k = [...] len_k = len(k) len_flag = len(flag) ... cipher = flag n = 1000 while n > 0: for i in range(len_flag): cipher[i] = (cipher[i] * k[(n + 2) % len_k] + k[(n * 7) % len_k]) & 0xff n = n - 1 print(cipher)
cipher = [...] k = [...] len_k = len(k) n = 1 while n <= 1000: for i in range(len(cipher)): cipher [i] = ((cipher[i] - k[(n * 7) % len_k]) * inverse(k[(n + 2) % len_k], 0x100)) % 0x100 n += 1 print(bytes(cipher))
naive rsa
[题解分析]
已知$a=p\%q$,即$p=iq+a$,爆破i使得方程在ZZ下有解即可.
[exp]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
from tqdm import tqdm from gmpy2 import iroot from Crypto.Util.number import *
a = n = c = for i in tqdm(range(1, 2**21)): r, _ = iroot(a**2 + 4 * i * n, 2) if _: q = (-a + int(r)) // (2 * i) assert(n % q == 0) p = n // q break phi = (p - 1) * (q - 1) d = inverse(65537, phi) print(long_to_bytes(pow(c, d, n)))
defproof_of_work(): io.recvuntil("[:20]=") prefix = io.recvline().strip().decode("utf-8") n = 0 whileTrue: pre = sha512(long_to_bytes(n)).hexdigest()[:20] if pre == prefix: io.sendline(str(n)) break n += 1
defbsgs(alpha, beta, p): res = [] m = ceil(sqrt(p - 1)) S = {pow(alpha, j, p):j for j in range(m + 1)} gs = pow(alpha, p - 1 - m, p) for i in range(m + 1): if beta in S: res.append(i * m + S[beta]) beta = (beta * gs) % p return res
defcheck(msg): for m in msg: if m notin flag_dist: returnFalse returnTrue
deflevel1(): io.recvuntil("p=") p = int(io.recvline().strip().decode("utf-8")) g = 2 message1 = b"" for i in range(4): io.recvuntil("c=") c = int(io.recvline().strip().decode("utf-8")) y = bsgs(g, c, p) if len(y): for _ in y: if check(long_to_bytes(_)): message1 += long_to_bytes(_) else: print("Failed.") exit(0) message1 = message1.decode("utf-8") print(message1) io.sendlineafter("input the message:", message1) return message1
deflevel2(): io.recvuntil("pubkey= (") pubkey = io.recvline().strip().decode("utf-8")[:-1] pubkey = [int(_) for _ in pubkey.split(",")] e, g, p = pubkey[0], pubkey[1], pubkey[2] io.recvuntil("cipher= (") cipher = io.recvline().strip().decode("utf-8")[:-1] cipher = [int(_) for _ in cipher.split(",")] a, b = cipher[0], cipher[1] for d in range(2**16): message2 = long_to_bytes((inverse(pow(a, d, p), p) * b) % p) if check(message2): message2 = (long_to_bytes(d) + message2).decode("utf-8") print(message2) io.sendlineafter("input the message:", message2) return message2
deflevel3(): io.recvuntil("p=") p = int(io.recvline().strip().decode("utf-8")) params = io.recvline().strip().decode("utf-8") regex = re.compile("a=(\d+), b=(\d+)") params = regex.findall(params)[0] a, b = int(params[0]), int(params[1]) Ep = EllipticCurve(GF(p), [a, b]) message3 = [] io.recvline() for i in range(10): s = io.recvline().strip().decode("utf-8") regex = re.compile("G=\((\d+),(\d+)\),C=(\d+)") s = regex.findall(s)[0] x, y, c = int(s[0]), int(s[1]), int(s[2]) G = Ep(x, y) C = 10000 * G message3.append(c // int(C[0])) message3 = "".join(chr(_) for _ in message3) print(message3) io.sendlineafter("input the message:", message3) return message3
iv=getRandomRange(1,0xff) ... defencrypt(iv,message): padding=[iv] cipher=[message[0]^padding[0]] for i in range(1,len_flag): #print(cipher) padding.append(cipher[i-1]^padding[i-1]) cipher.append(message[i]^padding[i]) print("cipher={}".format(cipher))
defproof_of_work(): io.recvuntil("[:20]=") prefix = io.recvline().strip().decode("utf-8") n = 0 whileTrue: pre = sha512(long_to_bytes(n)).hexdigest()[:20] if pre == prefix: io.sendline(str(n)) break n += 1
defdec_round(hexMessage): numBlocks = len(hexMessage) // 8 permutedHexMessage = "" for i in range(numBlocks): permutedHexMessage += inv_permute(hexMessage[8*i:8*i+8]) substitutedHexMessage = "" for i in range(numBlocks): substitutedHexMessage += inv_substitute(permutedHexMessage[8*i:8*i+8]) return substitutedHexMessage
defdecrypt(hexMessage): for i in range(10000): hexMessage = dec_round(hexMessage) return unhexlify(hexMessage.encode())
Rand = RandCrack() data = [...] assert(len(data) >= 624) for i in range(624): Rand.submit(data[i]) for i in range(624, len(data)): Rand.predict_randrange(0, 0xffffffff) print Rand.predict_randrange(0, 0xffffffff)
from matplotlib.lines import Line2D import matplotlib.pyplot as plt
data = [[...],[...],...] # (min, sec) params = [] for row in data: param = [] for col in row: param.append(((col % 3600) // 60, col % 60)) params.append(param) # (delta_x, delta_y) delta = {0: (0, 0.5), 7: (0.353, 0.354), 10: (0.433, 0.25), 15: (0.5, 0), 20: (0.433, -0.25), 23: (0.353, -0.354), 30: (0, -0.5), 37: (-0.353, -0.354), 40: (-0.433, -0.25), 45: (-0.5, 0), 50: (-0.433, 0.25), 53: (-0.353, 0.354)}
# draw figure, ax = plt.subplots() ax.set_xlim(left=0, right=115) ax.set_ylim(bottom=0, top=15) y = 10 for row in params: x = 1 for col in row: dx, dy = delta[col[0]] ax.add_line(Line2D((x, x + dx), (y, y + dy), linewidth=1, color='blue')) dx, dy = delta[col[1]] ax.add_line(Line2D((x, x + dx), (y, y + dy), linewidth=1, color='red')) x += 1 y -= 1 plt.plot() plt.show()