CISCN2023-Crypto

CISCN2023-Crypto

  • 基于国密SM2算法的密钥分发
  • 可信度量
  • Sign_in_passwd
  • BB84
  • badkey1

基于国密SM2算法的密钥分发

非预期,直接search能找到明文

curl -d "name=ha&school=hznu&phone=110" http://123.56.244.196:30817/api/login

curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e&publicKey=B9C9A6E04E9C91F7BA880429273747D7EF5DDEB0BB2FF6317EB00BEF331A83081A6994B8993F3F5D6EADDDB81872266C87C018FB4162F5AF347B483E24620207" http://123.56.244.196:30817/api/allkey

curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e" http://123.56.244.196:30817/api/search

curl -d "id=984aeb58-a758-43f5-b321-acdb7cbd534e&quantumString=8eaa7070bcf3d39d7b39db030ea81165" http://123.56.244.196:30817/api/check

CISCN2023-Crypto_第1张图片

可信度量

非预期,之前一次国赛也是差不多,直接查找flag

因为没有权限不能直接grep,提示player.sh是通过root运行,修改player.sh

grep -ra "flag" /

运行player.sh

在这里插入图片描述

Sign_in_passwd

base64变表,表通过url编码解密
CISCN2023-Crypto_第2张图片
CISCN2023-Crypto_第3张图片

BB84

先把表格里的数据提出来,进行纠错

如果EPC1是1或2,则表示APD1是1或ADP2是1,且ADP只有一个为1

同理如果EPC1是3或4,则表示APD3是1或ADP4是1,且ADP只有一个为1

上述如果成功,则EPC1是1或3则密钥赋值0,2或4则赋值1

得到密钥串,通过线性同余方程( x_n = (A * x_n-1 + B) % M)得到索引串

M为密钥串长度,A、B、x0已知

得到正确密钥之后跟密文异或得到flag

import binascii

from Crypto.PublicKey import RSA
from gmpy2 import gcd

from math import *
from Crypto.Util.number import *
EPC1=[]
ADP1=[]
ADP2=[]
ADP3=[]
ADP4=[]
strr = '0b'
for i in range(len(EPC1)):
    if EPC1[i] == 1:
        if (APD1[i] == 1 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 0) or (APD1[i] == 0 and APD2[i] == 1 and APD3[i] == 0 and APD4[i] == 0):
            strr += '0'
    elif EPC1[i] == 2:
        if (APD1[i] == 0 and APD2[i] == 1 and APD3[i] == 0 and APD4[i] == 0) or (APD1[i] == 1 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 0):
            strr += '1'
    elif EPC1[i] == 3:
        if (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 1 and APD4[i] == 0) or (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 1):
            strr += '0'
    elif EPC1[i] == 4:
        if (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 0 and APD4[i] == 1) or (APD1[i] == 0 and APD2[i] == 0 and APD3[i] == 1 and APD4[i] == 0):
            strr += '1'
strr = strr[2:]
print(strr)
print(len(strr))
envc = 0xD9F7E0F737D4BF641E83D35D201457272ECB952D31F660E8EA9B5A326C55AF011686ADB8F478D1BD3852
env = str(bin(envc))[2:]
A = 1709
B = 2003

M = len(strr)
x0 = 17
c = strr[x0]
flag = '0b'
for i in range(336):
    f = (A * x0 + B) % M
    x0 = f
    c += strr[f]

for i in range(336):
    flag += str((int(c[i], 2) ^ int(env[i], 2)) % 2)
print(long_to_bytes(int(flag, 2)))


badkey1

再来补充~

e = 65537

while True:
    p = getPrime(512)
    m = inverse(e, p - 1)
    t = (e * m *p - 1) // (p - 1)  # k(q - 1)
    for k in range(1, e + 1):
        if t % k == 0:
            q = t // k + 1
            if isPrime(q) and q.bit_length() == 512:
                print(p, q)

你可能感兴趣的:(Crypto,ctf)