last_signin

from Crypto.Util.number import *

flag = b'?'

e = 65537

p, q = getPrime(1024), getPrime(1024)

N = p * q

gift = p&(2**923-2**101)

m = bytes_to_long(flag)

c = pow(m, e, N)

print("N = ",N)

print("gift = ",gift)

print("c = ",c)

"""

N =  12055968471523053394851394038007091122809367392467691213651520944038861796011063965460456285088011754895260428814358599592032865236006733879843493164411907032292051539754520574395252298997379020268868972160297893871261713263196092380416876697472160104980015554834798949155917292189278888914003846758687215559958506116359394743135211950575060201887025032694825084104792059271584351889134811543088404952977137809673880602946974798597506721906751835019855063462460686036567578835477249909061675845157443679947730585880392110482301750827802213877643649659069945187353987713717145709188790427572582689339643628659515017749

p0 =  70561167908564543355630347620333350122607189772353278860674786406663564556557177660954135010748189302104288155939269204559421198595262277064601483770331017282701354382190472661583444774920297367889959312517009682740631673940840597651219956142053575328811350770919852725338374144

c =  2475592349689790551418951263467994503430959303317734266333382586608208775837696436139830443942890900333873206031844146782184712381952753718848109663188245101226538043101790881285270927795075893680615586053680077455901334861085349972222680322067952811365366282026756737185263105621695146050695385626656638309577087933457566501579308954739543321367741463532413790712419879733217017821099916866490928476372772542254929459218259301608413811969763001504245717637231198848196348656878611788843380115493744125520080930068318479606464623896240289381601711908759450672519228864487153103141218567551083147171385920693325876018

"""

参考:D^3CTF 官方Write Up-Crypto-Bivariate

exp:

#sage#

N =  12055968471523053394851394038007091122809367392467691213651520944038861796011063965460456285088011754895260428814358599592032865236006733879843493164411907032292051539754520574395252298997379020268868972160297893871261713263196092380416876697472160104980015554834798949155917292189278888914003846758687215559958506116359394743135211950575060201887025032694825084104792059271584351889134811543088404952977137809673880602946974798597506721906751835019855063462460686036567578835477249909061675845157443679947730585880392110482301750827802213877643649659069945187353987713717145709188790427572582689339643628659515017749

p0 =  70561167908564543355630347620333350122607189772353278860674786406663564556557177660954135010748189302104288155939269204559421198595262277064601483770331017282701354382190472661583444774920297367889959312517009682740631673940840597651219956142053575328811350770919852725338374144

c =  2475592349689790551418951263467994503430959303317734266333382586608208775837696436139830443942890900333873206031844146782184712381952753718848109663188245101226538043101790881285270927795075893680615586053680077455901334861085349972222680322067952811365366282026756737185263105621695146050695385626656638309577087933457566501579308954739543321367741463532413790712419879733217017821099916866490928476372772542254929459218259301608413811969763001504245717637231198848196348656878611788843380115493744125520080930068318479606464623896240289381601711908759450672519228864487153103141218567551083147171385920693325876018

def bivariate(pol, XX, YY, kk=4):

    N = pol.parent().characteristic()

    f = pol.change_ring(ZZ)

    PR, (x, y) = f.parent().objgens()

    idx = [(k - i, i) for k in range(kk + 1) for i in range(k + 1)]

    monomials = list(map(lambda t: PR(x ** t[0] * y ** t[1]), idx))

    # collect the shift-polynomials

    g = []

    for h, i in idx:

        if h == 0:

            g.append(y ** h * x ** i * N)

        else:

            g.append(y ** (h - 1) * x ** i * f)

    # construct lattice basis

    M = Matrix(ZZ, len(g))

    for row in range(M.nrows()):

        for col in range(M.ncols()):

            h, i = idx[col]

            M[row, col] = g[row][h, i] * XX ** h * YY ** i

    # LLL

    B = M.LLL()

    PX = PolynomialRing(ZZ, 'xs')

    xs = PX.gen()

    PY = PolynomialRing(ZZ, 'ys')

    ys = PY.gen()

    # Transform LLL-reduced vectors to polynomials

    H = [(i, PR(0)) for i in range(B.nrows())]

    H = dict(H)

    for i in range(B.nrows()):

        for j in range(B.ncols()):

            H[i] += PR((monomials[j] * B[i, j]) / monomials[j](XX, YY))

    # Find the root

    poly1 = H[0].resultant(H[1], y).subs(x=xs)

    poly2 = H[0].resultant(H[2], y).subs(x=xs)

    poly = gcd(poly1, poly2)

    x_root = poly.roots()[0][0]

    poly1 = H[0].resultant(H[1], x).subs(y=ys)

    poly2 = H[0].resultant(H[2], x).subs(y=ys)

    poly = gcd(poly1, poly2)

    y_root = poly.roots()[0][0]

    return x_root, y_root

PR = PolynomialRing(Zmod(N), names='x,y')

x, y = PR.gens()

pol = 2 ** 923 * x + y + p0

x, y = bivariate(pol, 2 ** 101, 2 ** 101)

p = 2 ** 923 * x + y + p0

q = N // p

print(p)

print(q)

#p = 128316995030969915324601380638393686940451314028029847288048482890311391444850912731036515693294185876094548175445535907681477441597112946116144447110741965169166242532652418536974280062421433117597771884350348782061336417186073214602745554392782563801452571827824278044551188124531752043347553290530270395447

#q = 93954572959047928343011750832384121004425708514797352779274995744988621009506935222019019171047965401245311260375453924225343494879356560534244565490966730992944825873075214193169703861204568164588812686254102717072093288624081316906954278209584119401170082334613277995260895181460040974631476760070669352467
from Crypto.Util.number import *

p = 128316995030969915324601380638393686940451314028029847288048482890311391444850912731036515693294185876094548175445535907681477441597112946116144447110741965169166242532652418536974280062421433117597771884350348782061336417186073214602745554392782563801452571827824278044551188124531752043347553290530270395447

q = 93954572959047928343011750832384121004425708514797352779274995744988621009506935222019019171047965401245311260375453924225343494879356560534244565490966730992944825873075214193169703861204568164588812686254102717072093288624081316906954278209584119401170082334613277995260895181460040974631476760070669352467

c = 2475592349689790551418951263467994503430959303317734266333382586608208775837696436139830443942890900333873206031844146782184712381952753718848109663188245101226538043101790881285270927795075893680615586053680077455901334861085349972222680322067952811365366282026756737185263105621695146050695385626656638309577087933457566501579308954739543321367741463532413790712419879733217017821099916866490928476372772542254929459218259301608413811969763001504245717637231198848196348656878611788843380115493744125520080930068318479606464623896240289381601711908759450672519228864487153103141218567551083147171385920693325876018

n = p * q

e=65537

d = inverse(e, (p - 1)*(q - 1))

m = int(pow(c, d, n))

print(long_to_bytes(m))

#flag{although_11ts_norma11_tis_still_stay_dsadsa}

School of CRC32

import secrets

from secret import flag

import zlib

ROUND = 100

LENGTH = 20

print('Extreme hard CRC32 challenge')

print('ARE YOU READY')

for i in range(ROUND):

    print('ROUND', i, '!'*int(i/75 + 1))

    target = secrets.randbits(32)

    print('Here is my CRC32 value: ', hex(target))

    dat = input('Show me some data > ')

    raw = bytes.fromhex(dat)

    if zlib.crc32(raw) == target and len(raw) == LENGTH:

        print("GREAT")

    else:

        print("OH NO")

        exit()

print("Congratulation! Here is your flag")

print(flag)

考点:crc32的逆向(碰撞),参考:https://pypi.org/project/crcsolver/

exp:

from Crypto.Util.number import *

import crcsolver

import zlib

from pwn import *

sh = remote("IP",端口号)

for i in range(100):

    data = sh.recvuntil(b"Here is my CRC32 value:")

    c = eval(sh.recvline().decode())

    m = crcsolver.solve(b'_'*20, range(8*20), c, zlib.crc32) #关键代码

    message = hex(bytes_to_long(m))[2:].zfill(40)  #传给服务器的数据需要是16进制形式,而且需填充满40位才行,否则会报错。

    sh.sendlineafter(b"Show me some data >",message)

sh.interactive()

NewStarCTF 2023 公开赛道 WEEK5|CRYPTO WP的更多相关文章

  1. bugku crypto wp上半部分汇总

    1.滴答~滴 摩斯码,在线解开. 2. 栅栏密码,在线解就出flag了. 3. Ook解密,由.?!Ook组成密文,在线网站解密 4.这不是摩斯密码 有点像jsfuck,发现又不是,因为不会出现大于号 ...

  2. BUUCTF Crypto

    BUUCTF 几道crypto WP [AFCTF2018]Morse 简单的莫尔斯密码,最直观的莫尔斯密码是直接采用空格分割的点和划线,这题稍微绕了一下使用的是斜杠来划分 所以首先将斜杠全部替换为空 ...

  3. 2021羊城杯比赛复现(Crypto)

    bigrsa 题目: from Crypto.Util.number import * from flag import * n1 = 10383529640908175186077053551474 ...

  4. 海王星给你好看!FineUI v4.0公测版发布暨《你找BUG我送书》活动开始(活动已结束!)

    <FineUI v4.0 你找BUG我送书>活动已结束,恭喜如下三位网友获得由 FineUI 作者亲自翻译的图书<jQuery实战 第二版>! 奋斗~ 吉吉﹑ purplebo ...

  5. BUUCTF Crypto_WP(2)

    BUUCTF Crypto WP 几道密码学wp [GXYCTF2019]CheckIn 知识点:Base64,rot47 下载文件后,发现一个txt文件,打开发现一串base64,界面之后出现一串乱 ...

  6. NewStarCTF 公开赛 2022 RE WP

    Week 2 Re 前可见古人,后得见来者 chipher = [0x51, 0x5B, 0x4C, 0x56, 0x59, 0x4D, 0x50, 0x56, 0x54, 0x43, 0x7D, 0 ...

  7. DawgCTF wp(re和crypto)

    简单写写思路,想看详解的..我脚本有些丢失了..师傅请移步. 挂了个vpn,算正式打这种国际赛,全是英文.上去打了两天,昨晚晚上划水了一晚上补作业...,re那时候写出来三道,Potentially ...

  8. 第二届 BJD wp(reverse和crypto)

    re 1.第一题拖入ida,flag就是直接明文摆着 2.第二题是8086的程序,拖入ida,发现有个jmp无限跳转,可能是段寄存器被修改了,ida无法将后面的汇编识别出来,所以后面才有很多无效数据, ...

  9. MRCTF (re和crypto)wp

    RE: 一.PixelShooter(这题比赛我居然没看,靠,血亏,所以做不出来就不要一直死怼,这题挺好写的,) unity一般是用c#写的,刚好又是apk,可以用dnspy来反编译看看,在源码中找到 ...

  10. HGAME 2023 WP week1

    WEEK1 web Classic Childhood Game 一眼顶真,直接翻js文件,在Events.js中找到mota(),猜测是获取flag,var a = ['\x59\x55\x64\x ...

随机推荐

  1. 由浅入深理解C#中的事件

    目录 本文较长,给大家提供了目录,可以直接看自己感兴趣的部分. 前言 有关事件的概念 示例 ​ 简单示例 ​ 标准 .NET 事件模式 ​ 使用泛型版本的标准 .NET 事件模式 ​ 补充 总结 参考 ...

  2. Protobuf 的基本使用

    Protobuf 是 Google 用于序列化数据对象的一种机制,使得数据对象能够在应用程序和服务器之间进行交互,尽管现在 Java 已经对应的序列化的实现方式,但是传统的序列化方式存在严重的缺陷,因 ...

  3. vue 遍历的汉字显示不同的颜色

    <template> <div> <div class="stars"> <span v-for="(star, index) ...

  4. JAVA已过气?中俄大佬对话告诉你俄罗斯最受欢迎的编程语言是什么!

    摘要:中俄大佬对话:俄罗斯最受欢迎的编程语言是什么?Gitee如何抗住数据压力? 众所周知,Java作为一门非常成熟的语言,国内拥趸者众多,但随着后浪们的崛起,如今的Java在国际上是否还占据主流地位 ...

  5. 数据库运维家中常备:上限约400MB/s,比COPY等工具还好用的数据利器

    摘要:随着数据仓库业务的发展,GDS使用场景日益增多,这就要求GDS仍要不断迭代,充分深入挖掘用户需求,提高产品化程度. 1. GDS定位 GDS是GaussDB(DWS)提供的一个数据导入导出工具, ...

  6. Spark 开源新特性:Catalyst 优化流程裁剪

    摘要:为了解决过多依赖 Hive 的问题, SparkSQL 使用了一个新的 SQL 优化器替代 Hive 中的优化器, 这个优化器就是 Catalyst. 本文分享自华为云社区<Spark 开 ...

  7. 9月活动回顾(免费领取PPT)|火山引擎DataLeap、ByteHouse多位专家带来DataOps、实时计算等前沿技术分享!

    更多技术交流.求职机会,欢迎关注字节跳动数据平台微信公众号,回复[1]进入官方交流群   在上月举行的火山引擎开发者社区 Meetup 第12期暨超话数据专场<数智化转型背景下的火山引擎大数据技 ...

  8. 数据探索神器:火山引擎 DataLeap Notebook 揭秘

    更多技术交流.求职机会,欢迎关注字节跳动数据平台微信公众号,回复[1]进入官方交流群 背景介绍 Notebook 解决的问题 部分任务类型(python.spark等)在创建配置阶段,需要进行分步调试 ...

  9. Sublime Text Python 代码提示插件 Anaconda

    1.Ctrl+Shift+P -> install package 安装 Anaconda 查看Python 安装路径 { "python_interpreter":&quo ...

  10. Grafana--双Y轴

    grafana版本:6.5.2 背景:同一面板里想展示各实例与集群在一段时间范围内,平均每秒执行命令数,但是由于数值差异太大,曲线图抖动不明显,实例的更近乎于一条直线,所以设置双Y轴,可更直观的展示线 ...