Crypto Page3
浪里淘沙
txt里是大量的英文单词,且中间还没有空格,考虑题目给的一串数字4、8、11、15、16猜测字频有关,这里可以用word(doge)进行统计。找到题目要求的组合成字符串即可得到flag。确实是浪里淘沙。
[NPUCTF2020]这是什么觅马
附件用winhex打开发现是zip压缩文件。
修改拓展名解压得到一张图片(主体是日历)。
图片底部内容如下
F1 W1 S22 S21 T12 S11 W1 S13不难想到T1=TUE,T2=THU,S1=SAT,S2=SUN,其它开头无二义性对应星期。
然后从日历中找对应数字,在对应26个英文字母即为flag。
[AFCTF2018]Vigenère
老规矩,维吉尼亚上在线网站。
[BJDCTF2020]easyrsa
由加密脚本得
$$
z=\frac{1}{arctan^{‘}(p)}-\frac{1}{artanh^{‘}(q)}=(p^2+1)-(1-q^2)=p^2+q^2
$$
接下来就很容易了,不难得到$p+q$和$p-q$从而分解$n$。
from gmpy2 import invert, iroot
from Crypto.Util.number import long_to_bytes
c = 7922547866857761459807491502654216283012776177789511549350672958101810281348402284098310147796549430689253803510994877420135537268549410652654479620858691324110367182025648788407041599943091386227543182157746202947099572389676084392706406084307657000104665696654409155006313203957292885743791715198781974205578654792123191584957665293208390453748369182333152809882312453359706147808198922916762773721726681588977103877454119043744889164529383188077499194932909643918696646876907327364751380953182517883134591810800848971719184808713694342985458103006676013451912221080252735948993692674899399826084848622145815461035
z = 32115748677623209667471622872185275070257924766015020072805267359839059393284316595882933372289732127274076434587519333300142473010344694803885168557548801202495933226215437763329280242113556524498457559562872900811602056944423967403777623306961880757613246328729616643032628964072931272085866928045973799374711846825157781056965164178505232524245809179235607571567174228822561697888645968559343608375331988097157145264357626738141646556353500994924115875748198318036296898604097000938272195903056733565880150540275369239637793975923329598716003350308259321436752579291000355560431542229699759955141152914708362494482
n = 15310745161336895413406690009324766200789179248896951942047235448901612351128459309145825547569298479821101249094161867207686537607047447968708758990950136380924747359052570549594098569970632854351825950729752563502284849263730127586382522703959893392329333760927637353052250274195821469023401443841395096410231843592101426591882573405934188675124326997277775238287928403743324297705151732524641213516306585297722190780088180705070359469719869343939106529204798285957516860774384001892777525916167743272419958572055332232056095979448155082465977781482598371994798871917514767508394730447974770329967681767625495394441
p_plus_q = iroot(z + 2 * n, 2)[0]
p_sub_q = iroot(z - 2 * n, 2)[0]
e = 65537
p = (p_plus_q + p_sub_q) // 2
q = (p_plus_q - p_sub_q) // 2
d = invert(e, ((p - 1) * (q - 1)))
m = pow(c, int(d), n)
print(long_to_bytes(m).decode())[NCTF2019]babyRSA
本题关键是求$n$,给了$d$,估算一下$k=(e*d-1)/n$的范围对$k$进行爆破就可以了。
from sympy import prevprime, nextprime
import gmpy2
from Crypto.Util.number import long_to_bytes
from tqdm import tqdm
e = 0x10001
d = 19275778946037899718035455438175509175723911466127462154506916564101519923603308900331427601983476886255849200332374081996442976307058597390881168155862238533018621944733299208108185814179466844504468163200369996564265921022888670062554504758512453217434777820468049494313818291727050400752551716550403647148197148884408264686846693842118387217753516963449753809860354047619256787869400297858568139700396567519469825398575103885487624463424429913017729585620877168171603444111464692841379661112075123399343270610272287865200880398193573260848268633461983435015031227070217852728240847398084414687146397303110709214913
c = 5382723168073828110696168558294206681757991149022777821127563301413483223874527233300721180839298617076705685041174247415826157096583055069337393987892262764211225227035880754417457056723909135525244957935906902665679777101130111392780237502928656225705262431431953003520093932924375902111280077255205118217436744112064069429678632923259898627997145803892753989255615273140300021040654505901442787810653626524305706316663169341797205752938755590056568986738227803487467274114398257187962140796551136220532809687606867385639367743705527511680719955380746377631156468689844150878381460560990755652899449340045313521804
e_d_1 = e * d - 1
p = 0
q = 0
for k in tqdm(range(pow(2, 15), pow(2, 16))):
if e_d_1 % k == 0:
p = prevprime(gmpy2.iroot(e_d_1 // k, 2)[0])
q = nextprime(p)
if (p - 1) * (q - 1) * k == e_d_1:
break
n = p * q
m = pow(c, d, n)
print(long_to_bytes(m).decode())[ACTF新生赛2020]crypto-rsa3
标准RSA。
from gmpy2 import invert
from Crypto.Util.number import long_to_bytes
e = 65537
n = 177606504836499246970959030226871608885969321778211051080524634084516973331441644993898029573612290095853069264036530459253652875586267946877831055147546910227100566496658148381834683037366134553848011903251252726474047661274223137727688689535823533046778793131902143444408735610821167838717488859902242863683
c = 1457390378511382354771000540945361168984775052693073641682375071407490851289703070905749525830483035988737117653971428424612332020925926617395558868160380601912498299922825914229510166957910451841730028919883807634489834128830801407228447221775264711349928156290102782374379406719292116047581560530382210049
p = 13326909050357447643526585836833969378078147057723054701432842192988717649385731430095055622303549577233495793715580004801634268505725255565021519817179231
q = 13326909050357447643526585836833969378078147057723054701432842192988717649385731430095055622303549577233495793715580004801634268505725255565021519817179293
phi = (p - 1) * (q - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m).decode())[AFCTF2018]你能看出这是什么加密么
标准RSA。
from gmpy2 import invert
from Crypto.Util.number import long_to_bytes
p = 0x928fb6aa9d813b6c3270131818a7c54edb18e3806942b88670106c1821e0326364194a8c49392849432b37632f0abe3f3c52e909b939c91c50e41a7b8cd00c67d6743b4f
q = 0xec301417ccdffa679a8dcc4027dd0d75baf9d441625ed8930472165717f4732884c33f25d4ee6a6c9ae6c44aedad039b0b72cf42cab7f80d32b74061
e = 0x10001
c = 0x70c9133e1647e95c3cb99bd998a9028b5bf492929725a9e8e6d2e277fa0f37205580b196e5f121a2e83bc80a8204c99f5036a07c8cf6f96c420369b4161d2654a7eccbdaf583204b645e137b3bd15c5ce865298416fd5831cba0d947113ed5be5426b708b89451934d11f9aed9085b48b729449e461ff0863552149b965e22b6
n = p * q
phi = (p - 1) * (q - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))[AFCTF2018]可怜的RSA
会读enc和key格式文件就行。
from Crypto.Cipher import PKCS1_OAEP
from base64 import b64decode
from gmpy2 import invert
from Crypto.PublicKey import RSA
f = open('public.key', 'rb').read()
pub = RSA.importKey(f)
n = pub.n
e = pub.e
p = 3133337
q = 25478326064937419292200172136399497719081842914528228316455906211693118321971399936004729134841162974144246271486439695786036588117424611881955950996219646807378822278285638261582099108339438949573034101215141156156408742843820048066830863814362379885720395082318462850002901605689761876319151147352730090957556940842144299887394678743607766937828094478336401159449035878306853716216548374273462386508307367713112073004011383418967894930554067582453248981022011922883374442736848045920676341361871231787163441467533076890081721882179369168787287724769642665399992556052144845878600126283968890273067575342061776244939
d = int(invert(e, (p - 1) * (q - 1))) # 需要将mpz转成int
key_info = RSA.construct((n, e, d, p, q))
key = RSA.importKey(key_info.exportKey())
key = PKCS1_OAEP.new(key)
f = open('flag.enc', 'r').read()
c = b64decode(f)
flag = key.decrypt(c)
print(flag.decode())[ACTF新生赛2020]crypto-classic0
压缩包密码是生日猜测是八位数字,爆破即可,然后看加密脚本逆过来解密即可。
with open('cipher', 'rb') as f:
str = f.read()
for c in str:
print(chr((c ^ 7) + 3), end='')鸡藕椒盐味
知识点是奇偶校验位(题目谐音)和汉明码,有点偏,具体问度娘。
import hashlib
c = "110110100000"
md = hashlib.md5()
md.update(c.encode("utf8"))
flag = md.hexdigest()
print('flag{' + flag + '}')[RoarCTF2019]babyRSA
关键是利用威尔逊定理。
from gmpy2 import invert, next_prime
from Crypto.Util.number import long_to_bytes
def get_prime(A, B):
cnt = A - B
ret = A - 1
for i in range(1, cnt):
ret = (ret * invert(A - i, A)) % A
return next_prime(ret)
A1 = 21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467234407
B1 = 21856963452461630437348278434191434000066076750419027493852463513469865262064340836613831066602300959772632397773487317560339056658299954464169264467140596
A2 = 16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858418927
B2 = 16466113115839228119767887899308820025749260933863446888224167169857612178664139545726340867406790754560227516013796269941438076818194617030304851858351026
n = 85492663786275292159831603391083876175149354309327673008716627650718160585639723100793347534649628330416631255660901307533909900431413447524262332232659153047067908693481947121069070451562822417357656432171870951184673132554213690123308042697361969986360375060954702920656364144154145812838558365334172935931441424096270206140691814662318562696925767991937369782627908408239087358033165410020690152067715711112732252038588432896758405898709010342467882264362733
c = 75700883021669577739329316795450706204502635802310731477156998834710820770245219468703245302009998932067080383977560299708060476222089630209972629755965140317526034680452483360917378812244365884527186056341888615564335560765053550155758362271622330017433403027261127561225585912484777829588501213961110690451987625502701331485141639684356427316905122995759825241133872734362716041819819948645662803292418802204430874521342108413623635150475963121220095236776428
p = get_prime(A1, B1)
q = get_prime(A2, B2)
r = n // p // q
phi = (p - 1) * (q - 1) * (r - 1)
e = 0x1001
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m).decode())[RoarCTF2019]RSA
不难估计$x$和$y$范围不大,直接爆破即可,从而分解$n$。(事实上由于$p$和$q$相差不大可以直接分解)
from gmpy2 import invert, next_prime, iroot
from Crypto.Util.number import long_to_bytes
A = 2683349182678714524247469512793476009861014781004924905484127480308161377768192868061561886577048646432382128960881487463427414176114486885830693959404989743229103516924432512724195654425703453612710310587164417035878308390676612592848750287387318129424195208623440294647817367740878211949147526287091298307480502897462279102572556822231669438279317474828479089719046386411971105448723910594710418093977044179949800373224354729179833393219827789389078869290217569511230868967647963089430594258815146362187250855166897553056073744582946148472068334167445499314471518357535261186318756327890016183228412253724
n = 117930806043507374325982291823027285148807239117987369609583515353889814856088099671454394340816761242974462268435911765045576377767711593100416932019831889059333166946263184861287975722954992219766493089630810876984781113645362450398009234556085330943125568377741065242183073882558834603430862598066786475299918395341014877416901185392905676043795425126968745185649565106322336954427505104906770493155723995382318346714944184577894150229037758434597242564815299174950147754426950251419204917376517360505024549691723683358170823416757973059354784142601436519500811159036795034676360028928301979780528294114933347127
c = 41971850275428383625653350824107291609587853887037624239544762751558838294718672159979929266922528917912189124713273673948051464226519605803745171340724343705832198554680196798623263806617998072496026019940476324971696928551159371970207365741517064295956376809297272541800647747885170905737868568000101029143923792003486793278197051326716680212726111099439262589341050943913401067673851885114314709706016622157285023272496793595281054074260451116213815934843317894898883215362289599366101018081513215120728297131352439066930452281829446586562062242527329672575620261776042653626411730955819001674118193293313612128
for x in range(1, 100):
for y in range(x, 100):
if y % x == 0:
continue
tmp = (((y % x) ** 5) % (x % y)) ** 2019 + y ** 316 + (y + 1) // x
if tmp == A:
q = next_prime(iroot(n // x // y, 2)[0])
break
p = n // q
e = 65537
d = invert(e, (p - 1) * (q - 1))
print(long_to_bytes(pow(c, d, n)).decode())[网鼎杯 2020 青龙组]boom
cmd打开不会闪退(doge),当然也可以录屏回看,en5oy x=74,y=68,z=31 x=89721561
[WUSTCTF2020]B@se
少了四位爆破即可,注意写一个自己的base64解密函数,因为替代表不一样
import itertools
def My_base64_decode(inputs, s):
bin_str = []
for i in inputs:
if i != '=':
x = str(bin(s.index(i))).replace('0b', '')
bin_str.append('{:0>6}'.format(x))
# print(bin_str)
outputs = ""
nums = inputs.count('=')
while bin_str:
temp_list = bin_str[:4]
temp_str = "".join(temp_list)
# print(temp_str)
if (len(temp_str) % 8 != 0):
temp_str = temp_str[0:-1 * nums * 2]
for i in range(0, int(len(temp_str) / 8)):
outputs += chr(int(temp_str[i * 8:(i + 1) * 8], 2))
bin_str = bin_str[4:]
print(outputs)
h = ['j', 'u', '3', '4']
h1 = list(itertools.permutations(h, 4))
for i in h1:
m = "".join(i)
s = "JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs" + m + "kxyz012789+/"
input_str = "MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD=="
My_base64_decode(input_str, s)救世捷径
单源最短路,Dijkstra算法。
def find(present): # present->list
if (present[0] == '25'): # end
return (present[3], int(present[2]))
tmp = []
s = ''
for j in range(0, len(lst)):
if int(present[1]) == int(lst[j][0]): # next country
tmp.append(lst[j])
min = 1 << 32 # set very big
tmp_s = ''
for l in tmp:
if (min > find(l)[1] + int(l[2])):
min = find(l)[1] + int(l[2]) # find the shortest
tmp_s = find(l)[0]
s += present[3] + tmp_s
return (s, min)
with open('save_world.txt', 'r') as f:
content = f.read()
l1 = content.split('\n')
lst = []
for i in range(len(l1)):
lst.append(l1[i].split(' '))
lst = lst[0:-2]
print(find(lst[0])[0])[AFCTF2018]Single
直接上在线网站。
RSA & what
按加密脚本逆推,涉及共模攻击,base64。
from gmpy2 import invert
from base64 import b64decode, b64encode
from Crypto.Util.number import long_to_bytes
def same_n_attack(n, e1, e2, c1, c2):
def egcd(a, b):
x, lastx = 0, 1
y, lasty = 1, 0
while (b != 0):
q = a // b
a, b = b, a % b
x, lastx = lastx - q * x, x
y, lasty = lasty - q * y, y
return (lastx, lasty)
s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]
if s1 < 0:
s1 = -s1
c1 = invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = invert(c2, n)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
return m
def get_base64_diff_value(s1, s2):
base64chars = b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
res = 0
for i in range(len(s2)):
if s1[i] != s2[i]:
return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
return res
def solve_stego(c):
line = b''
bin_str = ''
for i in c:
k = long_to_bytes(i)
if k == b'\n':
steg_line = line
norm_line = b64encode(b64decode(line))
# print(b64decode(line))
# print(steg_line, norm_line)
diff = get_base64_diff_value(steg_line, norm_line)
# print(diff)
pads_num = steg_line.count(b'=')
if diff:
bin_str += bin(diff)[2:].zfill(pads_num * 2)
print(bin(diff)[2:], bin(diff)[2:].zfill(pads_num * 2))
else:
bin_str += '0' * pads_num * 2
print(goflag(bin_str))
line = b''
continue
line += k
def goflag(bin_str):
res_str = ''
for i in range(0, len(bin_str), 8):
res_str += chr(int(bin_str[i:i + 8], 2))
return res_str
c1 = [
412629526163150748619328091306742267675740578011800062477174189782151273970783531227579758540364970485350157944321579108232221072397135934034064481497887079641131808838242743811511451355024436983050572020925065644355566434625618133203024215941534926113892937988520918939061441606915556516246057349589921494351383160036280826024605351878408056180907759973804117263002554923041750587548819746346813966673034182913325507826219961923932100526305289894965216608254252188398580139545189681875824089456195044984585824938384521905334289906422454152976834867304693292466676355760173232407753256256317546190171995276258924613533179898467683358934751999655196790168438343198229183747091108262988777659858609744709324571850262293294975336628234767258858873839342596887193772615000676401522431518310648303975593582965021189182246986957349253156736526071639973844039068996404290548474640668851856078201093335425412842295604919065487301340901573809617549185106072798799159726375235125260509158832996701927878713084753334549129580912412168594170659605421750204835970231909591063407612779337478065175988365401590396247576709343727196106058477166945670117868989025903023998142850338956985816131805349549059377047477131270847579095628384569645636821650,
494644347943710545224678831941589086572700792465459558770782213550069709458568349686998660541810166872034041584767487150140111151788221460027897193248273461607411027815984883969396220626358625041781558277804930212654296704055890683796941327712758797770820006623289146990000114915293539639766846910274034245607746230740851938158390562286057002223177609606376329007676845450142537930798148258428701466415483232670659815791064681384406494388237742330786225557303988025468036820082959712050733095860546860468575857084616069132051094882919253745234762029759124776348047587755897123575123506976140900565238840752841856713613368250071926171873213897914794115466890719123299469964019450899291410760762179836946570945555295288184698184555018368687708432612286248476073758067175481771199066581572870175460016017100414479346437034291784837132240891321931601494414908927713208448927221095745802380014441841139882391378410438764884597938773868771896252329517440068673532468372840830510218585255432000690265226016573313570977945083879214961394087065558376158826938257664840570952233832852869328785568175434516247720356520242602299510374317488182738732700078879665745909603766482100138001417023680647717824323143388857817595766172152883484274718248,
152942283599728307168144137370127212672611894072038732126041098102628831053000986759260271210671922070555948023688596575415822984026159010574404359474670428678518262175033880513984372909748992727828381694416776740981021730545374002974037896534944567124543272737618380646771071804878796585983783360553761828325817820260204820004421979881871027255562690952334900616675606524933557440263648233514757200263521499508373975003431306847453046714027687108396945719803444444954079308404947126216395526551292104722047878178373207886033071857277857997932255251315982837892164421298202073945919187779856785892717251746704537315003771369737854896595170485152591013676942418134278534037654467840633528916812275267230155352077736583130992587670941654695382287023971261529987384520843829695778029311786431227409189019205818351911572757145556993606643464336196802350204616056286497246016800105003143046120608673496196758720552776772796609670537056331996894322779267635281472481559819839042424017171718303214059720568484939239370144038161541354254182769979771948759413102933987773401644506930205164891773826513161783736386604783484446345744957119469799231796368324927570694496679453313927562345656690240414624431304646248599226046524702364131095964335,
79717988936247951265489157583697956031893477858854186991051529161879478488281744062318600470906120960002282886511477294555606503083169449335174864424180701080203993329996226566203834693869525797695969610065991941396723959032680019082506816443041598300477625793433080664346470586416385854692124426348587211026568667694805849554780794033764714016521711467557284846737236374990121316809833819996821592832639024026411520407330206281265390130763948165694574512140518775603040182029818771866749548761938870605590174330887949847420877829240131490902432602005681085180807294176837646062568094875766945890382971790015490163385088144673549085079635083262975154206269679142412897438231719704933258660779310737302680265445437771977749959110744959368586293082016067927548564967400845992380076107522755566531760628823374519718763740378295585535591752887339222947397184116326706799921515431185636740825707782742373783475781052674257292910213843986132987466810027275052416774693363446184518901899202502828670309452622347532932678874990809930682575738653876289384151496807194146308614368821006660626870989784697045160231069428458961107751207771093777394616856305293335603892178327520756554333365975114235981173451368131680404850832773147333013716920,
123111353650401158556639983459870663057297871992927053886971224773529636525110628183715748795987525113177540092814119928708272290370336537110381023134637759740716140969662183269370676630325583385284994943164692397459103195434968057377474610500216801375394703781249039351368816958227409657934091741509357152328382960684515093945552479461382281913961956745154260686029997827565075768703774895750561575155143606297116391666385705899138085693913246313778033627210312268959737394553510894720099165193981333775907531107232556909478156441457899797515694348816961762796703443502856101079430585547997496001098926600499728389113862894833789669213630332988693669889340482430613291490613803204484751470676686041002772556117213612152322606737150858116122936539131795111263513114569794532805886643087299918196635113037777138666914296986040549274559835214505300618256105508764026461518876579387159881983544667258537064954616097750399839661065797883103731694314852301848272092388637114950059216922969842082648527035538090054093890365647676119748995243416337805666557501345234056968476142608491830438065401219751688687373709390057521910942736632126729711606256158399963682990881473178216060827021373776598901281958527655543318413664277921492723185984,
36869806815936046911848195817405817350259890871483063184373728397968909458432625046025376290214729914038387534731762237978339011724858818860181178811639468996206294711495853807311240013786226884265118119546377272154555615363105236192878292703331473547623021744317034819416624562896226194523639793573028006666236271812390759036235867495803255905843636447252225413871038762657801345647584493917576263471587347202664391908570140389126903204602391093990827188675090199750617303773574821926387194478875191828814971296674530519321530805302667925998711835019806761133078403281404889374663875077339168901297819436499920958268483684335998301056068380228873524800383911402490807139268964095165069610454677558808756444381542173782815227920906224931028457073652453777424387873533280455944646592996920617956675786286711447540353883400282402551158169958389450168079568459656526911857835375748015814860506707921852997096156275804955989964215077733621769938075413007804223217091604613132253046399456747595300404564172224333936405545921819654435437072133387523533568472443532200069133022979195685683508297337961701169394794966256415112246587706103819620428258245999539040721929317130088874161577093962579487428358736401687123174207198251449851429295]
c2 = [
592169079372093727306100216011395857825646323934289480976073629037543922902098120901138454462177159996376654176248238979132528728327590301098966139983157980612320563496546128644967731000716697705104079039156276714872147463350811303393260622707024952543509891692246246277965823414460326811240048060543656588688604452353899779068825120910282167004715339763187734797180326976132213325054697165320479166356562518029805927741656605174809726397565772271562066078076105491745903986597877400370206718954975288721072048333678609055008135809089304229015364348490924974097403734627265297637171818849461766523691595241613878709865506436588268999163342945070495338153600520537498539457396582804692959296612715752573140296135784933206146091436617979599749774330699946637591406356289409716084034451049094715202196203486088368791744107629271647320273259836915312794297246589501008666299165717722507702866033454215783240025504356157664454861755286285777763585177751796252655008206383024707883077513745863312079349790275094080707502392866946325796914450602264462588722052297430827681750827349094323968337670311272933785838850649376115667223821665435911506351891489985627506615492005617098615432522564204152887767244129985681083657783356557756654335186,
373940646416832740878733255707567753033716583448402000789202767511920210382830343955553654111486728333980557319799362514960627879016797491389812007768832730979916230647641872759001906846747977631675704310179448857128160385701185892914523053669366534408863734305635222625590986006420486092550427301086984563126480814987024980594613542978310129247678826691418335300577577527951623696426435497835228167084738007750914270251001921329521479047662848650808989996085600197309361410863238526802127877523767262921515150984998560136647154865791163316503073285223966216441025637452229043510097323724381056976302288136843260163922706692913035222445496716008888946581535004546355744211680390731257309941902587303353139951102244865270295414474488798335404630458489706639805186573874814586736746232358849677477533671968344154242963289415569487579895910660999043578737461300406937828924818002658292769882181668784501439254131996848948120781562158861495883827848139425862249576454689133681009549361314460818658995959098228995702202268649635363105549975932395335076521137604288520082040121286614922986554652700056148966514178935952363036963217619879899671383604638416567950421350546204434902113156720006282720889591288850271076074941927715678306057176,
527630926460622936571385649841758214453416849039412401087443444317101857090904711485538107058823056085840539073345920792871368232355475394571098380596835468509997340505604333730547799560998822989747473780307779717715522787724471724766494090783971030594671013168209717686720448579582618378459567979027822271918653169622428153856198907810040224340270362413432495029672123261375400927159831537760709974778708160583252613784358234858583174544777979242887938827573604837766801998381379999076416444683891078093889686055482709838668356120916040352123019019255084513769603803814947774554028717814638951416291274696771515474086351482107953150253616922787262398450376249126999644026382478413080973933173079111305142716133389111399235545279259017424722601848670061556859163943895466553927946412523750166582734005733378328468250568944945912238495877929717101722314678120172228493787964904072583905721074766711732215815561012960394537195757832959268603775112932862105945720853959285187521763557915356428113876893276879775603217718981852114599706699524551973934242045743122744146361596971245034059345915315495232135483464496114770357536576200511490922413208178149869347802988786513451486411409887164516065062084917556120712465074206435831498113605,
8786437178698940322877889807009957616777351844979869726962356553244050911283984280960665761649310895230455072977431415102053987735969326553978994853162483051544656873294555116009995592043183070208706258164840540599577072097104139505857517663273929851202628854185356185647194933800084230503413037858893307713037149307477830536758283681093517617820169181420796105338681582230788318108428132051793761014952837330456262272828627355701464740578197966332613127307037255647286823496355917642353327912440019621838870388091824748629637425759125214639885130163183752378908729773517053259212525494555880921052679512582051516604297098204363525081039382358483926727008679327719083138865969291911863630382097160230960738043575559330264018212774424527719153248563876760067931499029384228993253862501939337758514377472011933279273181144830381169849387893799390755052093069179605579485710343655570028592595882436632426527654452895431758715126580164902410286422637215098476316042367916779431052267545769495994723721129943616294879642305545894912914632980455031755879087401575310699765408473606166727137934224515998416625122213056208800095077933103150699272650116151674702438463062734472714004926103668378506804002740045547964716693536349447660850580,
205314962204511500352858372254132533167549960825498949618514841570703199264867431580754674275990554478140637041427842111391746883257447120035947621456863890934062044010795443059281736346976175772415034838334682726635263432655537852942177334888025283748611576171534251461847349566505628290587224150869640386437623371249743165260396675220683302142805646368906930575140628610003919131999295855501215111393294818218799982703289304596989070475000081175510085432290264502023736899104746316830742226946395027029820825791831870857382647221322734605026210073093918331247494307555600335550942340526536281372036612138713881098866303169425501998978400008829873080965592009371176208668290074288903681417933657472279670688597862835627506340169978450918788539270346340385928840299573889292189531738082166408734046381423516467694328971385421907314814283489322619386570046183556572383980777277173349209330683424343658179781015072259378576130442222984963071166207642585589822061597282467850868050737957726423713761694231879497037175627546427449730638216214828463003483408928375620315193290871300316930139260521382533279767663839278693750409419493280753368451508802658272220767624766390639285308433607255253282702383762149755935518922075584637512494819,
271453634732502613378948161256470991260052778799128789839624515809143527363206813219580098196957510291648493698144497567392065251244844074992734669490296293997386198359280316655904691639367482203210051809125904410431506925238374843856343243276508280641059690938930957474434518308646618959004216831130099873532714372402117796666560677624822509159287675432413016478948594640872091688482149004426363946048517480052906306290126242866034249478040406351940088231081456109195799442996799641647167552689564613346415247906852055588498305665928450828756152103096629274760601528737639415361467941349982213641454967962723875032638267311935042334584913897338553953961877439389588793074211502597238465542889335363559052368180212013206172712561221352833891640659020253527584706465205486408990762759230842192028381048563437724528409174790022752557512795782713125166158329880702730769957185428522011430144840232256419113631679343171680631630775266488738173707357123139368825087043785842169049943237537188129367275730984789479909103397937113837824575137021012333461552176687570010445744268373840742899299977372834041925102853718964831225250407279578465008537542659673685686242773379131904890865110699190451534445434533919127658976874721029586168106207]
N = 785095419718268286866508214304816985447077293766819398728046411166917810820484759314291028976498223661229395009474063173705162627037610993539617751905443039278227583504604808251931083818909467613277587874545761074364427549966555519371913859875313577282243053150056274667798049694695703660313532933165449312949725581708965417273055582216295994587600975970124811496270080896977076946000102701030260990598181466447208054713391526313700681341093922240317428173599031624125155188216489476825606191521182034969120343287691181300399683515414809262700457525876691808180257730351707673660380698973884642306898810000633684878715402823143549139850732982897459698089649561190746850698130299458080255582312696873149210028240898137822888492559957665067936573356367589784593119016624072433872744537432005911668494455733330689385141214653091888017782049043434862620306783436169856564175929871100669913438980899219579329897753233450934770193915434791427728636586218049874617231705308003720066269312729135764175698611068808404054125581540114956463603240222497919384691718744014002554201602395969312999994159599536026359879060218056496345745457493919771337601177449899066579857630036350871090452649830775029695488575574985078428560054253180863725364147
e1 = 1697
e2 = 599
str = b''
for i in range(len(c1)):
str += long_to_bytes(same_n_attack(N, e1, e2, c1[i], c2[i]))
solve_stego(str)[WUSTCTF2020]大数计算
对应解四个部分即可。
a = 1
for i in range(1, 2021):
a *= i
if (a > 10 ** 20):
a = a // (10 ** 7)
part1 = hex(int(str(a)[:8]))[2:]
b = 1
for i in range(1, 1315):
b *= 520
if (b > 10 ** 20):
b = b // (10 ** 7)
part2 = hex(int(str(b)[:8]))[2:]
c = 80538738812075974 + 80435758145817515 + 12602123297335631
part3 = hex(int(str(c)[:8]))[2:]
d = 520 * 1314
part4 = hex(int(str(d)[:8]))[2:]
print('flag{' + '{0}-{1}-{2}-{3}'.format(part1, part2, part3, part4) + '}')[HDCTF2019]together
共模攻击
from base64 import b64decode
from binascii import b2a_hex
from gmpy2 import invert
from Crypto.Util.number import long_to_bytes
def same_n_attack(n, e1, e2, c1, c2):
def egcd(a, b):
x, lastx = 0, 1
y, lasty = 1, 0
while (b != 0):
q = a // b
a, b = b, a % b
x, lastx = lastx - q * x, x
y, lasty = lasty - q * y, y
return (lastx, lasty)
s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]
if s1 < 0:
s1 = -s1
c1 = invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = invert(c2, n)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
return m
with open('myflag1', 'rb') as f:
flag1 = f.read()
flag1 = b64decode(flag1)
c1 = int(str(b2a_hex(flag1))[2:-1], 16)
with open('myflag2', 'rb') as f:
flag2 = f.read()
flag2 = b64decode(flag2)
c2 = int(str(b2a_hex(flag2))[2:-1], 16)
e1 = 2333
e2 = 23333
N = 0x75A8B8AA2AD2950E9AED4BE34618DFBEABB8CBA832685CC94F45173330100624846CCF90F3C2DB75BA5AF4B39CAEF1175AB9F898794EAC6082A4F766F7CB280B16F6980B38DDA811761324D619513B3CBE65877ACF51FC70405A8347C121207E71F8E6FCAE39647ED2231D306DD53849257BC306E997A502867012249D1691F5DC11D6AF06539F3F808939343DDE09301A761AE12C1C969076C502BC5A971E10ABCB366547BC94373F37A57DDC43858DB29BAAAAAD0E6867885EA3757403008C164E9C7AFA39B3C65089A151DDD8C06C64271086F9255ADB8ACF82182F8FA252930A187961635BC2A85C761330F85C896314B3FDAE4EFEF7E0A8C93B8854BFC3
print(long_to_bytes(same_n_attack(N, e1, e2, c1, c2)).decode())[MRCTF2020]babyRSA
看加密脚本容易解出$p$和$q$。
from gmpy2 import invert
from sympy import prevprime, nextprime
from Crypto.Util.number import long_to_bytes
P_p = 206027926847308612719677572554991143421
P_factor = 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1 = 103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2 = 151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q = 168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext = 1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
e = 65537
lst_p = [P_p]
pre = P_p
next = P_p
for i in range(1, 9):
pre = prevprime(pre)
lst_p.append(pre)
for i in range(10, 17):
next = nextprime(next)
lst_p.append(next)
phi = 1
n = 1
for i in range(0, 16):
n *= lst_p[i]
phi *= (lst_p[i] - 1)
d = invert(e, phi)
P = nextprime(pow(P_factor, d, n))
Q = nextprime(pow(sub_Q, Q_2, Q_1))
phi = (P - 1) * (Q - 1)
d = invert(e, phi)
N = P * Q
m = pow(Ciphertext, d, N)
print(long_to_bytes(m).decode())坏蛋是雷宾
加密算法和这位老牌刺客同名,知是$Rabin$密码,有校验值判断具体是四个中的哪一个,校验码根据说明是放在明文后一起加密的,最后md5时要去掉。
from gmpy2 import invert
import hashlib
n = 523798549
p = 10663
q = 49123
e = 2
c = 162853095
inv_p = invert(p, q)
inv_q = invert(q, p)
mp = pow(c, (p + 1) // 4, p)
mq = pow(c, (q + 1) // 4, q)
a = (inv_p * p * mq + inv_q * q * mp) % n
b = n - a
c = (inv_p * p * mq - inv_q * q * mp) % n
d = n - c
check = '110001'
for i in (a, b, c, d):
if bin(i)[-6:] == check:
m = str(int(bin(i)[2:-6], 2))
md = hashlib.md5()
md.update(m.encode("utf8"))
flag = md.hexdigest()
print("flag{" + str(flag) + '}')
break[网鼎杯 2020 青龙组]you_raise_me_up
离散对数问题。
from sympy import discrete_log
from Crypto.Util.number import long_to_bytes
m = 391190709124527428959489662565274039318305952172936859403855079581402770986890308469084735451207885386318986881041563704825943945069343345307381099559075
c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211308485605397024123180085924117610802485972584499
print(long_to_bytes(discrete_log(2 ** 512, c, m)).decode())[BJDCTF2020]Polybius
$hint$为base64,内容如下:The length of this plaintext: 14。
密码体制如题为$Polybius$。
import itertools
def gen_cheese_map(k, use_Q=True, upper=True):
k = k.upper()
k0 = ""
origin = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
for i in k:
if i not in k0:
k0 += i
for i in origin:
if i not in k0:
k0 += i
if use_Q == True:
k0 = k0[0:k0.index("J")] + k0[k0.index("J") + 1:]
else:
k0 = k0[0:k0.index("Q")] + k0[k0.index("Q") + 1:]
if upper == False:
k0 = k0.lower()
assert len(k0) == 25
r = []
for i in range(5):
r.append(k0[i * 5:i * 5 + 5])
return r
def polybius_decode(c, k="", name="ADFGX", cheese_map=[]):
if cheese_map == []:
map = gen_cheese_map(k,upper=False)
else:
map = cheese_map
r = ""
for x in c:
i = name.index(x[0])
j = name.index(x[1])
r += map[i][j]
return r
s = "aeoiu"
name = []
cipher = "ouauuuoooeeaaiaeauieuooeeiea"
c=[]
for i in range(0,len(cipher),2):
c.append(cipher[i:i+2])
for i in itertools.permutations(s, 5): # 找出所有全排列
name.append("".join(i))
for i in name:
ans = polybius_decode(c, name=i)
if 'flag' in ans:
print('flag{' + ans + '}')[WUSTCTF2020]情书
简单的RSA。
a = "abcdefghijklmnopqrstuvwxyz"
c = "0156 0821 1616 0041 0140 2130 1616 0793".split(" ")
N = 2537
e = 13
d = 937
p = 43
q = 59
phi_N = (p - 1) * (q - 1)
m = "".join(a[pow(int(i), d, N)] for i in c)
print('flag{' + m + '}')[UTCTF2020]basic-crypto
考察编码和古典密码的基本功,一步步解密即可。
from base64 import b64decode
with open('attachment.txt', 'rb') as f:
s = f.read()
for i in s.split(b' '):
print(chr(int(i, 2)), end='')
print('\n', end='')
encoding = 'TmV3IGNoYWxsZW5nZSEgQ2FuIHlvdSBmaWd1cmUgb3V0IHdoYXQncyBnb2luZyBvbiBoZXJlPyBJdCBsb29rcyBsaWtlIHRoZSBsZXR0ZXJzIGFyZSBzaGlmdGVkIGJ5IHNvbWUgY29uc3RhbnQuIChoaW50OiB5b3UgbWlnaHQgd2FudCB0byBzdGFydCBsb29raW5nIHVwIFJvbWFuIHBlb3BsZSkuCmt2YnNxcmQsIGl5ZSdibyBrdnd5Y2QgZHJvYm8hIFh5ZyBweWIgZHJvIHBzeGt2IChreG4gd2tpbG8gZHJvIHJrYm5vY2QuLi4pIHprYmQ6IGsgY2VsY2RzZGVkc3l4IG1zenJvYi4gU3ggZHJvIHB5dnZ5Z3N4cSBkb2hkLCBTJ2ZvIGRrdW94IHdpIHdvY2NrcW8ga3huIGJvenZrbW9uIG9mb2JpIGt2enJrbG9kc20gbXJrYmttZG9iIGdzZHIgayBteWJib2N6eXhub3htbyBkeSBrIG5zcHBvYm94ZCBtcmtia21kb2IgLSB1eHlneCBrYyBrIGNlbGNkc2RlZHN5eCBtc3pyb2IuIE1reCBpeWUgcHN4biBkcm8gcHN4a3YgcHZrcT8gcnN4ZDogR28gdXh5ZyBkcmtkIGRybyBwdmtxIHNjIHF5c3hxIGR5IGxvIHlwIGRybyBweWJ3a2QgZWRwdmtxey4uLn0gLSBncnNtciB3b2t4YyBkcmtkIHNwIGl5ZSBjb28gZHJrZCB6a2Rkb2J4LCBpeWUgdXh5ZyBncmtkIGRybyBteWJib2N6eXhub3htb2MgcHliIGUsIGQsIHAsIHYgaywga3huIHEga2JvLiBJeWUgbWt4IHpieWxrbHZpIGd5YnUgeWVkIGRybyBib3drc3hzeHEgbXJrYmttZG9iYyBsaSBib3p2a21zeHEgZHJvdyBreG4gc3hwb2Jic3hxIG15d3d5eCBneWJuYyBzeCBkcm8gT3hxdnNjciB2a3hxZWtxby4gS3h5ZHJvYiBxYm9rZCB3b2RyeW4gc2MgZHkgZWNvIHBib2Flb3htaSBreGt2aWNzYzogZ28gdXh5ZyBkcmtkICdvJyBjcnlnYyBleiB3eWNkIHlwZG94IHN4IGRybyBrdnpya2xvZCwgY3kgZHJrZCdjIHpieWxrbHZpIGRybyB3eWNkIG15d3d5eCBtcmtia21kb2Igc3ggZHJvIGRvaGQsIHB5dnZ5Z29uIGxpICdkJywga3huIGN5IHl4LiBZeG1vIGl5ZSB1eHlnIGsgcG9nIG1ya2JrbWRvYmMsIGl5ZSBta3ggc3hwb2IgZHJvIGJvY2QgeXAgZHJvIGd5Ym5jIGxrY29uIHl4IG15d3d5eCBneWJuYyBkcmtkIGNyeWcgZXogc3ggZHJvIE94cXZzY3Igdmt4cWVrcW8uCnJnaG54c2RmeXNkdGdodSEgcWdmIGlzYWsgY3RodHVpa2UgZGlrIHprbnRoaGt4IHJ4cWxkZ254c2xpcSByaXN5eWtobmsuIGlreGsgdHUgcyBjeXNuIGNneCBzeXkgcWdmeCBpc3hlIGtjY2d4ZHU6IGZkY3lzbntoMHZfZGk0ZHVfdmk0ZF90X3I0eXlfcnhxbGQwfS4gcWdmIHZ0eXkgY3RoZSBkaXNkIHMgeWdkIGdjIHJ4cWxkZ254c2xpcSB0dSBwZnVkIHpmdHlldGhuIGdjYyBkaXR1IHVneGQgZ2MgenN1dHIgYmhndnlrZW5rLCBzaGUgdGQgeGtzeXlxIHR1IGhnZCB1ZyB6c2Ugc2Nka3ggc3l5LiBpZ2xrIHFnZiBraHBncWtlIGRpayByaXN5eWtobmsh'
print(b64decode(encoding).decode())
'''
10
alright, you're almost there! now for the final (and maybe the hardest...) part: a substitution cipher. in the following text, i've taken my message and replaced every alphabetic character with a correspondence to a different character - known as a substitution cipher. can you find the final flag? hint: we know that the flag is going to be of the format utflag{...} - which means that if you see that pattern, you know what the correspondences for u, t, f, l a, and g are. you can probably work out the remaining characters by replacing them and inferring common words in the english language. another great method is to use frequency analysis: we know that 'e' shows up most often in the alphabet, so that's probably the most common character in the text, followed by 't', and so on. once you know a few characters, you can infer the rest of the words based on common words that show up in the english language.
hwxdnitvoitjwxk! gwv yiqa sjxjkyau tya padjxxan hngbtwdnibyg hyiooaxda. yana jk i soid swn ioo gwvn yinu asswntk: vtsoid{x0l_ty4tk_ly4t_j_h4oo_hngbt0}. gwv ljoo sjxu tyit i owt ws hngbtwdnibyg jk fvkt pvjoujxd wss tyjk kwnt ws pikjh rxwloauda, ixu jt naioog jk xwt kw piu istan ioo. ywba gwv axfwgau tya hyiooaxda!
congratulations! you have finished the beginner cryptography challenge. here is a flag for all your hard efforts: utflag{n0w_th4ts_wh4t_i_c4ll_crypt0}. you will find that a lot of cryptography is just building off this sort of basic knowledge, and it really is not so bad after all. hope you enjoyed the challenge!
'''[WUSTCTF2020]dp_leaking_1s_very_d@angerous
$dp$泄露
from gmpy2 import invert,gcd
from Crypto.Util.number import long_to_bytes
e = 65537
n = 156808343598578774957375696815188980682166740609302831099696492068246337198792510898818496239166339015207305102101431634283168544492984586566799996471150252382144148257236707247267506165670877506370253127695314163987084076462560095456635833650720606337852199362362120808707925913897956527780930423574343287847
c = 108542078809057774666748066235473292495343753790443966020636060807418393737258696352569345621488958094856305865603100885838672591764072157183336139243588435583104423268921439473113244493821692560960443688048994557463526099985303667243623711454841573922233051289561865599722004107134302070301237345400354257869
dp = 734763139918837027274765680404546851353356952885439663987181004382601658386317353877499122276686150509151221546249750373865024485652349719427182780275825
p = gcd(pow(3, e * dp - 1, n) - 1, n)
q = n // p
phi = (p - 1) * (q - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m).decode())[BJDCTF2020]编码与调制
曼标准彻斯特。
from Crypto.Util.number import long_to_bytes
num = 0x424A447B4469664D616E63686573746572636F64657D
print(long_to_bytes(num).decode())[ACTF新生赛2020]crypto-classic1
压缩包密码根据$hint$是键盘码,$xdfv$包围$c$,依次类推
维吉尼亚密码放在线网站无果,考虑经典维吉尼亚密码解密,脚本如下。
s = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
s1 = 'ACTF'
s2 = 'SRLU'
key = ''
for i in range(len(s1)):
key += s[(s.find(s2[i]) - s.find(s1[i])) % 26]
print(key)
cipher = 'SRLU{LZPL_S_UASHKXUPD_NXYTFTJT}'
key = 'SP'
flag = ''
for i in range(0, len(cipher)):
if cipher[i] not in s:
flag += cipher[i]
else:
flag += s[(s.find(cipher[i]) + 26 - s.find(key[i % len(key)])) % 26]
print(flag)
# flag要小写[NPUCTF2020]Classical Cipher
压缩包密码上$quipqiup$爆破,要用$clue$。
变形猪圈密码。
EasyProgram
不难发现加解密过程是可逆的。
key = "whoami"
s = []
t = []
for i in range(256):
s.append(i)
for i in range(256):
t.append(key[i % len(key)])
j = 0
for i in range(256):
j = (j + s[i] + ord(t[i])) % 256
s[i], s[j] = s[j], s[i]
i = 0
j = 0
flag = ""
flagx = [0x00, 0xBA, 0x8F, 0x11, 0x2B, 0x22, 0x9F, 0x51, 0xA1, 0x2F, 0xAB, 0xB7, 0x4B, 0xD7, 0x3F, 0xEF, 0xE1, 0xB5,
0x13, 0xBE, 0xC4, 0xD4, 0x5D, 0x03, 0xD9, 0x00, 0x7A, 0xCA, 0x1D, 0x51, 0xA4, 0x73, 0xB5, 0xEF, 0x3D, 0x9B,
0x31, 0xB3]
for m in range(38):
i = (i + 1) % 256
j = (j + s[i]) % 256
s[i], s[j] = s[j], s[i]
x = (s[i] + (s[j] % (256))) % (256)
flag += chr(flagx[m] ^ s[x])
print(flag)[NPUCTF2020]EzRSA
关键是去猜$gcd(p-1,q-1)$,最后的结果是8。
from gmpy2 import invert, lcm, iroot
from Crypto.Util.number import long_to_bytes
from sympy import Symbol, solve
n = 17083941230213489700426636484487738282426471494607098847295335339638177583685457921198569105417734668692072727759139358207667248703952436680183153327606147421932365889983347282046439156176685765143620637107347870401946946501620531665573668068349080410807996582297505889946205052879002028936125315312256470583622913646319779125559691270916064588684997382451412747432722966919513413709987353038375477178385125453567111965259721484997156799355617642131569095810304077131053588483057244340742751804935494087687363416921314041547093118565767609667033859583125275322077617576783247853718516166743858265291135353895239981121
gift = 2135492653776686212553329560560967285303308936825887355911916917454772197960682240149821138177216833586509090969892419775958406087994054585022894165950768427741545736247918410255804894522085720642952579638418483800243368312702566458196708508543635051350999572787188236243275631609875253617015664414032058822919469443284453403064076232765024248435543326597418851751586308514540124571309152787559712950209357825576896132278045112177910266019741013995106579484868768251084453338417115483515132869594712162052362083414163954681306259137057581036657441897428432575924018950961141822554251369262248368899977337886190114104
c = 3738960639194737957667684143565005503596276451617922474669745529299929395507971435311181578387223323429323286927370576955078618335757508161263585164126047545413028829873269342924092339298957635079736446851837414357757312525158356579607212496060244403765822636515347192211817658170822313646743520831977673861869637519843133863288550058359429455052676323196728280408508614527953057214779165450356577820378810467527006377296194102671360302059901897977339728292345132827184227155061326328585640019916328847372295754472832318258636054663091475801235050657401857262960415898483713074139212596685365780269667500271108538319
e = 54722
phi = gift * 8
x = Symbol('x')
y = Symbol('y')
p, q = solve([x * y - n, (x - 1) * (y - 1) - gift * 8], [x, y])[0]
p, q = int(p), int(q)
assert p * q == n
assert gift == lcm(p - 1, q - 1)
d = invert(e // 2, (p - 1) * (q - 1))
m_mid = pow(c, d, n)
print(long_to_bytes(iroot(m_mid, 2)[0]).decode())[AFCTF2018]BASE
base套娃。
from base64 import b16decode,b32decode,b64decode
with open('flag_encode.txt', 'r') as f:
for flag in f:
find = False
while True:
try:
flag = b64decode(flag).decode()
except:
pass
try:
flag = b32decode(flag).decode()
except:
pass
try:
flag = b16decode(flag).decode()
except:
pass
if "{" in flag:
print(flag)
find = True
break
if find:
break
