IT数码 购物 网址 头条 软件 日历 阅读 图书馆
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓
图片批量下载器
↓批量下载图片,美女图库↓
图片自动播放器
↓图片自动播放器↓
一键清除垃圾
↓轻轻一点,清除系统垃圾↓
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁
 
   -> Python知识库 -> BUUCTF 打卡 21/8/31 -> 正文阅读

[Python知识库]BUUCTF 打卡 21/8/31

1.[羊城杯 2020]RRRRRRRSA

这里我需要重新认识一下欧拉函数了。我以为φ(p * p * q) = (p - 1)2 * (q - 1) 。但实际上是错误的。

欧拉函数的性质之一:

设m = m1 * m2 ,则有

  1. 若m1 和m2有相同的素因数,那么φ(m) = m2 * φ(m1)
  2. 若(m1,m2) = 1 ,则φ(m) = φ(m1) * φ(m2)

所以 φ(p * p * q) =p * (p - 1) * (q - 1)

其他步骤就比较简单了。

import gmpy2
from Crypto.Util.number import *

N1 = 60143104944034567859993561862949071559877219267755259679749062284763163484947626697494729046430386559610613113754453726683312513915610558734802079868190554644983911078936369464590301246394586190666760362763580192139772729890492729488892169933099057105842090125200369295070365451134781912223048179092058016446222199742919885472867511334714233086339832790286482634562102936600597781342756061479024744312357407750731307860842457299116947352106025529309727703385914891200109853084742321655388368371397596144557614128458065859276522963419738435137978069417053712567764148183279165963454266011754149684758060746773409666706463583389316772088889398359242197165140562147489286818190852679930372669254697353483887004105934649944725189954685412228899457155711301864163839538810653626724347
P1 = 2274225198252001349705635635570523977229824105257244100474886998299874359980121470818908135119780772090534507154122446275044273088642034569778714650980895003300783785404556303992237495059194352539844239687490397036174178433587393753764414486675415691276936408808667228951877003555601842900641222777857711016758899
Q1 = 11628371843051760370952910026406764366191062991235308941262037248377376991693250742343307155422036713746576338866595433599862614339347536916226536644210947
c1 = 55094296873556883585060020895253176070835143350249581136609315815308788255684072804968957510292559743192424646169207794748893753882418256401223641287546922358162629295622258913168323493447075410872354874300793298956869374606043622559405978242734950156459436487837698668489891733875650048466360950142617732135781244969524095348835624828008115829566644654403962285001724209210887446203934276651265377137788183939798543755386888532680013170540716736656670269251318800501517579803401154996881233025210176293554542024052540093890387437964747460765498713092018160196637928204190194154199389276666685436565665236397481709703644555328705818892269499380797044554054118656321389474821224725533693520856047736578402581854165941599254178019515615183102894716647680969742744705218868455450832
E1 = 125932919717342481428108392434488550259190856475011752106073050593074410065655587870702051419898088541590032209854048032649625269856337901048406066968337289491951404384300466543616578679539808215698754491076340386697518948419895268049696498272031094236309803803729823608854215226233796069683774155739820423103
Phi1 = P1 * (P1-1) * (Q1-1)
d1 = int(gmpy2.invert(E1,Phi1))

N2 = 60143104944034567859993561862949071559877219267755259679749062284763163484947626697494729046430386559610613113754453726683312513915610558734802079868195633647431732875392121458684331843306730889424418620069322578265236351407591029338519809538995249896905137642342435659572917714183543305243715664380787797562011006398730320980994747939791561885622949912698246701769321430325902912003041678774440704056597862093530981040696872522868921139041247362592257285423948870944137019745161211585845927019259709501237550818918272189606436413992759328318871765171844153527424347985462767028135376552302463861324408178183842139330244906606776359050482977256728910278687996106152971028878653123533559760167711270265171441623056873903669918694259043580017081671349232051870716493557434517579121
P2 = 2274225198252001349705635635570523977229824105257244100474886998299874359980121470818908135119780772090534507154122446275044273088642034569778714650980895003300783785404556303992237495059194352539844239687490397036174178433587393753764414486675415691276936408808667228951877003555601842900641222777857711016759643
Q2 = 11628371843051760370952910026406764366191062991235308941262037248377376991693250742343307155422036713746576338866595433599862614339347536916226536644211929
c2 = 39328446140156257571484184713861319722905864197556720730852773059147902283123252767651430278357950872626778348596897711320942449693270603776870301102881405303651558719085454281142395652056217241751656631812580544180434349840236919765433122389116860827593711593732385562328255759509355298662361508611531972386995239908513273236239858854586845849686865360780290350287139092143587037396801704351692736985955152935601987758859759421886670907735120137698039900161327397951758852875291442188850946273771733011504922325622240838288097946309825051094566685479503461938502373520983684296658971700922069426788236476575236189040102848418547634290214175167767431475003216056701094275899211419979340802711684989710130215926526387138538819531199810841475218142606691152928236362534181622201347
E2 = 125932919717342481428108392434488550259190856475011752106073050593074410065655587870702051419898088541590032209854048032649625269856337901048406066968337289491951404384300466543616578679539808215698754491076340386697518948419895268049696498272031094236309803803729823608854215226233796069683774155739820425393
Phi2 = P2 * (P2-1) * (Q2-1)
d2 = int(gmpy2.invert(E2,Phi2))

m1 = pow(c1,d1,N1)
m2 = pow(c2,d2,N2)
flag1 = long_to_bytes(m1)
flag2 = long_to_bytes(m2)
print(flag1,'\n',flag2)

2.[AFCTF2018]BASE

超大容量的文件,里面的内容也判断不出是base64还是base32,base16。所以利用try except进行尝试。进行第一次解密之后发现内容还是字母+数字,猜测应该还要继续解码,那就循环吧,直到不能解码为止。

本来以为用python来解会需要超长时间,没想到一下子就解出来了(当然不包括输出,要是将超大的内容进行解码后再输出,估计得等好久,但是将内容写入文件中,不用print(),一下子就好了。没想到python这么强大,以后就不傻乎乎的输出了,直接写入文件中多好!!!)

import base64

file = open(r'flag_encode.txt','r')
cipher = file.read()
while True:
    try:
        cipher = base64.b64decode(cipher).decode()
    except:
        try:
            cipher = base64.b32decode(cipher).decode()
        except:
            try:
                cipher = base64.b16decode(cipher).decode()
            except:
                break

with open(r'flag','w') as f:
    f.write(cipher)

3.[WUSTCTF2020]B@se

密文:MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD==
JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs****kxyz012789+/

oh holy shit, something is missing...

密文给出来了,拿去解发现不对。第二行少了什么,一开始我也不知道,但看到有‘+/’ 以及’012789‘ 和’56‘,突然想到了是不是少了数字,然后又猜测这可能要跟base64编码表进行比较,找到缺失的部分。

temp = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
cipher = 'JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rskxyz012789+/'
for i in temp:
    if i not in cipher:
        print(i,end ='')

输出’ju34’。既然我们不知道顺序,应该是要对缺失的部分进行排列组合。

知道密文,第二行的字符串也解出来了,但好像没用到。看着有点类似base64的编码表,猜测应该是用这个进行base64解码。

import base64
import itertools
from Crypto.Util.number import long_to_bytes
txt = 'MyLkTaP3FaA7KOWjTmKkVjWjVzKjdeNvTnAjoH9iZOIvTeHbvD=='

temp = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'

cipher = 'JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rskxyz012789+/'
for i in temp:
    if i not in cipher:
        print(i,end ='')#ju34

list_temp = ['j','u','3','4']

for i in itertools.permutations(list_temp,4):#密钥的全排序
    tran = 'JASGBWcQPRXEFLbCDIlmnHUVKTYZdMovwipatNOefghq56rs' +''.join(i)+'kxyz012789+/'
    Bin = ''
    txt = txt.strip('==')
    for i in txt:
        Bin += bin(tran.index(i))[2:].zfill(6)
    flag = ''
    for i in range(0,len(Bin)//8 * 8,8):
        flag += chr(int(Bin[i:i+8],2))
    print(flag)

共有24种输出,

wctf2220{bape64_p_v0ry_e@py_and_fuN}
wctf2320{bape64_p_v0ry_e@py_and_fuN}
wctf2120{bape64_p_v0ry_e@py_and_fuN}
wctf2120{bape64_p_v0ry_e@py_and_fuN}
wctf2320{bape64_p_v0ry_e@py_and_fuN}
wctf2220{bape64_p_v0ry_e@py_and_fuN}
wctf2220{baqe64_q_v1ry_e@qy_and_fuN}
wctf2320{baqe64_q_v1ry_e@qy_and_fuN}
wctf2120{bare64_!r_v2ry_e@ry_and_fuN}
wctf2120{base64_1s_v3ry_e@sy_and_fuN}
wctf2320{bare64_!r_v2ry_e@ry_and_fuN}
wctf2220{base64_1s_v3ry_e@sy_and_fuN}
wctf2020{baqe64_q_v1ry_e@qy_and_fuN}
wctf2020{baqe64_q_v1ry_e@qy_and_fuN}
wctf2020{bare64_!r_v2ry_e@ry_and_fuN}
wctf2020{base64_1s_v3ry_e@sy_and_fuN}
wctf2020{bare64_!r_v2ry_e@ry_and_fuN}
wctf2020{base64_1s_v3ry_e@sy_and_fuN}
wctf2320{baqe64_q_v1ry_e@qy_and_fuN}
wctf2220{baqe64_q_v1ry_e@qy_and_fuN}
wctf2320{bare64_!r_v2ry_e@ry_and_fuN}
wctf2220{base64_1s_v3ry_e@sy_and_fuN}
wctf2120{bare64_!r_v2ry_e@ry_and_fuN}
wctf2120{base64_1s_v3ry_e@sy_and_fuN}

最有可能的是:

wctf2120{base64_1s_v3ry_e@sy_and_fuN}
wctf2220{base64_1s_v3ry_e@sy_and_fuN}
wctf2020{base64_1s_v3ry_e@sy_and_fuN}

估摸着应该是第三个。

总结:

这道题考的是base64加解密的代码实现,根据使用的编码表不同而进行手动解密。

  Python知识库 最新文章
Python中String模块
【Python】 14-CVS文件操作
python的panda库读写文件
使用Nordic的nrf52840实现蓝牙DFU过程
【Python学习记录】numpy数组用法整理
Python学习笔记
python字符串和列表
python如何从txt文件中解析出有效的数据
Python编程从入门到实践自学/3.1-3.2
python变量
上一篇文章      下一篇文章      查看所有文章
加:2021-09-01 11:52:42  更:2021-09-01 11:55:09 
 
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁

360图书馆 购物 三丰科技 阅读网 日历 万年历 2024年11日历 -2024/11/15 12:54:19-

图片自动播放器
↓图片自动播放器↓
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓
一键清除垃圾
↓轻轻一点,清除系统垃圾↓
图片批量下载器
↓批量下载图片,美女图库↓
  网站联系: qq:121756557 email:121756557@qq.com  IT数码