西瓜杯

Misc

他说他想结婚

Crypto

奇怪的条形码

一道misc，，ppt改图片长款

简单密码

没看出来

1	647669776d757e83817372816e707479707c888789757c92788d84838b878d9d

def encrypt_string(s):
    """将输入的字符串进行加密，逐个字节递增加"""
    encrypted_bytes = bytearray(s, 'utf-8')
    for i in range(len(encrypted_bytes)):
        encrypted_bytes[i] += (i + 1)
    return encrypted_bytes.hex()

def decrypt_string(hex_string):
    """将加密后的16进制字符串解密"""
    encrypted_bytes = bytearray.fromhex(hex_string)
    for i in range(len(encrypted_bytes)):
        encrypted_bytes[i] -= (i + 1)
    return encrypted_bytes.decode('utf-8')

def main():
    print("选择功能：")
    print("1. 加密字符串")
    print("2. 解密字符串")
    choice = input("输入你的选择（1 或 2）：")

    if choice == '1':
        plaintext = input("输入要加密的字符串：")
        encrypted_string = encrypt_string(plaintext)
        print(f"加密后的字符串：{encrypted_string}")
    elif choice == '2':
        hex_string = input("输入加密后的16进制字符串：")
        decrypted_string = decrypt_string(hex_string)
        print(f"解密后的字符串：{decrypted_string}")
    else:
        print("无效的选择，请输入1或2。")

if __name__ == "__main__":
    main()

factor

题目：

from Crypto.Util.number import *
import gmpy2
import os
from enc import flag

hint = os.urandom(36)
tmp = bytes_to_long(hint)
m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
d = getPrime(400)
phi = (p-1)*(q-1)
e = gmpy2.invert(d,phi)
n = p*q
c = pow(m,e,n)
leak1 = p^tmp
leak2 = q^tmp
print(f"n = {n}")
print(f"e = {e}")
print(f"c = {c}")
print(f"leak1 = {leak1}")
print(f"leak2 = {leak2}")

'''
n = 145462084881728813723574366340552281785604069047381248513937024180816353963950721541845665931261230969450819680771925091152670386983240444354412170994932196142227905635227116456476835756039585419001941477905953429642459464112871080459522266599791339252614674500304621383776590313803782107531212756620796159703
e = 10463348796391625387419351013660920157452350067191419373870543363741187885528042168135531161031114295856009050029737547684735896660393845515549071092389128688718675573348847489182651631515852744312955427364280891600765444324519789452014742590962030936762237037273839906251320666705879080373711858513235704113
c = 60700608730139668338977678601901211800978306010063875269252006068222163102100346920465298044880066999492746508990629867396189713753873657197546664480233269806308415874191048149900822050054539774370134460339681949131037133783273410066318511508768512778132786573893529705068680583697574367357381635982316477364
leak1 = 13342820281239625174817085182586822673810894195223942279061039858850534510679297962596800315875604798047264337469828123370586584840078728059729121435462780
leak2 = 10901899434728393473569359914062349292412269512201554924835672710780580634465799069211035290729536290605761024818770843901501694556825737462457471235151530
'''

#!python3
# -*- coding: utf-8 -*-
# @Time    : 2024/6/27 10:08
# @Author  : 3tefanie
from Crypto.Util.number import *
import gmpy2


def find_pq(bin_p, bin_q):
    l = len(bin_p)
    if l == 512:
        p = int(bin_p, 2)
        if n % p == 0:
            q = n//p
            phi = (p-1)*(q-1)
            d = gmpy2.invert(e,phi)
            m = pow(c,d,n)
            flag = long_to_bytes(m)
            print(flag)
    else:
        p = int(bin_p, 2)
        q = int(bin_q, 2)
        if (p ^ q) % (2 ** l) == p_xor_q % (2 ** l) and p * q % (2 ** l) == n % (2 ** l):
            find_pq('1' + bin_p, '1' + bin_q)
            find_pq('1' + bin_p, '0' + bin_q)
            find_pq('0' + bin_p, '1' + bin_q)
            find_pq('0' + bin_p, '0' + bin_q)

n = 145462084881728813723574366340552281785604069047381248513937024180816353963950721541845665931261230969450819680771925091152670386983240444354412170994932196142227905635227116456476835756039585419001941477905953429642459464112871080459522266599791339252614674500304621383776590313803782107531212756620796159703
e = 10463348796391625387419351013660920157452350067191419373870543363741187885528042168135531161031114295856009050029737547684735896660393845515549071092389128688718675573348847489182651631515852744312955427364280891600765444324519789452014742590962030936762237037273839906251320666705879080373711858513235704113
c = 60700608730139668338977678601901211800978306010063875269252006068222163102100346920465298044880066999492746508990629867396189713753873657197546664480233269806308415874191048149900822050054539774370134460339681949131037133783273410066318511508768512778132786573893529705068680583697574367357381635982316477364
leak1 = 13342820281239625174817085182586822673810894195223942279061039858850534510679297962596800315875604798047264337469828123370586584840078728059729121435462780
leak2 = 10901899434728393473569359914062349292412269512201554924835672710780580634465799069211035290729536290605761024818770843901501694556825737462457471235151530
p_xor_q = leak1^leak2
find_pq('1', '1')
```
flag:
```python
cftshow{do_you_know_what_is_xor_and_prune!!!}
```

4 给你d又怎样

题目

from Crypto.Util.number import *
from gmpy2 import *

flag="ctfshow{***}"
m=bytes_to_long(flag.encode())
e=65537
p=getPrime(128)
q=getPrime(128)
n=p*q
phin=(p-1)*(q-1)
d=invert(e,phin)
c=pow(m,e,n)
print("c=",c)
print("hint=",pow(n,e,c))
print("e=",e)
print("d=",d)
"""
c= 48794779998818255539069127767619606491113391594501378173579539128476862598083
hint= 7680157534215495795423318554486996424970862185001934572714615456147511225105
e= 65537
d= 45673813678816865674850575264609274229013439838298838024467777157494920800897
"""

#sage
from Crypto.Util.number import *
from gmpy2 import *

c= 48794779998818255539069127767619606491113391594501378173579539128476862598083
hint= 7680157534215495795423318554486996424970862185001934572714615456147511225105
e= 65537
d= 45673813678816865674850575264609274229013439838298838024467777157494920800897


phic=euler_phi(c)

print(gcd(e,phic))

dc=invert(e,phic)

a=pow(hint,dc,c)

n=int(a)+int(c)

print(long_to_bytes(int(pow(c,d,n))))

flag为ctfshow{Oh_u_knOw_4uler}

5 混合密码体系

混合密码体系

AES加密明文，RSA加密AES的密钥

题目

# 库
from Crypto.Util.number import bytes_to_long,getPrime
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad

# 对称加密
flag = b'ctfshow{***}'      # 密文，隐藏
key = b'flag{***}'      # 会话密钥，隐藏
iv = b'flag{1fake_flag}'       # AES偏移向量，已知
# 对明文进行填充，使其长度符合AES加密的要求
padded_plaintext = pad(flag, AES.block_size)

# 创建AES加密对象
cipher = AES.new(key, AES.MODE_CBC, iv)

# 加密
ciphertext = cipher.encrypt(padded_plaintext)

# 加密后的文本通常是字节串，转成整数便于进行会话密钥的RSA加密
c1 = bytes_to_long(ciphertext)

print(f'c1 = {c1}')

# 非对称加密
m = bytes_to_long(key)
e = 0x10001
p = getPrime(1024)
q = getPrime(1024)
n = p * q
c = pow(m,e,n)
print(f'p = {p}')
print(f'q = {q}')
print(f'n = {n}')
print(f'c2 = {c}')
# print("hint:key需要转成字节流也就是b''")

'''
c1 = 10274623386006297478525964130173470046355982953419353351509177330015001060887455252482567718546651504491658563014875
p = 126682770761631193509957156425049279522830651950325320826580754739365086374362604934854454428815835196844469535588686149210573266628767888593088817059600076401582225549728184309047483547810100015820325082976781284679340880386138390518973395696206374336712856387090369022746536868747455939074262253452873845903
q = 99825079362327808334563489684167271427241139432727401182808888165552821217781929397837262324242177528386988701584385208395369790542025175917752058047649096340776854252623173162664426065810683048016574420043010318337693586527652970534982946701493024718805916479479658257730226388868060010370893747360166996939
n = 12646117645119414744807511144503229609414192869007113075368323921021672404219693075011763838210400633721060798765473421092201704833591315689681668160927426685183273670665030724394172000165517517884654100267567861284096827407481978978840602383267875832034344793848710383473014512122260278131503985961857107838296047172582364612603344429943715046318283653354068887129071531081918798285138812386418361474496678248683513378861801570673376726388110813411011818940310547686977359605296489433805717348250520973842927175837164120905300831792358190183785344002217291207378744610039145999012939983693891188308725179098958690917
c2 = 5211902378262010726785508340196935051860438587769647187076059600864676774592415052428465708887047312982844957691943180258845015420187239772414768121857728821510440178906193308448250067671679439841031484589864038401572589752057423667532898133171822921282769652197139455317095891357335645435094243006629469245881345449943250189771998449015275390517315432969774421721243965028796050948747282387052634211032729131656214346307483397410725129682422969273915759947596313513270946529649661334582775282060624547405060499311618257517792321792697831000977711752728887999320311631022598717946355057272761740061999974856808147244
'''

exp

# 库
from Crypto.Util.number import *
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad

c1 = 10274623386006297478525964130173470046355982953419353351509177330015001060887455252482567718546651504491658563014875
p = 126682770761631193509957156425049279522830651950325320826580754739365086374362604934854454428815835196844469535588686149210573266628767888593088817059600076401582225549728184309047483547810100015820325082976781284679340880386138390518973395696206374336712856387090369022746536868747455939074262253452873845903
q = 99825079362327808334563489684167271427241139432727401182808888165552821217781929397837262324242177528386988701584385208395369790542025175917752058047649096340776854252623173162664426065810683048016574420043010318337693586527652970534982946701493024718805916479479658257730226388868060010370893747360166996939
n = 12646117645119414744807511144503229609414192869007113075368323921021672404219693075011763838210400633721060798765473421092201704833591315689681668160927426685183273670665030724394172000165517517884654100267567861284096827407481978978840602383267875832034344793848710383473014512122260278131503985961857107838296047172582364612603344429943715046318283653354068887129071531081918798285138812386418361474496678248683513378861801570673376726388110813411011818940310547686977359605296489433805717348250520973842927175837164120905300831792358190183785344002217291207378744610039145999012939983693891188308725179098958690917
c2 = 5211902378262010726785508340196935051860438587769647187076059600864676774592415052428465708887047312982844957691943180258845015420187239772414768121857728821510440178906193308448250067671679439841031484589864038401572589752057423667532898133171822921282769652197139455317095891357335645435094243006629469245881345449943250189771998449015275390517315432969774421721243965028796050948747282387052634211032729131656214346307483397410725129682422969273915759947596313513270946529649661334582775282060624547405060499311618257517792321792697831000977711752728887999320311631022598717946355057272761740061999974856808147244
e = 0x10001
iv = b'flag{1fake_flag}'

# 非对称解密
phi = (p - 1) * (q - 1)
d = inverse(e, phi)
m = pow(c2, d, n)

key = long_to_bytes(m)
print(key) # flag{**********}
# 对称解密
ciphertext = long_to_bytes(c1)

# 创建AES解密对象
cipher = AES.new(key, AES.MODE_CBC, iv)

# 解密
plaintext_padded = cipher.decrypt(ciphertext)
print(plaintext_padded)

# 去除填充,没有这一步也能得到flag
flag = unpad(plaintext_padded, AES.block_size)
print(flag)

flag

ctfshow{Hybrid_password_system_is_chaos}

RE

PE

非预期：打开IDA

不过都考PE修复了，学一学

：http://t.csdnimg.cn/14ygR

文件头：

4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00
B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 F8 00 00 00

主要是这个：在这里插入图片描述

一个西瓜切两半你一半我一半

没想到key是” 一个西瓜切两半你一半我一半“愣愣用之前的key，怪不得

# -*- coding: GBK -*-

crypt = "乃乾觅甯剏乳厡侻丨厏扝乌博丿乜规甲剌乶厝侥丿卻扚丠厘丿乎覟瓬剤"
key = "一个西瓜切两半你一半我一半"
tmp = ""

for i in range(len(crypt)):
    tmp += chr((ord(crypt[i]) - ord(key[i % len(key)])) % 0x110000)

flag = ""
for i in tmp:
    flag += chr(ord(i) + 32)

print(flag)

easy_re

?暴力？

CTF='ctfshow'.encode()

def decript(L,n,password,k):
    T=[]
    for i in range(n):
        j=i%k
        T.append(L[i]^(0xff-password[j]))
    res=bytes(T)
    return CTF in res

def brute(fname):
    f=open(fname,'rb')
    exe=f.read()
    f.close()
    offset=0x2040
    n=622
    code=exe[offset:offset+n]
    L=list(code)
    charset=list(range(0x41,0x41+26))+list(range(0x61,0x61+26))
    R=[]
    for a in charset:
        for b in charset:
            for c in charset:
                r=decript(L,n,[a,b,c],3)
                #print(a,b,c,r)
                if r:
                    s=chr(a)+chr(b)+chr(c)
                    print(s,'is ok!!!')
                    R.append(s)
    print(R)
               

brute('ctfshow01.exe')