small weiner

來源：dvctf2022
Someone I hate sent me an insulting message using RSA. Can you retrieve his private key?

m = 0x596f7520686176652073756368206120736d616c6c207765696e65722e2049204841544520594f5521212121 N = 0x26553fbb7e4bd5bd48868a25f24d9cc5975aa8597f82110058e687dfa10dd0114c0d2011fa288dbd9d01c0a70dfa8212d5a218d513bdd8ebed9f75bc299e1461be8a23ed8ade96bc449d409fbbf5a328ee2ad3257e6c55a97641258730f74f4d3938f0df794546791ba2b1518b8d855e83f65f885d67aa000a01687ac605404e7bca681e51e6e195f77eb4785fcda0372e3d0fd90240f736243584677f89da4c6ab54d687897d5afb0801cc151c516b072aaa2d9aa8d39d34c230536cba077beaa88ff8e8940a5ba990cafd0b1326f209873a43a785d0c5477241fb6469b8c27c7d54908467a7525de18b2425901c0de3ed63472831c29818ce6efb0354c61f36b2e61146472e99209d198bc885ced0edb66eab62a968c9b98b49b756c689d69820ca1d97e1232c338084097078265ce79b25c1e37bc777247af3fee2ce7a87a697a120c0428327177cf6e934aa2d18e696474227d361a5c36992788c3b1aa8654b88852e897027d58b21576b25a5ffdcb9fbdc5167eb74f1c9082ae79ca0b89 e = 0xfc2e4d12eb69a42c074d9a0ddc6b84294f1e23d6eaa0ba53e9cb60ec0db203d31bdfb90eaca38189890ad26335ad6107cd234a415bfc73fc1bbd6c5d9da65249eebb57d889f91719cfdbd535ab19d2d317ffdf075870a62c6e05aac16c9b122e1c52d7dbeb2fb683514d0f463b58a4217f2e379e5a62be06e764e043a0eac5ac6af56816af926bcc4cd826ee1cfd4157496dc024042676503cec93de45c3c5e4dd9dcf85406a3cf93a9f784b9eef6e320cd9856aefff48df52127b98da8a0d207f588ce1c58e47419554590b1fa7fa3c38034f93a3a5112b6dd5e78c181abc2d972fbcb058575789c68c03f043bd4bf48d94fa7390c77f9fc033f3f01a5162d31056eb42a07397f3485b25396f93558466fc49ef80adea1e9d6c3d9edf529be5faf014669ae5f8e02433a2474d9c92fcc468d81aa0fd641a5647d55153713783a9e5d66fe70c9c2794325b28f20b751fb49359c4a8487bbfa7efc6270b7fa0ffe277276bba14027596d129fcbdef0a82aba24855bfd2155071b52c11da2d943

Flag format: dvCTFozvdkddzhkzd with d in decimal (base 10)

上次嘗試了離散對數沒有解出來，

根據題目，嘗試維納攻擊（在e過大或過小的情況下，可使用算法從e中快速推斷出d的值。）
但是依舊沒有解出來

翻到一篇大佬的博客

利用格約基可以解這道題

構造格子并用LLL格約基

然后解題

總的代碼就是

# sagemath m = 0x596f7520686176652073756368206120736d616c6c207765696e65722e2049204841544520594f5521212121 N = 0x26553fbb7e4bd5bd48868a25f24d9cc5975aa8597f82110058e687dfa10dd0114c0d2011fa288dbd9d01c0a70dfa8212d5a218d513bdd8ebed9f75bc299e1461be8a23ed8ade96bc449d409fbbf5a328ee2ad3257e6c55a97641258730f74f4d3938f0df794546791ba2b1518b8d855e83f65f885d67aa000a01687ac605404e7bca681e51e6e195f77eb4785fcda0372e3d0fd90240f736243584677f89da4c6ab54d687897d5afb0801cc151c516b072aaa2d9aa8d39d34c230536cba077beaa88ff8e8940a5ba990cafd0b1326f209873a43a785d0c5477241fb6469b8c27c7d54908467a7525de18b2425901c0de3ed63472831c29818ce6efb0354c61f36b2e61146472e99209d198bc885ced0edb66eab62a968c9b98b49b756c689d69820ca1d97e1232c338084097078265ce79b25c1e37bc777247af3fee2ce7a87a697a120c0428327177cf6e934aa2d18e696474227d361a5c36992788c3b1aa8654b88852e897027d58b21576b25a5ffdcb9fbdc5167eb74f1c9082ae79ca0b89 e = 0xfc2e4d12eb69a42c074d9a0ddc6b84294f1e23d6eaa0ba53e9cb60ec0db203d31bdfb90eaca38189890ad26335ad6107cd234a415bfc73fc1bbd6c5d9da65249eebb57d889f91719cfdbd535ab19d2d317ffdf075870a62c6e05aac16c9b122e1c52d7dbeb2fb683514d0f463b58a4217f2e379e5a62be06e764e043a0eac5ac6af56816af926bcc4cd826ee1cfd4157496dc024042676503cec93de45c3c5e4dd9dcf85406a3cf93a9f784b9eef6e320cd9856aefff48df52127b98da8a0d207f588ce1c58e47419554590b1fa7fa3c38034f93a3a5112b6dd5e78c181abc2d972fbcb058575789c68c03f043bd4bf48d94fa7390c77f9fc033f3f01a5162d31056eb42a07397f3485b25396f93558466fc49ef80adea1e9d6c3d9edf529be5faf014669ae5f8e02433a2474d9c92fcc468d81aa0fd641a5647d55153713783a9e5d66fe70c9c2794325b28f20b751fb49359c4a8487bbfa7efc6270b7fa0ffe277276bba14027596d129fcbdef0a82aba24855bfd2155071b52c11da2d943 c = pow(m,e,N) s = floor(sqrt(N)) M = Matrix([[e, s], [N, 0]]) vector= M.LLL() D = [abs(vector[i, 1]) // s for i in [0,1]] for d in D:if pow(c,d,N) == m:print(d)break # dvCTF{79070855007994582698354011721316587208400326157509581241514418985973605934731}

Secure Or Not Secure

來源：dvctf2022

I made secure application but i lost my cookie and now I can't connect. Can you help me?nc challs.dvc.tf 2600

nc進入

------ Welcome to my secure login system ------ 1. Login 2. Register 3. Exit ----------------------------------------------- >>> 2 Username: re Password: re Here is your cookie: wr2TBvKa+oU0HY7emHvxwwgozYdLN6f1q76CQ5o+ahBzZv0Qf9p2645P90f+TqW566M5wYbOeg== ------ Welcome to my secure login system ------ 1. Login 2. Register 3. Exit ----------------------------------------------- >>> 1 Cookie: wr2TBvKa+oU0HY7emHvxwwgozYdLN6f1q76CQ5o+ahBzZv0Qf9p2645P90f+TqW566M5wYbOeg== You're not the admin! The cookie b'username=re\x00\x00\x00\x00\x00\x00;admin=False;password=re\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' is invalid! ------ Welcome to my secure login system ------ 1. Login 2. Register 3. Exit ----------------------------------------------- >>> 2 Username: a Password: a Here is your cookie: wr2TBvKa+oU0DuvemHvxwwgozYdLN6f1q76CQ5o+ahBzZv0Qf9p2+OtP90f+TqW566M5wYbOeg== ------ Welcome to my secure login system ------ 1. Login 2. Register 3. Exit ----------------------------------------------- >>> 1 Cookie: \xc2\xbd\x93\x06\xf2\x9a\xfa\x854\x0e\xeb\xde\x98{\xf1\xc3\x08(\xcd\x87K7\xa7\xf5\xab\xbe\x82C\x9a>j\x10sf\xfd\x10\x7f\xdav\xf8\xebO\xf7G\xfeN\xa5\xb9\xeb\xa39\xc1\x86\xcez Are you trying to cheat?! ------ Welcome to my secure login system ------ 1. Login 2. Register 3. Exit ----------------------------------------------- >>> 3

上次去對base進行了解碼，沒有解出來有用的東西
分析上面內容我們可以看到，當登錄時使用的Cookie時注冊得到的時候會返回You're not the admin!并且這時系統是可以通過Cookie推測出用戶名是re，并且admin=False;而第二次嘗試，我輸入的Cookie不是注冊得到，系統返回的是Are you trying to cheat?!

依舊參考那位師傅的博客，這位大佬直接想到了異或

將Cookie進行base64解碼的結果例b'\xc2\xbd\x93\x06\xf2\x9a\xfa\x854\x1d\x8e\xde\x98{\xf1\xc3\x08(\xcd\x87K7\xa7\xf5\xab\xbe\x82C\x9a>j\x10sf\xfd\x10\x7f\xdav\xeb\x8eO\xf7G\xfeN\xa5\xb9\xeb\xa39\xc1\x86\xcez'與b'username=re\x00\x00\x00\x00\x00\x00;admin=False;password=re\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'進行異或
不信邪的去看了下，發現確實是一樣長的

然后將異或得到的結果與將admin改成True之后的再次進行異或
最后重新用base64封裝好就能去登錄了

非常佩服這位大佬，下面看大佬的代碼

import base64def xor(var, key):return bytes(a ^ b for a, b in zip(var, key))cookie = 'cbCVPcNz4b9mfY8sFPIjV0AzXYy1UuuF9Kmzf7w7a6/j6ZsHVLndCeaQ9tGTeU61o1GKk7+llQ==' enc = base64.b64decode(cookie) plain = b'username=\x00\x00\x00\x00\x00\x00\x00\x00;admin=False;password=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' a = b'admin=False;password=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' b = b'admin=True;password=\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' c = enc[18:] #18 là v? trí admin t??ng ?ng trong enc key = xor(a,c) tmp = xor(b,key)print(base64.b64encode(enc[:18]+ tmp )) #b'cbCVPcNz4b9mfY8sFPIjV0AzXYy1UuuF5rqqaeJwer3j7YMaQuDgCeaQ9tGTeU61o1GKk7+l'

再瞻仰一下大佬的成功

Cwyptographic Owacle

來源：dvctf2022

Nya :3

nc challs.dvc.tf 2601

import ecdsa import random import hashlib import time from Crypto.Cipher import AES from Crypto.Util.Padding import pad from Crypto.Util.number import long_to_bytesFLAG = b'dvCTF{XXXXXXXXXXXXXXXXXXX}'def encrypt_flag(priv):key = long_to_bytes(priv)cipher = AES.new(key, AES.MODE_ECB)text = cipher.encrypt(pad(FLAG, 16))print(text.hex())m = 0print("Hiii ~~ Pwease feel fwee to use my sooper dooper cwyptographic owacle! ~~~~~~") while True:print("[1] > Sign your own message ≧?≦")print("[2] > Get the signed flag uwu ~~ ")print("[3] > Quit (pwease don't leave me)")try:n = int(input())if n<0 or n>3:raiseexcept:print("Nice try ?_?")exit(1)if n==1:msg = input("What's your message senpai? (●′ω｀●) > ")G = ecdsa.NIST256p.generatororder = G.order()priv = random.randrange(1,order)Public_key = ecdsa.ecdsa.Public_key(G, G * priv)Private_key = ecdsa.ecdsa.Private_key(Public_key, priv)k = random.randrange(1, 2**128) if m==0 else int(time.time())*mm = int(hashlib.sha256(msg.encode()).hexdigest(),base=16)sig = Private_key.sign(m, k)print (f"Signature (r,s): ({sig.r},{sig.s})")elif n==2:if m==0:G = ecdsa.NIST256p.generatororder = G.order()priv = random.randrange(1,order)encrypt_flag(priv)else:print("Cya (?︵?) ")exit(1)

上次的嘗試

Hiii ~~ Pwease feel fwee to use my sooper dooper cwyptographic owacle! ~~~~~~ [1] > Sign your own message ≧?≦ [2] > Get the signed flag uwu ~~ [3] > Quit (pwease don't leave me) 1 What's your message senpai? (●′ω｀●) > re Signature (r,s): (5574199079485227229736032865599767885817418344312674047445645256117624859582,51462972268344716865531777000256743426644776909735353695777643263919964904375) [1] > Sign your own message ≧?≦ [2] > Get the signed flag uwu ~~ [3] > Quit (pwease don't leave me) 2 3fbb20769e7cb4c00c5fd86a8ca8ba23f5b4b38dfa9cba4c9db98d45ca5a008e5658dfdcffcfcab9671fd038e299fcde [1] > Sign your own message ≧?≦ [2] > Get the signed flag uwu ~~ [3] > Quit (pwease don't leave me) 3 Cya (?︵?)

依舊只在這位大神這找到了解題
但是這道題并沒有看懂解題過程，也不明白這個時間在這里意味著什么

還是貼一下大神的代碼，等下次來看是不是能看懂

import ecdsa import random import libnum import hashlib import sys import time from Crypto.Cipher import AES from Crypto.Util.Padding import pad,unpad from Crypto.Util.number import long_to_bytes from pwn import * # connect server p = remote('challs.dvc.tf', 2601)m = int(hashlib.sha256('a'.encode()).hexdigest(),base=16) G = ecdsa.NIST256p.generator order = G.order()def decrypt_flag(priv,enc):key = long_to_bytes(priv)enc = bytes.fromhex(enc)print(enc)cipher = AES.new(key, AES.MODE_ECB)flag = unpad(cipher.decrypt(enc),16)return flag# sign l?n ??u p.sendlineafter(b"[3] > Quit (pwease don't leave me)", b'1') p.sendline(b'a')# sign l?n 2 p.sendlineafter(b"[3] > Quit (pwease don't leave me)", b'1') p.sendline(b'a') k = int(time.time())*mp.recvuntil(b'\r\n') p.recvuntil(b"What's your message senpai? (\xe2\x97\x8f\xc2\xb4\xcf\x89\xef\xbd\x80\xe2\x97\x8f) > ") p.recvuntil(b"Signature (r,s): (")# Nh?n r,s và encrypt_flag ? l?n sign th? 2 r = p.recvuntil(b',', drop = True) s = p.recvuntil(b')\r\n', drop = True) p.sendline(b'2') p.recvuntil(b"[1] > Sign your own message \xe2\x89\xa7\xe2\x97\xa1\xe2\x89\xa6\r\n[2] > Get the signed flag uwu ~~ \r\n[3] > Quit (pwease don't leave me)\r\n")enc = p.recvuntil(b'\r\n', drop = True) r = int(r.decode('utf-8')) s = int(s.decode('utf-8')) enc = enc.decode('utf-8') # print(r,s) # print(enc)# Brute force giá tr? c?a k l?u vào m?ng, có th? chênh l?ch vài giay gì ?ó maybekey = [] for i in range(10):a = int(time.time()-i)*mmaybekey.append(a)b = int(time.time()+i)*mmaybekey.append(b) print(maybekey)# k?t h?p k,m tìm l?i priv r?i decrypt AES.MODE_ECB r_inv = libnum.invmod(r, order) for i in maybekey:try_private_key = (r_inv * ((i * s) - m)) % ordertry:flag = decrypt_flag(try_private_key,enc)print(flag)except:print("None") # dvCTF{y0u_h4v3_500p32_d00p32_c2yp70_5kill5_uwu}

RSA

來源：dvctf2022

Easy

Our team has found a cipher text: there seems to be some clues to decipher it. Can you help us to read it?

n = 0x7CD1020889B4382BE84B3F14EAAE242755CC1BD56F431B348F4FF8F207A96F41AFCF3EBDF4C17CB6537AD4B01B9FF9497763B22D013B614C8FCDB0C34F9D88F1A523013791EDFEB1FBBA160799892C118892FB7F199C9957DF5A26DAB4D776E5226F06ACD05412F6DD2B1B75D24CE9DC2DDAC513BCB96CD9B97F9BEF8543A3A1phi = 0x7CD1020889B4382BE84B3F14EAAE242755CC1BD56F431B348F4FF8F207A96F41AFCF3EBDF4C17CB6537AD4B01B9FF9497763B22D013B614C8FCDB0C34F9D88F037D2317D3864035ECE8BCDD458711B788B5B3FDFD5164F7D736D0A56F416E8C16126E3868D73F54AF4D61F6033E069994319C849460C60A725A0F4DD97EDCC84e = 0x10001ct = 0x268D7D5F5593EA30F536635B58585620B51D2D143AFE4734635C259278D61413D0C89678E81EDF466B1E45E27EBF802F62F61263E499A516465163C7CB668F94258B3424C3E2BD76634923DECD670E4B6034F8FD00C76F9DAD00A72DB22B70B9408C89FCEE4C9B0D2D4B5664284328711BFAD57FBE1EDCC0854AAD57390DCAD6

Hint：There is another decoding step after the decryption!

一直不知道要解碼解什么碼，從十六進制轉為十進制是我沒想到的

n = 87649082972615446885156213990388141958462041885187282183358321369043253078954716183685582963065012168992348062798954305060720006415266001335650005751863897735171741039420405425935144397447296138110870810719506425543947491726403454512721294407851871180512317063750030012483422248351385763316752934512386876321 phi = 87649082972615446885156213990388141958462041885187282183358321369043253078954716183685582963065012168992348062798954305060720006415266001335650005751863878602037628450194440652151553598137526621296494079379835255789373284025572667141114891644303376103362880682087270696210666254302024051328494090372669885572 e = 65537 ct = 27072622593514815453879432614324701776473574595747953216191498481974488509392434673536099100283731897243171732583922534894433636848515336632487302801454568578704912185172822029407973421574599852974535422485632743936976338461213855442178470548247222162434148032907372865397517157263392748002249405715658427094

這有什么區別嗎🤨

import gmpy2 from Crypto.Util.number import long_to_bytes n = 87649082972615446885156213990388141958462041885187282183358321369043253078954716183685582963065012168992348062798954305060720006415266001335650005751863897735171741039420405425935144397447296138110870810719506425543947491726403454512721294407851871180512317063750030012483422248351385763316752934512386876321 phi = 87649082972615446885156213990388141958462041885187282183358321369043253078954716183685582963065012168992348062798954305060720006415266001335650005751863878602037628450194440652151553598137526621296494079379835255789373284025572667141114891644303376103362880682087270696210666254302024051328494090372669885572 e = 65537 ct = 27072622593514815453879432614324701776473574595747953216191498481974488509392434673536099100283731897243171732583922534894433636848515336632487302801454568578704912185172822029407973421574599852974535422485632743936976338461213855442178470548247222162434148032907372865397517157263392748002249405715658427094d = gmpy2.invert(e,phi) m = pow(ct,d,n)print(m) print(long_to_bytes(m)) #100118678470123102108521039599861127251114116518811695988695828352125 #b'\x03\xb6\xaf\x06\x92g\x03"\xecu\xb7\xee\x13?\xcb\xa4\x8f\xee\xd7\xf9(\x9dy/J

好的，事實證明是沒有區別的
而我上次沒做出來居然是因為，m轉ASCII碼轉錯了
🤨
再轉一次
先把十進制轉成十六進制0x3b6af0692670322ec75b7ee133fcba48feed7f9289d792f4acc154c7d

等等，為啥這次十六進制長度是奇數
難道不應該在最后剩一個，而應該在開頭？

好的，依舊不對
一位解出來的師傅給的轉ASCII碼的網址是： https://onlineasciitools.com/convert-decimal-to-ascii
神奇的是，他跟我的m都是一樣的，為啥人家解出來了，而我沒有？？

ICMP

來源：dvctf2022

上次只找到了
但是這位神奇的師傅找到了

這位師傅的解題過程是

Well, got to look at elsewhere.
The id of the packets look like Hex numbers. The packets are exported as plaintext with the “Export Packet Dissections > As Plain Text” function in WireShark.
First, the packets are arranged according to the seq number, then the id is extracted and converted from Hex number to ASCII, then decoded as Base64. The flag is then revealed.

import re import base64 ids = [0] * 32 with open("icmp.txt", "r") as f:lines = f.readlines()for line in lines:if("id=0x00" in line):seq = int(re.findall(r"seq=(\d+)", line)[0])ids[seq-1] = re.findall(r"id=0x00(\w+)", line)[0].decode("hex") print(base64.b64decode("".join(ids) + "=").decode())

不懂，照例收集一下

Sudoku

這道依舊沒找到題解

總結

以上是生活随笔為你收集整理的2022-03-31 一些后续的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。