Crypto Page1
前言
本系列为BUUOJ简明题解,各知识点参见之前文章,这一部分主要在暑假完工,还有一份寒假入门时的学习笔记,部分内容与博客重叠,也放一个链接
MD5
题目是一串md5密文
e00cf25ad42683b3df678c61f42c6bda利用在线我网站https://www.cmd5.com/
Url编码
题目是一串url编码,涉及urlencode。
%66%6c%61%67%7b%61%6e%64%20%31%3d%31%7d一眼就解密
ZmxhZ3tUSEVfRkxBR19PRl9USElTX1NUUklOR30=注意到最后的等号,猜测是base64
看我回旋踢
注意到题目提示:回旋踢,以及观察密文猜测是ROT13(回旋)
摩丝
题目提示很明显是摩斯密码,利用在线工具或之前写的解密函数即可,不赘述。
password
姓名:张三
生日:19900315
key格式为key{xxxxxxxxxx}括号里为十个字符,盲猜就是姓名(首字母缩写)+生日数字。
变异凯撒
加密密文:afZ_r9VYfScOeO_UL^RWUc
格式:flag{ }题目都说了是变异凯撒,观察前四个afZ_与flag相差为5、6、7、8,容易猜测是公差为1的等差数列。
s = 'afZ_r9VYfScOeO_UL^RWUc'
for i in range(len(s)):
print(chr(ord(s[i]) + 5 + i), end='')Quoted-printable
题目即为编码格式,利用在线网站即可。
Rabbit
题目即为编码格式,利用在线网站即可。
篱笆墙的影子
看题目知是栅栏密码,栏数为13。
RSA
求d。
from gmpy2 import invert
p = 473398607161
q = 4511491
e = 17
phi = (p - 1) * (q - 1)
print(invert(e, phi))丢失的MD5
题目脚本直接运行即可。
Alice与Bob
按题目操作即可
rsarsa
标准rsa解密,答案只需要数字
from gmpy2 import invert
p = 9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q = 11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
e = 65537
c = 83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034
n = p * q
phi = (p - 1) * (q - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(m)大帝的密码武器
大帝显然是恺撒,FRPHEVGL位移13,变为SECURITY,对密文进行同样操作即可。
Windows系统密码
观察形式应该是md5,试过去ctf第二条解密为flag。
信息化时代的步伐
中文电码,利用在线网站即可。
传统知识+古典密码
传统知识:天干地支,将题目中的年份对应1-60数字:28 30 23 8 17 10 16 30,注意题目中“信的背面还写有+甲子”,说明要加六十: 88 90 83 68 77 70 76 90;对应ASCⅡ码得 XZSDMFLZ
古典密码:栅栏密码+凯撒密码,爆破观察有意义的明文即可。
凯撒?替换?呵呵!
显然不是恺撒密码,替换密码直接上https://quipqiup.com/,前四个字母为flag作为clue。
RSA1
$d_p、d_q$泄露,上脚本。
from Crypto.Util.number import long_to_bytes, inverse
p = 8637633767257008567099653486541091171320491509433615447539162437911244175885667806398411790524083553445158113502227745206205327690939504032994699902053229
q = 12640674973996472769176047937170883420927050821480010581593137135372473880595613737337630629752577346147039284030082593490776630572584959954205336880228469
dp = 6500795702216834621109042351193261530650043841056252930930949663358625016881832840728066026150264693076109354874099841380454881716097778307268116910582929
dq = 783472263673553449019532580386470672380574033551303889137911760438881683674556098098256795673512201963002175438762767516968043599582527539160811120550041
c = 24722305403887382073567316467649080662631552905960229399079107995602154418176056335800638887527614164073530437657085079676157350205351945222989351316076486573599576041978339872265925062764318536089007310270278526159678937431903862892400747915525118983959970607934142974736675784325993445942031372107342103852
n = p * q
a1 = pow(c, dp, p)
a2 = pow(c, dq, q)
b1 = inverse(q, p)
b2 = inverse(p, q)
m = (a1 * b1 * q + a2 * b2 * p) % n
print(long_to_bytes(m).decode())萌萌哒的八戒
根据题目容易判断是猪圈密码。
old-fashion
权限获得第一步
md5,选第二条。
世上无难事
RSA3
共模攻击。
from gmpy2 import invert
from Crypto.Util.number import long_to_bytes
def same_n_attack(n, e1, e2, c1, c2):
def egcd(a, b):
x, lastx = 0, 1
y, lasty = 1, 0
while (b != 0):
q = a // b
a, b = b, a % b
x, lastx = lastx - q * x, x
y, lasty = lasty - q * y, y
return (lastx, lasty)
s = egcd(e1, e2)
s1 = s[0]
s2 = s[1]
if s1 < 0:
s1 = -s1
c1 = invert(c1, n)
elif s2 < 0:
s2 = -s2
c2 = invert(c2, n)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
return m
c1 = 22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
n = 22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801
e1 = 11187289
c2 = 18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
e2 = 9647291
print(long_to_bytes(same_n_attack(n, e1, e2, c1, c2)).decode())RSA2
$d_p$泄露,以下利用两种方法。
from tqdm import tqdm
from gmpy2 import invert, gcd
from Crypto.Util.number import long_to_bytes
e = 65537
n = 248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113
dp = 905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657
p = 0
c = 140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751
t = e * dp - 1
for i in tqdm(range(1, e)):
if t % i == 0:
if n % (t // i + 1) == 0:
p = t // i + 1
break
q = n // p
phi = (p - 1) * (q - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m).decode())
p = gcd(pow(3, e * dp - 1, n) - 1, n)
q = n // p
phi = (p - 1) * (q - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m).decode())异性相吸
从题目不难猜出是异或。
from pwn import xor
key = open("key.txt", 'rb').read()
cipher = open("密文.txt", "rb").read()
print(xor(key, cipher).decode())还原大师
简单的爆破
import hashlib
s0 = 'TASC?O3RJMV?WDJKX?ZM'
for i in range(26):
s1 = s0[0:4] + chr(65 + i) + s0[5:]
for j in range(26):
s2 = s1[0:11] + chr(65 + j) + s1[12:]
for k in range(26):
s3 = s2[0:17] + chr(65 + k) + s2[18:]
s = hashlib.md5(s3.encode('utf8')).hexdigest().upper() # 大小写
if 'E903' in s:
print(s)RSA
涉及key和enc的读取,p和q可以直接分解。
from Crypto.PublicKey import RSA
from gmpy2 import invert
import rsa
r = open('pub.key').read()
pub = RSA.importKey(r)
n = pub.n
e = pub.e
p = 285960468890451637935629440372639283459
q = 304008741604601924494328155975272418463
phi = (p - 1) * (q - 1)
d = invert(e, phi)
key = rsa.PrivateKey(n, e, int(d), p, q)
with open("flag.enc", "rb") as f:
f = f.read()
print(rsa.decrypt(f, key).decode())Unencode
编码方式为Uuencode,利用在线网站即可。
[AFCTF2018]Morse
先用摩斯密码得到一串十六进制字符串,再转换即为flag。
RSAROLL
简单的RSA解密。
from gmpy2 import invert
s = '''704796792
752211152
274704164
18414022
368270835
483295235
263072905
459788476
483295235
459788476
663551792
475206804
459788476
428313374
475206804
459788476
425392137
704796792
458265677
341524652
483295235
534149509
425392137
428313374
425392137
341524652
458265677
263072905
483295235
828509797
341524652
425392137
475206804
428313374
483295235
475206804
459788476
306220148'''
lst = s.split('\n')
n = 920139713
e = 19
p = 18443
q = 49891
d = invert(e, (p - 1) * (q - 1))
for c in lst:
t = pow(int(c), d, n)
print(chr(t), end='')
