NSS-DAY3

最新推荐文章于 2025-05-12 22:46:38 发布
最新推荐文章于 2025-05-12 22:46:38 发布
阅读量167 收藏 1
点赞数 4
分类专栏: CTF练习记录 文章标签: 网络安全 ctf 密码学
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/orchid_sea/article/details/145487697
版权

Crypto

[鹏城杯 2024]tArScR

题目:

from Crypto.Util.number import *
from secret import flag
import random

nbit  = 1024
beta  = 0.30
delta = 0.10

p = getPrime(int(beta * nbit))
q = getPrime(nbit - int(beta * nbit))

N = p * q
phi = (p-1) * (q-1)
while 1:
    dq = random.randrange(1,int(N ** delta))
    if dq > q-1:
        continue
    dp = random.randrange(1,p-1)
    try:
        d = Integer(crt([dp%(p-1),dq%(q-1)],[p-1,q-1]))
    except:
        continue
    if GCD(d,phi) == 1:
        e = int(inverse(d,phi))
        break

seckey, pubkey = (p,q,d,dp,dq), (N,e)
print(f"N = {N}")
print(f"e = {e}")

c = pow(bytes_to_long(flag), e, N)
print(f"c = {c}")
"""
N = 61857467041120006957454494977971762866359211220721592255304580940306873708357617802596067329984189345493420858543581027612648626678588277060222860337783377316655375278359169520243355170247177279595812282793212550819124960549824278287538977769728573023023364686725321548391592858202718446127851076431000427033
e = 22696852369762746127523066296087974245933137295782964284054040654103039210164173227291367914580709029582944005335464668969366909190396194570924426653294883884186299265660358589254391341147028477295482787041170991166896788171334992065199814524969470117229229967188623636764051681654720429531708441920158042161
c = 41862679760722981662840433621129671566139143933210627878095169470855743742734397276638345217059912784871301273620533442249011607182329472311453700434692358352210197988000738272869600692181834281813995048665466937302183039555350612260646428575598237960405962714063137455677605629008760761743568236135324015278
"""

有点复杂,参考WP:

# sage

from copy import deepcopy

N = 61857467041120006957454494977971762866359211220721592255304580940306873708357617802596067329984189345493420858543581027612648626678588277060222860337783377316655375278359169520243355170247177279595812282793212550819124960549824278287538977769728573023023364686725321548391592858202718446127851076431000427033
e = 22696852369762746127523066296087974245933137295782964284054040654103039210164173227291367914580709029582944005335464668969366909190396194570924426653294883884186299265660358589254391341147028477295482787041170991166896788171334992065199814524969470117229229967188623636764051681654720429531708441920158042161
c = 41862679760722981662840433621129671566139143933210627878095169470855743742734397276638345217059912784871301273620533442249011607182329472311453700434692358352210197988000738272869600692181834281813995048665466937302183039555350612260646428575598237960405962714063137455677605629008760761743568236135324015278
 

nbit  = 1024
beta  = 0.30
delta = 0.10

alpha = log(e, N)

P = PolynomialRing(ZZ, names=["x", "y", "z"])
x, y, z = P.gens()
 
X = ceil(2 * N^(alpha + beta + delta - 1))
Y = ceil(2 * N^beta)
Z = ceil(2 * N^(1 - beta))
 
def f(x,y):
    return x*(N-y)+N
def trans(f):
    my_tuples = f.exponents(as_ETuples=False)
    g = 0
    for my_tuple in my_tuples:
        exponent = list(my_tuple)
        mon = x ^ exponent[0] * y ^ exponent[1] * z ^ exponent[2]
        tmp = f.monomial_coefficient(mon)
        
        my_minus = min(exponent[1], exponent[2])
        exponent[1] -= my_minus
        exponent[2] -= my_minus
        tmp *= N^my_minus
        tmp *= x ^ exponent[0] * y ^ exponent[1] * z ^ exponent[2]
        
        g += tmp
    return g
 
 
m = 5 # need to be adjusted according to different situations
tau = ((1 - beta)^2 - delta) / (2 * beta * (1 - beta))
sigma = (1 - beta - delta) / (2 * (1 - beta))
 
print(sigma * m)
print(tau * m)
 
s = ceil(sigma * m)
t = ceil(tau * m)
my_polynomials = []
for i in range(m+1):
    for j in range(m-i+1):
        g_ij = trans(e^(m-i) * x^j * z^s * f(x, y)^i)
        my_polynomials.append(g_ij)
 
for i in range(m+1):
    for j in range(1, t+1):
        h_ij = trans(e^(m-i) * y^j * z^s * f(x, y)^i)
        my_polynomials.append(h_ij)
        
known_set = set()
new_polynomials = []
my_monomials = []
 
# construct partial order
while len(my_polynomials) > 0:
    for i in range(len(my_polynomials)):
        f = my_polynomials[i]
        current_monomial_set = set(x^tx * y^ty * z^tz for tx, ty, tz in f.exponents(as_ETuples=False))
        delta_set = current_monomial_set - known_set
        if len(delta_set) == 1:
            new_monomial = list(delta_set)[0]
            my_monomials.append(new_monomial)
            known_set |= current_monomial_set
            new_polynomials.append(f)            
            my_polynomials.pop(i)
            break
    else:
        raise Exception('GG')
        
my_polynomials = deepcopy(new_polynomials)
 
nrows = len(my_polynomials)
ncols = len(my_monomials)
L = [[0 for j in range(ncols)] for i in range(nrows)]
 
for i in range(nrows):
    g_scale = my_polynomials[i](X * x, Y * y, Z * z)
    for j in range(ncols):
        L[i][j] = g_scale.monomial_coefficient(my_monomials[j])
        
 
# remove N^j
for i in range(nrows):
    Lii = L[i][i]
    N_Power = 1
    while (Lii % N == 0):
        N_Power *= N
        Lii //= N
    L[i][i] = Lii
    for j in range(ncols):
        if (j != i):
            L[i][j] = (L[i][j] * inverse_mod(N_Power, e^m))
 
L = Matrix(ZZ, L)
nrows = L.nrows()
 
L = L.LLL()
# Recover poly
reduced_polynomials = []
for i in range(nrows):
    g_l = 0
    for j in range(ncols):
        g_l += L[i][j] // my_monomials[j](X, Y, Z) * my_monomials[j]
    reduced_polynomials.append(g_l)
 
# eliminate z
my_ideal_list = [y * z - N] + reduced_polynomials
 
# Variety
my_ideal_list = [Hi.change_ring(QQ) for Hi in my_ideal_list]
for i in range(len(my_ideal_list),3,-1):
    V = Ideal(my_ideal_list[:i]).variety(ring=ZZ)
    if V:
        print(V)
        break

p = int(V[0]['y'])
q = N // p

d = pow(e,-1,(p-1)*(q-1))
m = pow(c,d,N)
print(bytes.fromhex(hex(m)[2:]))
#b'flag{tlp17_1s_4w3s0m3}'

[广东强网杯 2021 团队组]RSA and BASE?

题目描述:
RSA和Base编码总该会了吧

RSA:
n=56661243519426563299920058134092862370737397949947210394843021856477420959615132553610830104961645574615005956183703191006421508461009698780382360943562001485153455401650697532951591191737164547520951628336941289873198979641173541232117518791706826699650307105202062429672725308809988269372149027026719779368169
e=36269788044703267426177340992826172140174404390577736281478891381612294207666891529019937732720246602062358244751177942289155662197410594434293004130952671354973700999803850153697545606312859272554835232089533366743867361181786472126124169787094837977468259794816050397735724313560434944684790818009385459207329
c=137954301101369152742229874240507191901061563449586247819350394387527789763579249250710679911626270895090455502283455665178389917777053863730286065809459077858674885530015624798882224173066151402222862023045940035652321621761390317038440821354117827990307003831352154618952447402389360183594248381165728338233

BASE:
"GHI45FQRSCX****UVWJK67DELMNOPAB3"

n可直接分解出p,q
RSA解密得到b’flag{TCMDIEOH2MJFBLKHT2J7BLYZ2WUE5NYR2HNG====}’
四个等号,推测是base32加密
由于码表中有四个未知,爆破解密base32

参考WP:

import string
from itertools import permutations
from base64 import b32decode

for i in string.ascii_uppercase + '234567':
    if i not in 'GHI45FQRSCX****UVWJK67DELMNOPAB3':
        print(i)

perm = permutations('TYZ2', 4)
for p in perm:
    p_s = p[0] + p[1] + p[2] + p[3]
    d = 'GHI45FQRSCX' + p_s + 'UVWJK67DELMNOPAB3'

    trans = str.maketrans(d, string.ascii_uppercase + '234567')
    sec = 'TCMDIEOH2MJFBLKHT2J7BLYZ2WUE5NYR2HNG===='.translate(trans)
    pt = b32decode(sec)
    all_printable = True
    for n in pt.decode('latin1'):
        if n not in string.printable:
            all_printable = False
            break
    if all_printable:
        print(pt)

# rsa_and_base_all_right

[NCTF 2018]Easy RSA

题目:

n = 24585768801100871989460458412563674690545986652089097718040761783186739174559136657307807040444318337561194142282186006216583089898423180103199568738639814413601595196467099996734334212909157604318709957690532885862891927163713619932622153281344607898846228206181834468325246573910857887714824338949742479585089251882243488454602710292507668577598274622372304293403731722318890268908300308478539449464617438721833942643889296634768118375076052778833640986893990732882252524850152650060780854621796349622086656401914022236044924841914313726991826438982902866584892213702893596657746111940812657202364588469026832387629
p - q = 14048479366496281701869293063643750801596179514889914988732592464154208813942939793532694949932787548745769133200541469022315588864587160064703369956054828780928008235304461825448872454098086255531582368864754318040219023548966787642948010656526691472780392631956031751285174567712974691729142190835749586660
e = 65537
c = 13043206753625359891696429504613068427529111016070088678736297291041435652992434742862062899975037273524389833567258051170507686131853178642412748377655159798601888072877427570380109085131089494464136940524560062629558966202744902709909907514127527274581612606840291391818050072220256661680141666883565331886278443012064173917218991474525642412407692187407537171479651983318468186723172013439034765279464665108704671733067907815695414348312753594497823099115037082352616886076617491904991917443093071262488786475411319592529466108485884029307606114810451140886975584959872328937471166255190940884805476899976523580343

n=p*q,t=p-q联立方程解出p,q的值

from sympy import *
from Crypto.Util.number import *

n = 24585768801100871989460458412563674690545986652089097718040761783186739174559136657307807040444318337561194142282186006216583089898423180103199568738639814413601595196467099996734334212909157604318709957690532885862891927163713619932622153281344607898846228206181834468325246573910857887714824338949742479585089251882243488454602710292507668577598274622372304293403731722318890268908300308478539449464617438721833942643889296634768118375076052778833640986893990732882252524850152650060780854621796349622086656401914022236044924841914313726991826438982902866584892213702893596657746111940812657202364588469026832387629
t = 14048479366496281701869293063643750801596179514889914988732592464154208813942939793532694949932787548745769133200541469022315588864587160064703369956054828780928008235304461825448872454098086255531582368864754318040219023548966787642948010656526691472780392631956031751285174567712974691729142190835749586660
e = 65537
c = 13043206753625359891696429504613068427529111016070088678736297291041435652992434742862062899975037273524389833567258051170507686131853178642412748377655159798601888072877427570380109085131089494464136940524560062629558966202744902709909907514127527274581612606840291391818050072220256661680141666883565331886278443012064173917218991474525642412407692187407537171479651983318468186723172013439034765279464665108704671733067907815695414348312753594497823099115037082352616886076617491904991917443093071262488786475411319592529466108485884029307606114810451140886975584959872328937471166255190940884805476899976523580343

# n=p*q
# t=p-q
p,q = symbols('p,q')
eq1=Eq(p*q,n)
eq2=Eq(p-q,t)
s = solve((eq1,eq2),(p,q))
for i in s:
    print(i)
    
p = 163979993780473228636250944509658100304105288291161815533296974391197924208241177469979929848925840413549589001337016682107921402071171221384247679860925727646585534725356410523705767408370013103023547625067109338180880560875828450693640775629005283101707663609483220395891338395873247794351441082424506156057
q = 149931514413976946934381651446014349502509108776271900544564381927043715394298237676447234898993052864803819868136475213085605813206584061319544309904870898865657526490051948698256894954271926847491965256202355020140661537326861663050692764972478591628927270977527188644606163828160273102622298891588756569397
d = inverse(e,(p-1)*(q-1))
m = pow(c,d,n)
print(long_to_bytes(m))
#b'nctf{my_M4th_1s_t00_b4d!!!}'

[FSCTF 2023]埃塞克的秘密

题目:

埃塞克先生将自己的秘密藏在盒子里并交给了ROT保管,埃塞克先生在盒子上留下了这样一串数字:
117 36 114 37 117 76 37 57 111 63 60 48 74 64 70 78

ASCII码转换为字符:u$r%uL%9o?<0J@FN
再ROT47解码
在这里插入图片描述

[OTA-day3SPI]W25Q64擦写
weixin_63303786的博客
05-17 602
所以,在从机模式下,应用程序必须确保在数据发送开始前, 数据已经写入发送缓冲区中。SPI开始发送一个数据帧时,首先将这个数据帧从数据缓冲区加载到移位寄存器中,然后开始发送加载的数据。在主机模式下,若想要实现连续发送功能,那么在当前数据帧发送完成前,软件应该将下一个 数据写入SPI_DATA。模式中,为了接收下一个数据帧,硬件需要连续发送时钟信号,而在全 双工主机模式(MFD。SPI协议是一个四线制的协议,是全双工的,具体的解释可以看看这篇文章。)中,当发送缓冲区非空时,硬件只接收下一个数据帧。
Linux云计算 |【第二阶段】SECURITY-DAY1
小安的运维专栏
08-21 1721
监控基础(系统监控命令、监控软件)、Zabbix监控服务端部署、Zabbix监控客户端部署、创建监控主机、调用监控模板、自定义key、创建模板、应用集、监控项、绑定模板;
NSS-DAY6
orchid_sea的博客
02-13 476
题目:一只兔子翻过5层栅栏去找base玩根据提示,先rabbit解密:再栅栏:最后base:解出:NSSCTF{Welc0me_t0_the_w0rld_0f_crypt0graphy!!!
NSS-DAY4
orchid_sea的博客
02-10 940
太久不做web,签到题都做不来了,FLAG在进程环境变量中。
NSS-DAY5
orchid_sea的博客
02-12 807
参考WP,coppersmith爆破。当epsilon调至最小0.01,p为512bit,p的高位至少泄露264bit,环多项式方程在模n情况下有解,但是现在p = p>>256,也就是说只泄露了高256位,我们还需要爆破8bit才能copper出来,大概爆破时间5~6分钟左右。
NSS-DAY2
orchid_sea的博客
02-06 426
对字母进行循环偏移,即凯撒加密。
NSS-DAY7 标记题分析
orchid_sea的博客
03-10 190
根据M ^e mod  p =0,即M ^e是p的倍数,有c=(k×p)mod(p×q)。因为 k×p 必然小于 p×q,所以c = (k×p)mod(p×q) = k×p。因为M是p的倍数,所以M ^e = (k*p) ^e = k ^e * p ^e。因为p ^e必然是p的倍数,所以 M ^e mod  p =0。第三部分密文为M = 2022 * m * 1011 * p。得到 b’PCL{16745c3b’得到b’0c134c83b74f’解出p后进行解密密文。
NSS-DAY1
orchid_sea的博客
02-05 363
题目:task.sage。
CentOS7-nginx注册服务
qq_17743891的博客
08-08 1287
在CentOS7中Nginx注册服务
sql-server安装部署ubuntu
云深海阔专栏
05-05 584
然后导入公共库GPG密钥 root@match_test:~# curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left S
云计算--day07
cx612728的博客
12-09 1760
设备与挂载点目录挂载 软件包的安装和卸载
Linux云计算 |【第三阶段】PROJECT1-DAY2
小安的运维专栏
09-13 1595
网站架构演变、LNP+Mariadb数据库分离、Web服务器集群(部署Nginx后端web服务器、部署NFS共享存储服务器、部署Haproxy代理服务器、部署DNS域名解析服务器)
Linux云计算 |【第一阶段】ENGINEER-DAY5
小安的运维专栏
07-18 1499
SELinux、系统故障修复、HTTPD/FTP服务搭建、防火墙策略管理、服务管理
《Python 黑帽子》学习笔记 - 原书 netcat 代码分析 - Day 7
信安工匠
03-27 4651
简单介绍了 netcat 的功能和运用后,开始学习理解该书中实现的 netcat 代码。 功能 从标准输入中读取数据,并通过网络发送数据。 上传文件。 执行命令。 命令行 shell. 实现 解析命令行选项和参数,根据选项设置相应功能标识及参数变量,如果选项和参数不正确打印帮助信息。 依据功能标识变量,设计调用功能函数的逻辑流程。主体包括两部分,向外连接和本地监听。 向外连接...
一文解读,网络安全行业人才需求情况《网络安全产业人才发展报告》
weixin_59086772的博客
10-18 8692
随着近几天国家网络安全宣传周在全国各地开展活动,网络安全再一次成为热门话题。网络安全不再缩在小小的安全圈子里,惠及面越来越广。不少对网络安全颇有兴趣的朋友非常关心行业前景如何?该怎么提升自我能力,更快地加入网安行列。 今天雨笋君就10月13日在网络安全宣传周上发布的《2021网络安全人才报告》进行一个简单的行业前景分析。 一、网络安全行业市场发展情况 网络时代生活越来越离不开网络,与此同时发生的网络安全攻击事件、非法入侵等等一系列事件都威胁着普通人的生活。没有网络安全保障,个人和企业等重.
密码学系列 - SR25519与ED25519
搬砖魁首的博客
05-07 1026
SR25519 是一种Schnorr签名算法的具体实现,使用Curve25519作为基础曲线。安全性:Schnorr 签名方案被认为具有比 ECDSA 更强的安全属性,尤其是在抗量子计算攻击方面。性能:Curve25519 提供了高效的椭圆曲线运算,适合在资源受限的环境中使用。(适合嵌入式)简洁性:Schnorr 签名方案的设计相对简洁,易于实现和验证。Ed25519 使用的是一种称为 Curve25519 的椭圆曲线。
【应用密码学】实验四 公钥密码1——数学基础
xinghuayu_lin的博客
05-06 886
【应用密码学】实验四 公钥密码1——数学基础
第三次作业(密码学
2402_85171273的博客
04-29 1529
printf("解密后的明文: %d\n", decrypted);printf("密文: %d\n", ciphertext);printf("明文: %d\n", plaintext);// 计算最大公约数。
密码学--希尔密码
最新发布
qq_66754192的博客
05-12 451
不同的是,仿射密码是直接对明文的每个字符进行依此进行加密解密,而希尔密码需要对对需要加密或者解密问文本进行分组,每M个一组一起进行加密或者解密,如是在n个M组以后还有剩余不够M个,即进行填充,可以以任何形式进行填充,在此次实验中,我选择了小写字母x,因为在一般情况下,其出现频率最小。综上可知,希尔密码和仿射密码都是需要求逆元,只是仿射密码是直接对密钥求逆元得到的就是解密的密钥,而希尔是对加密矩阵的行列式求逆元,得到的也只是行列式的逆元,而还需要*加密矩阵的伴随矩阵,得到的新的矩阵才是解密的矩阵。
nssnss-tools下载地址
01-25
### nssnss-tools 的官方下载地址 对于 `nss` 及其工具包 `nss-tools`,官方网站提供了详细的获取途径。这些软件包通常通过 Linux 发行版的默认仓库安装最为便捷和安全。 #### 使用 YUM 或 DNF 进行安装 在...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值