BUUCTF few crypto WP
[AFCTF2018]Morse
- Simple Morse code, Morse code is the most intuitive direct use of space-separated points and marking, this question around a little bit using a slash to divide
it first slash replace all spaces, then online decryption Morse code, get a bunch of hex finally hexadecimal string to turn
[GUET-CTF2019] BabyRSA
- Gives the following conditions
- Here given directly the Euler function, and p + q results, we know that in order to solve m = pow (c, d, n), where d is the problem has been given directly,
so that the rest of solving n , n here as long as the Euler function and p + q deployed calculates to obtain
- (p+1)(q+1)=pq+(p+q)+1 => n=pq=(p-1)(q-1)-(p+q)-1
- So in the end exp as follows:
# -*- coding:utf-8 -*-
# Author : Konmu
# k=p+q
# phi=(p+1)(q+1)
from Crypto.Util.number import long_to_bytes
k=int('0x1232fecb92adead91613e7d9ae5e36fe6bb765317d6ed38ad890b4073539a6231a6620584cea5730b5af83a3e80cf30141282c97be4400e33307573af6b25e2ea',16)
phi=int('0x5248becef1d925d45705a7302700d6a0ffe5877fddf9451a9c1181c4d82365806085fd86fbaab08b6fc66a967b2566d743c626547203b34ea3fdb1bc06dd3bb765fd8b919e3bd2cb15bc175c9498f9d9a0e216c2dde64d81255fa4c05a1ee619fc1fc505285a239e7bc655ec6605d9693078b800ee80931a7a0c84f33c851740',16)
e=int('0xe6b1bee47bd63f615c7d0a43c529d219',16)
d=int('0x2dde7fbaed477f6d62838d55b0d0964868cf6efb2c282a5f13e6008ce7317a24cb57aec49ef0d738919f47cdcd9677cd52ac2293ec5938aa198f962678b5cd0da344453f521a69b2ac03647cdd8339f4e38cec452d54e60698833d67f9315c02ddaa4c79ebaa902c605d7bda32ce970541b2d9a17d62b52df813b2fb0c5ab1a5',16)
c=int('0x50ae00623211ba6089ddfae21e204ab616f6c9d294e913550af3d66e85d0c0693ed53ed55c46d8cca1d7c2ad44839030df26b70f22a8567171a759b76fe5f07b3c5a6ec89117ed0a36c0950956b9cde880c575737f779143f921d745ac3bb0e379c05d9a3cc6bf0bea8aa91e4d5e752c7eb46b2e023edbc07d24a7c460a34a9a',16)
n=phi-k-1
m=pow(c,d,n)
print(long_to_bytes(m))
[NCTF2019]Keyboard
- This problem honest, counted as a bit far-fetched topic password feeling more than a little hole in the brain, tend to feel more types of misc
- First ciphertext alphabet given observation found after all the alphabet keys of the first row (viewed from above), and each one corresponding to a sequential number key
q-> 1, w-> 2, e-> 3, r-> 4 ...
- Second, find ciphertext letter is full of repetitions in 1-4 times, and therefore guess is squared phone password
- The next two solutions, one is hand written, one is scripted
- I wrote exp as follows:
# -*- coding:utf-8 -*-
# Author : Konmu
# [NCTF2019]Keyboard
chiper='ooo yyy ii w uuu ee uuuu yyy uuuu y w uuu i i rr w i i rr rrr uuuu rrr uuuu t ii uuuu i w u rrr ee www ee yyy eee www w tt ee'
chiper=chiper.split(' ')
keys=['q','w','e','r','t','y','u','i','o']
values=[1,2,3,4,5,6,7,8,9]
dicts=dict(zip(keys,values))
jiugongge=[' ','abc','def','ghi','jkl','mno','pqrs','tuv','wxyz']
new_dicts=dict(zip(values,jiugongge))
for i in range(len(chiper)):
temp=dicts.get(chiper[i][0])
print(''.join(new_dicts[temp][len(chiper[i])-1]),end='')
[HDCTF2019]bbbbbbrsa
- This problem has a place is a pit, at the beginning he did not pay attention to b64encode import library rename became b32encode, issues remaining to be solved is how to solve the e
here this problem is to obtain random between 50000-70000 and phi prime number, the solution is very simple, blasting directly within this range on the line
- The second point is the pit, as do problems when not directly participating, so the flag does not understand the format, one had to try
(where you might want to BUUCTF platform not tell you the format? A: Because a lot of questions of final the answer is changed format, so in the end flag {} is not wrapped, really bad determination இ௰இ)
- exp Example:
# -*- coding:utf-8 -*-
# Author: Konmu
from base64 import b64decode
import gmpy2
from Crypto.Util.number import long_to_bytes
p=177077389675257695042507998165006460849
q=211330365658290458913359957704294614589
n=37421829509887796274897162249367329400988647145613325367337968063341372726061
c='==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM'
c=int(b64decode(c[::-1]))
phi=(p-1)*(q-1)
for e in range(50000,70000):
if(gmpy2.gcd(e,phi)==1):
d=int(gmpy2.invert(e,phi))
m=pow(c,d,n)
if 'flag{' in long_to_bytes(m):
print(long_to_bytes(m))
Salt and pepper chicken lotus flavor
- This prompts the question homophonic parity, but the actual feeling should not parity, precisely should be a Hamming code parity packet
when supervision bits: 0000, receiving party generates the parity bit and received the same parity, otherwise different explanation error, so it becomes a problem to solve the problem of parity error correction Hamming
- Hamming error correction divided into the following steps, first of all according to the formula: \ (2 ^ R & lt \ K + R & lt GEQ. 1 + \) (K represents the number of data bits, r represents parity bits, and if R & lt meets the minimum value of Inequality )
the Hamming code is given a total of twelve 110010100000 described k + r = 12, r is greater than 13 should be a minimum of 4, so the k data bits to 8
- Determining a parity of 4, and the discharge position of the parity bit only (2 ^ n \) \ position, the determination of the Hamming code \ (P_1, P_2, P_4, P_8 \) these positions parity bit is
then released from it after the data is the k (1100 0100)
- Said another problem down the order a bit, indicating that the correct data should be after 000,000,100,011, valid data is then released from 00,100,011
- There, you've got the right data, so the rest is to obtain a parity error noted
NOTE: \ (P_1, P_2, P_4, P_8 \) of the binary data to fill in its first obtain sender check code: 1000
- Calculation \ (P_1, P_2, P_4, P_8 \)
\ (P_4 = D_5 \ bigoplus D_6 \ bigoplus D_7 of \ bigoplus D_8 = 0 \ bigoplus 0 \ bigoplus. 1 \ bigoplus. 1 = 0 \)
\ (P_3 = D_2 \ bigoplus D_3 \ bigoplus D_4 \ bigoplus D_8 = 0 \ bigoplus. 1 \ bigoplus 0 \ bigoplus. 1 = 0 \)
\ (P_2 = D_1 \ bigoplus D_3 \ bigoplus D_4 \ bigoplus \ bigoplus D_7 of = D_6 0 \ bigoplus. 1 \ bigoplus 0 \ bigoplus 0 \ bigoplus . 1 = 0 \)
\ (P_1 = D_1 \ bigoplus D_2 \ bigoplus D_4 \ bigoplus D_5 \ bigoplus D_7 of = 0 \ bigoplus 0 \ bigoplus 0 \ bigoplus 0 \ bigoplus. 1 =. 1 \)
Note: The above calculations show: in \ (P_4 \) , for example, the test site testing of all binary (left to right) the first one is a data, namely \ (D_5, D_6, D_7, D_8 \)
- Can be obtained from the recipient checksum test results: 0001
- Receive and transmit checksum inconsistent, indicates that an error, which is inverted to
the final data is: 110110100000, which was to count python md5
[HDCTF2019]basic rsa
- The most basic RSA
- exp Example:
# -*- coding:utf-8 -*-
# Author: Konmu
# [HDCTF2019]basic rsa
import gmpy2
from Crypto.Util.number import *
p=262248800182277040650192055439906580479
q=262854994239322828547925595487519915551
e=65533
n=p*q
c=27565231154623519221597938803435789010285480123476977081867877272451638645710
phi=(p-1)*(q-1)
d=int(gmpy2.invert(e,phi))
m=pow(c,d,n)
print(long_to_bytes(m))
Waves in the Panning
- Ciphertext see all repeat some of the words, so think of word frequency statistics, first obtain the frequency of each word appears, and then in descending order, and finally came in the word 4,8,11,15,16 spliced to
- exp:
# -*- coding:utf-8 -*-
# Author: Konmu
f=open("C:/Users/xxx/Desktop/浪里淘沙.txt",'r')
data=f.read()
statistics={}
frequency=[]
num=[4,8,11,15,16]
def zipin(lsit):
for i in lsit:
statistics.setdefault(data.count(i),str(i))
frequency.append(data.count(i))
frequency.sort()
for i in num:
print(''.join(statistics.get(frequency[i-1])),end='')
print('\n')
return(statistics)
if __name__ == '__main__':
letters=["tonight","success","notice","example","should","crypto","backspace","learn","found","morning","we","system","sublim","the","user","enter"]
print(zipin(letters))