BUUCTF 每日打卡 2021-7-29
引言
原本以为今天能把1分题刷完的,结果又多了几个,淦
[AFCTF2018]One Secret, Two encryption
题面: 一份秘密发送给两个人不太好吧,那我各自加密一次好啦~~~ 素数生成好慢呀 偷个懒也……不会有问题的吧?
给了两个公钥文件 先转成能看懂的:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| from Crypto.PublicKey import RSA
with open("public1.pub", "r") as f:
key = RSA.import_key(f.read())
n1 = key.n
e1 = key.e
print('n1:', key.n)
print('e1:', key.e)
with open("public2.pub", "r") as f:
key = RSA.import_key(f.read())
n2 = key.n
e2 = key.e
print('n2:', key.n)
print('e2:', key.e)
|
得到n和e: ![在这里插入图片描述]()
先尝试爆破,发现都可以暴力分解(啊这) 得到p,q:
1
2
3
4
| p1 = 27809722472252756488236572384949349891208643090117349509994417047989746484576130392206781875743390815588696964830219136848285391966773129269973231061599768809907518881304479207799187410626121509031210549317480187679455501340422680238395009932081263455435640341892702399022829951248686529928945588545968218943
q1 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
p2 = 13574537518864130340355432541118272197612469786472599699388744722964224446468845332277885224151359348751827390453295742493408690917441802418376492710577443748707324892538263470296850322457820732500754398379697996486797672220145645775197396918813888878389297506519458452871204328250224991572191181011886880259
q2 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
|
发现q1=q2 原来题面说的“偷个懒”是这个意思 然后就是常规的RSA解密,代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| from Crypto.PublicKey import RSA
from Crypto.Util.number import *
import rsa
with open("public1.pub", "r") as f:
key = RSA.import_key(f.read())
n1 = key.n
e1 = key.e
print('n1:', key.n)
print('e1:', key.e)
with open("public2.pub", "r") as f:
key = RSA.import_key(f.read())
n2 = key.n
e2 = key.e
print('n2:', key.n)
print('e2:', key.e)
p1 = 27809722472252756488236572384949349891208643090117349509994417047989746484576130392206781875743390815588696964830219136848285391966773129269973231061599768809907518881304479207799187410626121509031210549317480187679455501340422680238395009932081263455435640341892702399022829951248686529928945588545968218943
q1 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
p2 = 13574537518864130340355432541118272197612469786472599699388744722964224446468845332277885224151359348751827390453295742493408690917441802418376492710577443748707324892538263470296850322457820732500754398379697996486797672220145645775197396918813888878389297506519458452871204328250224991572191181011886880259
q2 = 174410123761631337520799179808598127914184971978811796722414215239874114048347830609255805203105210941441708658356189056418366104015120153227123562166980882513945308613658062284844636341082646995916907680076101741743945938845994542592182491688095893467336553001430454260431413695816790105384153941685561590503
print(q1 == q2)
d1 = inverse(e1, (p1 - 1) * (q1 - 1))
Rsa = rsa.PrivateKey(n1, e1, d1, p1, q1)
with open('flag_encry1', 'rb') as f:
c1 = f.read()
print(rsa.decrypt(c1, Rsa))
d2 = inverse(e2, (p2 - 1) * (q2 - 1))
Rsa = rsa.PrivateKey(n2, e2, d2, p2, q2)
with open('flag_encry2', 'rb') as f:
c2 = f.read()
print(rsa.decrypt(c2, Rsa))
|
[AFCTF2018]MyOwnCBC
加密代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| from Crypto.Cipher import AES
from Crypto.Random import random
from Crypto.Util.number import long_to_bytes
def MyOwnCBC(key, plain):
if len(key)!=32:
return "error!"
cipher_txt = b""
cipher_arr = []
cipher = AES.new(key, AES.MODE_ECB, "")
plain = [plain[i:i+32] for i in range(0, len(plain), 32)]
print plain
cipher_arr.append(cipher.encrypt(plain[0]))
cipher_txt += cipher_arr[0]
for i in range(1, len(plain)):
cipher = AES.new(cipher_arr[i-1], AES.MODE_ECB, "")
cipher_arr.append(cipher.encrypt(plain[i]))
cipher_txt += cipher_arr[i]
return cipher_txt
key = random.getrandbits(256)
key = long_to_bytes(key)
s = ""
with open("flag.txt","r") as f:
s = f.read()
f.close()
with open("flag_cipher","wb") as f:
f.write(MyOwnCBC(key, s))
f.close()
|
题面: CBC什么东西呀?不就是把上一轮加密的影响扩散到下一轮嘛 它写的CBC一点都不正宗 我这样写肯定也行的!
大概吧?
观察代码,发现是先随机生成了一个key然后把plain按每段32位分割,第一段用生成的key进行AES加密,后面每段plain以前面一段加密后的plain(也就是cipher)作为key进行加密,最后拼接在一起,题面里“把上一轮加密的影响扩散到下一轮”就是这个意思 由于第一段key是随机生成的,也没有线索来还原,就以第一段cipher作为key来还原后面的内容,代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
| from Crypto.Cipher import AES
with open("flag_cipher", "rb") as f:
cipher = f.read()
key = cipher[:32]
plain_txt = b""
cipher = [cipher[i:i + 32] for i in range(0, len(cipher), 32)]
for i in range(1, len(cipher)):
aes = AES.new(key, AES.MODE_ECB)
plain_txt += aes.decrypt(cipher[i])
key = cipher[i]
print(plain_txt)
|
结果为: ![在这里插入图片描述]()
结语
希望继续坚持
先尝试爆破,发现都可以暴力分解(啊这) 得到p,q: