2023-Moectf-wp
不包含web; misc;pwn;web misc太基础;pwn不会!!我是菜鸡
一:古典密码
1、ezrot
考点:ROT系列
题解:
(1)题目
@64E7LC@Ecf0:D0;FDE020D:>!=60=6EE6C0DF3DE:EFE:@?04:!96C0tsAJdEA6d;F}%0N
rot系列解密得到flag
oectf{rot47_is_just_a_simPle_letter_substitution_ciPher_EDpy5tpe5juNT_}
2、vigenere
考点:vigenere
题解:
(1)题目
scsfct{wOuSQNfF_IWdkNf_Jy_o_zLchmK_voumSs_zvoQ_loFyof_FRdiKf_4i4x4NLgDn}
开头是moectf;可以推测出密钥为goodjob
moectf{vIgENErE_CIphEr_Is_a_lIttlE_hardEr_thaN_caEsar_CIphEr_4u4u4EXfXz}
3、不是“皇帝的新密码”
考点:vigenere
题解:
(1)题目:
scsfct{wOuSQNfF_IWdkNf_Jy_o_zLchmK_voumSs_zvoQ_loFyof_FRdiKf_4i4x4NLgDn}
(2)还是vigenere
4、可可的新围墙
考点:栅栏密码
题解:
moectf{F3nc3_ciph3r_shiFTs_3ach_l3TT3r_By_a_Giv3n_nuMB3r_oF_plac3s_Ojpj}
5、猫言喵语
考点:
题解:
(1)题目
喵喵? 喵喵喵喵喵喵喵喵喵喵喵喵 喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵? 喵喵喵喵喵? 喵喵喵喵喵?喵喵? 喵喵喵喵喵? 喵喵喵喵喵喵 喵喵喵喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵?喵喵喵 喵喵喵喵喵? 喵喵? 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵喵喵喵喵 喵喵喵喵喵喵喵喵? 喵喵? 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵喵喵喵喵 喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵?喵喵喵 喵喵喵喵喵? 喵喵喵喵喵?喵喵喵喵喵喵 喵喵喵喵喵?喵喵喵喵喵喵 喵喵喵 喵喵?喵喵喵喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵?喵喵喵 喵喵?喵喵?喵喵? 喵喵喵喵喵喵喵喵? 喵喵?喵喵?喵喵喵喵喵喵 喵喵喵喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵喵喵喵喵 喵喵?喵喵喵喵喵?喵喵? 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵喵喵喵?喵喵喵 喵喵?喵喵喵喵喵喵喵喵?
(2)Morse code”,是摩斯密码;斯密码只有两种符号,所以得把文件内容根据特征划分成两块。内容中的空格相当于分隔符,根据观察,可以看出”喵喵?”是一组,”喵喵喵”是一组,根据这个规律进行转换,得到如下内容
./----/-/--..-./.-./-./-../-./--/--/--..-./.-.-/-././--..-./.---/--././--..-./.---/-/--..-./.-.-/-./-.--/-.--/-/.--/--..-./..-/.../--./..--/--/--..-./.---/.-../--..-./-.-/.--.
moectf{THE_KAWAII_CAT_BUT_BE_CALLED_GOUZI_BY_RX}
二:Reverse
1、“天网”
考点:so文件提取分析
参考链接: https://blog.csdn.net/ULGANOY/article/details/136780906
2、ANDROID
考点:APK逆向
题解:
(1)签到题目
用户输入一个字符串;然后与key进行异或操作之后与enc进行比较
enc = [25, 7, 0, 14, 27, 3, 16, ord('/'), 24, 2, ord('\t'), ord(':'), 4, 1, ord(':'), ord('*'), 11, 29, 6, 7, ord('\f'), ord('\t'), ord('0'), ord('T'), 24, ord(':'), 28, 21, 27, 28, 16]
key = ['t', 'h', 'e', 'm', 'o', 'e', 'k', 'e', 'y']
def decrypt(enc, key):
result = []
key_length = len(key)
for i in range(len(enc)):
# 对每个字符进行 XOR 操作
decrypted_char = enc[i] ^ ord(key[i % key_length])
result.append(chr(decrypted_char))
return ''.join(result)
decrypted_text = decrypt(enc, key)
print("解密后的字符串:", decrypted_text)
3、Base64
考点:bse64魔改 pyc在线反编译
题解:
(1)pyc文件;首先在线反编译拿到源码
import base64
from string import *
str1 = 'yD9oB3Inv3YAB19YynIuJnUaAGB0um0='
string1 = 'ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba0123456789+/'
string2 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
flag = input('welcome to moectf\ninput your flag and I wiil check it:')
enc_flag = base64.b64encode(flag.encode()).decode()
enc_flag = enc_flag.translate(str.maketrans(string2, string1))
if enc_flag == str1:
print('good job!!!!')
else:
print('something wrong???')
exit(0)
(2)简单的一个换表base64;用户输入字符串之后base64加密与目标值进行对比;解密str1就行
import base64
str1 = 'yD9oB3Inv3YAB19YynIuJnUaAGB0um0='
string1 = 'ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba0123456789+/'
string2 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
translation_table = str.maketrans(string1, string2)
replaced_str = str1.translate(translation_table)
try:
flag = base64.b64decode(replaced_str).decode()
print("解密后的 flag:", flag)
except Exception as e:
print("解密失败:", e)
4、EQUATION
考点:Z3求解
5、GUI
考点:签到题目:只是增加了一个反调试而已
data= [0x0F, 0x3E, 0x30, 0x27, 0x13,0x01, 0x7D, 0x70, 0x70, 0x03,0x7D, 0x38, 0x0E, 0x7A, 0x23,0x7C, 0x0B, 0x1A, 0x3C, 0x7D,0x39, 0x7F, 0x3C, 0x4D, 0x4D,0x4D, 0x29]
for i in data:
print(chr((i ^ 0x51) + 5), end='')
6、RRRRRc4
考点:RC4
题解:
(1)题目
sub_7FF710DF3581("welcome to moectf!!!");
sub_7FF710DF3581("This is a very common algorithm ");
sub_7FF710DF3581("show your flag:");
sub_7FF710DF27F8("%s", input); // 输入
if ( sumlen(input) == 37 ) // 验证输入长度
{
RC4((int)v5, (int)v6, (int)input, 38, (__int64)v7, 10);// RC4加密
for ( j = 0; (unsigned __int64)j < 0x26; ++j )
{
if ( enc[j] == (unsigned __int8)input[j] )// RC4加密之后与enc内容比较
++v8;
}
}
if ( v8 == 37 )
sub_7FF710DF3973("right!flag is your input!");
else
sub_7FF710DF3973("try again~");
sub_7FF710DF4BCF(v3, &unk_7FF710EE2100);
return 0i64;
用户就是输入字符串之后然后进行RC4加密;然后在与enc进行比较;现在就需要找到密钥就行,密文已经知道;简单调试以下就知道密钥是v7
然后直接RC4解密
def rc4_decrypt(ciphertext, key):
S = list(range(256)) # 初始化 S-box
j = 0
key_length = len(key)
for i in range(256):
j = (j + S[i] + key[i % key_length]) % 256
S[i], S[j] = S[j], S[i] # 交换 S[i] 和 S[j]
i = j = 0
plaintext = []
for byte in ciphertext:
i = (i + 1) % 256
j = (j + S[i]) % 256
S[i], S[j] = S[j], S[i] # 交换 S[i] 和 S[j]
k = S[(S[i] + S[j]) % 256] # 生成伪随机字节
plaintext.append(byte ^ k) # 异或解密
return bytes(plaintext)
enc = [
27, 155, 251, 25, 6, 106, 181, 59, 124, 186,
3, 243, 145, 184, 182, 61, 138, 193, 72, 46,
80, 17, 231, 199, 79, 177, 39, 207, 243, 174,
3, 9, 178, 8, 251, 220, 34
]
key = b"moectf2023"
plaintext = rc4_decrypt(enc, key)
print("解密结果:", plaintext.decode('utf-8', errors='ignore'))
7、RUST
考点:XOR
题解:
(1)首先搜索定位main函数
(2)分析main函数;发现了数据和异或操作;输入的值和0x88进行异或操作
v25 = [
-27, -25, -19, -21, -4, -18, -13, -38, -3, -5,
-4, -41, -6, -19, -2, -41, -1, -31, -28, -28,
-41, -22, -19, -41, -23, -1, -18, -3, -71, -11
]
v25_unsigned = [x & 0xFF for x in v25]
xor_key = 0x88
decrypted = []
for byte in v25_unsigned:
decrypted.append(byte ^ xor_key)
flag = ''.join([chr(b) for b in decrypted])
print("解密结果:", flag)
8、Reverse入门指北
考点:签到;flag直接放你脸上了
moectf{F1rst_St3p_1s_D0ne}
9、SMC
考点:动态调试 SMC
(1)main函数
sub_401087(aPlzInputYourFl, v4);
sub_401023(aS, (char)v6);
sub_4011E0();//SMC函数
if ( sub_401050(v6) )
sub_401087(aGood, v5);
else
sub_401087(aTryAgainPlease, v5);
return 0;
}
发现SMC函数对sub_401050函数进行了加密;无法查看sub_401050函数;需要先调试对sub_401050函数解密;然后再看解密逻辑;发现就一个异或的逻辑;解密就行
10、UPX!
考点:upx脱壳
题解:
(1)首先脱壳处理;定位main函数
很简单;输入内容;然后与0x67异或;最后和enc比较;提取enc内容逆向
enc = [
10, 8, 2, 4, 19, 1, 28, 87, 15, 56,
30, 87, 18, 56, 44, 9, 87, 16, 56, 47,
87, 16, 56, 19, 8, 56, 53, 2, 17, 84,
21, 20, 2, 56, 50, 55, 63, 70, 70, 70,
26
]
xor_key = 0x67
decrypted = []
for byte in enc:
decrypted.append(byte ^ xor_key)
flag = ''.join([chr(b) for b in decrypted])
print("解密结果:", flag)
11、Xor
考点:XOR
enc = [
84, 86, 92, 90, 77, 95, 66, 96, 86, 76,
102, 82, 87, 9, 78, 102, 81, 9, 78, 102,
77, 9, 102, 97, 9, 107, 24, 68
]
xor_key = 0x39
decrypted = []
for byte in enc:
decrypted.append(byte ^ xor_key)
flag = ''.join([chr(b) for b in decrypted])
print("解密结果:", flag)
12、ezandroid
考点:APK逆向 迷宫问题 so文件
题解:
(1)定位代码:提示Try to reverse the native lib!
(2)将apk修改为zip找so文件;将so文件进行逆向
while ( 2 )
{
v3 = 0;
if ( *a1 )
v3 = *v4 != 42;
if ( v3 )
{
v1 = a1++;
switch ( *v1 )
{
case 'a':
--v4;
continue;
case 'd':
++v4;
continue;
case 's':
v4 += 15;
continue;
case 'w':
v4 -= 15;
continue;
default:
v6 = 0;
break;
}
}
else
{
v6 = *v4 == 35;
}
break;
}
return v6;
}
找到了迷宫和迷宫函数;那么正确的路径就是flag (15个一行)ssaassssdddddwwddddssss
13、junk_code
考点:花指令
题解:
(1)sub_45A9A0((int)Str, 18)和sub_459EBF((int)v7, 18)加密函数被加了花指令;无法反汇编;首先nop掉花指令
(2)nop花指令
(3)分析sub_459EBF函数发现是简单的XOR操作
for ( i = 0; i < MaxCount; ++i )
Str2[i] ^= 0x66u;
还原得到一部分flag _th3_junk_c0d3!!!}
encrypted_data = [
57, 18, 14, 85, 57, 12, 19, 8, 13, 57,
5, 86, 2, 85, 71, 71, 71, 27
]
xor_key = 0x66
decrypted_data = []
for byte in encrypted_data:
decrypted_data.append(byte ^ xor_key)
flag = ''.join([chr(b) for b in decrypted_data])
print("解密结果:", flag)
分析sub_45A9A0函数逆向还原得到第二部分flag
# 密文数组
encrypted_data = [
0x68, 0x6A, 0x60, 0x5E, 0x6F, 0x61, 0x76, 0x74, 0x2B, 0x70,
0x5A, 0x6D, 0x60, 0x68, 0x2B, 0x71, 0x2E, 0x5F
]
decrypted_data = []
for byte in encrypted_data:
decrypted_data.append(byte + 5)
flag = ''.join([chr(b) for b in decrypted_data])
print("解密结果:", flag)
14、unwind
考点:tea加密 反调试
题解:
(1)根据题目提示是tea加密和SEH;定位main函数
发现有混淆的操作和反调试;我先将MEMORY[0] = 0;的汇编代码nop掉就可以去除混淆操作了
nop掉这一段
然后nop掉mov;去除反调试函数
可以看出是TEA加密;提取一下密文
#include <stdint.h>
#include<stdio.h>
#include<iostream>
using namespace std;
void tea_decrypt(uint32_t* v, uint32_t* k) {
uint32_t sum = 0xC6EF3720;
uint32_t delta = 0x9e3779b9;
uint32_t v0 = v[0], v1 = v[1];
uint32_t k0 = k[0], k1 = k[1], k2 = k[2], k3 = k[3];
for (int i = 0; i < 32; i++) {
v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3);
v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1);
sum -= delta;
}
v[0] = v0;
v[1] = v1;
}
void fun(uint32_t *plaintext, uint32_t *key,int ok ) {
tea_decrypt(plaintext, key);
for (int i = 0 ; i < 2 ; i ++ ) {
int tmp = plaintext[i];
while (tmp) {
if(ok)
printf("%c", tmp % 0x100);
tmp /= 0x100;
}
}
}
int main() {
//0x55, 0x1A, 0x27, 0x6D, 0xEA, 0x8E, 0x4C, 0x5A
unsigned int byte_B8A000[16] = {
3832275802u,
1325565702u,
3251494723u,
3681261687u,
2571319439u,
3038942179u,
481361187u,
3471762405u,
732765487u,
4187493796u,
4196789208u,
1924604267u,
775095225u,
2079018201u,
4182288373u,
4231568784u,
};
uint32_t key[18] = {959666244, 13872, 0, 0, 1952673636u, 3371631u, 0u, 0u, 827872582u,
1431916353u,
78u,
0u,
1702245202u,
1919248754u,
0u,
0u,
};
int cd = 0;
for (int i = 0 ; i < 8 ; i += 2) {
fun(byte_B8A000 + i, key + cd , 1);
cd += 4;
}
cd = 0;
for (int i = 8 ; i < 16 ; i += 2) {
fun(byte_B8A000 + i, key + cd , 0);
cd += 4;
}
cd= 0;
for (int i = 8 ; i < 16 ; i += 2 , 1) {
fun(byte_B8A000 + i, key + cd,1);
cd += 4;
}
}
moectf{WoOo00Oow_S0_interesting_y0U_C4n_C41l_M3tW1c3_BY_Unw1Nd~}
三:Crypto
1、ABC
考点:二进制转二维码
题解:
(1)题目给出了a.npy b.npy c.npy Code in My Matrix A∗B∗CA∗B∗C;题目要求计算矩阵的乘积 A×B×CA×B×C,其中 AA、BB、CC 是从 .npy 文件中加载的矩阵
import numpy as np
# 从 .npy 文件中加载矩阵
A = np.load('a.npy')
B = np.load('b.npy')
C = np.load('c.npy')
# 计算矩阵乘积 A * B * C
result = np.dot(np.dot(A, B), C)
# 输出结果
print("Result of A * B * C:")
print(result)
得到了一个矩阵只包含 -1 1;猜测是二进制转二维码
import numpy as np
# 给定的二进制矩阵
binary_matrix = np.array([
[0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0],
[0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0],
[0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0],
[0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0],
[0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0],
[0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0],
[0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0],
[1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1],
[1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0],
[1, 1, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1],
[0, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0],
[1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1],
[0, 1, 0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0],
[0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1],
[1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 0, 0, 1, 0],
[0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0],
[1, 0, 0, 0, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 0, 0, 0, 1],
[0, 1, 1, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0],
[0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1],
[1, 1, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0],
[0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1],
[1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1, 1],
[0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0],
[0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0],
[0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1],
[0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0],
[0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 1, 1],
[0, 1, 1, 1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1],
[0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 1, 1]
])
# 将二进制矩阵转换为二进制字符串
binary_string = ''.join(str(bit) for row in binary_matrix for bit in row)
print("Binary String:", binary_string)
然后二进制转二维码(在线)
扫码得到flag
moectf{U_C4n_D0_uR_AipH4_B_See_2023}
2、Crypto 入门指北
考点:rsa
题解:
(1)题目给了一个python脚本;运行就是flag
moectf{weLCome_To_moeCTf_CRypTo_And_enjoy_THis_gAme!_THis_is_yoUR_fLAg!}
3、baby_e
考点:RSA—小e攻击(低解密指数攻击)
题解:
(1)属于比较弱智的题目:直接上脚本
from gmpy2 import iroot
import libnum
e=
n=
k = 0
while 1:
res=iroot(c+k*n,7)
if(res[1]==True):
print(libnum.n2s(int(res[0])))
break
k=k+1
3、bad_E
考点:RSA-e phi有限域不互素
from gmpy2 import *
from Crypto.Util.number import *
e = 65537
p=
q=
c=
n = p * q
phi_n = (p - 1) * (q - 1)
print(gcd(e, p - 1))
d = invert(e, (q - 1))
m = pow(c, d, q)
print(long_to_bytes(m))
4、bad_random
考点:MD5爆破
from itertools import product
import string
import hashlib
target_hash = "83990600a2ddb3a57dd150050df128f3"
suffix = "ZhZe"
# 生成所有4位字母+数字组合(共36^4=1,679,616种)
charset = string.digits + string.ascii_letters # 0-9 + a-z + A-Z
for chars in product(charset, repeat=4):
candidate = ''.join(chars) + suffix
if hashlib.md5(candidate.encode()).hexdigest() == target_hash:
print(f"Found: {''.join(chars)}")
exit()
5、crypto指北
考点:RSA
from Crypto.Util.number import * # 一个非常好用的crypto库
p = 0xe82a76eeb5ac63e054128e040171630b993feb33e0d3d38fbb7c0b54df3a2fb9b5589d1205e0e4240b8fcb4363acaa4c3c44dd6e186225ebf3ce881c7070afa7
q = 0xae5c2e450dbce36c8d6d1a5c989598fc01438f009f9b4c29352d43fd998d10984d402637d7657d772fb9f5e4f4feee63b267b401b67704979d519ad7f0a044eb
c = 0x4016bf1fe655c863dd6c08cbe70e3bb4e6d4feefacaaebf1cfa2a8d94051d21e51919ea754c1aa7bd1674c5330020a99e2401cb1f232331a2da61cb4329446a17e3b9d6b59e831211b231454e81cc8352986e05d44ae9fcd30d68d0ce288c65e0d22ce0e6e83122621d2b96543cec4828f590af9486aa57727c5fcd8e74bd296
e = 65537
n = p*q
phi = (p-1) * (q-1) # 你知道什么是 欧拉函数吗 [1]
d = pow(e, -1, phi) # 什么是乘法逆元? [2]
m = pow(c,d,n)
print(long_to_bytes(m))
6、ez_chain
考点:AES加密
题解:不会!
7、factor_signin
考点:RSA分解n
8、factorize_me!
题解:RSA
(1)题目
from Crypto.Util.number import getPrime
from math import prod
from sympy import nextprime
from random import choices
with open('flag.txt', 'rb') as fs:
flag = fs.read().strip()
primes = [getPrime(512) for _ in range(9)]#生成9个512素数
print(f"{prod(primes) = }")#输出素数的乘积
print(f"{prod(p - 1 for p in primes) = }")#每个素数减1的成绩
primes2 = [nextprime(p) for p in choices(primes, k=3)]#选取三个素数
n = prod(primes2)#三个素数的成绩
e = 65537
c = pow(int.from_bytes(flag, 'big'), e, n)
print(f'n = {n}')
print(f'e = {e}')
print(f'c = {c}')
(2)解密:很简单的一个逻辑
from Crypto.Util.number import *
e = 65537
c = 841335863342518623856757469220437045493934999201203757845757404101093751603513457430254875658199946020695655428637035628085973393246970440054477600379027466651143466332405520374224855994531411584946074861018245519106776529260649700756908093025092104292223745612991818151040610497258923925952531383407297026038305824754456660932812929344928080812670596607694776017112795053283695891798940700646874515366341575417161087304105309794441077774052357656529143940010140
p = 6991223361118904775931217829045348785013077549030883418924453538830605687999480005714979700653172534877541317997174968789510984315425270755055110913347349
q = 9987009117206906203158749743824168660291275882852229158070368815160479543708376165641735042845357978292384303332559592302507789120810447986634662721490849
r = 12876877424944854147075816504195994138450356002779004886384584287813869165469217718717854027672044903401715370348223932937626725119320180795716270261309141
n = p * q * r
phi = (p-1)*(q-1)*(r-1)
d = pow(e,-1,phi)
m = pow(c,d,n)
print(long_to_bytes(m))
#moectf{you_KNow_how_to_faCtorize_N_right?_9?WPIBung6?WPIBung6?WPIBund6?}
9、feistel
考点:DES Feistel算法
题解:(1)有点类似于==梅森旋转算法==
题目:
from Crypto.Util.number import *
round = 2
flag = open("./secret", "rb").read().strip()
def f(m, key):
m = m ^ (m >> 4)
m = m ^ (m << 5)
m = m ^ (m >> 8)
m ^= key
m = (m * 1145 + 14) % 2**64
m = (m * 1919 + 810) % 2**64
m = (m * key) % 2**64
return m
def enc(m, key, round):
key = bytes_to_long(key)
left = bytes_to_long(m[:8])
right = bytes_to_long(m[8:])
for i in range(round):
left, right = right, f(right, key) ^ left
left, right = right, left
return long_to_bytes(left).rjust(8, b"\x00") + long_to_bytes(right).rjust(8, b"\x00")
def padding(m):
mlen = len(m)
pad = 16 - mlen % 16
return m + pad * bytes([pad])
def ecb_enc(m, key):
m = padding(m)
mlen = len(m)
c = b""
for i in range(mlen // 16):
c += enc(m[i * 16 : i * 16 + 16], key, round)
return c
print(ecb_enc(flag, b"wulidego"))
# b'\x0b\xa7\xc6J\xf6\x80T\xc6\xfbq\xaa\xd8\xcc\x95\xad[\x1e\'W5\xce\x92Y\xd3\xa0\x1fL\xe8\xe1"^\xad'
feistel加密结构,加解密过程一样,就是轮密钥相反;而这里每轮密钥都是wulidego,所以说这个加解密是完全一样的
moectf{M@g1cA1_Encr1tion!!!}
10、feistel_promax
考点:DES Feistel算法
题解:
(1)相比于上一题,这题key不知,仅根据此条件根本无从下手,不过观察仔细的话会发现最后一行,加密的主体是padding(flag),而加密过程中又进行了一次padding,所以说进行了两次padding
from Crypto.Util.number import *
round = 2
def f(m, key):
m = m ^ (m >> 4)
m = m ^ (m << 5)
m = m ^ (m >> 8)
m ^= key
m = (m * 1145 + 14) % 2**64
m = (m * 1919 + 810) % 2**64
m = (m * key) % 2**64
return m
def dec(m, key, round):
key = bytes_to_long(key)
left = bytes_to_long(m[:8])
right = bytes_to_long(m[8:])
for i in range(round):
left, right = right, f(right, key) ^ left
left, right = right, left
return long_to_bytes(left).rjust(8, b"\x00") + long_to_bytes(right).rjust(8, b"\x00")
def ecb_dec(c, key):
clen = len(c)
m = b""
for i in range(clen // 16):
m += dec(c[i * 16 : i * 16 + 16], key, 2)
return m
m = b'\x10\x10\x10\x10\x10\x10\x10\x10'
ct = b'B\xf5\xd8gy\x0f\xaf\xc7\xdf\xabn9\xbb\xd0\xe3\x1e0\x9eR\xa9\x1c\xb7\xad\xe5H\x8cC\x07\xd5w9Ms\x03\x06\xec\xb4\x8d\x80\xcb}\xa9\x8a\xcc\xd1W\x82[\xd3\xdc\xb4\x83P\xda5\xac\x9e\xb0)\x98R\x1c\xb3h'
c = bytes_to_long(ct[-8:]) ^ bytes_to_long(m)
bin_c = bin(c)[2:].rjust(64,'0') # = f(M[8:],key),其中M = m * 2
k1 = [b'']
for i in range(1,5):
k2 = []
for KEY in k1:
for j in range(2**16):
key1 = long_to_bytes(j) + KEY
cc = f(bytes_to_long(m),bytes_to_long(key1)) # = f(M[8:],key)
bin_cc = bin(cc)[2:].rjust(64,'0')
if bin_cc[-16*i:] == bin_c[-16*i:]:
k2.append(key1)
k1 = k2
# print(k1)
# k1= [b'4t*zFD\xac\xb4', b'\xb4t*zFD\xac\xb4', b'\\q\x0f\x00w\xeb\xc1"', b'\xdcq\x0f\x00w\xeb\xc1"']
for KEY in k1:
flag = ecb_dec(ct,KEY)
print(flag)
# moectf{F_func_1s_n1t_Ve5y_$EcU%e}
11、giant_e
考点:rsa-维纳攻击
题解:
(1)题目给出的e很大;猜测可能是维纳攻击
12、minipack
考点:
13、n&n
考点:RSA—共模攻击
import gmpy2
from Crypto.Util.number import getPrime,long_to_bytes
e1 =
e2 =
n =
c1 =
c2 =
_,s1, s2 = gmpy2.gcdext(e1, e2)
m = pow(c1, s1, n) * pow(c2, s2, n) % n
print(long_to_bytes(m))
14、rsa_signin
考点:RSA—广播攻击
题解:
(1)题目给出了多组nc ;可能是广播攻击或者中国剩余定理;最后发现是广播攻击
from Crypto.Util.number import *
from gmpy2 import *
e = 65537
n1 = 17524722204224696445172535263975543817720644608816706978363749891469511686943372362091928951563219068859089058278944528021615923888948698587206920445508493551162845371086030869059282352535451058203615402089133135136481314666971507135484450966505425514285114192275051972496161810571035753943880190780759479521486741046704043699838021850105638224212696697865987677760179564370167062037563913329993433080123575434871852732981112883423565015771421868680113407260917902892944119552200927337996135278491046562185003012971570532979090484837684759828977460570826320870379601193678304983534424368152743368343335213808684523217
c1 = 6870605439714128574950893771863182370595667973241984289208050776870220326525943524507319708560433091378319367164606150977103661770065561661544375425887970907060665421562712515902428061727268441585629591525591001533188276465911918724808701356962871139957343861919730086334623932624184172272488406793955068827527130338853980609365042071290967556159598511667974987218999253443575482949258292953639729393456515185185102248985930422080581185292420347510600574229080211050520146551505605537486989306457793451086767402197128573781597156939709237045132856159368959981648969874765462190363842275826077556314448408825308218451
n2 = 24974121071274650888046048586598797033399902532613815354986756278905133499432183463847175542164798764762683121930786715931063152122056911933710481566265603626437742951648885379847799327315791800670175616973945640322985175516271373004547752061826574576722667907302681961850865961386200909397231865804894418194711076667760169256682834206788730947602211228930301853348503098156592000286467190760378847541148772869356389938999094673945092387627113807899212568399028514283219850734634544982646070106811651490010946670117927664594365986238107951837041859682547029079035013475238052160645871718246031144694712586073789250183
c2 = 10324627733161143472233272675096997859064721978612320424254305978486200326061730105384511258706433940176741256952824288120499229240005823611541292676234913505775165761543820764046537413943393325463602612485849366939102550336256797820440347815027443410399157963547486098366749815425187247171697678576246606105486928212486117878157055321965270364583625270716186820068538749425299073309429589410882809098930213978117176627031795312102177342499674234163614021182116065492884880492891668658240362567156235958605768725892407536211503981819707919444725863397622629226309480836486427388484176463279384813974310500625102568341
n3 = 14215826065753265334521416948225868542990756976323308408298887797364519400310818641526401662106853573185085731682502059761982246604277475488691297554851873224516934619888327644352138127883043558424300092247604877819821625587944308487310522092440517150600171819145803937177931473336108429889165189521078678397694303305705260759351843006130968234071638035667854938070597400634242396852782331461576526836227336952718230741560369621645218729592233657856104560425642219241082727756696967324334634822771842625681505869025740662258929200756109704988223034840699133778958569054445520305361142302393767439478256174414187983763
c3 = 415916446053083522663299405080903121619846594209033663622616979372099135281363175464579440520262612010099820951944229484417996994283898028928384268216113118778734726335389504987546718739928112684600918108591759061734340607527889972020273454098314620790710425294297542021830654957828983606433731988998097351888879368160881316237557097381718444193741788664735559392675419489952796677690968481917700683813252460912749931286739585465657312416977086336732056497161860235343155953578618273940135486362350057858779130960380833359506761436212727289297656191243565734621757889931250689354508999144817518599291078968866323093
n4 = 12221355905532691305226996552124162033756814028292708728711809229588190407700199452617060657420166395065565154239801465361510672853972152857415394695376825120759202857555325904640144375262531345320714166285999668052224661520834318497234299585219832943519644095197479639328120838919035625832361810964127485907587199925564724081163804724975965691571850962714258888527902920462746795712011579424322515292865504642938090200503979483095345893697972170153990274670257331483858538617460680462369680572833191232126527727222302641204529110948993583190295067970240051042000918629138767209918572311469915774910003970381965123241
c4 = 2248834602646305164283014556051672824689884721514190813323189875541899566338153534858709617544459297836048770439230174669883719627734394673012731609952869246171300132019334542245094425654362711870373095782083791160029789553806741967408922001051006100049326921742208757147339981269528740944842177729701945606827918253016001436218891580980192743564642120923356793292885805519110411357830040053435569937296612987581482128241218218550319154933831743819546558930918761162723110000328532730751591375727881221199739397698390594797621758011191224528339478784930214820615602510460640307707682865125229937141010351138099874025
n5 = 18152103454920389919231636321286527841833809319334215885641536161086810144890443857211776387914779781628740172079478910188540146498426564211851629962338413488555121865779016981727229209606498886170396500155102635962395243364899026418106378234307821492609778555173516000309435730752571818439328803899462791834490025768785383592935046996428331508608555503567191807692523852530836008436655164751054189301721070209363416058642811329040202582026786024825518381761299547703962502636888833428457116986351812252188468878701301184044948733274488264320930936362549028124581962244201377136969591119942276742760215403738913067567
c5 = 2797812094994121597295362327809389195134238119144547570610194659000554967367804835006774413888965325870488368112707535584687083342412367127561646136089638402907513075405746055834487062923240856950047936297155455745928810738711368950139327254040579266046642851362228893522740216519732851152162928545416236075387903789535000820423985522550638100049857678600662008021574841083416323980817348573062083159710189689337626277009675683473560325178417766400002763719953723259300977655801234386662217462862844994462505601804422871991694828697337752697234180117437785537788728412520613916334045368736691714704501962513954509705
n6 = 22877887459293720334652698748191453972019668578065068224653972884599636421200068659750242304040301306798039254241668648594556654589309801728248683586229288074709849246660525799452637187132633064172425677552176203292787732404537215347782229753837476655088638984496409603054524994383358547132112778403912563916886533181616856401929346567686400616307916690806467019665390260267596320840786982457521423178851498130935577260638269429250197050326097193841333205073650802709022947551398142692735680419453533128176592587955634333425401930362881423044363132586170013458300714163531162544301477356808388416864173949089028317961
c6 = 12271947322974809255127222556723394446467844330408506340843897575503534175121932185624776713618037572593449207329510171212097269297133492090526270770286000839978630002819714376964416081198925899119135271459404333829811516667576167576916805217016117373027245648473458331936273975110163065432285322832123169216976420362833557809289561705091817949915218278430834098156335989014645979633658818904753942786129126233956314517292746008579152368541316795082120147520597254020266752859205131887527661767589367756335766220841483940854397440079467053684289006956034944336788288196391829411432383541473132962783883758561108297747
n7 = 19844333358004073542783728196775487079202832688982038135532362073659058674903791697765527614270399097276261983744620537925712167578187109058145015032736796457938148615396547198728652435169126585595701228287449135664667959433491335769206692390262797325133960778920452511673878233190120432257482339068405290918739453464061987163074129048150451046315248186376609350095502130018696275764450248681787926130463463923862832714969425813770847493135627599129546112143050369344208092649256659330284904392961574494907186727388685504929586018639846040474616307662546605623294842316524163106100888851228858194942825157286544846177
c7 = 9531264751315473345056673937611382755236533664089452852716992791452558274873158812669513178040971923528201631609089069182049526587423864397527252061341857426422965190913745048414029690931254119437249218321954899956104589066479231204536856131403590472063496956452030342299863907499976917750846369802185896519725837163530049157920978007252920334447236842959033879772444475877613295594785710745889554296655932909212643500877218304116451889820444820534937901427158918411546484157737612926382420354101675658160847653151539420222526999426483473829341628599881460824765758346670633385844187252696874025582747177333702736465
n8 = 16956880944655068255446705024149899655327230949463546092744762226005904114738078692036960935391303255804754787864713189658290361949509917704853428701870609882427423574672772606814823959758208695540116440342488334213300943604780971422918744381486937517952553797134323570131582724393100092308466968491068503301604506186521656059375518680612292667310641047190088814753025794048591445267711939066523165042651430468971452726568222388482323097260496415484997546126185688914792795834046855221759289007609518312601640548469651358391745947588643697900883634533872314566389446271647587564348026861264979727062157272541149018781
c8 = 16110326928338602237561005337578085623028116490564329920738844771341250444164294693848130674347672763073995755532723894042946521372321947507527854966013459795492930736187058535665041545095683801386814190612817128504426590828954205050425979880047802547011117626354405687170961272200066258220699329112978151044633994329352673342582175349200008181837211288847301836681860817044391028992501763375849046751094019224570802498414368189170656992427042010362385494565216988561215657424755648213390551881450141899860811844684546992754530755092358644968088017107313907435586729574798046187046145596726569637758312033849476689378
n9 = 16472195897077185060734002588086375750797253422014472876266294484788862733424113898147596402056889527985731623940969291811284437034420929030659419753779530635563455664549165618528767491631867637613948406196511848103083967995689432928779805192695209899686072900265108597626632371718430059561807147486376536203800038054012500244392964187780217667805308512187849789773573138494622201856638931435423778275004491853486855300574479177472267767506041000072575623287557610576406578525902565241580838652860552046216587141709709405062150243990097835181557208274750462554811004137033087430556692966525170882625891516050207318491
c9 = 11867731823522211833301190385669833752050387304375114576570892885641949969365352586215693183003550684262313893105989683214739695968039039944442567581277252581988489020834299896625977474857889570528169919064941042132119301236852358823696947330423679033138054012027878783478922023431469564210485180679933264749281963405243082505688901662659030897104957499953192201440290084373968716271056483463909282407034181891901928790601973222643210525000717355062752079302291729448234374709852429885984987094307177760741403086538949190424454337896501402430653783597070178968921411867485584517214777073301007918941216316241784521708
n10 = 13890749889361612188368868998653029697326614782260719535555306236512452110708495623964530174188871342332417484996749651846510646453983388637377706674890018646246874688969342600780781646175634455109757266442675502522791531161284420286435654971819525519296719668701529481662071464145515727217108362496784024871976015116522898184301395037566514980846499856316532479656908169681719288258287756566886281183699239684997698487409138330229321935477734921670373632304542254938831218652340699024011371979519574576890581492623709896310465567043899767342676912434857372520308852745792360420376574037705943820090308501053778144141
c10 = 6250115196713939477947942995075509357173312813431601073354390451609559579925704891503987992181988654989477525811826607070378476102616752398280691012244301950194800995432882828020405062344160270290542566163969692748126314259624623341922057435728127596172871894887055305291345372720594481096374310285437492746765510292863238933163142677773310305789984897974266961231555124787205980411992251387207335655129551950825339766848166539671565212408741432649813058363660321480995187545006718837863674527475323414266732366507905974800565463011676462244368010182725161416783875646259625352308599198614681446394427674340328493047
n11 = 21457499145521259498911107987303777576783467581104197687610588208126845121702391694574491025398113729462454256070437978257494064504146718372095872819969887408622112906108590961892923178192792218161103488204912792358327748493857104191029765218471874759376809136402361582721860433355338373725980783308091544879562698835405262108188595630215081260699112737457564998798692048522706388318528370551365364702529068656665853097899157141017378975007689790000067275142731212069030175682911154288533716549782283859340452266837760560153014200605378914071410125895494331253564598702942990036163269043699029806343766286247742865671
c11 = 6269656777204332618433779865483197625538144405832409880710764183039800286008967127279281167109250083159801218370191973055663058165456565194979210256278526713608759141588082614531352489547674696723140599892318118960648862531538435596775798128845789504910467783731144808685373807716609662688064728614003904579841055786083326311313295311152563668422289435606771091246147867715987583149743032723028324394173498623642539175178996531881058274717907066845565199058931743481410454382746158558886667761300257488769795092777021292335562818583719708133179974425584610403335487082478848975656282384575767178925517257692365828720
for i in range(1, 12):
for j in range(i + 1, 12):
ni = eval("n" + str(i))
nj = eval("n" + str(j))
p = gcd(ni, nj)
if p > 1:
c = eval("c" + str(i))
q = ni // p
d = invert(e, (p - 1) * (q - 1))
flag = long_to_bytes(pow(c, d, ni))
print(flag)
14、|p-q|
考点:rsa p q很接近
题解:
(1)核心代码
p = getPrime(2048)
q = next_prime(p)
发现p 和q 很接近;直接对n进行开方得到p;然后计算下一个素数可以算出p
from Crypto.Util.number import *
from gmpy2 import *
flag = 307746143297103281117512771170735061509547958991947416701685589829711285274762039205145422734327595082350457374530975854337055433998982493020603245187129916580627539476324521854057990929173492940833073106540441902619425074887573232779899379436737429823569006431370954961865581168635086246592539153824456681688944066925973182272443586463636373955966146029489121226571408532284480270826510961605206483011204059402338926815599691009406841471142048842308786000059979977645988396524814553253493672729395573658564825709547262230219183672493306100392069182994445509803952976016630731417479238769736432223194249245020320183199001774879893442186017555682902409661647546547835345461056900610391514595370600575845979413984555709077635397717741521573798309855584473259503981955303774208127361309229536010653615696850725905168242705387575720694946072789441481191449772933265705810128547553027708513478130258801233619669699177901566688737559102165508239876805822898509541232565766265491283807922473440397456701500524925191214292669986798631732639221198138026031561329502985577205314190565609214349344303324429408234237832110076900414483795318189628198913032900272406887003325858236057373096880675754802725017537119549989304878960436575670784578550
n = 329960318345010350458589325571454799968957932130539403944044204698872359769449414256378111233592533561892402020955736786563103586897940757198920737583107357264433730515123570697570757034221232010688796344257587359198400915567115397034901247038275403825404094129637119512164953012131445747740645183682571690806238508035172474685818036517880994658466362305677430221344381425792427288500814551334928982040579744048907401043058567486871621293983772331951723963911377839286050368715384227640638031857101612517441295926821712605955984000617738833973829140899288164786111118033301974794123637285172303688427806450817155786233788027512244397952849209700013205803489334055814513866650854230478124920442832221946442593769555237909177172933634236392800414176981780444770542047378630756636857018730168151824307814244094763132088236333995807013617801783919113541391133267230410179444855465611792191833319172887852945902960736744468250550722314565805440432977225703650102517531531476188269635151281661081058374242768608270563131619806585194608795817118466680430500830137335634289617464844004904410907221482919453859885955054140320857757297655475489972268282336250384384926216818756762307686391740965586168590784252524275489515352125321398406426217
q = next_prime(isqrt(n))
p = n // q
assert p*q == n
e = 0x10001
phi = (p - 1)*(q - 1)
d = inverse(e, phi)
m = pow(flag, d, n)
print(long_to_bytes(m))
不包含web; misc;pwn;web misc太基础;pwn不会!!我是菜鸡