中国矿业大学2020岁末赛校赛wp

Misc没别的意思给你签个到顺便给你看看我老婆
Lsb隐写

由题目的lsp想到lsb隐写，使用

打开，三个低位为0，

然后去掉之间的空格，就对了。

大鸟转转转转转转转转转
同样是使用相同的软件，

一帧一帧的分析

拼接起来就出来了

简单的rsa

from Crypto.Util.number import *
import gmpy2
k = 33168381182273613039378043939021834598473369704339979031406271655410089954946280020962013567831560156371101600701016104005421325248601464958972907319520487
c = 15648371218931722790904370162434678887479860668661143723578014419431384242698608484519131092011871609478799077215927112238954528656254346684710581567304227780228595294264728729958171950314042749100472064919234676544341981418897908716041285489451559413615567610248062182987859379618660273180094632711606707044369369521705956617241028487496003699514741969755999188620908457673804851050978409605236834130689819372028797174206307452231481436775711682625666741103384019125790777595493607264935529404041668987520925766499991295444934206081920983461246565313127213548970084044528257990347653612337100743309603015391586841499
e = 4097
phi = k-1
d=gmpy2.invert(e,phi)
flag = pow(c,d,k)
print(long_to_bytes(flag))

Rsa算法e公钥已知，c（密文）已知，给了一个元组，第一个元素是公钥，第二个是私钥k即是n，所以求出d来，pow（c，d，k）即可求出明文。

参考网站https://blog.cryptohack.org/cryptoctf2020

网上的思路：
The challenge encrypts the flag with a modulus
N=(p∗q∗r)∗(p+q+r)
and gives the output n=pqr, k=p+q+r. To totally break the cryptosystem, we would want to find the totient of the modulus

ϕ(N)=(p−1)(q−1)(r−1)(p+q+r−1)
but we can simplify this when the encrypted message m is small enough. If we have m<k, we can instead find ϕ(k)=k−1, and find e−1modϕ(k), and solve!
Observe that for any n,l, as long as l|n, any equivalence a≡b(modn) also holds mod l: a≡b(modl) (but note that the other way around does not necessarily hold). To fully see this, we can write
a⇔a⇒a≡b(modn)=b+kn=b+ktl(since l|n, so n=tl)≡b(modl)
So, since k|n, we can solve m≡m1+ϕ(k)(modk) as if it was a single-prime RSA problem. And because m<k, the residue [m]k (the rest when dividing m by k) is exactly equal to m.

乱写的密码
分析逻辑，可以看出是，替换密码，一个字母对应另一个字母，且，只出现一次
本来想用脚本，通过字频分析出来，但是，做了好久没做出来，便试着在网上搜索在线破解的网站，结果发现果然走了弯路

破解网站的连接https://quipqiup.com/

ez_rsa
这题出题后，立马用谷歌搜，果然搜到了原题，果然拿了一血

from Crypto.Util.number import *
from  gmpy2 import invert
n=17986052241518124152579698727005505088573670763293762110375836247355612011054569717338676781772224186355540833136105641118789391002684013237464006860953174190278718294774874590936823847040556879723368745745863499521381501281961534965719063185861101706333863256855553691578381034302217163536137697146370869852180388385732050177505306982196493799420954022912860262710497234529008765582379823928557307038782793649826879316617865012433973899266322533955187594070215597700782682186705964842947435512183808651329554499897644733096933800570431036589775974437965028894251544530715336418443795864241340792616415926241778326529055663
e=65537
enc=17505679398266502116464734134128725340247050682772207798718112582701162398326982870035320307354098156145675458669731605067821790146061040637109327455205893324813052120216078570610930872674755246099365674625431655007219684642963335426955196473587347290657014023186920750946928312239116919090008342804123453311441848155223191179999664929660663345568499980778425899869956228245802722031728956228667784902213280684273577858909961747898300981963006329584725303446719192681170020458749808054637224882633325702468591074293728614333360418157985394943356536309321590140334348949095024011542798810065149061943391776967748248277703228
beta=11864389277042761216996641604675717452843530574016671576684180662096506094587545173005905433938758559675517932481818900399893444422743930613073261450555599
tip = (n-1)//(2*beta)  
xy1=tip//beta
def attack(xy1):
    while True:
        try:
            xy1=xy1-2
            d=invert(e,2*xy1*pow(beta,2))
            c=pow(3,e,n)
            if pow(c,d,n)==3:
                return d
            else:
                continue
        except:
            continue
d=attack(xy1)
print long_to_bytes(pow(enc,d,n))

那么对于获得 x + y这个问题，由于beta是512位，n的位数为 2068，那么平均一下p的位数就是1034了，那么x的位数大概就是1034 – 1 – 512 = 521，x + y 与beta位数差了10位左右，完全是可以暴力的范围，n = p * q = 4xybeta ^ 2 + 2(x+y )beta + 1
很自然的能得到 tip = (n-1)//beta
然后我们给tip模上beta，我们就能得到 (x+y)%beta ，如果我们能够获得x + y，那么显然我们也能获得x * y，然后解个方程即可获得x和y，然后就能获得p和q，继而解密rsa得到flag，基本上就是用py2运行，简单修改了对应的参数，要使用
Try
Except语句，因为存在爆破不成功，但需要继续continue
（显示无法求逆元）
一开始的报错，估计是因为没有使用报错语句来写

由于本人的py2环境忘记打到哪里去了，所以我写的脚本，队友运行的exp
出来签到啦
参考网站https://www.cnblogs.com/crybaby/p/12940219.html
参考脚本
写出exp

from Crypto.Cipher import AES

def xor(p1, p2):
    tmp = ''
    for i in range(len(p2)):
        tmp += chr(ord(p1[i]) ^ ord(p2[i]))
    return tmp
key = "\t\xe6\x85]):\x1b\x86\xffD\xf1\x89H\xb1\x9b\xac"
cipherText1 = "ed64978b91ef5b62561a44c8f529b91f".decode("hex")
cipherText = "fd6dd5e0f9ab258b2bc9c813177e3ad677116d2f08c69517d0e7796c1f5e06ba95c3de5a139bb687bf3e779a0730e47c".decode("hex")
plainText = "CBC_Cr4cked_succ"
fakeIV = "aaaaaaaaaaaaaaaa"
fakeIVAes = AES.new(key, AES.MODE_CBC, fakeIV)
fakePlainText = fakeIVAes.decrypt(cipherText1)
enc_msg = xor(fakePlainText, fakeIV)
iv = xor(enc_msg, plainText)
print len(iv)
print "iv is : " + iv
aes = AES.new(key, AES.MODE_CBC, iv)
flag = aes.decrypt(cipherText)
print flag

这个密码算法，模式就是密码学课上学到的模式，相信密码学过了的都会，由于本人没有py2环境，所以还是队友运行的

做出了第一关，然后第二关

flag = "bxsyyds{
    
    xxxxxxx}
assert flag.startswith("bxsyyds{")
assert flag.endswith("}")
assert len(flag)==16

def lfsr(R,mask):
    output = (R << 1) & 0xfffffff
    i=(R&mask)&0xfffffff
    lastbit=0
    while i!=0:
        lastbit^=(i&1)
        i=i>>1
    output^=lastbit 
    return (output,lastbit)

R=int(flag[8:-1],16)
mask=0b1001000000100000001000100101
f=open("result","w")
for i in range(100):
    tmp=0
    for j in range(8):
        (R,out)=lfsr(R,mask)
        tmp=(tmp << 1)^out
    f.write(chr(tmp))
f.close()

做过密码学实验，便很容易发现是lsfr流密码，需要找到result对应的二进制模式的前7*4=28个二进制流

由于一开始粗心，把16进制转化成2进制转化错了！！！
挺多弯路

然后经过短暂的思考人生，检查一下二进制对不对，果然转化错了

re1

参考
https://driverxdw.github.io/2019/04/24/2019%E8%A5%BF%E6%B9%96%E8%AE%BA%E5%89%91CTF-%E4%BA%8C/

0x3A=3*16+10=58
BASE58编码

上面运行时忘了摁回车…

>>> s='34avux4BwXYJzh1nHK1oG5xTKeBSCERZs4xC'
>>> t='123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
>>> flag=0
>>> for i in range(len(s)):
...     flag=flag*58+t.index(s[i])
... flag
  File "<stdin>", line 3
    flag
    ^
SyntaxError: invalid syntax
>>> flag
0
>>> flag
0
>>> for i in range(len(s)):
...     flag=flag*58+t.index(s[i])
...     
>>> flag
108200298718158997245509125691632101258313020496600351308152445
>>> hex(flag)
'0x43554d544354467b3841736535425f31735f456135797e7e7e7d'
>>> from binascii import *
>>> a2b_hex('43554d544354467b3841736535425f31735f456135797e7e7e7d')
b'CUMTCTF{8Ase5B_1s_Ea5y~~~}'