题目描述:
from base64 import b64encode as b32encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import random
flag = "******************************"
nbit = 128
p = getPrime(nbit)
q = getPrime(nbit)
n = p*q
print p
print n
phi = (p-1)*(q-1)
e = random.randint(50000,70000)
while True:
if gcd(e,phi) == 1:
break;
else:
e -= 1;
c = pow(int(b2a_hex(flag),16),e,n)
print b32encode(str(c))[::-1]
# 2373740699529364991763589324200093466206785561836101840381622237225512234632
p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
c = ==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM
不难看出c被base64加密了,倒着输出然后解密
得到c:
c=2373740699529364991763589324200093466206785561836101840381622237225512234632
本道题是RSA题目,且几乎所有的条件都知道,就只有e需要在50000和70000之间爆破
直接枚举爆破就可以了
from Crypto.Util.number import *
import gmpy2
p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
q=n//p
# c="==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM"
# print(c[::-1])
#c=MjM3Mzc0MDY5OTUyOTM2NDk5MTc2MzU4OTMyNDIwMDA5MzQ2NjIwNjc4NTU2MTgzNjEwMTg0MDM4MTYyMjIzNzIyNTUxMjIzNDYzMg==
c=2373740699529364991763589324200093466206785561836101840381622237225512234632
phi=(p-1)*(q-1)
for e in range(50000,70000):
if gmpy2.gcd(e,phi) == 1:
d = gmpy2.invert(e ,phi)
m = pow(c,d,n)
if 'flag' in str(long_to_bytes(m)):
print(str(long_to_bytes(m))[2:])