rsa107문제랑 거의 똑같다.
n값을 base-16 hex로 보면 rsa107문제처럼 중간에 0이 많이 있다.
000...000을 기준으로 앞 뒤 잘라서 factor을 찾으면
이렇게 나온다.
저 공통인수를 p로 두고 n/p 로 q를 구할 수 있다.
p랑 q 구했으니 d구해서 c 복호화하면 끝.
| System32.kr [RSA107] 풀이 (0) | 2021.01.18 |
|---|---|
| System32.kr [EZB64] 풀이 (0) | 2019.12.28 |
| System32.kr [RSA106] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA104] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
간만에 system32.kr 문제를 풀었다.
보면 모듈러 n 중간에 많은 0이 특징이다.
rsa 문제 풀이들을 찾아보다가
CTFtime.org / Crypto CTF 2020 / Decent RSA / Writeup
Tags: polynomials rsa Rating: 4.5
ctftime.org
이런 풀이인가 싶었는데, 여기 풀이는 n값이 대부분 0으로 구성되었을 때였다.
그러다가 포스트 하나를 찾았다.
A year of CTF RSA | Haven 4 BREAD
1년정도 CTF 뉴비로 있으면서 (아직도 뉴비지만) 겪었던 RSA 문제들의 유형을 대략 정리했습니다.
party4bread.github.io
오 출제자님 블로그
1234..00000000...1234 이런 식으로 구성되어 있으면 p나 q중에 하나는 100000...00 + z 형태를 취하고 있을 가능성이 높다.
따라서 n값을 0000...000을 기준으로 큰 부분을 a로 두고
작은 부분을 b로 두어 b/a를 계산하였더니 나누어 떨어졌다.
p = 1000...0000 + 961
이렇게 p와 q를 구할 수 있다.
| System32.kr [RSA108] 풀이 (0) | 2021.01.19 |
|---|---|
| System32.kr [EZB64] 풀이 (0) | 2019.12.28 |
| System32.kr [RSA106] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA104] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
코드는 이러하다 :
import flag
flag = flag.EZB64
story='''The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text-usually a Latin or Greek text-that students might be assigned to translate from the original language.
The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. "Heil Hitler," occurring at the end of a message, is another well-known example.
At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.
The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext. He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.
The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").
The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in the world wonders incident. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.
Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs._______
'''
import base64,random,string
table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
rtable = ''.join(random.sample(table,len(table)))
tb=string.maketrans(table,rtable)
orig=base64.b64encode(story+flag)
print(orig.translate(tb))
#Output : CpIMrXCk5u7MrSZoQcMsrsBy5LU45uKIQXKMGSBcQca0rpV4QxiI3cQ47pCw3qBwGuGMQYZt3cQ47p+45xIM5LKt3cQ4EpFgGwd/rSZZrpfwTuZsGul43LP45uJk7xCwrpGw3xe4jua1QsBeGLferXBIQpCwrsPgrVV4rcfwTursrpawTu7t3cn/3XP47xnkrpV43pMeGLZI3SB6QsBt3YKMQcit3cCIQsBeQcngQxiI7pM63sB6GsBIrpG6QcCtGxd03pngGyCIGxF47pCd7S11QyCI3piJrpV4OpneTud43yr4KyZMGu/47pCd7S1eTpnerXfe7uKM3YKkrp1tGxIerpZMrpnkQxMY3cCPrXK6rXKw5uJk3pneGqBcQca0rXKbGqB6QcMYTuJI3SB/5uJY7unYGqdESMKbGqBtGpCIrpZMTpMgGSBIrpfwTur4TLU47pII7SBoQYMz7pa/3x7tQyKkrX7MQcF43pa6TxMgGwBI7SBt3cf63LBwGuIM3Yft5ciMrpftQpIMQYKMjXl/rpZ17SBtGsBeTpCJrpIIGSBIrpf/7uF45uZ67Ll4Qxa0GqBy3yZPrpawrXBbQcnkGqBeTpnerp1tGxIerpZMrpCdQpCo7pCPrXK6rpZMrpMgrXKbGqBoTLBbGLZeGLIehSBeTpCJrX767uiPrpII7cF45q2s7xCPGxF/rsBIrXKMQyl47p+45YZM5u/4TuJe3wBt7Sd4qu547pIMTLr43yKbGLZyTLfMrXZI3cK63qBI7XKI5x0krpagrXKbGqBoTLBbGLr43ung5u7MGSBe3wBk3x1M7pM0GLU4QXZ6GXCoGqBeTpakGqBy3yZPQwB6Qs2bQXZMGcCw5uZ/jqP4QpIw5LfMQwz47pIMjqBy3yC/GSBN3cayrXKbGLP43uMYTXl45cF43xd47pIMrXZtGxIerXKw5ufNhsBLTpCgrXKb3yfMrX76QcKkrpawrXBbQcnkGLU45LBzGunwGul/rXKbGLP47xa13pl4GcCMGSBeTpF4QxCe7pMgGyU47pIMjqBb5ul47LfMGSBe3wBwGLGM5uz47pIM3qBs5ufNrpMg7p+47pIMrX7b3xiMrpCg5yZJQXKMGSB0GLfk5u7MrXK6rp763xl4GuGcGufeh4bEqud47pIMrpfIQxF43x54KuJtGx1IhSBeTpF4KxCw3ungrVItGx44lxa03ungGSBy5LU47cCwjqB0GLKt5yC/3yCkrpns3yCerXKbGqB67cCw5ui/rXfM5yCwTLKJrpacrXKbGqBn3cMY3uV4QyMk7pC0rpngGSB13cKMQYfe3xaPrXKbGqBz3yfkTuZ/GqBzQcas3pC0rpacrpfwTuZkhsBFTpF4GpnJhLK6huKIjqB6QpCw5LK6QYU/rpagrXKbGqB67pIMQsBb5uJPhSByGLZMrpiMQyU45xnwGuG13Sd4CpIMrVZ/GLKoTpiMjqBl5LZNrXKM5ue47xa13pl4GyCMQyU4Qxa0GqB6GsBeTpF4QpiITuJeGLIerpZIQxCPrXCz3xd47xIM3sBeTpF43uCkQxnYGqBy5LU4QxCg7Sz45uJPrpZJrXZM5xaY3cMvTuJYrXZ67LKt3cF43yBMQcneTuag5uz43uCkQxnYGLUgrVG6QsBt3Yfe5uJoGqz45qBP5uM/jqByGuneTpCwrXZMQpaw7SBy5LU47XZI3Yf0TLKeGul45YP47pIMrV7MQc1I3YU45Ll47pIMrXfI3uF47pM0GqBM7cCwjqBP5LPgrVK1GqBe3wBeTpF4QcCYTu1M3YKMGSBk7XM/GqB6GsB0Tuit7pnwjqBwGLB6QYKkhSBt7SBy3yC/GSBo3xJe5uMgrXKbGqBy3yZPrn7M7XKMQs2bKxCw3ungrpG6Qs2s7xCI7pIMQsrtrpnerXKbGqBk5u1Mrpi65xneTuagrpMgrpCxGLZJrp1MQyfIGxFgrSIh3cayTuJYrXKbGqB/3xfI3SByGuneTpCwrpf63cKt7pM63YU4TpC/QpCPrVZ/GLKoTpiMjqBl5LZNrp71GLfkrpaeTpCwrXBIQYKkrpacrXKbGqBz3pnt3YKMjXl45LU47xC/3SdtrVaeTpCwrpazGLZI7pawQwz47pa6hSBy3yC/GSBkGuJPrXfe5uJP5LZPrXfI3XCe5LKt3xJkrpawrpMg7XZ6GXCo7pM63YUgrVngrpacGcMoGLr4QyKI7pM63cCPrpMgrXKbGqBK5LKe5LZIrVKMQXZMQyft3xd45xagQxMk7pCg7piJrXZMQpaw7pCPrXKb5Ll4TpF4TpnPrpJ67pIt3cQ47p+4QcCz3yZehs2sqpCt3SBrTLK/GLr/rsB65xf1QYZt3cQ45Ll47pIMrpCgGSB6GsBIrp1MQyfIGxF/rpMkrpng3yKbGLr47xC/3S1N3cay3sBMjpn0QpiMh4bElLl4lciM7pfb3pCJrnBIQc/4Tud4Cxaw3pl4CxnwrVMZhSBk7XZM3YC67LU4GuGc3yZeQwByGLZMrp1IGpF47p+47LfMrSII3cl4GLGM3sBc3yZoGqBeTpF4KxCw3ungQwBe3wBzQcaP7ufMEqB0GLfk5u7MQwByTLKbrp0g3y7grXB/5uMg7pCd7Sd4KcawrpCd5u1z3pF/rX7bGud45yZt5YU47xCwGqB/5ufNTuJYhSBS3pCe5xI/GLP4FpnwTwBy3yC/GSBk3x1M7pM0GLU45LfNrXKbGqBq3yMI3SBBTLr4Kcaw5xF47p+4rYfMGulsrpV4Qpnw7pMo7uiIQsBIQcCIrpMgrXKbGqBm3yZeTSBOGuV47xMeTSB0TuJMQw2b5qBzQcaoGLfkrXKb5Ll45xn0GqBe3wBsGqBN3cay3sBIQwBY5LZPGuJt3cQ/rpZJrpas7cM67LU4QcCcGLZM3cfMEqd4CpIMrVCgTu705qB0GLfk5u7MQwBeTpnerX7MQcF4Qxa63sBkGuJerpa17SBy3yC/GSB03yferpitTxC/jqBo3xJe5uMgrXKbGqBg5u1MrpacrXKbGqBIQcCIrpawrXKbGqBb5LZs3yCwrXKbQcCI7pCgGul45YP47pIMrp1t3cCkh4bECpIMrV7MQc1I3YU47pIM3LfM3XGMQwBo3yC/GSBsGqBxGLZJrpno5xa03uaP5LKt3cQ4Tud47pItQwBwGu7IQclgrn7bGuJM7cCwrpngjqB6GsBeTpF47XCw3cCPrV7MQc1I3sBV3yCs3pF45yZ6QyU45u7M3YKkrXfM3Yl45qB0GLfk5u7MrSIyQcMe7pCgrpZJrXKbGqBSQcMeTLfbEqBe3wBeTpCtQsBwGLfzGufeTLGMrpII3cK/GLZkhSBeTpCJrpGwGLn1GuJe3XP43xZ/Tu7t3c7/jqBwGq1M3cfwjLBeGul47pIMrp1MQyfIGxF47xawGSBc3yr47xawGSB63sBn3cMY3uV4Gcawrpag7xnwGSBeQcngQx1tQyft3xd47p+4lcCw3pMgh4bECxIM3sBIrpfIQXK1QcCPrV7MQc1I3sBwGLGM5uiMGSB13cKMQsBt3YKMQYZ6GxneTuagrXKb5Ll4KuJtGx1IrpazGLZI7pawQwBb5ul45cCM3sBt3YfeQYCo7pCPrXK6rpCg5xaPGqBg7u1sGLZkrpZJrXfzGui/TuJYrXKbGue43yCehSBB3pngrnK1QcMgGwBwGLGtGL7MGSBPGufwjLBeGul43uCkQxnYGLU45uJPrpKM7pCw3uMgGul47pII7SBeTpF43YC05cCwrSZMTuJkrs2brcagGqrtrX7IQwBeTpF43uak7SBo3x103xd4QyKwTuJYrpMgrXKbGqBz3pnt3YKMjXlgrVIMrpn17pa05LKMGSBeTpF45yZt5sBzQcaoGLfkhSBoQcCI7pMgGwBeTpF4KuMgQwBA5LKI3paY7uF/rX7bTufbrpnkQyC0Gul47pII7S2sGuMgQwr47xnkrpCg5xaPGul45Ll45ui/rXB6QxMeTuagQwBt3sBeTpF4QpiITuJeGLIehsBFTpF45xne5ui6GyCMrpMg5xi1GpCPrpCxGLZJrXB6Qyft5ciMrXB6QxMeTuagrpacrXKbGqBx5LZt3yCkrXZ67pawQwz4QyKIQYKt3cQ4QpakTLKt3xJkhSBI3cl4TxCJQxCe7pMgGyU43x547pIMrVCgTu705qdESMKbGqBl3xitQx44lxMzTpCwrVZ1QcCI7qBb5ul43pMNGL7tQxF4GLIz3pat7pCPrSZoQcMsQwr4Tud47pIMrSZBOM443uCeTpaPrsBsGuG6QcF4Cxaw3pl4CxnwrVMZrSIeTpF4KxCw3ungQwQ47LfMrpacrSZBOsr/rV7MQc1I3sBc3yr4rYK6rsz4Gca/3payGul45YP4rM4srpnkrpV4QyBI5xCwrXK6rpG6Qce47pIMrXKMjXl4rPnmuSrth4bECpIMrnCgTLKMGSBO7pneGLU45uJPrVZwTLKITud47LfMGSB63cF07pM0GqBe5LBMrXfJQyKM3LU/rXf15x445LU47pIMrAF0CFfHhSBc3yr47pIMTLr43uak7SBkGuJkTLKt7cF47XZIGcGt5wd4CpIMQxF4GpCxTufMQwByGLZMrpM03LCgGqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNmwBb3y7M7cCwhSBeTpCJrX7MQcF4Qpat3Yl07p+0Qpat3Yl43pMgTyU45uJPrXZMQLCtQcCPrp1IQyft7cF4QyCzQpitGLU43x543xJMrXKt3uF47pnzGLUgrVJM7X76Qc0MGSBoTLBbGLr43unoTpMgGLU47xCwGqBo3xJkTuKMQcCPrXG13pJMQcns3pF47p+45yZt5YU/rpngGSBx5LZt3yCkrXKM5xIgTLn1GLU47xCwGqB1QxCPrXK6rpKtQx71TLfMrXKbGqBsGu7t3cJt3cQ45uJPrpCgGXU43x545qB0GLfk5u7MhSBt3cf/7uKt3cQ45yCe7pMgGwB0GLfk5u7MQwBt3sBb5uicrpngGSBkGuJPTuJYrXKbGqBkGuf63cl4Qpnw7SBcTLZk7SBI3cl45uKPTuJYrpJ63YfM3YfMrXBIGpKt3cQ45Ll45caeTSBM3cKkhsBFTpF43pne7pCwrXBw5ufeTufMrXZMQyC/7pCPrpMgrXKbGqBy3yZ/GSBy3xJPGLZkrpMg5xMPGuJehsBFTpF4qez0fwz4TuJeQcaP7ufMGSBt3sBeTpF43uMPhOVJfOBkhSBy5LU47pIMrpGtQYfernFgFwd45xMzTpCwrp1I5xIt3cF47pII7SBy5LU45xagQxMPGLZMGSBk5uGMrpnY5uMgQyl4TxJ67xd0QpiITuJeGLIerpne7pnoTwdESPf/5LfkTufI3SBoTLBbGLZkrpnwGqBejLBt5xn/3XP47YC/3cCw5uZ/GqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNhsBp3yr4GLII3LB/Gqz45qBA5uCk5Lr45xMzTpCwrpfI3sBsGqBk3xixGul47Lft3cQ45qBkTuJY3pF43pCe7pCwrpacrpf6QYZMQyB63cKt3cQ4QpiITuJeGLIerpngGSBoTLBbGLZeGLIerXK6rpKM5yZJQXl4GuJeTLZM3XPgrVV4GxCgGLZI3SB03xJ65uizTpnsGLKt5wBk7uZk7pMe7LKt3xd45xMzTpCwrpJMGuKkrXfM7cCw5uz45xIIQcno7pCwrXBITLZkrpngGSBk3x1Mrp71GLfkTuJYrpMcrXKbGLZMrpnwGqBcGL7MQsBeTpngrArxrpKtQyKt3cferXBITLZkhMaWL1aWL1+EKciIGy0eTpMkLxMkLyK631aMjMac3yZWCCat3cMeHye=
table = A-Za-z0-9+/
stroy에 flag를 붙여서 base64 인코딩을 하고, 랜덤으로 만든 테이블로 치환을 해서 출력을 한다.
만약
table=ABCDE
rtable=qwert
이면, A는 q로, B는 w로 치환하는 것이다.
flag를 얻기 위해서는 rtable를 구해야 한다.
샘플을 충분히 제공하기 때문에, rtable를 쉽게 구할 수 있다.
story만을 base64로 인코딩하면 VGhlIHVzYWdlICJjcmliIi....이 나오는데
이를 Output과 비교를 하게 되면 V->C, G->p, h->I 이렇게 1:1대응이 된다.
1:1 대응 리스트를 쫙 뽑아서 rtable를 만들고 rtable->table로 Output를 바꿔주어서 base64 디코딩을 하면 flag를 구할 수 있다.
python2
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
story='''The usage "crib" was adapted from a slang term referring to cheating (e.g., "I cribbed my answer from your test paper"). A "crib" originally was a literal or interlinear translation of a foreign-language text-usually a Latin or Greek text-that students might be assigned to translate from the original language.
The idea behind a crib is that cryptologists were looking at incomprehensible ciphertext, but if they had a clue about some word or phrase that might be expected to be in the ciphertext, they would have a "wedge," a test to break into it. If their otherwise random attacks on the cipher managed to sometimes produce those words or (preferably) phrases, they would know they might be on the right track. When those words or phrases appeared, they would feed the settings they had used to reveal them back into the whole encrypted message to good effect.
In the case of Enigma, the German High Command was very meticulous about the overall security of the Enigma system and understood the possible problem of cribs. The day-to-day operators, on the other hand, were less careful. The Bletchley Park team would guess some of the plaintext based upon when the message was sent, and by recognizing routine operational messages. For instance, a daily weather report was transmitted by the Germans at the same time every day. Due to the regimented style of military reports, it would contain the word Wetter (German for "weather") at the same location in every message. (Knowing the local weather conditions helped Bletchley Park guess other parts of the plaintext as well.) Other operators, too, would send standard salutations or introductions. An officer stationed in the Qattara Depression consistently reported that he had nothing to report. "Heil Hitler," occurring at the end of a message, is another well-known example.
At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines.
The Germans themselves could be very accommodating in this regard. Whenever any of the turned German Double cross agents sent a message (written by the British) to their respective handlers, they frequently obligingly re-encrypted the message word for word on Enigma for onward transmission to Berlin.
When a captured German revealed under interrogation that Enigma operators had been instructed to encode numbers by spelling them out, Alan Turing reviewed decrypted messages and determined that the number "eins" ("one") was the most common string in the plaintext. He automated the crib process, creating the Eins Catalogue, which assumed that "eins" was encoded at all positions in the plaintext. The catalogue included every possible position of the various rotors, starting positions, and keysettings of the Enigma.
The Polish Cipher Bureau had likewise exploited "cribs" in the "ANX method" before World War II (the Germans' use of "AN", German for "to", followed by "X" as a spacer to form the text "ANX").
The United States and Britain used one-time tape systems, such as the 5-UCO, for their most sensitive traffic. These devices were immune to known-plaintext attack; however, they were point-to-point links and required massive supplies of one time tapes. Networked cipher machines were considered vulnerable to cribs, and various techniques were used to disguise the beginning and ends of a message, including cutting messages in half and sending the second part first and adding nonsense padding at both ends. The latter practice resulted in the world wonders incident. The KL-7, introduced in the mid-1950s, was the first U.S. cipher machine that was considered safe against known-plaintext attack.
Classical ciphers are typically vulnerable to known-plaintext attack. For example, a Caesar cipher can be solved using a single letter of corresponding plaintext and ciphertext to decrypt entirely. A general monoalphabetic substitution cipher needs several character pairs and some guessing if there are fewer than 26 distinct pairs._______
'''
tran='''CpIMrXCk5u7MrSZoQcMsrsBy5LU45uKIQXKMGSBcQca0rpV4QxiI3cQ47pCw3qBwGuGMQYZt3cQ47p+45xIM5LKt3cQ4EpFgGwd/rSZZrpfwTuZsGul43LP45uJk7xCwrpGw3xe4jua1QsBeGLferXBIQpCwrsPgrVV4rcfwTursrpawTu7t3cn/3XP47xnkrpV43pMeGLZI3SB6QsBt3YKMQcit3cCIQsBeQcngQxiI7pM63sB6GsBIrpG6QcCtGxd03pngGyCIGxF47pCd7S11QyCI3piJrpV4OpneTud43yr4KyZMGu/47pCd7S1eTpnerXfe7uKM3YKkrp1tGxIerpZMrpnkQxMY3cCPrXK6rXKw5uJk3pneGqBcQca0rXKbGqB6QcMYTuJI3SB/5uJY7unYGqdESMKbGqBtGpCIrpZMTpMgGSBIrpfwTur4TLU47pII7SBoQYMz7pa/3x7tQyKkrX7MQcF43pa6TxMgGwBI7SBt3cf63LBwGuIM3Yft5ciMrpftQpIMQYKMjXl/rpZ17SBtGsBeTpCJrpIIGSBIrpf/7uF45uZ67Ll4Qxa0GqBy3yZPrpawrXBbQcnkGqBeTpnerp1tGxIerpZMrpCdQpCo7pCPrXK6rpZMrpMgrXKbGqBoTLBbGLZeGLIehSBeTpCJrX767uiPrpII7cF45q2s7xCPGxF/rsBIrXKMQyl47p+45YZM5u/4TuJe3wBt7Sd4qu547pIMTLr43yKbGLZyTLfMrXZI3cK63qBI7XKI5x0krpagrXKbGqBoTLBbGLr43ung5u7MGSBe3wBk3x1M7pM0GLU4QXZ6GXCoGqBeTpakGqBy3yZPQwB6Qs2bQXZMGcCw5uZ/jqP4QpIw5LfMQwz47pIMjqBy3yC/GSBN3cayrXKbGLP43uMYTXl45cF43xd47pIMrXZtGxIerXKw5ufNhsBLTpCgrXKb3yfMrX76QcKkrpawrXBbQcnkGLU45LBzGunwGul/rXKbGLP47xa13pl4GcCMGSBeTpF4QxCe7pMgGyU47pIMjqBb5ul47LfMGSBe3wBwGLGM5uz47pIM3qBs5ufNrpMg7p+47pIMrX7b3xiMrpCg5yZJQXKMGSB0GLfk5u7MrXK6rp763xl4GuGcGufeh4bEqud47pIMrpfIQxF43x54KuJtGx1IhSBeTpF4KxCw3ungrVItGx44lxa03ungGSBy5LU47cCwjqB0GLKt5yC/3yCkrpns3yCerXKbGqB67cCw5ui/rXfM5yCwTLKJrpacrXKbGqBn3cMY3uV4QyMk7pC0rpngGSB13cKMQYfe3xaPrXKbGqBz3yfkTuZ/GqBzQcas3pC0rpacrpfwTuZkhsBFTpF4GpnJhLK6huKIjqB6QpCw5LK6QYU/rpagrXKbGqB67pIMQsBb5uJPhSByGLZMrpiMQyU45xnwGuG13Sd4CpIMrVZ/GLKoTpiMjqBl5LZNrXKM5ue47xa13pl4GyCMQyU4Qxa0GqB6GsBeTpF4QpiITuJeGLIerpZIQxCPrXCz3xd47xIM3sBeTpF43uCkQxnYGqBy5LU4QxCg7Sz45uJPrpZJrXZM5xaY3cMvTuJYrXZ67LKt3cF43yBMQcneTuag5uz43uCkQxnYGLUgrVG6QsBt3Yfe5uJoGqz45qBP5uM/jqByGuneTpCwrXZMQpaw7SBy5LU47XZI3Yf0TLKeGul45YP47pIMrV7MQc1I3YU45Ll47pIMrXfI3uF47pM0GqBM7cCwjqBP5LPgrVK1GqBe3wBeTpF4QcCYTu1M3YKMGSBk7XM/GqB6GsB0Tuit7pnwjqBwGLB6QYKkhSBt7SBy3yC/GSBo3xJe5uMgrXKbGqBy3yZPrn7M7XKMQs2bKxCw3ungrpG6Qs2s7xCI7pIMQsrtrpnerXKbGqBk5u1Mrpi65xneTuagrpMgrpCxGLZJrp1MQyfIGxFgrSIh3cayTuJYrXKbGqB/3xfI3SByGuneTpCwrpf63cKt7pM63YU4TpC/QpCPrVZ/GLKoTpiMjqBl5LZNrp71GLfkrpaeTpCwrXBIQYKkrpacrXKbGqBz3pnt3YKMjXl45LU47xC/3SdtrVaeTpCwrpazGLZI7pawQwz47pa6hSBy3yC/GSBkGuJPrXfe5uJP5LZPrXfI3XCe5LKt3xJkrpawrpMg7XZ6GXCo7pM63YUgrVngrpacGcMoGLr4QyKI7pM63cCPrpMgrXKbGqBK5LKe5LZIrVKMQXZMQyft3xd45xagQxMk7pCg7piJrXZMQpaw7pCPrXKb5Ll4TpF4TpnPrpJ67pIt3cQ47p+4QcCz3yZehs2sqpCt3SBrTLK/GLr/rsB65xf1QYZt3cQ45Ll47pIMrpCgGSB6GsBIrp1MQyfIGxF/rpMkrpng3yKbGLr47xC/3S1N3cay3sBMjpn0QpiMh4bElLl4lciM7pfb3pCJrnBIQc/4Tud4Cxaw3pl4CxnwrVMZhSBk7XZM3YC67LU4GuGc3yZeQwByGLZMrp1IGpF47p+47LfMrSII3cl4GLGM3sBc3yZoGqBeTpF4KxCw3ungQwBe3wBzQcaP7ufMEqB0GLfk5u7MQwByTLKbrp0g3y7grXB/5uMg7pCd7Sd4KcawrpCd5u1z3pF/rX7bGud45yZt5YU47xCwGqB/5ufNTuJYhSBS3pCe5xI/GLP4FpnwTwBy3yC/GSBk3x1M7pM0GLU45LfNrXKbGqBq3yMI3SBBTLr4Kcaw5xF47p+4rYfMGulsrpV4Qpnw7pMo7uiIQsBIQcCIrpMgrXKbGqBm3yZeTSBOGuV47xMeTSB0TuJMQw2b5qBzQcaoGLfkrXKb5Ll45xn0GqBe3wBsGqBN3cay3sBIQwBY5LZPGuJt3cQ/rpZJrpas7cM67LU4QcCcGLZM3cfMEqd4CpIMrVCgTu705qB0GLfk5u7MQwBeTpnerX7MQcF4Qxa63sBkGuJerpa17SBy3yC/GSB03yferpitTxC/jqBo3xJe5uMgrXKbGqBg5u1MrpacrXKbGqBIQcCIrpawrXKbGqBb5LZs3yCwrXKbQcCI7pCgGul45YP47pIMrp1t3cCkh4bECpIMrV7MQc1I3YU47pIM3LfM3XGMQwBo3yC/GSBsGqBxGLZJrpno5xa03uaP5LKt3cQ4Tud47pItQwBwGu7IQclgrn7bGuJM7cCwrpngjqB6GsBeTpF47XCw3cCPrV7MQc1I3sBV3yCs3pF45yZ6QyU45u7M3YKkrXfM3Yl45qB0GLfk5u7MrSIyQcMe7pCgrpZJrXKbGqBSQcMeTLfbEqBe3wBeTpCtQsBwGLfzGufeTLGMrpII3cK/GLZkhSBeTpCJrpGwGLn1GuJe3XP43xZ/Tu7t3c7/jqBwGq1M3cfwjLBeGul47pIMrp1MQyfIGxF47xawGSBc3yr47xawGSB63sBn3cMY3uV4Gcawrpag7xnwGSBeQcngQx1tQyft3xd47p+4lcCw3pMgh4bECxIM3sBIrpfIQXK1QcCPrV7MQc1I3sBwGLGM5uiMGSB13cKMQsBt3YKMQYZ6GxneTuagrXKb5Ll4KuJtGx1IrpazGLZI7pawQwBb5ul45cCM3sBt3YfeQYCo7pCPrXK6rpCg5xaPGqBg7u1sGLZkrpZJrXfzGui/TuJYrXKbGue43yCehSBB3pngrnK1QcMgGwBwGLGtGL7MGSBPGufwjLBeGul43uCkQxnYGLU45uJPrpKM7pCw3uMgGul47pII7SBeTpF43YC05cCwrSZMTuJkrs2brcagGqrtrX7IQwBeTpF43uak7SBo3x103xd4QyKwTuJYrpMgrXKbGqBz3pnt3YKMjXlgrVIMrpn17pa05LKMGSBeTpF45yZt5sBzQcaoGLfkhSBoQcCI7pMgGwBeTpF4KuMgQwBA5LKI3paY7uF/rX7bTufbrpnkQyC0Gul47pII7S2sGuMgQwr47xnkrpCg5xaPGul45Ll45ui/rXB6QxMeTuagQwBt3sBeTpF4QpiITuJeGLIehsBFTpF45xne5ui6GyCMrpMg5xi1GpCPrpCxGLZJrXB6Qyft5ciMrXB6QxMeTuagrpacrXKbGqBx5LZt3yCkrXZ67pawQwz4QyKIQYKt3cQ4QpakTLKt3xJkhSBI3cl4TxCJQxCe7pMgGyU43x547pIMrVCgTu705qdESMKbGqBl3xitQx44lxMzTpCwrVZ1QcCI7qBb5ul43pMNGL7tQxF4GLIz3pat7pCPrSZoQcMsQwr4Tud47pIMrSZBOM443uCeTpaPrsBsGuG6QcF4Cxaw3pl4CxnwrVMZrSIeTpF4KxCw3ungQwQ47LfMrpacrSZBOsr/rV7MQc1I3sBc3yr4rYK6rsz4Gca/3payGul45YP4rM4srpnkrpV4QyBI5xCwrXK6rpG6Qce47pIMrXKMjXl4rPnmuSrth4bECpIMrnCgTLKMGSBO7pneGLU45uJPrVZwTLKITud47LfMGSB63cF07pM0GqBe5LBMrXfJQyKM3LU/rXf15x445LU47pIMrAF0CFfHhSBc3yr47pIMTLr43uak7SBkGuJkTLKt7cF47XZIGcGt5wd4CpIMQxF4GpCxTufMQwByGLZMrpM03LCgGqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNmwBb3y7M7cCwhSBeTpCJrX7MQcF4Qpat3Yl07p+0Qpat3Yl43pMgTyU45uJPrXZMQLCtQcCPrp1IQyft7cF4QyCzQpitGLU43x543xJMrXKt3uF47pnzGLUgrVJM7X76Qc0MGSBoTLBbGLr43unoTpMgGLU47xCwGqBo3xJkTuKMQcCPrXG13pJMQcns3pF47p+45yZt5YU/rpngGSBx5LZt3yCkrXKM5xIgTLn1GLU47xCwGqB1QxCPrXK6rpKtQx71TLfMrXKbGqBsGu7t3cJt3cQ45uJPrpCgGXU43x545qB0GLfk5u7MhSBt3cf/7uKt3cQ45yCe7pMgGwB0GLfk5u7MQwBt3sBb5uicrpngGSBkGuJPTuJYrXKbGqBkGuf63cl4Qpnw7SBcTLZk7SBI3cl45uKPTuJYrpJ63YfM3YfMrXBIGpKt3cQ45Ll45caeTSBM3cKkhsBFTpF43pne7pCwrXBw5ufeTufMrXZMQyC/7pCPrpMgrXKbGqBy3yZ/GSBy3xJPGLZkrpMg5xMPGuJehsBFTpF4qez0fwz4TuJeQcaP7ufMGSBt3sBeTpF43uMPhOVJfOBkhSBy5LU47pIMrpGtQYfernFgFwd45xMzTpCwrp1I5xIt3cF47pII7SBy5LU45xagQxMPGLZMGSBk5uGMrpnY5uMgQyl4TxJ67xd0QpiITuJeGLIerpne7pnoTwdESPf/5LfkTufI3SBoTLBbGLZkrpnwGqBejLBt5xn/3XP47YC/3cCw5uZ/GqBe3wBN3cay3s1z3pnt3YKMjXl45LKe5ufNhsBp3yr4GLII3LB/Gqz45qBA5uCk5Lr45xMzTpCwrpfI3sBsGqBk3xixGul47Lft3cQ45qBkTuJY3pF43pCe7pCwrpacrpf6QYZMQyB63cKt3cQ4QpiITuJeGLIerpngGSBoTLBbGLZeGLIerXK6rpKM5yZJQXl4GuJeTLZM3XPgrVV4GxCgGLZI3SB03xJ65uizTpnsGLKt5wBk7uZk7pMe7LKt3xd45xMzTpCwrpJMGuKkrXfM7cCw5uz45xIIQcno7pCwrXBITLZkrpngGSBk3x1Mrp71GLfkTuJYrpMcrXKbGLZMrpnwGqBcGL7MQsBeTpngrArxrpKtQyKt3cferXBITLZkhMaWL1aWL1+EKciIGy0eTpMkLxMkLyK631aMjMac3yZWCCat3cMeHye=
'''
import base64, string
table = string.ascii_uppercase + string.ascii_lowercase + string.digits + '+/'
table_dict = dict.fromkeys(table, '?')
#rtable = ''.join(random.sample(table,len(table)))
orig=base64.b64encode(story)
for i in range(0, len(orig)-4):
table_dict[orig[i]] = tran[i]
#print(orig[i]+";;"+tran[i])
tdv = table_dict.values()
rtable=""
for j in range(len(table)):
rtable += table_dict[table[j]]
print(rtable)
tb=string.maketrans(rtable,table)
btran = tran.translate(tb)
print(base64.b64decode(btran))
|
cs |
| System32.kr [RSA108] 풀이 (0) | 2021.01.19 |
|---|---|
| System32.kr [RSA107] 풀이 (0) | 2021.01.18 |
| System32.kr [RSA106] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA104] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
이번에는 작은 e값과 다른 n값이 주어질 때다.
문제를 보면 n, c값이 각각 7개가 주어진다.
n0 = 10022036265379037873283606776808482557866459308090111534883940865718177639983512662119342281119416241158033537298567286851709556229498058859877121683228774596682463530354223972067629198444968982788922250713559891865919261816911330848802614913631706032562776893224597357355324255263321117746371249374897281379618765006492730806494403308111072966637211560823960482878492897669436775113233218090173773953205373859777529204336743904524724605913439667291642450283502539056317167865950955271726411160185108661710605305209881749978968104668372320740311039079195405595564405545553067816984977942352952679613295335945453198237
e0 = 7
c0 = 7391172673494652807685679927464443742804469716124686497937352685631944739927403334100753118718810827819939551249092644730733640887813475157863909267732710966904033874563749607452101004880603517576015117231543666882714876053816889315304434716583902097326869862769223330226929267650196146699723546298777721549327230579524043853731525842228354074211952590809573512193002908675659981910521560218722078118583409532890190350278993572874200629804040761922640444870232404736174533503458666401049021690701120014711135662159756073554655169987524174160454336199103732766648969310872094773896573037726906071280884398964499625020
n1 = 5466545789924978392117734846441651025566944649290017587961487324101229594609777422305368037344954585418241587633957551279641772525768764611188988227720597556634650034264505822514430445671371902394845226110100975570935303274836520009041255673258743208173396958290432905543148641745168024380646078191379194650244323448918977124653886707963511968894925605598683697007725355334218510153808020236986866621440493131392397106674236875719949237921916816824901951782815445968997182425608119302657645645838081847911729329333764403590828687896595484627953582720022494684431177689169562431514156723717431880081981556861583018517
e1 = 7
c1 = 2843216698827041985234155126413219625102551967694195507616270458944256794024725727982775312996964360225107871298400288303715856835949437523897251998356574507142899492557143968158430397540293189973986706379386430519381858403628687144765951766733259166975201698201001559608435647196300391229794290104430338488390377935687114237067952186727947306540592887865659962691657932063711547531829312199823488118775597548579002212505954186919111624039557627729228692097539779090276034544147566301508294383730646789567286167983001460941761651651550106133788841812817514137482151210600991083197714286954280138543861307503606716687
n2 = 5216273350923762348996819172932047657740263255248423536832070896504436079290996116053910458202206066607495080005143242081376348478552546332314483414339219088245406077072653291793201707938210052137737032136008691204273974883871392886847900590411035963981133018158012140770585855836554605968542686051767074445169576528595295868833612083435959789899465479063315706805137423972403304919456897675923521668190245644201632092213606749130854730067502251227674778549657054487536558408785381601255488927062660442522496864532745842104460605804514922118066012819002689049981557892095296223518873642160006462186453091627377846719
e2 = 7
c2 = 2302840660982990706559514467752282608279989971179438892300937945447548784136021634663470424995563089657378083878340327507907273677046617011731588253183115962507981205380038591937454135692479378461272309601984068994340223460110011927750428790367899740123933101545519333275378177450046677349361228228756023343552737751276656981842493825940592644061106798477517795237715348144352954728534699021231559916391882314536204099649751257130666668855055343556693412599766542087842727824032038771853002304289245363376208213623603995010083510086051017014020583014841158059684157033215101586049552797894220844380611133865673630801
n3 = 23877677498268410284879275681599753946472064168982107017698987574875291853430610166705520818854679284024035965166084667071782959877626088875201104444061372210767667483286033873186027043018865270765379778972734594727020084433542927434622162385031073045949543728094450158066806302710336945902706311444702067892897382023369572561933840697091647190739941807440726157963736515169755622514090303488227644584510175870987096541366007967982302476854613123392400570876217436169696368690150208874814955767774660004903549034030453797617219708937501949676157124852802614561580437881345741238143591504284958256829966154954860310643
e3 = 7
c3 = 21542650580244090952784375188737468745448203348922868429406196302086271073676866277485976451720227641278427496915785578412784529024335740676758107987503859146577358215708248682437455044274509620470752764937668805057881069241160619380098319880566533327878406656365405208233812965208982731078254898819598904848966997244978017829737683687504578693319927257965587343277686790692897770069007188699761774062935389828173866322096724684461746266895396261083359145450376711339892131239899937109104845549497760224715797430549267596702844680269969086579967938513817206661072633561450576990683873838952925270459005180113251070249
n4 = 14095304106189288640829933284328100925981109805290171926596523882500992828050689610054551419208961617895244032677408948518722739184220513962788253695294440224817835843547289773514113860609727834208120554675150777100035341397359695754443831969620545126239117460426602273999534524462242741389375433175237422632997941648269022097426901783701566115072520388843879171454672942810241915423341751813855234874758865121037886735845464875242609743056346324057991215234482527871877337706502944703023808957350962273199545033462807203671480858363579332623386369851297631986187711675134368500976725781503614885257984375549898158689
e4 = 7
c4 = 5841298358718613696062311056221508337701416292725004974138314539876150378702426703549430117040191903647122061403407396288001626124108215908094632322171004807595060730467760110047822011747633210272450557602443585240325321882265082987790788937409746656818781811819115452970840966600299402274664167896074281874767663751931697405940475209595160606989446399735956632932740140774120362773964862067823210273048778380937955790417026758705126758582714675929109140032046187572583702405164513719448544031934183587141634161632757693697249167749952737814924049718225194470053426092226496663009906557955566430066736079650924094775
n5 = 2805822354201662117320594043711993782804865769293499426012360087817858551003001395302163740603703828195195932459444805174556152674013174027197071452536007720377642902614079800876454139985267840390802982000981391589121247087945323071621814892873054291187100453510563927190923456819020327967812411342557586095287060637718034456241630931342321644065932761169946330107762168341828247523519427454538373734712173180277190763105614286976239296025622448068573996830818370176355468420604889972971911137825122031079799394840034520000378583048365213663261323826755042085539056699658078298352991498848183741926741253336809983081
e5 = 7
c5 = 1840296233218477853481534562215626625414182376149520279565477106636326502423629202398872352247072974928247089059258779616805363438919346177179751144150840146502100528681001973857981344372271699254564085124019490542816704779558116713918712764905289545904746631301089653173086838314931849726257101196974182707388814949943497825270433233859953596462571591644141313685767121169211812959266024665387037379326240471760061808331954030889737904363024686917008151847474903564630772753685195974245871917099262116749552267414561620711561171348300446183668428521497810537883987976853838751652062973640912281502768323552961119727
n6 = 25454009749168470343695633209096091829115329722572151778843118833425745470034996921255287732666381145235781038972818879902175747917173596391714646458631517429967987558853821226063117620100131280109980358660151611745478185529770001530290709260636770225215186800776097876644514962324976911466656250316831758848397129882568596479711529118559633884457580705072157006277242414838614921959845416195868135339484150235079747708585021249992266719965641249640344662274664797188479304252760363884135230450876493335745378727727079727827645384850449255019980920544237025044248135670516643488962958548195014144666470074377908386063
e6 = 7
c6 = 789032093589329919433103064912734499692800138044594105985741187192587133548423627123979828515942204884228205644612915396782678903901468096055669312556620684388723470685365523376229767716532460150705694588934426363146781448912873886792079146178749619507171787017137430583992061952004088013585625578578697225347700205144867425958935656640766720643294601810945228322481781587820554087577038637902482084286507222529109418279162740318995563410236088568237694026601631788889001088963413678782229872782538151806577918829849586853938669782376616395525544507480942096894639889844916812413303666411186051339002485237155449662
RSA for CTF
1. d 값 계산복호화를 하기 위해 d 값이 필요한데, e 값이 주어지고 d 값을 모르는 경우가 대부분이다.e * ...
blog.naver.com
'5. 하스타드 공격'에 나와있는 코드를 수정하여 문제를 풀었다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | import binascii from Crypto.PublicKey import RSA from base64 import b64decode print "\n" print "\t~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" print "\t RSA Hastad Attack " print "\t JulesDT -- 2016 " print "\t License GNU/GPL " print "\t~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" def chinese_remainder(n, a): sum = 0 prod = reduce(lambda a, b: a*b, n) for n_i, a_i in zip(n, a): p = prod / n_i sum += a_i * mul_inv(p, n_i) * p return sum % prod def mul_inv(a, b): b0 = b x0, x1 = 0, 1 if b == 1: return 1 while a > 1: q = a / b a, b = b, a%b x0, x1 = x1 - q * x0, x0 if x1 < 0: x1 += b0 return x1 def find_invpow(x,n): high = 1 while high ** n < x: high *= 2 low = high/2 while low < high: mid = (low + high) // 2 if low < mid and mid**n < x: low = mid elif high > mid and mid**n > x: high = mid else: return mid return mid + 1 def parseC(argv, index, verbose): import string file = open(argv[index],'r') cmd = ' '.join(argv) fileInput = ''.join(file.readlines()).strip() if '--decimal' in cmd: if verbose: print "##" print "##",fileInput print "## Considered as decimal input" print "##" return long(fileInput) elif '--hex' in cmd: if verbose: print "##" print "##",fileInput print "## Considered as hexadecimal input" print "##" return long(fileInput,16) elif '--b64' in cmd: if verbose: print "##" print "##",fileInput print "## Considered as base64 input" print "##" return long(binascii.hexlify(binascii.a2b_base64(fileInput)),16) else: try: fileInput = long(fileInput) if verbose: print "##" print "##",fileInput print "## Guessed as decimal input" print "##" return long(fileInput) except ValueError: if all(c in string.hexdigits for c in fileInput): if verbose: print "##" print "##",fileInput print "## Guessed as hexadecimal input" print "##" return long(fileInput,16) else: if verbose: print "##" print "##",fileInput print "## Guessed as base64 input" print "##" return long(binascii.hexlify(binascii.a2b_base64(fileInput)),16) pass def parseN(argv,index): file = open(argv[index],'r') fileInput = ''.join(file.readlines()).strip() try: fileInput = long(fileInput) return fileInput except ValueError: from Crypto.PublicKey import RSA return long(RSA.importKey(fileInput).__getattr__('n')) pass if __name__ == '__main__': e = 7 n1 = 10022036265379037873283606776808482557866459308090111534883940865718177639983512662119342281119416241158033537298567286851709556229498058859877121683228774596682463530354223972067629198444968982788922250713559891865919261816911330848802614913631706032562776893224597357355324255263321117746371249374897281379618765006492730806494403308111072966637211560823960482878492897669436775113233218090173773953205373859777529204336743904524724605913439667291642450283502539056317167865950955271726411160185108661710605305209881749978968104668372320740311039079195405595564405545553067816984977942352952679613295335945453198237 n2 = 5466545789924978392117734846441651025566944649290017587961487324101229594609777422305368037344954585418241587633957551279641772525768764611188988227720597556634650034264505822514430445671371902394845226110100975570935303274836520009041255673258743208173396958290432905543148641745168024380646078191379194650244323448918977124653886707963511968894925605598683697007725355334218510153808020236986866621440493131392397106674236875719949237921916816824901951782815445968997182425608119302657645645838081847911729329333764403590828687896595484627953582720022494684431177689169562431514156723717431880081981556861583018517 n3 = 5216273350923762348996819172932047657740263255248423536832070896504436079290996116053910458202206066607495080005143242081376348478552546332314483414339219088245406077072653291793201707938210052137737032136008691204273974883871392886847900590411035963981133018158012140770585855836554605968542686051767074445169576528595295868833612083435959789899465479063315706805137423972403304919456897675923521668190245644201632092213606749130854730067502251227674778549657054487536558408785381601255488927062660442522496864532745842104460605804514922118066012819002689049981557892095296223518873642160006462186453091627377846719 n4 = 23877677498268410284879275681599753946472064168982107017698987574875291853430610166705520818854679284024035965166084667071782959877626088875201104444061372210767667483286033873186027043018865270765379778972734594727020084433542927434622162385031073045949543728094450158066806302710336945902706311444702067892897382023369572561933840697091647190739941807440726157963736515169755622514090303488227644584510175870987096541366007967982302476854613123392400570876217436169696368690150208874814955767774660004903549034030453797617219708937501949676157124852802614561580437881345741238143591504284958256829966154954860310643 n5 = 14095304106189288640829933284328100925981109805290171926596523882500992828050689610054551419208961617895244032677408948518722739184220513962788253695294440224817835843547289773514113860609727834208120554675150777100035341397359695754443831969620545126239117460426602273999534524462242741389375433175237422632997941648269022097426901783701566115072520388843879171454672942810241915423341751813855234874758865121037886735845464875242609743056346324057991215234482527871877337706502944703023808957350962273199545033462807203671480858363579332623386369851297631986187711675134368500976725781503614885257984375549898158689 n6 = 2805822354201662117320594043711993782804865769293499426012360087817858551003001395302163740603703828195195932459444805174556152674013174027197071452536007720377642902614079800876454139985267840390802982000981391589121247087945323071621814892873054291187100453510563927190923456819020327967812411342557586095287060637718034456241630931342321644065932761169946330107762168341828247523519427454538373734712173180277190763105614286976239296025622448068573996830818370176355468420604889972971911137825122031079799394840034520000378583048365213663261323826755042085539056699658078298352991498848183741926741253336809983081 n7 = 25454009749168470343695633209096091829115329722572151778843118833425745470034996921255287732666381145235781038972818879902175747917173596391714646458631517429967987558853821226063117620100131280109980358660151611745478185529770001530290709260636770225215186800776097876644514962324976911466656250316831758848397129882568596479711529118559633884457580705072157006277242414838614921959845416195868135339484150235079747708585021249992266719965641249640344662274664797188479304252760363884135230450876493335745378727727079727827645384850449255019980920544237025044248135670516643488962958548195014144666470074377908386063 c1 = 7391172673494652807685679927464443742804469716124686497937352685631944739927403334100753118718810827819939551249092644730733640887813475157863909267732710966904033874563749607452101004880603517576015117231543666882714876053816889315304434716583902097326869862769223330226929267650196146699723546298777721549327230579524043853731525842228354074211952590809573512193002908675659981910521560218722078118583409532890190350278993572874200629804040761922640444870232404736174533503458666401049021690701120014711135662159756073554655169987524174160454336199103732766648969310872094773896573037726906071280884398964499625020 c2 = 2843216698827041985234155126413219625102551967694195507616270458944256794024725727982775312996964360225107871298400288303715856835949437523897251998356574507142899492557143968158430397540293189973986706379386430519381858403628687144765951766733259166975201698201001559608435647196300391229794290104430338488390377935687114237067952186727947306540592887865659962691657932063711547531829312199823488118775597548579002212505954186919111624039557627729228692097539779090276034544147566301508294383730646789567286167983001460941761651651550106133788841812817514137482151210600991083197714286954280138543861307503606716687 c3 = 2302840660982990706559514467752282608279989971179438892300937945447548784136021634663470424995563089657378083878340327507907273677046617011731588253183115962507981205380038591937454135692479378461272309601984068994340223460110011927750428790367899740123933101545519333275378177450046677349361228228756023343552737751276656981842493825940592644061106798477517795237715348144352954728534699021231559916391882314536204099649751257130666668855055343556693412599766542087842727824032038771853002304289245363376208213623603995010083510086051017014020583014841158059684157033215101586049552797894220844380611133865673630801 c4 = 21542650580244090952784375188737468745448203348922868429406196302086271073676866277485976451720227641278427496915785578412784529024335740676758107987503859146577358215708248682437455044274509620470752764937668805057881069241160619380098319880566533327878406656365405208233812965208982731078254898819598904848966997244978017829737683687504578693319927257965587343277686790692897770069007188699761774062935389828173866322096724684461746266895396261083359145450376711339892131239899937109104845549497760224715797430549267596702844680269969086579967938513817206661072633561450576990683873838952925270459005180113251070249 c5 = 5841298358718613696062311056221508337701416292725004974138314539876150378702426703549430117040191903647122061403407396288001626124108215908094632322171004807595060730467760110047822011747633210272450557602443585240325321882265082987790788937409746656818781811819115452970840966600299402274664167896074281874767663751931697405940475209595160606989446399735956632932740140774120362773964862067823210273048778380937955790417026758705126758582714675929109140032046187572583702405164513719448544031934183587141634161632757693697249167749952737814924049718225194470053426092226496663009906557955566430066736079650924094775 c6 = 1840296233218477853481534562215626625414182376149520279565477106636326502423629202398872352247072974928247089059258779616805363438919346177179751144150840146502100528681001973857981344372271699254564085124019490542816704779558116713918712764905289545904746631301089653173086838314931849726257101196974182707388814949943497825270433233859953596462571591644141313685767121169211812959266024665387037379326240471760061808331954030889737904363024686917008151847474903564630772753685195974245871917099262116749552267414561620711561171348300446183668428521497810537883987976853838751652062973640912281502768323552961119727 c7 = 789032093589329919433103064912734499692800138044594105985741187192587133548423627123979828515942204884228205644612915396782678903901468096055669312556620684388723470685365523376229767716532460150705694588934426363146781448912873886792079146178749619507171787017137430583992061952004088013585625578578697225347700205144867425958935656640766720643294601810945228322481781587820554087577038637902482084286507222529109418279162740318995563410236088568237694026601631788889001088963413678782229872782538151806577918829849586853938669782376616395525544507480942096894639889844916812413303666411186051339002485237155449662 n = [n1,n2,n3,n4,n5,n6,n7] a = [c1,c2,c3,c4,c5,c6,c7] result = (chinese_remainder(n, a)) resultHex = str(hex(find_invpow(result,e)))[2:-1] print "" print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" print "Decoded Hex :\n",resultHex print "---------------------------" print "As Ascii :\n",resultHex.decode('hex') print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" | cs |
FLAG : FLAG{}
| System32.kr [RSA107] 풀이 (0) | 2021.01.18 |
|---|---|
| System32.kr [EZB64] 풀이 (0) | 2019.12.28 |
| System32.kr [RSA104] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA103] 풀이 (0) | 2019.05.19 |
RSA와 관련하여 다양한 공격들이 정리되어 있는 포스트 :
RSA for CTF
1. d 값 계산복호화를 하기 위해 d 값이 필요한데, e 값이 주어지고 d 값을 모르는 경우가 대부분이다.e * ...
blog.naver.com
n : 3032477561712159969038624247612606302727093197744745572360777744993048030579151290131884950670071512201722458811242592707243074323418373868073398996531180136126242688542841461913438478172053913773719857973056957510415089185531311916330433139160859155532409659622858101341629671133093910407988882203728644794239348874379289178268208136028146328608462805956004322306707963431825015814504527120066991706462521947050575789728072629790386979812591216920320695619189898158302924158362481320767791340177005794951187859952230300784183151549243274733552565133526078458260073961873518009693814714967027162359505297313081834097
e : 1284326209972781865603077160971589716597082902272211399147338196589345961573850891014620874113849550830317643345862732752124534686326463252899962000181188143162889928709347890165345017914959645496102666603718956753486894961504533642515954173645086524281277713918605331772209589332254176733343767685347067353884996601325356300748766439627935771840516032698936889600866124222228999743139709077148311384874536127451456213137422854764346519585961972790189180618601186990003649947864963747868420118048077351758919340934501383717797396822778472985089935849274746400142421412113278085759384358033116596950545779218825432105
c : 1806317310369980009932706441907756891122685977239032637376117653939592629181132498482038670618195984694250867867129559863693561069046351110958045303559854954588234447977692922829988785926862451801584819310702407585491177718755152055518733553927421577214740347956274468684747058682785453167186126384869898095355009620193273626895484591988153555158110880196986268949355968500092832237411654394295951441648748044375864656268901973180401377014754165200068392806529746504801815744345095507516459256483869799173054189822960434563127784898151685448212418354649354925633786590825084141495329161421555698179241894408873422390
e가 매우 크므로 위너 공격을 사용하면 된다. 위에 올려둔 포스트대로 코드를 수정하여 사용했다.
그러면 d값을 구할 수 있다.
Hacked!
D = 1235441821
복호화 작업
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
def powermod4(a, b, n):
if b == 1:
return a % n
r = powermod4(a, b / 2, n)
r = r * r % n
if (b & 1) == 1:
r = r * a % n
return r
#c^d mod N
#a^b mod c
a = 1806317310369980009932706441907756891122685977239032637376117653939592629181132498482038670618195984694250867867129559863693561069046351110958045303559854954588234447977692922829988785926862451801584819310702407585491177718755152055518733553927421577214740347956274468684747058682785453167186126384869898095355009620193273626895484591988153555158110880196986268949355968500092832237411654394295951441648748044375864656268901973180401377014754165200068392806529746504801815744345095507516459256483869799173054189822960434563127784898151685448212418354649354925633786590825084141495329161421555698179241894408873422390
b = 1235441821
c = 3032477561712159969038624247612606302727093197744745572360777744993048030579151290131884950670071512201722458811242592707243074323418373868073398996531180136126242688542841461913438478172053913773719857973056957510415089185531311916330433139160859155532409659622858101341629671133093910407988882203728644794239348874379289178268208136028146328608462805956004322306707963431825015814504527120066991706462521947050575789728072629790386979812591216920320695619189898158302924158362481320767791340177005794951187859952230300784183151549243274733552565133526078458260073961873518009693814714967027162359505297313081834097
print powermod4(a, b, c)
|
cs |
나온 값 -> hex -> ascii
FLAG : FLAG{}
| System32.kr [EZB64] 풀이 (0) | 2019.12.28 |
|---|---|
| System32.kr [RSA106] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA103] 풀이 (0) | 2019.05.19 |
| System32.kr [Cert] 풀이 (0) | 2018.10.12 |
RSA105 풀이 : e가 매우 작은 경우
n : 14563994539777678316321336781712344883711529518189434139233680882263409604514153869699501702104322682479573897503872406635890483506906896813982089686642192006130896329932374470690714494675193648369783731927754727548782563723442681780574596631901415395263336968261396444462141129255716197310580275877681304858562705807686921384452565148850113267428665758030506035314679252439022969913295597306528946210184007253645129375949497711293612867692547866985135149571625792745784234869796370504461309988327790266777539646009367784188629367635437858554533733747458534618750336302736798813966890424262766487012612696221075689613
e : 7
c : 3257687211413179849713234287228115652852064803596545802006316144655701336714918948672668217982037728069055370417273850104541474476810598369542627961429180060096555295519064954697207788677528957569208943432299557549774333187664920215674167987939460257141632237998790136575185293301081863083862494006009415801599660234577382347813571039134562532471377834137776834839392965274882404992875421226913724316557631483699200757
e의 값이 7로 매우 작고 N은 매우 크다. 이 경우 M^e mod N = c 에서 mod N 과정을 거치지 않게 되어 M^e = c가 된다. 그럼 c의 e제곱근이 M이 된다.
1 2 3 4 5 6 7 | import gmpy2 num=3257687211413179849713234287228115652852064803596545802006316144655701336714918948672668217982037728069055370417273850104541474476810598369542627961429180060096555295519064954697207788677528957569208943432299557549774333187664920215674167987939460257141632237998790136575185293301081863083862494006009415801599660234577382347813571039134562532471377834137776834839392965274882404992875421226913724316557631483699200757 k=7 result, bool = gmpy2.iroot(num, k) print(result) | cs |
나온 값 -> hex -> ascii 로 변환
FLAG : FLAG{too_short_too_small}
| System32.kr [RSA106] 풀이 (0) | 2019.05.19 |
|---|---|
| System32.kr [RSA104] 풀이 (0) | 2019.05.19 |
| System32.kr [RSA103] 풀이 (0) | 2019.05.19 |
| System32.kr [Cert] 풀이 (0) | 2018.10.12 |
| System32.kr [Password] 풀이 (2) | 2018.09.02 |
p=randprim
e(bits=1024)
q=nextprime(p+rand(bits=64))
n = 523171545908439347079984829857166272490755110515501164347840985772081537607153032633627034283672952165088744702194194598263665644007012474218688874744119159433576941649802374269873297096542482864673663028420121028933290892148695399630471141652388858142837379625106663728466970543106475670944695178426345128622404188659395819609731517136209346499201958503231477376821955664260131840643055815735489615434847356385240589414518958821012582916986700315695213312797927
e = 75890823319493894649778238119866660628924668661939725653243821591293734119876987514543360050173914547032827753044199325926436760242819383884783456287774063959012970808345743726395349179476088924414519992417795625843440292670765531
c = 48724864779313923840771368863315403978774157546525429106022441664935683078731021092597773499396876686078062855830596180404569211641060040265424503580011984253306252131461826391739149934613684983289826611746524999894630859459114240689860752847497252922935755063842138052718553154569645504114125024099577779165840521064654503400340349866956420272930288416620386084299030911419380258260740993752837219665010025735212424683776284178649990068611783883405716180340421
n을 소인수분해 합니다.
https://www.alpertron.com.ar/ECM.HTM
Integer factorization calculator
www.alpertron.com.ar
p와 q를 구할 수 있습니다.
c를 복호화하기 위해 주어진 e, c 와 위에서 구한 p, q를 아래 코드에 대입해준 뒤에 실행합니다.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | def egcd(a, b): x,y, u,v = 0,1, 1,0 while a != 0: q, r = b//a, b%a m, n = x-u*q, y-v*q b,a, x,y, u,v = a,r, u,v, m,n gcd = b return gcd, x, y def main(): p = 723305983597840387090073124295695063058926103842858618139332402030402176745237557965345230728740505468522590100663617877936830954821254102084213431441982251604821311082681331648040651828570490510112186434619298867817000367372585141 q = 723305983597840387090073124295695063058926103842858618139332402030402176745237557965345230728740505468522590100663617877936830954821254102084213431441982251604821311082681331648040651828570490510112186434619298867817000367372594347 e = 75890823319493894649778238119866660628924668661939725653243821591293734119876987514543360050173914547032827753044199325926436760242819383884783456287774063959012970808345743726395349179476088924414519992417795625843440292670765531 ct = 48724864779313923840771368863315403978774157546525429106022441664935683078731021092597773499396876686078062855830596180404569211641060040265424503580011984253306252131461826391739149934613684983289826611746524999894630859459114240689860752847497252922935755063842138052718553154569645504114125024099577779165840521064654503400340349866956420272930288416620386084299030911419380258260740993752837219665010025735212424683776284178649990068611783883405716180340421 # compute n n = p * q # Compute phi(n) phi = (p - 1) * (q - 1) # Compute modular inverse of e gcd, a, b = egcd(e, phi) d = a print( "d: " + str(d) ); # Decrypt ciphertext pt = pow(ct, d, n) print( "pt: " + str(pt) ) if __name__ == "__main__": main() | cs |
그 다음 plaintext 값을 hex로 변환해준뒤에 ascii로 변환하면 flag가 나온다
46470827271975360721170849266738216410598415569944733823469870790619975080677955656802059050975833386869168748918671974627709
https://www.mobilefish.com/services/big_number/big_number.php
Mobilefish.com - Big number converter
This service allows you to convert big positive integer numbers into binary, decimal, hexadecimal or base64 encoding schemes. The big number bitsize is also calculated. For example: The following hexadecimal big number converted into a decimal encoding sch
www.mobilefish.com
464C41477B6E65696768626F725F69735F7468655F626967676573745F73656375726974795F76756C6E65726162696C6974797D
https://www.branah.com/ascii-converter
ASCII Converter - Hex, decimal, binary, base64, and ASCII converter
Convert ASCII characters to their hex, decimal and binary representations and vice versa. In addition, base64 encode/decode binary data. The converter happens automatically.
www.branah.com
FLAG : FLAG{neighbor_is_the_biggest_security_vulnerability}
| System32.kr [RSA104] 풀이 (0) | 2019.05.19 |
|---|---|
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
| System32.kr [Cert] 풀이 (0) | 2018.10.12 |
| System32.kr [Password] 풀이 (2) | 2018.09.02 |
| System32.kr [CMD] 풀이 (0) | 2018.09.02 |
BigImage.md
CertCertCert… Find FLAG
Ex) FLAG{Can_you_Find_Flag}
인증서... 복호화쪽 문제인줄 알았으나 hex로 까서 아랫부분에 있는 hex값 긁어다가 ascii로 바꿔주면 된다.
yougotit!flag{I_can_import_certification_in_certmgr}
flag{I_can_import_certification_in_certmgr}
아직 중간고사 안끝났는데 이러고 있...
| System32.kr [RSA105] 풀이 (0) | 2019.05.19 |
|---|---|
| System32.kr [RSA103] 풀이 (0) | 2019.05.19 |
| System32.kr [Password] 풀이 (2) | 2018.09.02 |
| System32.kr [CMD] 풀이 (0) | 2018.09.02 |
| System32.kr [BigImage] 풀이 (0) | 2018.08.31 |
system32.kr의 Password 문제 풀이입니다.
cmd.md
I lost my password….
Who can find password?
zip파일이 주어진다.
윈도우 프로세스 덤프파일로 보인다.
이 프로세스 덤프파일에서 패스워드를 찾아야 한다.
일단 어디에 있는지를 몰라서 검색해봤다.
"윈도우 패스워드 프로세스"
갓 구글.. 원하는걸 딱 보여준다.
패스워드는 lsass.exe에 있는 것 같다.
lsass.exe를 덤프한 lsass.DMP만 따로 뺐다.
mimikatz를 이용하면 윈도우 패스워드를 알 수 있다.
다운로드 링크 : https://github.com/gentilkiwi/mimikatz/releases
(그냥 다운로드 받으면 바이러스 있다고 막아버린다. 윈도우 디펜더랑 이것저것 다 꺼놔야 한다.)
lsass.DMP파일을 mimikatz.exe 경로로 옮겼다.
mimikatz.exe를 실행하고 다음 명령어를 입력해 주었다.
sekurlsa::minidump lsass.DMP
sekurlsa::logonpasswords
만약 오류가 나면 아래를 참고하자.
Some errors:
ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->MajorVersion (A) != MIMIKATZ_NT_MAJOR_VERSION (B)ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->ProcessorArchitecture (A) != PROCESSOR_ARCHITECTURE_xxx (B)ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000002)
플래그를 구할 수 있다.
FLAG : FLAG{I_WILL_FIND_PASSWORD}
| System32.kr [RSA103] 풀이 (0) | 2019.05.19 |
|---|---|
| System32.kr [Cert] 풀이 (0) | 2018.10.12 |
| System32.kr [CMD] 풀이 (0) | 2018.09.02 |
| System32.kr [BigImage] 풀이 (0) | 2018.08.31 |
| System32.kr [PPT] 풀이 (3) | 2018.07.29 |
system32.kr의 CMD 문제 풀이입니다.
cmd.md
Find Flag
압축파일이 하나 있는데, 압축을 풀면 1GB짜리 파일이 하나 나온다.
써니나타스 30번의 문제파일이랑 형태가 거의 같은 것 같아서
메모리 덤프 파일임을 확신하고 vol.py를 쓰기 위해 파일을 리눅스로 옮겼다.
volatility 설치방법이랑 사용법은 다음 링크를 참조하자. http://mandu-mandu.tistory.com/145
먼저 시스템정보를 확인했다.
vol.py -f cmd imageinfo
Win7SP1x86 이다.
어디서 무얼 찾아야 하나 생각하다가 파일이름이 cmd라서 cmdscan을 사용해 봤다.
vol.py -f cmd --profile=Win7SP1x86 cmdscan
역시나 플래그가 있었다.
FLAG : FLAG{CMD_LINE_CAN_YOU_FIND?}
| System32.kr [Cert] 풀이 (0) | 2018.10.12 |
|---|---|
| System32.kr [Password] 풀이 (2) | 2018.09.02 |
| System32.kr [BigImage] 풀이 (0) | 2018.08.31 |
| System32.kr [PPT] 풀이 (3) | 2018.07.29 |
| System32.kr [HardCrypto] 풀이 (0) | 2018.07.29 |
