ichunqiu的Round Rabins!的writeup
John gave up on RSA and moved to Rabin. ...he still did it wrong though flag.txt What a box!
这题是Rabin密码体制,该密码详细介绍:https://en.wikipedia.org/wiki/Rabin_cryptosystem
通过yafu可以将pq分解出来,yafu的使用方法见:https://blog.csdn.net/dchua123/article/details/105444230:
P154 = 8683574289808398551680690596312519188712344019929990563696863014403818356652403139359303583094623893591695801854572600022831462919735839793929311522108161
P154 = 8683574289808398551680690596312519188712344019929990563696863014403818356652403139359303583094623893591695801854572600022831462919735839793929311522108161将pq转16进制后丢下面脚本求解:
#!/usr/bin/env python
'''
Rabin cryptosystem challenge:
N=0x6b612825bd7972986b4c0ccb8ccb2fbcd25fffbadd57350d713f73b1e51ba9fc4a6ae862475efa3c9fe7dfb4c89b4f92e925ce8e8eb8af1c40c15d2d99ca61fcb018ad92656a738c8ecf95413aa63d1262325ae70530b964437a9f9b03efd90fb1effc5bfd60153abc5c5852f437d748d91935d20626e18cbffa24459d786601c=0xd9d6345f4f961790abb7830d367bede431f91112d11aabe1ed311c7710f43b9b0d5331f71a1fccbfca71f739ee5be42c16c6b4de2a9cbee1d827878083acc04247c6e678d075520ec727ef047ed55457ba794cf1d650cbed5b12508a65d36e6bf729b2b13feb5ce3409d6116a97abcd3c44f136a5befcb434e934da16808b0b
'''
# some functions from http://codereview.stackexchange.com/questions/43210/tonelli-shanks-algorithm-implementation-of-prime-modular-square-root/43267
def legendre_symbol(a, p):"""Legendre symbolDefine if a is a quadratic residue modulo odd primehttp://en.wikipedia.org/wiki/Legendre_symbol"""ls = pow(a, (p - 1)/2, p)if ls == p - 1:return -1return lsdef prime_mod_sqrt(a, p):"""Square root modulo prime numberSolve the equationx^2 = a mod pand return list of x solutionhttp://en.wikipedia.org/wiki/Tonelli-Shanks_algorithm"""a %= p# Simple caseif a == 0:return [0]if p == 2:return [a]# Check solution existence on odd primeif legendre_symbol(a, p) != 1:return []# Simple caseif p % 4 == 3:x = pow(a, (p + 1)/4, p)return [x, p-x]# Factor p-1 on the form q * 2^s (with Q odd)q, s = p - 1, 0while q % 2 == 0:s += 1q //= 2# Select a z which is a quadratic non resudue modulo pz = 1while legendre_symbol(z, p) != -1:z += 1c = pow(z, q, p)# Search for a solutionx = pow(a, (q + 1)/2, p)t = pow(a, q, p)m = swhile t != 1:# Find the lowest i such that t^(2^i) = 1i, e = 0, 2for i in xrange(1, m):if pow(t, e, p) == 1:breake *= 2# Update next value to iterateb = pow(c, 2**(m - i - 1), p)x = (x * b) % pt = (t * b * b) % pc = (b * b) % pm = ireturn [x, p-x]def egcd(a, b):if a == 0:return (b, 0, 1)else:g, y, x = egcd(b % a, a)return (g, x - (b // a) * y, y)def modinv(a, m):g, x, y = egcd(a, m)if g != 1:raise Exception('modular inverse does not exist')else:return x % m# This finds a solution for c = x^2 (mod p^2)
def find_solution(c, p):'''Hensel lifting is fairly simple. In one sense, the idea is to useNewton's method to get a better result. That is, if p is an oddprime, andr^2 = n (mod p),then you can find the root mod p^2 by changing your first"approximation" r tor - (r^2 - n)/(2r) (mod p^2).http://mathforum.org/library/drmath/view/70474.html '''n = p ** 2# Get square roots for x^2 (mod p)r = prime_mod_sqrt(c,p)[0]inverse_2_mod_n = modinv(2, n)inverse_r_mod_n = modinv(r, n)new_r = r - inverse_2_mod_n * (r - c * inverse_r_mod_n)return new_r % nif __name__ == "__main__":# These are the given valuesn = 0x6b612825bd7972986b4c0ccb8ccb2fbcd25fffbadd57350d713f73b1e51ba9fc4a6ae862475efa3c9fe7dfb4c89b4f92e925ce8e8eb8af1c40c15d2d99ca61fcb018ad92656a738c8ecf95413aa63d1262325ae70530b964437a9f9b03efd90fb1effc5bfd60153abc5c5852f437d748d91935d20626e18cbffa24459d786601L# n is a perfect square: n = p * pp = 0xa5cc6d4e9f6a893c148c6993e1956968c93d9609ed70d8366e3bdf300b78d712e79c5425ffd8d480afcefc71b50d85e0914609af240c981c438acd1dcb27b301L# encrypted messagec = 0xd9d6345f4f961790abb7830d367bede431f91112d11aabe1ed311c7710f43b9b0d5331f71a1fccbfca71f739ee5be42c16c6b4de2a9cbee1d827878083acc04247c6e678d075520ec727ef047ed55457ba794cf1d650cbed5b12508a65d36e6bf729b2b13feb5ce3409d6116a97abcd3c44f136a5befcb434e934da16808b0bLsolution = find_solution(c, p)print hex(solution)[2:-1].decode("hex")flag为: IceCTF{john_needs_to_get_his_stuff_together_and_do_things_correctly}
参考:https://github.com/WCSC/writeups/tree/master/icectf-2016/Round-Rabins
ichunqiu的Round Rabins!的writeup相关推荐
- Ichunqiu云境 —— Exchange Writeup
Ichunqiu云境 -- Exchange Writeup Author:小离-xiaoli 0x00 Intro OSCP 渗透风格,脱离C2和MSF之类的工具 Box 难度不高 0x01 Inf ...
- 【原创】Ichunqiu云境 —— Endless(无间计划) Writeup
Ichunqiu云境 -- Endless(无间计划) Writeup Author:小离-xiaoli 0x00 Intro 前言: 两个入口点,一个入口点是pboot-cms,另外一个是SQL注入 ...
- ichunqiu云境 - Delegation Writeup
0x1 Info 靶场地址:https://yunjing.ichunqiu.com/ranking/summary?id=BzMFNFpvUDU 0x2 Recon Target external ...
- Ichunqiu云境 —— Tsclient Writeup
0x1 Info Tag: MSSQL,Privilege Escalation,Kerberos,域渗透,RDP 靶场地址:https://yunjing.ichunqiu.com/ranking/ ...
- 赏金猎人:IChunQiu云境-Spoofing Writeup
## 0x00 - Intro - 2022年12月5号开始,于次日获得一血,斩获1000元奖励 ## 0x01 - Info - Tag: Tomcat,NTLM,WebClient,Coerce ...
- 虎符WEB Writeup
虎符网络安全比赛 WEB Writeup 转自i春秋 https://bbs.ichunqiu.com/thread-56994-1-2.html 0x01 前言 这次比赛相对于我这个小菜鸡而言收获很 ...
- 国赛mysql加固_2019 全国大学生信息安全竞赛创新能力实践赛3道Web Writeup
0x01 JustSoso 本题的主要知识点在于反序列化的应用和parse_url()函数的解析问题,首先通过网页源码中的文件读取提示读取得到index.php文件源码和hint文件源码,任意文件读取 ...
- 【ByteCTF 2022】Crypto Writeup
ByteCTF 2022 密码 Crypto writeup Choose_U_flag Compare Card Shark 文章目录 1. Choose_U_flag 题目分析 初始化参数 加密过 ...
- 祥云杯2022 writeup
0x01 web 1.ezjava 下载源码对jar文件进行反编译,发现POST /myTest会出现反序列化漏洞 util ,最后好像没用到 检查程序,发现apache的common−collect ...
最新文章
- CRMEB页面说明这个是v3.0H5端的
- 不小心把硬盘摔了一下,结果电脑变成这样了......
- JBPM4.4整合SSH2项目
- 电脑显示器不亮主机正常_电脑主机已开机 显示屏却不亮(看完秒懂)
- java中的@override
- _04媒体文件的读取
- C#基础18:内置委托类型Action和Func
- 部署calico网络的k8s集群
- html如何根据颜色排序,Excel技巧:按颜色排序或筛选
- TOM邮箱,那个陪我走过20多年的邮箱
- 分部积分题型总结笔记(分部积分超强拓展)
- 【英语-同义词汇词组】advantage | ascendancy | predominance | preponderance | prepotency | superh的用法及区别
- 环宇成功签约世界级海外文旅夜游项目,探索夜游新模式!
- 黎曼zeta函数不需解析延拓
- 节日献礼:Flutter图片库重磅开源!
- Spark-core电商分析
- Unity百度地图,支持PC,Android,iOS,支持添加模型,支持卫星图,街道图
- Your Organization has Turned off Automatic Updates (转载)
- 入学校计算机社团申请书,入计算机协会申请书范文
- 计算机术语cpu是,计算机术语CPU.doc