2023 GDOUCTF --- Crypto wp

文章目录

      • Crypto
        • Absolute_Baby_Encrytpion
        • babylua
        • Magic of Encoding
        • Math Problem
      • Re
        • Check_Your_Luck

Crypto

Absolute_Baby_Encrytpion

将替换的字符反过来,然后把密文逐位解密拼接起来即可

encrypted_string = '+}!q")hiim)#}-nvm)i-$#mvn#0mnbm)im#n+}!qnm8)i-$#mvnoc#0nz<$9inm!>-n1:1-nm8)i-$~c58n!}qhij#0[noic##m8nc8n?!8c}w!n]>&'
print(len(encrypted_string))
decrypted_string = ''
for char in encrypted_string:
    if char == '!':
        decrypted_string += 'a'
    elif char == '1':
        decrypted_string += 'b'
    elif char == ')':
        decrypted_string += 'c'
    elif char == 'v':
        decrypted_string += 'd'
    elif char == 'm':
        decrypted_string += 'e'
    elif char == '+':
        decrypted_string += 'f'
    elif char == 'q':
        decrypted_string += 'g'
    elif char == '0':
        decrypted_string += 'h'
    elif char == 'c':
        decrypted_string += 'i'
    elif char == ']':
        decrypted_string += 'j'
    elif char == '(':
        decrypted_string += 'k'
    elif char == '}':
        decrypted_string += 'l'
    elif char == '[':
        decrypted_string += 'm'
    elif char == '8':
        decrypted_string += 'n'
    elif char == '5':
        decrypted_string += 'o'
    elif char == '$':
        decrypted_string += 'p'
    elif char == '*':
        decrypted_string += 'q'
    elif char == 'i':
        decrypted_string += 'r'
    elif char == '>':
        decrypted_string += 's'
    elif char == '#':
        decrypted_string += 't'
    elif char == '<':
        decrypted_string += 'u'
    elif char == '?':
        decrypted_string += 'v'
    elif char == 'o':
        decrypted_string += 'w'
    elif char == '^':
        decrypted_string += 'x'
    elif char == '-':
        decrypted_string += 'y'
    elif char == '_':
        decrypted_string += 'z'
    elif char == 'h':
        decrypted_string += '0'
    elif char == 'w':
        decrypted_string += '1'
    elif char == 'e':
        decrypted_string += '2'
    elif char == '9':
        decrypted_string += '3'
    elif char == 'g':
        decrypted_string += '4'
    elif char == 'z':
        decrypted_string += '5'
    elif char == 'd':
        decrypted_string += '6'
    elif char == '~':
        decrypted_string += '7'
    elif char == '=':
        decrypted_string += '8'
    elif char == 'x':
        decrypted_string += '9'
    elif char == 'j':
        decrypted_string += '!'
    elif char == ':':
        decrypted_string += '@'
    elif char == '4':
        decrypted_string += '#'
    elif char == 'b':
        decrypted_string += '$'
    elif char == '`':
        decrypted_string += '%'
    elif char == 'l':
        decrypted_string += '^'
    elif char == '3':
        decrypted_string += '&'
    elif char == 't':
        decrypted_string += '*'
    elif char == '6':
        decrypted_string += '('
    elif char == 's':
        decrypted_string += ')'
    elif char == 'n':
        decrypted_string += '_'
    elif char == ';':
        decrypted_string += '+'
    elif char == '\'':
        decrypted_string += '-'
    elif char == 'r':
        decrypted_string += '='
    elif char == 'k':
        decrypted_string += '`'
    elif char == 'p':
        decrypted_string += '~'
    elif char == '"':
        decrypted_string += '{'
    elif char == '&':
        decrypted_string += '}'
    elif char == '/':
        decrypted_string += '['
    elif char == '\\':
        decrypted_string += ']'
    elif char == '2':
        decrypted_string += '|'
    elif char == '.':
        decrypted_string += ':'
    elif char == '%':
        decrypted_string += ';'
    elif char == '|':
        decrypted_string += '"'
    elif char == ',':
        decrypted_string += '\''
    elif char == '@':
        decrypted_string += '<'
    elif char == '{':
        decrypted_string += '>'
    elif char == 'u':
        decrypted_string += ','
    elif char == '7':
        decrypted_string += '.'
    elif char == 'y':
        decrypted_string += '?'
    elif char == 'a':
        decrypted_string += '/'

print(decrypted_string)

babylua

seed是由4个字符组成的,key则是其经过二次md5加密后的hex,所以直接爆破seed即可得到key,最后将secret的ascii值减去key的ascii值还原即可

from hashlib import md5
import string
import itertools
dict  = string.printable[:62]
for i in itertools.product(dict,repeat=4):
    enc = "".join(i)
    md5_data = md5(enc.encode()).hexdigest()
    key_md5 = md5(md5_data.encode()).hexdigest()
    if key_md5[:10]=='b5e62abe84':
        print(key_md5[:18])
        break
key = key_md5[:18]
secret = [200, 161, 198, 157, 173, 169, 199, 150, 105, 163, 193, 175, 173, 194, 135, 131, 135, 225]
flag = ''
for i in range(len(secret)):
    ascii_code = secret[i] - ord(key[i])
    flag += chr(ascii_code)
print(flag)

Magic of Encoding

将假的flag信息去除,之后可提取出一个压缩包,解压即可得到flag。

import base64
f = open("D:\学习资料\CTF\match\\2023gdouctf\crypto\Magic_Of_Encoding.txt","r")
data = f.read()
flag_list = ["flag{Xd_fake_flag_xD}","find_me_if_you_can","flag{not_the_correct_flag_lol}","\nflag{not_the_correct_flag_lol}\nflag{not_the_correct_flag_lol}\n"]
base64_flag_list = [base64.b64encode(i.encode()).decode() for i in flag_list]
for i in base64_flag_list:
    data = data.replace(i,"")
zip_data = base64.b64decode(data)
with open("magic.zip","wb") as file:
    file.write(zip_data)

Math Problem

copper求x,gcd一下求得p,最后RSA解密即可

#sage
from Crypto.Util.number import *
import gmpy2
e = 65537
n = 79239019133008902130006198964639844798771408211660544649405418249108104979283858140199725213927656792578582828912684320882248828512464244641351915288069266378046829511827542801945752252863425605946379775869602719406340271702260307900825314967696531175183205977973427572862807386846990514994510850414958255877
c = 45457869965165575324534408050513326739799864850578881475341543330291990558135968254698676312246850389922318827771380881195754151389802803398367341521544667542828862543407738361578535730524976113729406101764290984943061582342991118766322793847422471903811686775249409300301726906738475446634950949059180072008
a = 9303981927028382051386918702900550228062240363697933771286553052631411452412621158116514735706670764224584958899184294505751247393129887316131576567242619
b = 9007779281398842447745292673398186664639261529076471011805234554666556577498532370235883716552696783469143334088312327338274844469338982242193952226631913
y = 970090448249525757357772770885678889252473675418473052487452323704761315577270362842929142427322075233537587085124672615901229826477368779145818623466854
PR.<x> = PolynomialRing(Zmod(n))
f = x**3+a*x+b-y**2
f=f.monic()
x0= f.small_roots(X=2^64,beta=0.4,epsilon=0.01)[0]
f = x0**3+a*x0+b-y**2
p = gmpy2.gcd(int(f),n)
q = n//p
phi = (p-1)*(q-1)
d = gmpy2.invert(e,phi)
m = pow(c,d,n)
flag = long_to_bytes(int(m))
print(flag)

Re

Check_Your_Luck

简单Z3约束求解

from z3 import *
v,w,x,y,z = Ints('v w x y z')
s = Solver()
s.add(v * 23 + w * -32 + x * 98 + y * 55 + z * 90 == 333322)
s.add(v * 266 + w * -34 + x * 43 + y * 8 + z * 32 == 1272529)
s.add(v * 231 + w * -321 + x * 938 + y * 555 + z * 970 == 3372367)
s.add(v * 343 + w * -352 + x * 58 + y * 65 + z * 5 == 1672457)
s.add(v * 123 + w * -322 + x * 68 + y * 67 + z * 32 == 707724)
if s.check()==sat:
    print(s.model())

【一个人,哪能什么都不麻烦别人,偶尔有个一两次,不用太愧疚。】

你可能感兴趣的:(CTF,网络安全,python)