[GKCTF2021]RRRRSA

题目
from Crypto.Util.number import *

from gmpy2 import gcd

flag = b'xxxxxxxxxxxxx'

p = getPrime(512)

q = getPrime(512)

m = bytes_to_long(flag)

n = p*q

e = 65537

c = pow(m,e,n)

print('c={}'.format(c))

p1 = getPrime(512)

q1 = getPrime(512)

n1 = p1*q1

e1 = 65537

assert gcd(e1,(p1-1)*(q1-1)) == 1

c1 = pow(p,e1,n1)

print('n1={}'.format(n1))

print('c1={}'.format(c1))

hint1 = pow(2020 * p1 + q1, 202020, n1)

hint2 = pow(2021 * p1 + 212121, q1, n1)

print('hint1={}'.format(hint1))

print('hint2={}'.format(hint2))

p2 = getPrime(512)

q2 = getPrime(512)

n2 = p2*q2

e2 = 65537

assert gcd(e1,(p2-1)*(q2-1)) == 1

c2 = pow(q,e2,n2)

hint3 = pow(2020 * p2 + 2021 * q2, 202020, n2)

hint4 = pow(2021 * p2 + 2020 * q2, 212121, n2)

print('n2={}'.format(n2))

print('c2={}'.format(c2))

print('hint3={}'.format(hint3))

print('hint4={}'.format(hint4))
分析

不是非常常规的rsa,我们先看看四个提示:

hint1 = pow(2020 * p1 + q1, 202020, n1)=\((2020 * p1 + q1)^{202020}mod\;n1\)

hint2 = pow(2021 * p1 + 212121, q1, n1)=\((2021 * p1 + 212121)^{q1}mod\;n1\)

hint3 = pow(2020 * p2 + 2021 * q2, 202020, n2)=\((2020 * p2 + 2021 * q2)^{202020}mod\;n2\)

hint4 = pow(2021 * p2 + 2020 * q2, 212121, n2)=\((2021 * p2 + 2020 * q2)^{212121}mod\;n2\)

像hint1这样式子,我们可以用二项式定理进行一个化简。

(觉得typora写公式好麻烦干脆手写的屑↓

pq都出来之后就可以常规做题了。

from gmpy2 import gcd

from Crypto.Util.number import *

import gmpy2

c=13492392717469817866883431475453770951837476241371989714683737558395769731416522300851917887957945766132864151382877462142018129852703437240533684604508379950293643294877725773675505912622208813435625177696614781601216465807569201380151669942605208425645258372134465547452376467465833013387018542999562042758

n1=75003557379080252219517825998990183226659117019770735080523409561757225883651040882547519748107588719498261922816865626714101556207649929655822889945870341168644508079317582220034374613066751916750036253423990673764234066999306874078424803774652754587494762629397701664706287999727238636073466137405374927829

c1=68111901092027813007099627893896838517426971082877204047110404787823279211508183783468891474661365139933325981191524511345219830693064573462115529345012970089065201176142417462299650761299758078141504126185921304526414911455395289228444974516503526507906721378965227166653195076209418852399008741560796631569

hint1=23552090716381769484990784116875558895715552896983313406764042416318710076256166472426553520240265023978449945974218435787929202289208329156594838420190890104226497263852461928474756025539394996288951828172126419569993301524866753797584032740426259804002564701319538183190684075289055345581960776903740881951

hint2=52723229698530767897979433914470831153268827008372307239630387100752226850798023362444499211944996778363894528759290565718266340188582253307004810850030833752132728256929572703630431232622151200855160886614350000115704689605102500273815157636476901150408355565958834764444192860513855376978491299658773170270

n2=114535923043375970380117920548097404729043079895540320742847840364455024050473125998926311644172960176471193602850427607899191810616953021324742137492746159921284982146320175356395325890407704697018412456350862990849606200323084717352630282539156670636025924425865741196506478163922312894384285889848355244489

c2=67054203666901691181215262587447180910225473339143260100831118313521471029889304176235434129632237116993910316978096018724911531011857469325115308802162172965564951703583450817489247675458024801774590728726471567407812572210421642171456850352167810755440990035255967091145950569246426544351461548548423025004

hint3=25590923416756813543880554963887576960707333607377889401033718419301278802157204881039116350321872162118977797069089653428121479486603744700519830597186045931412652681572060953439655868476311798368015878628002547540835719870081007505735499581449077950263721606955524302365518362434928190394924399683131242077

hint4=104100726926923869566862741238876132366916970864374562947844669556403268955625670105641264367038885706425427864941392601593437305258297198111819227915453081797889565662276003122901139755153002219126366611021736066016741562232998047253335141676203376521742965365133597943669838076210444485458296240951668402513

e=65537

q1 = gcd(n1,pow(hint2-212121,202020,n1)*pow(2020,202020,n1)-hint1*pow(2021,202020,n1))

p1 = n1//q1

q2 = gcd(n2,pow(hint3,212121,n2)*pow(2021,202020*212121,n2)-pow(hint4,202020,n2)*pow(2020,202020*212121,n2))

p2 = n2//q2

d2 = gmpy2.invert(e,(q2-1)*(p2-1))

q = pow(c2,d2,n2)

d1 = gmpy2.invert(e,(q1-1)*(p1-1))

p = pow(c1,d1,n1)

d = gmpy2.invert(e,(q-1)*(p-1))

m = pow(c,d,p*q)

print(long_to_bytes(m))
总结

学了很多新东西。感觉非常奇妙,繁琐分析的最后是简短的一行表达式,有种新年第一天穿着新……(下略)

1)拿到两个式子后,先把括号去掉,然后把等号右边的常数项去掉

2)得到两个只含p和q的式子,凑一下,使两个式子的p(或q)的指数系数相同

3)将两个式子相加或相减消掉p,剩下的式子里的未知数应该只有q。再将结果与n求解最大公因数,进而求出q。

[GKCTF2021]RRRRSA的更多相关文章

  1. GKCTF2021 MISC

    1.签到 当时没签上┭┮﹏┭┮: 追踪http流,发现依次执行[ls][ls/][whoami] 发现存在[fl4g],同时发现破解的规则为hex decode->base64 decode-& ...

  2. GKCTF 2021 Reverse Writeup

    前言 GKCTF 2021所以题目均以开源,下面所说的一切思路可以自行通过源码对比IDA进行验证. Github项目地址:https://github.com/w4nd3r-0/GKCTF2021 出 ...

  3. 协议层安全相关《http请求走私与CTF利用》

    0x00 前言 最近刷题的时候多次遇到HTTP请求走私相关的题目,但之前都没怎么接触到相关的知识点,只是在GKCTF2021--hackme中使用到了 CVE-2019-20372(Nginx< ...

随机推荐

  1. go的grpc环境源码编译安装

    go的grpc环境安装 参考grpc-go官方文档:https://grpc.io/docs/languages/go/quickstart/ 视频教程:https://www.bilibili.co ...

  2. git使用与代码托管

    平时自己写的简单程序文件太多,可以放到代码托管的网站.比如国内的gitee.com, 好吧,只是把这个网站当网络云盘用了.在gitee网站上加上程序运行环境,使用文档,写好README.md使用介绍. ...

  3. 分享一个自己在用的.net 中mysql事务控制类(支持多条sql,参数化,自定义判断条件,错误点返回等)

    1)首先看下事务控制器. using MySql.Data.MySqlClient; using System; using System.Collections.Generic; using Sys ...

  4. 贪心算法Dijkstra

    Dijkstra 最短路径问题 : 给定一个带权有向图 G = (V, E, W),同时给定一个源点 u (u ∈ V),我们要找出从源点 u 出发到其它各点的最短路径距离,并得出这些最短路径的具体路 ...

  5. js取不到iframe元素

    跨域 iframe 请绕道,下文是针对非跨域 iframe 的问题排除 1.iframe 取不到值的问题的原因 1. 父页面未加载完成 2. iframe 未加载完成 3. 语法使用错误 4. 跨域( ...

  6. Web初级——模块和Bom

    模块导入 导出声明 定义时声明 在定义声明函数.类时不用加分号 // 导出数组 export let months = ['Jan', 'Feb', 'Mar','Apr', 'Aug', 'Sep' ...

  7. LOJ 数列分块入门 9 题解题报告

    LOJ 数列分块入门 9 题解题报告 \(\text{By DaiRuiChen007}\) I. 数列分块入门 1 题目大意 \(\text{Link}\) 维护一个长度为 \(n\) 的序列,支持 ...

  8. 线性构造treap

    数据结构 线性构造treap treap的线性构造可以使复杂度锐减到\(O(n)\),很优秀 treap的本质就是小根堆+二叉搜索树,即保证val满足搜索树的同时,维护rad的小根堆. 现在我们先把数 ...

  9. Coolify系列-解决WARNING: IPv4 forwarding is disabled. Networking will not work.以及开启防火墙端口

    背景 我在windows电脑安装了一个VM,使用VM开启了Linux服务器,运行docker,然后遇到了这个报错. 解决 首先:在宿主机上执行 echo "net.ipv4.ip_forwa ...

  10. Python3+Selenium3自动化测试-(准备)

    Python3+Selenium3自动化测试-(准备) 最近在学习selenium自动化测试相关的内容,所以将实际准备情况做一记录, # 系统:win10(64位) # 浏览器:Chrome(67.0 ...