# ctfshow 单身杯
# Crypto
# The Dancing Men
跳舞的小人
照着对就好
# 古典 base
密文 YONOM3TTDjRJUlYmlzl4cNLMZ2DTCDhBR0UvhmxzdONMZ3CzzGt1ENZimtk9
栅栏加 base64
可以将 ctfshow{ base64 以下
Y3Rmc2hvd3s=
发现每个隔了 4
栅栏爆破一下
# TooYoungRSA
明文可控
La 佬博客里可参考
from hashlib import * | |
import gmpy2 | |
from Crypto.Cipher import AES | |
from pwn import * | |
re=remote("pwn.challenge.ctf.show",28178) | |
re.recvuntil(b'ck = ') | |
ck=int(re.recvline().decode()[:-1]) | |
re.recvuntil(b'ct = ') | |
ct=re.recvline().decode()[:-1] | |
re.recvline() | |
re.sendline(b'2') | |
re.recvuntil(b'gotta make you understand: ') | |
c2=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'4') | |
re.recvuntil(b'gotta make you understand: ') | |
c4=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'8') | |
re.recvuntil(b'gotta make you understand: ') | |
c8=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'3') | |
re.recvuntil(b'gotta make you understand: ') | |
c3=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'9') | |
re.recvuntil(b'gotta make you understand: ') | |
c9=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'27') | |
re.recvuntil(b'gotta make you understand: ') | |
c27=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'5') | |
re.recvuntil(b'gotta make you understand: ') | |
c5=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'25') | |
re.recvuntil(b'gotta make you understand: ') | |
c25=int(re.recvline().decode()[:-1]) | |
re.recvline() | |
re.sendline(b'125') | |
re.recvuntil(b'gotta make you understand: ') | |
c125=int(re.recvline().decode()[:-1]) | |
nset=[] | |
nset.append(c2 * c2 - c4) | |
nset.append(c2 * c2 * c2 - c8) | |
nset.append(c3 * c3 - c9) | |
nset.append(c3 * c3 * c3 - c27) | |
nset.append(c5 * c5 - c25) | |
nset.append(c5 * c5 * c5 - c125) | |
n = nset[0] | |
for x in nset: | |
n = gmpy2.gcd(x, n) | |
while n % 2 == 0: | |
n //= 2 | |
while n % 3 == 0: | |
n //= 3 | |
while n % 5 == 0: | |
n //= 5 | |
print('n =', n) | |
print('ck =',ck) | |
print('ct =',ct) | |
print(c2) | |
re.interactive() | |
from Crypto.Util.number import * | |
c2=196167337573483333686466075009250829318 | |
n=199588867290900888799036283652667858999 | |
e=556441 | |
ck = 97064349522523701701623996346284595970 | |
ct = 0x4b74feaf8fa79b8e2b6c3694554ead8e6cd5ea3a7fe440fdadfe2f795ed45d1843bf0dd820ecff3d94b559466f8f80c3 | |
p=12503271541141086131 | |
q=15962931512298085229 | |
phi=(p-1)*(q-1) | |
d=gmpy2.invert(e,phi) | |
k=pow(ck,d,n) | |
key = sha256(str(k).encode()).digest() | |
cipher = AES.new(key, AES.MODE_ECB) | |
print(cipher.decrypt(long_to_bytes(ct))) |
