1.GM
由于题目中描述了这时一个GM密码系统,所以我们在网上查到FM密码系统破解方式https://blog.csdn.net/qq_26816591/article/details/82957481
首先根据n,phin建立一元二次方程求解n的因子p,q,再带入到解密公式中求解
import gmpy2
phi=9433451661749413225919414595243321311762902037908850954799703396083863718641136503053215995576558003171249192969972864840795298784730553210417983714593764557582927434784915177639731998310891168685999240937407871771369971713515313634198744616074610866924094854671900334810353127446778607137157751925680243990711180904598841255660443214091848674376245163953774717113246203928244509033734184913005865837620134831142880711832256634797590773413831659733615722574830257496801417760337073484838170554497953033487131634973371143357507027731899402777169516770264218656483487045393156894832885628843858316679793205572348688820
n=9433451661749413225919414595243321311762902037908850954799703396083863718641136503053215995576558003171249192969972864840795298784730553210417983714593764557582927434784915177639731998310891168685999240937407871771369971713515313634198744616074610866924094854671900334810353127446778607137157751925680243990905528141072864168544519279897224494849206184262202130305820187569148057247731243651084258194009459936702909655448969693589800987266378249891157940262898554047247605049549997783511107373248462587318323152524969684724690316918761387154882496367769626921299091688377118938693074486325995308403232228282839975697
cc=密文
a=1
b=phi-n-1
c=n
delat=gmpy2.iroot(pow(b,2)-4*a*c,2)
assert delat[1]
p=(delat[0]-b)/(2*a)
print p
assert n%p==0
q=n//p
print c%p
m=""
for i in cc:
if gmpy2.jacobi(i,p)==1 and gmpy2.jacobi(i,q)==1:
m=m+"0"
elif gmpy2.jacobi(i,p)==-1 and gmpy2.jacobi(i,q)==-1:
m=m+"1"
else:
m=m+"k"
print m2.pell
我们发现这时一个Pell's Equation问题,我们在网上找到求解方案https://brilliant.org/wiki/quadratic-diophantine-equations-pells-equation/
于是我们只需要将第一个爆破出来,然后按照公式就可以找到后面的149组的解
from pwn import *
import hashlib
import math
import gmpy2
def proof(a,b):
ss="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
print b
for i in ss:
for j in ss:
for k in ss:
for o in ss:
jie=i+j+k+o+a
ll=hashlib.sha256(jie).hexdigest()
if ll==b:
return jie
io=remote("39.97.210.182",61235)
io.recvuntil("+")
tian=io.recvuntil(")")[:-1]
io.recvuntil("== ")
sh256=io.recvuntil("\n")[:-1]
print tian.encode("hex")
print sh256.encode("hex")
io.recvuntil(":")
haha=proof(tian,sh256)
print haha
io.sendline(haha[:4])
io.recvuntil("Where a = ")
a=io.recvuntil(",")[:-1]
io.recvuntil("b = ")[:-1]
b=io.recvuntil("\n")
aint=int(a)
bint=int(b)
print aint,bint
if bint==2:
print "bintwrong"
io.interactive()
if gmpy2.iroot(aint,2)[1]:
print "aintwrong"
io.interactive()
xjie=[]
yjie=[]
for i in xrange(2,1000000):
xx=gmpy2.iroot(1+aint*pow(i,2),2)
if xx[1]:
xjie.append(xx[0])
yjie.append(i)
break
print xjie[0],yjie[0]
io.sendline(str(xjie[0]))
io.sendline(str(yjie[0]))
for i in xrange(1,150):
sleep(1)
print i
xk=xjie[-1]*xjie[0]+aint*yjie[-1]*yjie[0]
yk=xjie[-1]*yjie[0]+yjie[-1]*xjie[0]
io.sendline(str(xk))
io.sendline(str(yk))
xjie.append(xk)
yjie.append(yk)
io.interactive()
