强网杯2024 Crypto复现
强网杯Crypto1. EasyRSA题目123456789101112131415161718192021222324252627282930313233343536373839404142#encoding:utf-8from Crypto.Util.number import long_to_bytes, bytes_to_long, getPrimeimport random, gmpy2class RSAEncryptor: def __init__(self): self.g = self.a = self.b = 0 self.e = 65537 self.factorGen() self.product() def factorGen(self): while True: self.g = getPrime(500) while not gmpy2.is_prime(2*self.g*self.a+1): self.a = random.randint(2**523, 2**524) while not gmpy2.is_prime(2*se ...
SRCTF Crypto 复现
justez题目12345678910111213141516171819202122from Crypto.Util.number import *flag = bytes_to_long(b'SRCTF{Kicky_Mu_is_a_beautiful_girl!}')Ö_0Ovo = getPrime(30)o_oOvo = getPrime(512)o_oÖvo = getPrime(512)phi_n = (o_oOvo-1)*(o_oÖvo-1)e = pow(Ö_0Ovo, -1, phi_n)n = o_oOvo * o_oÖvoc = pow(flag, e, n)print('n =', n)print('the_secret =', c)print('crazy_e =', e)'''n = 59447861832652211537262617254184281479829852166925461903662081261289292515 ...
XYCTF Crypto WP
XYCTF:1.signin/signin Revenge经过源码分析,可知此题是个简单的逆123456789101112131415161718192021222324252627282930313233343536373839404142from Crypto.Util.number import *from tqdm import *import gmpy2flag=b'XYCTF{uuid}'flag=bytes_to_long(flag)leak=bin(int(flag))while 1: leak += "0" if len(leak) == 514: breakdef swap_bits(input_str): input_list = list(input_str[2:]) length = len(input_list) for i in range(length // 2): temp = input_list[i] input_li ...
NKCTF2024 复现+wp
NKCTF:Crypto:1.eZ_Math:这道题经过分析做了出来:题目:123456789101112131415161718192021222324from Crypto.Util.number import *from secret import flagm1, m2 = bytes_to_long(flag[:len(flag)//2]), bytes_to_long(flag[len(flag)//2:])p, q, r, s = [getStrongPrime(512) for _ in range(4)]e = 0x10001n = p * q * r * sx = pow(q + r, p, n)y = pow(p * q + r, p, n)z = pow(s + 1, m1, s ** 3)c = pow(m2, e * (s - 1), n)print(f'{n = }')print(f'{x = }')print(f'{y = }')prin ...
RSA 一些进阶攻击方式及变体
RSA 进阶攻击:1.Rabin:一个密文可以解出四个明文(并非单射)
具体实现:取两个大素数 (p,q)满足:
p \equiv q \equiv 3 \pmod4加密:
c=m^{2} \pmod n解密,即求解:
m^{2} \equiv c \pmod n因为 p,q | n ,相当于求
\begin{cases} m^{2}\equiv c \pmod p \\ m^{2}\equiv c \pmod q\end{cases} c 是模 p 的二次剩余即:
c^{\frac{p-1}{2}}\equiv 1 \pmod p代入原式得:
m^{2}\equiv c \equiv c^{\frac{p-1}{2}} \cdot c \equiv c^{\frac{p+1}{2}} \pmod p开方得:
\begin{cases} m1 \equiv c^{\frac{p+1}{4}} \pmod p \\ m2 \equiv (p-c^{\frac{p+1}{4}}) \pmod p\end{cases}同理,可求出 m3,m4 。
注:若:
x^{2}\equiv a \pm ...
RSA 基本原理
RSA 的基本原理实现1.公钥的生成随机选取两个大的质数 p,q ,相乘得到 n
n=p*q然后计算 n 的欧拉函数
\varphi(n)=(p-1)*(q-1)生成公钥 e取一个整数 e ,满足以下条件:
1