0x00 2020sdnisc-ezRSA
共模攻击。
import gmpy2 from Crypto.Util.number import long_to_bytes e1 = 0xf4c1158f e2 = 0xf493f7d1 n = 0xa1d4d377001f1b8d5b2740514ce699b49dc8a02f12df9a960e80e2a6ee13b7a97d9f508721e3dd7a6842c24ab25ab87d1132358de7c6c4cee3fb3ec9b7fd873626bd0251d16912de1f0f1a2bba52b082339113ad1a262121db31db9ee1bf9f26023182acce8f84612bfeb075803cf610f27b7b16147f7d29cc3fd463df7ea31ca860d59aae5506479c76206603de54044e7b778e21082c4c4da795d39dc2b9c0589e577a773133c89fa8e3a4bd047b8e7d6da0d9a0d8a3c1a3607ce983deb350e1c649725cccb0e9d756fc3107dd4352aa18c45a65bab7772a4c5aef7020a1e67e6085cc125d9fc042d96489a08d885f448ece8f7f254067dfff0c4e72a63557 c1=12051796366524088489284445109295502686341498426965277230069915294159131976231473789977279364263965099422235647723775278060569378071469131866368399394772898224166518089593340803913798327451963589996734323497943301819051718709807518655868569656941242449109980876397661605271517459716669684900920279597477446629607627693769738733623143693170696779851882404994923673483971528314806130892416509854017091137325195201225617407959645788145876202882024723106204183257094755002924708009138560347432552090905489132135154932987521239299578509008290614398700799670928805692609756924823628055245227290288940649158862576448537833423 c2=16648382384980770705624348910895797622774711113202207693584907182552301186239613809347201161450012615995859738410661452438496756353485538305614949211776668793864984429696790944750894691957799234264508530084026894611228513698963347402329109838109621609770406925700520983387811451074838470370044678634099202003480925903267508744006195455234025325060817223813858985074720872124168142943926467694676717713503559007112874381750005406371400109962943508349497151148446064846096531445037416174913915923050332242843403926133165817310272633884358263778516770288515592959832151762499526363131801945163501999337808208074381212795 _, r, s = gmpy2.gcdext(e1, e2) m = pow(c1, r, n) * pow(c2, s, n) % n print long_to_bytes(m)
0x01 山东省大学生网络技术大赛-baby
给了e=3。低加密指数攻击:
import gmpy2
e = 3
c = 3442467842482561323703237574537907554035337622762971103210557480050349359873041624336261782731509068910003360547049942482415036862904844600484976674423604861710166033558576921438068555951948966099658902606725292551952345193132973996288566246138708754810511646811362017769063041425115712305629748341207792305694590742066971202523405301561233341991037374101265623265332070787449332991792097090044761973705909217137119649091313457206589803479797894924402017273543719924849592070328396276760381501612934039653
n = 691316677109436623113422493782665795857921917893759942123087462879884062720557906429183155859597756890896192044003240821906332575292476160072039505771794531255542244123516929671277306361467074545720823735806308003091983427678300287709469582282466572230066580195227278214776280213722215953097747453437289734469454712426107967188109548966907237877840316009828476200388327329144783877033491238709954473809991152727333616022406517443130542713167206421787038596312975153165848625721911080561242646092299016802662913017071685740548699163836007474224715426587609549372289181977830092677128368806113131459831182390520942892670696447128631485606579943885812260640805756035377584155135770155915782120025116486061540105139339655722904721294629149025033066823599823964444620779259106176913478839370100891213072100063101232635183636552360952762838656307300621195248059253614745118852163569388418086291748805100175008658387803878200034840215506516715640621165661642177371863874586069524022258642915100615596032443145034847031564356671559179212705466145609698475546210994748949121359853094247990533075004393534565421776468785821261291309463205314057882016266066365636018084499158806717036972590848458891019171583268920180691221168453612029698510271
print 'n=', n
print 'c=', c
print '[+]Detecting m...'
result = gmpy2.iroot(c, 3)
print ' [-]The c has cubic root?', result[1]
if result[1]: print ' [-]The m is:', '{:x}'.format(result[0]).decode('hex')
print '[!]All Done!'0x02 2018 AFCTF 可怜的RSA
以前做过:戳我
0x03 easy_rsa
在线可以分解p和q。拿工具梭就行。
0x04 easy_base
用的羽师傅的脚本:
#author:羽
import base64
import base91
import base58
import py3base92
def hex_to_str(s):
k=''
for i in range(0,len(s),2):
j = s[i]+s[i+1]
k+=chr(int(j,16))
print('16')
return k
def ba32(s):
s = base64.b32decode(s)
s = bytes.decode(s)
print('32')
return s
def ba58(s):
s = base58.b58decode(s)
s = bytes.decode(s)
print('58')
return s
def ba64(s):
s = base64.b64decode(s)
s = bytes.decode(s)
print('64')
return s
def baa85(s):
s = base64.a85decode(s)
s = bytes.decode(s)
print('a85')
return s
def bab85(s):
s = base64.b85decode(s)
s = bytes.decode(s)
print('b85')
return s
def ba91(s):
s = base91.decode(s)
s = s.decode()
print('91')
return s
def ba92(s):
s = py3base92.decode(s)
print('91')
return s
def start(s):
for i in range(50):
if len(s)<50:
print(s)
try:
s=hex_to_str(s)
except:
try:
s=ba32(s)
except:
try:
s=ba58(s)
except:
try:
s=ba64(s)
except:
try:
s = baa85(s)
except:
try:
s=bab85(s)
except:
try:
s = ba92(s)
except:
try:
s=ba91(s)
except:
print('nonono')
if __name__=="__main__":
f = open('BaseAllInOne.txt','r')
s = f.read()
start(s)0x05 hill
y g c 17 17 5
24 6 2 * 21 18 21 = 538 520 284
2 2 19538 = 24 * 17 + 6 * 21 + 2 * 2
520 = 24 * 17 + 6 * 18 + 2 * 2
284 = 24 * 5 + 6 * 21 + 2 * 19
(538,520,284) mod 26 = (18,0,24)=(s,a,y)
0x06 2018 AFCTF MagicNum
以前做过:戳我
