【BUUCTF】Crypto problem solution

MD5

Topic: e00cf25ad42683b3df678c61f42c6bda
Test point: MD5 encryption

1. The title gives the md5 encrypted information, we can directly decrypt the MD5 decryption
   website: md5 online decryption cracking, md5 decryption encryption (cmd5.com)
   
   flag{admin1}

decrypt at a glance

The flag can be obtained after decrypting the following string: ZmxhZ3tUSEVfRkxBR19PRl9USElTX1NUUklOR30= Note: Please include flag{} in the obtained flag and submit it. Test
point: base64 decryption

There is an "=" symbol at the end, which looks like base64 at first glance, just decode it.
Decrypt website: CTF online tools - online base encoding

Url encoding

Topic: %66%6c%61%67%7b%61%6e%64%20%31%3d%31%7d Test
point: url encoding

The title is url encoding, characterized by %number%number, use url decoding
CTF online tool-online URL encoding|URL decoding (hiencode.com)

watch me roundhouse kick

Topic: synt{5pq1004q-86n5-46q8-o720-oro5on0417r1}
Test center: Morse code

Seeing the structure of ****{ }, it is easy to think that it is Caesar encryption, which should be flag{ }. Push it from sf, so the displacement is also 13.
CTF Online Tool-Online Caesar Cipher Encryption|Online Caesar Cipher Decryption|Caesar Cipher Algorithm|Caesar Cipher (hiencode.com)

mousse

Topic: … .-… — …- . -.-- — …-

The characteristic of Morse code is the combination of dots and horizontal lines, which can directly decrypt Morse code CTF online tool-Online Morse Code Encoding | Online Morse Code Decoding | Morse Code Algorithm | Morse (hiencode.com)
Decipher it It’s iloveyou, but it’s wrong, adding flag{ } is still wrong,
note: Morse code only has uppercase, you need to change it to uppercase

password

topic:

Name: Zhang San
Birthday: 19900315
The key format is key{xxxxxxxxxx}

Eight digits for the birthday, two digits for the name, and ten digits for the answer. It is easy to guess that it is zs19900315

mutant caesar

Encrypted ciphertext: afZ_r9VYfScOeO_UL^RWUc
Format: flag{ }
Test points: Caesar encryption variant

The Caesar cipher table is a substitution cipher. Encryption and decryption are achieved by moving letters by a certain number of digits. All letters in the plaintext are shifted backwards (or forwards) by a fixed number in the alphabet and then replaced with ciphertext.

1. Since there are underscores and Arabic numerals in the ciphertext, it is speculated that it is not the replacement encryption of the alphabet used, but the ASCII code table is likely to be used. It can be seen from the title that its format is flag{ }, so we can find out the law from the correspondence between flagandafZ_

2. It can be seen that the offset is for each character: the offset from the first character is 5, the offset from the second character is 6... the offset of the nth character is 4+ n. The offsets are incremented sequentially. Let's write a script to decrypt,

public class Q123 {
    
    

     public static void main(String[] args) {
    
    
         String ciphertext = "afZ_r9VYfScOeO_UL^RWUc";
         char[] plaintext = new char[ciphertext.length()];
         for(int i = 0; i < ciphertext.length(); i++){
    
     //注意i是从0开始的，所以是5+i
             plaintext[i] = (char)(((int)ciphertext.charAt(i) + 5 + i) % 128);
         }
         for (char i: plaintext) {
    
    
             System.out.print(i);
         }
     }
}

get flag{Caesar_variation}

Quoted-printable

Topic: =E9=82=A3=E4=BD=A0=E4=B9=9F=E5=BE=88=E6=A3=92=E5=93=A6 Test center: Quoted-printable
encryption

Quoted-printable encryption, the solution is flag {then you are great too}
CTF online tool - online Quoted-printable encoding

Rabbit

Topic: U2FsdGVkX1/+ydnDPowGbjjJXhZxm2MP2AgI
Test point: rabbit encryption

What is Rabbit encryption? Rabbit is a high-speed stream cipher, first proposed in 2003 at the FSE seminar. Rabbit uses a 128-bit key and a 64-bit initialization vector. The core component of the encryption algorithm is a bit stream generator that encrypts 128 message bits per iteration.

Online Rabbit Encryption | Rabbit Decryption - Online Tools (sojson.com)

shadow of the fence

The star is still the star, the moon is still the moon, the mountain is still the mountain, the beam is still the beam, the roller is the roller, the cylinder is the cylinder, the father is the father, the mother is the mother, and the sesame oil lamp still squeaks a little bit Bright oh oh Note: Please wrap the flag{} in the obtained flag to submit

Topic: felhaagv{ewtehtehfilnakgw}
Test site: Fence password

To put it simply, the fence password is to divide a plaintext (remove spaces) into n groups, m in each group, and then use a certain sorting method to recombine these characters. The size of m is called the m-column fence password, and the more common m is 2, that is, the 2-column fence password.

This is the fence password, decrypt it to get: flag{wethinkwehavetheflag}
decrypt the fence password

RSA

Note: For the obtained flag, please replace noxCTF with flag, and submit it in the format of flag{}.

Topic: In an RSA key pair generation, assuming p=473398607161, q=4511491, e=17, solve d and submit it as flga. Test
point: RSA encryption

Just solve rsa directly,
RSA online encryption/online decryption

Alice and Bob

In the history of cryptography, there are two well-known outstanding figures, Alice and Bob. Their love is difficult to confuse after permutation and round encryption, even without identity verification, they can know the bottom line. Just like the prime numbers in the kingdom of mathematics, they are lonely and enthusiastic. The following is a large integer: 98554799767, please decompose it into two prime numbers, after decomposing, put the small one in front and the big one in the back, synthesize a new number, perform md5 32-bit lowercase hash, and submit the answer. Note: Please wrap flag{} with the obtained flag and submit.
Test points: Large number decomposition
1. Prime number decomposition
online prime number decomposition
98554799767 is decomposed into 101999 966233
2. Put the small one in front and the big one in the back, synthesize a new number, and perform md5 The 32-bit lowercase hash
of MD5
d450209323a847c8d01c6be47c81811a
gets flag{d450209323a847c8d01c6be47c81811a}

missing MD5

Test site: md5

import hashlib   
for i in range(32,127):
    for j in range(32,127):
        for k in range(32,127):
            m=hashlib.md5()
            m.update(('TASC'+chr(i)+'O3RJMV'+chr(j)+'WDJKX'+chr(k)+'ZM').encode("utf8"))
            des=m.hexdigest()
            if 'e9032' in des and 'da' in des and '911513' in des:
                print(des);

The title gives the program, we only need to modify and run it, and try to run it ourselves.
get e9032994dabac08080091151380478a2

RSA

Math is cool! Use the RSA algorithm to decode the secret message, c, p, q, and e are parameters for the RSA algorithm.

p = 9648423029010515676590551740010426534945737639235739800643989352039852507298491399561035009163427050370107570733633350911691280297777160200625281665378483
q = 11874843837980297032092405848653656852760910154543380907650040190704283358909208578251063047732443992230647903887510065547947313543299303261986053486569407
e = 65537
c = 83208298995174604174773590298203639360540024871256126892889661345742403314929861939100492666605647316646576486526217457006376842280869728581726746401583705899941768214138742259689334840735633553053887641847651173776251820293087212885670180367406807406765923638973161375817392737747832762751690104423869019034

Use RSA to find the secret message

Knowing n and e, you need to find d and then calculate to get the flag.
If you want to know more detailed analysis and strategy of RSA, please go to BUUCTF RSA (1)

Result: 47bf28da384590448e0b0d23909a25a4

Emperor's Code Weapon

In 100 BC, a person who had a great influence on the world was born in Rome. He was one of the three giants of Rome during his lifetime. He pioneered the use of a simple cipher, which is named after him.
The following ciphertext can be decrypted to obtain a meaningful word: FRPHEVGL
You can use this same encryption vector to encrypt the ciphertext in the attachment and submit it as an answer.

Ciphertext ComeChina
Test Site: Caesar Encryption

Use the Kaiser online decryption tool to shift them sequentially. You can try them one by one, or you can write a python script to achieve it yourself.

str1 = 'FRPHEVGL'
str2 = str1.lower()                                 #转换为小写方便识别
num = 1                                             #偏移量
for i in range(26):
    print("{:<2d}".format(num),end = ' ')
    for temp in str2:
        if(ord(temp)+num > ord('z')):               #如果超出'z',需要重新映射会a~z这26个字母上
            print(chr(ord(temp)+num-26),end = '')
        else:
            print(chr(ord(temp)+num),end = '')
    num += 1
    print('')

From this we know that the offset is 13, so now we need to perform 13-bit Caesar decryption on our ciphertext ComeChina.
flag{PbzrPuvan}

Windows system password

1. We use the hex editor to open the file .hash, we can find the following content

2. Since the file suffix is ​​.hash, we thought of using MD5 to decode and bring each string into MD5 online decryption, and we can try it out to
   
   get flag{good-luck}

The pace of the information age

Maybe China could enter the information age early, but it was rejected by the Qing government. Attached is the ciphertext of what a great man said decades later. Please translate the plain text (the answer is a string of Chinese!) Note: Please wrap flag{} in the obtained flag and submit

606046152623600817831216121621196386
Test site: telegram encryption

The ciphertext of the title content is actually only composed of numbers, and after checking, it is a Chinese code. The Chinese code table adopts four digits of Arabic numerals as the code, and is arranged in order of four digits from 0001 to 9999, and four digits are used to represent up to 10,000 Chinese characters, letters and symbols. Chinese characters are arranged by radicals first, and then by strokes. Letters and symbols are placed at the end of the code table. Later, because 10,000 Chinese characters could not meet the requirements of household registration management, a second literal Chinese character appeared. In Hong Kong, both characters use the same code, and the input staff selects the character manually; in Taiwan, the Chinese character of the second character is added with a "1" at the beginning to become a 5-digit code. Then we can check the Chinese code online decryption tool and decrypt this string of Chinese codes and it will be OK.

flag{The computer should start from the doll}

Caesar? replace? hehe!

Topic: MTHJ{CUBCGXGUGXWREXIPOYAOEYFIGXWRXCHTKHFCOHCFDUCGTXZOHIXOEOWMEHZO}
Test points: Caesar encryption + replacement cipher combination

We first use Caesar encryption. The first four letters get FMAC instead of the desired FLAG. There is no rule to follow between the four letters of FMAC, so try the replacement mentioned in the title.

quipqiup - cryptoquip and cryptogram solver online decryption website, quipqiup is Edwin Olson's fast and automated cryptogram solver. It solves simple substitution ciphers common in newspapers

This question is Caesar + simple replacement

cute Bajie

The cute Bajie used to be the head of Pig Village. Since ancient times, Pig Village has a mysterious code. Please find the code from the attachment to see what the cute Zhu Bajie wants to say. Note: Please include flag{} in the obtained flag and submit it. Test
site: Pigsty password

There is a string of symbols below the picture

After inquiry, this is a typical pigsty cipher, we can solve it accordingly

Traditional knowledge + classical code

1. 甲子 2.乙丑 3.丙寅 4.丁卯 5.戊辰 6.己巳 7.庚午 8.辛未 9.壬申 10.癸酉
11.甲戌 12.乙亥 13.丙子 14.丁丑 15.戊寅 16.己卯 17.庚辰 18.辛巳 19.壬午 20.癸未
21.甲申 22.乙酉 23.丙戌 24.丁亥 25.戊子 26.己丑 27.庚寅 28.辛卯 29.壬辰 30.癸巳
31.甲午 32.乙未 33.丙申 34.丁酉 35.戊戌 36.己亥 37.庚子 38.辛丑 39.壬寅 40.癸卯
41.甲辰 42.乙巳 43.丙午 44.丁未 45.戊申 46.己酉 47.庚戌 48.辛亥 49.壬子 50.癸丑
51.甲寅 52.乙卯 53.丙辰 54.丁巳 55.戊午 56.己未 57.庚申 58.辛酉 59.壬戌 60.癸亥

Write the numerical code for the combination given in the question

28 30 23 8 17 10 16 30

Add a Jiazi (60)

88 90 93 68 77 70 76 90

Convert to ASCII letters: XZSDMFLZ

Then the topic talked about that in addition to traditional knowledge, there is also a classical encryption method. For this kind of classical encryption without other keys, it is easy to think of Palisades and Caesar. But the fence only changes in order, not the letters inside. The letters in it don't feel like a word, so I used Caesar to decrypt it, and finally found a word-like answer SUNYHAGU.

RSA1

Understanding RSA-related problem solution reference: BUUCTF RSA (1) Routing ( ) students' blog-CSDN blog_buuctf rsa

Involved in the RSA algorithm

p = 8637633767257008567099653486541091171320491509433615447539162437911244175885667806398411790524083553445158113502227745206205327690939504032994699902053229 q = 12640674973996472769176047937170883420927050821480010581593137135372473880595613737337630629752577346147039284030082593490776630572584959954205336880228469 dp = 6500795702216834621109042351193261530650043841056252930930949663358625016881832840728066026150264693076109354874099841380454881716097778307268116910582929 dq = 783472263673553449019532580386470672380574033551303889137911760438881683674556098098256795673512201963002175438762767516968043599582527539160811120550041 c = 24722305403887382073567316467649080662631552905960229399079107995602154418176056335800638887527614164073530437657085079676157350205351945222989351316076486573599576041978339872265925062764318536089007310270278526159678937431903862892400747915525118983959970607934142974736675784325993445942031372107342103852

import gmpy2
I = gmpy2.invert(q,p)
mp = pow(c,dp,p)
mq = pow(c,dq,q)               #求幂取模运算
m = (((mp-mq)*I)%p)*q+mq       #求明文公式
print(hex(m))          #转为十六进制
print(bytes.fromhex(hex(m)[2:]))       #16进制转文本

get the answer

0x6e6f784354467b57333163306d335f37305f4368316e343730776e7d b'noxCTF{W31c0m3_70_Ch1n470wn}'

The first step in obtaining permission

Guess what this is, remember to give me the password after cracking it. The answer is in an unconventional form. Note: The obtained flag should be submitted with flag{}

Administrator:500:806EDC27AA52E314AAD3B435B51404EE:F4AD50F57683D4260DFD48AA351A17A8:::

The form of this password is MD5 encryption at first glance, we only decrypt F4AD50F57683D4260DFD48AA351A17A8

old-fashion

Os drnuzearyuwn, y jtkjzoztzoes douwlr oj y ilzwex eq lsdexosa kn pwodw tsozj eq ufyoszlbz irl rlufydlx pozv douwlrzlbz, ydderkhosa ze y rlatfyr jnjzli; mjy gfbmw vla xy wbfnsy symmyew (mjy vrwm qrvvrf), hlbew rd symmyew, mebhsymw rd symmyew, vbomgeyw rd mjy lxrzy, lfk wr dremj. Mjy eiqybzye qiqbhjyev mjy myom xa hyedrevbfn lf bfzyewy wgxwmbmgmbrf. Wr mjy dsln bw f1_2jyf-k3_jg1-vb-vl_l

The word length of this question is patchwork, considering Caesar, fence, and simple replacement.
We try to get the flag is n1_2hen-d3_hu1-mi-ma_a on quipqiup - cryptoquip and cryptogram solver

Nothing is difficult

The following is an order issued by the current president of a certain country. It has been encrypted in a strange way and has no rules. It seems that it can only be analyzed. Please restore this sentence to a fluent sentence, and find the key from it and submit it as an answer. The answer is 32 digits, including lowercase letters. Note: The obtained flag should be submitted with flag{}

打开附件是一串字符
VIZZB IFIUOJBWO NVXAP OBC XZZ UKHVN IFIUOJBWO HB XVIXW XAW VXFI X QIXN VBD KQ IFIUOJBWO WBKAH NBWXO VBD XJBCN NKG QLKEIU DI XUI VIUI DKNV QNCWIANQ XN DXPIMKIZW VKHV QEVBBZ KA XUZKAHNBA FKUHKAKX XAW DI VXFI HBN QNCWIANQ NCAKAH KA MUBG XZZ XEUBQQ XGIUKEX MUBG PKAWIUHXUNIA NVUBCHV 12NV HUXWI XAW DI XUI SCQN QB HZXW NVXN XZZ EBCZW SBKA CQ NBWXO XAW DI DXAN NB NVXAP DXPIMKIZW MBU JIKAH QCEV XA BCNQNXAWKAH VBQN HKFI OBCUQIZFIQ X JKH UBCAW BM XLLZXCQI XAW NVI PIO KQ 640I11012805M211J0XJ24MM02X1IW09

Words are patchwork, we consider simple replacement

Get: THE KEY IS 640E11012805F211B0AB24FF02A1ED09, we know that the key is 640E11012805F211B0AB24FF02A1ED09, and because the title prompt is lowercase, convert the uppercase to get: 640e11012805f211b0ab24ff02a1ed09

RSA3

Open the file and find:

c1=
n=
e1=11187289
c2=
e2=9647291

Common mode attack Premise: There are two or more RSA encryption processes, and m and n are the same twice, then the value of m can be directly calculated without calculating d.

Understanding RSA-related problem solution reference: BUUCTF RSA (1) Routing ( ) students' blog-CSDN blog_buuctf rsa

#共模攻击
import libnum
e1 = 11187289
c1=22322035275663237041646893770451933509324701913484303338076210603542612758956262869640822486470121149424485571361007421293675516338822195280313794991136048140918842471219840263536338886250492682739436410013436651161720725855484866690084788721349555662019879081501113222996123305533009325964377798892703161521852805956811219563883312896330156298621674684353919547558127920925706842808914762199011054955816534977675267395009575347820387073483928425066536361482774892370969520740304287456555508933372782327506569010772537497541764311429052216291198932092617792645253901478910801592878203564861118912045464959832566051361
e2 = 9647291
c2=18702010045187015556548691642394982835669262147230212731309938675226458555210425972429418449273410535387985931036711854265623905066805665751803269106880746769003478900791099590239513925449748814075904017471585572848473556490565450062664706449128415834787961947266259789785962922238701134079720414228414066193071495304612341052987455615930023536823801499269773357186087452747500840640419365011554421183037505653461286732740983702740822671148045619497667184586123657285604061875653909567822328914065337797733444640351518775487649819978262363617265797982843179630888729407238496650987720428708217115257989007867331698397
n=22708078815885011462462049064339185898712439277226831073457888403129378547350292420267016551819052430779004755846649044001024141485283286483130702616057274698473611149508798869706347501931583117632710700787228016480127677393649929530416598686027354216422565934459015161927613607902831542857977859612596282353679327773303727004407262197231586324599181983572622404590354084541788062262164510140605868122410388090174420147752408554129789760902300898046273909007852818474030770699647647363015102118956737673941354217692696044969695308506436573142565573487583507037356944848039864382339216266670673567488871508925311154801

def ext_euclid(a, b):     
 if b == 0:         
     return 1, 0, a     
 else:         
     x, y, q = ext_euclid(b, a % b) # q = gcd(a, b) = gcd(b, a%b)         
     x, y = y, (x - (a // b) * y)         
     return x, y, q
r,s,q = ext_euclid(e1,e2)
m = (pow(c1,r,n)*pow(c2,s,n))%n
print(libnum.n2s(m))

Get the answer flag{49d91077a1abcb14f1a9d546c80be9ef}

Unencode

89FQA9WMD<V1A<V1S83DY.#<W3$Q,2TM]

This is Uuencode encoding, we directly convert
Uuencode encoding (encryption); Uuencode decoding (decryption)｜text encryption and decryption tool (qqxiuzi.cn)

Get flag {dsdasdsa99877LLLKK}

RSA2

We directly code crack

import libnum e = 65537 n=248254007851526241177721526698901802985832766176221609612258877371620580060433101538328030305219918697643619814200930679612109885533801335348445023751670478437073055544724280684733298051599167660303645183146161497485358633681492129668802402065797789905550489547645118787266601929429724133167768465309665906113 dp=905074498052346904643025132879518330691925174573054004621877253318682675055421970943552016695528560364834446303196939207056642927148093290374440210503657 c=140423670976252696807533673586209400575664282100684119784203527124521188996403826597436883766041879067494280957410201958935737360380801845453829293997433414188838725751796261702622028587211560353362847191060306578510511380965162133472698713063592621028959167072781482562673683090590521214218071160287665180751 pd = e*dp-1

def ext_euclid(a, b):       if b == 0:         
     return 1, 0, a       else:         
     x, y, q = ext_euclid(b, a % b)       
     x, y = y, (x - (a // b) * y)         
     return x, y, q

def mod_inv(a, b):  return ext_euclid(a, b)[0] % b   #函数返回的第一个数%b

for i in range(1,e):  if pd%i == 0:
     if n%(pd//i+1) == 0:     
         p = pd//i+1
         q = n//p
         fn = (p-1)*(q-1)
         d = mod_inv(e,fn)
         m = pow(c,d,n)
         print(libnum.n2s(m))

Get flag{wow_leaking_dp_breaks_rsa?_98924743502}

[AFCTF2018]Morse

-…/.----/-…/-…/-…/…–/–…/…-/-…/-…/–…/-…/…–/.----/–…/…–/…—/–…/–…/…-/…/…-./–…/…–/…–/-----/…/…-./…–/…–/…–/…-/…–/…/–…/----./–…/-…

For this question, the Morse code first comes to mind. Since there is no / in the Morse code, we replace / with a space, and get

61666374667b317327745f73305f333435797d

Then another decryption, we noticed that the ASCII code of 7d is '}'.
So get *#afctf{1s't_s0_345y}*

Opposites attract

Recently, a weird point of view has emerged, saying that genders are different, how can they fall in love? In order to prove that this view is wrong, please prove that opposite sexes attract. Note: The obtained flag should be submitted with flag{}

Open the compressed package to get two txt files, and open them with 010editor. Write a python script to XOR binary numbers. The XOR process can be implemented with a python script. The result obtained is

Open 010editor, create a new Hex file, and paste it as binary data. get flag{ea1bc0988992276b7f95b54a7435e89e}

Restoration Master

We got a string of mysterious strings: TASC?O3RJMV?WDJKX?ZM, the question mark part is an unknown uppercase letter. In order to determine this mysterious string, we obtained the 32-bit MD5 code of this string through other means. But the 32-bit MD5 code we obtained is also incomplete, E903???4DAB???08???51?80??8A?, please guess the original appearance of the mysterious string, and submit the 32 bit MD5 code as the answer. Note: The obtained flag should be submitted with flag{}

This question is mainly about the gap. The third reason can be verified by using a loop.

 import hashlib import string

def md5(str):  m = hashlib.md5()  m.update(str.encode("utf8"))  return m.hexdigest()

for i in string.ascii_uppercase:  for j in string.ascii_uppercase:
     for k in string.ascii_uppercase:
         c = 'TASC' + i + 'O3RJMV' + j + 'WDJKX' + k + 'ZM'
         x = md5(c).upper()
         if 'E903' in x and '4DAB' in x and '08' in x and '51' in x and '80' in x and '8A' in x:
             print(c)
             print(x)
             break
          

Finally get the result flag: E9032994DABAC08080091151380478A2

RSA

Understanding RSA-related problem solution reference: BUUCTF RSA (1) Routing ( ) students' blog-CSDN blog_buuctf rsa
certificate public key analysis
principle analysis of RSA public key file decryption ciphertext

First get two files, and analyze the content of the pub.key file with the public key
SSL online tool-online public key analysis-online public key extraction-public key online cracking-SSLeye official website

Get e and n, decompose n to find p, q, use yafu tool or website factordb

code:

import rsa
import gmpy2
c = 1854183526100811878807183372982532818560316522978821358738967769534081571682
p = 285960468890451637935629440372639283459
q = 304008741604601924494328155975272418463
e = 65537
n = 86934482296048119190666062003494800588905656017203025617216654058378322103517
fn = (p-1)*(q-1)

d = int(gmpy2.invert(e,fn))
key = rsa.PrivateKey(n,e,d,q,p)
with open(r'c:\111\flag.enc','rb') as f:    #文件路径
    f = f.read()
    print(rsa.decrypt(f,key))

Get: flag{decrypt_256}

RSAROLL

Understanding RSA-related problem solution reference: BUUCTF RSA (1) Routing ( ) students' blog-CSDN blog_buuctf rsa

mport libnum,gmpy2

e = 19
n = 920139713
p = 18443
q = 49891
d = int(gmpy2.invert(e,(p-1)*(q-1)))

f = open(r'c:\111\data.txt','rb')
next(f)     #跳过文件中的第一行    
next(f)     #跳过文件中的第二行
for i in f: #行读取
    m = pow(int(i),d,n)
    print(libnum.n2s(m).decode(),end = '')   #libnum解出的是bytes类型，转换成字符串类型用.decode('utf-8')