babyAES:

题目如下:

from Crypto.Cipher import AES

import os

iv = os.urandom(16)

key = os.urandom(16)

my_aes = AES.new(key, AES.MODE_CBC, iv)

flag = open('flag.txt', 'rb').read()

flag += (16 - len(flag) % 16) * b'\x00'

c = my_aes.encrypt(flag)

print(c)

print(iv)

print(key)

'''

b'C4:\x86Q$\xb0\xd1\x1b\xa9L\x00\xad\xa3\xff\x96 hJ\x1b~\x1c\xd1y\x87A\xfe0\xe2\xfb\xc7\xb7\x7f^\xc8\x9aP\xdaX\xc6\xdf\x17l=K\x95\xd07'

b'\xd1\xdf\x8f)\x08w\xde\xf9yX%\xca[\xcb\x18\x80'

b'\xa4\xa6M\xab{\xf6\x97\x94>hK\x9bBe]F'

'''

百度简单理解一下AES加密算法,分析题目发生是CBC模式,知道了偏移量iv,密钥key,可以进行解密,脚本如下:

from Crypto.Cipher import AES

c = b'C4:\x86Q$\xb0\xd1\x1b\xa9L\x00\xad\xa3\xff\x96 hJ\x1b~\x1c\xd1y\x87A\xfe0\xe2\xfb\xc7\xb7\x7f^\xc8\x9aP\xdaX\xc6\xdf\x17l=K\x95\xd07'

iv = b'\xd1\xdf\x8f)\x08w\xde\xf9yX%\xca[\xcb\x18\x80'

key = b'\xa4\xa6M\xab{\xf6\x97\x94>hK\x9bBe]F'

cipher = AES.new(key, AES.MODE_CBC, iv)

decrypted = cipher.decrypt(c)

print(decrypted.rstrip(b'\0'))  # 解密完成后将加密时添加的多余字符'\0'删除

得到flag:Dest0g3{d0e5fa76-e50f-76f6-9cf1-b6c2d576b6f4}

ezDLP:

题目如下:

from Crypto.Util.number import *

flag = open('flag.txt', 'rb').read()

x = bytes_to_long(flag)

g = 19

p = 335215034881592512312398694238485179340610060759881511231472142277527176340784432381542726029524727833039074808456839870641607412102746854257629226877248337002993023452385472058106944014653401647033456174126976474875859099023703472904735779212010820524934972736276889281087909166017427905825553503050645575935980580803899122224368875197728677516907272452047278523846912786938173456942568602502013001099009776563388736434564541041529106817380347284002060811645842312648498340150736573246893588079033524476111268686138924892091575797329915240849862827621736832883215569687974368499436632617425922744658912248644475097139485785819369867604176912652851123185884810544172785948158330991257118563772736929105360124222843930130347670027236797458715653361366862282591170630650344062377644570729478796795124594909835004189813214758026703689710017334501371279295621820181402191463184275851324378938021156631501330660825566054528793444353

h = pow(g, x, p)

print(h)

'''

199533304296625406955683944856330940256037859126142372412254741689676902594083385071807594584589647225039650850524873289407540031812171301348304158895770989218721006018956756841251888659321582420167478909768740235321161096806581684857660007735707550914742749524818990843357217489433410647994417860374972468061110200554531819987204852047401539211300639165417994955609002932104372266583569468915607415521035920169948704261625320990186754910551780290421057403512785617970138903967874651050299914974180360347163879160470918945383706463326470519550909277678697788304151342226439850677611170439191913555562326538607106089620201074331099713506536192957054173076913374098400489398228161089007898192779738439912595619813699711049380213926849110877231503068464392648816891183318112570732792516076618174144968844351282497993164926346337121313644001762196098432060141494704659769545012678386821212213326455045335220435963683095439867976162

'''

dlp即离散对数问题,参考下图讲解,简单来讲就是给了g和h,h和g有关系:h=ga然后求出a。因为h和g给的数值很大,所以我们使用特殊工具sage

直接使用sage求出x,然后使用long_to_bytes()函数得到flag:

#sage

g = 19

p = 335215034881592512312398694238485179340610060759881511231472142277527176340784432381542726029524727833039074808456839870641607412102746854257629226877248337002993023452385472058106944014653401647033456174126976474875859099023703472904735779212010820524934972736276889281087909166017427905825553503050645575935980580803899122224368875197728677516907272452047278523846912786938173456942568602502013001099009776563388736434564541041529106817380347284002060811645842312648498340150736573246893588079033524476111268686138924892091575797329915240849862827621736832883215569687974368499436632617425922744658912248644475097139485785819369867604176912652851123185884810544172785948158330991257118563772736929105360124222843930130347670027236797458715653361366862282591170630650344062377644570729478796795124594909835004189813214758026703689710017334501371279295621820181402191463184275851324378938021156631501330660825566054528793444353

h = 199533304296625406955683944856330940256037859126142372412254741689676902594083385071807594584589647225039650850524873289407540031812171301348304158895770989218721006018956756841251888659321582420167478909768740235321161096806581684857660007735707550914742749524818990843357217489433410647994417860374972468061110200554531819987204852047401539211300639165417994955609002932104372266583569468915607415521035920169948704261625320990186754910551780290421057403512785617970138903967874651050299914974180360347163879160470918945383706463326470519550909277678697788304151342226439850677611170439191913555562326538607106089620201074331099713506536192957054173076913374098400489398228161089007898192779738439912595619813699711049380213926849110877231503068464392648816891183318112570732792516076618174144968844351282497993164926346337121313644001762196098432060141494704659769545012678386821212213326455045335220435963683095439867976162

x = discrete_log(mod(h,p),mod(g,p))

print(x)

得到flag:Dest0g3{07ed2a6f-182f-a05d-c81e-1318af820a78}

ezStream:

题目如下:

from Crypto.Util.number import *

f = open('flag.txt', 'r')

flag = f.read()

f.close()

assert flag[:8] == "Dest0g3{"

class LCG:

    def __init__(self):

        self.a = getRandomNBitInteger(32)

        self.b = getRandomNBitInteger(32)

        self.m = getPrime(32)

        self.seed = getRandomNBitInteger(32)

    def next(self):

        self.seed = (self.a * self.seed + self.b) % self.m

        return self.seed >> 16

    def output(self):

        print("a = {}\nb = {}\nm = {}".format(self.a, self.b, self.m))

        print("state1 = {}".format(self.next()))

        print("state2 = {}".format(self.next()))

lcg = LCG()

lcg.output()

c = b''.join([long_to_bytes(ord(flag[i]) ^ (lcg.next() % 10))

              for i in range(len(flag))])

print(bytes_to_long(c))

'''

a = 3939333498

b = 3662432446

m = 2271373817

state1 = 17362

state2 = 20624

600017039001091357643174067454938198067935635401496485588306838343558125283178792619821966678282131419050878

'''

根据题目,可以知道是流密码中LCG线性同余问题,只要得到随机数种子,就能找到lcg.next的值,继而得到flag明文。

爆破随机数种子脚本:

a = 3939333498

b = 3662432446

m = 2271373817

seed = 1

#爆破LCG的随机数种子

def next(a,b,m,seed):

    seed = (a*seed+b) % m

    return seed >> 16

def next1(a,b,m,seed):

    seed = (a*seed+b) % m

    seedd = (a*seed+b) % m

    return seedd >> 16

while(1):

    seed1 = next(a, b, m, seed)

    if seed1 == 17362:    #state1

        seed2 = next1(a, b, m, seed)

        if seed2 == 20624:   #state2

            print(seed)

            break

    seed += 1

#104984523

得到随机数种子为:104984523。

所以解flag脚本如下:

from Crypto.Util.number import *

a = 3939333498

b = 3662432446

m = 2271373817

#求解流密码中LCG问题

class LCG:

    def __init__(self):

        self.a = a

        self.b = b

        self.m = m

        self.seed = 104984523

    def next(self):

        self.seed = (self.a * self.seed + self.b) % self.m

        return self.seed >> 16

    def output(self):

        print("a = {}\nb = {}\nm = {}".format(self.a, self.b, self.m))

        print("state1 = {}".format(self.next()))

        print("state2 = {}".format(self.next()))

lcg = LCG()

lcg.output()

c = 600017039001091357643174067454938198067935635401496485588306838343558125283178792619821966678282131419050878

c_byte = long_to_bytes(c)

c_str = 'Agtp6b3zd15d3017-d71f-e<83$a6kj/b`f03325>b23~'

flag = b''.join([long_to_bytes(ord(c_str[i]) ^ (lcg.next() % 10))

              for i in range(len(c_str))])

print(flag)

这里要先转换成字节,然后把内容拿出来写成字符串才能计算。这里我卡了很久。后面几题因为考试复习,所以没时间去看,要不要复盘看之后有没有时间再去解了。

buuctf_Dest0g3_crypto的更多相关文章

随机推荐

  1. JSP实现登录删除添加星座等(带样式)

    功能要求 1.完成两个页面 2.第一个登陆页面login. jsp 3.第二个用户管理页面useManage. jsp 4.有登录功能(能进行用户名密码的校验,用户名若为自己的学号密码为班级号,允许登 ...

  2. Codeforces Round #442 (Div. 2) B. Nikita and string

    题意:求最长可以分a b a为三部分子串,a b a可以为空 思路在代码里 1 #include<cstdio> 2 #include<iostream> 3 #include ...

  3. The project was not built due to "Could not delete '/XXX/WebRoot/WEB-INF/classes/library'.". Fix the problem, then try refreshing this project and building

    在构建插件时提示如下错误: Description Resource Path Location Type The project was not built due to "Could n ...

  4. 最长公共前缀(Java)

    编写一个函数来查找字符串数组中的最长公共前缀. 如果不存在公共前缀,返回空字符串 "". 示例 1: 输入:strs = ["flower","flo ...

  5. C语言经典编程100题

    程序1] 题目:古典问题:有一对兔子,从出生后第3个月起每个月都生一对兔子,小兔子长到第三个月 后每个月又生一对兔子,假如兔子都不死,问每个月的兔子总数为多少? 1.程序分析: 兔子的规律为数列1,1 ...

  6. 一天十道Java面试题----第三天(对线程安全的理解------>线程池中阻塞队列的作用)

    这里是参考B站上的大佬做的面试题笔记.大家也可以去看视频讲解!!! 文章目录 21.对线程安全的理解 22.Thread和Runnable的区别 23.说说你对守护线程的理解 24.ThreadLoc ...

  7. echarts在Vue项目中的实际运用效果图

    文章目录 1.在后台系统首页中.可以根据需求制作相应的图表 2.在Vue中使用echarts的详细过程参照这个链接 1.在后台系统首页中.可以根据需求制作相应的图表 2.在Vue中使用echarts的 ...

  8. 知识图谱顶刊综述 - (2021年4月) A Survey on Knowledge Graphs: Representation, Acquisition, and Applications

    知识图谱综述(2021.4) 论文地址:A Survey on Knowledge Graphs: Representation, Acquisition, and Applications 目录 知 ...

  9. 小程序利用canvas 绘制图案 (生成海报, 生成有特色的头像)

    小程序利用canvas 绘制图案 (生成海报, 生成有特色的头像) 微信小程序生成特色头像,海报等是比较常见的.下面我来介绍下实现该类小程序的过程. 首先选择前端来通过 canvas 绘制.这样比较节 ...

  10. 重新整理 .net core 实践篇 ———— dotnet-dump [外篇]

    前言 本文的上一篇为: https://www.cnblogs.com/aoximin/p/16861797.html 该文为dotnet-dump 和 procdump 的实战介绍一下. 正文 现在 ...