defnew_lcg(): p = 0 m = getPrime(63) c = random.randint(2**62,2**63) s = random.randint(2**62,2**63) while p<m or p<c or p<s: p = getPrime(64) return LCGPrng(s,m,c,p)
defchallenge0(): print("challenge 0:") lcg = new_lcg() print(lcg.p) print(lcg.m) print(lcg.c) print(lcg.state) for i inrange(3): res = int(raw_input()) if res!=lcg.next(): exit(-1)
defchallenge1(): print("challenge 1:") lcg = new_lcg() print(lcg.p) print(lcg.m) print(lcg.state) print(lcg.next()) for i inrange(3): res = int(raw_input()) if res!=lcg.next(): exit(-1)
defchallenge2(): print("challenge 2:") lcg = new_lcg() print(lcg.p) print(lcg.state) print(lcg.next()) print(lcg.next()) for i inrange(3): res = int(raw_input()) if res!=lcg.next(): exit(-1)
defchallenge3(): print("challenge 3:") lcg = new_lcg() print(lcg.state) print(lcg.next()) print(lcg.next()) print(lcg.next()) print(lcg.next()) print(lcg.next()) for i inrange(3): res = int(raw_input()) if res!=lcg.next(): exit(-1)
from flag import FLAG from Crypto.Util.number import * import gmpy2 import random
whileTrue: p = int(gmpy2.next_prime(random.randint(10**0x1ff, 10**0x200-1))) q = int(str(p)[0x100:]+str(p)[:0x100]) if gmpy2.is_prime(q): break m = bytes_to_long(FLAG) n = p*q e = 65537 c = pow(m,e,n) withopen("enc","wb") as f: f.write(str(n)) f.write("\n") f.write(str(c))
$$ \begin{align} p &= 10^{256} \times a + b \\ q &= 10^{256} \times b + a \\ \nonumber n &= pq \\ &= 10^{512} \times ab + 10^{256} (a^2 + b^2) + ab \\ \end{align} $$
if __name__ == '__main__': key = os.urandom(16) withopen('flag', 'rb') as f: flag = f.read() assertlen(flag) == 30 enc_flag = enc(flag, key)
print("Welcome to the perfect AES encryption system!") print(f"Here is your encrypted flag: {enc_flag}") for i inrange(30): try: plaintext = input("Please input your plaintext: ") plaintext = bytes.fromhex(plaintext) ciphertext = enc(plaintext, key) print(f"Here is your ciphertext: {ciphertext}") except Exception: print('Error!') break print('Bye~')
flag = str() for i inrange(30): flag += chr((msg[i] ^ enc_msg[i]) ^ enc_flag[i]) print(flag)
Mixed Cipher
200 pts, 19 solved
Can you break the mixed cipher?
下载并解压压缩包,得到两个文件 mc.py 和 output
mc.py
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
import random from string import * from itertools import cycle from secret import key, message
assertlen(key) < 50 assertall(c in (digits + ascii_letters + punctuation + ' \n') for c in key + message)
t = list(ascii_lowercase) random.shuffle(t) d = dict(zip(ascii_lowercase, t)) d.update({k.upper(): v.upper() for k, v in d.items()}) mapping = str.maketrans(d) enc = bytes(ord(x) ^ ord(y) for x, y inzip(message.translate(mapping), cycle(key))) withopen('output', 'wb') as f: f.write(enc)
可以得知,key 和 message 仅由字母、数字和标点符号组成
string.punctuation: 由在 C 区域设置中被视为标点符号的 ASCII 字符所组成的字符串: !"#$%&'()*+,-./:;<=>?@[\]^_{|}~
Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude. But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you - for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters - not just intellectually but emotionally as well. Or, as the following modern Zen poem has it: To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master. So, if you want to be a hacker, repeat the following things until you believe them: 1. The world is full of fascinating problems waiting to be solved. Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence. If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval. (You also have to develop a kind of faith in your own learning capacity - a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece - and so on, until you're done.) 2. No problem should ever have to be solved twice. Creative brains are a valuable, limited resource. They shouldn't be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there. To behave like a hacker, you have to believe that the thinking time of other hackers is precious - so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones. Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels. (You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.) 3. Boredom and drudgery are evil. Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do - solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil. To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers). (There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice - nobody who can think should ever be forced into a situation that bores them.) 4. Freedom is good. Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by - and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers. (This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.) Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing - they only like 'cooperation' that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief. 5. Attitude is no substitute for competence. To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won't make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work. Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won't let posers waste their time, but they worship competence - especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best. If you revere competence, you'll enjoy developing it in yourself - the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker. 6. The flag is 0ops{H4ck_th3_M1xed_C1pher_16afb28ced}.
for n inrange(0, LEN): # calculate the nth bit of key i = init & MASK & LMASK output = 0 for j inrange(LEN-1): output ^= (i & 1) i = i >> 1 bit = int(data[LEN-n-1]) ^ output key |= bit << n init = (init >> 1) | (bit << (LEN-2)) # update output sequence
defb2n(b): res = 0 for i in b: res *= 2 res += i return res
defn2b(n, length): tmp = bin(n)[2:] tmp = '0'*(length-len(tmp)) + tmp return [int(i) for i in tmp]
defs2n(s): returnint(binascii.hexlify(s), 16)
defcrc64(msg): msg = n2b(s2n(msg), len(msg)*8) msg += const for shift inrange(len(msg)-64): if msg[shift]: for i inrange(65): msg[shift+i] ^= poly[i] res = msg[-64:] return b2n(res)
if __name__ == '__main__': # with open('/home/ctf/flag', 'r') as f: withopen('/home/ctf/flag', 'r') as f: flag = f.read()
try: print("Welcome to the CRC Forgery Challenge!") raw = os.urandom(256) pos = random.randint(0, 248) raw_hex = bytearray(binascii.hexlify(raw)) for i inrange(8): raw_hex[(pos+i)*2] = ord('_') raw_hex[(pos+i)*2+1] = ord('_') raw_hex = bytes(raw_hex) print(f"Here is the message: {raw_hex.decode('ascii')}") ans = input("Please fill the blank: ") ans = bytes.fromhex(ans) assertlen(ans) == 8
raw = bytearray(raw) for i inrange(8): raw[pos+i] = ans[i] raw = bytes(raw) if crc64(raw) == 0x1337733173311337: print(f"Great! Here is your flag: {flag}") else: print(f"Wrong! Bye~") except Exception: print("Error!")
Welcome to the CRC Forgery Challenge! Here is the message: d57e039b24d034________________d5c8d3d0f5685183d316865bfb6cbaa8c67f731fe654c77edd30defd25389ae5490bbc379d559d19c487b09ffa9cda850fa29e489de7955b2e90403cc40d1857385c2c084fdceaa912c5d72c63dddf28eb0ce7dced219432333bebc5f9904f16c5fe2659382f19a4c656cd10ef0e7a031afc0e39e6ff51333aea7f2f15452859314f9972ebc3a0d7f7ec389561d7e6a2a2773fd900b41023290c81ea2b7ee760db528b2fa374922b541f38a0038170d8ef26a3e7d75825513f8fc4f8846f08dc40ba6ab219c6dfc77fcae080b66d753d72b91ad0b44e188e23371a5c04892426490daaf9fc8a7db4de54b87c57be6518d6 Please fill the blank:
将 msg 分为横线前后两段,在第一段后补 8 个字节的 0,由于第一段明文已知,故可计算出在循环到横线前一位时,横线部分受到的影响 x ,即 0 ^ x = x = before;对于第二段,在末尾补上目标的 CRC 值,倒推可得到横线处应填内容受到 x 影响后的值 after,即 blank ^ x = after,则根据 blank = before ^ after 可得到答案。
defb2n(b): res = 0 for i in b: res *= 2 res += i return res
defn2b(n, length): tmp = bin(n)[2:] tmp = '0'*(length-len(tmp)) + tmp return [int(i) for i in tmp]
defs2n(s): returnint(binascii.hexlify(s), 16)
defcrc64(msg, const): msg = n2b(s2n(msg), len(msg)*8) msg += const for shift inrange(len(msg)-64): if msg[shift]: for i inrange(65): msg[shift+i] ^= poly[i] res = msg[-64:] return b2n(res)
