After making dumb jokes about cryptography to all his classmates, clam got a cease and desist filed against him! When questioned in court, his only comment was "clam's confounding Caesar cipher creates confusing cryptographic challenges." Needless to say, the judge wasn't very happy. Clam was sentenced to 5 years of making dumb Caesar cipher challenges. Here's one of them: sulx{klgh_jayzl_lzwjw_ujqhlgyjshzwj_kume}.
就是简单的凯撒没啥好说的
Randomly Sampled Algorithm:
题目
1 2 3 4 5 6 7 8 9 10 11 12
from Crypto.Util.number import getStrongPrime f = [REDACTED] m = int.from_bytes(f,'big') p = getStrongPrime(512) q = getStrongPrime(512) n = p*q e = 65537 c = pow(m,e,n) print("n =",n) print("e =",e) print("c =",c) print("phi =",(p-1)*(q-1))
1 2 3 4
n = 133075794736862400686388110598570266808714052683651232655122797445099216964925703530068957607358890220696254013415564497625510160656547477386290353341301388957868030883484367150794172590602260618953020322190415128204088685449855108061423638905602604314199002557585876080719068735072138975699738144061697925373 e = 65537 c = 42999486939739078417543300759928045769347425010481921402117654240134870338470114310074441997014418414023223148236139895795053257877203574091454937566637813901960299427919263842462481370908334316720948794826158725807235252653149450622143783560995967869958852519888842457531188064386890082072803961804464549309 phi = 133075794736862400686388110598570266808714052683651232655122797445099216964925703530068957607358890220696254013415564497625510160656547477386290353341301365877872031151018140890962539358215097403168452396402116271802269636497626498820406125901329433708704273662567430256232652048920492894069126553095462130720
这个也没啥好说的
1 2 3 4 5 6 7 8
from Crypto.Util.number import *
n = 133075794736862400686388110598570266808714052683651232655122797445099216964925703530068957607358890220696254013415564497625510160656547477386290353341301388957868030883484367150794172590602260618953020322190415128204088685449855108061423638905602604314199002557585876080719068735072138975699738144061697925373 e = 65537 c = 42999486939739078417543300759928045769347425010481921402117654240134870338470114310074441997014418414023223148236139895795053257877203574091454937566637813901960299427919263842462481370908334316720948794826158725807235252653149450622143783560995967869958852519888842457531188064386890082072803961804464549309 phi = 133075794736862400686388110598570266808714052683651232655122797445099216964925703530068957607358890220696254013415564497625510160656547477386290353341301365877872031151018140890962539358215097403168452396402116271802269636497626498820406125901329433708704273662567430256232652048920492894069126553095462130720 d = inverse(e, phi) print(long_to_bytes(pow(c, d, n)))
withopen("flag.txt", "r") as f: flag = f.read().strip()
alpha = string.ascii_lowercase
defencrypt(msg, key): ret = "" i = 0 for c in msg: if c in alpha: ret += alpha[(alpha.index(key[i]) + alpha.index(c)) % len(alpha)] i = (i + 1) % len(key) else: ret += c return ret
inner = alpha + "_" noise = inner + "{}"
print("Welcome to the vinegar factory! Solve some crypto, it'll be fun I swear!")
i = 0 whileTrue: if i % 50 == 49: fleg = flag else: fleg = "actf{" + "".join(random.choices(inner, k=random.randint(10, 50))) + "}" start = "".join(random.choices(noise, k=random.randint(0, 2000))) end = "".join(random.choices(noise, k=random.randint(0, 2000))) key = "".join(random.choices(alpha, k=4)) print(f"Challenge {i}: {start}{encrypt(fleg + 'fleg', key)}{end}") x = input("> ") if x != fleg: print("Nope! Better luck next time!") break i += 1
deff(x): return [x] + [x[-i:] + x[:-i] for i in [1, 2, 3]]
defencrypt(msg, key): ret = "" i = 0 for c in msg: if c in alpha: ret += alpha[(alpha.index(key[i]) + alpha.index(c)) % len(alpha)] i = (i + 1) % len(key) else: ret += c return ret
defdecrypt(msg, key): ret = "" i = 0 for c in msg: if c in alpha: original_pos = (alpha.index(c) - alpha.index(key[i])) % len(alpha) ret += alpha[original_pos] i = (i + 1) % len(key) else: ret += c return ret
deffind(enc): for a in alpha: for b in alpha: for c in alpha: for d in alpha: key = a + b + c + d if encrypt('actf{', key) in enc andany(encrypt('}fleg', i) in enc for i in f(key)): for i in f(key): msg = decrypt(enc, i) if'actf{'in msg and'}fleg'in msg: return'actf{' + msg.split('actf{')[-1].split('fleg')[0] alpha = string.ascii_lowercase
r = process(['python', 'chal.py']) r.recvline()
for i in trange(50): enc = r.recvline().strip().decode().split(' ')[-1] flag = find(enc).encode() r.sendline(flag) if i == 49: print(flag)
from Crypto.Util.number import * from sage.allimport *
q = 127049168626532606399765615739991416718436721363030018955400489736067198869364016429387992001701094584958296787947271511542470576257229386752951962268029916809492721741399393261711747273503204896435780180020997260870445775304515469411553711610157730254858210474308834307348659449375607755507371266459204680043 p = 0xb4ec8caf1c16a20c421f4f78f3c10be621bc3f9b2401b1ecd6a6b536c9df70bdbf024d4d4b236cbfcb202b702c511aded6141d98202524709a75a13e02f17f2143cd01f2867ca1c4b9744a59d9e7acd0280deb5c256250fb849d96e1e294ad3cf787a08c782ec52594ef5fcf133cd15488521bfaedf485f37990f5bd95d5796b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 o = p - 1 g = 3 y = 0xaf99914e5fb222c655367eeae3965f67d8c8b3a0b3c76c56983dd40d5ec45f5bcde78f7a817dce9e49bdbb361e96177f95e5de65a4aa9fd7eafec1142ff2a58cab5a755b23da8aede2d5f77a60eff7fb26aec32a9b6adec4fe4d5e70204897947eb441cc883e4f83141a531026e8a1eb76ee4bff40a8596106306fdd8ffec9d03a9a54eb3905645b12500daeabdb4e44adcfcecc5532348c47c41e9a27b65e71f8bc7cbdabf25cd0f11836696f8137cd98088bd244c56cdc2917efbd1ac9b6664f0518c5e612d4acdb81265652296e4471d894a0bd415b5af74b9b75d358b922f6b088bc5e81d914ae27737b0ef8b6ac2c9ad8998bd02c1ed90200ad6fff4a37 F = GF(p) g = F(g) y = F(y) print(long_to_bytes(discrete_log(pow(y, q, p), pow(g, q, p))))
funcmain() { flag := "actf{REDACTEDREDACTEDREDACTED!!}" rand.Seed(12345) // the actual seed is not 12345 // drastically slow down naive brute force for i := 0; i < 100000; i += 1 { rand.Uint64() } for i := 0; i < 4; i += 1 { fmt.Printf("flag chunk: %d\n", binary.LittleEndian.Uint64([]byte(flag)[i*8:i*8+8])^rand.Uint64()) } gap := 0 for i := 0; i < 607; i += 1 { fmt.Println(rand.Uint64()) for j := 0; j < gap; j += 1 { rand.Uint64() } gap = (gap + 1) % 13 } }
from Crypto.Util.number import * from sage.allimport * from output import enc, r
defuint64(): global vec vec=[vec[-1]]+vec[:-1] vec[334]=(vec[0]+vec[334]) return vec[334]
R = PolynomialRing(Zmod(2**64), [f'x{i}'for i inrange(607)]) vec = list(R.gens()) [uint64() for _ in'____'] eqs = [] gap = 0 for i in r: eqs.append(uint64() - i) for i inrange(gap): uint64() gap = (gap + 1) % 13
I = Ideal(eqs) B = I.groebner_basis() out = [] for b in B: ifany(i instr(b) for i in p): out.append(2**64 - int(str(b).split('+')[-1])) key = [(out[3 - i] + out[-1 - i]) % 2 ** 64for i inrange(4)] print(''.join(long_to_bytes(key[i] ^ enc[i])[::-1].decode() for i inrange(4)))
from Crypto.Util.number import getStrongPrime, long_to_bytes, bytes_to_long, inverse from secrets import randbelow, token_bytes
print("Welcome to my super secret service! (under construction)")
BITS = 4096
p = getStrongPrime(BITS//2) q = getStrongPrime(BITS//2) n = p*q phi = (p-1)*(q-1) e = 65537
flag = [REDACTED] m = bytes_to_long(flag+token_bytes(BITS//8 - len(flag) - 1)) c = pow(m,e,n)
print("Making sure nothing was tampered with...") print("n =", n) print("e =", e) print("c =", c)
d = inverse(e, phi) bits = list(range(d.bit_length())) for i inrange(3): d ^= 1 << bits.pop(randbelow(len(bits))) # these cosmic rays man...
ans = long_to_bytes(pow(c,d,n)) if ans.startswith(flag): print("Check passed!") print(f"Check failed, {ans} does not start with the flag.")
1 2 3 4 5 6
Welcome to my super secret service! (under construction) Making sure nothing was tampered with... n = 900070490622067320191637256322689412527951600989690014040742293402515652299807355416973524079799412242303695005849373445039400849591465597575071172369743191868426614517714438100741689051321511330353068870085391955380005924193452388879170080569217611534666723431228876665400462326676136834184598097637612462138913958737759322989904101853151206852072163254977079626441345648695044414743061561749348880019607938930572091154083635100263637181513759943165217032366307235262290149121982361740356299744695043277615922872281013512722579789196565526621382570308445038543830946971870143416647314522450656476380450926273955034941922166822345239863969969054173792809511555294506499479460733800203789975490744756171199513541914459052812970878813532508200185561086389173320140400837553390150640118664644728326976956623287728071670363574828765499081630098395101207132121557269428414754204021602411843144222862499913321787608802795431375613453451646357431858538087082423774836125541442108814662883958785416540932102786177408197877642161771714550028264013960050526390792232071691880271991611403599658754594252925331797512039370218705211962522382739680885820067113131946086305783275655204391316332325661610449937310593926456756974934432806107508584687 e = 65537 c = 785019041003063094605338644855048946920785904799316056061128856210648574008947823318103541165223596391441869599653542367469582749735833238881174760706303204193239490503494128261465176354669635814736470937192039240288549501040533102957388190144367063971050093258087028919607189745941929361743460532173075128757057170184845810592063392093611909588608434601111240804241210939629912198253922278311726074613374311364714503593835714701261515902458295964850200883428876941854713297600424159346665228238295844165261930957085099153766532230753418227132506795445835713828219025117217211988132423808868878491252074351084194298227654253015597086572860607173699553442586206642744564518363534136736457282374055689877416438808797889637908338960048452523853477755423540348739016013753910186174575168439451877576061110984631119994270572126858635951627682166569924669328090525845842805274374629938562576743743090674720310052196389604757172761607674745732712177986201837422518542301831341463977319044721933558836609327149863674429302791872305204502140781352055289953107204260973578971800635948027688728015052061073091633479965577903274852755170355267952134264963602557305761624298274953157061326235764865240265336589063356964395136173662984407099988044 Check failed, b'\xc0K*/\xfb{\xfd\xa36\xfe\'\xfc(l\xa5\xe1Nf\x17\xad\x9eZ"\xbd\xc2%rs\xbe\xb9\xf3\xc5e6\xeb\x9e\xceD\x86.\x03\xb2s\x95\xc2\xac}\xee \x9f\xb9\xbb\x87\x1c\x0b\t\x01D7\xcd\x05\xdcp\x84\x07K\xab\xc9\x14\x9e\x8b\xd5\x8e\xe4\xaeB\n(\r\xe3c\xbd\x97\xe9\x93&h5\xdf9\xaf%~\x9f&J\xf02\x9e\xd9JJe\xd6i\x85)\xd2\xb5\'\xe1x\xb6\xc5K\x84M\xbc_\x01\'\x80\xb5\xf5\x7f\xa1\x96\xbe\xe7\xb3R\xaa\xe7\xe0\x9c\xd4\xed\xde\n<\xdc\x16q\x10w\x8f\x1d\xa3XH\xe2M"C\xfa\x03\xdb\xf4\x00\xa0\xaf\x93=\x9fm\xb5\x94\xfa\xec\xf8\nd\xb1\x17\x8d\x84\x9f\xdfD\xb0FU\xd3\xc07q+\xcc|\xb7\xe7\x8dlk.\xa6S\xa3\x18\xbfi\x8e\xc2SW\\\xb4\x03o\xdd\xeb\xa41\x7fv\x8e\x07aka\x91i\xeb\xe0\xa6*\x17\x1f_*6\x90x\xcd\xaa$\xf9x\xadt\x00\xea\x01\x19\x11\xa9\xdd\xb6\xfa\x1e6\xa8<\x92\xf3w(\xbf;v\xe5\x92\n\xcd\x8ckD\xb1\x82\xe9\x16\x85\xbf\xbf81\xf6.\x9a\xbe\xe7\xf66+\xf4u\xce\xcf#\xb4i\x966\xbf\x96\xee568r\xc8\xd0\xfa\xf7\xfe\xd8>\x97j^\xbbc[\xc0\xe4\xf5\x9d\xb5\xac\xab2\xed\x90\x9cvf\x1a\xaa\xe2\xb27!h\xa5\xac\x0c\xff\xc8\x86F\x86\xaff\xdb\xc6\xc4\x94\xbd[\xf5\xf2\x85!\x1f\xf6\xb1.9\xc2\xf0>H\xd6 L\x9d\xe8\xf7V"\xfe"1\xf3I\xa9\xa9]\x10\x97&\xf6\xbb\xb3\xf4a_\x98\x85\x15v\xd4U\xfd\xeayj\xf4\x08b\xd95b\xf7\xcfI\xfc\x08k1\x8e\xc6\x98\xabY\x16fNRS-\x05<\xee\xe5\xc4\xe0\xad\x8aE\x03jL\xd5m~\x81\xfeqjw;0\xe5K\x889\xa9T\xa8\xc1/:\x96_\xee\x16\xe0\xca\xa6qm\xcb\xa5&\xd4\x94o\xa9\x94\xc6{sm\xc7\xf9\xff\xfe \xb3\xc0\x02\xc3\xe5O\xe8\xe7\x1d\xe0\xf4i\x07\xda\x97=\xfd\xc0\x0eW\xc0;\x8e(\x93\\G\x9bf\xd8\xcf0\x85' does not start with the flag.
BITS = 4096 n = 900070490622067320191637256322689412527951600989690014040742293402515652299807355416973524079799412242303695005849373445039400849591465597575071172369743191868426614517714438100741689051321511330353068870085391955380005924193452388879170080569217611534666723431228876665400462326676136834184598097637612462138913958737759322989904101853151206852072163254977079626441345648695044414743061561749348880019607938930572091154083635100263637181513759943165217032366307235262290149121982361740356299744695043277615922872281013512722579789196565526621382570308445038543830946971870143416647314522450656476380450926273955034941922166822345239863969969054173792809511555294506499479460733800203789975490744756171199513541914459052812970878813532508200185561086389173320140400837553390150640118664644728326976956623287728071670363574828765499081630098395101207132121557269428414754204021602411843144222862499913321787608802795431375613453451646357431858538087082423774836125541442108814662883958785416540932102786177408197877642161771714550028264013960050526390792232071691880271991611403599658754594252925331797512039370218705211962522382739680885820067113131946086305783275655204391316332325661610449937310593926456756974934432806107508584687 e = 65537 c = 785019041003063094605338644855048946920785904799316056061128856210648574008947823318103541165223596391441869599653542367469582749735833238881174760706303204193239490503494128261465176354669635814736470937192039240288549501040533102957388190144367063971050093258087028919607189745941929361743460532173075128757057170184845810592063392093611909588608434601111240804241210939629912198253922278311726074613374311364714503593835714701261515902458295964850200883428876941854713297600424159346665228238295844165261930957085099153766532230753418227132506795445835713828219025117217211988132423808868878491252074351084194298227654253015597086572860607173699553442586206642744564518363534136736457282374055689877416438808797889637908338960048452523853477755423540348739016013753910186174575168439451877576061110984631119994270572126858635951627682166569924669328090525845842805274374629938562576743743090674720310052196389604757172761607674745732712177986201837422518542301831341463977319044721933558836609327149863674429302791872305204502140781352055289953107204260973578971800635948027688728015052061073091633479965577903274852755170355267952134264963602557305761624298274953157061326235764865240265336589063356964395136173662984407099988044 m_ = b'\xc0K*/\xfb{\xfd\xa36\xfe\'\xfc(l\xa5\xe1Nf\x17\xad\x9eZ"\xbd\xc2%rs\xbe\xb9\xf3\xc5e6\xeb\x9e\xceD\x86.\x03\xb2s\x95\xc2\xac}\xee \x9f\xb9\xbb\x87\x1c\x0b\t\x01D7\xcd\x05\xdcp\x84\x07K\xab\xc9\x14\x9e\x8b\xd5\x8e\xe4\xaeB\n(\r\xe3c\xbd\x97\xe9\x93&h5\xdf9\xaf%~\x9f&J\xf02\x9e\xd9JJe\xd6i\x85)\xd2\xb5\'\xe1x\xb6\xc5K\x84M\xbc_\x01\'\x80\xb5\xf5\x7f\xa1\x96\xbe\xe7\xb3R\xaa\xe7\xe0\x9c\xd4\xed\xde\n<\xdc\x16q\x10w\x8f\x1d\xa3XH\xe2M"C\xfa\x03\xdb\xf4\x00\xa0\xaf\x93=\x9fm\xb5\x94\xfa\xec\xf8\nd\xb1\x17\x8d\x84\x9f\xdfD\xb0FU\xd3\xc07q+\xcc|\xb7\xe7\x8dlk.\xa6S\xa3\x18\xbfi\x8e\xc2SW\\\xb4\x03o\xdd\xeb\xa41\x7fv\x8e\x07aka\x91i\xeb\xe0\xa6*\x17\x1f_*6\x90x\xcd\xaa$\xf9x\xadt\x00\xea\x01\x19\x11\xa9\xdd\xb6\xfa\x1e6\xa8<\x92\xf3w(\xbf;v\xe5\x92\n\xcd\x8ckD\xb1\x82\xe9\x16\x85\xbf\xbf81\xf6.\x9a\xbe\xe7\xf66+\xf4u\xce\xcf#\xb4i\x966\xbf\x96\xee568r\xc8\xd0\xfa\xf7\xfe\xd8>\x97j^\xbbc[\xc0\xe4\xf5\x9d\xb5\xac\xab2\xed\x90\x9cvf\x1a\xaa\xe2\xb27!h\xa5\xac\x0c\xff\xc8\x86F\x86\xaff\xdb\xc6\xc4\x94\xbd[\xf5\xf2\x85!\x1f\xf6\xb1.9\xc2\xf0>H\xd6 L\x9d\xe8\xf7V"\xfe"1\xf3I\xa9\xa9]\x10\x97&\xf6\xbb\xb3\xf4a_\x98\x85\x15v\xd4U\xfd\xeayj\xf4\x08b\xd95b\xf7\xcfI\xfc\x08k1\x8e\xc6\x98\xabY\x16fNRS-\x05<\xee\xe5\xc4\xe0\xad\x8aE\x03jL\xd5m~\x81\xfeqjw;0\xe5K\x889\xa9T\xa8\xc1/:\x96_\xee\x16\xe0\xca\xa6qm\xcb\xa5&\xd4\x94o\xa9\x94\xc6{sm\xc7\xf9\xff\xfe \xb3\xc0\x02\xc3\xe5O\xe8\xe7\x1d\xe0\xf4i\x07\xda\x97=\xfd\xc0\x0eW\xc0;\x8e(\x93\\G\x9bf\xd8\xcf0\x85' m_ = bytes_to_long(m_) mi = gmpy2.powmod(m_, e, n) maps = {}
for i inrange(BITS): maps[i] = 2**i
dic = {} for i in trange(BITS): ci1 = gmpy2.invert(pow(c, e * maps[i], n), n) ci2 = gmpy2.invert(ci1, n) dic[mi * ci1 % n] = i dic[mi * ci2 % n] = -i
for j in trange(BITS): for k inrange(j): c1 = gmpy2.powmod(c, e * maps[j], n) c2 = gmpy2.powmod(c, e * maps[k], n) cc1 = c1 * c2 % n cc2 = c1 * gmpy2.invert(c2, n) % n cc3 = gmpy2.invert(cc2, n) cc4 = gmpy2.invert(cc1, n) if cc1 in dic: print(dic[cc1], j, k) if cc2 in dic: print(dic[cc2], j, -k) if cc3 in dic: print(dic[cc3], -j, k) if cc4 in dic: print(dic[cc4], -j, -k)
from Crypto.Util.number import bytes_to_long, long_to_bytes from Crypto.Util.Padding import pad from Crypto.Random import get_random_bytes from Crypto.Cipher import AES from secret import flag, d
assertlen(flag) < 256
n = 0xbb7bbd6bb62e0cbbc776f9ceb974eca6f3d30295d31caf456d9bec9b98822de3cb941d3a40a0fba531212f338e7677eb2e3ac05ff28629f248d0bc9f98950ce7e5e637c9764bb7f0b53c2532f3ce47ecbe1205172f8644f28f039cae6f127ccf1137ac88d77605782abe4560ae3473d9fb93886625a6caa7f3a5180836f460c98bbc60df911637fa3f52556fa12a376e3f5f87b5956b705e4e42a30ca38c79e7cd94c9b53a7b4344f2e9de06057da350f3cd9bd84f9af28e137e5190cbe90f046f74ce22f4cd747a1cc9812a1e057b97de39f664ab045700c40c9ce16cf1742d992c99e3537663ede6673f53fbb2f3c28679fb747ab9db9753e692ed353e3551 e = 0x10001 assertpow(2,e*d,n)==2
enc = pow(bytes_to_long(flag),e,n) print(enc)
k = get_random_bytes(32) iv = get_random_bytes(16) cipher = AES.new(k, AES.MODE_CBC, iv)
while1: try: i = int(input("Enter message to sign: ")) assert(0 < i < n) print("signed message (encrypted with military-grade aes-256-cbc encryption):") print(cipher.encrypt(pad(long_to_bytes(pow(i,d,n)),16))) except: print("bad input, exiting")