babyAES:

题目如下:

from Crypto.Cipher import AES

import os

iv = os.urandom(16)

key = os.urandom(16)

my_aes = AES.new(key, AES.MODE_CBC, iv)

flag = open('flag.txt', 'rb').read()

flag += (16 - len(flag) % 16) * b'\x00'

c = my_aes.encrypt(flag)

print(c)

print(iv)

print(key)

'''

b'C4:\x86Q$\xb0\xd1\x1b\xa9L\x00\xad\xa3\xff\x96 hJ\x1b~\x1c\xd1y\x87A\xfe0\xe2\xfb\xc7\xb7\x7f^\xc8\x9aP\xdaX\xc6\xdf\x17l=K\x95\xd07'

b'\xd1\xdf\x8f)\x08w\xde\xf9yX%\xca[\xcb\x18\x80'

b'\xa4\xa6M\xab{\xf6\x97\x94>hK\x9bBe]F'

'''

百度简单理解一下AES加密算法,分析题目发生是CBC模式,知道了偏移量iv,密钥key,可以进行解密,脚本如下:

from Crypto.Cipher import AES

c = b'C4:\x86Q$\xb0\xd1\x1b\xa9L\x00\xad\xa3\xff\x96 hJ\x1b~\x1c\xd1y\x87A\xfe0\xe2\xfb\xc7\xb7\x7f^\xc8\x9aP\xdaX\xc6\xdf\x17l=K\x95\xd07'

iv = b'\xd1\xdf\x8f)\x08w\xde\xf9yX%\xca[\xcb\x18\x80'

key = b'\xa4\xa6M\xab{\xf6\x97\x94>hK\x9bBe]F'

cipher = AES.new(key, AES.MODE_CBC, iv)

decrypted = cipher.decrypt(c)

print(decrypted.rstrip(b'\0'))  # 解密完成后将加密时添加的多余字符'\0'删除

得到flag:Dest0g3{d0e5fa76-e50f-76f6-9cf1-b6c2d576b6f4}

ezDLP:

题目如下:

from Crypto.Util.number import *

flag = open('flag.txt', 'rb').read()

x = bytes_to_long(flag)

g = 19

p = 335215034881592512312398694238485179340610060759881511231472142277527176340784432381542726029524727833039074808456839870641607412102746854257629226877248337002993023452385472058106944014653401647033456174126976474875859099023703472904735779212010820524934972736276889281087909166017427905825553503050645575935980580803899122224368875197728677516907272452047278523846912786938173456942568602502013001099009776563388736434564541041529106817380347284002060811645842312648498340150736573246893588079033524476111268686138924892091575797329915240849862827621736832883215569687974368499436632617425922744658912248644475097139485785819369867604176912652851123185884810544172785948158330991257118563772736929105360124222843930130347670027236797458715653361366862282591170630650344062377644570729478796795124594909835004189813214758026703689710017334501371279295621820181402191463184275851324378938021156631501330660825566054528793444353

h = pow(g, x, p)

print(h)

'''

199533304296625406955683944856330940256037859126142372412254741689676902594083385071807594584589647225039650850524873289407540031812171301348304158895770989218721006018956756841251888659321582420167478909768740235321161096806581684857660007735707550914742749524818990843357217489433410647994417860374972468061110200554531819987204852047401539211300639165417994955609002932104372266583569468915607415521035920169948704261625320990186754910551780290421057403512785617970138903967874651050299914974180360347163879160470918945383706463326470519550909277678697788304151342226439850677611170439191913555562326538607106089620201074331099713506536192957054173076913374098400489398228161089007898192779738439912595619813699711049380213926849110877231503068464392648816891183318112570732792516076618174144968844351282497993164926346337121313644001762196098432060141494704659769545012678386821212213326455045335220435963683095439867976162

'''

dlp即离散对数问题,参考下图讲解,简单来讲就是给了g和h,h和g有关系:h=ga然后求出a。因为h和g给的数值很大,所以我们使用特殊工具sage

直接使用sage求出x,然后使用long_to_bytes()函数得到flag:

#sage

g = 19

p = 335215034881592512312398694238485179340610060759881511231472142277527176340784432381542726029524727833039074808456839870641607412102746854257629226877248337002993023452385472058106944014653401647033456174126976474875859099023703472904735779212010820524934972736276889281087909166017427905825553503050645575935980580803899122224368875197728677516907272452047278523846912786938173456942568602502013001099009776563388736434564541041529106817380347284002060811645842312648498340150736573246893588079033524476111268686138924892091575797329915240849862827621736832883215569687974368499436632617425922744658912248644475097139485785819369867604176912652851123185884810544172785948158330991257118563772736929105360124222843930130347670027236797458715653361366862282591170630650344062377644570729478796795124594909835004189813214758026703689710017334501371279295621820181402191463184275851324378938021156631501330660825566054528793444353

h = 199533304296625406955683944856330940256037859126142372412254741689676902594083385071807594584589647225039650850524873289407540031812171301348304158895770989218721006018956756841251888659321582420167478909768740235321161096806581684857660007735707550914742749524818990843357217489433410647994417860374972468061110200554531819987204852047401539211300639165417994955609002932104372266583569468915607415521035920169948704261625320990186754910551780290421057403512785617970138903967874651050299914974180360347163879160470918945383706463326470519550909277678697788304151342226439850677611170439191913555562326538607106089620201074331099713506536192957054173076913374098400489398228161089007898192779738439912595619813699711049380213926849110877231503068464392648816891183318112570732792516076618174144968844351282497993164926346337121313644001762196098432060141494704659769545012678386821212213326455045335220435963683095439867976162

x = discrete_log(mod(h,p),mod(g,p))

print(x)

得到flag:Dest0g3{07ed2a6f-182f-a05d-c81e-1318af820a78}

ezStream:

题目如下:

from Crypto.Util.number import *

f = open('flag.txt', 'r')

flag = f.read()

f.close()

assert flag[:8] == "Dest0g3{"

class LCG:

    def __init__(self):

        self.a = getRandomNBitInteger(32)

        self.b = getRandomNBitInteger(32)

        self.m = getPrime(32)

        self.seed = getRandomNBitInteger(32)

    def next(self):

        self.seed = (self.a * self.seed + self.b) % self.m

        return self.seed >> 16

    def output(self):

        print("a = {}\nb = {}\nm = {}".format(self.a, self.b, self.m))

        print("state1 = {}".format(self.next()))

        print("state2 = {}".format(self.next()))

lcg = LCG()

lcg.output()

c = b''.join([long_to_bytes(ord(flag[i]) ^ (lcg.next() % 10))

              for i in range(len(flag))])

print(bytes_to_long(c))

'''

a = 3939333498

b = 3662432446

m = 2271373817

state1 = 17362

state2 = 20624

600017039001091357643174067454938198067935635401496485588306838343558125283178792619821966678282131419050878

'''

根据题目,可以知道是流密码中LCG线性同余问题,只要得到随机数种子,就能找到lcg.next的值,继而得到flag明文。

爆破随机数种子脚本:

a = 3939333498

b = 3662432446

m = 2271373817

seed = 1

#爆破LCG的随机数种子

def next(a,b,m,seed):

    seed = (a*seed+b) % m

    return seed >> 16

def next1(a,b,m,seed):

    seed = (a*seed+b) % m

    seedd = (a*seed+b) % m

    return seedd >> 16

while(1):

    seed1 = next(a, b, m, seed)

    if seed1 == 17362:    #state1

        seed2 = next1(a, b, m, seed)

        if seed2 == 20624:   #state2

            print(seed)

            break

    seed += 1

#104984523

得到随机数种子为:104984523。

所以解flag脚本如下:

from Crypto.Util.number import *

a = 3939333498

b = 3662432446

m = 2271373817

#求解流密码中LCG问题

class LCG:

    def __init__(self):

        self.a = a

        self.b = b

        self.m = m

        self.seed = 104984523

    def next(self):

        self.seed = (self.a * self.seed + self.b) % self.m

        return self.seed >> 16

    def output(self):

        print("a = {}\nb = {}\nm = {}".format(self.a, self.b, self.m))

        print("state1 = {}".format(self.next()))

        print("state2 = {}".format(self.next()))

lcg = LCG()

lcg.output()

c = 600017039001091357643174067454938198067935635401496485588306838343558125283178792619821966678282131419050878

c_byte = long_to_bytes(c)

c_str = 'Agtp6b3zd15d3017-d71f-e<83$a6kj/b`f03325>b23~'

flag = b''.join([long_to_bytes(ord(c_str[i]) ^ (lcg.next() % 10))

              for i in range(len(c_str))])

print(flag)

这里要先转换成字节,然后把内容拿出来写成字符串才能计算。这里我卡了很久。后面几题因为考试复习,所以没时间去看,要不要复盘看之后有没有时间再去解了。

buuctf_Dest0g3_crypto的更多相关文章

随机推荐

  1. STM32的SPI口的DMA读写[原创www.cnblogs.com/helesheng]

    SPI是我最常用的接口之一,连接管脚仅为4根:在常见的芯片间通信方式中,速度远优于UART.I2C等其他接口.STM32的SPI口的同步时钟最快可到PCLK的二分之一,单个字节或字的通信时间都在us以 ...

  2. VideoPipe可视化视频结构化框架开源了!

    完成多路视频并行接入.解码.多级推理.结构化数据分析.上报.编码推流等过程,插件式/pipe式编程风格,功能上类似英伟达的deepstream和华为的mxvision,但底层核心不依赖复杂难懂的gst ...

  3. Java代码审计之实战某博客

    对某博客的代码审计 在gitee上面找了一个个人博客项目,来进行实战代码审计,主要还是学习为主 技术菜菜,哪里错误希望师傅们指正 1.SQL注入 先了解Java Web中的数据传输流程 graph T ...

  4. 前端枚举enum的应用(Element)封装

    什么是枚举Enum 枚举 Enum是在众多语言中都有的一种数据类型,JavaScript中还没有(TypeScript有).用来表示一些特定类别的常量数据,如性别.学历.方向.账户状态等,项目开发中是 ...

  5. 如何用Virtualbox搭建一个虚拟机

    序言 各位好啊,我是会编程的蜗牛,作为java开发者,我们肯定会接触Linux服务器,除了使用云服务搭建Linux服务器外,我们一般也可以在自己的电脑上安装虚拟机来搭建Linux服务器用于各种功能的验 ...

  6. 抛砖系列之redis监控命令

    前言 redis是一款非常流行的kv数据库,以高性能著称,其高吞吐.低延迟等特性让广大开发者趋之若鹜,每每看到别人发出的redis故障报告都让我产生一种居安思危,以史为鉴的危机感,恰逢今年十一西安烟雨 ...

  7. python渗透测试入门——基础的网络编程工具

    <Python黑帽子--黑客与渗透测试编程之道学习>这本书是我在学习安全的过程中发现的在我看来十分优秀的一本书,业内也拥有很高的评价,所以在这里将自己的学习内容分享出来. 1.基础的网络编 ...

  8. MySQL 索引失效-模糊查询,最左匹配原则,OR条件等。

    索引失效 介绍 索引失效就是我们明明在查询时的条件为索引列(包括自己新建的索引),但是索引不能起效,走的是全表扫描.explain 后可查看type=ALL. 这是为什么呢? 首先介绍有以下几种情况索 ...

  9. 测试开发mysql性能调优总结(一)

    测试开发mysql性能调优总结 mysql在创建表的时候,对每个字段选择合适的数据类型很重要! 根据个人的经验总结: 整数类型选择 INT小数类型选择 DECIMAL字符串类型选择 TEXT日期时间选 ...

  10. python 基本使用 异常判断

    简单常用 isinstance 判断一个对象是否是一个已知的类型 arg=123 isinstance(arg, int) #输出True isinstance(arg, str) #输出False ...