Kx7jsuifJF
    M56IBGdAoNBQSfV2o3rKqUUMUcd89bW6heVyOcKgVY7rofDmBnrTucZQCHtrNepy
    64rGjABdSjikx9jUDLKRWUqDIf9sCHiBKmWag1n3Z2XNVZcVluwgGjBjjznFIwhe
    E8dVnQciROpw34Tze6gTGVF2/GLHWGN4OD9aUpOwP1RDJl3451BfJ5/lYG02vPFH
    +QIDAQAB
    -----END PUBLIC KEY-----
 
  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
 
  1. λ python
    Python 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)] on win32
    Type "help", "copyright", "credits" or "license" for more information.
    >>> n =0xA9A9608D4BD1BEEEE3CE1151CC2D1A72B876DF63E49F70AAC8DAE504F5917CAAF79F5A16AE5A0B8FC2E559B6468FB49B648D02966EA23003F208D756B631112D86AE855E0482E7DFDBD5E90D06D56B581236DB9A9BD5242F2ECA82B5C2F9528850ADBE78B7D183E2B1EE3B2E89F245339E88046740A0D05049F576A37ACAA9450C51C77CF5B5BA85E57239C2A0558EEBA1F0E6067AD3B9C650087B6B35EA72EB8AC68C005D4A38A4C7D8D40CB291594A8321FF6C0878812A659A8359F76765CD55971596EC201A30638F39C523085E13C7559D072244EA70DF84F37BA813195176FC62C7586378383F5A5293B03F5443265DF8E7505F279FE5606D36BCF147F9
    >>> x = 3
    >>> c = 0x912fcd40a901aa4b7b60ec37ce6231bb87783b0bf36f824e51fe77e9580ce1adb5cf894410ff87684969795525a63e069ee962182f3ff876904193e5eb2f34b20cfa37ec7ae0e9391bec3e5aa657246bd80276c373798885e5a986649d27b9e04f1adf8e6218f3c805c341cb38092ab771677221f40b72b19c75ad312b6b95eafe2b2a30efe49eb0a5b19a75d0b31849535b717c41748a6edd921142cfa7efe692c9a776bb4ece811afbd5a1bbd82251b76e76088d91ed78bf328c6b608bbfd8cf1bdf388d4dfa4d4e034a54677a16e16521f7d0213a3500e91d6ad4ac294c7a01995e1128a5ac68bfc26304e13c60a6622c1bb6b54b57c8dcfa7651b81576fc
    >>> d = pow(x,0x10001,n)*c%n
    >>> hex(d)
    '0x5eff6db089a86b058bbfd34f01cbe256fc9cc5b18c0999bd215048f8ca3de6f3250191417e502ea15aac5c7cf167c9be60944361163b13b96b1262dfc4bcbd695a61dcedd74192d9bfc5c0b9c8399cba3f6e6fc9f4adaf6d65b0594c696a32ab53913c06be6de9ee68b030b0aaef65bec0cbec7ad2439057cf30f7cd083138f98be11e93e54168acbc4bacb6b87b0a4a3d84e761f58e7605a0ae01b72c1344e96d7c5401be91bbe78a3527672c073c4c355ee340a1d2ea5d178c31c40561bccfb9ef47e0c984bd8227a187f492489b0292b506edf992950c009b59d2093b43f5601affa6b5b0b39a4b848c654ad242c55e62b358c03d91f889e7ab5e5d7e7f02'

提到网站去,得到1395d5d50ae8d8e24572a393c628b3c4b335a30298b305d396e8b2a388e302d602a245d3c4e4a8e335990a88e5a302a5a30478de8244b36305690938b512d32

求$3^{-1}modn$,最后计算得到明文0x687474703a2f2f6172636869762e696e667365632e6574687a2e63682f656475636174696f6e2f667330382f73656373656d2f4d616e67657230312e706466

AES-CTR with Nonce Reuse

就是Two-Time-Pad攻击咯

Bad Entropy

就是爆破咯

  1. 1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
 
  1. from hashlib import md5
    from Crypto.Cipher import AES
    import binascii
    c = binascii.unhexlify("a99210d796a1e37503febf65c329c1b2")
    print(c)
  2.  
  3. i = 1453651200
    while i <= 1454169600:
        s = md5(str(i).encode()).hexdigest()
        s = binascii.unhexlify(s)
        cipher = AES.new(s, AES.MODE_ECB)
        try:
            cipher.decrypt(c).decode('ascii')
            print(cipher.decrypt(c))
            a = input()
            if int(a) == 0:
                print(i)
                break
        except:
            pass
        i += 1

爆破成功,密钥时间是1453862488

Rainbow Table Hash Chain

直觉告诉我hashcat可解

Elliptic Curve Private Key Recovery

貌似是公钥选得腊鸡?但是我需要复(yu)习一下ECC

ECDSA Nonce Recovery

同上

Double Strength Affine

直觉告诉我,暴力依然可以解

Slightly harder passwords

Twitter上有hint,直觉告诉我说hashcat可以解决

Upgraded Affine

这个的CBC需要考虑一下子了

Fvtavat Xrl Erpbirel

印象里是RSA,慢慢来把

Insufficient Key Size

这题这么水还放这么后面……yafu/factordb秒解好吧

都懒得写WP了……看到这里还不会的可以退群了(明示【误

Håstad's Broadcast Attack

RSA广播攻击诶,好嗦

CBC Padding Attack

标题明示,我要慢慢学习去

Breaking PDF Passwords

Vigenère + Rail Fence

手动一个个试,然后得到密钥是21,trader

Recover the secret phone number

这题还是比较有意思的

首先很明显是一个base64

  1. 1
    2
    3
    4
    5
    6
    7
    8
 
  1. λ python
    Python 3.6.1 (v3.6.1:69c0db5, Mar 21 2017, 17:54:52) [MSC v.1900 32 bit (Intel)] on win32
    Type "help", "copyright", "credits" or "license" for more information.
    >>> a = "H4sIAIq6o1cAAy2QS5OiMBSF9/yaIDrVLnrRQfJS000gAbILhCJAUMryMfrrB6tndRf3u+ecexR2nuLQNxF3eiU7u0IvitWtitimIcLrGEamFGdKxNmUx64hqq+xHyi++jZbd3JSQx1p3/QQBAbLBWCznRDQGbzocuws/ug0VkNz8g8br/fxKO51b8Ei+GwzCOon7JuTevNTHbFhmcBg/woo3t704qCWhM0kT80TurqHvir5rEv6TrpZmNDG7wP1fLNFsQ0p5m9uMsVmpNiDQ3feB4cMXA9ZGAtpWd7DVEl2zOSxy4DSvzuwz6WLLBCikPOhDmdmiB7yEQkhWSwlSqrSwsUUBtnkYF4yYxJdfOPHJc2VaPF2rkox1IPjlVep9VAJoJzuZtJOi8aKsQa7hEdfF0H4VO/4TxbZW6B2ycbsPMyIpy2+Si7/mpzwtUX6zndfoRmT1/4FYROKix05q4mjQvE/sbdeK9cLUN3b0X3LhIWBJLBKw5kuL5CjfDyKUnkl5cYixESCRCrp/n8VKB/TTiIV54nf0eSKit8arnH3+Rn8A9M9NCIXAgAA"
    >>> import base64
    >>> f = open("file","wb")
    >>> f.write(base64.b64decode(a))
    429

然后去鉴定去

  1. 1
    2
    3
    4
    5
 
  1. root@kali:~# binwalk file
  2.  
  3. DECIMAL       HEXADECIMAL     DESCRIPTION
    --------------------------------------------------------------------------------
    0             0x0             gzip compressed data, from Unix, last modified: 2016-08-04 21:58:34

接着解压

  1. 1
 
  1. root@kali:~# gzip -d file

接着又是很明显的base64,解出来是个公钥

去分解一下,成功了

求得私钥解出号码

Optimal Backpack Allocation

Insecure PRNG

Playfair

CRIMEs against TLS

Bleichenbacher's CCA2 on RSA

Backdoored PRNG

Not So Safe Primes

DSA with LCG nonces

id0-rsa WP合集的更多相关文章

  1. SecureCRT 下载,安装,绝佳配色,实用配置,上传下载配置合集

    SecureCRT 下载,安装,绝佳配色,实用配置,上传下载配置合集 chocoball 发布于 2年前,共有 3 条评论 SecureCRT 是一款支持 SSH2.SSH1.Telnet.Telne ...

  2. SQL Server技术内幕笔记合集

    SQL Server技术内幕笔记合集 发这一篇文章主要是方便大家找到我的笔记入口,方便大家o(∩_∩)o Microsoft SQL Server 6.5 技术内幕 笔记http://www.cnbl ...

  3. 【Android】开发中个人遇到和使用过的值得分享的资源合集

    Android-Classical-OpenSource Android开发中 个人遇到和使用过的值得分享的资源合集 Trinea的OpenProject 强烈推荐的Android 开源项目分类汇总, ...

  4. [Erlang 0122] Erlang Resources 2014年1月~6月资讯合集

    虽然忙,有些事还是要抽时间做; Erlang Resources 小站 2014年1月~6月资讯合集,方便检索.      小站地址: http://site.douban.com/204209/   ...

  5. [Erlang 0114] Erlang Resources 小站 2013年7月~12月资讯合集

    Erlang Resources 小站 2013年7月~12月资讯合集,方便检索.     附 2013上半年盘点: Erlang Resources 小站 2013年1月~6月资讯合集    小站地 ...

  6. SQL用法操作合集

    SQL用法操作合集   一.表的创建 1.创建表 格式: 1 CREATE TABLE 表名 2 (列名 数据类型(宽度)[DEFAULT 表达式][COLUMN CONSTRAINT], 3 ... ...

  7. Python学习路径及练手项目合集

    Python学习路径及练手项目合集 https://zhuanlan.zhihu.com/p/23561159

  8. Lucene搜索方式大合集

    package junit; import java.io.File; import java.io.IOException; import java.text.ParseException; imp ...

  9. [Erlang 0105] Erlang Resources 小站 2013年1月~6月资讯合集

    很多事情要做,一件一件来; Erlang Resources 小站 2013年1月~6月资讯合集,方便检索.      小站地址: http://site.douban.com/204209/     ...

随机推荐

  1. JAVA初学者——标识符命名规则及数据类型的转换

    Hello!我是浩宇大熊猫~ 直接进入正题吧~ 1)标识符的命名规则. 标识符命名法有小驼峰命名法和大驼峰命名法两种,分别应用于方法.变量和类. 小驼峰命名法应用于方法和变量,主要有两个约定: 1.标 ...

  2. redis在linux中的安装启动

    1. 拖到 /usr/local 下 2. 解压 tar zxf redis-4.0.8.tar.gz 3. mkdir /usr/redis 4. 编译     cd redis-4.0.8/src ...

  3. 常用DIV+CSS命名大全集合

    一.命名规则说明:   -   TOP 1).所有的命名最好都小写 2).属性的值一定要用双引号("")括起来,且一定要有值如class="divcss5",i ...

  4. 吴裕雄--天生自然Linux操作系统:Linux 文件基本属性

    Linux系统是一种典型的多用户系统,不同的用户处于不同的地位,拥有不同的权限.为了保护系统的安全性,Linux系统对不同的用户访问同一文件(包括目录文件)的权限做了不同的规定. 在Linux中我们可 ...

  5. 第1章 分布式系统概念与ZooKeeper简介

    ZooKeeper分布式专题与Dubbo微服务入门 第1章 分布式系统概念与ZooKeeper简介 1-1 zookeeper简介 1-2 什么是分布式系统 略 1-3 分布式系统的瓶颈以及zk的相关 ...

  6. [PHP防火墙]输入内容存在危险字符,安全起见,已被本站拦截

    之前在很多的网站都看到了360webscan的攻击拦截脚本,正好分析并学习一下. 下载地址:http ://webscan.360.cn/protect/down?domain = blog.dybo ...

  7. SVN解除与服务器的关联

    1.随便找个地方新建个文本文档 2.粘贴如下内容到文档里,建议使用notepad++ Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\ ...

  8. C#在listview控件中显示数据库数据

    一.了解listview控件的属性 view:设置为details columns:设置列 items:设置行 1.将listview的view设置为details 2.设置列属性 点击添加,添加一列 ...

  9. ios AVPlayer参考

    http://www.cnblogs.com/kenshincui/p/4186022.html#avPlayer

  10. 拾起HTML+CSS的一天

    今天在w3school看了下HTML5和CSS3的新特性. 本来觉得自己对CSS方面基础还挺有把握的,就之前自学都是跳过这个模块的,但经过昨天会友的面试,感觉自己好像太忽视基础了,很多基本的东西很模糊 ...