Red Hat Cup-ctf

Others 2020-04-23 15:10:00 views: null

1,crypto

related:

The title seems to be a prng random number generator. In fact, it is examining RSA. Reading the source code, we found several established equations:

flag=state1+state2+state3

state1^17modn=10607235400098586699994392584841806592000660816191315008947917773605476365884572056544621466807636237415893192966935651590312237598366247520986667580174438232591692369894702423377081613821241343307094343575042030793564118302488401888197517625333923710172738913771484628557310164974384462856047065486913046647133386246976457961265115349103039946802386897315176633274295410371986422039106745216230401123542863714301114753239888820442112538285194875243192862692290859625788686421276234445677411280606266052059579743874849594812733193363406594409214632722438592376518310171297234081555028727538951934761726878443311071990

state2^17modn=2665348075952836665455323350891842781938471372943896177948046901127648217780657532963063228780230203325378931053293617434754585479452556620021360669764370971665619743473463613391689402725053682169256850873752706252379747752552015341379702582040497607180172854652311649467878714425698676142212588380080361100526614423533767196749274741380258842904968147508033091819979042560336703564128279527380969385330845759998657540777339113519036552454829323666242269607225156846084705957131127720351868483375138773025602253783595007177712673092409157674720974653789039702431795168654387038080256838321255342848782705785524911705

state1^17modn=4881225713895414151830685259288740981424662400248897086365166643853409947818654509692299250960938511400178276416929668757746679501254041354795468626916196040017280791985239849062273782179873724736552198083211250561192059448730545500442981534768431023858984817288359193663144417753847196868565476919041282010484259630583394963580424358743754334956833598351424515229883148081492471874232555456362089023976929766530371320876651940855297249474438564801349160584279330339012464716197806221216765180154233949297999618011342678854874769762792918534509941727751433687189532019000334342211838299512315478903418642056097679717

(65537 * state0 - 66666 * state1 + 12345 * state2 )  mod n = 10607235400098586699994392584841806592000660816191315008947917773605476365884572056544621466807636237415893192966935651590312237598366247520986667580174438232591692369894702423377081613821241343307094343575042030793564118302488401888197517625333923710172738913771484628557310164974384462856047065486913046647133386246976457961265115349103039946802386897315176633274295410371986422039106745216230401123542863714301114753239888820442112538285194875243192862692290859625788686421276234445677411280606266052059579743874849594812733193363406594409214632722438592376518310171297234081555028727538951934761726878443311071990

state0+state1+state2=280513550110197745829890567436265496990

We use the variables of the groebner_basis counterpart program under sage to do the linear transformation solution (similar to finding the solution of the algebraic equation), we can get the flag

N = 16084923760264169099484353317952979348361855860935256157402027983349457021767614332173154044206967015252105109115289920685657394517879177103414348487477378025259589760996270909325371731433876289897874303733424115117776042592359041482059737708721396118254756778152435821692154824236881182156000806958403005506732891823555324800528934757672719379501318525189471726279397236710401497352477683714139039769105043411654493442696289499967521222951945823233371845110807469944602345293068346574630273539870116158817556523565199093874587097230314166365220290730937380983228599414137341498205967870181640370981402627360812251649
Cs = [10607235400098586699994392584841806592000660816191315008947917773605476365884572056544621466807636237415893192966935651590312237598366247520986667580174438232591692369894702423377081613821241343307094343575042030793564118302488401888197517625333923710172738913771484628557310164974384462856047065486913046647133386246976457961265115349103039946802386897315176633274295410371986422039106745216230401123542863714301114753239888820442112538285194875243192862692290859625788686421276234445677411280606266052059579743874849594812733193363406594409214632722438592376518310171297234081555028727538951934761726878443311071990L, 2665348075952836665455323350891842781938471372943896177948046901127648217780657532963063228780230203325378931053293617434754585479452556620021360669764370971665619743473463613391689402725053682169256850873752706252379747752552015341379702582040497607180172854652311649467878714425698676142212588380080361100526614423533767196749274741380258842904968147508033091819979042560336703564128279527380969385330845759998657540777339113519036552454829323666242269607225156846084705957131127720351868483375138773025602253783595007177712673092409157674720974653789039702431795168654387038080256838321255342848782705785524911705L, 4881225713895414151830685259288740981424662400248897086365166643853409947818654509692299250960938511400178276416929668757746679501254041354795468626916196040017280791985239849062273782179873724736552198083211250561192059448730545500442981534768431023858984817288359193663144417753847196868565476919041282010484259630583394963580424358743754334956833598351424515229883148081492471874232555456362089023976929766530371320876651940855297249474438564801349160584279330339012464716197806221216765180154233949297999618011342678854874769762792918534509941727751433687189532019000334342211838299512315478903418642056097679717L, 12534425973458061280573013378054836248888335198966169076118474130362704619767247747943108676623695140384169222126709673116428645230760767457471129655666350250668322899568073246541508846438634287249068036901665547893655280767196856844375628177381351311387888843222307448227990714678010579304867547658489581752103225573979257011139236972130825730306713287107974773306076630024338081124142200612113688850435053038506912906079973403207309246156198371852177700671999937121772761984895354214794816482109585409321157303512805923676416467315573673701738450569247679912197730245013539724493780184952584813891739837153776754362L]
s = 280513550110197745829890567436265496990

e = 17
l = len(Cs)
PR = PolynomialRing( Zmod(N), 'x', l )
x = PR.gens()
f1 = (65537*x[0] - 66666*x[1] + 12345*x[2] - x[3])
f2 = x[0] + x[1] + x[2] - s
Fs = [f1, f2]
Fs.extend( [ (x[i]**e - Cs[i]) for i in range(l) ] )
I = Ideal(Fs)
B = I.groebner_basis()
m = ''
for b in B[:-1][::-1]:
    assert b.degree() == 1
    mi = ZZ( -b(0,0,0,0) )
    print mi

2. Smart alice

We obtain 4 sets of ciphertext encrypted with similar plaintext, but the two sets of public keys are 3, and the two sets of public keys are 5, so we have the following equation

(ax+b_{0})^{3}modn_{0}=c_{0}

(ax+b_{1})^{3}modn_{1}=c_{1}

(ax+b_{2})^{5}modn_{2}=c_{2}

(ax+b_{3})^{5}modn_{3}=c_{3}

We reconstruct it, square one or two equations, and multiply three or four equations by an x ​​to obtain a polynomial of the same power,

((ax+b_{0})^{3})^{2}modn_{0}=c_{0}

((ax+b_{1})^{3})^{2}modn_{1}=c_{1}

x*(ax+b_{2})^{5}modn_{2}=c_{2}

x*(ax+b_{3})^{5}modn_{3}=c_{3}

Use the Chinese remainder theorem to combine it to solve the equation using small_roots of sage:

#!/usr/bin/sage -python
from sage.all import *
from Crypto.Util import number
from Crypto.PublicKey import RSA
from hashlib import sha256


Usernames = ['Alice', 'Bob', 'Carol', 'Dan', 'Erin']
A = sha256( b'Alice' ).hexdigest()

PKs = []
Ciphers = []
B = []
for i in range(4):
    name = Usernames[i+1]

    pk = open(name+'Public.pem', 'rb').read()
    PKs.append( RSA.importKey(pk) )

    cipher = open(name+'Cipher.enc', 'rb').read()
    Ciphers.append( number.bytes_to_long(cipher) )

    data = '{"from": "'+A+'", "msg": "'+'\x00'*95+'", "to": "'+sha256( name.encode() ).hexdigest()+'"}'
    B.append( number.bytes_to_long(data) )

PR = PolynomialRing(ZZ, 'x')
x = PR.gen()

Fs = []
for i in range(4):
    f =  PR( ( 2**608*x + B[i] )**PKs[i].e - Ciphers[i] )
    ff = f.change_ring( Zmod(PKs[i].n) )
    ff = ff.monic()
    f = ff.change_ring(ZZ)
    Fs.append(f)

F = crt( [ Fs[0]**2, Fs[1]**2, x*Fs[2], x*Fs[3] ], [ PKs[i].n for i in range(4) ] )

M = reduce( lambda x, y: x * y, [ PKs[i].n for i in range(4) ] )
FF = F.change_ring( Zmod(M) )

m = FF.small_roots(X=2**760, beta=7./8)[0]
print 'msg: ' + number.long_to_bytes(m)

3.xx

We use the findcrypt plug-in in ida and found that there is an xx_tea encryption function in the middle, the key is the first four bits of the input, and then the encrypted ciphertext is converted to obtain the plain text. Below we can get it in reverse:

import xxtea
v20=[0xce, 0xbc, 0x40, 0x6b, 0x7c, 0x3a, 0x95, 0xc0, 0xef, 0x9b, 0x20, 0x20, 0x91, 0xf7, 0x02, 0x35, 0x23, 0x18, 0x02, 0xc8, 0xe7, 0x56, 0x56, 0xfa]
for i in xrange(len(v20)-1,0,-1):
    j=0
    while j<i/3:
        v20[i]=v20[i]^v20[j]
        j+=1

v19=[]
for i in xrange(24):
    v19.append(0)
for i in xrange(6):
    v19[4*i+2]=v20[4*i+0]
    v19[4*i+0]=v20[4*i+1]
    v19[4*i+3]=v20[4*i+2]
    v19[4*i+1]=v20[4*i+3]

ss=""
for i in v19:
    ss=ss+chr(i)

key = "flag"

decrypt_data = xxtea.decrypt(ss, key)
print decrypt_data

 

Pupils skipping class
Published 43 original articles · Like 23 · Visits 30,000+
Private letter concerns

Guess you like

Origin blog.csdn.net/zhang14916/article/details/103053396
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com