BUUCTF 每日打卡 2021-8-5

引言

无

[b01lers2020]safety_in_numbers

题目给了两个很大的文件： 加密代码如下：

import sys
import Crypto.PublicKey.RSA as RSA


def enc(msg, pubkey):
   (n,e) = pubkey
   m = int.from_bytes(msg, byteorder = 'little')
   c = pow(m, e, n)
   ctxt = (c).to_bytes(c.bit_length() // 8 + 1, byteorder = 'little')
   return ctxt


with open("pubkey.pem", "r") as f:
   ciph = RSA.importKey(f.read())     # chill out, Crypto.RSA takes its sweet time... (minutes)

pubkey = (ciph.n, ciph.e)


with open("flag.txt", "rb") as f:
   flag = f.read()

sys.stdout.buffer.write(enc(flag, pubkey))

# chill out, Crypto.RSA takes its sweet time... (minutes) 啊这 获取公钥代码如下：

from Crypto.PublicKey import RSA

with open("pubkey.pem", "r") as f:
   ciph = RSA.importKey(f.read())     # chill out, Crypto.RSA takes its sweet time... (minutes)

e = ciph.e
n = ciph.n
with open('publickey.txt', 'w') as f:
    f.write(str(n))
    f.write('\n')
    f.write(str(e))

结果为： 发现n是上面一大串，而e=65537 然后关于怎么处理这个ctxt 其实只要知道from_bytes和to_bytes互为“逆运算”就行了，具体可以参照官方文档 代码如下：

with open("flag.enc", "rb") as f:
   ctxt = f.read()
   print(ctxt)
c = int.from_bytes(ctxt, byteorder='little')

with open('cipher.txt', 'w') as f:
    f.write(str(c))

两个文件都非常大 然后就没什么别的信息了，出题人总不能让我做不出来吧 猜测由于n很大，e相对n很小，那么就有可能出现 \(c=m^e\) 的情况 试了一下，果然是这样 解密代码如下：

from Crypto.Util.number import *
import gmpy2

with open("flag.enc", "rb") as f:
   ctxt = f.read()

c = int.from_bytes(ctxt, byteorder='little')
e = 65537
m = gmpy2.iroot(c, e)[0]
print(long_to_bytes(m)[::-1])

结果为：

[AFCTF2018]MagicNum

题目就给了一个txt文件，里面一串浮点数： 想起之前写的[ACTF新生赛2020]crypto-des也是一样的情况 解密代码如下：

from Crypto.Util.number import *
import struct

s = [72065910510177138000000000000000.000000, 71863209670811371000000.000000, 18489682625412760000000000000000.000000, 72723257588050687000000.000000, 4674659167469766200000000.000000, 19061698837499292000000000000000000000.000000,]
a = ''
b = ''
for i in s:
    a += struct.pack('<f', i).hex()        # 小端
print(a)

for j in s:
    b += struct.pack('>f', j).hex()        # 大端
print(b)

print(long_to_bytes(int(a, 16)))
print(long_to_bytes(int(b, 16)))

结果为：

[XNUCA2018]Warmup

加密代码如下：

from Crypto.Util.number import bytes_to_long, getPrime
from random import randint
from gmpy2 import powmod
import sys

p = getPrime(1024)
q = getPrime(1024)
N = p*q
Phi = (p-1)*(q-1)

with open("flag", 'r') as fr:
	flag = bytes_to_long(fr.read().strip())

def get_enc_key(BitLen, Phi):
    e = getPrime(BitLen)
    if Phi % e == 0:
        return get_enc_key(BitLen, Phi)
    else:
        return e

def sprint(message):
	print(message)
	sys.stdout.flush()

def communicate():
	sprint("This is a message distribute system. Please tell me your name: ")
	user = raw_input()
	bakcdoor(user)
	e = get_enc_key(randint(13, 13 + (len(user) % 4)), Phi)
	ct = powmod(flag, e, N)
	sprint("Hi %s, your N is: %d\nAnd your exponent is: %d\nLast but not least, your secret is: %d" % (user, N, e, ct))
	sprint("You will know the secret after I give you P,Q.\nSee you next time!")

if __name__ == "__main__":
	communicate()

明显需要交互嘛 但是没给输出结果 题目给了一个后缀是.pcapng的文件，图片？ 不懂，找wp，考的是流量包文件提取，没见过 使用的工具叫wireshark，建议使用镜像下载 下载下来之后导入文件，选择分析中的追踪TCP流 得到六段文件 分别为：

This is a message distribute system. Please tell me your name: 
Alice
Hi Alice, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 7669
Last but not least, your secret is: 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Bob
Hi Bob, your N is: 16469436076891819107430664586570790058365332532674438789146675997314595491187244459383921424835032067061885275554735557145712521498253296163910390306330135855302922157272936907898045006260883274333834229418152155694295570782207999565052765330228242362968933298758811404031322069181362855243705838799645685066332172969401743211750904509226291946662578751991715996103303976647730874845283020815000321892678220724802450248872234664036667264022384588371373249390642053539194423282694248940736528696713895935252137917260856321114370743803866601761211552228903425850365457360876898940583221394582723557605309072232855822121
And your exponent is: 6581
Last but not least, your secret is: 4505063757912237030635628747221272994572695359194588227137745184038156993684967692950382379416670048352697192034847437641005118396778451573252079960329423730857312903905473153821671728221711196041864671612553117481967219346650953589661738125004385506770270950850305018428133702570007489933820805282374786447043101075368159524627160317546994983074271744438830758703672549021794396005996657563893647623858053340802508275966224731156066494130781524282692069374034848523211418786348920660102645506245253266350928691868117037802311207429854527893101629350899064793606053845768875251087079676571106395735856068973034721101
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Carol
Hi Carol, your N is: 25118874053328546753024263989563415727502048075025991833569501205632242337113077901532332374775395419348348701048189408092632079814832363732010926177912082562964016670890936281050864496155721672281093344082281963638371977758361202131970609490512245265719538879695944721744492357697438865016952531556200322390888505552979421131419142724258271230059422420336363879787201072494558351266967920357858873458121748582985640375604986741727501058494951533532341125506734541216305271046143705754799910729045435564538502962145048652820879590895993225869189429946329168385872964357133780290864454638364009252548494323438022231349
And your exponent is: 7603
Last but not least, your secret is: 19048737576987045063226590250127232246475809097432504428364908056604025281347091106863818770179886946036828033369811436258683836640686482186295887954603333674790126531024825196275247430917874230019937646154128686565959382549927974721595907720052683326347883917288387011898610688585967549063293999007662179537208541114528645906867834283911530827009496350564818050926992578354845375385136518922278665967914707035675926166195959084130878666446344492398932138098006690696811167313988561319314285936059926219964550560566892932146226765756939758814799908059743886502882106627085404296199027529328251035521224628003832913854
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Dave
Hi Dave, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 6947
Last but not least, your secret is: 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Eve
Hi Eve, your N is: 22890921296489391468723563207482439368715048528954857727696611997213849453925407639478311064849002092841332187029922829503732594819405334557899018193836573827538367732876315261107786375883032702336369949813383359822945447348738639898488349249930794685147680602369574583272233186638639006722932514492412473499671240672786609392623108668740611409192410353088792926863759136574234682712437658167544420388503462191966664297486016864300587100339017032869018550693788156823952834586915180769842001379726271815407042736414817319930070363123671954772200618698975099285175523273493454655068815092164026790575552599814897599019
And your exponent is: 32869
Last but not least, your secret is: 10442917988766773396490991940667317808047327971317925137102489044030528557897992672507937554697482807481687087032349144551262471682307071658961878532382971828091109354257621491344013450604760870060142736551478301684143824750833285595247473821108423325384179883193988517286866263448490603966572975638061953752262499593905224215350312955589263376013886143461626877100441513745096129818379335382286822093358933880966180516628821646828214470420085945706208301656296701245704053699525077530655225353466026325593619997021961040046033670273837714651500872492969863747973610655943366074744584652270844784591048670022372904094
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Frank
Hi Frank, your N is: 13610734669757105262564498565903016628884897465642188626977712600469428943454859353288561953332071112838192895353839306728698072861317475483364599428738408203420859463545743033507453999902768670963760117002226738834212826866972790759618857592183639430006129961804969344458099739275801744555852908477399106370903274847008168191406212026496201683437988789750311357127030874197256108087969060429116893649257007863251857384220793898187863784143099430027004383026281731367512474585221423627626454894508617409600974924819458907176960087389776551021286749078138520414178131682409288175569603840517742966654020297053280120421
And your exponent is: 10369
Last but not least, your secret is: 338230230737795357907632634565480424320738100416872971593313504623031636549506308515885211507225139575284223841381475563865888650857636729319870056097265003381655374810743643787055050913356678153093440043937297044556267703050582739481148800234028265995678045070593516597241200279290432036592464223968778632301959998956082387007036826439290490046693942095006926116019667542427239110629330500882759564195704755475923049022289141527406786806241793809546426372343971278513127134648233599072200913066293287533269250758307985763118372706166149682768349327629911555785267589749222331760647201324907861960876452039787203524
You will know the secret after I give you P,Q.
See you next time!

然后发现，第一段和第四段的N是相同的，采用共模攻击 解密代码如下：

from Crypto.Util.number import *
import gmpy2

n = 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
e1 = 7669
e2 = 6947

c1 = 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471

c2 = 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
# s & t
gcd, s, t = gmpy2.gcdext(e1, e2)
if s < 0:
    s = -s
    c1 = inverse(c1, n)
if t < 0:
    t = -t
    c2 = inverse(c2, n)
plain = pow(c1, s, n) * pow(c2, t, n) % n
print(long_to_bytes(plain))

结果为：

结语

希望继续坚持