Chive2021autumn.Crypto的wp

Yuki’s messages

不用写代码的签到题（

• phase1 base85
• phase2 w型栅栏，栏数是3
• phase3 普通单表替换密码，出题人自己手打的密码表，直接丢qiupquip分析就出来了

nc vaala.cloud 28281

没有Ubuntu或者kali可以下一个windows的nc工具(4条消息) Windows 下载安装 netcat(nc)命令_mry6的博客-CSDN博客

不配环境变量直接cmd进安装目录应该也能用_(:з」∠)_

YUKI.N > First let's try a simple challenge.
YUKI.N > ARTY*+C\c#AKYPuB4uC4+D,>2AK_
YUKI.N > The coding above is not base64, but it's similar.
YUKI.N > Now give me your answer: 

用这个在线工具 - Bugku CTF（被火狐骗了，建议换个浏览器，火狐不好用~

easy base eighty five!

YUKI.N > Not bad.
YUKI.N > Try this cipher.
YUKI.N > wdie  laer alfnebtsilesir cut y
YUKI.N > Now give me your answer: 

用这个栅栏密码加密/解密【W型】 - 一个工具箱 - 好用的在线工具都在这里！ (atoolbox.net)

weird rail fence but still easy

YUKI.N > This is the last phase.
YUKI.N > Can you solve this?
YUKI.N > cwnl doxwdl jx fnl bfjxubjlp jxxi jx nximl nfanjwjfjwxv dwyolk.
YUKI.N > Sometimes we need to find help from machines.
YUKI.N > Now give me your answer: 

用qiupquip在线解quipqiup - cryptoquip and cryptogram solver

wise choice to use automated tool to solve substitution cipher.

flag{greetings_from_John_Smith}

BabyBabyRSA

用Ubuntu调用命令行nc

nc vaala.cloud 28221

#!user/bin/env python
from secret import flag
from Crypto.Util.number import getPrime, bytes_to_long

def getP():
    p = getPrime(1024)
    while p % 4 != 3:
        p = getPrime(1024)
    return p

def encrypt_1(m1):
    p1 = getP()
    q1 = getP()
    n1 = p1 * q1
    e1 = 2
    c1 = pow(m1, e1, n1)
    return p1, q1, c1

def encrypt_2(m2):
    p2 = getPrime(1024)
    q2 = getPrime(1024)
    n2 = p2 * q2
    e2 = 3
    c2 = pow(m2, e2, n2)
    return n2, c2

if __name__ == '__main__':
    m1 = bytes_to_long(flag.encode())
    p1, q1, c1 = encrypt_1(m1)
    n2, c2 = encrypt_2(c1)

    print "p1 =", p1
    print "q1 =", q1
    print "n2 =", n2
    print "c2 =", c2

    i_flag = raw_input("Input your flag: ") 
    if i_flag == flag:
        print "Congratulations!"
    else:
        print "Try again!"  

以上为题干，两重rsa嵌套，第二个的解是第一个的c1

所以先e=3小明文攻击，再e=2Rabin攻击

p1 = 173695948137720339926791690442238697630652413087176323759420405827136481868786598237397913331052685508682072612174241598670883917175605565778716443509362980965491964852147078088337831416925902088249289730873659515602468163703949286968432290878521467968200938343723565968634621393180323945991467257785496809891
q1 = 178434049783291327568819076625061926546764270935095391012869787155777696335439666435484032582467500061389193479534731247241463117366557398750126106793547297783028749610705973195307059054186530860191673457929409575854930778935590344939224529340511729795221559197993210234254480417232108070261333932202649357807
n2 = 13665611163923781750913066324624746135738672173722804608442151795764436709085051373277752884964515347945999770315934696379080357088666911204549384620208097203395568503838542870077480289560412919939266063492186820193718207112373533523648910842292315098366687782230524943988360373734405976417206225563226451303098217094727972286581490179609695102905241515080424281526818802503204867475057264243555037250133345562666790676654157318918498380043117605624218301724740087467099784196832109540817942896004742091128764861123158483413648703074541554181819638323513425427496944856928349145377404303711342110523428114493896613301
c2 = 30862109772433666548559461763845888783154841656189925201583968005764991956976757719736495160362194904545559786938902416615523589643907051956153902971840245374505098817064752151430510494820795245404328697102903249600592294483661383495977351854559023254736833038181781617528179365900429808447985640131805781557288472896430384446879124557528802461974685087548665116500253288327675569598469962263859474018785213486819394925454088650697992039053807437666536068024506921840646773788164767555181085724512369491367583142050725850850149289142484607127264565221175158325343960505507614516094350648731285532075955161

以上为nc输出

# coding:utf-8
import gmpy2, libnum


def Small_plaintext_e3():
    e = int(input("e="))
    n = int(input("n="))
    c = int(input("c="))
    for k in range(200000000):
        if gmpy2.iroot(c + n * k, e)[1] == 1:
            m = gmpy2.iroot(c + n * k, e)[0]
            print(m)
            #print("明文：", libnum.n2s(m))
            break
Small_plaintext_e3()

第一重解出m，即第一题c1

m=3136716033729452004451100953924354584411966642508003643557881768803660695592033408161392221717260260493944983549018438338605197606262325954943557561167969157352045128757440004307054455629989569931373321

发现第二步其实解法比较多，先列两种

第一种，用p1，q1算出n1，继续用上题脚本可以解出来（把注释的输出明文拿出来

第二种，不要n了，直接把c开平方根，然后转bytes输出（应该算特解，比较吃运气

# coding:utf-8
import gmpy2, libnum
e=2
c = 3136716033729452004451100953924354584411966642508003643557881768803660695592033408161392221717260260493944983549018438338605197606262325954943557561167969157352045128757440004307054455629989569931373321
m = gmpy2.isqrt(c)
m = int(m)
m_text = libnum.n2s(m)  #将十六进制转为字符
print(m_text)

flag{920001a3-86bb-4abf-a8e4-3e9f78c4394c}

煎饼果子

（题干文件在这，可以下载

https://www.lanzouw.com/iXERQuvibte

# -*- coding: utf-8 -*-


import tkinter.messagebox as messagebox
import tkinter as tk
from tkinter import *
import tkinter.font as tkFont
import hashlib
import time
def c_time(name):
    # name=input()
    # 格式化成2016-03-20 11:45:39形式

    # s=time.strftime("%Y-%m-%d-%I-%M-%S", time.localtime())
    #s = time.strftime("%Y-%m-%d-%I-%M", time.localtime())
    #m = int(s.replace('-', ''))
    s = time.strftime("%Y%m%d%I%M", time.localtime())
    t = int(s[11:12])//5 #5分钟一更新
    t1 = s[0:11]
    #print(t, t1)
    s=t1+str(t)
    m=int(s)
    #print(m)
    n = 
    e = 65537
    c = str(pow(m, e, n))
    s1 = str(c + name)
    return s1
    #print(s1)


def getcipher(num):
    t=0
    t1=0
    s1 = hashlib.sha512(str(num).encode(encoding='UTF-8')).hexdigest()

    s2=""
    for c in s1:
       if c=='f':
           t=t+1
    if(t==0 or t==1): #如果f只有一个或没有，末位补9
        s2=s1+'9'
        return s2

    i=0
    while(i<len(s1)):
        #print(i)
        if s1[i] == 'f':
            t1=t1+1
            if t1==t//2:
                s2=s2+"f1"
                #+1可能把f跳了，两f连一起
                #i=i+1 #python的for循环改不了i
            else:
                s2 = s2 + s1[i:i + 1]
        else:
            s2 = s2 + s1[i:i + 1]
        i=i+1
    # print(t)
    # print(t//2)
    # print(s2)
    # print(s1)
    return s2
def show(name):

    #print(name)
    j = c_time(name)
    # print(j)
    s = getcipher(j)
    # print(s)
    s1 = s[0:4]
    #print(s1)
    messagebox.showinfo('动态密码是', s1)
if __name__ == "__main__":
    win = tk.Tk()
    win.geometry("500x250")  # 界面大小，中间是小写的x
    win.title("动态密码生成系统")
    win.configure(bg='LightYellow')
    ft1 = tkFont.Font(family='Fixdsys', size=20, weight=tkFont.BOLD)
    ft2 = tkFont.Font(family='Fixdsys', size=10, weight=tkFont.BOLD)
    ft3 = tkFont.Font(family='Fixdsys', size=25, weight=tkFont.BOLD)
    ft4 = tkFont.Font(family='Fixdsys', size=15, weight=tkFont.BOLD)
    Label_first = tk.Label(win)
    Label_second = tk.Label(win)

    #s1 = 'b.xls'  # 文件名读取
    s2="请输入暗号"
    var1 = StringVar()
    Label_first = tk.Label(win, text=s2, bg='LightYellow', fg='Tomato',font=ft2).place(x=55, y=0)
    Label_second = tk.Label(win, text="暗号", bg='LightYellow', fg='Maroon', justify='left').place(x=50, y=50)
    text1 = tk.Entry(win, width=35, bg='White', textvariable=var1).place(x=170, y=50)




    #button_First = tk.Button(win, width=5, text='Run！', fg='red', command= ).place(x=220, y=150

    button_First = tk.Button(win, width=5, text='Run!', fg='red', command=lambda: show(var1.get())).place(x=220, y=150)
    #button_Second = tk.Button(win, text='使用说明', activeforeground='red', width=10, height=2,command=create_window_uncover).place(x=230, y=140)
    win.mainloop()
    #menu()

#看到上面的n了吗，将下面这个简单的rsa的明文m解出来填进去即可运行（这两个n不是一个咯）
#n=8308362313255798397
#e=65537
#c=12051279450352771
#将解出来的m放入上面的n，程序就能运行了

#暗号是个古典加密
#密文是：otototttttttttttotoottttttttottttttottooootttoottttttooottot

#flag形式为flag{}，里面填写四位密码的32位md5形式，如动态密码是8f8e
#flag为flag{393fae2676946c309606c956251e6a38}
#因为出题人太懒不想写docker，你得到了flag以后记得拿去exe里面生成一下真正的flag

#你可能要先安装一些库才能够运行，比如pip install tkinter,当然库不止这些，需要你自己摸索

嗯，上面是题干，主要思路是解一个古典密码和一个很简单的rsa，拿去生成一下md5就行了，似乎强行送分了~(:з」∠)

先解古典加密，是个培根（培根当然好吃啦！，拿去word替换一下就行，反正只有两种可能~（看谁换成a

t换成a，o换成b

密文：bababaaaaaaaaaaababbaaaaaaaabaaaaaabaabbbbaaabbaaaaaabbbaaba

明文：vaalacatyyds

rsa拿去在线网站分解就行了，本来还想出个维纳攻击（

http://factordb.com/index.php

已知p,q,e求m

import gmpy2, libnum
def p_q_e(p,q,e,c):

    phi = (p - 1) * (q - 1)
    n = p * q
    d = gmpy2.invert(e, phi)
    m = pow(c, d, n)
    #print("明文：", libnum.n2s(m))
    #string = long_to_bytes(m)
    print(m)

p=2055288997
q=4042430201
e=65537
c=12051279450352771

p_q_e(p,q,e,c)

很容易解得m=4524634655461911941

把m填进n，补全题干代码运行

动态密码是5min一刷新，也就是每十分钟的0分和5分时候刷新~

import hashlib
s1='ff81'
s2= hashlib.md5(s1.encode(encoding='UTF-8')).hexdigest()
flag="flag{"+s2+"}"
print(flag)

结果为：flag{fad7779fc9d98d3b90fbda810be985a4}

交到exe里面可以拿到真的flag（

真正的flag是：flag{lazy_Sueyoki_is_to0_lazy_to_make_d0cker}

tips:

因为动态密码是动态的，做太慢可能会刷新_(:з」∠)_