Crypto
Base?
逆表
春风得意马蹄疾
社会主义核心价值观编码套娃
list_const = [‘富强’, ‘民主’, ‘文明’, ‘和谐’, ‘自由’, ‘平等’, ‘公正’, ‘法治’,
‘爱国’, ‘敬业’, ‘诚信’, ‘友善’]
with open(‘1.txt’, ‘r’, encoding=’utf-8′) as f:
str1 = f.read().strip()
while True:
# 解析为索引值
list1 = [list_const.index(str1[i << 1] + str1[i << 1 | 1]) for i in range(len(str1) // 2)]
# 解码过程
a = 0
list2 = []
while a < len(list1):
if list1[a] < 10:
list2.append(str(list1[a]))
elif list1[a] == 10:
a += 1
list2.append(hex(list1[a] + 10)[2:])
else:
a += 1
list2.append(hex(list1[a] + 6)[2:])
a += 1
str1 = bytes.fromhex(”.join(list2)).decode(‘utf-8’)
print(‘解码结果:’, str1, ‘\n’)
if ‘SQCTF’ in str1:
print(‘已找到目标内容:’, str1)
break
别阴阳我了行吗
把中文!改成英文!
失落矿洞中的密码
暴力求解 secretKey
# 椭圆曲线参数
p = 7654319
a = 1234577
b = 3213242
G = (5234568, 2287747)
P_pub = (2366653, 1424308)
crypted_data = [(5081741, 6744615), (610619, 6218)]
# 模逆函数
def inverse_mod(k, p):
return pow(k, -1, p)
# 椭圆曲线上的点加法
def point_add(P, Q):
if P is None: return Q
if Q is None: return P
x1, y1 = P
x2, y2 = Q
if P == Q:
m = (3 * x1 * x1 + a) * inverse_mod(2 * y1, p) % p
elif x1 == x2 and (y1 + y2) % p == 0:
return None
else:
m = (y2 - y1) * inverse_mod(x2 - x1, p) % p
x3 = (m * m - x1 - x2) % p
y3 = (m * (x1 - x3) - y1) % p
return (x3, y3)
# 倍点函数
def scalar_mult(k, P):
R = None
while k:
if k & 1:
R = point_add(R, P)
P = point_add(P, P)
k >>= 1
return R
# 找 secretKey
def find_secret_key():
for d in range(1, 9000000):
if d % 10000 == 0:
print(f"[*] Trying d = {d}")
if scalar_mult(d, G) == P_pub:
return d
return None
# 解密流程
def decrypt(secret_key, crypted_data):
c1, c2 = crypted_data
S = scalar_mult(secret_key, c1)
S_inv = (S[0], (-S[1]) % p)
M = point_add(c2, S_inv)
return M
if __name__ == "__main__":
print("[*] Looking for secretKey ...")
secret_key = find_secret_key()
if secret_key is None:
print("❌ Secret key not found in range.")
exit(1)
print(f"[+] Found secretKey = {secret_key}")
M = decrypt(secret_key, crypted_data)
print(f"[+] Decrypted point M = {M}")
print(f"[+] x + y = {(M[0] + M[1]) % p}")
Ezrsa
费马分解
Rsa一把梭
EZCRT
中国剩余定理
from gmpy2 import *
from Crypto.Util.number import *
from functools import reduce
# 将5进制数转换为10进制数 int('',5)
N1 = 64461804435635694137780580883118542458520881333933248063286193178334411181758377012632600557019239684067421606269023383862049857550780830156513420820443580638506617741673175086647389161551833417527588094693084581758440289107240400738205844622196685129086909714662542181360063597475940496590936680150076590681
N2 = 82768789263909988537493084725526319850211158112420157512492827240222158241002610490646583583091495111448413291338835784006756008201212610248425150436824240621547620572212344588627328430747049461146136035734611452915034170904765831638240799554640849909134152967494793539689224548564534973311777387005920878063
N3 = 62107516550209183407698382807475681623862830395922060833332922340752315402552281961072427749999457737344017533524380473311833617485959469046445929625955655230750858204360677947120339189429659414555499604814322940573452873813507553588603977672509236539848025701635308206374413195614345288662257135378383463093
c1 = 36267594227441244281312954686325715871875404435399039074741857061024358177876627893305437762333495044347666207430322392503053852558456027453124214782206724238951893678824112331246153437506819845173663625582632466682383580089960799423682343826068770924526488621412822617259665379521455218674231901913722061165
c2 = 58105410211168858609707092876511568173640581816063761351545759586783802705542032125833354590550711377984529089994947048147499585647292048511175211483648376727998630887222885452118374649632155848228993361372903492029928954631998537219237912475667973649377775950834299314740179575844464625807524391212456813023
c3 = 23948847023225161143620077929515892579240630411168735502944208192562325057681298085309091829312434095887230099608144726600918783450914411367305316475869605715020490101138282409809732960150785462082666279677485259918003470544763830384394786746843510460147027017747048708688901880287245378978587825576371865614
N = [N1,N2,N3]
c = [c1,c2,c3]
# 中国剩余定理算法
def chinese_remainder(modulus, remainders):
Sum = 0
prod = reduce(lambda a, b: a*b, modulus)
for m_i, r_i in zip(modulus, remainders):
p = prod // m_i
Sum += r_i * (inverse(p,m_i)*p)
return Sum % prod
e = 3
# print(chinese_remainder(N,c))
pow_m_e = chinese_remainder(N,c)
# pow_m_e = 17446992834638639179129969961058029457462398677361658450137832328330435503838651797276948890990069700515669656391607670623897280684064423087023742140145529356863469816868212911716782075239982647322703714504545802436551322108638975695013439206776300941300053940942685511792851350404139366581130688518772175108412341696958930756520037
m = iroot(pow_m_e,e)[0]
print(long_to_bytes(m))
小白兔白又白
题目提示base,尝试base家族
第一层只有base91有可读数据
第二层base64
以此类推,一个个尝试依次为base91-base64-base62解码成ascii-base16
得到一个U2FsdGVkX1+cEAtCb8l5oIiX+J9CwG3SpvdB38nPFkjnJ1HmRvbYQubVZDL3
百度查询得到Rabbit加密
根据提示题目小白兔喜欢刷哔哩哔哩,大家发弹幕的哈哈大笑,怎么和我发不一样呢,猜测可能是2333,但是不对,减少一位233正确
密室逃脱的终极挑战
Exe文件,用ida打开就是flag
玩的挺变态啊清茶哥
随波逐流有224码图一个个对
手抄SQCTF{jijibaotonghualizuoyingxiong}
(能不能别往crypto放misc了)
丢三落四的小I
已知dp e c n
板子题
import libnum
import gmpy2
n= 15124759435262214519214613181859115868729356369274819299240157375966724674496904855757710168853212365134058977781083245051947523020090726851248565503324715984500225724227315777864292625995636236219359256979887906731659848125792269869019299002807101443623257106289957747665586226912446158316961637444556237354422346621287535139897525295200592525427472329815100310702255593134984040293233780616515067333512830391860868933632383433431739823740865023004008736555299772442805617275890761325372253913686933294732259451820332316315205537055439515569011020072762809613676347686279082728000419370190242778504490370698336750029
e= 65537
dp= 1489209342944820124277807386023133257342259912189247976569642906341314682381245025918040456151960704964362424182449567071683886673550031774367531511627163525245627333820636131483140111126703748875380337657189727259902108519674360217456431712478937900720899137512461928967490562092139439552174099755422092113
c= 4689152436960029165116898717604398652474344043493441445967744982389466335259787751381227392896954851765729985316050465252764336561481633355946302884245320441956409091576747510870991924820104833541438795794034004988760446988557417649875106251230110075290880741654335743932601800868983384563972124570013568709773861592975182534005364811768321753047156781579887144279837859232399305581891089040687565462656879173423137388006332763262703723086583056877677285692440970845974310740659178040501642559021104100335838038633269766591727907750043159766170187942739834524072423767132738563238283795671395912593557918090529376173
for i in range(1,65535):
p=(dp*e-1)//i+1
if n%p==0:
q=n//p
break
phi_n= (p-1)*(q-1)
d=gmpy2.invert(e,phi_n)
m=pow(c,d,n)
flag=libnum.n2s(int(m)).decode()
print(flag)
EzSCA
Ai一把梭
- 理解文件作用:
template_trace_0.npy和template_trace_1.npy:分别代表处理比特0和比特1时的标准能量消耗模板
energy_traces_with_flag.npy:实际加密flag时的能量消耗轨迹
- PNG文件是轨迹的可视化,可以帮助理解数据
- 核心方法:
- 将能量轨迹与两个模板进行相似度比较
- 判断每个时间点的能量消耗更接近0模板还是1模板
- 将结果转换为比特流,再转为ASCII字符
import numpy as np
import matplotlib.pyplot as plt
def bits_to_text(bits):
chars = [bits[i:i+8] for i in range(0, len(bits), 8)]
text = ''.join([chr(int(char, 2)) for char in chars])
return text
# 加载数据
template_0 = np.load('template_trace_0.npy')
template_1 = np.load('template_trace_1.npy')
traces = np.load('energy_traces_with_flag.npy')
# 可视化检查
plt.figure(figsize=(12,6))
plt.plot(template_0, label='Template 0')
plt.plot(template_1, label='Template 1')
plt.legend()
plt.show()
# 找出两个模板差异最大的区域
diff = np.abs(template_0 - template_1)
critical_point = np.argmax(diff)
# 提取关键点的值进行比较
bits = []
for trace in traces:
val = trace[critical_point]
threshold = (template_0[critical_point] + template_1[critical_point])/2
bits.append('0' if val < threshold else '1')
bit_string = ''.join(bits)
flag = bits_to_text(bit_string)
print("Flag:", flag)
你的天赋是什么
随波逐流
Common Modulus
共模攻击
import gmpy2
import libnum
n1= 13650503560233612352420237787159267432351878281073422449253560365809461612884248041710373755322100953953257608601227381211434513766352420535096028618735289379355710140356003114010103377509526452574385251495847301426845768427018504464757671958803807138699056193259160806476941875860254288376872925837127208612702688503022494109785623082365323949385021488106289708499091818714253710552213982060745736652306892896670424179736886691685639988637188591805479432332714690818805432648223229601082431517091667297328748597580733946557364100555781113940729296951594110258088501146224322799560159763097710814171619948719257894889
e1= 4217054819
c1= 3366500968116867439746769272799247895217647639427183907930755074259056811685671593722389247697636905214269760325119955242254171223875159785479900114989812511815466122321484289407596620307636198001794029251197349257235827433633936216505458557830334779187112907940003978773672225479445837897135907447625387990203145231671233038707457396631770623123809080945314083730185110252441203674945146889165953135351824739866177205127986576305492490242804571570833778440870959816207461376598067538653432472043116027057204385251674574207749241503571444801505084599753550983430739025050926400228758055440679102902069032768081393253
n2= 13650503560233612352420237787159267432351878281073422449253560365809461612884248041710373755322100953953257608601227381211434513766352420535096028618735289379355710140356003114010103377509526452574385251495847301426845768427018504464757671958803807138699056193259160806476941875860254288376872925837127208612702688503022494109785623082365323949385021488106289708499091818714253710552213982060745736652306892896670424179736886691685639988637188591805479432332714690818805432648223229601082431517091667297328748597580733946557364100555781113940729296951594110258088501146224322799560159763097710814171619948719257894889
e2= 2800068527
c2= 7412517103990148893766077090616798338451607394614015195336719617426935439456886251056015216979658274633552687461145491779122378237012106236527924733047395907133190110919550491029113699835260675922948775568027483123730185809123757000207476650934095553899548181163223066438602627597179560789761507989925938512977319770704123979102211869834390476278761480516444396187746843654541476645830961891622999425268855097938496239480682176640906218645450399785130931214581370821403077312842724336393674718200919934701268397883415347122906912693921254353511118129903752832950063164459159991128903683711317348665571285175839274346
#共模攻击
#共模攻击函数
s, s1, s2 = gmpy2.gcdext(e1, e2)
print(s,s1,s2)
m = (pow(c1, s1, n1) * pow(c2, s2, n1)) % n1
print(libnum.n2s(int(m)))
《1789年的密文》
Ai分析是什么托马斯密码
网上找了个脚本
import re
text = ""
code = [ # 密码本
"QWXZRJYVKSLPDTMACFNOGIEBHU",
"BXZPMTQOIRVHKLSAFUDGJYCEWN",
"LKJHGFDSAQZWXECRVBYTNUIMOP",
"POIUYTREWQASDFGHJKLMNBVCXZ",
"ZXCVBNMASDFGHJKLPOIUYTREWQ",
"MNHBGVCFXDRZESWAQPLOKMIJUY",
"YUJIKMOLPQAWSZEXRDCFVGBHNM",
"EDCRFVTGBYHNUJMIKOLPQAZWSX",
"RFVGYBHNUJMIKOLPQAZWSXEDCT",
"TGBYHNUJMIKOLPQAZWSXEDCRFV",
"WSXEDCRFVTGBYHNUJMIKOLPQAZ",
"AZQWSXEDCRFVTGBYHNUJMIKOLP",
"VFRCDXESZWAQPLOKMIJNUHGBTG",
"IKOLPQAZWSXEDCRFVTGBYHNUJM",
]
print(code)
codetext = "UNEHJPBIUOMAVZ" # 密文
codenum = "4, 2 ,11, 8, 9, 12, 3, 6, 10, 14, 1, 5, 7, 13" # 密钥
codenum = codenum.split(",") # 把这些数字都放到一个列表里面去,以逗号隔开
# print(codenum)
a = 0
print("最终解码本:")
for i in codenum:
index = code[int(i) - 1].index(codetext[a])
# code[int(i)-1]代表取出密钥对应的密码表中的字符串(对应重新排列),以解码本第一行为例,即取出密码本中的第12行字符串BRUHGUFGTJNUBAFDEGTEF
# index(codetext[a])取出当前对应密文在取出的字符串中的下标(即先找到循环的下标),以解码本第一行为例,即密文中第一个字符A在上面一行取出的字符串中的下标,即13,从0开始
a = a + 1 # 密文下标加一
code[int(i) - 1] = code[int(i) - 1][index:] + code[int(i) - 1][:index] # 拼接得到最终的一行解码
# code[int(i)-1][index:]是取出从密文对应的字符开始到最后的字符串,以解码本第一行为例,即取出AFDEGTEF
# code[int(i)-1][:index]是取出从头到密文对应的字符的字符串,不包括密文对应的字符,以解码本第一行为例,即取出BRUHGUFGTJNUB
print(code[int(i) - 1]) # 此时输出的字符串是按解码本的顺序从第一行开始,但在code中存储的顺序是对应密钥内容的顺序
# 完成了变形了
print("输出解码本每一列")
for i in range(len(code[0])): # len(code[0])即一行的长度
str = ""
print("第{}列的是:".format(i), end="")
for j in codenum:
str += code[int(j) - 1][i] # 因为变形后的解码本中的字符串是存储在密码本中,因此要按照密钥内容的顺序进行取出
print(str.lower())
解出来很多值
一个个交flag试最后是SQCTF{maketysecgreat}
评论(0)
暂无评论