攻防世界_Crypto_wp

May 27 2020 ctf 12 minutes read (About 1827 words)

开始学Crypto主要有两个原因，第一还是受了最近两场比赛的影响，安恒月赛的时候真就提前ak了re之后看着掉排名，GKCTF也是只上了单榜；第二就是最近做re的时候，经常会做到最后遇到加密算法还是抓瞎，所以开始接触了密码学的东西，拿Crypto练习练习

新手区

base64

密文

1	Y3liZXJwZWFjZXtXZWxjb21lX3RvX25ld19Xb3JsZCF9

直接base64解一下就出来了

1	cyberpeace{Welcome_to_new_World!}

Caeser

密文

1	oknqdbqmoq{kag_tmhq_xqmdzqp_omqemd_qzodkbfuaz}

凯撒密码，正好用到之前信安导论的大作业，Rust is the future!

#![allow(dead_code)]
#![allow(unused)]

fn encrypt(s: &str,rot: u8) -> String
{
    let mut s_ret=String::new();
    for c in s.chars(){
        if  ('a' as u8) <= c as u8 && (c as u8) <= 'z' as u8
        {
            let mut tmp =(c as u8) -('a' as u8);
            tmp=(26+tmp+rot)%26+'a' as u8;
            let ch=tmp as char;
            s_ret.push(ch);
        }
        else if ('A' as u8) <= (c as u8) && (c as u8) <= ('Z' as u8)
        {
            let mut tmp =(c as u8)-('A' as u8);
            tmp=(26+tmp+rot)%26+'A' as u8;
            let ch=tmp as char;
            s_ret.push(ch);
        }
        else {
            s_ret.push(c);
            continue;
        }
    }
    s_ret
}

fn decrypt(s: &str,rot: u8) -> String
{
    let mut s_ret=String::new();
    for c in s.chars(){
        if  ('a' as u8) <= (c as u8) && (c as u8) <= ('z' as u8)
        {
            let mut tmp =(c as u8) -('a' as u8);
            tmp=(26+tmp-rot)%26+'a' as u8;
            // plus 26 to avoid 'attempt to subtract with overflow' error since u8 is unsigned
            let ch=tmp as char;
            s_ret.push(ch);
        }
        else if ('A' as u8) <= (c as u8) && (c as u8) <= ('Z' as u8)
        {
            let mut tmp =(c as u8)-('A' as u8);
            tmp=(26+tmp-rot)%26+'A' as u8;
            // plus 26 to avoid 'attempt to subtract with overflow' error since u8 is unsigned
            let ch=tmp as char;
            s_ret.push(ch);
        }
        else {
            s_ret.push(c);
            continue;
        }
    }
    s_ret
}

fn main() {
    let s=decrypt("oknqdbqmoq{kag_tmhq_xqmdzqp_omqemd_qzodkbfuaz}",12);
    println!("{:?}",s);
}

得到flag

1	cyberpeace{you_have_learned_caesar_encryption}

Morse

题目是摩斯密码但是内容全是0和1，所以应该是0对应.，1对应-

CODE = {'A': '.-', 'B': '-...', 'C': '-.-.',
        'D': '-..', 'E': '.', 'F': '..-.',
        'G': '--.', 'H': '....', 'I': '..',
        'J': '.---', 'K': '-.-', 'L': '.-..',
        'M': '--', 'N': '-.', 'O': '---',
        'P': '.--.', 'Q': '--.-', 'R': '.-.',
        'S': '...', 'T': '-', 'U': '..-',
        'V': '...-', 'W': '.--', 'X': '-..-',
        'Y': '-.--', 'Z': '--..',

        '0': '-----', '1': '.----', '2': '..---',
        '3': '...--', '4': '....-', '5': '.....',
        '6': '-....', '7': '--...', '8': '---..',
        '9': '----.',

        '.': '.-.-.-', ':': '---...', ',': '--..--', ';': '-.-.-.',
        '?': '..--..', '=': '-...-', '\'': '.----.', '/': '-..-.',
        '!': '-.-.--', '-': '-....-', '_': '..--.-', '"': '.-..-.',
        '(': '-.--.', ')': '-.--.-', '$': '...-..-', '&': '.-...',
        '@': '.--.-.'

        }


def Decode(str):
    Decode_value = CODE.keys()
    Decode_key = CODE.values()
    Decode_dict = dict(zip(Decode_key, Decode_value))

    text =''
    str=str.replace('0','.')
    str=str.replace('1','-')
    # print(str)
    msg=str.split(' ')
    for s in msg:
        if s in Decode_dict.keys():
            text+=Decode_dict[s]
    return text

str='11 111 010 000 0 1010 111 100 0 00 000 000 111 00 10 1 0 010 0 000 1 00 10 110'
print(Decode(str).lower())

得到flag

1	morsecodeissointeresting

混合编码

密文

JiM3NjsmIzEyMjsmIzY5OyYjMTIwOyYjNzk7JiM4MzsmIzU2OyYjMTIwOyYjNzc7JiM2ODsmIzY5OyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjNTI7JiM3NjsmIzEyMjsmIzEwNzsmIzUzOyYjNzY7JiMxMjI7JiM2OTsmIzEyMDsmIzc3OyYjODM7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiMxMDc7JiMxMTg7JiM3NzsmIzg0OyYjNjU7JiMxMjA7JiM3NjsmIzEyMjsmIzY5OyYjMTIwOyYjNzg7JiMxMDU7JiM1NjsmIzEyMDsmIzc3OyYjODQ7JiM2OTsmIzExODsmIzc5OyYjODQ7JiM5OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzUwOyYjNzY7JiMxMjI7JiM2OTsmIzEyMDsmIzc4OyYjMTA1OyYjNTY7JiM1MzsmIzc4OyYjMTIxOyYjNTY7JiM1MzsmIzc5OyYjODM7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiM5OTsmIzExODsmIzc5OyYjODQ7JiM5OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzExOTsmIzc2OyYjMTIyOyYjNjk7JiMxMTk7JiM3NzsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY4OyYjNjU7JiMxMTg7JiM3NzsmIzg0OyYjNjU7JiMxMjA7JiM3NjsmIzEyMjsmIzY5OyYjMTE5OyYjNzc7JiMxMDU7JiM1NjsmIzEyMDsmIzc3OyYjNjg7JiM2OTsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzExOTsmIzc2OyYjMTIyOyYjMTA3OyYjNTM7JiM3NjsmIzEyMjsmIzY5OyYjMTE5OyYjNzc7JiM4MzsmIzU2OyYjMTIwOyYjNzc7JiM4NDsmIzEwNzsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzEyMDsmIzc2OyYjMTIyOyYjNjk7JiMxMjA7JiM3ODsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY4OyYjMTAzOyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjMTE5Ow==

base64解一下

1	LzExOS8xMDEvMTA4Lzk5LzExMS8xMDkvMTAxLzExNi8xMTEvOTcvMTE2LzExNi85Ny85OS8xMDcvOTcvMTEwLzEwMC8xMDAvMTAxLzEwMi8xMDEvMTEwLzk5LzEwMS8xMTkvMTExLzExNC8xMDgvMTAw

Unicode码，新建一个html写进去，浏览器打开得到

1	LzExOS8xMDEvMTA4Lzk5LzExMS8xMDkvMTAxLzExNi8xMTEvOTcvMTE2LzExNi85Ny85OS8xMDcvOTcvMTEwLzEwMC8xMDAvMTAxLzEwMi8xMDEvMTEwLzk5LzEwMS8xMTkvMTExLzExNC8xMDgvMTAw

接着base64

1	/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/119/111/114/108/100

应该是ASCII码，写脚本跑一波

import base64
str=b"LzExOS8xMDEvMTA4Lzk5LzExMS8xMDkvMTAxLzExNi8xMTEvOTcvMTE2LzExNi85Ny85OS8xMDcvOTcvMTEwLzEwMC8xMDAvMTAxLzEwMi8xMDEvMTEwLzk5LzEwMS8xMTkvMTExLzExNC8xMDgvMTAw"
t=base64.b64decode(str).decode().split('/')[1:]
# print(t)
flag="".join([chr(int(i)) for i in t])
print(flag)

得到flag

1	welcometoattackanddefenceworld

幂数加密

拿到密文

1	8842101220480224404014224202480122

一串数字，题目提示8个字，看到7个0，猜测0是分隔符，了解以下幂数加密，把每一位加起来得到索引

WELLDOWN

Railfence

题目提示栅栏密码，key是5，但是解出来发现不对，报读之后才知道还有一种w模式的栅栏密码，网上找了段代码

def enc(plain, num):
    matrix = [([0] * len(plain)) for i in range(num)]

    i_s = []
    for a in range(num):
        i_s.append(a)
    for a in range(num - 2, 0, -1):
        i_s.append(a)
    i_s_len = len(i_s)

    i = 0
    for c in plain:
        matrix[i_s[i % i_s_len]][i] = c
        i += 1

    encrypted = ''
    for i in range(num):
        for j in range(len(plain)):
            if matrix[i][j]:
                encrypted += matrix[i][j]
    return encrypted


def dec(encrypted, num):
    matrix = [([0] * len(encrypted)) for i in range(num)]
    cur = 0
    for i in range(num):
        if i == 0:
            pair = [(num - (i + 1)) * 2 - 1]
        elif i == num - 1:
            pair = [i * 2 - 1]
        else:
            pair = [(num - (i + 1)) * 2 - 1, i * 2 - 1]

        pair_i = 0
        j = i
        while True:
            if cur < len(encrypted):
                matrix[i][j] = encrypted[cur]
            cur += 1
            j += pair[pair_i % len(pair)] + 1
            pair_i += 1
            if j >= len(encrypted):
                break
    i_s = []
    for a in range(num):
        i_s.append(a)
    for a in range(num - 2, 0, -1):
        i_s.append(a)
    i_s_len = len(i_s)
    decrypted = ''
    for j in range(len(encrypted)):
        decrypted += matrix[i_s[j % i_s_len]][j]
    return decrypted


encrypted = 'ccehgyaefnpeoobe{lcirg}epriec_ora_g'
num = 5
print(dec(encrypted, num))

得到flag

1	cyberpeace{railfence_cipher_gogogo}

easy_RSA

题目描述非常直接

1 2	在一次RSA密钥对生成中，假设p=473398607161，q=4511491，e=17 求解出d

甚至不用求解rsa，找到d就可以了

def gcdext(a, b):
    """
    a: 模的取值
    b: 想求逆的值
    """
    if b == 0:
        return 1, 0, a
    x, y, gcd = gcdext(b, a % b)
    return y, x - a // b * y, gcd


c = 169169912654178
p = 473398607161
q = 4511491
e = 17
n = p * q
# print(k)
fai = (p - 1) * (q - 1)
(d, k, g) = gcdext(e, fai)
print(d)
# 125631357777427553

不仅仅是Morse

拿到一段摩斯密码，解一下

CODE = {
    'A': '.-',
    'B': '-...',
    'C': '-.-.',
    'D': '-..',
    'E': '.',
    'F': '..-.',
    'G': '--.',
    'H': '....',
    'I': '..',
    'J': '.---',
    'K': '-.-',
    'L': '.-..',
    'M': '--',
    'N': '-.',
    'O': '---',
    'P': '.--.',
    'Q': '--.-',
    'R': '.-.',
    'S': '...',
    'T': '-',
    'U': '..-',
    'V': '...-',
    'W': '.--',
    'X': '-..-',
    'Y': '-.--',
    'Z': '--..',
    '0': '-----',
    '1': '.----',
    '2': '..---',
    '3': '...--',
    '4': '....-',
    '5': '.....',
    '6': '-....',
    '7': '--...',
    '8': '---..',
    '9': '----.',
    '.': '.-.-.-',
    ':': '---...',
    ',': '--..--',
    ';': '-.-.-.',
    '?': '..--..',
    '=': '-...-',
    '\'': '.----.',
    '/': '-..-.',
    '!': '-.-.--',
    '-': '-....-',
    '_': '..--.-',
    '"': '.-..-.',
    '(': '-.--.',
    ')': '-.--.-',
    '$': '...-..-',
    '&': '.-...',
    '@': '.--.-.'
}


def Decode(str):
    Decode_value = CODE.keys()
    Decode_key = CODE.values()
    Decode_dict = dict(zip(Decode_key, Decode_value))

    text = ''
    # print(str)
    msg = str.split('/')
    for s in msg:
        if s in Decode_dict.keys():
            text += Decode_dict[s]
    return text


str = '--/.-/-.--/..--.-/-..././..--.-/..../.-/...-/./..--.-/.-/-./---/-/...././.-./..--.-/-.././-.-./---/-.././..../..../..../..../.-/.-/.-/.-/.-/-.../.-/.-/-.../-.../-.../.-/.-/-.../-.../.-/.-/.-/.-/.-/.-/.-/.-/-.../.-/.-/-.../.-/-.../.-/.-/.-/.-/.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../-.../.-/.-/.-/-.../-.../.-/.-/-.../.-/.-/.-/.-/-.../.-/-.../.-/.-/-.../.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../.-/.-/.-/-.../.-/.-/-.../.-/-.../-.../.-/.-/-.../-.../-.../.-/-.../.-/.-/.-/-.../.-/-.../.-/-.../-.../.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../.-/.-/-.../.-/.-/-.../.-/.-/.-/.-/-.../-.../.-/-.../-.../.-/.-/-.../-.../.-/.-/-.../.-/.-/-.../.-/.-/.-/-.../.-/.-/-.../.-/.-/-.../.-/.-/-.../.-/-.../.-/.-/-.../-.../.-/-.../.-/.-/.-/.-/-.../-.../.-/-.../.-/.-/-.../-.../.-'
print(Decode(str).lower())
# may_be_have_another_decodehhhhaaaaabaabbbaabbaaaaaaaabaababaaaaaaabbabaaabbaaabbaabaaaababaabaaabbabaaabaaabaababbaabbbabaaabababbaaabbabaaabaabaabaaaabbabbaabbaabaabaaabaabaabaababaabbabaaaabbabaabba

这一段ab组成的密文是培根密码，写脚本解一下培根密码

import re

s = 'aaaaabaabbbaabbaaaaaaaabaababaaaaaaabbabaaabbaaabbaabaaaababaabaaabbabaaabaaabaababbaabbbabaaabababbaaabbabaaabaabaabaaaabbabbaabbaabaabaaabaabaabaababaabbabaaaabbabaabba'

CODE_TABLE = {
    'a': 'aaaaa',
    'b': 'aaaab',
    'c': 'aaaba',
    'd': 'aaabb',
    'e': 'aabaa',
    'f': 'aabab',
    'g': 'aabba',
    'h': 'aabbb',
    'i': 'abaaa',
    'j': 'abaab',
    'k': 'ababa',
    'l': 'ababb',
    'm': 'abbaa',
    'n': 'abbab',
    'o': 'abbba',
    'p': 'abbbb',
    'q': 'baaaa',
    'r': 'baaab',
    's': 'baaba',
    't': 'baabb',
    'u': 'babaa',
    'v': 'babab',
    'w': 'babba',
    'x': 'babbb',
    'y': 'bbaaa',
    'z': 'bbaab'
}


def bacondecode(bacon):
    msg = ''
    codes = re.findall(r'.{5}', bacon)
    for code in codes:
        if code == '':
            msg += ' '
        else:
            UNCODE = dict(map(lambda t: (t[1], t[0]), CODE_TABLE.items()))
            msg += UNCODE[code]
    return msg


flag = bacondecode(s)
print('flag is ', flag)
# flag is  attackanddefenceworldisinteresting

easychallenge

re和crypto一家石锤

pyc没做任何修改，直接uncompyle6反编译，得到结果改一下算法逆向计算一下得到结果

import base64


def encode1(ans):
    s = ''
    for i in ans:
        x = ord(i) - 25
        x = x ^ 36
        s += chr(x)

    return s


def encode2(ans):
    s = ''
    for i in ans:
        x = i ^ 36
        x = x - 36
        s += chr(x)

    return s


def encode3(ans):
    return base64.b32decode(ans)


flag = ' '
final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E==='
print(encode1(encode2(encode3(final))))
# cyberpeace{interestinghhhhh}

Normal_RSA

这题算是进入了基本的crypto领域了

首先作为一个脚本小子，直接拿别人的工具就可以跑出结果

CTF-RSA-tool很不错，虽然里面大部分的解法目前我还都不会

正常解法

首先用openssl解析一下公钥

-> openssl rsa -pubin -text -modulus -in pubkey.pem
RSA Public-Key: (256 bit)
Modulus:
    00:c2:63:6a:e5:c3:d8:e4:3f:fb:97:ab:09:02:8f:
    1a:ac:6c:0b:f6:cd:3d:70:eb:ca:28:1b:ff:e9:7f:
    be:30:dd
Exponent: 65537 (0x10001)
Modulus=C2636AE5C3D8E43FFB97AB09028F1AAC6C0BF6CD3D70EBCA281BFFE97FBE30DD
writing RSA key
-----BEGIN PUBLIC KEY-----
MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMJjauXD2OQ/+5erCQKPGqxsC/bNPXDr
yigb/+l/vjDdAgMBAAE=
-----END PUBLIC KEY-----

得到了n=0xC2636AE5C3D8E43FFB97AB09028F1AAC6C0BF6CD3D70EBCA281BFFE97FBE30DD，e=65537，这个n不是很大，所以yafu直接分解，很快得到p和q

1 2	P39 = 319576316814478949870590164193048041239 P39 = 275127860351348928173285174381581152299

然后正常rsa的套路跑一边很快就可以得到结果

import gmpy2


def bytes2num(b):
    s = '0x'
    for x in b:
        tmp = str(hex(x))[2:]
        if len(tmp) == 2:
            pass
        else:
            tmp = '0' + tmp
        #print(tmp)
        s += tmp
        num = int(s, 16)
    return num


def num2str(n):
    tmp = str(hex(n))[2:]
    if len(tmp) % 2 == 0:
        pass
    else:
        tmp = '0' + tmp
    s = ''
    for i in range(0, len(tmp), 2):
        temp = tmp[i] + tmp[i + 1]
        s += chr(int(temp, 16))
    return s


r = open("flag.enc", "rb")
r = r.read()
r = bytes2num(r)
e = 65537
n = 87924348264132406875276140514499937145050893665602592992418171647042491658461
p = 275127860351348928173285174381581152299
q = 319576316814478949870590164193048041239
d = gmpy2.invert(e, (p - 1) * (q - 1))
#print(d)
m = pow(r, int(d), n)
print(num2str(m))
# PCTF{256b_i5_m3dium}

#ctf #攻防世界 #crypto

攻防世界_Crypto_wp

新手区

base64

Caeser

Morse

混合编码

幂数加密

Railfence

easy_RSA

不仅仅是Morse

easychallenge

Normal_RSA

Comments

Your browser is out-of-date!