MikeCoke的博客

给的题目：My friend Shamir was trying to share the flag with me and some of the other problem writers, but he wanted to make sure it didn’t get intercepted in transmission, so he split it up. He said that the secrets that he shared will help us find the flag,

zip解压后得到一个 flag.aes128cbc 文件，使用 openssl 就可对其解密。openssl 使用参考输入命名：enc -d -aes-128-cbc -md md5 -pass pass:SevenPinLock0123456 -in flag.aes128cbc这里会要求输入解密的密钥，用010editor打开zip文件，就能看到密钥 ：SevenPinLock0123456得到flag :CTF{always_add_comments}注意这里由于我使用的 op

追踪TCP流量包，获得文件。发现应该是进行了字符替换。解密EXP:s = 'PMSFADNIJKBXQCGYWETOVHRULZpmsfadnijkbxqcgywetovhrulz'm = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'# print(len(s))import stringx = string.ascii_letters.maketrans(s,m)Cipher = '''CRYPT0R_SEED:58C

Schmidt-Samoa密码系统Schmidt-Samoa密码系统，像rabin加密一样，其安全性基于整数因式分解的难度。但 Rabin 解密时会得到四个解，而 Schmidt-Samor 得到的是唯一解。密钥生成1.选取两个大的质数p和q并进行计算N=p2qN = p^2qN=p2q2. 计算 d=invert(N,φ(pq))d = invert(N,φ(pq))d=invert(N,φ(pq))加密对消息m，计算密文 C=mNmodNC=m^N mod NC=mNmodN解密计算明文

题目给了三个文件：enc.py加密程序，flag加密结果，pubkey公钥文件import sysimport Crypto.PublicKey.RSA as RSAdef enc(msg, pubkey): (n,e) = pubkey m = int.from_bytes(msg, byteorder = 'little') #这里涉及一个逆向知识，小端存储 c = pow(m, e, n) ctxt = (c).to_bytes(c.bit_length() // 8

题目：# !/usr/bin/env/python3import randomflag = "flag{" + ''.join(str(random.getrandbits(32)) for _ in range(4)) + "}"with open('output.txt', 'w') as f: for i in range(1000): f.write(str(random.getrandbits(32)) + "\n")print(flag)学习文章：

题目：from Crypto.Random import randomfrom Crypto.Util import numberfrom flag import flagdef convert(m): m = m ^ m >> 13 m = m ^ m << 9 & 2029229568 m = m ^ m << 17 & 2245263360 m = m ^ m >> 19 return m

题目文件：flag_cipher.txt暹攕J峦敕?(緲\槊^!6赾1?[+祙砡?JL潋?醕?龉'>c籭剙lst?Y戸kb?飀[hC? x曑籃祏?HC)蘶鑶崧字得?g謾帟*M痎?=臛琥渣n8??П鮷蹛?梎zS'/鼿致M泅?u=|鐓﹌?-R帇S?求N,a蜆AD?露0?~@?S鑸78& 1C?B瓫\厊X煷3;玾尣a軋灛?粺皕?玔X釆貫??H氌l?鋗鵨??Y ?惰8亩w?殦坎鱟襺鼻熶
???糱佴?萿捏9k)k?肱憜~焧WK1

题目：flag = "flag{xxxxxxxxxxxxxxxx}"assert flag.startswith("flag{")assert flag.endswith("}")assert len(flag)==14def lfsr(R,mask): output = (R << 1) & 0xffffffff i=(R&mask)&0xffffffff lastbit=0 while i!=0: lastb

题目：解题原理和streamgame1一样from flag import flagassert flag.startswith("flag{")assert flag.endswith("}")assert len(flag)==27def lfsr(R,mask): output = (R << 1) & 0xffffff i=(R&mask)&0xffffff lastbit=0 while i!=0: l

题目：from flag import flagassert flag.startswith("flag{")# 作用：判断字符串是否以指定字符或子字符串开头flag{assert flag.endswith("}")# 作用：判断字符串是否以指定字符或子字符串结尾}，flag{}，6个字节assert len(flag)==25# flag的长度为25字节，25-6=19个字节#3<<2可以这么算，bin(3)=0b11向左移动2位变成1100，0b1100=12(十进制)d

从jpg文件中，可以提取出.jpg图片提取结果：画了一棵树，想到数据结构中的二叉树算法。题目又说 left or right 。左或右，即前序和中序，百度找一个二叉树求后序的算法就可以解出来了。这两段16进制数据，转换成ascii码，然后用二叉树算法求后序：# f09e54c1bad2x38mvyg7wzlsuhkijnop# 905e4c1fax328mdyvg7wbsuhklijznopdef fromFMtoL( mid ): global las #全局后序遍历 glo

题目：给了三个文件，附件1和附件2，以及加密的 easydes.zip 压缩包，通过解密附件1,2以获取解密 zip 的 key附件1 encryptedkey.txt72143238992041641000000.000000,77135357178006504000000000000000.000000,1125868345616435400000000.000000,67378029765916820000000.000000,7555348609218470300000000000

题目：from Crypto.Util.number import bytes_to_long, getPrimefrom random import randintfrom gmpy2 import powmodimport sysp = getPrime(1024)q = getPrime(1024)N = p*qPhi = (p-1)*(q-1)with open("flag", 'r') as fr: flag = bytes_to_long(fr.read().strip(

flag_encry1文件螲繓r??28爔#_f鑑V枫戟>?靆鰵?崃mk?k稽jRL@f_離峹??$?"鰌'曣誨?磈j鵾挬"^>a4?缆鰿t?檣駼'?
铯鮗籊邆w咗?玈獥鉹谸?饏s｝?U4z?澴?F牶劰BS?,衃F=nP?譅Q%(?y価?簃覮=€w]mWg嗧糢?]b?S菾?跹瑂a.鞸寖娿饟~'uN?D75斨C?Au>羋T??y(DMflag_encry2文件?繨楺o偈?n(汏E*A聦t??`N`搯痲>0gh茅翭V筇旎畨 ?雧翍

题目：Encrytp.py文件import sysfrom binascii import unhexlifyif(len(sys.argv)<4): print("Usage: python Encrypt.py keyfile plaintext ciphername") exit(1)def lfsr(R, mask): output = (R << 1) & 0xffffffffffffffff i=(R&mask)&0xfffffff

题目：72065910510177138000000000000000.00000071863209670811371000000.00000018489682625412760000000000000000.00000072723257588050687000000.0000004674659167469766200000000.00000019061698837499292000000000000000000000.000000这个题考的是数据在计算机内存中的存储，需要将上面的数据转换为

已注释后的题目：flag = bytearray(raw_input())flag = list(flag)length = len(flag)bits = 16## Prime for Finite Field.p = random_prime(2^bits-1, False, 2^(bits-1))file_out = open("downloads/polynomial_rsa.txt", "w")file_out.write("Prime: " + str(p) + "\n")

题目from Crypto.Util.number import *from gmpy2 import *from secret import flagp = getPrime(25)e = # Hiddenq = getPrime(25)n = p * qm = bytes_to_long(flag.strip(b"npuctf{").strip(b"}"))c = pow(m, e, n)print(c)print(pow(2, e, n))print(pow(4, e, n

题目gqhb jbkl2 pbkhqw pt_kqpbdgqhb ht pbkhqw zqreahbpbkhqw urtd64adg ulwdt_wh_ezb(u): qdwzqe pew(u.dexhad('mdi'), 16) adg ezb_wh_ulwdt(e): u = mdi(e)[2:-1] u = '0' + u pg yde(u)%2 == 1 dytd u qdwzqe u.adxhad('mdi')adg jdw_r_kqpbd(y): qreahb_tdd

题目：..-.-.-.–…….–..-…-..-…–.-.-….-..-..–.-.-..-.-..—-看上去是摩斯电码，实际上就是摩斯电码，hhhhh。但是其中的 .- 被修改过，格式有一点错误。正确的摩斯电码：..-.-.-.--.......--..-...-..-...--.-.-....-..-..--.-.-..-.-..----解码后得到：aababababbaaaaaaabbaabaaabaabaaabbababaaaabaabaabbababaababaabbbb将a

题目：import subprocessp = subprocess.check_output('openssl prime -generate -bits 2048 -hex')q = subprocess.check_output('openssl prime -generate -bits 2048 -hex')flag = int('INSA{REDACTED}'.encode('hex'), 16)N = int(p,16) * int(q,16)print Nprint '0x'

#注：文中代码都使用 python3题目：from Cryptodome.Cipher import AESimport osimport gmpy2from flag import FLAGfrom Cryptodome.Util.number import *def main(): key=os.urandom(2)*16 iv=os.urandom(16) print(bytes_to_long(key)^bytes_to_long(iv)) aes=A

得到一份提示：When you need really secure communications, you use RSA with a 4096 bit key. <br>I want really really really secure communications to transmit the nuclear launch codes (yeah IoT is everywhere man) so I used RSA with a 16777216 bit key. Surel

BrokenSystems题目：public.txt-----BEGIN PUBLIC KEY-----MIICITANBgkqhkiG9w0BAQEFAAOCAg4AMIICCQKCAQEAwgdFIj/1uUss2EEhZvcoiiHyGH4aQhRTkYyrA8gCU0USM+sb3CNjdEIoqoaUqMLLyDP4Dd9AgxpokBsjC4Pz8P7Uty0LlCteld7ayNzABHoq+5DIHtctOtSbcvyL0NMWfd2qarUWfAWN82rxkLIWCFu9

题目hint是共模攻击的老套路了，用扩展欧几里得算法就能解出来。解出来得到的提示为：m.bit_length() < 400task这里放上大佬写的博客链接这里的m2 - (c1 + c2)m + c1 * c2 = ijn ≡ 0 mod n是通过公式化简，得到一个关于未知量 m 的多项式，然后用sage解多项式求根就能得到 flag 了。我写的代码：from gmpy2 import*from libnum import*from sympy import*

分析题目：通过分析代码，我们可以知道这个题是 ECC 和 RSA 的混合加密，尽管用了两种加密方式，但加密并不复杂。我们只需要求出 ，p,q的值就能得到 flag 了。点（p，q）是椭圆曲线上的两个点。代入椭圆曲线的方程就能解出 p，q了。q ^ 2 = p ^ 3 + a * p + b又因为 n = p * q ，将方程左右两边同时乘以 p ^ 2所以有：n ^ 2 = p ^ 5 + a * p ^ 3 + b * p ^2通过Sage解方程：发现第二个结果符合条件：