Java逆向解密

程序员小张不小心弄丢了加密文件用的秘钥,已知还好小张曾经编写了一个秘钥验证算法,聪明的你能帮小张找到秘钥吗? 注意:得到的 flag 请包上 flag{} 提交

解压就得到一个.class文件,用Eclipse还打不开

搜了一下java反编译工具,jd-gui要下载,直接用的在线反编译网站:https://jdec.app/
得到

/* Decompiler 33ms, total 22066ms, lines 39 */
import java.util.ArrayList;
import java.util.Scanner;public class Reverse {public static void main(String[] args) {Scanner s = new Scanner(System.in);System.out.println("Please input the flag :");String str = s.next();System.out.println("Your input is :");System.out.println(str);char[] stringArr = str.toCharArray();Encrypt(stringArr);}public static void Encrypt(char[] arr) {ArrayList<Integer> Resultlist = new ArrayList();for(int i = 0; i < arr.length; ++i) {int result = arr[i] + 64 ^ 32;Resultlist.add(result);}int[] KEY = new int[]{180, 136, 137, 147, 191, 137, 147, 191, 148, 136, 133, 191, 134, 140, 129, 135, 191, 65};ArrayList<Integer> KEYList = new ArrayList();for(int j = 0; j < KEY.length; ++j) {KEYList.add(KEY[j]);}System.out.println("Result:");if (Resultlist.equals(KEYList)) {System.out.println("Congratulations!");} else {System.err.println("Error!");}}
}

还是习惯用python敲

strs = [180, 136, 137, 147, 191, 137, 147, 191,148, 136, 133, 191, 134, 140, 129, 135, 191, 65]flag = ""
for i in range(0,len(strs)):flag += chr(strs[i] - ord('@') ^ 0x20)
print(flag)

运行得到

flag{This_is_the_flag_!}

RSA

import gmpy2
from Crypto.Util.number import getPrime
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from base64 import b64encodeflag = open('flag', 'r').read().strip() * 23def encrypt(p, q, e, msg):while True:n = p * qtry:phi = (p - 1)*(q - 1)pubkey = RSA.construct((int(n), int(e)))key = PKCS1_v1_5.new(pubkey)enc = b64encode(key.encrypt(msg))return encexcept:p = gmpy2.next_prime(p**2 + q**2)q = gmpy2.next_prime(2*p*q)e = gmpy2.next_prime(e**2)p = getPrime(128)
q = getPrime(128)
n = p*q
e = getPrime(64)
pubkey = RSA.construct((n, e))
with open('pubkey.pem', 'wb') as f:f.write(pubkey.exportKey())
with open('flag.enc', 'wb') as g:g.write(encrypt(p, q, e, flag.encode()))

照例先进行公钥解析

题目中n可以分解

p = 184333227921154992916659782580114145999
q = 336771668019607304680919844592337860739
n = 62078208638445817213739226854534031566665495569130972218813975279479576033261
e = 9850747023606211927

正常解,得到

并没有得到flag

重新读代码

所以需要加一个循环,等条件满足了再解密

from gmpy2 import *
from sympy import *
from Crypto.Util.number import *
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from base64 import b64decodec = bytes_to_long(b64decode(open('flag.enc', 'r').read()))n = 62078208638445817213739226854534031566665495569130972218813975279479576033261
e = 9850747023606211927
p = 184333227921154992916659782580114145999
q = 336771668019607304680919844592337860739i = 1
while 1:print(i)i += 1n = q*pif n >= c:phi = (p-1)*(q-1)d = invert(e, phi)m = pow(c, int(d), int(n))print(m)print(long_to_bytes(m))breakelse:p = next_prime(p**2+q**2)q = next_prime(2*q*p)e = next_prime(e**2)

运行得到

21130430102349851344375907769720046484677029119428837396672932715876625383945370341175910951423912243330586361156136290092204002927065190841481131566459116773453246871757757823779794339114822031832596668783157803487998365708485081872049293871850576177149533382597361704504961093792908771866752876348062277434073071889312899586270935385784945924334005249552610480611289214527568844305559106603600018566929797890928176626555862695618418757613020212459322650264561053816448737905971241379935205105514666988287379360172503588707266968468214658214806734945961547412026484158466007375950994697228739953339960206763694563951938227300323961533465852374474323974466788489494540824433887252700477167031278699226560115746479722693928216633617899653625881863492322931150255129472759564345221044014212615176088745172305188187969942140845856558821840760241230906447618882995941860930345904234649300635995029078116116000398889152779488806137751516303308434626148764759017112230666143483350753359092334376383832558156392114656754542536303250262690385361910886616106355699110084413595231691655741871936117939178923936354300417492024309932830222791864588057245518070666325194802557546094107337061841277143915440240581450700287044773939297691649430945373719331434822275917092651804710270515273945123953214293242630960760591850137449965845572686404352917593436844813740451883307968101043043105036122673580071693173311173462705627667546633231350823031456126655265991555075901877279265952658394772898737872531524707773354867729527394596455488986761511453432440662729084866352234374765219975638130644553369563672920115805779997258268448569189017741605641083000677922451058711996773612461711741548934203827335498317539917264952788581712138950255481544545919749733800
b'\x01xg<_{\xf0q\x860C\xc43\x9f\xf7>[\xd7\xf5J\xdc\x85\xbd\xe1f\x0b\xea\x97)Q,\t}\xbe\xff]\x91\x12\xab\xa7R\x9azL\x0c\xf9k\xc8\x0c\xe6d&\x961y\xfc\xf3\x80\x97\xab\x08\xf5\x96\xa6*\xba]\x80\xa9vQ\xad\xc3g\xa6\xed\x94\x90\x19*\xe9\xc5!5\x0e\xeb\x91q/~\xd3\xd8\xb7\xc8\\\xd5D\xf4\xec*\x8f\xbb\x98\x87\xa5=\xeb\xe9U\xdf\x83\xa9\r\xf2D\xf1\x1a\xdfm\xb3\x97\x88"J\xfdnA\xfd(\x0f\xf3\xd7\xd3\xd4\x83\xea\x8aq\xc9\x0f9r\x1c\x17\x9f\xe6\x18\x924\x83\xfa0j.\xb6-zU\x1b\xa3\x1cp\xe1\xff\x02mu\xf9\xa8p\xb0\xe9\x0b/v\x18\xb0\xc60\xd7\'\x1b\x90g\x8cl\xb7\x10Fe\xf6\x9d7\xa2\x8c\xaa\xbfH\xeb\x90*\xef\x8e\xcfE\xa8\xed\xe1U.0\xd5j\xfcZ\xcb\xe1 V-\xf1Dyo>\xe0\xdc\x9d\x86\xf6\xd4\xc66\xf2\x94H\xb5\xb7\x9d\xe4\xf7lC\xde1\x8c\xb1\xc6\xd2\xd0\x12[4\x9dA>\xa6\x9e\xa9\x883\x90\xbci\xf3\xa7\xfdH\xceC,M\xc77\xadX\x08\xd9\x1c/s]\x8dV\xc4\xf6\x12\x8a\xec\x14\xd1\xa7\xc4\xf7\xebAp\xee&\x03\xcb\xe7\xa4\xe5QK\x19\xc8O\'#\xf9#-\xcb\xe3\xdf6\xba4\xd1\x1f\x1d\xae\xae5\xf0\xf5\xdd\x05\xd9\x91uF\x1c\xd0\x84W\x10\xb4\xbe\x94nj.\xbe`;\x99\x90\xa0\x16`\x97\x8bq\xf8&q\xc00\xaa_n3\x9c\xc4\xa4\xe6zK\x97\x08\x00\x11\xf8\xa7lAEU8#\xa7\xb0<?\xe9\xe8\xfa,\xfe\xf8\xe0x\xa1\x02\xba\xef.\xa7\xda\xd4\r\x8d\'h\x7f\x9e$\x88\x97&\xdf\xe8\xd8y\x91\x05\x1bHo\x92t\xebwn\xd3m\x9f\xcd\x7f:\x8a\r2\xe8\x8d\x04\xba1\xa1\xdc"\x9d0\xab\x16\xe9\x065 \xd9A\xcc\xac\x1d\xd8\xcb\xceN&\x84J#\xdcB3\x92\x9c\x14s\xb9\x1a\xe4\xb4\x91\x13\xf7\x08\x92\xad\x83\x80e\x95\xec\x9e\x10\x91\xc3(_\xa4\x8f\x9f\x80C\xed\x884\x90\xbe\x13<\x08\x8a\x83\xb4j\x96\xe5\x1d\xda\xcfE\x89\xe1\xf6I\xc1*\xb0v-\x85\xa4\xe2\xf6`\x1db\xc0\xa0\x9bL5\xadg\x80\xd4\tH+\xe7O)}\xa9\x1a\xca\xca\x89\xc0/)\xfbz?\xa5\x10\xacC\x83\xf9&\xa4\xe9\xe1\xaa\xf3\xfc\xde\xa1\xc4\xdb\xbc"<\xff\xe5\xb4\xda\xd3\xd3\xee\xc3\x8f\xc1\xcd\x95\xc5\x16<\x18\x94\x93\xe6h\xa9\xe8\x083+\xc8\xccC\x19\xd2p\xf2\xee\xfd84YN\xd4fj\xf2\x9c\x11t,MX\xca\x02\x16q\x9b~tT\x0c\xb7f\xe8\xee\x91F\x1a\xe7\x89j\x93Ys\x97}u+\x1c3;_\x03u\x1b\x98I\x81\xe2@\x14]\xca\xdaC\x1b\xf6\xf6V\\\xce\xe9\xf0fY\x1c\xab\xf5\xba\xa0\xf9.\xe6\xf7\xda\xf4\x12\x97N\xf1b2\xa4\xd8\\(G\xa6\xa36\xa4W\xf4%\xff\x96\xb5!J\x12\xbd\xe0\x81rc\xc8\xd6=\xa8'

发现都是\x开头的,所以换一种编码方式
得到

???

发现另一个小细节,这里的RSA是PKCS#1 v1.5的RSA
所以,换一种书写方式

from gmpy2 import *
from sympy import *
from Crypto.Util.number import *
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from base64 import b64decodec = b64decode(open('flag.enc', 'r').read())n = 62078208638445817213739226854534031566665495569130972218813975279479576033261
e = 9850747023606211927
p = 184333227921154992916659782580114145999
q = 336771668019607304680919844592337860739i = 1
while 1:print(i)i += 1n = q*pif n >= bytes_to_long(c):phi = (p-1)*(q-1)d = invert(e, phi)prikey = RSA.construct((int(n), int(e), int(d)))key = PKCS1_v1_5.new(prikey)dec = key.decrypt(c, None)print(dec)breakelse:p = next_prime(p**2+q**2)q = next_prime(2*q*p)e = next_prime(e**2)

2022-01-07相关推荐

  1. NOI题库 python题解-2022.01.07整理(1.4-1.7)

    python && C++ NOI编程题解1.4 https://blog.csdn.net/yigezzchengxuyuan/article/details/86651658 ht ...

  2. NOI题库 python题解-2022.01.07整理(1.1-1.3)

    python && C++ NOI编程题解1.1 https://blog.csdn.net/yigezzchengxuyuan/article/details/86582640 ht ...

  3. STM32CubeIDE用DAP调试的超级无敌简单方法——2022.01.07

    STM32CubeIDE作为ST生态中重要的一环,必然以支持自家的ST-LINK为第一要务.不过当我们手上没有ST-LINK只有其他调试器时也是可以debug和下载的,只需要做一丢丢的简单操作,下面这 ...

  4. 互联网の早报(2022/01/07)

    更多内容,欢迎关注微信公众号"看相声也要敲代码"

  5. 《安富莱嵌入式周报》第247期:2022.01.03--2022.01.09

    往期周报汇总地址:嵌入式周报 - uCOS & uCGUI & emWin & embOS & TouchGFX & ThreadX - 硬汉嵌入式论坛 - P ...

  6. 2019.01.07|区块链技术头条

    2019.01.07|区块链技术头条 1.科普 | 深处的蚁穴:与 Gas 相关的三种安全问题 2.科普 | OmiseGo 将如何把 Plasma 带入寻常百姓家 3.干货 | 详解 MimbleW ...

  7. [Leedcode][JAVA][面试题 01.07][找规律][旋转数组]

    [问题描述] [面试题 01.07. 旋转矩阵] 示例 1:给定 matrix = [[1,2,3],[4,5,6],[7,8,9] ],原地旋转输入矩阵,使其变为: [[7,4,1],[8,5,2] ...

  8. 洛谷 刷题 深基部分题解(python版)-2022.01.29

    P5703 [深基2.例5]苹果采购(python3实现) https://blog.csdn.net/dllglvzhenfeng/article/details/122690555 P5703 [ ...

  9. 小学奥数 7657 连乘积末尾0的个数-2022.01.26

    http://noi.openjudge.cn/math/7657/ /* 小学奥数 7657 连乘积末尾0的个数-2022.01.26 http://noi.openjudge.cn/math/76 ...

  10. 1168:大整数加法--2022.01.22 AC

    /* 1168:大整数加法--2022.01.22 AC http://ybt.ssoier.cn:8088/problem_show.php?pid=1168c++中 cin.cin.get().c ...

最新文章

  1. python csv模块心得
  2. 【论文解读】IPM2020 | 长短期兴趣建模的图神经网络新闻推荐系统
  3. 看我如何基于PythonFacepp打造智能监控系统
  4. OpenSSL原理与实现
  5. Delphi MlSkin v3.9 (2019.4.15)发布啦! 它能让你的程序拥有像QQ一样多彩炫丽的外观...
  6. hadoop连接远程mysql_Hadoop之Hive本地与远程MySQL数据库管理模式安装手册
  7. 创建.config后缀文件
  8. 对象转为json形式
  9. MATLAB图像拼接算法及实现
  10. IDEA+Java+Servlet+JSP+Mysql实现新闻发布系统
  11. 宝塔Linux面板如何进入,云服务器怎么进入宝塔面板
  12. 美化我们的windows xp
  13. 五个国外在线时间管理(GTD)工具推荐
  14. 【电磁】基于Matlab模拟电偶极子电磁场附GUI界面
  15. Excel如何快速对选中区域截图?
  16. HyperMesh 2D网格划分
  17. 计算机求等级值的计算,2015年计算机一级MS OFFICE等级考试计算题
  18. 定义自定义字体需要css的什么规则,css3自定义字体需要什么规则 css3基本选择器...
  19. 什么是水务信息化规划、水务信息化规划有什么用?
  20. Optimus Ride选用Velodyne Lidar的开创性传感器为其自动驾驶汽车提供支持

热门文章

  1. 绿色计算在数据中心的应用及节能效果浅析
  2. 2019年Q3:全球超大规模数据中心数量增至504个
  3. 使用DCIM软件确保数据中心符合DCOI
  4. 数据中心机房空调系统的这些“套路”你知多少?
  5. ML:MLOps系列讲解之《端到端 ML工作流生命周期》解读
  6. 成功解决AttributeError: ‘Series‘ object has no attribute ‘columns‘
  7. ML之k-NN:k-NN实现对150朵共三种花的实例的萼片长度、宽,花瓣长、宽数据统计,根据一朵新花的四个特征来预测其种类
  8. mysql(mariadb)常用命令(持续更新ing)
  9. 决策树-特征属性选择划分
  10. requireJS 从概念到实战