for i inrange(1,len(table)): r = '' for j inrange(0, len(cipher)): if ( table.find(cipher[j]) == -1 ): r+=cipher[j] continue ch = table[(table.find(cipher[j]) + i ) % len(table)] r += ch print(r)
offset: 19
UNCTF{w0w_Th1s_d1fFerent_c4eSar}
single table
找了半天这种单表密码,最终找到是PlayFair密码,居然没有意识到题目给的key就是提示((( readme中的表是key为“ABCD”时的表,头脑风暴了半天,原来就是把最后的4位改成提供的key PLAY 前面的就是按字母表顺序去掉 P L A Y J
table={} for i inrange(26): table[i]=ascii_uppercase[i:]+ascii_uppercase[:i]
c = "SDCGW{MPN_VHG_AXHU_GERA_SM_EZJNDBWN_UZHETD}" # S in table[key[0]][bt['U']] table[?][9] = S first = "UNCTF" for i inrange(5): ch = c[i] for search inrange(26): if table[search][base_table.index(first[i])] == c[i]: print(search) # key : 9 15 23 16
key = [9,15,23,16] acc = 0 for i inrange(len(c)): if c[i] in ascii_uppercase: index = table[key[acc%4]].find(c[i]) acc+=1 print(base_table[index], end='')
strs = strs.splitlines() knowntext = "UNCTF{" for t inrange(14, len(strs[0])+1, 2): for d inrange(len(strs)): enc_unctf = binascii.unhexlify(strs[d][:t]) for test in table: testtext = knowntext + test print(testtext + ":" , end='') for i inrange(len(testtext)): print(chr(enc_unctf[i] ^ testtext.encode()[i]), end="" ) print("$") potential = input("Enter potential character: ") knowntext += potential print(knowntext)
import random import itertools from Crypto.Util.number import * from Crypto.Util.strxor import strxor
name = "unctf" key1 = "Today_is_Thursday_V_me_50".encode() key1_num = bytes_to_long(key1)
defencrypt_2(message,num): random.seed(num) res_2 = b'' for i in message: temp_num = random.randint(1,128) res_2 += long_to_bytes(temp_num ^ i) return res_2
defdecrypt_1(cipher,name): guess=[i for i in itertools.permutations(name, 5)] what = guess[53] name = ''.join(j for j in what) mask = strxor(5*name.encode(),key1) message = strxor(mask,cipher) return message
from Crypto.Util.number import * from gmpy2 import iroot
n = 25300208242652033869357280793502260197802939233346996226883788604545558438230715925485481688339916461848731740856670110424196191302689278983802917678262166845981990182434653654812540700781253868833088711482330886156960638711299829638134615325986782943291329606045839979194068955235982564452293191151071585886524229637518411736363501546694935414687215258794960353854781449161486836502248831218800242916663993123670693362478526606712579426928338181399677807135748947635964798646637084128123883297026488246883131504115767135194084734055003319452874635426942328780711915045004051281014237034453559205703278666394594859431 c = 15389131311613415508844800295995106612022857692638905315980807050073537858857382728502142593301948048526944852089897832340601736781274204934578234672687680891154129252310634024554953799372265540740024915758647812906647109145094613323994058214703558717685930611371268247121960817195616837374076510986260112469914106674815925870074479182677673812235207989739299394932338770220225876070379594440075936962171457771508488819923640530653348409795232033076502186643651814610524674332768511598378284643889355772457510928898105838034556943949348749710675195450422905795881113409243269822988828033666560697512875266617885514107 e = 6
for i inrange(5000): # iroot(x,n) returns a 2-element tuple (y, b) such that y is the integer n-th root of x and b is True if the root is exact. m, true_root = iroot(i*n+c, e) if true_root: print(bytes.fromhex(format(m, 'x')).decode()) break
甚至用不到给出的部分M~
UNCTF{27a0aac7-76cb-427d-9129-1476360d5d1b}
ezRSA
题目给出了N = p ** 4 那么直接对N开四次方取整数就行了,使用gmpy2的iroot函数即可, 已知 e、n、c、p、phi(n) 很容易求出 d、m
1 2 3 4 5 6 7 8 9 10 11
from Crypto.Util.number import * from gmpy2 import iroot
e = 65537 n = 62927872600012424750752897921698090776534304875632744929068546073325488283530025400224435562694273281157865037525456502678901681910303434689364320018805568710613581859910858077737519009451023667409223317546843268613019139524821964086036781112269486089069810631981766346242114671167202613483097500263981460561 p, true_root = iroot(n, 4) phi_n = p**4-p**3 d = inverse(e, phi_n) c = 56959646997081238078544634686875547709710666590620774134883288258992627876759606112717080946141796037573409168410595417635905762691247827322319628226051756406843950023290877673732151483843276348210800329658896558968868729658727981445607937645264850938932045242425625625685274204668013600475330284378427177504 m = pow(c, d, n) print(long_to_bytes(m))
c = 388040015421654529602726530745444492795380886347450760542380535829893454552342509717706633524047462519852647123869277281803838546899812555054346458364202308821287717358321436303133564356740604738982100359999571338136343563820284214462840345638397346674622692956703291932399421179143390021606803873010804742453728454041597734468711112843307879361621434484986414368504648335684946420377995426633388307499467425060702337163601268480035415645840678848175121483351171989659915143104037610965403453400778398233728478485618134227607237718738847749796204570919757202087150892548180370435537346442018275672130416574430694059 n = 19793392713544070457027688479915778034777978273001720422783377164900114996244094242708846944654400975309197274029725271852278868848866055341793968628630614866044892220651519906766987523723167772766264471738575578352385622923984300236873960423976260016266837752686791744352546924090533029391012155478169775768669029210298020072732213084681874537570149819864200486326715202569620771301183541168920293383480995205295027880564610382830236168192045808503329671954996275913950214212865497595508488636836591923116671959919150665452149128370999053882832187730559499602328396445739728918488554797208524455601679374538090229259 gift = 28493930909416220193248976348190268445371212704486248387964331415565449421099615661533797087163499951763570988748101165456730856835623237735728305577465527656655424601018192421625513978923509191087994899267887557104946667250073139087563975700714392158474439232535598303396614625803120915200062198119177012906806978497977522010955029535460948754300579519507100555238234886672451138350711195210839503633694262246536916073018376588368865238702811391960064511721322374269804663854748971378143510485102611920761475212154163275729116496865922237474172415758170527875090555223562882324599031402831107977696519982548567367160 p = gmpy2.gcd(gmpy2.powmod(2, gift, n)-1, n) q = n // p e = 65537 d = gmpy2.invert(e, (p-1)*(q-1)) m = gmpy2.powmod(c, d, n)
from Crypto.Util.number import * c = bytes.fromhex('0323222F3688FD4321E85B65311E3BA64BB8DC888019846F97722126AD64EEBB88044D062F26E56B814BF573')
delta = 0x66403319 ^ 0x12345678# TlsCallback Trick delta_arr = long_to_bytes(delta)[::-1] p = [] for i in delta_arr: if i & 0x80 != 0: p.append(i+0xffffff) else: p.append(i) delta_arr = p print(','.join([hex(i) for i in delta_arr]))
table = [delta*(i+1) & 0xfffffffffor i inrange(10)] print(",".join([hex(i) for i in table]))
# 网上抄的xxtea解密代码 defdecrypt(c): flag = [bytes_to_long(c[i: i+4][::-1]) for i inrange(0, len(c), 4)] for i inrange(9, -1, -1): v10 = tab[i] v7 = (v10 >> 2) & 3 for j inrange(10, -1, -1): i_big = (j+1) % 11 i_small = (j-1) % 11 v11 = flag[i_small] v12 = flag[i_big] v3 = ((v11 ^ del_arr[v7 ^ j & 3])+(v12 ^ v10)) ^ ( (((v11 << 4) & 0xffffffff) ^ (v12 >> 3))+(((v12 << 2) & 0xffffffff) ^ (v11 >> 6))) flag[j] = (flag[j] - v3) & 0xffffffff print(",".join([hex(i)[2:] for i in flag])) m = b'' for i in flag: m += long_to_bytes(i)[::-1] return m
# for i in range(0, len(fakerand)): # if fakerand[i] == "0": # print("2", end="") # elif fakerand[i] == "1": # print("0", end="") # elif fakerand[i] == "2": # print("1", end="")
result = "0011211011112210201220000100022120122021010120002212101022110010111102121220111220202212022100002001"
p = remote("node.yuzhian.com.cn", 38544) # p = process("./pwn") p.recvuntil("(y/n)") p.sendline("y") p.recvuntil("round[1]") p.sendline(result[0]) for i inrange(1, len(result)): p.recvuntil("round[{}]".format(i+1)) p.sendline(result[i]) p.interactive()
> git clone https://github.com/FrancoisCapon/Base64SteganographyTools.git > cd Base64SteganographyTools/tools > ./b64stegano_detect.sh flag # 发现确实存在base64隐写 > ./b64stegano_retrieve.sh > stegdata # 获取隐写的Hex数据
脚本输出的是十六进制数据,用Python转换成二进制文件先:
1 2 3 4 5
import binascii f1 = open("stegdata", "r") byte = binascii.unhexlify(f1.read()) f = open("file", "wb") f.write(byte)
得到的二进制文件用 file 命令没有结果,用010Editor打开发现存在英文 $ E N D 和 Filename:Macro.mrd ,可以很确定这是个宏文件,但是是什么软件的宏就不得而知了,这里又卡了很久,直到我以 macro mr 关键字搜索才发现一个软件 Macro Recorder 录制出来的宏文件的后缀名是.mrf 只能说这个mrd真的很有误导性,下载这个软件后随便录制了一下,010editor打开宏文件,很好出现了一模一样的 $ E N D 。