目录
- 【Misc】misc666
- 【Crypto】crypto967
- 【Reverse】re547
【Misc】misc666
flag{NiuDaoxiaoshi666}
【Crypto】crypto967
m = 696376465415968446607383675953857997
c =75351884040606337127662457946455960228423443937677603718170904462378938882502061014476822055783421908392386804380503123596242003758891619926133807099465797120624009076182390781918339985157326114840926784410018674639537246981505937318380179042568501449024366208980139650052067021073343322300422190243015076307
n =135413548968824157679549005083702144352234347621794899960854103942091470496598900341162814164511690126111049767046340801124977369460415208157716471020260549912068072662740722359869775486486528791641600354017790255320219623493658736576842207668208174964413000049133934516641398518703502709055912644416582457721
G = Zmod(n)
factors = [587, 28142457071, 395710839697]
order = n - 1
m = G(m)
c = G(c)
dlogs = []
for i in factors:t = order // iy = c ^ tg = m ^ tdlog = discrete_log(c ^ t, m ^ t)dlogs.append(int(dlog))print(dlog)
x=crt(dlogs, factors)
print(x)
x=17271504622210389511
from Crypto.Util.number import *x = 17271504622210389511
c1 =209941170134628207830310059622280988835086910150451946264595015050300510031560522999562095124692878755896950865676914790595999182721583547184333760954091880805688518459046880395477235753285839380764579025127254060855545
c2 =4803339369764546990337396010353372745379378328671778873584350940089623041410194355125962064067657967062926344955874581199853582279928946579389671271191196
p =6809372619970287379746941806942051353536181082328454067824596651780784704823185066486367854653297514943018290212240504418345108411269306758069486928594027
g =12575636661436726898107254102531343862656456137827822292892883099464907172061178954026138165159168595086335202285503403441736394399853074532771428483593753
k =4521228602593215445063533369342315270631623025219518143209270060218625289087470505221974748605346084266802332207199304586313352026660695691783656769488472print(long_to_bytes(c1 * pow(c2, -x, p) % p))
flag{th1s_1s_so_3a2y_rlgh4}
【Reverse】re547
IDA打开后有个_main函数
v27密文↓
rc4加密:
for ( i = 0; i < 256; ++i )
{v26[i] = i;v24[i] = v25[i % v3];
}for ( j = 0; j < 256; ++j )
{v7 = v26[j];v4 = (v7 + v24[j] + v4) % 256;v26[j] = v26[v4];v26[v4] = v7;
}v8 = 0;
v9 = 0;for ( k = 0; k < 42; ++k )
{v8 = (v8 + 1) % 256;v11 = v26[v8];v9 = (v11 + v9) % 256;v26[v8] = v26[v9];v26[v9] = v11;Arglist[k] ^= v26[(unsigned __int8)(v11 + v26[v8])];
}v12 = 0;
v23 = 0;
tea加密:
do
{v13 = 0;v14 = *(_DWORD *)&Arglist[8 * v12];v22 = &Arglist[8 * v12];v21 = &Arglist[8 * v12 + 4];v15 = 32;v16 = *(_DWORD *)v21;do{v13 -= 0x61C88647;v14 += (16 * v16 + 0x1234) ^ (v13 + v16) ^ ((v16 >> 5) + 0x5678);v16 += ((v14 >> 5) + 0x8265) ^ (v13 + v14) ^ (16 * v14 + 0x4523);--v15;}while ( v15 );*(_DWORD *)v22 = v14;*(_DWORD *)v21 = v16;v12 = v23 + 1;v23 = v12;
}
while ( v12 < 5 );
tea只循环5次(40位)
但是程序要我们输入42位
还剩两位只经过rc4
#include <stdio.h>
#include <stdint.h>
#include<string.h>//加密函数
void encrypt(uint32_t* v, uint32_t* k)
{/* set up */uint32_t v0 = v[0], v1 = v[1], sum = 0, i;/* a key schedule constant */ uint32_t delta = 0x9e3779b9;/* cache key */uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];for (i = 0; i < 32; i++)/* basic cycle start */{sum += delta;v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);} /* end cycle */v[0] = v0; v[1] = v1;
}//解密函数
void decrypt(uint32_t* v, uint32_t* k)
{/* set up */uint32_t v0 = v[0], v1 = v[1], sum = 0x9e3779b9<<5, i;/* a key schedule constant */uint32_t delta = 0x9e3779b9;/* cache key */uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];for (i = 0; i < 32; i++)/* basic cycle start */{v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);sum -= 0x9e3779b9;}/* end cycle */v[0] = v0; v[1] = v1;
}int main()
{uint32_t v[10] = { 0x1C30FE24, 0xA34C7D11, 0x6F106E38, 0x3EBDE0C4, 0x400FC847, 0x752FF41A, 0xF13DDEBA, 0x6C7835C6,0xFD3E6948, 0x9DFD7447 };uint32_t k[4] = { 0x1234,0x5678,0x4523,0x8265 };uint32_t vvv[10];for(int i = 0; i < 10;i+=2 ){uint32_t vv[2] = { v[i],v[i + 1] };decrypt(vv, k);vvv[i]= vv[0];vvv[i + 1] = vv[1];}for (int k = 0; k < 40; k++){printf("%02x",(*((unsigned char*)vvv + k)));}return 0;
}
运行结果:
8aa09899317f3709336a68c12db9ec3c321d77b99eb9147f005f3dbc3b6e2a2cf901a69ce35bbe80
添加后面没用tea加密的两位:0x66 0x2f
flag{1f782dbb-7570-46c8-b7a2-f64dfa4383b7}