解压得到crackme.exe
运行得到flag
先用Z3强行求出p、q,算出常规rsa中的phi,然后套用公式求出m
exp
#babyre wp
from z3 import *
import libnum
from Crypto.Util.number import *
p,q,c=Ints('p q c')
S = Solver()
S.add(p+q==292884018782106151080211087047278002613718113661882871562870811030932129300110050822187903340426820507419488984883216665816506575312384940488196435920320779296487709207011656728480651848786849994095965852212548311864730225380390740637527033103610408592664948012814290769567441038868614508362013860087396409860)
S.add((p+1)*(q+1)==
21292789073160227295768319780997976991300923684414991432030077313041762314144710093780468352616448047534339208324518089727210764843655182515955359309813600286949887218916518346391288151954579692912105787780604137276300957046899460796651855983154616583709095921532639371311099659697834887064510351319531902433355833604752638757132129136704458119767279776712516825379722837005380965686817229771252693736534397063201880826010273930761767650438638395019411119979149337260776965247144705915951674697425506236801595477159432369862377378306461809669885764689526096087635635247658396780671976617716801660025870405374520076160
)
S.check()
d = S.model()
p = d[p].as_long()
q = d[q].as_long()
e=65537
c=5203005542361323780340103662023144468501161788183930759975924790394097999367062944602228590598053194005601497154183700604614648980958953643596732510635460233363517206803267054976506058495592964781868943617992245808463957957161100800155936109928340808755112091651619258385206684038063600864669934451439637410568700470057362554045334836098013308228518175901113235436257998397401389511926288739759268080251377782356779624616546966237213737535252748926042086203600860251557074440685879354169866206490962331203234019516485700964227924668452181975961352914304357731769081382406940750260817547299552705287482926593175925396
phi = (p-1)*(q-1)
n=p*q
m = pow(c,inverse(e,phi),n)
flags=long_to_bytes(m)
flag=flags.decode('utf-8','ignore')
print(flag)
脱壳+移一位异或
使用upx -d
命令进行脱壳
可知程序对输入字符串的每一位的ASCII码值都减了1,逆向解密只需加1即可
def add_value_to_string(input_string):
result = ''
for char in input_string:
new_char = chr(ord(char) + 1)
result += new_char
return result
input_str = "HRBSEz22255e2`,6`0`,3`08,722e,7e`3b5d4ba60|"
result_str = add_value_to_string(input_str)
print(result_str)
ISCTF{33366f3a-7a1a-4a19-833f-8fa4c6e5cb71}
hint1:正确flag字符串ISCTF打头,其余均为错解。
hint2:正确明文的md5为 d26628cceedb1f8bdb3535913c82d959
非预期了 hint2给了md5
somd5一把梭
正确应该是找到加密函数
分析函数,先对字符串异或17,然后如果字符发ASCII码值等于66或88,用155减去该字符,最后对字符串进行逆序。
exp
enc = ']P_ISRF^PCY[I_YWERYC'
ttmp = ''
flag = ''
ttmp = reversed(enc)
for i in ttmp:
if ord(i) == (155 - 66) or ord(i) == (155 - 88):
flag += chr((155 - ord(i)) ^ 17)
else:
flag += chr(ord(i) ^ 17)
print(flag)
e = 465
n = 3162244531
from Crypto.Util.number import *
import gmpy2
n = 3162244531
c = [0x753C2EC5, 0x8D90C736, 0x81282CB0, 0x7EECC470, 0x944E15D3,0x2C7AC726, 0x717E8070, 0x30CBE439, 0x0B1D95A9C, 0x6DB667BB,0x1240463C, 0x77CBFE64, 0x11D8BE59]
e = 465
p = 56099
q = 56369
d = gmpy2.invert(e,(p-1)*(q-1))
res = [long_to_bytes(pow(i,d,n)).decode() for i in c]
print("".join(res))
print("Please input flag:")
flag = input()
if len(flag)!=42:
print("Check your length!")
exit()
l=[]
for i in range(6):
s=""
for j in flag[i*7:i*7+7]:
s+=hex(ord(j))[2:]
l.append(int(s,16))
if (
(593*l[5] + 997*l[0] + 811*l[1] + 258*l[2] + 829*l[3] + 532*l[4])== 0x54eb02012bed42c08 and \
(605*l[4] + 686*l[5] + 328*l[0] + 602*l[1] + 695*l[2] + 576*l[3])== 0x4f039a9f601affc3a and \
(373*l[3] + 512*l[4] + 449*l[5] + 756*l[0] + 448*l[1] + 580*l[2])== 0x442b62c4ad653e7d9 and \
(560*l[2] + 635*l[3] + 422*l[4] + 971*l[5] + 855*l[0] + 597*l[1])== 0x588aabb6a4cb26838 and \
(717*l[1] + 507*l[2] + 388*l[3] + 925*l[4] + 324*l[5] + 524*l[0])== 0x48f8e42ac70c9af91 and \
(312*l[0] + 368*l[1] + 884*l[2] + 518*l[3] + 495*l[4] + 414*l[5])== 0x4656c19578a6b1170):
print("Good job!")
else:
print("Wrong\nTry again!!!")
exit()
exp
from z3 import*
from Crypto.Util.number import *
# print("Please input flag:")
# flag = input()
# if len(flag)!=42:
# print("Check your length!")
# exit()
# l=[]
# for i in range(6):
# s=""
# for j in flag[i*7:i*7+7]:
# s+=hex(ord(j))[2:]
# l.append(int(s,16))
# if (
x1, x2, x3, x4, x5, x6 = Ints("x1 x2 x3 x4 x5 x6")
x = [x1,x2,x3,x4,x5,x6]
s = Solver()
s.add(
(593*x[5] + 997*x[0] + 811*x[1] + 258*x[2] + 829*x[3] + 532*x[4])== 0x54eb02012bed42c08 ,
(605*x[4] + 686*x[5] + 328*x[0] + 602*x[1] + 695*x[2] + 576*x[3])== 0x4f039a9f601affc3a ,
(373*x[3] + 512*x[4] + 449*x[5] + 756*x[0] + 448*x[1] + 580*x[2])== 0x442b62c4ad653e7d9 ,
(560*x[2] + 635*x[3] + 422*x[4] + 971*x[5] + 855*x[0] + 597*x[1])== 0x588aabb6a4cb26838 ,
(717*x[1] + 507*x[2] + 388*x[3] + 925*x[4] + 324*x[5] + 524*x[0])== 0x48f8e42ac70c9af91 ,
(312*x[0] + 368*x[1] + 884*x[2] + 518*x[3] + 495*x[4] + 414*x[5])== 0x4656c19578a6b1170
)
s.check()
print(s.model())
# ):
# print("Good job!")
# else:
# print("Wrong\nTry again!!!")
# exit()
x6= 26860403902456189
x4= 32765855640286324
x5= 28554726411354222
x3= 31015537033047360
x2= 13615593641303915
x1 = 20639221941697358
x = [x1, x2, x3, x4, x5, x6]
for i in range(6):
print(long_to_bytes(x[i]).decode(),end="")
from z3 import *
s = Solver() #创建约束求解器
c = [Int('v%d'%i)for i in range(43)] #添加约束条件
s.add(c[0] + 394 - 740 * c[1] == -60953)
s.add(c[1] + 878 - (c[2] + 614) == 280)
s.add(195 * c[2] + 457 - c[3] == 13438)
s.add(c[3] - 330 - (186 - c[4]) == -362)
s.add(840 * c[4] - 977 * c[5] == -61371)
s.add(729 * c[5] - (197 - c[6]) == 89567)
s.add(c[6] - 899 + 946 - c[7] == 44)
s.add(c[7] - 593 - 373 * c[8] == -18770)
s.add(842 * c[8] + 261 * c[9] == 55613)
s.add(787 * c[9] - (c[10] + 204) == 43029)
s.add(664 * c[10] + 160 - c[11] == 34635)
s.add(c[11] - 885 + 366 * c[12] == 35768)
s.add(659 * c[12] + 892 - c[13] == 66691)
s.add(500 * c[13] - (c[14] + 535) == 49920)
s.add(c[14] - 983 + 194 - c[15] == -844)
s.add(c[15] - 871 + 545 - c[16] == -326)
s.add(762 * c[16] - 443 * c[17] == 51835)
s.add(846 * c[17] - (c[18] + 964) == 45464)
s.add(c[18] - 363 + 218 * c[19] == 9549)
s.add(c[19] - 477 - 170 * c[20] == -9272)
s.add(c[20] - 177 - (351 - c[21]) == -379)
s.add(c[22] + 541 + 492 * c[21] == 48314)
s.add(c[22] - 952 - (454 - c[23]) == -1306)
s.add(c[23] - 731 - (c[24] + 890) == -1615)
s.add(c[24] - 941 - (c[25] + 380) == -1332)
s.add(c[25] - 328 + c[26] + 124 == -98)
s.add(c[26] + 695 + c[27] + 186 == 980)
s.add(c[27] - 412 + 632 * c[28] == 62205)
s.add(c[28] + 820 + c[29] + 257 == 1221)
s.add(c[29] - 155 + c[30] + 673 == 613)
s.add(786 * c[30] - (773 - c[31]) == 38625)
s.add(c[31] + 929 - (956 - c[32]) == 171)
s.add(c[32] + 913 + 311 - c[33] == 1270)
s.add(c[33] + 113 - 705 * c[34] == -40018)
s.add(c[35] + 782 + 901 * c[34] == 52237)
s.add(c[35] - 716 + 255 - c[36] == -411)
s.add(c[36] + 307 + c[37] + 874 == 1329)
s.add(c[37] + 355 - (201 - c[38]) == 308)
s.add(c[38] + 934 + 531 - c[39] == 1465)
s.add(c[39] - 801 - (c[40] + 413) == -1209)
s.add(c[40] - 690 + 558 - c[41] == -135)
s.add(c[41] - 559 + c[42] + 953 == 571)
s.add(c[42] + 141 - 654 * c[0] == -47476)
s.check() #检测是否有解
result = s.model() #输出
flag = ''
for i in range(43):
flag += chr(result[c[i]].as_long())
print(flag)