last_signin

from Crypto.Util.number import *

flag = b'?'

e = 65537

p, q = getPrime(1024), getPrime(1024)

N = p * q

gift = p&(2**923-2**101)

m = bytes_to_long(flag)

c = pow(m, e, N)

print("N = ",N)

print("gift = ",gift)

print("c = ",c)

"""

N =  12055968471523053394851394038007091122809367392467691213651520944038861796011063965460456285088011754895260428814358599592032865236006733879843493164411907032292051539754520574395252298997379020268868972160297893871261713263196092380416876697472160104980015554834798949155917292189278888914003846758687215559958506116359394743135211950575060201887025032694825084104792059271584351889134811543088404952977137809673880602946974798597506721906751835019855063462460686036567578835477249909061675845157443679947730585880392110482301750827802213877643649659069945187353987713717145709188790427572582689339643628659515017749

p0 =  70561167908564543355630347620333350122607189772353278860674786406663564556557177660954135010748189302104288155939269204559421198595262277064601483770331017282701354382190472661583444774920297367889959312517009682740631673940840597651219956142053575328811350770919852725338374144

c =  2475592349689790551418951263467994503430959303317734266333382586608208775837696436139830443942890900333873206031844146782184712381952753718848109663188245101226538043101790881285270927795075893680615586053680077455901334861085349972222680322067952811365366282026756737185263105621695146050695385626656638309577087933457566501579308954739543321367741463532413790712419879733217017821099916866490928476372772542254929459218259301608413811969763001504245717637231198848196348656878611788843380115493744125520080930068318479606464623896240289381601711908759450672519228864487153103141218567551083147171385920693325876018

"""

参考:D^3CTF 官方Write Up-Crypto-Bivariate

exp:

#sage#

N =  12055968471523053394851394038007091122809367392467691213651520944038861796011063965460456285088011754895260428814358599592032865236006733879843493164411907032292051539754520574395252298997379020268868972160297893871261713263196092380416876697472160104980015554834798949155917292189278888914003846758687215559958506116359394743135211950575060201887025032694825084104792059271584351889134811543088404952977137809673880602946974798597506721906751835019855063462460686036567578835477249909061675845157443679947730585880392110482301750827802213877643649659069945187353987713717145709188790427572582689339643628659515017749

p0 =  70561167908564543355630347620333350122607189772353278860674786406663564556557177660954135010748189302104288155939269204559421198595262277064601483770331017282701354382190472661583444774920297367889959312517009682740631673940840597651219956142053575328811350770919852725338374144

c =  2475592349689790551418951263467994503430959303317734266333382586608208775837696436139830443942890900333873206031844146782184712381952753718848109663188245101226538043101790881285270927795075893680615586053680077455901334861085349972222680322067952811365366282026756737185263105621695146050695385626656638309577087933457566501579308954739543321367741463532413790712419879733217017821099916866490928476372772542254929459218259301608413811969763001504245717637231198848196348656878611788843380115493744125520080930068318479606464623896240289381601711908759450672519228864487153103141218567551083147171385920693325876018

def bivariate(pol, XX, YY, kk=4):

    N = pol.parent().characteristic()

    f = pol.change_ring(ZZ)

    PR, (x, y) = f.parent().objgens()

    idx = [(k - i, i) for k in range(kk + 1) for i in range(k + 1)]

    monomials = list(map(lambda t: PR(x ** t[0] * y ** t[1]), idx))

    # collect the shift-polynomials

    g = []

    for h, i in idx:

        if h == 0:

            g.append(y ** h * x ** i * N)

        else:

            g.append(y ** (h - 1) * x ** i * f)

    # construct lattice basis

    M = Matrix(ZZ, len(g))

    for row in range(M.nrows()):

        for col in range(M.ncols()):

            h, i = idx[col]

            M[row, col] = g[row][h, i] * XX ** h * YY ** i

    # LLL

    B = M.LLL()

    PX = PolynomialRing(ZZ, 'xs')

    xs = PX.gen()

    PY = PolynomialRing(ZZ, 'ys')

    ys = PY.gen()

    # Transform LLL-reduced vectors to polynomials

    H = [(i, PR(0)) for i in range(B.nrows())]

    H = dict(H)

    for i in range(B.nrows()):

        for j in range(B.ncols()):

            H[i] += PR((monomials[j] * B[i, j]) / monomials[j](XX, YY))

    # Find the root

    poly1 = H[0].resultant(H[1], y).subs(x=xs)

    poly2 = H[0].resultant(H[2], y).subs(x=xs)

    poly = gcd(poly1, poly2)

    x_root = poly.roots()[0][0]

    poly1 = H[0].resultant(H[1], x).subs(y=ys)

    poly2 = H[0].resultant(H[2], x).subs(y=ys)

    poly = gcd(poly1, poly2)

    y_root = poly.roots()[0][0]

    return x_root, y_root

PR = PolynomialRing(Zmod(N), names='x,y')

x, y = PR.gens()

pol = 2 ** 923 * x + y + p0

x, y = bivariate(pol, 2 ** 101, 2 ** 101)

p = 2 ** 923 * x + y + p0

q = N // p

print(p)

print(q)

#p = 128316995030969915324601380638393686940451314028029847288048482890311391444850912731036515693294185876094548175445535907681477441597112946116144447110741965169166242532652418536974280062421433117597771884350348782061336417186073214602745554392782563801452571827824278044551188124531752043347553290530270395447

#q = 93954572959047928343011750832384121004425708514797352779274995744988621009506935222019019171047965401245311260375453924225343494879356560534244565490966730992944825873075214193169703861204568164588812686254102717072093288624081316906954278209584119401170082334613277995260895181460040974631476760070669352467
from Crypto.Util.number import *

p = 128316995030969915324601380638393686940451314028029847288048482890311391444850912731036515693294185876094548175445535907681477441597112946116144447110741965169166242532652418536974280062421433117597771884350348782061336417186073214602745554392782563801452571827824278044551188124531752043347553290530270395447

q = 93954572959047928343011750832384121004425708514797352779274995744988621009506935222019019171047965401245311260375453924225343494879356560534244565490966730992944825873075214193169703861204568164588812686254102717072093288624081316906954278209584119401170082334613277995260895181460040974631476760070669352467

c = 2475592349689790551418951263467994503430959303317734266333382586608208775837696436139830443942890900333873206031844146782184712381952753718848109663188245101226538043101790881285270927795075893680615586053680077455901334861085349972222680322067952811365366282026756737185263105621695146050695385626656638309577087933457566501579308954739543321367741463532413790712419879733217017821099916866490928476372772542254929459218259301608413811969763001504245717637231198848196348656878611788843380115493744125520080930068318479606464623896240289381601711908759450672519228864487153103141218567551083147171385920693325876018

n = p * q

e=65537

d = inverse(e, (p - 1)*(q - 1))

m = int(pow(c, d, n))

print(long_to_bytes(m))

#flag{although_11ts_norma11_tis_still_stay_dsadsa}

School of CRC32

import secrets

from secret import flag

import zlib

ROUND = 100

LENGTH = 20

print('Extreme hard CRC32 challenge')

print('ARE YOU READY')

for i in range(ROUND):

    print('ROUND', i, '!'*int(i/75 + 1))

    target = secrets.randbits(32)

    print('Here is my CRC32 value: ', hex(target))

    dat = input('Show me some data > ')

    raw = bytes.fromhex(dat)

    if zlib.crc32(raw) == target and len(raw) == LENGTH:

        print("GREAT")

    else:

        print("OH NO")

        exit()

print("Congratulation! Here is your flag")

print(flag)

考点:crc32的逆向(碰撞),参考:https://pypi.org/project/crcsolver/

exp:

from Crypto.Util.number import *

import crcsolver

import zlib

from pwn import *

sh = remote("IP",端口号)

for i in range(100):

    data = sh.recvuntil(b"Here is my CRC32 value:")

    c = eval(sh.recvline().decode())

    m = crcsolver.solve(b'_'*20, range(8*20), c, zlib.crc32) #关键代码

    message = hex(bytes_to_long(m))[2:].zfill(40)  #传给服务器的数据需要是16进制形式,而且需填充满40位才行,否则会报错。

    sh.sendlineafter(b"Show me some data >",message)

sh.interactive()

NewStarCTF 2023 公开赛道 WEEK5|CRYPTO WP的更多相关文章

  1. bugku crypto wp上半部分汇总

    1.滴答~滴 摩斯码,在线解开. 2. 栅栏密码,在线解就出flag了. 3. Ook解密,由.?!Ook组成密文,在线网站解密 4.这不是摩斯密码 有点像jsfuck,发现又不是,因为不会出现大于号 ...

  2. BUUCTF Crypto

    BUUCTF 几道crypto WP [AFCTF2018]Morse 简单的莫尔斯密码,最直观的莫尔斯密码是直接采用空格分割的点和划线,这题稍微绕了一下使用的是斜杠来划分 所以首先将斜杠全部替换为空 ...

  3. 2021羊城杯比赛复现(Crypto)

    bigrsa 题目: from Crypto.Util.number import * from flag import * n1 = 10383529640908175186077053551474 ...

  4. 海王星给你好看!FineUI v4.0公测版发布暨《你找BUG我送书》活动开始(活动已结束!)

    <FineUI v4.0 你找BUG我送书>活动已结束,恭喜如下三位网友获得由 FineUI 作者亲自翻译的图书<jQuery实战 第二版>! 奋斗~ 吉吉﹑ purplebo ...

  5. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  6. NewStarCTF 公开赛 2022 RE WP

    Week 2 Re 前可见古人,后得见来者 chipher = [0x51, 0x5B, 0x4C, 0x56, 0x59, 0x4D, 0x50, 0x56, 0x54, 0x43, 0x7D, 0 ...

  7. DawgCTF wp(re和crypto)

    简单写写思路,想看详解的..我脚本有些丢失了..师傅请移步. 挂了个vpn,算正式打这种国际赛,全是英文.上去打了两天,昨晚晚上划水了一晚上补作业...,re那时候写出来三道,Potentially ...

  8. 第二届 BJD wp(reverse和crypto)

    re 1.第一题拖入ida,flag就是直接明文摆着 2.第二题是8086的程序,拖入ida,发现有个jmp无限跳转,可能是段寄存器被修改了,ida无法将后面的汇编识别出来,所以后面才有很多无效数据, ...

  9. MRCTF (re和crypto)wp

    RE: 一.PixelShooter(这题比赛我居然没看,靠,血亏,所以做不出来就不要一直死怼,这题挺好写的,) unity一般是用c#写的,刚好又是apk,可以用dnspy来反编译看看,在源码中找到 ...

  10. HGAME 2023 WP week1

    WEEK1 web Classic Childhood Game 一眼顶真,直接翻js文件,在Events.js中找到mota(),猜测是获取flag,var a = ['\x59\x55\x64\x ...

随机推荐

  1. 假如这个地方可能为null,那他一定会为null

    假如你的代码,在某个地方(比如controller层)提示你:这个方法调用可能会产生null,那么千万不要视而不见,在某一瞬间它一定会是null,势必报错. /** * 修改保存管理员 */ @Pos ...

  2. android学习笔记(1)

    Android 开发框架 android系统是一个开放且体积庞大的系统,从功能上,将android开发分为移植开发移动电话系统,android应用开发和android系统开发三种. 移动移植移动电话系 ...

  3. 序列化性能测试:jdk和fastjson

    序列化性能测试:jdk和fastjson 我开发一个认证授权框架时,需要添加数据库存储token或者会话,于是想测试使用jdk的blob存储解析快还是存储string的json序列化解析快,从而选择他 ...

  4. rust angular 自签名证书 wss

    项目中采用 wss 来建立的前后端连接, 但是并没有用到认证的证书, 所以自己用 openssl 生成了私钥, 自签名证书来使用: 这里就不再赘述 Wss 连接过程, 直接上手操作: 1. 生成私钥, ...

  5. react 事件函数中 this 绑定问题

    在使用类方式创建组件时,类中定义一个函数,并且绑定到元素的点击事件上,此时这个函数中this指向并不是当前这个组件. 组件代码如下: class App extends React.Component ...

  6. 数仓实践丨主动预防-DWS关键工具安装确认

    摘要:gdb确认是否安装,所带来的该工具用户数据库实例触发core问题后集群状态反复异常,对此问题及时分析根因并及时进行规避. 本文分享自华为云社区<主动预防-DWS关键工具安装确认>,作 ...

  7. GaussDB(for Redis)揭秘:Redis存算分离架构最全解析

    前言: 本文根据华为云NoSQL数据库架构师余汶龙,在今年的中国系统架构师大会SACC上的演讲整理而成,内容如下. 本次分享的大纲分成如下四个部分: 什么是GaussDB(for Redis)? 为什 ...

  8. 鸿蒙轻内核源码分析:Newlib C

    摘要:本文介绍了LiteOS-M内核Newlib C的实现,特别是文件系统和内存分配释放部分,最后介绍了Newlib钩子函数. 本文分享自华为云社区<鸿蒙轻内核M核源码分析系列二十 Newlib ...

  9. QA: Solon 出现中文乱码怎么办?

    有些服务器可能会出现中文乱码,有些又不会.也是挺晕的. 可以用 jvm 启动参数试一下: java -Dfile.encoding=utf-8 -jar demoapp.jar

  10. Chrome浏览器导出HTTPS证书

    点证书小锁 进入证书界面 到详情中,导出证书