#Chall.py import random from flag import flag,image,r,key1,key2 import md5 assert(flag[:5]=='CISCN') assert(len(str(r))==3) data = ''.join(map(chr,image)) assert(flag[6:-1] == md5.new(data).hexdigest()) assert(key1<256) assert(key2<256) x0 = random.random() x0 = round(x0,6) defgenerate(x): return round(r*x*(3-x),6) defencrypt(pixel,key1,key2,x0,m,n): num = m*n/8 seqs = [] x = x0 bins = '' tmp = [] for i in range(num): x = generate(x) tmp.append(x) seqs.append(int(x*22000)) for x in seqs: bin_x = bin(x)[2:] if len(bin_x) < 16: bin_x = '0'*(16-len(bin_x))+bin_x bins += bin_x assert(len(pixel) == m*n) cipher = [ 0for i in range(m) for j in range(n)] for i in range(m): for j in range(n): index = n*i+j ch = int(bins[2*index:2*index+2],2) pix = pixel[index] if ch == 0: pix = (pix^key1)&0xff if ch == 1: pix = (~pix^key1)&0xff if ch == 2: pix = (pix^key2)&0xff if ch == 3: pix = (~pix^key2)&0xff cipher[index] = pix return cipher flagimage = image testimage = [] for i in range(16*16): testimage.append(random.randint(0,255)) print testimage print encrypt(testimage,key1,key2,x0,16,16) print encrypt(flagimage,key1,key2,x0,24,16)
from given import Pg,Cg defGenerate(key1,key2): global K1 s="" for i in K1: if(i==key1): s+="00" if(i==(255-key1)): s+="01" if(i==key2): s+="10" if(i==(255-key2)): s+="11" assert len(s)==512 print(s) K1,K2=[],[] for i in range(len(Pg)): K1.append((Pg[i]^Cg[i])&0xff) K2.append((~Pg[i]^Cg[i])&0xff) print(K1) print(K2) Generate(78,86) Generate(78,169) Generate(177,86) Generate(177,169) Generate(86,78) Generate(86,177) Generate(169,78) Generate(169,177)
from possible import * answer=psb[0] keyz=[(78,86),(78,169),(177,86),(177,169),(86,78),(86,177),(169,78),(169,177)] Standard=[] defgenerate(x,r): return round(r*x*(3-x),6) defBruteForce(key1,key2,x0,m,n,r): num = m*n//8 seqs = [] x = x0 bins = '' tmp = [] for i in range(num): x = generate(x,r) tmp.append(x) seqs.append(int(x*22000)) if(seqs!=Standard[:len(seqs)]): return0 return1 for T in range(8): print('Breaking '+str(T+1)+'th Possibility') k1,k2=keyz[T] answer=psb[T] Standard=[] for i in range(0,len(answer),16): Standard.append(int(answer[i:i+16],2)) x0=0 while x0<0.999999: x0=round(x0+0.000001,6) r=0 while r<1.3: r=r+0.1 if(BruteForce(k1,k2,x0,16,16,r)): print('Find(k1,k2,x0,r)!\n',k1,k2,x0,r) break ''' Result: Breaking 7th Possibility Find(k1,k2,x0,r)! 169 78 0.840264 1.2 '''
from hashlib import md5 from Crypto.Util.number import * from given import Cf x0,r=0.840264,1.2 defgenerate(x): return round(r*x*(3-x),6) defencrypt(key1,key2,x0,m,n): num = m*n//8 seqs = [] x = x0 bins = '' tmp = [] for i in range(num): x = generate(x) tmp.append(x) seqs.append(int(x*22000)) for x in seqs: bin_x = bin(x)[2:] if len(bin_x) < 16: bin_x = '0'*(16-len(bin_x))+bin_x bins += bin_x return bins decstr=encrypt(169,78,0.840264,24,16) Pf=[] for i in range(len(Cf)): op=int(decstr[i*2:i*2+2],2) #print(op) if(op==0): Pf.append(Cf[i]^169) if(op==1): Pf.append(Cf[i]^86) if(op==2): Pf.append(Cf[i]^78) if(op==3): Pf.append(Cf[i]^177) print(Pf) S=0 for i in Pf: S*=256 S+=i S=long_to_bytes(S) print('CISCN{'+md5(S).hexdigest()+'}') #CISCN{7fa176002ced947e49f1752c1eb9dd62}
from Crypto.Util.number import * from secret import flag p = getPrime(512) q = getPrime(512) n = p * q e = 65537 print(n) print(pow(bytes_to_long(flag) , e , n)) _q = int(bin(q)[2:][::-1] , 2) print(p ^ _q)
from Crypto.Util.number import * from given import e,n,c,a bina=bin(a)[2:] bina='0'*(512-len(bina))+bina defdfs(P,Q,Round): if Round==256: if P*Q==n: global p,q p,q=P,Q return1 for i in range(2): for j in range(2): CurP=P+i*(2**(511-Round))+(int(bina[Round])^j)*(2**Round) CurQ=Q+j*(2**(511-Round))+(int(bina[511-Round])^i)*(2**Round) if CurP*CurQ>n: continue if (CurP+2**(511-Round))*((CurQ+2**(511-Round)))<n: continue if (CurP*CurQ)%(2**(Round+1))!=n%(2**(Round+1)): continue dfs(CurP,CurQ,Round+1) return0 #------Main Below------# p,q=None,None dfs(0,0,0) assert p!=Noneand q!=None phi=(p-1)*(q-1) d=inverse(e,phi) print(long_to_bytes(pow(c,d,n)))
from Crypto.Util.number import * from pwn import * sh=remote("node3.buuoj.cn",29419) C=sh.recvline(keepends=False) #print(C) #print(len(C)) #sh.interactive() defgetflag(sh,L,R): global suffex,flag for i in range(15,-1,-1): print(i,flag[15:]) suff='#'*i sh.recvuntil('ng: ') #print(flag+'\n') sh.send(suffex+suff+'\n') for j in range(2): rightseq=sh.recvline(keepends=False) for j in range(32,128): nowch=chr(j) sh.recvuntil('ng: ') sh.send(suffex+flag[-15:]+nowch+'\n') for k in range(2): getseq=sh.recvline(keepends=False) if(getseq[32:64]==rightseq[L:R]): flag=flag+nowch break flag='#'*15 recvsuff='0123456789abcdef0123456789abcdef' suffex='' for i in range(16): suff='*'*(i+1) sh.recvuntil('ng: ') sh.send(suff+'\n') for j in range(2): curseq=sh.recvline(keepends=False) if(curseq[:32]==recvsuff): suffex='*'*i break else: recvsuff=curseq[:32] print(suffex) getflag(sh,32,64) getflag(sh,64,96) getflag(sh,96,128)
import java.math.BigInteger; import java.util.Random; publicclassTest0{ static BigInteger two =new BigInteger("2"); static BigInteger p = new BigInteger("11360738295177002998495384057893129964980131806509572927886675899422214174408333932150813939357279703161556767193621832795605708456628733877084015367497711"); static BigInteger h= new BigInteger("7854998893567208831270627233155763658947405610938106998083991389307363085837028364154809577816577515021560985491707606165788274218742692875308216243966916"); /* Alice write the below algorithm for encryption. The public key {p, h} is broadcasted to everyone. @param val: The plaintext to encrypt. We suppose val only contains lowercase letter {a-z} and numeric charactors, and is at most 256 charactors in length. */ publicstatic String pkEnc(String val){ BigInteger[] ret = new BigInteger[2]; BigInteger bVal=new BigInteger(val.toLowerCase(),36); BigInteger r =new BigInteger(new Random().nextInt()+""); ret[0]=two.modPow(r,p); ret[1]=h.modPow(r,p).multiply(bVal); return ret[0].toString(36)+"=="+ret[1].toString(36); }
/* Alice write the below algorithm for decryption. x is her private key, which she will never let you know. public static String skDec(String val,BigInteger x){ if(!val.contains("==")){ return null; } else { BigInteger val0=new BigInteger(val.split("==")[0],36); BigInteger val1=new BigInteger(val.split("==")[1],36); BigInteger s=val0.modPow(x,p).modInverse(p); return val1.multiply(s).mod(p).toString(36); } } */ publicstaticvoidmain(String[] args)throws Exception { System.out.println("You intercepted the following message, which is sent from Bob to Alice:"); System.out.println("eag0vit7sboilgcfu0fbkbrmjgs4pzi2oznmqrkey5h1bwicvborngscx050u8vpghi69xqjmotgrtj4vq8fgw9tzi916o034bu==ahcwy7c0qq5cnxdntssqrj972nhvzt5liqlq0cvv0o1fm2ee4205nemuy5tvkda0hyetu5a5xcqqov8exk901z5xebvkcdo3jiq1gj8pkxzhjaeg9z6syu58neijxy56am7d1l9grhgtgkkfc432wm6h3jr8y1xx"); System.out.println("Please figure out the plaintext!"); } } //eag0vit7sboilgcfu0fbkbrmjgs4pzi2oznmqrkey5h1bwicvborngscx050u8vpghi69xqjmotgrtj4vq8fgw9tzi916o034bu==ahcwy7c0qq5cnxdntssqrj972nhvzt5liqlq0cvv0o1fm2ee4205nemuy5tvkda0hyetu5a5xcqqov8exk901z5xebvkcdo3jiq1gj8pkxzhjaeg9z6syu58neijxy56am7d1l9grhgtgkkfc432wm6h3jr8y1xx