2018 AFCTF 可怜的RSA

下载附件，是一个压缩包，里面有两个文件：

flag.enc：

GVd1d3viIXFfcHapEYuo5fAvIiUS83adrtMW/MgPwxVBSl46joFCQ1plcnlDGfL19K/3PvChV6n5QGohzfVyz2Z5GdTlaknxvHDUGf5HCukokyPwK/1EYU7NzrhGE7J5jPdi0Aj7xi/Odxy0hGMgpaBLd/nL3N8O6i9pc4Gg3O8soOlciBG/6/xdfN3SzSStMYIN8nfZZMSq3xDDvz4YB7TcTBh4ik4wYhuC77gmT+HWOv5gLTNQ3EkZs5N3EAopy11zHNYU80yv1jtFGcluNPyXYttU5qU33jcp0Wuznac+t+AZHeSQy5vk8DyWorSGMiS+J4KNqSVlDs12EqXEqqJ0uA==

public.key:

可以看出flag.enc是经过base64加密后的密文。而public.key是公钥。

因此，我们要先用public.key算出n和e。

from Crypto.PublicKey import RSApath = r'C:\public.key'with open(path) as f:key = RSA.import_key(f.read())print('e = %d' % key.e)print('n = %d' % key.n)

我们就得到了e.n:

e = 65537
n = 79832181757332818552764610761349592984614744432279135328398999801627880283610900361281249973175805069916210179560506497075132524902086881120372213626641879468491936860976686933630869673826972619938321951599146744807653301076026577949579618331502776303983485566046485431039541708467141408260220098592761245010678592347501894176269580510459729633673468068467144199744563731826362102608811033400887813754780282628099443490170016087838606998017490456601315802448567772411623826281747245660954245413781519794295336197555688543537992197142258053220453757666537840276416475602759374950715283890232230741542737319569819793988431443

再通过yafu或http://www.factordb.com/分解n得到p和q：

p =3133337q=25478326064937419292200172136399497719081842914528228316455906211693118321971399936004729134841162974144246271486439695786036588117424611881955950996219646807378822278285638261582099108339438949573034101215141156156408742843820048066830863814362379885720395082318462850002901605689761876319151147352730090957556940842144299887394678743607766937828094478336401159449035878306853716216548374273462386508307367713112073004011383418967894930554067582453248981022011922883374442736848045920676341361871231787163441467533076890081721882179369168787287724769642665399992556052144845878600126283968890273067575342061776244939

这样，我们就能通过计算私钥来解密密文了。

from Crypto.PublicKey import RSAimport gmpy2import base64from Crypto.Util.number import *from Crypto.Cipher import PKCS1_OAEPe = 65537n = 79832181757332818552764610761349592984614744432279135328398999801627880283610900361281249973175805069916210179560506497075132524902086881120372213626641879468491936860976686933630869673826972619938321951599146744807653301076026577949579618331502776303983485566046485431039541708467141408260220098592761245010678592347501894176269580510459729633673468068467144199744563731826362102608811033400887813754780282628099443490170016087838606998017490456601315802448567772411623826281747245660954245413781519794295336197555688543537992197142258053220453757666537840276416475602759374950715283890232230741542737319569819793988431443p =3133337q=25478326064937419292200172136399497719081842914528228316455906211693118321971399936004729134841162974144246271486439695786036588117424611881955950996219646807378822278285638261582099108339438949573034101215141156156408742843820048066830863814362379885720395082318462850002901605689761876319151147352730090957556940842144299887394678743607766937828094478336401159449035878306853716216548374273462386508307367713112073004011383418967894930554067582453248981022011922883374442736848045920676341361871231787163441467533076890081721882179369168787287724769642665399992556052144845878600126283968890273067575342061776244939phi = (p-1)*(q-1)d = gmpy2.invert(e,phi)text = 'GVd1d3viIXFfcHapEYuo5fAvIiUS83adrtMW/MgPwxVBSl46joFCQ1plcnlDGfL19K/3PvChV6n5QGohzfVyz2Z5GdTlaknxvHDUGf5HCukokyPwK/1EYU7NzrhGE7J5jPdi0Aj7xi/Odxy0hGMgpaBLd/nL3N8O6i9pc4Gg3O8soOlciBG/6/xdfN3SzSStMYIN8nfZZMSq3xDDvz4YB7TcTBh4ik4wYhuC77gmT+HWOv5gLTNQ3EkZs5N3EAopy11zHNYU80yv1jtFGcluNPyXYttU5qU33jcp0Wuznac+t+AZHeSQy5vk8DyWorSGMiS+J4KNqSVlDs12EqXEqqJ0uA=='c_bytes =base64.b64decode(text)rsa_components=(n,e,int(d),p,q)arsa=RSA.construct(rsa_components)rsakey = RSA.importKey(arsa.exportKey())rsakey = PKCS1_OAEP.new(rsakey)decrypted = rsakey.decrypt(c_bytes)print(decrypted)

最终我们得到：

b'afctf{R54_|5_$0_B0rin9}'

这道题目前没想好怎么用求d，再用pow(c,d,n)来解。因为c和n的长度是一样的。这样就要拆解c，使c的长度小于n。而RSA的库自带`PKCS1_OAEP`，可以padding。所以可以解出。待想到办法后再重新尝试

2018 AFCTF 可怜的RSA相关推荐

可怜的RSA【网络攻防CTF】（保姆级图文）
目录题目解题思路读取公钥文件得到RSA的e,n 爆破求出p,q 计算得到私钥d(如果题目没有给flag.enc,得到的d就是私钥flag) 通过计算私钥来解密密文答案`afctf{R54_|5 ...
[AFCTF2018]可怜的RSA
题目:"flag.enc" GVd1d3viIXFfcHapEYuo5fAvIiUS83adrtMW/MgPwxVBSl46joFCQ1plcnlDGfL19K/3PvChV6n5 ...
BMZCTF-crypto- writeup
BMZCTF -crypto- writeup 目录 BMZCTF -crypto- writeup Sudoku&Viginere Ook 栅栏密码 4进制 2018 AFCTF Morse ...
BUUCTF——rsa系列（4）
目录 [BJDCTF2020]easyrsa [NCTF2019]babyRSA [AFCTF2018]可怜的RSA [RoarCTF2019]babyRSA [RoarCTF2019]RSA RSA ...
【bmzctf-crypto】--writeup
4进制 4进制转16进制,再转字符串. 2018 AFCTF Morse 摩斯电码解密得16进制. 16进制转字符串得flag. 2018 HEBTUCTF 社会主义接班人自由爱国自由平等自由文明平 ...
bmzctf-crypto writeup（一） (持续更新)
4进制 4进制转16进制,再转字符串. 2018 AFCTF Morse 摩斯电码解密得16进制. 16进制转字符串得flag. 2018 HEBTUCTF 社会主义接班人自由爱国自由平等自由文明平 ...
CTF CRYPTO 从零开始的RSA1
第三方库的安装及问题的解决 first of all,首先要把函数安好,编程实现过程中需要下载py的第三方库:pycrypto win+R打开cmd,打开py3所在目录,1.目的目录和当前目录在同盘: ...
BUUCTF 每日打卡 2021-4-28
引言数分考完了明天蓝帽杯可怜的RSA 附件给了公钥: -----BEGIN PUBLIC KEY----- MIIBJDANBgkqhkiG9w0BAQEFAAOCAREAMIIBDAKCAQM ...
BMZCTF Crypto
2018 HEBTUCTF Sudoku&Viginere 下载附件,为一个doc文件,打开后发现是一个数独游戏,和一个密码. 完成数独后: 看数独表很像Viginere的密码表,根据45 3 ...

2018 AFCTF 可怜的RSA

2018 AFCTF 可怜的RSA相关推荐

最新文章

热门文章