Cryptography
|
404
|
CTF

219 字
|
7 分钟
本文最后更新于 471 天前,其中的信息可能已经有所发展或是发生改变。

序列密码

LFSR

https://www.anquanke.com/post/id/181811
https://blog.csdn.net/qq_43531895/article/details/108599913

流密码介绍

https://zhuanlan.zhihu.com/p/33920501

分组密码

AES

公钥密码

RSA

https://www.tr0y.wang/2017/11/06/CTFRSA/index.html
https://blog.csdn.net/vhkjhwbs/article/details/101160822

openssl

https://www.cnblogs.com/wyzhou/p/9738964.html

提取RSA公钥

openssl rsa -pubin -text -modulus -in warmup -in public.key

使用rsatool.py生成私钥文件

python  rsatool.py -f PEM -o key.pem -n ××× -d ×××

使用私钥解密

from Crypto.PublicKey import RSA 
from Crypto.Cipher import PKCS1_OAEP 
from base64 import b64decode 


def decrypt_RSA(privkey, message):
    key = open(privkey, "r").read() 
    rsakey = RSA.importKey(key) 
    rsakey = PKCS1_OAEP.new(rsakey) 
    decrypted = rsakey.decrypt(b64decode(message))
    return decrypted

flag = "GVd1d3viIXFfcHapEYuo5fAvIiUS83adrtMW/MgPwxVBSl46joFCQ1plcnlDGfL19K/3PvChV6n5QGohzfVyz2Z5GdTlaknxvHDUGf5HCukokyPwK/1EYU7NzrhGE7J5jPdi0Aj7xi/Odxy0hGMgpaBLd/nL3N8O6i9pc4Gg3O8soOlciBG/6/xdfN3SzSStMYIN8nfZZMSq3xDDvz4YB7TcTBh4ik4wYhuC77gmT+HWOv5gLTNQ3EkZs5N3EAopy11zHNYU80yv1jtFGcluNPyXYttU5qU33jcp0Wuznac+t+AZHeSQy5vk8DyWorSGMiS+J4KNqSVlDs12EqXEqqJ0uA=="
print decrypt_RSA('private.pem', flag)

RSA基本解加密

#coding: UTF-8
import gmpy2
import libnum
#import Arithmetic
from random import choice
from Crypto.PublicKey import RSA
from Crypto.Util.number import *


p = 304008741604601924494328155975272418463
q = 285960468890451637935629440372639283459
e = 65537
raw_c = 22548193633302019074702029785118337127200266333481718370730388304251065215795
raw_m = 'flag{RSA_IS_GOOD}'
n = p * q
phin = (p - 1) * (q - 1)

c=pow(bytes_to_long(raw_m),e,n)#加密->c = m^e mod n
print 'C:'
print c

d = gmpy2.invert(e, phin)#模反求d

m=pow(raw_c,d,n)#解密->m = c^d mod n
print 'M:'
print libnum.n2s(m)
long_to_bytes(m)#整型转字节码

已知ed分解N

https://www.jianshu.com/p/883653c0842c
https://aidaip.github.io/crypto/2019/08/21/RSA-%E5%B7%B2%E7%9F%A5ed%E5%88%86%E8%A7%A3n.html

已知dp dq

https://blog.csdn.net/qq_32350719/article/details/102719279

Payload

import libnum
def egcd(a, b):
    if (b == 0):
        return 1, 0, a
    else:
        x, y, q = egcd(b, a % b)  # q = GCD(a, b) = GCD(b, a%b)
        x, y = y, (x - (a // b) * y)
        return x, y, q


def mod_inv(a, b):
    return egcd(a, b)[0] % b  # 求a模b得逆

p = 8637633767257008567099653486541091171320491509433615447539162437911244175885667806398411790524083553445158113502227745206205327690939504032994699902053229
q = 12640674973996472769176047937170883420927050821480010581593137135372473880595613737337630629752577346147039284030082593490776630572584959954205336880228469
dp = 6500795702216834621109042351193261530650043841056252930930949663358625016881832840728066026150264693076109354874099841380454881716097778307268116910582929
dq = 783472263673553449019532580386470672380574033551303889137911760438881683674556098098256795673512201963002175438762767516968043599582527539160811120550041
c = 24722305403887382073567316467649080662631552905960229399079107995602154418176056335800638887527614164073530437657085079676157350205351945222989351316076486573599576041978339872265925062764318536089007310270278526159678937431903862892400747915525118983959970607934142974736675784325993445942031372107342103852

invq=mod_inv(p,q)
mp=pow(c,dp,p)
mq=pow(c,dq,q)
m=((mp-mq)*invq%p)*q+mq
print(libnum.n2s(m))

共模攻击

# -*- coding: utf-8 -*-

from libnum import n2s,s2n
from gmpy2 import invert
# 欧几里得算法
def egcd(a, b):
  if a == 0:
    return (b, 0, 1)
  else:
    g, y, x = egcd(b % a, a)
    return (g, x - (b // a) * y, y)

def main():
  n = 21058339337354287847534107544613605305015441090508924094198816691219103399526800112802416383088995253908857460266726925615826895303377801614829364034624475195859997943146305588315939130777450485196290766249612340054354622516207681542973756257677388091926549655162490873849955783768663029138647079874278240867932127196686258800146911620730706734103611833179733264096475286491988063990431085380499075005629807702406676707841324660971173253100956362528346684752959937473852630145893796056675793646430793578265418255919376323796044588559726703858429311784705245069845938316802681575653653770883615525735690306674635167111
  c1 = 20152490165522401747723193966902181151098731763998057421967155300933719378216342043730801302534978403741086887969040721959533190058342762057359432663717825826365444996915469039056428416166173920958243044831404924113442512617599426876141184212121677500371236937127571802891321706587610393639446868836987170301813018218408886968263882123084155607494076330256934285171370758586535415136162861138898728910585138378884530819857478609791126971308624318454905992919405355751492789110009313138417265126117273710813843923143381276204802515910527468883224274829962479636527422350190210717694762908096944600267033351813929448599
  c2 = 11298697323140988812057735324285908480504721454145796535014418738959035245600679947297874517818928181509081545027056523790022598233918011261011973196386395689371526774785582326121959186195586069851592467637819366624044133661016373360885158956955263645614345881350494012328275215821306955212788282617812686548883151066866149060363482958708364726982908798340182288702101023393839781427386537230459436512613047311585875068008210818996941460156589314135010438362447522428206884944952639826677247819066812706835773107059567082822312300721049827013660418610265189288840247186598145741724084351633508492707755206886202876227
  e1 = 2767
  e2 = 3659
  s = egcd(e1, e2)
  s1 = s[1]
  s2 = s[2]
  # 求模反元素
  if s1<0:
    s1 = - s1
    c1 = invert(c1, n)
  elif s2<0:
    s2 = - s2
    c2 = invert(c2, n)

  m = pow(c1,s1,n)*pow(c2,s2,n) % n
  print n2s(m)

if __name__ == '__main__':
  main()

e=3

#/usr/bin/python
# coding=utf-8
import gmpy2
from Crypto.PublicKey import RSA

e=3
N=0x52d483c27cd806550fbe0e37a61af2e7cf5e0efb723dfc81174c918a27627779b21fa3c851e9e94188eaee3d5cd6f752406a43fbecb53e80836ff1e185d3ccd7782ea846c2e91a7b0808986666e0bdadbfb7bdd65670a589a4d2478e9adcafe97c6ee23614bcb2ecc23580f4d2e3cc1ecfec25c50da4bc754dde6c8bfd8d1fc16956c74d8e9196046a01dc9f3024e11461c294f29d7421140732fedacac97b8fe50999117d27943c953f18c4ff4f8c258d839764078d4b6ef6e8591e0ff5563b31a39e6374d0d41c8c46921c25e5904a817ef8e39e5c9b71225a83269693e0b7e3218fc5e5a1e8412ba16e588b3d6ac536dce39fcdfce81eec79979ea6872793L
c=0x10652cdfaa6b63f6d7bd1109da08181e500e5643f5b240a9024bfa84d5f2cac9310562978347bb232d63e7289283871efab83d84ff5a7b64a94a79d34cfbd4ef121723ba1f663e514f83f6f01492b4e13e1bb4296d96ea5a353d3bf2edd2f449c03c4a3e995237985a596908adc741f32365

def calc(j):
    print j
    a, b = gmpy2.iroot(c + j * N, 3)
    if b == 1:
        m = a
        print '{:x}'.format(int(m)).decode('hex')
        exit()


for i in range(130000000):
    calc(i)

CRT(中国剩余定理)

https://blog.csdn.net/destiny1507/article/details/81751168
https://www.cnblogs.com/freinds/p/6388992.html
上一篇
下一篇