moectf2022-crypto复现

moectf
赛题
发布日期:   2025-06-23

vigenere

题目描述:

1
flag格式: moectf{xxxx} 维基百科说: 维吉尼亚密码以其简单易用而著称,同时初学者通常难以破解,因而又被称为“不可破译的密码”(法语:le chiffre indéchiffrable)。 那么聪明的你能够破解嘛?

维吉尼亚爆破

最后flag为

1
moectf{attacking_the_vigenere_cipher_is_interesting}

0rsa0

题目描述:

1
https://github.com/XDSEC/MoeCTF_2022

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
from Crypto.Util.number import *
from flag import flag

assert flag[0:7] == b'moectf{'
assert flag[-1:] == b'}'
flag = flag[7:-1]
assert len(flag) == 32

m1 = bytes_to_long(flag[0:16])
m2 = bytes_to_long(flag[16:32])

def enc1(m):
    p = getPrime(512)
    q = getPrime(512)
    n = p * q
    e = 3
    c = pow(m,e,n)
    return n,e,c

def enc2(m):
    p = getPrime(512)
    q = getPrime(512)
    e = 65537
    d = inverse(e,(p-1)*(q-1))
    n = p * q 
    dp2 = d % (p-1)
    c = pow(m,e,n)
    return n,e,c,dp2

n1,e1,c1 = enc1(m1)
n2,e2,c2,dp2 = enc2(m2)

print("n1="+ str(n1))
print("e1="+ str(e1))
print("c1="+ str(c1))
print("n2="+ str(n2))
print("e2="+ str(e2))
print("c2="+ str(c2))
print("dp2="+ str(dp2))

'''
n1=133024413746207623787624696996450696028790885302997888417950218110624599333002677651319135333439059708696691802077223829846594660086912881559705074934655646133379015018208216486164888406398123943796359972475427652972055533125099746441089220943904185289464863994194089394637271086436301059396682856176212902707
e1=3
c1=1402983421957507617092580232325850324755110618998641078304840725502785669308938910491971922889485661674385555242824
n2=159054389158529397912052248500898471690131016887756654738868415880711791524038820158051782236121110394481656324333254185994103242391825337525378467922406901521793714621471618374673206963439266173586955520902823718942484039624752828390110673871132116507696336326760564857012559508160068814801483975094383392729
e2=65537
c2=37819867277367678387219893740454448327093874982803387661058084123080177731002392119369718466140559855145584144511271801362374042596420131167791821955469392938900319510220897100118141494412797730438963434604351102878410868789119825127662728307578251855605147607595591813395984880381435422467527232180612935306
dp2=947639117873589776036311153850942192190143164329999603361788468962756751774397111913170053010412835033030478855001898886178148944512883446156861610917865
'''

解题思路

1
2
3
4
5
6
7
1.恢复 m1:由于 e1=3 且 m1 较小(16 字节),m1^3 小于 n1,因此可以直接计算 c1 的整数立方根得到 m1。

2.分解 n2:使用 dp2(d mod (p-1))恢复因子 p。方法是通过计算 edp = e2 * dp2 - 1,然后遍历可能的 k 值(edp = k * (p-1)),找到能整除 n2 的 p 候选值。

3.解密 m2:使用分解出的 p 和 q 计算 φ(n2) 和私钥指数 d2,然后解密 c2 得到 m2。

4.组合 flag:将 m1 和 m2 转换为字节,并格式化为 flag 字符串。

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
from Crypto.Util.number import long_to_bytes
import math

# Given values
n1 = 133024413746207623787624696996450696028790885302997888417950218110624599333002677651319135333439059708696691802077223829846594660086912881559705074934655646133379015018208216486164888406398123943796359972475427652972055533125099746441089220943904185289464863994194089394637271086436301059396682856176212902707
e1 = 3
c1 = 1402983421957507617092580232325850324755110618998641078304840725502785669308938910491971922889485661674385555242824

n2 = 159054389158529397912052248500898471690131016887756654738868415880711791524038820158051782236121110394481656324333254185994103242391825337525378467922406901521793714621471618374673206963439266173586955520902823718942484039624752828390110673871132116507696336326760564857012559508160068814801483975094383392729
e2 = 65537
c2 = 37819867277367678387219893740454448327093874982803387661058084123080177731002392119369718466140559855145584144511271801362374042596420131167791821955469392938900319510220897100118141494412797730438963434604351102878410868789119825127662728307578251855605147607595591813395984880381435422467527232180612935306
dp2 = 947639117873589776036311153850942192190143164329999603361788468962756751774397111913170053010412835033030478855001898886178148944512883446156861610917865

# Step 1: Recover m1 by computing the integer cube root of c1
def integer_cube_root(n):
    low, high = 1, n
    while low <= high:
        mid = (low + high) // 2
        mid_cubed = mid ** 3
        if mid_cubed < n:
            low = mid + 1
        elif mid_cubed > n:
            high = mid - 1
        else:
            return mid
    return None

m1_int = integer_cube_root(c1)
if m1_int is None or m1_int**3 != c1:
    raise ValueError("Failed to compute cube root for c1")
m1_bytes = long_to_bytes(m1_int)

# Step 2: Factor n2 using dp2
edp = e2 * dp2 - 1  # edp = k * (p-1) for some integer k
found = False
p = None
# k is small, typically in a limited range
for k in range(1, 200000):
    if edp % k == 0:
        p_candidate = edp // k + 1
        if p_candidate > 1 and n2 % p_candidate == 0:
            p = p_candidate
            found = True
            break

if not found:
    raise ValueError("Failed to factor n2 using dp2")

q = n2 // p
assert p * q == n2, "Factorization failed"

# Step 3: Decrypt m2 using p and q
phi = (p - 1) * (q - 1)
d2 = pow(e2, -1, phi)  # Modular inverse of e2 mod phi
m2_int = pow(c2, d2, n2)
m2_bytes = long_to_bytes(m2_int)

# Step 4: Combine to form the flag
flag = b'moectf{' + m1_bytes + m2_bytes + b'}'
print(flag.decode())

运行得到

最后flag为

1
moectf{T8uus_23jkjw_asr_3d32awd!5f&#@sd}

一次就好

题目描述:

1
flag格式: moectf{xxxx} “一次就好,我陪你去看天荒地老~~~~”

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from Crypto.Util.strxor import strxor
from Crypto.Util.number import *
from gmpy2 import powmod,next_prime
from FLAG import flag
import codecs

c = b'Just once,I will accompany you to see the world'
flag = flag.ljust(len(c),'#')
key = strxor(flag.encode(), c)
m = bytes_to_long(key)

p = getPrime(512)
q = next_prime(p)
N = p*q
e = 0x10001

gift = powmod(m, e, N)

print(gift)
print(N)

# gift = 127749242340004016446001520961422059381052911692861305057396462507126566256652316418648339729479729456613704261614569202080544183416817827900318057127539938899577580150210279291202882125162360563285794285643498788533366420857232908632854569967831654923280152015070999912426044356353393293132914925252494215314
# N = 164395171965189899201846744244839588935095288852148507114700855000512464673975991783671493756953831066569435489213778701866548078207835105414442567008315975881952023037557292470005621852113709605286462434049311321175270134326956812936961821511753256992797013020030263567313257339785161436188882721736453384403

解题思路

1
相邻素数分解以及异或解密

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
from Crypto.Util.strxor import strxor
from Crypto.Util.number import isPrime, long_to_bytes
import math

# 给定值
gift = 127749242340004016446001520961422059381052911692861305057396462507126566256652316418648339729479729456613704261614569202080544183416817827900318057127539938899577580150210279291202882125162360563285794285643498788533366420857232908632854569967831654923280152015070999912426044356353393293132914925252494215314
N = 164395171965189899201846744244839588935095288852148507114700855000512464673975991783671493756953831066569435489213778701866548078207835105414442567008315975881952023037557292470005621852113709605286462434049311321175270134326956812936961821511753256992797013020030263567313257339785161436188882721736453384403
e = 0x10001  # 65537
c = b'Just once,I will accompany you to see the world'

# 分解 N (p 和 q 是相邻素数)
t = math.isqrt(N)
p, q = None, None

# 从平方根开始向下搜索因子
for i in range(1000):
    candidate = t - i
    if N % candidate == 0:
        p = candidate
        q = N // p
        break

if p is None or not isPrime(p) or not isPrime(q):
    raise ValueError("无法分解 N")

# 计算私钥参数
phi = (p - 1) * (q - 1)
d = pow(e, -1, phi)

# 解密得到 m
m = pow(gift, d, N)

# 将 m 转换为字节并异或恢复 flag
key = long_to_bytes(m, len(c))
flag_bytes = strxor(key, c)

# 移除填充并打印 flag
flag = flag_bytes.rstrip(b'#').decode()
print(flag)

运行得到

最后flag为

1
moectf{W0w_y02_k5ow_w6at_1s_one_t1m3_pa7}

Signin

题目描述:

1
2
3
4
 
flag格式: moectf{xxxx} ”你这个e取得有问题吧“

”没有“(嘴硬)

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
from Crypto.Util.number import *
from secret import flag
m=bytes_to_long(flag)
p=getPrime(512)
q=getPrime(512)
print('p=',p)
print('q=',q)
n=p*q
e=65537
c=pow(m,e,n)
print('c=',c)
#p= 12408795636519868275579286477747181009018504169827579387457997229774738126230652970860811085539129972962189443268046963335610845404214331426857155412988073
#q= 12190036856294802286447270376342375357864587534233715766210874702670724440751066267168907565322961270655972226761426182258587581206888580394726683112820379
#c= 68960610962019321576894097705679955071402844421318149418040507036722717269530195000135979777852568744281930839319120003106023209276898286482202725287026853925179071583797231099755287410760748104635674307266042492611618076506037004587354018148812584502385622631122387857218023049204722123597067641896169655595

标准rsa,但是直接套板子不行,因为e与phi不互素

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Util.number import *
import gmpy2

p= 12408795636519868275579286477747181009018504169827579387457997229774738126230652970860811085539129972962189443268046963335610845404214331426857155412988073
q= 12190036856294802286447270376342375357864587534233715766210874702670724440751066267168907565322961270655972226761426182258587581206888580394726683112820379
c= 68960610962019321576894097705679955071402844421318149418040507036722717269530195000135979777852568744281930839319120003106023209276898286482202725287026853925179071583797231099755287410760748104635674307266042492611618076506037004587354018148812584502385622631122387857218023049204722123597067641896169655595
e=65537
n = p * q
phi = (p-1)
print(gmpy2.gcd(e,phi))
d = gmpy2.invert(e,phi)
m = pow(c,d,p)
print(long_to_bytes(m))

运行得到

最后flag为

1
moectf{Oh~Now_Y0u_Kn0W_HoW_RsA_W0rkS!}

smooth

题目描述:

1
flag格式: moectf{xxxx} smoooooooth

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
from Crypto.Util.number import sieve_base,isPrime,getPrime
import random
from secret import flag

def get_vulnerable_prime():
    p=2
    while True:
        for i in range(136):
            smallp=random.choice(sieve_base)
            p*=smallp
        if isPrime(p+1):
            return p+1

P=get_vulnerable_prime()
Q=getPrime(2048)
N=P*Q
e=0x10001

for i in range(1,P-1729):
    flag=flag*i%P

c=pow(flag,e,N)
print("c=",hex(c))
print("N=",hex(N))

'''
c= 0x3cc51d09c48948e2485820f6758fb10c7693c236acc527ad563ba8369c50a0bc3f650f39a871ee7ef127950ed916c5f4dc69894e11caf9d178cd7e8f9bf9af77e1c69384cc5444da64022b45636eeb5b7a221792880dd242be2bb99be3ed02c430c2b77d4912bec1619d664e066680910317c2bb0c87fafdf25f0a2400103278f557b8eca51d3b67d61098f1ab68da072bb2810596180afbc81a840cd24efef4d4113235160e725a5af4824dc716d758b3bc792f2458e979398e001b27e44d21682e2ef80ae94e21cd09a12e522ca2e569df72f012fa40341645445c6e68c6233a8a39e5b91eb14b1ccfa61c9bad25e8e3285a22da27cd506ddd63f207517a4e8ede00b104d8806ff4c0e3162c3de69169d7e584952655272b96d39d242bb83019c7eab1ceb0b4b287591e1e0a5b6378e70340a82d3430c5925d215f31fda6d9d0bccea240591b22a3d0f6b5bf4ddf1243d71aca0fd53045c352c8c5497ebcdbd7ac11083d63aba7c053604fda2430c317a4e04702b5ad539e110f101165b21dcd9fdb5ba7324acdba6a506244ce7c911197dfe067441fe7488d164c050f45ef6476aaf399cedde1793cceb8c21d88ec8ecf5e17df27586713d7dd9566ec5023cfef75422b73e2d5a932c661b3cfdf9c4bda12b64380d2be1aa957c3e1416e068937bafe79b8cf303296792388e9c197702e11e7ded6088ae992d352b23a4a27
N= 0xdc77f076092cbe81c44789ccfc1b2ca55eabae65f44cf34382799e8bbb42d4d6c032bd897c21df1da401929d82deb56264823a757f6cacf63e0037146026cbab32ab9e4abc783dcabaac2b7ccc439937be3ab0fbf149524ff29ef0fe6f27e45215d74b40597c70e8207159dc7f542c2a6828500016480053dfc2d8dbf8fcdf6700640184c8f3318f7aab2e17e116edf680592f5eae951159bb8c20cfbd0cbab8b4b95925b5068038d0377a55a4d346ebbf53a1c2943b7c17e1b9d4a1b77916da2e15140b05b96655906942a07d04b7e25fa7521b3b7ae26eda68375a8b8ef2d5b4704a28168b236de97f24a663f0d0a3aeab47767dfe75a21662f5f25ef7f7d4b25c90fd7bcdd7137c23f03b6ea4209f8fb9b4628355e6ad62e6467d26666d3d1b0e6f078c5f3866413a6fcd3c1dc2ff3a5ab286e339d5c72f4d2f0473a4faddcba6b031bb6ec226fd4b319834b5029f09ea0ffeb5b6ed182d5a13675571b6708c38299118043390343e2f79edebd2ae0e0a765a3aebf776f54ca983cdae8547547cfc8430f7222aefa77301d7cc7c03b1451b6603028b21fea869d35138a9c83919985a91b3fdfa934f25a442cc10349b0ed6f2ee3955d40249e8b3fb9f1955534ee06cee41a3ad2d6ff7dbdb0f01e47b9e4d04f65232f5579135ae035e8ba2d1fe6465a730dcc8b9ba3a558ab38f040ea510757d25e92f886c50c24ad967f1
'''
  • p−1 光滑:Pollard‘s p-1 method
  • 威尔逊(Wilson)定理: p 是素数,则 (p−1)!≡−1(modp)

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from gmpy2 import powmod,gcd
from Crypto.Util.number import long_to_bytes,inverse
 
c= 0x3cc51d09c48948e2485820f6758fb10c7693c236acc527ad563ba8369c50a0bc3f650f39a871ee7ef127950ed916c5f4dc69894e11caf9d178cd7e8f9bf9af77e1c69384cc5444da64022b45636eeb5b7a221792880dd242be2bb99be3ed02c430c2b77d4912bec1619d664e066680910317c2bb0c87fafdf25f0a2400103278f557b8eca51d3b67d61098f1ab68da072bb2810596180afbc81a840cd24efef4d4113235160e725a5af4824dc716d758b3bc792f2458e979398e001b27e44d21682e2ef80ae94e21cd09a12e522ca2e569df72f012fa40341645445c6e68c6233a8a39e5b91eb14b1ccfa61c9bad25e8e3285a22da27cd506ddd63f207517a4e8ede00b104d8806ff4c0e3162c3de69169d7e584952655272b96d39d242bb83019c7eab1ceb0b4b287591e1e0a5b6378e70340a82d3430c5925d215f31fda6d9d0bccea240591b22a3d0f6b5bf4ddf1243d71aca0fd53045c352c8c5497ebcdbd7ac11083d63aba7c053604fda2430c317a4e04702b5ad539e110f101165b21dcd9fdb5ba7324acdba6a506244ce7c911197dfe067441fe7488d164c050f45ef6476aaf399cedde1793cceb8c21d88ec8ecf5e17df27586713d7dd9566ec5023cfef75422b73e2d5a932c661b3cfdf9c4bda12b64380d2be1aa957c3e1416e068937bafe79b8cf303296792388e9c197702e11e7ded6088ae992d352b23a4a27
N= 0xdc77f076092cbe81c44789ccfc1b2ca55eabae65f44cf34382799e8bbb42d4d6c032bd897c21df1da401929d82deb56264823a757f6cacf63e0037146026cbab32ab9e4abc783dcabaac2b7ccc439937be3ab0fbf149524ff29ef0fe6f27e45215d74b40597c70e8207159dc7f542c2a6828500016480053dfc2d8dbf8fcdf6700640184c8f3318f7aab2e17e116edf680592f5eae951159bb8c20cfbd0cbab8b4b95925b5068038d0377a55a4d346ebbf53a1c2943b7c17e1b9d4a1b77916da2e15140b05b96655906942a07d04b7e25fa7521b3b7ae26eda68375a8b8ef2d5b4704a28168b236de97f24a663f0d0a3aeab47767dfe75a21662f5f25ef7f7d4b25c90fd7bcdd7137c23f03b6ea4209f8fb9b4628355e6ad62e6467d26666d3d1b0e6f078c5f3866413a6fcd3c1dc2ff3a5ab286e339d5c72f4d2f0473a4faddcba6b031bb6ec226fd4b319834b5029f09ea0ffeb5b6ed182d5a13675571b6708c38299118043390343e2f79edebd2ae0e0a765a3aebf776f54ca983cdae8547547cfc8430f7222aefa77301d7cc7c03b1451b6603028b21fea869d35138a9c83919985a91b3fdfa934f25a442cc10349b0ed6f2ee3955d40249e8b3fb9f1955534ee06cee41a3ad2d6ff7dbdb0f01e47b9e4d04f65232f5579135ae035e8ba2d1fe6465a730dcc8b9ba3a558ab38f040ea510757d25e92f886c50c24ad967f1
 
def p_1_smooth(N):
    a = 2;n = 2
    while True:
        a = powmod(a, n, N)
        res = gcd(a-1, N)
        if res != 1 and res != N:
            return res
        n += 1
 
p=p_1_smooth(N)
q=N//p
phi=(p-1)*(q-1)
d=inverse(0x10001,phi)
m=pow(c,d,N)
 
for i in range(p-1729,p):
    m=m*i%p
m=(-m)%p
 
print(long_to_bytes(int(m)))

运行得到

最后flag为

1
moectf{Charming_primes!_But_Sm0oth_p-1_1s_vu1nerab1e!}

MiniMiniBackPack

题目描述:

1
flag格式: moectf{xxxx} 我的LFSR一定没问题,一定!!!

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
from gmpy2 import *
from Crypto.Util.number import *
import random
from FLAG import flag

def gen_key(size):
    s = 1000
    key = []
    for _ in range(size):
        a = random.randint(s + 1, 2 * s)
        assert a > sum(key)
        key.append(a)
        s += a
    return key


m = bytes_to_long(flag)
L = len(bin(m)[2:])
key = gen_key(L)
c = 0

for i in range(L):
    c += key[i]**(m&1)
    m >>= 1

print(key)
print(c)

背包密码

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from Crypto.Util.number import long_to_bytes

key = [1928, 4648, 12352, 24010, 58760, 148406, 441469, 906294, 2347544, 4145527, 13246047, 33012060, 104677731, 233784625, 398671830, 1138569375, 3847891246, 7151230548, 17442630021, 46416620988, 118857237060, 363519789685, 661956375011, 1712300152639, 4761949150147, 8964540458636, 24746310311237, 62452210349278, 150016895989040, 453927852027278, 948923770773559, 3275343477577565, 5756783232753127, 13616706687879089, 26402320025439836, 91814578040763059, 211796919962932717, 385545413311588646, 742071895214889791, 2137385737378343660, 5820500440463297078, 15401185997444609852, 49206779920875282228, 101148479344021765606, 205390946600728256099, 593695571211967641654, 1163476540184124239753, 3920275177926640702128, 11188401781366603668803, 26452211702098700985776, 56612547941955968739356, 176511950177344415872304, 350456159524844834233165, 932655004294881661656249, 3077731648705646793828507, 9127653332576335535543235, 14107124912327219069005253, 53639235705342264540097281, 139903414487199921597126219, 377113327325865137005647964, 797007439689940464465071770, 2456373221352926158802602905, 4997725491122440484756502995, 17601885978368777637676626066, 27945705300453872028061217316, 70259455336271034962808380541, 241339934663279791843376677893, 565927167417896365819102921696, 1498269591024734505946670540129, 4476165672138335294342834148717, 8246962867693878472370951037335, 29609522845816295639745215494800, 71952214344473760246502727717474, 169361817288205588754741757159731, 390045301314759178244461824288458, 1337540279161737220902909199776611, 3221480198479784802709388960779700, 9670513515504338974817616478456700, 16261746247432868145400788404115430, 53594268392537203440232335914792279, 142627442102890550431018293710429426, 249683635647920776857130562696997561, 689878480570146636843962995034183967, 1647889244922264517646376201060969417, 4362391204795633804803911898013660682, 11983025462449787764688227594361812707, 19474005190319410527122673327870913310, 40950423948271412394664153066384954054, 139255978428478610787399242087880835737, 382133188700471370531564036246745271608, 618340037056166043673108074267387394368, 1728641328632513907826054966389623526131, 4246454964077064700888723109771772689322, 7526932088676669848792644586429545161503, 14761773428394206759829134632198244970685, 42336665776969730227150513015344171877811, 73191053942159553542196382411683917861300, 211549032502894704558541919050681697675397, 554709644259380577558971870420849574372151, 1251152425154260246544953154540513290303621, 2818798972367329802956936052623797403793942, 7638358444068983298092603686815486790113890, 24695143882440275994689721479314417528417480, 45729327569890326278523663568847218262894959, 129925286147414817076637512089880305727457533, 357058960265822950281886346091988882031910760, 870811282376277097902073516532006850342152858, 2399129617319427629796691807338852665469337085, 7522497498897836117435156411281203259743818186, 17703808279261898891912155690137638994014567408, 39174398341780347981624886777838524967209728446, 71626422074785376430650030090797947505033373583, 189453667691364649027951065496599754814571374684, 437295033677960022667168340703719574179513440159, 1105022320374390979035499970036715293235993540826, 2482140894382786914874701298953446381142900730227, 7941406921570365260066022237661009338911386179194, 13688077798315662160188528865690475378175919829521, 40118424472696130315297350323559766967889857978364, 105189379969045772302352882060687514329245824860122, 199293659238948607716187263853532082285127398693261, 499536111913922039437392654679505181047127518386152, 1265716378918935998920835568757397506132677689873802, 4251975766094131691018482661130820129953060977929504, 11152957210935036994690757763894857926461579995709364, 29243034751011001056721898400833781278921232465896703, 83127804731558215656517415813913013712630964732885793, 197287313991484123623412111326147421339126168589781103, 580348074469542880297800575176456597744257638809118170, 952848219059546044449261356813174361415872857630315510, 2114745453546299027601967135831843941629758587200332803, 6732303576367127091793491258707612535996916865106486930, 17969751578033370972927234837249484835783104974373526668, 50353964851880252824761483078317672020552394668185625845, 114792749147200000567884552573247130055515068451479473326, 344881289580954366545252182642967036273037618565165401985, 1028830458186445450162354520820201527695218769577051320473, 2074905233540761021629273629118215092544205899770047449244, 6827824489946353955926387525605200460781082737913381690336, 13024891552715019198360589788142658101822141014082307429749, 25961005268769363699702206141880105110265708699262059458918, 75403822308341240881775753922079349096463802345797378834029, 237384123451169596772029918832412849807327730438354057322622, 712646240930595428776240903619042913605109976371239636231758, 1858677703618066892165605509033944664007520745899837556768895, 4139395606166311238767981220233801698454319610253778363314838, 11051661045091733320416016319660914967058929654228453865287281, 29811585925705783247773137027702029276636378622129036803066195, 90685056735716951430085719312184849024248295771954003433442472, 157500945846011120649342030924242308092488581060888955520117740, 372901626023221848769914983494185928870895559258054416488096811, 768231028240804910809905945806694160784354754863882766743917789, 2779285901235347349512412519384436770411460171816095983145397440, 6374104945628711471675855561257403169698347988699930709009388571, 15606620797895735826222569176215400049549335070727802852935792508, 36407286542538484153926148252126040596266900628856973721204544487, 124345134443495254231144676818478910782759198180390061540449975329, 247113740493284619019931820393865652802499920117478290621711932786, 546250851448819627474782890078865878619982888424175090054606739349, 1708592433038733956978819431107564666115535756847903016488985258178, 3469784692808773680977989909012383598601318450115335667599446101916, 10923256812598128494335226092601900716551326610194937277684839542369, 21012491338240214838754959441277560200420746284908398093641375760080, 60889459302270258776558311240916612146241213106331686794170240374762, 163976015330661921425351604828688078789049035481531041973974028089785, 289037863251569623683823097040957275672420698243074506420157297827331, 757077203699594125515581476518783513279367742304415416466493229482750, 2419895647396662523171144180707701121877346566438572088091207837906226, 7355085337963583789485765997525070376210546183075717620390510384848601, 15051216064674860618341980616144084279926804604562228123313569479773613, 27941489504573067317849352242679271094163397351402254909630669501407776, 101620497919142332166787423172023060084593540312322612628746436809445674, 226881723516906947900548874100926330355595061853588440070446478001634192, 436083549067326238210237926429619818583468595956103126733614121273925302, 1114300762650958326100809843235006795980444078921364112608090634574957344, 2067630703150668695099956606446000647289440828791043320265352802856027353, 6184858091099126482135322120120464262653454412363734887325664168742191917, 20198724557091875844715800016163838909724718285368458520056089111628596330, 31016012035612935043240048944310566375654982913771972602093586083253422398, 120517928868495613278649932692310155587627278645665690072538147101563551766, 189853493819940791022006359464978248211780374156959402302888328075135559122, 709261139869078187523368280811328692680117587337216655356117972203528916551, 1494450926662311226674274795483402016068321469408932952124223720040234068030, 4833201522454078687541173754025375255160393643329610440001807389162022858137, 13065426763007211443646416727098859879614516619696845038342383829309179073982, 31498041121702214861734489217437935540479379421202405303460486717862084301294, 59291071262486212405215961522173655254987660557013973769285757104149711757459, 137325620971003240316895273046089454057536316983680621619104742603734626157973, 322033994335205758184753941417891767592538862759074152575171260357782006734442, 820082783566832754339608163235147685713597507674476057203654315048011026367219, 2282651344288337092906883083740075053173109353137863831730238422975306417325757, 5445119536937019732153059574137765564679350539463171899410036275958492350218676, 15640432491440562916581632653853505713511238255286321934711250830601955403677071, 41106883032429969859399906487019322357415120653637758039703350990320596875155176, 103754830954744065029443848605781937050053754534445990149281507972325774765844876, 234666834709268927734887936099822319961738129376455664521947726208265410000264742, 796501101363737180381507228150305361162624877853273443755457607681031102231623307, 1624552917282803716066319956956102765638808948119862597393339135995911391379123522, 4643272637840339310515026952678388354699825180379372281574901801196876030063101974, 12698618143562269391895747140398377495554004174836256597996901873500325652914287227, 35723733467261031422647885542793080310475947027099953899906182407397300154268828906, 66579759042299327879621766658030061118334921216187867761491910504181344451238684350, 239558348723378720363003224968080360385965369779814655734270075126998161979921905000, 674426340811237207208953232785934391016215462902095720638324651170969997400637801355, 1698823780061918718547756106555041994312203433347013142428193591099315938666752495147, 3485698669992831956608280816819201625859973318902236645999324294867314338271763576226, 11913442231481393917536601792582866930393303587594985248503741285895455503031416467367, 23070531945625150855016941245865388154950147453856685413887739256847410892916751249842, 63062109298026246794043518591814177894498277952179449322185515920851203385563000039545, 201500456854818387020432137947274011145636992031847792130877996231861744196691929847748, 386293027342088096708767070123592359264038177654678967794307420131436089009234887958085, 962652147623483170628478119235555226505070396879489339105090935822447174750045231232478, 3035935960793431917350036879195567655285637476975406683996240225461808984868014791791433, 6208746117115824715018162711918248788514776556569667609833722045497831346028332955531410, 11762322147658744239353552479176647603950873433079903790516674882105043434830328826675415, 22679200582127225664793559521091332878355319644677462980823198911465583443269858630893253, 73929710933006149888049977928677968518055319247626886667227984506656971966999436923186972, 122524349818395517581134493004049791722607446965559017459380345881157453828660236992049404, 412926833511789222428174650284405691872834629858851326844087117202853421601692502254318141, 1029385129423499530322969843276842783066057615497035785381633948646265964471244991407283657, 2374019900827890887681448469648598056064267661046120767421848772396302513783495423644064007, 7129046282305997419886465925038724574815350866486395082327924571694995543004421437396685163, 15553684426659575255143733092646126163883808844830770798803864550707886694317293166976752540, 36868510946091898479948303208447807989049331965479662439764899809218618486185846045349542501, 92245655628350120221629636214996850938258802134676165059052497372214318974743615511153118145, 186463470334970062582820387784350511557982560369498424617823476509363037536450250866616200018, 572967521502291777355369990006837729815084981232789335148124013079835565379339449250907380488, 1481745249132912511970258586968019679134485717661841452421417313959912906838055641721186578588, 3465571259266031075485176569236690543411907657240139447438094553546637617425088900258756309108, 8435925081032968505659480326132770316717891729208893135134645312992136104713045209348571379936, 20315655322325100095226141940419414017723560946817780337100296517956534785685937181001107745352, 43069115966613244938070771746304575880400024938295357246717079316564326270692925649165248799853, 154233412749662382894550506472683312102297703424057840129476320316144010040200771168572376219849, 352877164586305833533208196782157198192758667776588081344657867110512140773408077435261431699405, 731939874265903145518316019567169287035472945759023530855697163432627661288949769619402453516834, 2189452024672949178210645600969378516255080271308334836448144354429705327344143994347331957449853, 3896543605375761834186485166037278157701213968430616464967138263870727947226180820650265115757354, 9136364061744114854751740581900554472617621867814569413142650998411332183920873701211555172374338, 31182169589957210510416755511542482029989997938097777712995732237583051643250531461221140115798313, 76737932310662322563271317876920472434982416417386459109415811734811165935978744596464401289256365, 191657687539432627521287232027340814340762593718642860136243059179657356411665753239917046107562015, 530361069831754440835688500919172905456422674539149906219439563860239029311496751350136915275150864, 1387792997020024308183922178096461451972294935906886419345639014544739179094711431002567439046777688, 2286383934503119795216122706571707851067263586234080042542833733216757155431244141022301236049602882, 5217435832596475959525740735112831333306893965389666926215938837589313774349496690036610287629333005, 13857335145208908258169891019385567845284268412333112678215001155302498425490658878264656236992134935, 40163901018471004896425196956916864061977023091787666532481831101052032374062940939516719648018676594, 82892214529323438899501402117098988403652889186148588453800977258361448264060748670322604495661134167, 178956544188555415155972101504345380390695957167910254018903325710948594375512551321503428603501757891, 563888574268395325287659273510106617675959539240732287901035847602904779682730930207201257182213858543, 1616044303623257921514683914498983737627603891472634935907943748930280908786049272784565904600012939098, 2891229181345915888829785513242002484495784340354174828728993457272687483459059048534538302181816688976, 10207730272860940549823879515425309207636840459300447491903147067853625202918689426829904372421061677895, 17526621515916394607402562632381069779604072768221581075247386337947979364802058499395942689207299830365, 55864742839796343168209200305202648507682753148596246337408494037308856790224259497580631081634646188041, 165332196033938201434627346583990806851682965862702414330472648748014088812475559273855488926778988149883, 494729626554411141427744566730794748483202977845760867859438479405205853778032755546761473203576297889449, 773241724058457908926664671814549280391747757602041708672622636112281590651589333985868232639345426359863, 2643090721830219937871980242863893762864524580138013585975903383984399727700467749841537295988160882592554, 7602742125929529736410459828760559621377824926000865839917497433361558637433229365703421216832254559844712, 20298012813427893859751095024917906619591438637592000480476880613738608994530228331797315397345124353458048, 57138113294488937158388285440237932686091901290656714986248760196665994518443306993120321953623611701468826, 156180826248086652580528603931836069088833849466705801833826561589537926864487694377480227882717998855358198, 405091254840842081029125739284610173825182926000756067214428354197290398676973286834323853061720032954965963, 778366116109730017138034746329928058267161795656720444904686750506814152375884477590166274857108289313593118, 1796005150394618766778725965351985496132876507371048438760920669904977557456986675227521156526604287512648264, 3898444018773054695814825596014017751795964177961572987153324103751602074848254485225397417397654262390321944, 10703462078231223004197739814155717950000211259146027443753796966491790618726938276000128782966812980398530204, 18372321975824831177753464245580317968933119357879255869022769977852558056854497414886761863892673585456643891, 48317491803925955550053615386786484989034506042840366819980397407568791721238179125455458641299301269848666510, 158255568588301663954187011445643163738485858122034088577201324726783893231449209827193255340005164973552974453, 456823552578369748946561710072366945172148623875999657195033140013027572670231347304984109456384691884394301596, 707160118481884894551388234729179730915972581073118662214623842056893684770640844231508665861861467073743805665, 2706927376520605764276007802932993151885010075033345167172586198244735154579188535970342536626727165782495180134, 5524495123704893916572931697399108221354633312984253879509446961783982258828184219735409076305664075360213376822, 11902801828947547843316856179728603283371324186706149334180029898787026360919748804787239985463725865632928552507, 42817758358028425898228144386760814695029076486689089958556088081002352872886441780712721026897632438300836110665, 85341298053933033277929612803230545434450389443924565926372394273668666803233325131592974981823970679666528469082, 203545487666526735282497187348232067937848828434866343193810463204944901878674073018178572958556722616056919932826, 404490991972927610287798222030298357859147323959244483279529298622268125169109324278915340735214314234862449055448, 1015889532249910731454157235904076803563143859066636167138222193683905683535906365566683356226160720652109370999321, 2376026683785110886914732723263521678018967831673326233555377196140833492114241003132626058539164015299593970425136, 6462912523501528306439979574464826777892245783057732634021629306276087967421373795532316029843905278328516884883058, 16981441701453104471733297233747957918575727289870879189918428405182537334140409929337675754279869961515500536636176, 37605582989982272328044312175947277729400907856460324692248887357599456103017970584086153023793040540391945445989257, 91747039052675678105959960961981861389020215173307703983752122608163760292472703277085998681706298344337891404847646, 197976695213061406953734629818998754281337862490966315225432914015679415715157795368611025598068494075696354180224057, 407579734020903728451591407903624856111929215373480871243621182164970838186438777218257932637652562832905518769398262, 1192695842629740666007709455549699909835266353292608841275812622248241416280954865990629770667881078271433918923422731, 2356450454926316659685731978750584215969826513728852376452662114206102092287531644004469937748823746129670826796883901, 6606194810680818911726753398369719656427756109429906495763748359459974583720214056977960616895121295259675484772228900, 21238856384108665139068993634246013308212000660518883089302921531246892139968871926076965355331061987385136533519279525, 60431698017667972588320134967121949330864812114211557015977441929363675768812209839204671181454067749535515855713156763, 174665868422753780275604141699079697885219220210916384980421958910804651659162534153721798589901082858559767609552079345, 394230935137659132182806278870718863867754651145064639278806591391259891710009233085853984826856234290081395609225890238, 938316178783979725028510016300351906317832877618969965871296642973988528249289624189564279188734089982984293864940639663, 1690300816950917856165481180579373059665398098127346945618427499442023814975741786872721941536175836912500050716899314350, 4241040212750921734662543578806315663721700243000974307468609317605794291246764526126048318503818177838783905309400289117, 9899615703109749398438558898664002269482804539466079984631091253252047080143600618559486614511675282173378128689947106499, 19072918764217687057379877185516040357999863490449836492311841376572022870447983721729056895047026984202403660270528351362, 61457030295636043956746238914591148777316757448303861396901131680368800892725607851722251866187547310356464672462006792936, 130554685050076234706409249768453974245979757597714789262984612467812333642313018653001831006709360179701213479970689476759, 317707441009141362433020809851971219097475768762476580041791647909345575364794752462683617015215387354639266789655705355159, 766407353781281024676870262720057676902122989643223864583232810528888853102644816087185770633710024110065414129660560848818, 1378158372668635043591303404733183053913783647791091758022520799715774445178343987469574552089574912051263356050601448829569, 2849814783153826557775488037652012659704609417837692209372285071574038848736100379264094051217084360358380745456795092662367, 7761768442678261726960193678894950205212069061687767898603990098871593859918952089239031086652597614705182760193814143657094, 25797856998139398890116390239859835084629679432044893266362900315705828350899796936954893678013444560821963770721738841492762, 45230528787260219469707111504991583088449246785732739036848497764369166856369435663350796527642874763730890628636593210838634, 125595007654406839330037705158661517651788635482067500225344073216015649944944879970130124750959631685921435054581613709164822, 338747508849935686599681561847193572302329804892368313208731993174039023400358858978202514407262943107662339259004212857955666, 927842701337787263386928773903441275979399427379662460065544246411463087320044839262987027337743305220579800532826965270689250, 1974283905173053393614664395812743602970084360210384412934832566684934360366297764438728189449912704403685566054487439810857627, 6547791381850377804871914819409383329722364771877581519586671693693630274474320389311984387956647850854999536112540018330183809, 15709320907036538202306551117984227990557852089499582468594623629463507925701405510011304643762744267804282547349971254508845938, 40270138688478461945314017148044972001708543125646521974155404640273555509873235113536988809551924038925428913961013964565197607, 99168179703900580858922903603323807687115252977021819828415602208147447841271397891925410158445036111494543958823713690209285369, 269868178430265744761277563499719925184037917272176039027995896214226177897366881562687640385414521231482816048831046030643750903, 831659192392583336646613887566957000280656975320208034953861277421104038936580189145699653541798336705409469145595542460062434471, 2073476643694212471632333653958562004434818366225131771845046659755589302151344899589183197864077374128293181680576229954100550419, 4554149306780266313933686119966338774145476827044906188542821462680791576860383095025724314895890630857897398967476576259995321191, 14651118307465336327922062019691151414683570292038775511915021602908118951591926995520466221396947959539039452124967851254379010308, 32590352694473324794187157416677986187287003972605121693147144070229453983956761041980924463747749024664597601177994952136065984811, 81134631049823241301269776481475653931802229294857541846620286653857647735078830230944498091871440739749676625155855958593920070814, 185677119342066492911752180414903294080590111905381979357926969960006994207482364686831869137669282514024709390338951171955152686319, 611640161419871188028819133410469586343996954403636969815202842657504592966769167857498786484339404586484056783483882604337795700345, 1665805557476802274778809527131744615949426833045219219448282924298718975882034660815478936907356513550130652021165488275923832785881]
c = 2396891354790728703114360139080949406724802115971958909288237002299944566663978116795388053104330363637753770349706301118152757502162

n = len(key)
flag = ''
for i in range(n - 1, -1, -1):
    print(i)
    if c >= key[i]:
        flag += '1'
        c -= key[i]
    else:
        flag += '0'
        c -= 1

flag = int(flag, 2)
print(long_to_bytes(flag))

运行得到

最后flag为

1
moectf{Co#gRa7u1at1o^s_yOu_c6n_d3c0de_1t}

Weird_E_Revenge

题目描述:

1
flag格式: moectf{xxxx} “你为什么执迷不悟?”

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
from Crypto.Util.number import *
import random
from secret import flag
table='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
pad=100-len(flag)
for i in range(pad):
    flag+=random.choice(table).encode()
e=343284449
m=bytes_to_long(flag)
assert m>(1<<512)
assert m<(1<<1024) 
p=getPrime(512)
q=getPrime(512)
r=getPrime(512)
print('p=',p)
print('q=',q)
print('r=',r)
n1=p*q
n2=q*r
c1=pow(m,e,n1)
c2=pow(m,e,n2)
print('c1=',c1)
print('c2=',c2)
#p= 11820891196647569262137841192985418014377132106496147254821784946481523526822939129065042819464351666077658751406165276121125571355594004514547517855730743
#q= 10450390015864176713581330969519712299844487112687677452105216477861582967322473997670559995588440097951786576039009337782247912476227937589298529580432797
#r= 9484954066160968219229920429258150817546418633451929876581842443665029377287119340232501682142185708534413073877473741393278935479791561681402673403009771
#c1= 69574855207460025252857869494766338442370688922127811393280455950372371842144946699073877876005649281006116543528211809466226185922844601714337317797534664683681334132261584497953105754257846471069875622054326463757746293958069752489458646460121725019594141157667480846709081917530190233900184428943585065316
#c2= 66183492015178047844987766781469734325646160179923242098082430373061510938987908656007752256556018402101435698352339429316390909525615464024332856855411414576031970267795270882896721069952171988506477519737923165566896609181813523905810373359029413963666924039857159685161563252396502381297700252749204993228

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from Crypto.Util.number import *
from gmpy2 import *

p= 11820891196647569262137841192985418014377132106496147254821784946481523526822939129065042819464351666077658751406165276121125571355594004514547517855730743
q= 10450390015864176713581330969519712299844487112687677452105216477861582967322473997670559995588440097951786576039009337782247912476227937589298529580432797
r= 9484954066160968219229920429258150817546418633451929876581842443665029377287119340232501682142185708534413073877473741393278935479791561681402673403009771
c1= 69574855207460025252857869494766338442370688922127811393280455950372371842144946699073877876005649281006116543528211809466226185922844601714337317797534664683681334132261584497953105754257846471069875622054326463757746293958069752489458646460121725019594141157667480846709081917530190233900184428943585065316
e=343284449
c2= 66183492015178047844987766781469734325646160179923242098082430373061510938987908656007752256556018402101435698352339429316390909525615464024332856855411414576031970267795270882896721069952171988506477519737923165566896609181813523905810373359029413963666924039857159685161563252396502381297700252749204993228
n1 = p*q
n2 = q*r

print(gcd(e,(p-1)))
print(gcd(e,(q-1)))
print(gcd(e,(r-1)))

dp=invert(e,p-1)
dr=invert(e,r-1)

mp=pow(c1,dp,p)
mr=pow(c2,dr,r)
m = CRT_list([int(mp),int(mr)],[p,r])
print(long_to_bytes(m))

运行得到

最后flag为

1
moectf{Th1s_iS_Chinese_rEm41nDeR_The0rEm_CRT!}

ez_cbc

题目描述:

1
flag格式: moectf{xxxx} 这个分组加密(块密码)看起来好简单啊!可是我Key在哪呢?

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from Crypto.Util.number import *
import random
from secret import flag

IV = bytes_to_long(b'cbc!') 
K = random.randrange(1,1<<30)

assert flag[:7] == b'moectf{'
assert flag[-1:] == b'}'

block_length = 4
flag = flag + ((block_length - len(flag) % block_length) % block_length) * b'\x00'
plain_block = [flag[block_length * i: block_length * (i + 1)] for i in range(len(flag) // block_length)]

c = []
c0 = (IV ^ bytes_to_long(plain_block[0])) ^ K
c.append(c0)

for i in range(len(plain_block)-1):
    c.append(c[i] ^ bytes_to_long(plain_block[i+1]) ^ K)

print(c)

'''
[748044282, 2053864743, 734492413, 675117672, 1691099828, 1729574447, 1691102180, 657669994, 1741780405, 842228028, 1909206003, 1797919307]
'''

分组加密、采用CBC的分组模式

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# 自定义字节转长整型函数
def bytes_to_long(data):
    return int.from_bytes(data, 'big')

# 自定义长整型转字节函数
def long_to_bytes(n, size=4):
    return n.to_bytes(size, 'big')

# 给定参数
IV = bytes_to_long(b'cbc!')
c_list = [748044282, 2053864743, 734492413, 675117672, 1691099828, 
          1729574447, 1691102180, 657669994, 1741780405, 842228028, 
          1909206003, 1797919307]

# 已知第一个明文块 "moec" (moectf的开头)
P0 = bytes_to_long(b'moec')

# 计算密钥 K
K = c_list[0] ^ (IV ^ P0)

# 存储所有明文块
plain_blocks = [P0]

# 解密后续块:P_i = c_{i-1} ^ c_i ^ K
for i in range(1, len(c_list)):
    P_i = c_list[i-1] ^ c_list[i] ^ K
    plain_blocks.append(P_i)

# 将所有块转换为字节
flag_bytes = b''
for block in plain_blocks:
    # 每个块固定4字节长度
    flag_bytes += long_to_bytes(block)

# 移除填充的零字节并转换为字符串
flag = flag_bytes.rstrip(b'\x00').decode()

print("解密后的flag:", flag)

运行得到

最后flag为

1
moectf{es72b!a5-njad!@-#!@$sad-6bysgwy-1adsw8}

入门指北

题目描述:

1
https://github.com/XDSEC/MoeCTF_2022

运行文档里脚本得到flag

最后flag为

1
moectf{Welc0me_t0_fascinating_crypto_w0rld}

knapsack

题目描述:

1
https://github.com/XDSEC/MoeCTF_2022

背包密码

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
M=[8639902583677674310880931793028177280541434011292290504202065853840987502967193292082744312615700434593144813157877283996511132107220470301049233647133408049028266415548603044821875100911736779016733764651538561081471760073024901013269329030282540268057926893298880605006783804814169640893918174416684396473085843437738560093104518378524427428449369031845530695254533729875357632791209728472396631069254545688073527219830, 16412795671399200780410369416718200126247920664621109172347415680005387903489020995450209711828570735415943889363228088231729204296365628434015660102046415392160980472272559259705186844881452797719608700810640858964540124307963570631307965212179112567625375169247224532541645290209536697657292517320097861498807160219866672156203488965096062697707956833540149569006121676793811420684019155246005879602727894940460106460425, 1002483078449652086908127901165742700721575695431977944228135611564705696962544084765706920800603400348407970043674673111909948831677555786509139726134228930151292393556003965787320346201469741608940033259208434513230462286500445047749412928990508135782414968218031136356601029216877376563453734566125800306022631214791796995657970239075130824719419551039046131552320134110768030600558391775291997167887552475043961982479, 2238951719129102684908508004589371017508128103247447515477314623396874326632900138922634752384371309915247686376088188378411136513128697780426310438781294619639028237392912133929126286576611773410531662546965371159839695457500259703379712133530424987700108668317058486891872074268472615506849525949557819649248663298510166491366824248526632970988729421252090737838283604158996925358054184183912031175441649168801364477497, 5634843816732445026126467098373466021485769627903521660842347695720253281030482413552009914416263510962518645905534351024856098851613741584157560289954680322367708989388356896291579138242423737071936969416183795417059233168737593374557100712180960324956368186029307481493787661489262846069411165605826200576757012590288649575515313112890878467873797655979953750167348022896037285417957167761342222784479775154484055454300, 9186610770346409723100374171388664935178707704940676612563986340255427150913228007547473624373722376412452006509593871272640178049654772086095028603022475485769195013987324300619058730137213629241547292874688026607272301254060765768412491266856867815505612614998943264567979641302858974943094758843838673682824294909500855339786155131092900834359374160001259207411314769180927212657053081774058447428598226306560920557103, 20086923313584400496691602764043099251746628122644779399842432220366854165950153096939613947370676658491693142658541069764999486380151371297168776865169982649753241182524436613459151210953276528861607793419032177588079933942873702274888793149133043040881921816738144320494857431431348403935934220691400258374550028362585563810770890511960106477474196749665991783492371663595335417853709562030925255330540927197410589197346, 16344638306391326377686133680466529244247158645077173788183670515669569922257628136592428719458630174158247262608062501473710159252996556402841773688479781261071952868217032789112171578864311013133034166125522508960509753908661140291243310989744814838516658654858087285501428760026897645388510723360904014743591560741892432193065079183777716928931428528657537811530112798506687040813493577134938597056885544404165334440417, 2612829152363810360381140114448267548309487113451765642875771138774557011657898432249330366979748000196797448616557121603054240633550483300886876115997009072175661113374511516053173148943538562172144361976376460500609759755722891157667525246977951372954709581129289399522608993482768996162810200357621658110354562179066558050350148834136898974813148680250028733112017355078329753267780915289394014243208598474729032384564, 19064240755529577125292283074595989361230925740751604828791433834485710855856801533155956923513647433086102471927289219051556692578080054437968339223710189223092053257138547582773966036253443266822181812437558595870339679800887565183836282812813501470568462858382546100456455622835475204306486289729917538078517665215080886364990781487301918217104266484901312499340347150623781762028474648151175735340611348792151618766861, 3702565937757268048976391733125277066442618380743768416638899741455818391864276934809663789147326816784849214974228391513975011092043466189181524135072744668991818700123641118048186561731463987428008289526424894229838318750539451785156527758792285754054388512341416769819020768917817009268720412709209493639300206208469077070001276757631341988430056132551557700579907926834862070107929804804811568088452140366936341777345, 11502581665457615587254363930374727534860957412318365767186339391962456747857398825121846821211261108113447361990519412493867120624842707484788658261017505214188933491782380457717248447441244784000616729072274616859314952832500266181433915883265604874701734571473682998617103861022495595430816700108408197717973513190148901952092370293707843130828467727037293783684148539875615050978469354573967054299566840777623355696582, 10073083484226771776559359501269382896512475376861352563707048944846887937508361476948371289888897049589767849211355238137412974054578287303103882003280146530845186837491695691790335230428734898979480016209102240902149523701595231852831084035640546876424433409207622149923419358639246084622889479686948602188084403074936426671633324202401473825907348902812619313043234644293320117923314933945154795101196969895143521199483, 18992409093137046378732842744306503603860785524225852139724096390190053840935906726926035874997131679911084133508187235324077341016070148447808448470772128318056137717495126904574038547394615807743718419710808943840981025768473805273816544440631835254252102209159686821504850348775772310988837820388009691813555637320221225893184839014117064201469792554472415820296766165441072313200265279873167507641917097468147741179316, 12008203894395308866804419286918131211163695386800382803649167279012655799569753801988115828424417187344919188165247175430808022391086771474851545255339167112615263516693822036949280138705995693945006477452686019283850377188419366812168825267599287239756656176060444742334708935226087327402356564944368424241454091730626764098428899236088185072241508877992009374541429500266147060644167717198271648252572069852366770066941, 4038832885441543178685778998777010366178385846540652554740976864087276470059402915973964964623701441198410064422128360212066090056314261540125817743157487504771683739028804039509503547125770628097134761153720275162291365442343531369529592717402946253265532741567152583164953954964898610320442871432658088455178094417777512351495473972183676615716829056159421852585171139955117355872271110823592402383029525931751267792629, 19670194103573995335546778884365243181264524353822662897934014963532181109426494031783122562547168306646340318701174006591358124967291240381472860805618047808677531825042365670594937665873102378022268329092094697067984029740301822623602184731823873558795434660094128877563657141012814479754588351209580370149201870079338556937517586419874603443731575388938047952534772975732556105736933783615623583780757885995121940503338, 448587250547880364312998824100142781832002491807797554233277109625321555526950425023215743109760909527612986436313497543133603769113094218925472945334223939771684911674114594383329812680099071618542069490401164113149299269806494788678936049434267166672312670105320059285800764845917405038243022972683567686862055442132133699091060023879225704166728623235301057086116134392930454897470872517830183804157659700625445889830, 10930161231241723347656392354185186093279947414736961273749133046917264525983266922573827501912949183911557744485967859327719400057117437345731516339396700486673896394578991271601789139805337761538463364911028532947314087595485794633342964066494181066852782300122468958298766435768883484054954993425768743684068334128908076033268101822190508581559994522635605495674677985961570352022867982948658497701704571958572471959037, 8912625957861947176692856854564685913647250060559881612290601882706188054788510505473405766899729572895845562443591906130010557402952386484482517393552180643811875543260186615419673392566496124447912269542460226666482647910551668827648093182498966897648613164572222270243359702963101177490336287533554365928047224202986800381789195759761436787301775857956490336462761874360038594427862527456596260884381704781454223633779, 2306551289216069191130454513919221829895901755421732012054334929893242554080663470365833623647910595823559794161380381203244457273338204281828065815403836409342993408047475650247775548054870518506855112285782988053629107469383261669351486184529190835182475578503456288807168306057143062378581633799682759776120760924076418979302287358897599267369532373529226015751378954828919709070562305354324298101375251784620884529050, 4255339440978927655211913099708439239541744749715858205450532296135993491711072531673546488130525220452788120740747243665720666392815530093014478271039742032112194171931906319993753445172382189426854066713529003995100528854075591430543823563496149091625019122021620407298536429119275536878732816760877148779834810333996516623906435500182034146675214175983106767418866525349482073016790959017939121229158782423051437153215, 9873893139520117327959006627839041532640596084122498183275311439807583416537326867898240112497398037831103133225780536794667751621338906594306093907094491162973280124466357134326208711961138712559043474881854410281347249860558412201637927695809309506382983697195652836773807770471078146063769391274295604089026631661057995193996447578694999955394342030970191038699379802329038272700169720344712485611198818958034826301237, 4765089917604817672113377465925141955529222421516223531063923657154702433478270434880545390917216534893263025759911541042026110573924335888049100333952299835341171480017258706209901577677469866704411013270064823075970967687971507570610839591584275076452847872481076324238205066797040752210320592563122318631044755701635637739646416025765614160810641418286841779812770371444583299208365194975180768006212895673072116522386, 6112224947687945480280239711320637787918908433138683424770734756570826229243307796646495301320885785370269249822669591195293264920047304899609677414526321546201923169183273630074677571673196655278790073365810828842079110549121344560176457524241399552011885247148188807289668163473493287160336470378903648449586092642655607573691920693404111756416187219108551575656506522734845257486376035264495521946081148938719828033544, 195388411930456292659004793034783822168552894119815825793239515251988057168890947473241809393054966668062312553975721264016843250888334146134794233076452609281861146295329070151936139818953601652277333969475084082043879066015009690415217938561659533862830515140741722462773302261048996453107340978194386484615281173964478851257661832707168812221430391245333553374969697275213417090199524308016415986232808953337791233555, 1244720792234771369080092658020249943250558558858543228087410218998345534662117779763183654722069027909843499722901164419943926229796467885376166352837320116084647482129514330031374427777713274658505472735592998618829380710477875259621314494025610959270630909513767438377166574595122721020642680480636508393782145457915510494406492704624711370382819548311152206515088909451187140041316879980487624305109667331613444702397, 17420521136158610155456592286731848541982479314642855401677490675166753515234198487007423812022874870146225072931804869494964153944097179858754058711975536064958198128181259089930184414024073207404745484941865020376185583612084575830698697473861393413223317543665696780708006419160734997175211056844409117770896148029948413413830070992404759100435183372428243532877202421584255843340950511372816896926816072148853459897597, 706903708472011058848699822306335654841601117402541259992980291382595513869156934281756720925440180372041334909766487263157124536984532709278378467802794655209393786719712770166975275570907988257884089016583036566222245762906544594817287350363157701978129672388011595734906479201562800232080436561292648589995413689187423799267922779667354879432847963481081819133273312642100271608294867632390722051556035070483171016618, 13588117928036525396131036929216722140727623626773457297456804642287761920269285941755714752389926502053635244735082938908723844163590227890370507021161665584070634134943166185409041414310104540858882424783436357851264149321701932666540464732095496709151056094385506784810633450577104530541976191745761226361392054647950122452702677055536328206478865891505902190711023934956429659436170984452323755148142827783946983689170, 13035612161448099569620637080527976769991099967659035134135726157510271293484224205316460392491491142810512547489719500384339641597134042306613279002050232752593558311676343579221779534892019944116141753798217189420843176613961166129335180457416469246554334190776482345258322812060613256769751208473952032112714346919765236132411088975889482598477817665407310561133545838921580753339246754910148949146829091161220277523800, 5061468190653798738267114315103277995240484866758940466674688031109170357205008555147400605884432466490013550324043153140916286904706720594942806466313925952519739861008671389738724448491617803723488014434597761423015360791986220671348427679576702646137192962379221866734759953356438405870464423279037434471697115717040170596343588013833231257338815360451128669119488799203334539631159855944659628348586189260831916846349, 310519211081224360436038529767369886079208063233638857045321280938913013264485831500988519083286823510448024911412774486006384354093058665586412478745091555621093880910291350060806527846380258780481452221805321697545098807534406639559969270790330318763674434212070131506363658570473180232691446781542261978745471405470147422634838558227017494138965139937056188221867200916092073501864711946128579149564779783995131812764, 7765454929386860718098457667571027065776365809087712130247806423210057380994819419379356255913567513855445325193098721224960552359712259673134202556374845746328084939006183410638772980553376342740123581295433206004604779839814416843588103144731533226288767681739309033321761816241055963854560413354103299523850186399263379947122808750960631330918177463573091711382789330104148605172305241880223088742424771925359262276961, 21279920209240501229319113350331584665790430778846094897524930483118106031814634260802903045495829850399437278182329574699963138929930179421992737117248479197193414157068700951767757037252093980620859984584071460503299890187279597588828028508209377280155232780973353085622102108867131114851476798667397114731024315266211677829660093151838411660005343321511262290101904600206044359113839043382769572874124915349587253828026, 9404384361847700092017917497360922914422495675694955197107944898045656929107075851201447292136561925215747086463268855004949841022671138446351748131867439799577663701934862965438385718226937668810306608404586652755516424859810792109427278538957262669803852485387086606698225561320268174451728686271748237597096162506211489602963953896833644360026423773017344347726848234574166701592970696201428964781400031197865618239089, 11473536515781570615295467590180776005414036990843757506218537332857260548916287699656257748679485492923976380438772031340714031903195664536413478729735501964060575660816573010818951724268030300190364858009842520160469005602716000106343559079229134105037981332746560515786853914884397058119553354501751785487490141582378799261378484951808914485153056302334467726453053631816737123137188339174736559611576619507335456442065, 6658209986765214576523603095408925684859819107411400320441704339845709232148546095393111386992961430272770760133826876144536472235021040569911199220002850001682157274254019940107808579210365324279421587725318046615758025182034807320964209281952211101801085038313213267840401921768361130482812244634047647201542664623820862660431801687169272410840936474148169852200351846151154823648248871251508145387214557197530965990966, 3662147743842078783350403504385983360536988791880409841594842856902008843747184249906408091065206792255852486983899949749040441757153766073770174862371596437255143770762330535544930819336506298143363720373654482508230603611719528450050592020391695607369389318359724713540160798965029351305356511671756157832414716675860595439627182073770194023818550160188620097391401855031574633727321506854349395990238905940067612856696, 7933293379259371913947753225829182973440327166821331624782742813667530306183685142511569661517697089303221887502895505020874247160719683710997562072608556098407772048528722269678632972762531765385931704290441640393166153819226767175593692496736619644331844236704817294952000150386014066539732697524646127418982668700056812006011572693231332529972933598812433064570022253850176804351568177341485541235602653505364414768080, 14070615118184600860551882213714094275919094443487489248696755809883503918195587018270172984608205938888536939875430264012942369576596527716679396096608215568698430682346516654899828724942187624877959402757540416078645260766852866647428645421972345262477895972147694258806702534022844164408377042363711608742060536759496086945857809612633396792905136739597255654549008843569173238058444402641970915726989105904551420858546, 15342946815132442226042116907050674991277073193801523392169239948932666433020608630679091801966034372511342999029292508497887755004306581018004584285609282795773152090001950867971092852778256889890353738132730167551173577706777310439847369540286505119147781133148801979251138693701919045904692041106260141920375686688488149802396671219316061485675475896415179620183729993314843987100325425615893137781286754296462178178342, 3740152297282187181815345820098735405456007044475540504111210108524926232502982744404912884880365972432141621724673777802787744807157725980349110691844313336431011685019041193074796249612246618677944456394104745372829079160559888495080142311688681340347875401650358392693131033779246448214818537452437421066622719432500713770985665015229700477055550680052280279789072242114276313112192777540668840785267601183144210396020, 10185332676507104923693600244914563536350322909616212746220121432434723035761182080872998830142207437310309114085510373952850103117757585120341980926754941337344093553857422551961676140723291586487782410700709958292644147040988012341985875728853255609738370894663167840784046951024718142033286281019071858182773531406479425092563184020268791578909132566309388794626911391615731256258486251046314500831039355225743436984975]
S=28856686525748125802152914172483571798453880654624111179873716369801238646447969551927508246737816822527579725991046201801262381722186539084044859241033407568422008911415092147086235301286167536726137372507078079415577358704181165698320539751269992479349480281465975374187246799267369957964807679383646749609694064517591097971225234359495013928292239934008888234863117359059334395043146949808360202225171337210959511092044766
n = len(M)
L = matrix.zero(n + 1)

for row, x in enumerate(M):
	L[row, row] = 1
	L[row, -1] = x

L[-1, :] = 0
L[-1, -1] = S
res =L.LLL()
print(res)

A=[-78, -83, -83, -67, -84, -70, -123, -99, -97, -97, -56, -54, -99, -49, -48, -45, -56, -56, -102, -55, -45, -52, -100, -101, -102, -45, -98, -55, -48, -49, -45, -99, -51, -99, -54, -56, -101, -50, -102, -54, -49, -54, -52, -125]
for i in range(len(A)):
	A[i]=abs(A[i])
print(A)
print(bytes(A))

运行得到

最后flag为

1
NSSCTF{caa86c10-88f7-4def-b701-c3c68e2f6164}

不止一次

题目描述:

1
flag格式: moectf{xxxx} “一次就好,我陪你去看天荒地老”~~~ 可是,如果有机会可以不止一次呢? 你 能否把握住那个**key**吗?

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

import libnum, codecs, numpy
from Crypto.Util.strxor import strxor
from random import randrange

key  = 'moectf{Ma2y_T1m3_9ad_8an_6e_crac7ed}'

m = 'In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked, but requires the use of a single-use pre-shared key that is not smaller than the message being sent.'

f = open("附件.txt",'w')


for i in range(15):
    start = randrange(0,len(m)-2*len(key))
    mi = m[start : start+len(key)]
    ci = codecs.encode(strxor(mi.encode(),key.encode()) ,'hex').decode()
    #print(ci)
    f.write(ci)
    f.write('\n')

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
from Crypto.Util.strxor import strxor
from string import printable

# 给定的两个密文
A = bytes.fromhex("05010c1201035b3909530d7f3750035d304d41063a18021c3e550e3a075e41014211440f")
B = bytes.fromhex("0306141611460f250046593c355f035c2b1903017f5b130f3c5d003b4f52031643451618")

# 已知flag开头和总长度
known = "moectf{"
flag_len = 36

# 逐字节恢复flag
while len(known) < flag_len:
    found = False
    for c in printable:
        # 构造测试flag(当前已知部分+测试字符+填充)
        test_flag = known + c
        test_flag = test_flag.ljust(flag_len, 'a').encode()
        
        # 尝试解密两个密文
        decrypted_A = strxor(A, test_flag)
        decrypted_B = strxor(B, test_flag)
        
        # 检查特定位置的字符是否匹配
        if len(known) > 0 and decrypted_A[len(known)] == decrypted_B[len(known)-1]:
            known += c
            print(f"Found next char: {c}, current flag: {known}")
            found = True
            break
    
    # 如果没有找到匹配的字符,可能是填充部分
    if not found:
        # 尝试直接计算最后一个字符
        if len(known) == flag_len - 1:
            test_flag = known.encode().ljust(flag_len, b'\x00')
            decrypted_A = strxor(A, test_flag)
            known += chr(decrypted_A[-1])
            print(f"Found last char: {known[-1]}, complete flag: {known}")
        else:
            # 如果无法找到下一个字符,显示当前进度
            print(f"Stopped at position {len(known)}, current flag: {known}")
            break

print("\nRecovered flag:", known)

运行得到

最后flag为

1
moectf{Ma2y_T1m3_9ad_8an_6e_crac7ed}

LittLe_FSR

题目描述:

1
flag格式: moectf{xxxx} 我的LFSR一定没问题,一定!!!

附件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
from Crypto.Util.number import *
from gmpy2 import *
from secret import FLAG, key
import string
import random

assert FLAG[:7] == b'moectf{'
assert FLAG[-1:]== b'}'
table = string.ascii_letters+string.digits+string.punctuation
for _ in range(50-len(FLAG)):
    FLAG += random.choice(table).encode()
assert len(FLAG) == 50
assert len(key) == 5

class LFSR:
    def __init__(self):
        self.data = list(map(int,list(bin(bytes_to_long(FLAG))[2:].rjust(400,'0'))))
        for _ in range(2022):
            self.cycle()

    def cycle(self):
        bit = self.data[0]
        new = 0
        for i in key:
            new ^= self.data[i]
        self.data = self.data[1:] + [new]
        return bit

ILOVEMOECTF = LFSR()
for _ in range(2022):
    print(ILOVEMOECTF.cycle(), end='')

不会,还是看官方wp

MoeCTF_2022/Official_Writeup/Crypto/Moectf_CryptoWriteup.md at main · XDSEC/MoeCTF_2022

babyNET

题目描述:

1
2
了解过加密模式后,再来试试分组密码的结构吧。这次你还能轻松破解出密码吗?
https://github.com/XDSEC/MoeCTF_2022

aes.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
from Crypto.Cipher import AES
from secret import K,IV,data

class AES_CBC(object):
  def __init__(self,key,iv):
    self.key=key
    self.mode=AES.MODE_CBC
    self.iv=iv
 
  def pad_byte(self, b):
    bytes_num_to_pad = AES.block_size - (len(b) % AES.block_size)
    return b + bytes([bytes_num_to_pad]) * bytes_num_to_pad
 
  def encrypt(self,text):
    cryptor = AES.new(self.key,self.mode,self.iv)
    text = self.pad_byte(text)
    self.ciphertext = cryptor.encrypt(text)
    return self.ciphertext
 
  def decrypt(self,text):
    unpad = lambda s: s[:-ord(s[len(s) - 1:])]
    cryptor = AES.new(self.key, self.mode, self.iv)
    aesStr = cryptor.decrypt(text)
    aesStr = str(unpad(aesStr), encoding='utf8')
    return aesStr

pc=AES_CBC(K, IV)
encdata = pc.encrypt(data)

Feistel.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
from Crypto.Util.number import*
from Crypto.Cipher import AES
from aes import AES_CBC
from secret import key1,key2,IV,K

def encrypt(plaintext,key):
    assert len(plaintext) == 32
    assert len(key) == 16

    left = plaintext[:16]
    right = plaintext[16:]

    for i in range(3):
        aes = AES.new(key,AES.MODE_ECB)
        new_right = long_to_bytes(bytes_to_long(aes.encrypt(right)) ^ bytes_to_long(left))
        new_left = right
        left = new_left
        right = new_right
    return left + right

def decrypt(ciphertext,key):
    assert len(ciphertext) == 32
    assert len(key) == 16

    left = ciphertext[:16]
    right = ciphertext[16:]

    for i in range(3):
        aes = AES.new(key,AES.MODE_ECB)
        last_right = left
        last_left = long_to_bytes(bytes_to_long(right) ^ bytes_to_long(aes.encrypt(left)))
        left = last_left
        right = last_right  
    return left + right
    
M = K+IV
cipher = encrypt(M,key1)
cipher = decrypt(cipher,key2)
cipher = encrypt(cipher,key1)

task.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
from Crypto.Util.number import *
from Crypto.Cipher import AES
from hashlib import sha256
import socketserver
import signal
import string
import random
from secret import data,key1,key2,flag
from Feistel import M,cipher
from aes import encdata

table = string.ascii_letters+string.digits

class Task(socketserver.BaseRequestHandler):
    def _recvall(self):
        BUFF_SIZE = 2048
        data = b''
        while True:
            part = self.request.recv(BUFF_SIZE)
            data += part
            if len(part) < BUFF_SIZE:
                break
        return data.strip()

    def send(self, msg, newline=True):
        try:
            if newline:
                msg += b'\n'
            self.request.sendall(msg)
        except:
            pass

    def recv(self, prompt=b'[-] '):
        self.send(prompt, newline=False)
        return self._recvall()

    def proof_of_work(self):
        proof = (''.join([random.choice(table)for _ in range(12)])).encode()
        sha = sha256( proof ).hexdigest().encode()
        self.send(b"[+] sha256(XXX+" + proof[3:] + b") == " + sha )
        XXX = self.recv(prompt = b'[+] Plz Tell Me XXX :')
        if len(XXX) != 3 or sha256(XXX + proof[3:]).hexdigest().encode() != sha:
            return False
        return True
    
    def handle(self):
        signal.alarm(200)
        Hash = self.proof_of_work()
        if not Hash:
            self.request.close()
        self.send(b"[+] I'll send you my encrypted K,IV .Can you decrypt it ?")
        self.send(b'[+] key1 = ' + key1)
        self.send(b'[+] key2 = ' + key2)
        self.send(b'[+] cipher = ' + hex(bytes_to_long(cipher)).encode())
        self.send(b'[+] plz give me the K||IV (K+IV):')
        sec_m = self.recv()
        if sec_m == M:
            self.send(b'[+] You win! Give you my encdata: ' + hex(bytes_to_long(encdata)).encode())
            self.send(b'[+] plz give me data:')
            sec_m = self.recv()
            if sec_m == data:
                self.send(b'[+] flag is:' + flag.encode())
        self.send(b"[+] Sorry,Connection has been closed ")
        self.request.close()

class ThreadedServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
    pass

class ForkedServer(socketserver.ForkingMixIn, socketserver.TCPServer):
    pass

if __name__ == "__main__":
    HOST, PORT = '0.0.0.0', 10001
    print("HOST:POST " + HOST+":" + str(PORT))
    server = ForkedServer((HOST, PORT), Task)
    server.allow_reuse_address = True
    server.serve_forever()

3DES

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
from pwn import *
from string import *
from hashlib import sha256
from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor as xor
import binascii
import re

table = ascii_letters + digits

# 连接到服务器
context.log_level = 'debug'  # 启用详细日志
net = remote('node5.anna.nssctf.cn', 23028)

# 处理proof of work
net.recvuntil(b"[+] sha256(XXX+")
suffix = net.recvuntil(b") == ", drop=True)
target_hash = net.recvline().strip().decode()

print(f"[*] Solving PoW: sha256(XXX+{suffix.decode()}) == {target_hash}")

found = False
for i in table:
    for j in table:
        for k in table:
            prefix = (i + j + k).encode()
            proof = prefix + suffix
            if sha256(proof).hexdigest() == target_hash:
                net.sendline(prefix)
                print(f"[+] PoW solved: {prefix.decode()}")
                found = True
                break
        if found:
            break
    if found:
        break

# 接收服务器数据 - 直接读取二进制密钥
def recv_binary(prompt):
    net.recvuntil(prompt)
    # 读取16字节的密钥
    data = net.recvn(16)
    # 读取换行符
    net.recvline()
    print(f"[*] Received {len(data)} bytes for {prompt.decode().strip()}: {data.hex()}")
    return data

# 接收密钥
key1 = recv_binary(b'[+] key1 = ')
key2 = recv_binary(b'[+] key2 = ')

# 接收密文
net.recvuntil(b'[+] cipher = ')
cipher_hex_line = net.recvline().strip()
print(f"[*] Raw cipher: {cipher_hex_line}")

# 直接提取十六进制部分(更健壮的方法)
# 查找以"0x"开头的十六进制字符串
hex_match = re.search(rb'0x([0-9a-fA-F]+)', cipher_hex_line)
if not hex_match:
    print(f"[!] Failed to find hex string in cipher: {cipher_hex_line}")
    exit(1)

cipher_hex_clean = hex_match.group(1)
print(f"[*] Extracted cipher hex: {cipher_hex_clean.decode()}")

# 转换为字节
try:
    cipher_bytes = bytes.fromhex(cipher_hex_clean.decode())
    print(f"[*] Cipher length: {len(cipher_bytes)} bytes")
except (ValueError, UnicodeDecodeError) as e:
    print(f"[!] Hex conversion error: {e}")
    print(f"[!] Cipher hex: {cipher_hex_clean}")
    exit(1)

# 自定义加密函数
def encrypt(plaintext, key):
    assert len(plaintext) == 32
    assert len(key) == 16

    left = plaintext[:16]
    right = plaintext[16:]

    for _ in range(3):
        aes = AES.new(key, AES.MODE_ECB)
        enc_right = aes.encrypt(right)
        new_right = xor(enc_right, left)
        left, right = right, new_right
    
    return left + right

# 自定义解密函数
def decrypt(ciphertext, key):
    assert len(ciphertext) == 32
    assert len(key) == 16

    left = ciphertext[:16]
    right = ciphertext[16:]

    for _ in range(3):
        aes = AES.new(key, AES.MODE_ECB)
        enc_left = aes.encrypt(left)
        last_left = xor(right, enc_left)
        last_right = left
        left, right = last_left, last_right
    
    return left + right

# 逆向计算原始消息M
print("[*] Decrypting message...")
try:
    step1 = decrypt(cipher_bytes, key1)
    print(f"[*] Step1: {step1.hex()}")
    step2 = encrypt(step1, key2)
    print(f"[*] Step2: {step2.hex()}")
    M = decrypt(step2, key1)
    print(f"[*] Step3: {M.hex()}")
except Exception as e:
    print(f"[!] Decryption error: {e}")
    print(f"[!] Key1: {key1.hex()}, Key2: {key2.hex()}, Cipher: {cipher_bytes.hex()}")
    exit(1)

print(f"[*] Recovered M (K||IV): {M.hex()}")

# 发送K||IV (K+IV)
net.recvuntil(b'[+] plz give me the K||IV (K+IV):\n')
net.send(M)

# 接收加密数据
try:
    net.recvuntil(b'You win! Give you my encdata: ')
    enc_hex_line = net.recvline().strip()
    print(f"[*] Raw encdata: {enc_hex_line}")
    
    # 直接提取十六进制部分
    hex_match = re.search(rb'0x([0-9a-fA-F]+)', enc_hex_line)
    if not hex_match:
        print(f"[!] Failed to find hex string in encdata: {enc_hex_line}")
        exit(1)
    
    enc_hex_clean = hex_match.group(1)
    enc_bytes = bytes.fromhex(enc_hex_clean.decode())
    print(f"[*] Received encdata: {enc_bytes.hex()}")
except EOFError:
    print("[!] Connection closed unexpectedly. Trying to recover...")
    # 尝试读取剩余数据
    try:
        remaining = net.recvall(timeout=2)
        print(f"[!] Remaining data: {remaining}")
    except:
        print("[!] Failed to read remaining data")
    exit(1)
except Exception as e:
    print(f"[!] Error receiving encdata: {e}")
    exit(1)

# 发送指定数据 - 确保发送字节
data = b'Congratulations!_You_have_get_the_flag!'
try:
    net.recvuntil(b'[+] plz give me data:')
    net.send(data)  # 确保发送字节
    print(f"[*] Sent data: {data.decode()}")
except EOFError:
    print("[!] Connection closed before sending data")
    exit(1)

# 获取flag
try:
    flag_prompt = net.recvuntil(b'[+] flag is:', timeout=5)
    flag = net.recvline().strip().decode()
    print(f"\n[+] FLAG: {flag}")
except EOFError:
    print("[!] Connection closed while waiting for flag")
    # 尝试读取剩余数据
    try:
        remaining = net.recvall(timeout=2)
        print(f"[!] Remaining data: {remaining}")
    except:
        print("[!] Failed to read remaining data")
except Exception as e:
    print(f"[!] Error receiving flag: {e}")

# 关闭连接
net.close()
文章作者: yiqing
文章链接: http://yiqing.asia/posts/10204.html
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 yiqing !
moectf
  目录