XMan-Day11-Crypto1-WP( crypto is so interesting!

  Levana       2017-08-11 19:56:03 929  1

先通过from import等python的关键词,在qiupquip上decrypt加密后的py文件。

之后的步骤下面代码里写的很详细啦,不多赘述了。

不过提醒一下,给的文件n1是第二次print的c1和c2,文件ciphertext是第一次print的c1和c2也就是加密后的msg1和msg2。


#coding:utf-8 import base64 import gmpy2 def num_2_bytes(n): return hex(n)[2:].decode('hex') def bytes_2_num(b): b = b.encode('hex') b = b[1:] if b[0]=='0' else b return int(b, 16) f=open('n2 & n3','r') n2n3_bytes = f.readlines() n2 = bytes_2_num(base64.b64decode(n2n3_bytes[0])) n3 = bytes_2_num(base64.b64decode(n2n3_bytes[1])) f2 = open('n1','r') c1c2_hex_bytes = f2.readlines() c1_pow = bytes_2_num(c1c2_hex_bytes[0][:-2].decode('hex')) c2_pow = bytes_2_num(c1c2_hex_bytes[1].decode('hex')) #n1有两种求法,1:共模攻击;2:n2 n3有公因子p3 # 解法一:根据c1c2共模攻击,求n1 # n = n3 # e1 = 0x1001 # e2 = 0x101 # # cipher1 = c1_pow # # cipher2 = c2_pow # # gcd, s, t = gmpy2.gcdext(e1, e2) # if s < 0: # s = -s # cipher1 = gmpy2.invert(cipher1, n) # if t < 0: # t = -t # cipher2 = gmpy2.invert(cipher2, n) # plain = gmpy2.powmod(cipher1, s, n) * gmpy2.powmod(cipher2, t, n) % n # # n1 = plain # print "n1: ", n1 # 解法二:根据n1 n2有公因子p3,分解出p1 p3 p4,再同rsa模型求n1 p3 = gmpy2.gcd(n2,n3) p4 = n3/p3 d3 = gmpy2.invert(0x101,(p3-1)*(p4-1)) n1 = pow(c2_pow, d3,n3) #n1=p1*p2, n2=p1*p3, n3=p3*p4 p1 = gmpy2.gcd(n1,n2) p2 = n1/p1 p3 = n2/p1 print "p1: ", p1.bit_length() print "p2: ", p2.bit_length() print "p3: ", p3.bit_length() e = 0x1001 d1 = gmpy2.invert(e, (p1-1)*(p2-1)) d2 = gmpy2.invert(e, (p1-1)*(p3-1)) print "d1: ", d1 print "d2: ", d2 f3 = open('ciphertext', 'r') msg1msg2_hex_bytes_num = f3.readlines() msg1_pow_num = bytes_2_num(msg1msg2_hex_bytes_num[0][:-2].decode('hex')) msg2_pow_num = bytes_2_num(msg1msg2_hex_bytes_num[1].decode('hex')) print "m1:",msg1_pow_num print "m2:",msg2_pow_num print pow(msg1_pow_num,d1,n1) msg1 = num_2_bytes(pow(msg1_pow_num,d1,n1)) msg2 = num_2_bytes(pow(msg2_pow_num,d2,n2)) flag = '' for i in range(len(msg1)): flag += msg1[i] flag += msg2[i] print flag

最后flag如下图



请先登录
+1 已点过赞
1
分享到:
登录后才能发贴或参与互动哦! 点击登录

全部评论 (0)