Lst4r's Blog

强网杯Crypto1. EasyRSA题目123456789101112131415161718192021222324252627282930313233343536373839404142#encoding:utf-8from Crypto.Util.number import long_to_bytes, bytes_to_long, getPrimeimport random, gmpy2class RSAEncryptor: def __init__(self): self.g = self.a = self.b = 0 self.e = 65537 self.factorGen() self.product() def factorGen(self): while True: self.g = getPrime(500) while not gmpy2.is_prime(2*self.g*self.a+1): self.a = random.randint(2**523, 2**524) while not gmpy2.is_prime(2*se ...

justez题目12345678910111213141516171819202122from Crypto.Util.number import *flag = bytes_to_long(b'SRCTF{Kicky_Mu_is_a_beautiful_girl!}')Ö_0Ovo = getPrime(30)o_oOvo = getPrime(512)o_oÖvo = getPrime(512)phi_n = (o_oOvo-1)*(o_oÖvo-1)e = pow(Ö_0Ovo, -1, phi_n)n = o_oOvo * o_oÖvoc = pow(flag, e, n)print('n =', n)print('the_secret =', c)print('crazy_e =', e)'''n = 59447861832652211537262617254184281479829852166925461903662081261289292515 ...

XYCTF:1.signin/signin Revenge经过源码分析，可知此题是个简单的逆123456789101112131415161718192021222324252627282930313233343536373839404142from Crypto.Util.number import *from tqdm import *import gmpy2flag=b'XYCTF{uuid}'flag=bytes_to_long(flag)leak=bin(int(flag))while 1: leak += "0" if len(leak) == 514: breakdef swap_bits(input_str): input_list = list(input_str[2:]) length = len(input_list) for i in range(length // 2): temp = input_list[i] input_li ...

NKCTF:Crypto:1.eZ_Math:这道题经过分析做了出来:题目:123456789101112131415161718192021222324from Crypto.Util.number import *from secret import flagm1, m2 = bytes_to_long(flag[:len(flag)//2]), bytes_to_long(flag[len(flag)//2:])p, q, r, s = [getStrongPrime(512) for _ in range(4)]e = 0x10001n = p * q * r * sx = pow(q + r, p, n)y = pow(p * q + r, p, n)z = pow(s + 1, m1, s ** 3)c = pow(m2, e * (s - 1), n)print(f'{n = }')print(f'{x = }')print(f'{y = }')prin ...

RSA 进阶攻击：1.Rabin：一个密文可以解出四个明文（并非单射） 具体实现：取两个大素数 (p,q)满足： p \equiv q \equiv 3 \pmod4加密： c=m^{2} \pmod n解密，即求解： m^{2} \equiv c \pmod n因为 p,q | n ,相当于求 \begin{cases} m^{2}\equiv c \pmod p \\ m^{2}\equiv c \pmod q\end{cases} c 是模 p 的二次剩余即： c^{\frac{p-1}{2}}\equiv 1 \pmod p代入原式得： m^{2}\equiv c \equiv c^{\frac{p-1}{2}} \cdot c \equiv c^{\frac{p+1}{2}} \pmod p开方得： \begin{cases} m1 \equiv c^{\frac{p+1}{4}} \pmod p \\ m2 \equiv (p-c^{\frac{p+1}{4}}) \pmod p\end{cases}同理，可求出 m3,m4 。 注：若： x^{2}\equiv a \pm ...

RSA 的基本原理实现1.公钥的生成随机选取两个大的质数 p,q ,相乘得到 n n=p*q然后计算 n 的欧拉函数 \varphi(n)=(p-1)*(q-1)生成公钥 e取一个整数 e ,满足以下条件： 1