http://www.shiyanbar.com/ctf/730
warmup
描述见文件
解题链接: http://ctf5.shiyanbar.com/crypto/warmup.zip

解:
解压压缩包得到ciphertext密文,一个.pub文件。
1.
c=0x1e04304936215de8e21965cfca9c245b1a8f38339875d36779c0f123c475bc24d5eef50e7d9ff5830e80c
62e8083ec55f27456c80b0ab26546b9aeb8af30e82b650690a2ed7ea407dcd094ab9c9d3d25a93b2140dcebae1
814610302896e67f3ae37d108cd029fae6362ea7ac1168974c1a747ec9173799e1107e7a56d783660418ebdf6898d
7037cea25867093216c2c702ef3eef71f694a6063f5f0f1179c8a2afe9898ae8dec5bb393cdffa3a52a297cd96d
1ea602309ecf47cd009829b44ed3100cf6194510c53c25ca7435f60ce5f4f614cdd2c63756093b848a70aade002d
6bc8f316c9e5503f32d39a56193d1d92b697b48f5aa43417631846824b5e86
2.And a RSA public key:Luckily openssl has a mode for exactly that幸运地是openssl有一种模式可以打开。
OpenSSL> rsa -pubin -inform PEM -text -noout -in warmup.pub
Public-Key: (2050 bit)
Modulus:
    03:67:19:8d:6b:56:14:e9:58:13:ad:d8:f2:2a:47:
    17:bc:72:be:1e:ab:d9:33:d1:b8:69:44:fd:b7:5b:
    8e:d2:30:be:62:d7:d1:b6:9d:22:20:95:c1:28:c8:
    6f:82:01:2e:cb:11:61:91:fd:9d:01:8a:6d:02:f8:
    4d:b2:7b:c5:1a:21:30:7d:c8:6f:4b:f7:71:c6:91:
    c1:43:e5:ab:e5:49:b5:bd:2d:6e:b1:a2:1f:d6:27:
    0e:7e:1b:48:fe:06:11:fb:b2:e1:b0:b3:52:4e:6f:
    4d:e8:b4:e4:a3:45:da:44:a1:3d:e8:25:b7:26:08:
    db:6c:7c:4a:40:b7:82:66:e6:c8:7b:bf:de:f6:b4:
    83:81:d4:9c:45:07:a5:8b:cd:47:b7:6d:64:b4:59:
    08:b1:58:bd:7e:bc:4d:ac:b0:b1:cf:d6:c2:c1:95:
    74:f4:0e:b2:ef:d0:e9:e1:0d:c7:00:5c:ad:39:bc:
    af:52:b9:ea:c3:87:33:68:d6:90:31:c5:e7:24:68:
    4a:44:f0:68:ef:d1:d3:dc:09:6d:9b:5d:64:11:e5:
    8b:de:e4:3e:46:b9:9a:0d:04:94:b9:db:28:19:5a:
    f9:01:af:f1:30:d4:a6:e2:03:da:d0:8d:a5:7f:a7:
    e4:02:62:a5:ba:db:2a:32:3e:da:28:b4:46:96:ab:
    30:5d
Exponent:
    00:f3:95:9d:97:8e:02:eb:9f:06:de:f3:f3:35:d8:
    f8:af:d7:60:99:51:dd:ac:60:b7:14:b6:c2:2a:f0:
    fa:91:2f:21:0b:34:20:6b:d2:4a:96:01:c7:8d:f4:
    a0:27:5f:10:7f:d3:ab:55:2d:95:05:7e:b9:34:e7:
    1b:dd:cd:70:45:c2:4b:18:58:7b:8c:8f:cf:5a:dd:
    4c:5d:83:f0:c7:7c:94:dc:9c:50:cb:e4:38:e2:b6:
    7b:af:d3:16:33:b6:aa:f1:78:1d:90:c3:ad:6f:03:
    d0:37:b3:32:18:01:b2:35:46:d4:83:e6:7e:26:06:
    7f:7b:22:34:7d:db:c0:c2:d5:92:ce:81:4c:bf:5d:
    fc:cc:14:14:37:f1:4e:0b:39:90:f8:80:61:e5:f0:
    ba:e5:f0:1e:3f:a7:0d:b0:e9:60:5e:7c:fd:57:5e:
    9c:81:ef:ee:c5:29:c3:3f:d9:03:7a:20:fd:8a:cd:
    51:3a:c9:63:77:68:31:3e:63:f9:83:8a:e3:51:1c:
    dd:0a:9a:2b:51:6f:21:48:c8:d4:75:a3:60:a0:63:
    59:44:97:39:ee:cd:25:1a:bb:42:b0:14:57:3e:43:
    9f:2f:a4:57:35:57:b2:56:99:ff:c1:1e:63:1c:e8:
    ee:97:5a:86:e7:e2:72:bc:f5:f7:6a:93:45:03:48:
    fe:3f

在rsa中公钥长度不是越大越好,通常在65537左右被认为是比较安全的,
太小或太大都回减弱密码安全体系,我们要充分利用这一点。
公钥长度太大太小会导致Wiener’s attack:
https://en.wikipedia.org/wiki/Wiener%27s_attack
解释rsa-wiener-attack:
A Python implementation of the Wiener attack on RSA public-key encryption scheme.
It uses some results about continued fractions approximations to infer the private 
key from public key in the cases the encryption exponent is too small or too large.
利用这种攻击我们将可以通过e,n求出私钥d,尝试的d有限(
可以事先设置一个阈值N,即尝试的次数,本测试案例设置N为10,
实际上这远不够,可根据自己的需要适当增大N)

2.rsa -in warmup.pub -pubin -modulus -text
这句效果不一样:
Public-Key: (2050 bit)
Modulus:
    03:67:19:8d:6b:56:14:e9:58:13:ad:d8:f2:2a:47:
    17:bc:72:be:1e:ab:d9:33:d1:b8:69:44:fd:b7:5b:
    8e:d2:30:be:62:d7:d1:b6:9d:22:20:95:c1:28:c8:
    6f:82:01:2e:cb:11:61:91:fd:9d:01:8a:6d:02:f8:
    4d:b2:7b:c5:1a:21:30:7d:c8:6f:4b:f7:71:c6:91:
    c1:43:e5:ab:e5:49:b5:bd:2d:6e:b1:a2:1f:d6:27:
    0e:7e:1b:48:fe:06:11:fb:b2:e1:b0:b3:52:4e:6f:
    4d:e8:b4:e4:a3:45:da:44:a1:3d:e8:25:b7:26:08:
    db:6c:7c:4a:40:b7:82:66:e6:c8:7b:bf:de:f6:b4:
    83:81:d4:9c:45:07:a5:8b:cd:47:b7:6d:64:b4:59:
    08:b1:58:bd:7e:bc:4d:ac:b0:b1:cf:d6:c2:c1:95:
    74:f4:0e:b2:ef:d0:e9:e1:0d:c7:00:5c:ad:39:bc:
    af:52:b9:ea:c3:87:33:68:d6:90:31:c5:e7:24:68:
    4a:44:f0:68:ef:d1:d3:dc:09:6d:9b:5d:64:11:e5:
    8b:de:e4:3e:46:b9:9a:0d:04:94:b9:db:28:19:5a:
    f9:01:af:f1:30:d4:a6:e2:03:da:d0:8d:a5:7f:a7:
    e4:02:62:a5:ba:db:2a:32:3e:da:28:b4:46:96:ab:
    30:5d
Exponent:
    00:f3:95:9d:97:8e:02:eb:9f:06:de:f3:f3:35:d8:
    f8:af:d7:60:99:51:dd:ac:60:b7:14:b6:c2:2a:f0:
    fa:91:2f:21:0b:34:20:6b:d2:4a:96:01:c7:8d:f4:
    a0:27:5f:10:7f:d3:ab:55:2d:95:05:7e:b9:34:e7:
    1b:dd:cd:70:45:c2:4b:18:58:7b:8c:8f:cf:5a:dd:
    4c:5d:83:f0:c7:7c:94:dc:9c:50:cb:e4:38:e2:b6:
    7b:af:d3:16:33:b6:aa:f1:78:1d:90:c3:ad:6f:03:
    d0:37:b3:32:18:01:b2:35:46:d4:83:e6:7e:26:06:
    7f:7b:22:34:7d:db:c0:c2:d5:92:ce:81:4c:bf:5d:
    fc:cc:14:14:37:f1:4e:0b:39:90:f8:80:61:e5:f0:
    ba:e5:f0:1e:3f:a7:0d:b0:e9:60:5e:7c:fd:57:5e:
    9c:81:ef:ee:c5:29:c3:3f:d9:03:7a:20:fd:8a:cd:
    51:3a:c9:63:77:68:31:3e:63:f9:83:8a:e3:51:1c:
    dd:0a:9a:2b:51:6f:21:48:c8:d4:75:a3:60:a0:63:
    59:44:97:39:ee:cd:25:1a:bb:42:b0:14:57:3e:43:
    9f:2f:a4:57:35:57:b2:56:99:ff:c1:1e:63:1c:e8:
    ee:97:5a:86:e7:e2:72:bc:f5:f7:6a:93:45:03:48:
    fe:3f
Modulus=367198D6B5614E95813ADD8F22A4717BC72BE1EABD933D1B86944FDB75B8ED230BE62D7D
1B69D222095C128C86F82012ECB116191FD9D018A6D02F84DB27BC51A21307DC86F4BF771C691C14
3E5ABE549B5BD2D6EB1A21FD6270E7E1B48FE0611FBB2E1B0B3524E6F4DE8B4E4A345DA44A13DE82
5B72608DB6C7C4A40B78266E6C87BBFDEF6B48381D49C4507A58BCD47B76D64B45908B158BD7EBC4
DACB0B1CFD6C2C19574F40EB2EFD0E9E10DC7005CAD39BCAF52B9EAC3873368D69031C5E724684A4
4F068EFD1D3DC096D9B5D6411E58BDEE43E46B99A0D0494B9DB28195AF901AFF130D4A6E203DAD08
DA57FA7E40262A5BADB2A323EDA28B44696AB305D
writing RSA key
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAQEDZxmNa1YU6VgTrdjyKkcX
vHK+HqvZM9G4aUT9t1uO0jC+YtfRtp0iIJXBKMhvggEuyxFhkf2dAYptAvhNsnvF
GiEwfchvS/dxxpHBQ+Wr5Um1vS1usaIf1icOfhtI/gYR+7LhsLNSTm9N6LTko0Xa
RKE96CW3JgjbbHxKQLeCZubIe7/e9rSDgdScRQeli81Ht21ktFkIsVi9frxNrLCx
z9bCwZV09A6y79Dp4Q3HAFytObyvUrnqw4czaNaQMcXnJGhKRPBo79HT3Altm11k
EeWL3uQ+RrmaDQSUudsoGVr5Aa/xMNSm4gPa0I2lf6fkAmKlutsqMj7aKLRGlqsw
XQKCAQEA85Wdl44C658G3vPzNdj4r9dgmVHdrGC3FLbCKvD6kS8hCzQga9JKlgHH
jfSgJ18Qf9OrVS2VBX65NOcb3c1wRcJLGFh7jI/PWt1MXYPwx3yU3JxQy+Q44rZ7
r9MWM7aq8XgdkMOtbwPQN7MyGAGyNUbUg+Z+JgZ/eyI0fdvAwtWSzoFMv138zBQU
N/FOCzmQ+IBh5fC65fAeP6cNsOlgXnz9V16cge/uxSnDP9kDeiD9is1ROsljd2gx
PmP5g4rjURzdCporUW8hSMjUdaNgoGNZRJc57s0lGrtCsBRXPkOfL6RXNVeyVpn/
wR5jHOjul1qG5+JyvPX3apNFA0j+Pw==
-----END PUBLIC KEY-----
上面应该就是编码形式。

求d的python脚本使用了https://github.com/pablocelayes/rsa-wiener-attack上的,稍微修改了下。
代码如下:

# coding=utf-8
import ContinuedFractions, Arithmetic
import binascii
def hack_RSA(e,n):'''Finds d knowing (e,n)applying the Wiener continued fraction attack'''frac = ContinuedFractions.rational_to_contfrac(e, n)convergents = ContinuedFractions.convergents_from_contfrac(frac)for (k,d) in convergents:#check if d is actually the keyif k!=0 and (e*d-1)%k == 0:phi = (e*d-1)//ks = n - phi + 1# check if the equation x^2 - s*x + n = 0# has integer rootsdiscr = s*s - 4*nif(discr>=0):t = Arithmetic.is_perfect_square(discr)if t!=-1 and (s+t)%2==0:#print("Hacked!")return dif __name__ == "__main__":print("-------------------------")n=0x367198D6B5614E95813ADD8F22A4717BC72BE1EABD933D1B86944FDB75B8ED230BE62D7D1B69D222095C128C86F82012ECB116191FD9D018A6D02F84DB27BC51A21307DC86F4BF771C691C143E5ABE549B5BD2D6EB1A21FD6270E7E1B48FE0611FBB2E1B0B3524E6F4DE8B4E4A345DA44A13DE825B72608DB6C7C4A40B78266E6C87BBFDEF6B48381D49C4507A58BCD47B76D64B45908B158BD7EBC4DACB0B1CFD6C2C19574F40EB2EFD0E9E10DC7005CAD39BCAF52B9EAC3873368D69031C5E724684A44F068EFD1D3DC096D9B5D6411E58BDEE43E46B99A0D0494B9DB28195AF901AFF130D4A6E203DAD08DA57FA7E40262A5BADB2A323EDA28B44696AB305De=0xF3959D978E02EB9F06DEF3F335D8F8AFD7609951DDAC60B714B6C22AF0FA912F210B34206BD24A9601C78DF4A0275F107FD3AB552D95057EB934E71BDDCD7045C24B18587B8C8FCF5ADD4C5D83F0C77C94DC9C50CBE438E2B67BAFD31633B6AAF1781D90C3AD6F03D037B3321801B23546D483E67E26067F7B22347DDBC0C2D592CE814CBF5DFCCC141437F14E0B3990F88061E5F0BAE5F01E3FA70DB0E9605E7CFD575E9C81EFEEC529C33FD9037A20FD8ACD513AC9637768313E63F9838AE3511CDD0A9A2B516F2148C8D475A360A06359449739EECD251ABB42B014573E439F2FA4573557B25699FFC11E631CE8EE975A86E7E272BCF5F76A93450348FE3Fd=hack_RSA(e,n)#print(hack_RSA(e,n))打印不了hack_RSA(e,n)不是字符串print('d= '+str(d))c=0x1e04304936215de8e21965cfca9c245b1a8f38339875d36779c0f123c475bc24d5eef50e7d9ff5830e80c62e8083ec55f27456c80b0ab26546b9aeb8af30e82b650690a2ed7ea407dcd094ab9c9d3d25a93b2140dcebae1814610302896e67f3ae37d108cd029fae6362ea7ac1168974c1a747ec9173799e1107e7a56d783660418ebdf6898d7037cea25867093216c2c702ef3eef71f694a6063f5f0f1179c8a2afe9898ae8dec5bb393cdffa3a52a297cd96d1ea602309ecf47cd009829b44ed3100cf6194510c53c25ca7435f60ce5f4f614cdd2c63756093b848a70aade002d6bc8f316c9e5503f32d39a56193d1d92b697b48f5aa43417631846824b5e86m=hex(pow(c,d,n))print(str(m))print(binascii.unhexlify(m[2:]))#unhexlify和a2b_hex实际是一个函数,建议使用unhexlify。作用是16转换产生的字串
#>>> binascii.a2b_hex(m[2:])
#b'BCTF{9etRea4y!}'
#>>> binascii.unhexlify(m[2:])
#b'BCTF{9etRea4y!}'
#>>> m
#'0x424354467b3965745265613479217d'
#>>> m[2:]
#'424354467b3965745265613479217d'print("-------------------------")

ImportError: No module named ContinuedFractions怎么办?哈哈不会用来吧,幸亏问了师兄。(都要配置文件)

求出d=422190901650907812920180123687944676069788522092850669615064693823744099274668340988114145183193919060

9743447676525325543963362353923989076199470515758399

warmup-实验吧相关推荐

  1. 神经网络调参技巧:warmup策略

    有一些论文对warmup进行了讨论,使用 SGD 训练神经网络时,在初始使用较大学习率而后期改为较小学习率在各种任务场景下都是一种广为使用的做法,在实践中效果好且最近也有若干文章尝试对其进行了理论解释 ...

  2. 训练过程acc_AI 深度学习训练tricks总结(均有实验支撑)

    ↑↑↑↑↑点击上方蓝色字关注我们! 『运筹OR帷幄』转载 作者:Jones@知乎 作者丨Jones@知乎来源丨https://zhuanlan.zhihu.com/p/261999668编辑丨极市平台 ...

  3. 【深度学习】实验5答案:滴滴出行-交通场景目标检测

    DL_class 学堂在线<深度学习>实验课代码+报告(其中实验1和实验6有配套PPT),授课老师为胡晓林老师.课程链接:https://www.xuetangx.com/training ...

  4. CSAPP:Attack Lab —— 缓冲区溢出攻击实验

    Warm-up X86-64寄存器和栈帧 X86-64有16个64位寄存器 : -%rax 作为函数返回值使用. - %rsp 栈指针寄存器,指向栈顶. - %rdi,%rsi,%rdx,%rcx,% ...

  5. 深度学习 warmup 策略

    一.介绍 warmup顾名思义就是热身,在刚刚开始训练时以很小的学习率进行训练,使得网络熟悉数据,随着训练的进行学习率慢慢变大,到了一定程度,以设置的初始学习率进行训练,接着过了一些inter后,学习 ...

  6. 图像分类的技能包及每一项的实验验证

    点击上方"AI公园",关注公众号,选择加"星标"或"置顶" 作者:Pavel Semkin 编译:ronghuaiyang 导读 通过实验验 ...

  7. NNDL 实验八 网络优化与正则化(3)不同优化算法比较

    目录 7.3.1 优化算法的实验设定 7.3.1.1 2D可视化实验 7.3.1.2 简单拟合实验 与Torch API对比,验证正确性 7.3.2 学习率调整 7.3.2.1 AdaGrad算法 7 ...

  8. 垃圾分类、EfficientNet模型B0~B7、Rectified Adam(RAdam)、Warmup、带有Warmup的余弦退火学习率衰减

    日萌社 人工智能AI:Keras PyTorch MXNet TensorFlow PaddlePaddle 深度学习实战(不定时更新) 垃圾分类.EfficientNet模型.数据增强(ImageD ...

  9. Stanford University CS144 Lab0 Networking Warmup

    文章目录 前引 二次编辑补引 Lab0 Networking Warmup 获取实验文档 Ubuntu20.04安装(Vmware Workstation) Ubuntu20.04安装G++8 切换G ...

  10. 预热学习率的作用warmup

    学习率是神经网络训练中最重要的超参数之一,针对学习率的优化方式很多,Warmup是其中的一种 (一).什么是Warmup? Warmup是在ResNet论文中提到的一种学习率预热的方法,它在训练开始的 ...

最新文章

  1. Redis常用命令之操作Set(集合)
  2. 邮件实现详解(三)------邮件的组织结构
  3. modern php怎么网,Modern PHP
  4. 如果用户访问一个不存在的地址呢?
  5. Java查询对象中匹配元素_用LinkedList如何实现搜索指定对象的元素
  6. 百度每周更新时间列表
  7. 世界知名网站的技术实现(转)
  8. Storm入门(四)WordCount示例
  9. php 调用永中云,永中优云:是时候给大家介绍真正的云端Office了
  10. 用C#打造quot;QQ对战平台挤房器quot;
  11. win7更新服务器证书,ie浏览器网站安全证书更新方法介绍
  12. MBR20200CT-ASEMI肖特基二极管MBR20200CT
  13. Vue中添加背景图片
  14. 学海灯塔课后题答案模块上线
  15. git上传文件遇到 错误error: failed to push some refs to
  16. 索尼u盘重装系统步骤
  17. 机器学习-常用八大神经网络框架
  18. php如何平铺背景图片,css如何让背景图片平铺?css背景图片平铺四种方式介绍
  19. 就是策划和服务器维护,DNF官方策划针对跨区服务器的回应
  20. 扭矩大好还是马力大好_马力大和扭矩大哪个更重要,马力和扭矩详解

热门文章

  1. 小组c语言程序项目ppt,C语言程序设计项目八.ppt
  2. web安全之路(一)
  3. RFID技术如何解决鞋帽行业应用
  4. 醋在生活中的83种妙用
  5. 咕泡P5人工智能深度学习高薪就业班
  6. STM32 PWM输出原理和直流电机PWM驱动原理详解及例程
  7. PWM控制的基本原理及相关概念
  8. 一文彻底了解SSD1306驱动0.96寸OLED
  9. 任务8、打印杨辉三角形
  10. 序列标注 | (5) 命名实体识别技术综述