Phrack CTF — RSA大礼包

  • 2016-05-24
  • 6,948
  • 3

0x01 Medium RSA

Solved: 31  (Show Solvers List)
你没看错,这还真是密码学系列了,相信你已经解出前两题了,那么继续看这题吧。
链接:http://pan.baidu.com/s/1o77LozK 密码:1ik4

这个简单,openssl分解出n和e,然后yafu分解n,rsatools生成私钥,然后openssl解密。

0x02 BrokenPic

Solved: 9  (Show Solvers List)
这里有个图片,可是好像打不开?
Hint1: 图片大小是1366*768
链接:http://pan.baidu.com/s/1c1KqUB2 密码:e5lj

看了几个writeup没看懂,一个都没复现成功,还有这个工具(https://doegox.github.io/ElectronicColoringBook/),暂时不会用,全是英语看不懂。
首先打开是16个字节规律变化的,所有考虑到的是AES的ECB加密。
后缀是.bmp,但是没有图片头,大小是1366*768用ps制作一个1366*768的24位图出来,

bmp

给原来的brokenpic.bmp图片加上bmp头,加上之后,打开可以看到一个二维码和一个key

123

加密后的二维码根本看不清楚,但是拿到了AES的秘钥,正好是128位,所以写个脚本解密,
代码:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'ByStudent'
from Crypto.Cipher import AES
BS = AES.block_size
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
key ='PHRACK-BROKENPIC'
cipher = AES.new(key)
f = open('brokenpic.bmp','rb')
data = f.read()
# print data
decrypted = cipher.decrypt(data)
f1 = open('123.bmp','w')
f1.write(decrypted)
f1.close()

导出来加上bmp头,getflag

111
ps:上面的所有图片在win10的图片查看器都是打不开的,换个查看器就好了!

0x03 hard RSA

Solved: 17  (Show Solvers List)
相信你已经做出了medium RSA,这题的pubkey在medium RSA的基础上我做了点手脚,继续挑战吧。
Hint1: 1.不需要爆破。2.用你的数学知识解决此题。3.难道大家都不会开根号吗?
链接:http://pan.baidu.com/s/1kVxYmiV 密码:oix5

这个的公钥跟Medium RSA的N是一样的,但是e=2,提示用数学知识来解,所以应该是Rabin密码。
加密:
解密:
n的值为公钥,p和q为私钥
n是可以分解的,分解后可以得到p,q,
由Euler准则:
已知y,则
用中国剩余定理解x。共有四个结果:
1、

2、

3、

4、

代码:flag:PCTF{sp3ci4l_rsa}:

#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'ByStudent'
import libnum
import gmpy2
f = open('flag.enc','r')
c = f.read()
c = libnum.s2n(c)
p = 275127860351348928173285174381581152299
q = 319576316814478949870590164193048041239
n = p*q
r = pow(c,(p+1)/4,p)
s = pow(c,(q+1)/4,q)
a = gmpy2.invert(p,q)
b = gmpy2.invert(q,p)
x =(a*p*s+b*q*r)%n
y =(a*p*s-b*q*r)%n
print libnum.n2s(x%n)
print libnum.n2s((-x)%n)
print libnum.n2s(y%n)
print libnum.n2s((-y)%n)

0x04 very hard RSA

Solved: 14  (Show Solvers List)
前几题因为N太小,都被你攻破了,出题人这次来了个RSA4096,是否接受挑战就看你了。
链接:http://pan.baidu.com/s/1jIq8IKA 密码:k43g

首先分析加密脚本,先判断下是否够512-11位,不够的随机补全。
然后就是使用相同的N,不同的e,加密相同的数据。所以想到了共模攻击
代码:flag:̐pCTF{M4st3r_oF_Number_Th3ory}

#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'ByStudent'
from libnum import n2s,s2n
from gmpy2 import invert
n = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c478bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74ba8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e611c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739ce00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb2222a965cc30b3929L
def egcd(a, b):
  if a == 0:
    return (b, 0, 1)
  else:
    g, y, x = egcd(b % a, a)
    return (g, x - (b // a) * y, y)
fo1 = open('flag.enc1', 'rb')
fo2 = open('flag.enc2', 'rb')
datafo1 = fo1.read()
c1 = s2n(datafo1)
fo1.close()
datafo2 = fo2.read()
c2 = s2n(datafo2)
fo2.close()
c2 = invert(c2,n)
e1 = 17
e2 = 65537
s = egcd(e1,e2)
s1 = s[1]
s2 = s[2]
s2 = - s2
m = pow(c1, s1, n) * pow(c2, s2, n) % n
print n2s(m)

0x05 Extremely hard RSA

Solved: 9  (Show Solvers List)
没想到RSA4096都被你给破了,一定是我的问题,给了你太多信息,这次我只给你一个flag的加密值和公钥,仍然是RSA4096,我就不信你还能解出来。
链接:http://pan.baidu.com/s/1skBIUuD 密码:xvfr

公钥中,e=3,N非常大。所以可以不断地c+N然后开三次方,直接写代码爆破,,,不过python单线程有点长,跑了将近30分钟,可以改个多线程……Orz
代码:flag:PCTF{Sm4ll_3xpon3nt_i5_W3ak}

QQ图片20160523202550

#!/usr/bin/env python
# -*- coding: utf-8 -*-
__author__ = 'ByStudent'
from libnum import s2n,n2s
from gmpy2 import iroot
n = 0xB0BEE5E3E9E5A7E8D00B493355C618FC8C7D7D03B82E409951C182F398DEE3104580E7BA70D383AE5311475656E8A964D380CB157F48C951ADFA65DB0B122CA40E42FA709189B719A4F0D746E2F6069BAF11CEBD650F14B93C977352FD13B1EEA6D6E1DA775502ABFF89D3A8B3615FD0DB49B88A976BC20568489284E181F6F11E270891C8EF80017BAD238E363039A458470F1749101BC29949D3A4F4038D463938851579C7525A69984F15B5667F34209B70EB261136947FA123E549DFFF00601883AFD936FE411E006E4E93D1A00B0FEA541BBFC8C5186CB6220503A94B2413110D640C77EA54BA3220FC8F4CC6CE77151E29B3E06578C478BD1BEBE04589EF9A197F6F806DB8B3ECD826CAD24F5324CCDEC6E8FEAD2C2150068602C8DCDC59402CCAC9424B790048CCDD9327068095EFA010B7F196C74BA8C37B128F9E1411751633F78B7B9E56F71F77A1B4DAAD3FC54B5E7EF935D9A72FB176759765522B4BBC02E314D5C06B64D5054B7B096C601236E6CCF45B5E611C805D335DBAB0C35D226CC208D8CE4736BA39A0354426FAE006C7FE52D5267DCFB9C3884F51FDDFDF4A9794BCFE0E1557113749E6C8EF421DBA263AFF68739CE00ED80FD0022EF92D3488F76DEB62BDEF7BEA6026F22A1D25AA2A92D124414A8021FE0C174B9803E6BB5FAD75E186A946A17280770F1243F4387446CCCEB2222A965CC30B3929
e = 3
f = open('flag.enc','rb')
c= f.read()
c = s2n(c)
f.close()
i = 0
while 1:
    res = iroot(c+i*n,3)
    if(res[1] == True):
        print res
        break
    print "i="+str(i)
    i = i+1
#i=118719487
m = 440721643740967258786371951429849843897639673893942371730874939742481383302887786063966117819631425015196093856646526738786745933078032806737504580146717737115929461581126895844008044713461807791172016433647699394456368658396746134702627548155069403689581548233891848149612485605022294307233116137509171389596747894529765156771462793389236431942344003532140158865426896855377113878133478689191912682550117563858186
print n2s(m)
# 结果
# Didn't you know RSA padding is really important? Now you see a non-padding message is so dangerous. And you should notice this in future.Fl4g: PCTF{Sm4ll_3xpon3nt_i5_W3ak}

0x06 God Like RSA

Solved: 6  (Show Solvers List)
既然你逼我到绝境,那就休怪我不客气了,代表上帝挑战你~
链接:http://pan.baidu.com/s/1qX7HmyS 密码:4vjz

 

评论

  • 大表姐到此一游

    围观智障,有本事你打我啊

  • dlamyh

    你好,看了大神的博客受益良多,感谢分享,就是想问一下,在0*05问题的代码中if(res[1] == True)这一步怎么理解?没太看明白 谢谢!

你必须 登录 才能发表评论.