2. 程式人生 > 實用技巧 >[MRCTF2020] babyRSA

[MRCTF2020] babyRSA

阿新 發佈:2020-09-08

首先我們拿到題目如下:

import sympy
import random
from gmpy2 import gcd, invert
from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes
from z3 import *
flag = b"MRCTF{xxxx}"
base = 65537


def GCD(A):
    B = 1
    for i in range(1, len(A)):
        B = gcd(A[i-1], A[i])
    return B


def gen_p():
    P = [0 for i in range(17)]
    P[0] = getPrime(128)
    for i in range(1, 17):
        P[i] = sympy.nextprime(P[i-1])
    print("P_p :", P[9])
    n = 1
    for i in range(17):
        n *= P[i]
    p = getPrime(1024)
    factor = pow(p, base, n)
    print("P_factor :", factor)
    return sympy.nextprime(p)


def gen_q():
    sub_Q = getPrime(1024)
    Q_1 = getPrime(1024)
    Q_2 = getPrime(1024)
    Q = sub_Q ** Q_2 % Q_1
    print("Q_1: ", Q_1)
    print("Q_2: ", Q_2)
    print("sub_Q: ", sub_Q)
    return sympy.nextprime(Q)


if __name__ == "__main__":
    _E = base
    _P = gen_p()
    _Q = gen_q()
    assert (gcd(_E, (_P - 1) * (_Q - 1)) == 1)
    _M = bytes_to_long(flag)
    _C = pow(_M, _E, _P * _Q)
    print("Ciphertext = ", _C)
'''
P_p : 206027926847308612719677572554991143421
P_factor : 213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1:  103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2:  151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q:  168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext =  1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
'''

由 gen_q()函式我們可以直接得出_Q的值:

Q = pow(sub_Q,Q_2,Q_1)
_Q=sympy.nextprime(Q)

下面就要推出n,因為n是17個連續素數相乘,給出了P[9]的值我們就可以用nextprime函式推出後面的P[i],而前面的P[i]可以通過對P[9]不停-2再加一個isprime函式判斷得到,得出了所有P列表的值n自然也可以求出來

def p_prime(p):
    while 1:
        p=p-2
        if(sympy.isprime(p)):
            return p

for i in range(10,17):
    P[i]=sympy.nextprime(P[i-1])
for i in range(9,0,-1):
    P[i-1]=p_prime(P[i])
for i in range(17):
    n*=P[i]

我們知道尤拉函式的定義:

\(\phi(n_1n_2...n_n)=(n_1-1)(n_2-1)...(n_n-1)\)

這樣就可以解出問題中p的值,再根據nextprime函式就可以求出_P,有了_P和_Q直接進行解密就可以了,完整指令碼如下:

import gmpy2
from Crypto.Util.number import long_to_bytes
import sympy
base = 65537
P_p =206027926847308612719677572554991143421
P_factor=213671742765908980787116579976289600595864704574134469173111790965233629909513884704158446946409910475727584342641848597858942209151114627306286393390259700239698869487469080881267182803062488043469138252786381822646126962323295676431679988602406971858136496624861228526070581338082202663895710929460596143281673761666804565161435963957655012011051936180536581488499059517946308650135300428672486819645279969693519039407892941672784362868653243632727928279698588177694171797254644864554162848696210763681197279758130811723700154618280764123396312330032986093579531909363210692564988076206283296967165522152288770019720928264542910922693728918198338839
Q_1=103766439849465588084625049495793857634556517064563488433148224524638105971161051763127718438062862548184814747601299494052813662851459740127499557785398714481909461631996020048315790167967699932967974484481209879664173009585231469785141628982021847883945871201430155071257803163523612863113967495969578605521
Q_2=151010734276916939790591461278981486442548035032350797306496105136358723586953123484087860176438629843688462671681777513652947555325607414858514566053513243083627810686084890261120641161987614435114887565491866120507844566210561620503961205851409386041194326728437073995372322433035153519757017396063066469743
sub_Q=168992529793593315757895995101430241994953638330919314800130536809801824971112039572562389449584350643924391984800978193707795909956472992631004290479273525116959461856227262232600089176950810729475058260332177626961286009876630340945093629959302803189668904123890991069113826241497783666995751391361028949651
Ciphertext =  1709187240516367141460862187749451047644094885791761673574674330840842792189795049968394122216854491757922647656430908587059997070488674220330847871811836724541907666983042376216411561826640060734307013458794925025684062804589439843027290282034999617915124231838524593607080377300985152179828199569474241678651559771763395596697140206072537688129790126472053987391538280007082203006348029125729650207661362371936196789562658458778312533505938858959644541233578654340925901963957980047639114170033936570060250438906130591377904182111622236567507022711176457301476543461600524993045300728432815672077399879668276471832
Q = pow(sub_Q,Q_2,Q_1)
_Q=sympy.nextprime(Q)
n=1
#print(_Q)
def p_prime(p):
    while 1:
        p=p-2
        if(sympy.isprime(p)):
            return p


#_Q=95170653714081687088760585440906768700419459767774333757336842864507607081809193370870747769993218256925111100260761958233280546585624501259121060195932474781731613458132842656517609786144352755126076860272047457230913808406105832246663969943550533958139118721153456230616182820319799156494938586844573835221
P = [0 for i in range(17)]
P[9]=206027926847308612719677572554991143421
for i in range(10,17):
    P[i]=sympy.nextprime(P[i-1])
for i in range(9,0,-1):
    P[i-1]=p_prime(P[i])
for i in range(17):
    n*=P[i]
phi_1=1
for i in range(17):
    phi_1*=(P[i]-1)
d=gmpy2.invert(base,phi_1)
_P_1=pow(P_factor,d,n)
_P=sympy.nextprime(_P_1)
phi=(_P-1)*(_Q-1)
D=gmpy2.invert(base,phi)
_M=pow(Ciphertext,D,_P*_Q)
print(long_to_bytes(_M))

相關推薦

[MRCTF2020] babyRSA

首先我們拿到題目如下: import sympy import random from gmpy2 import gcd, invert from Crypto.Util.number import getPrime, isPrime, getRandomNBitInteger, bytes_to_long, long_to_bytes

[MRCTF2020]Ezaudit

[MRCTF2020]Ezaudit 知識點 1.原始碼洩露 2.偽隨機數 3.sql注入? 題解 開啟題目是個漂亮的前端,掃一下發現www.zip檔案洩露,下載審計

RoarCTF2019 babyRSA

題目 import sympy import random def myGetPrime(): A= getPrime(513) print(A) B=A-random.randint(1e3,1e5) print(B)

刷題[MRCTF2020]套娃

解題思路 檢視原始碼,發現註釋中存在程式碼 //1st $query = $_SERVER[\'QUERY_STRING\'];

[MRCTF2020]Ezpop

版權 Welcome to index.php <?php //flag is in flag.php //WTF IS THIS? //Learn From https://ctf.ieki.xyz/library/php.html#%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%AD%94%E6%9C%AF%E6%96%B9%E6%B3

BUUCTF逆向刷題——[MRCTF2020]Xor

這好像是一道簡單的題,仔細一點就能解開。 IDA開啟字串發現right後面跟了一些字串,點進去看看發現多了一個M,但是無關大雅,都複製了試試:MSAWB~FXZ:J:`tQJ"[email protected] bpdd}8g 然後想

WP | [MRCTF2020]Ezpop

2020.10.14 最近開始努力提高程式碼能力 題目程式碼 Welcome to index.php <?php //flag is in flag.php

BUUCTF-[MRCTF2020]你傳你馬呢 Writeup

0x00 題目 0x01 解題思路 首先上傳一個php一句話木馬,然後再進行各種繞過姿勢,當然也可以一步到胃。上一個BUUCTF的檔案上傳題目我就是一步一步來的,連結在這。

[MRCTF2020]Ez_bypass

0x01 開啟頁面首先可以得到的是一段php程式碼,進行程式碼美化以後放到PhpStorm中進行審計。

[NCTF2019]babyRSA

拿到壓縮包,解壓後得到一個加密指令碼 加密指令碼告訴了c和d,e這三個量的值,由RSA加密原理可以知道:

[MRCTF2020]你傳你🐎呢之.htaccess

前言 最近,也是遇到了檔案上傳的檔案,自己搭的靶場都不能用,今天,在這裡又遇到了這個題。簡單總結下,內容來自網際網路,若有侵權,聯絡我。

[MRCTF2020]Ez_bypass 1

1.發現 1.1開啟題目地址,發現PHP程式碼。 I put something in F12 for you include \'flag.php\';

BUUFTC-日刷-[MRCTF2020]Ezpop-tostring小知識點-反序列化屬性小坑

<?php //flag is in flag.php //WTF IS THIS? //Learn From https://ctf.ieki.xyz/library/php.html#%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E9%AD%94%E6%9C%AF%E6%96%B9%E6%B3%95

BUUCTF RE [MRCTF2020]Transform

1.查殼 2.IDA檢視 int __cdecl main(int argc, const char **argv, const char **envp) { char Str[104]; // [rsp+20h] [rbp-70h] BYREF

BUUCTF:[MRCTF2020]Hello_ misc

題目來源:https://buuoj.cn/challenges#[MRCTF2020]Hello_%20misc 題目給了兩個檔案 rar加密 先看png

[MRCTF2020]Ezpop 1

目錄 漏洞型別 解題思路 解題流程 新知識點 題目地址 漏洞型別 反序列化 解題思路

MRCTF2020 pyFlag

拿到壓縮包的時候7zip預覽,一下子就發現Setsuna.jpg中有壓縮包,直接丟進winhex檢視

BUU [MRCTF2020]hello_world_go

查殼出現的64位無殼檔案,那就拖入ida檢視內容 進去之後檢視字串沒有看到特別明顯的做題點

[RoarCTF2019]babyRSA

題目指令碼程式碼: import sympyimport randomdef myGetPrime():A= getPrime(513)print(A)B=A-random.randint(1e3,1e5)print(B)return sympy.nextPrime((B!)%A)p=myGetPrime()#A1=21856963452461630437348278434191