Buuctf

crypto
0x01传感器

提示是曼联,猜测为曼彻斯特密码

wp:https://www.xmsec.cc/manchester-encode/

cipher:

5555555595555A65556AA696AA6666666955

cipher='5555555595555A65556AA696AA6666666955'
def iee(cipher):
tmp=''
for i in range(len(cipher)):
a=bin(eval('0x'+cipher[i]))[2:].zfill(4)
tmp=tmp+a[1]+a[3]
print(tmp)
plain=[hex(int(tmp[i:i+8][::-1],2))[2:] for i in range(0,len(tmp),8)] print(''.join(plain).upper()) iee(cipher)

要注意的是,这个编码是iee格式的曼彻斯特编码,还有就是得到二进制要8位一组,翻过来(reverse)

Flag:flag{FFFFFED31F645055F9}

坏蛋是罗宾

rabina加密

pk是公钥,可以分解成p和q。分解后,看4个解的二进制形式,找到末尾位110001的,去掉后,转为十进制,求md5

exp:

from hashlib import md5

def EX_GCD(a, b, arr):
if b == 0:
arr[0] = 1
arr[1] = 0
return a
g = EX_GCD(b, a % b, arr)
t = arr[0]
arr[0] = arr[1]
arr[1] = t - int(a // b) * arr[1]
return g def ModReverse(a, n):
arr = [
0,
1,
]
gcd = EX_GCD(a, n, arr)
if gcd == 1:
return (arr[0] % n + n) % n
else:
return -1 def decrypt_rabin(c, p, q):
n = p * q
m1 = pow(c, (p + 1) / 4, p)
m2 = (-m1) % p
m3 = pow(c, (q + 1) / 4, q)
m4 = (-m3) % q
a = q * ModReverse(q, p)
b = p * ModReverse(p, q)
M1 = (a * m1 + b * m3)%n
M2 = (a * m1 + b * m4)%n
M3 = (a * m2 + b * m3)%n
M4 = (a * m2 + b * m4)%n
print(bin(M1),bin(M2),bin(M3),bin(M4)) c = 162853095
p = 10663
q = 49123
c=c+p*q
decrypt_rabin(c, p, q)
flag=0b10010011100100100101010
print('flag{'+md5(str(flag)).hexdigest()+'}')

Flag:flag{ca5cec442b2734735406d78c88e90f35}

Enterprogame

伪代码,半猜半试,密钥给了,重复一下加密就出来了

Exp:

key='whoami'
s=[]
t=[]
d=0
f=open('file.txt','rb')
cipher=f.read()
for i in range(256):
s.append(i)
t.append(ord(key[i%6]))
j=0
for i in range(256):
j=(j+s[i]+t[i])%256
s[i],s[j]=s[j],s[i]
i=0
j=0
plain=[]
for m in range(38):
i=(i+1)%256
j=(j+s[i])%256
s[i],s[j]=s[j],s[i]
x=((s[i]+(s[j]%256))%256)
plain.append(chr(cipher[m]^s[x]))
print(eval(''.join(plain)))
[GXYCTF2019]CheckIn

这题又让我得知一种偏门的编码Rot47

先base64解码,得到一串密文,再一个rot47就可以了

https://www.qqxiuzi.cn/bianma/ROT5-13-18-47.php

[HDCTF2019bbbbbabyrsa]

这题只要让我学到python的异常处理

题目:

from base64 import b64encode as b32encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import random flag = "******************************" nbit = 128 p = getPrime(nbit)
q = getPrime(nbit)
n = p*q print p
print n phi = (p-1)*(q-1) e = random.randint(50000,70000) while True:
if gcd(e,phi) == 1:
break;
else:
e -= 1; c = pow(int(b2a_hex(flag),16),e,n) print b32encode(str(c))[::-1]

ps:这个b32encode还可以再假点?

爆破e是关键

Exp:

import gmpy2
from Crypto.Util.number import *
from base64 import b64decode
from string import printable
def check(m1):
i=1
try:
m=m1.decode()
except UnicodeDecodeError:
return 0
else:
for j in m:
if j in printable:
continue
else:
i=0
break
return i p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
c = '==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM'[::-1] cipher=eval(b64decode(c))
q=n//p phi=(p-1)*(q-1) e_list=[]
for i in range(50001,70000,2):
if gmpy2.gcd(i,phi)==1:
e_list.append(i)
for i in e_list:
d=gmpy2.invert(i,phi)
m=long_to_bytes(pow(cipher,d,n))
if check(m)==1:
print(m)

check m是不是都是可见字符的时候,python的bytes和str之间的转换问题。不是可见字符转成str会有一个报错,就引入了python的异常处理,try语句写法

flag:flag{rs4_1s_s1mpl3!#}

[RoarCTF2019]babyRSA

题目:

import sympy
import random def myGetPrime():
A= getPrime(513)
print(A)
B=A-random.randint(1e3,1e5)
print(B)
return sympy.nextPrime((B!)%A)
p=myGetPrime()
#A1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467234407
#B1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467140596 q=myGetPrime()
#A2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858418927
#B2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858351026 r=myGetPrime() n=p*q*r
#n=85492663786275292159831603391083876175149354309327673008716627650718160585639723100793347534649628330416631255660901307533909900431413447524262332232659153047067908693481947121069070451562822417357656432171870951184673132554213690123308042697361969986360375060954702920656364144154145812838558365334172935931441424096270206140691814662318562696925767991937369782627908408239087358033165410020690152067715711112732252038588432896758405898709010342467882264362733
c=pow(flag,e,n)
#e=0x1001
#c=75700883021669577739329316795450706204502635802310731477156998834710820770245219468703245302009998932067080383977560299708060476222089630209972629755965140317526034680452483360917378812244365884527186056341888615564335560765053550155758362271622330017433403027261127561225585912484777829588501213961110690451987625502701331485141639684356427316905122995759825241133872734362716041819819948645662803292418802204430874521342108413623635150475963121220095236776428
#so,what is the flag?

注意的事B!不是什么运算,是表示b的阶乘

威尔逊定理\((p-1)!\equiv-1\bmod p\)

关键步骤就是运用威尔逊定理

\(b=a-x\)

\((a-x)!\cdot(a-x+1)\cdot(a-x+2)\cdot…(a-1)\equiv-1\bmod a\)

连乘b+1到a-1为止,并求逆。得到-b!,b!=a-b!

Exp:

import gmpy2
from Crypto.Util.number import long_to_bytes
A1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467234407
B1=21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467140596 A2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858418927
B2=16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858351026 n=85492663786275292159831603391083876175149354309327673008716627650718160585639723100793347534649628330416631255660901307533909900431413447524262332232659153047067908693481947121069070451562822417357656432171870951184673132554213690123308042697361969986360375060954702920656364144154145812838558365334172935931441424096270206140691814662318562696925767991937369782627908408239087358033165410020690152067715711112732252038588432896758405898709010342467882264362733 e=0x1001
c=75700883021669577739329316795450706204502635802310731477156998834710820770245219468703245302009998932067080383977560299708060476222089630209972629755965140317526034680452483360917378812244365884527186056341888615564335560765053550155758362271622330017433403027261127561225585912484777829588501213961110690451987625502701331485141639684356427316905122995759825241133872734362716041819819948645662803292418802204430874521342108413623635150475963121220095236776428 def wilison(b,a):
p=1
b=b+1
while b<a:
p*=b
p%=a
b+=1
return a-p p=gmpy2.next_prime(gmpy2.invert(wilison(B1,A1),A1))
q=gmpy2.next_prime(gmpy2.invert(wilison(B2,A2),A2)) r=n//q//p
phi=(p-1)*(q-1)*(r-1)
d=gmpy2.invert(e,phi)
m=gmpy2.powmod(c,d,n)
print(long_to_bytes(m))
[NCTF2019]childRSA

题目:


from random import choice
from Crypto.Util.number import isPrime, sieve_base as primes
from flag import flag def getPrime(bits):
while True:
n = 2
while n.bit_length() < bits:
n *= choice(primes)
if isPrime(n + 1):
return n + 1 e = 0x10001
m = int.from_bytes(flag.encode(), 'big')
p, q = [getPrime(2048) for _ in range(2)]
n = p * q
c = pow(m, e, n) # n = 32849718197337581823002243717057659218502519004386996660885100592872201948834155543125924395614928962750579667346279456710633774501407292473006312537723894221717638059058796679686953564471994009285384798450493756900459225040360430847240975678450171551048783818642467506711424027848778367427338647282428667393241157151675410661015044633282064056800913282016363415202171926089293431012379261585078566301060173689328363696699811123592090204578098276704877408688525618732848817623879899628629300385790344366046641825507767709276622692835393219811283244303899850483748651722336996164724553364097066493953127153066970594638491950199605713033004684970381605908909693802373826516622872100822213645899846325022476318425889580091613323747640467299866189070780620292627043349618839126919699862580579994887507733838561768581933029077488033326056066378869170169389819542928899483936705521710423905128732013121538495096959944889076705471928490092476616709838980562233255542325528398956185421193665359897664110835645928646616337700617883946369110702443135980068553511927115723157704586595844927607636003501038871748639417378062348085980873502535098755568810971926925447913858894180171498580131088992227637341857123607600275137768132347158657063692388249513
# c = 26308018356739853895382240109968894175166731283702927002165268998773708335216338997058314157717147131083296551313334042509806229853341488461087009955203854253313827608275460592785607739091992591431080342664081962030557042784864074533380701014585315663218783130162376176094773010478159362434331787279303302718098735574605469803801873109982473258207444342330633191849040553550708886593340770753064322410889048135425025715982196600650740987076486540674090923181664281515197679745907830107684777248532278645343716263686014941081417914622724906314960249945105011301731247324601620886782967217339340393853616450077105125391982689986178342417223392217085276465471102737594719932347242482670320801063191869471318313514407997326350065187904154229557706351355052446027159972546737213451422978211055778164578782156428466626894026103053360431281644645515155471301826844754338802352846095293421718249819728205538534652212984831283642472071669494851823123552827380737798609829706225744376667082534026874483482483127491533474306552210039386256062116345785870668331513725792053302188276682550672663353937781055621860101624242216671635824311412793495965628876036344731733142759495348248970313655381407241457118743532311394697763283681852908564387282605279108%

先讲非预期解

从加密过程中素数生成中可以看出p,q应该很接近,此时可以尝试yafu分解大素数

但是命令行模式下无法输入太长,我们新建一个n.txt,在里面写入n的值,注意最后要加换行!然后用在命令行用命令yafu-x64.exe "factor(@)" -batchfile n.txt。然后几秒钟后就得到了pq的值。

[GWCTF 2019]BabyRSA

题目:

import hashlib
import sympy
from Crypto.Util.number import * flag = 'GWHT{******}'
secret = '******' assert(len(flag) == 38) half = len(flag) / 2 flag1 = flag[:half]
flag2 = flag[half:] secret_num = getPrime(1024) * bytes_to_long(secret) p = sympy.nextprime(secret_num)
q = sympy.nextprime(p) N = p * q e = 0x10001 F1 = bytes_to_long(flag1)
F2 = bytes_to_long(flag2) c1 = F1 + F2
c2 = pow(F1, 3) + pow(F2, 3)
assert(c2 < N) m1 = pow(c1, e, N)
m2 = pow(c2, e, N) output = open('secret', 'w')
output.write('N=' + str(N) + '\n')
output.write('m1=' + str(m1) + '\n')
output.write('m2=' + str(m2) + '\n')
output.close()

逻辑很清楚,先尝试分解因子,factor.com 和sage都没分开

但是看了一下,q=sympy.nextprime(p),判断p,q相差不大,用yafu可以分解

由于N太大了,不能直接命令行下分解,写入文件才可以。我们新建一个n.txt,在里面写入n的值,注意最后要加换行!然后用在命令行用命令yafu-x64.exe "factor(@)" -batchfile n.txt。然后几秒钟后就得到了pq的值

常规rsa手段求出c1,c2.

F1,F2满足两道方程,两个未知量,z3一把梭

exp:

import gmpy2
from Crypto.Util.number import long_to_bytes
from z3 import * N=636585149594574746909030160182690866222909256464847291783000651837227921337237899651287943597773270944384034858925295744880727101606841413640006527614873110651410155893776548737823152943797884729130149758279127430044739254000426610922834573094957082589539445610828279428814524313491262061930512829074466232633130599104490893572093943832740301809630847541592548921200288222432789208650949937638303429456468889100192613859073752923812454212239908948930178355331390933536771065791817643978763045030833712326162883810638120029378337092938662174119747687899484603628344079493556601422498405360731958162719296160584042671057160241284852522913676264596201906163
m1=90009974341452243216986938028371257528604943208941176518717463554774967878152694586469377765296113165659498726012712288670458884373971419842750929287658640266219686646956929872115782173093979742958745121671928568709468526098715927189829600497283118051641107305128852697032053368115181216069626606165503465125725204875578701237789292966211824002761481815276666236869005129138862782476859103086726091860497614883282949955023222414333243193268564781621699870412557822404381213804026685831221430728290755597819259339616650158674713248841654338515199405532003173732520457813901170264713085107077001478083341339002069870585378257051150217511755761491021553239
m2=487443985757405173426628188375657117604235507936967522993257972108872283698305238454465723214226871414276788912058186197039821242912736742824080627680971802511206914394672159240206910735850651999316100014691067295708138639363203596244693995562780286637116394738250774129759021080197323724805414668042318806010652814405078769738548913675466181551005527065309515364950610137206393257148357659666687091662749848560225453826362271704292692847596339533229088038820532086109421158575841077601268713175097874083536249006018948789413238783922845633494023608865256071962856581229890043896939025613600564283391329331452199062858930374565991634191495137939574539546
e=0x10001
p = 797862863902421984951231350430312260517773269684958456342860983236184129602390919026048496119757187702076499551310794177917920137646835888862706126924088411570997141257159563952725882214181185531209186972351469946269508511312863779123205322378452194261217016552527754513215520329499967108196968833163329724620251096080377748737
q = 797862863902421984951231350430312260517773269684958456342860983236184129602390919026048496119757187702076499551310794177917920137646835888862706126924088411570997141257159563952725882214181185531209186972351469946269508511312863779123205322378452194261217016552527754513215520329499967108196968833163329724620251096080377747699 d=gmpy2.invert(e,(p-1)*(q-1))
flag1=gmpy2.powmod(m1,d,N)
flag2=gmpy2.powmod(m2,d,N) c1=gmpy2.powmod(m1,d,N)
c2=gmpy2.powmod(m2,d,N)
#print("C1={}\nC2={}".format(c1,c2))
C1=2732509502629189160482346120094198557857912754
C2=5514544075236012543362261483183657422998274674127032311399076783844902086865451355210243586349132992563718009577051164928513093068525554 F1=Int('F1')
F2=Int('F2')
s=Solver() s.add((F1+F2)==C1)
s.add(pow(F1,3)+pow(F2,3)==C2)
print(s.check())
print(s.model()) f2 = 1141553212031156130619789508463772513350070909
f1 = 1590956290598033029862556611630426044507841845 print(long_to_bytes(f1)+long_to_bytes(f2))

flag:GWHT{f709e0e2cfe7e530ca8972959a1033b2}

BUUCTF 部分wp的更多相关文章

  1. buuctf misc wp 01

    buuctf misc wp 01 1.金三胖 2.二维码 3.N种方法解决 4.大白 5.基础破解 6.你竟然赶我走 1.金三胖 root@kali:~/下载/CTF题目# unzip 77edf3 ...

  2. buuctf misc wp 02

    buuctf misc wp 02 7.LSB 8.乌镇峰会种图 9.rar 10.qr 11.ningen 12.文件中的秘密 13.wireshark 14.镜子里面的世界 15.小明的保险箱 1 ...

  3. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  4. 刷题记录:[CISCN2019 总决赛 Day2 Web1]Easyweb

    目录 刷题记录:[CISCN2019 总决赛 Day2 Web1]Easyweb 一.涉及知识点 1.敏感文件泄露 2.绕过及sql注入 3.文件上传:短标签绕过php过滤 刷题记录:[CISCN20 ...

  5. (buuctf) - pwn入门部分wp - rip -- pwn1_sctf_2016

    [buuctf]pwn入门 pwn学习之路引入 栈溢出引入 test_your_nc [题目链接] 注意到 Ubuntu 18, Linux系统 . nc 靶场 nc node3.buuoj.cn 2 ...

  6. Buuctf pwn1 详细wp

    目录 程序基本信息 程序溢出点 确定返回地址 编写exp脚本 成功getshell 程序基本信息 我们可以看到这是一个64程序,没有保护开启. 程序溢出点 gets函数可以读取无限字符,存在栈溢出. ...

  7. BUUCTF CRYPTO部分题目wp

    对密码学了解不多,做一下熟悉熟悉 1,看我回旋踢 给的密文synt{5pq1004q-86n5-46q8-o720-oro5on0417r1} 简单的凯撒密码,用http://www.zjslove. ...

  8. BUUCTF RE部分题目wp

    RE 1,easyre拖进ida,得到flag 2,helloworld 将文件拖入apk改之理,得到flag 3,xor拖进ida,就是简单异或,写脚本 glo=[0x66,0x0a,0x6b,0x ...

  9. BUUCTF PWN部分题目wp

    pwn好难啊 PWN 1,连上就有flag的pwnnc buuoj.cn 6000得到flag 2,RIP覆盖一下用ida分析一下,发现已有了system,只需覆盖RIP为fun()的地址,用peda ...

随机推荐

  1. IdentityServer4身份认证授权入门

    一.简介 IdentityServer4 是为ASP.NET Core 系列量身打造的一款基于 OpenID Connect 和 OAuth 2.0 认证框架 特点: 1.认证服务 2.单点登录登出( ...

  2. 最新2.7版本丨DataPipeline数据融合产品最新版本发布

    此次发布的2.7版本在进一步优化产品底层数据处理逻辑的同时更加注重提升用户在数据融合任务的日常管理.运行监控及资源分配等管理方面的功能增强与优化,力求帮助大家更为直观.便捷.稳定地管理数据融合任务,提 ...

  3. .windows模拟linux命令iostat的显示

    脚本如下: #!/usr/bin/env python #coding:utf- import win32com.client import time def disk_status(): try: ...

  4. Java数据结构系列(1)——自平衡二叉树

    1.基本概念 所谓自平衡二叉树,就是当我们插入或删除元素之后,二叉树的高度会自动调整到最小,这样我们就可以在对数时间内查找二叉树内的元素. 2.定义 TreeSet<Elemtype> s ...

  5. POJ_3627_贪心

    题目描述: 给你N个数和一个总和,要求求出最少个数的数相加大于等于这个总和. 思路: 很简单的贪心,先排序,从大到小加一次,比较一次,直到符合条件. 我用了优先队列,运行时间好像多了一倍= = #in ...

  6. [Jinja2]本地加载html模板

    import os from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader ...

  7. HDU_3038_并查集

    http://acm.hdu.edu.cn/showproblem.php?pid=3038 并查集的应用,选择哪个点作为根结点都没关系,多了一个sum数组保存每个点到根节点的和,注意刚开始a减了1, ...

  8. 12306 抢票系列之只要搞定RAIL_DEVICEID的来源,从此抢票不再掉线(上)

    郑重声明: 本文仅供学习使用,禁止用于非法用途,否则后果自负,如有侵权,烦请告知删除,谢谢合作! 开篇明义 本文针对自主开发的抢票脚本在抢票过程中常常遇到的请求无效等问题,简单分析了 12306 网站 ...

  9. 基于 HTML5 WebGL 的智慧楼宇可视化系统

    前言 可视化的智慧楼宇在 21 世纪是有急迫需求的,中国被世界称为"基建狂魔",全球高层建筑数量位居首位,所以对于楼宇的监控是必不可少.智慧楼宇可视化系统更多突出的是管理方面的功能 ...

  10. Git 小课堂 004

    rebase--变基,就是这个可能会把事情搞得一团糟的操作. 对于变基,我只能说,需要一个配合默契的团队,你们心灵想通,互相了解,然后你们会做出非常漂亮的事情.对于使用变基且几乎不会出问题的团队,我一 ...