n = 17686671842400393574730512034200128521336919569735972791676605056286778473230718426958508878942631584704817342304959293060507614074800553670579033399679041334863156902030934895197677543142202110781629494451453351396962137377411477899492555830982701449692561594175162623580987453151328408850116454058162370273736356068319648567105512452893736866939200297071602994288258295231751117991408160569998347640357251625243671483903597718500241970108698224998200840245865354411520826506950733058870602392209113565367230443261205476636664049066621093558272244061778795051583920491406620090704660526753969180791952189324046618283
e = 3
c = 213791751530017111508691084168363024686878057337971319880256924185393737150704342725042841488547315925971960389230453332319371876092968032513149023976287158698990251640298360876589330810813199260879441426084508864252450551111064068694725939412142626401778628362399359107132506177231354040057205570428678822068599327926328920350319336256613
from Crypto.Util.number import *
from flag import flag
flag = bytes_to_long(flag.encode("utf-8"))
p = getPrime(1024)
q = getPrime(1024)
n = p * q
e = 3assert2046 < n.bit_length()
assert375 == flag.bit_length()
print("n =", n)
print("e =", e)
print("c =", pow(flag, e, n))
from Crypto.Util.number import *
n = 17686671842400393574730512034200128521336919569735972791676605056286778473230718426958508878942631584704817342304959293060507614074800553670579033399679041334863156902030934895197677543142202110781629494451453351396962137377411477899492555830982701449692561594175162623580987453151328408850116454058162370273736356068319648567105512452893736866939200297071602994288258295231751117991408160569998347640357251625243671483903597718500241970108698224998200840245865354411520826506950733058870602392209113565367230443261205476636664049066621093558272244061778795051583920491406620090704660526753969180791952189324046618283
e = 3
c = 213791751530017111508691084168363024686878057337971319880256924185393737150704342725042841488547315925971960389230453332319371876092968032513149023976287158698990251640298360876589330810813199260879441426084508864252450551111064068694725939412142626401778628362399359107132506177231354040057205570428678822068599327926328920350319336256613
ok = 0
ng = 10 ** 375while ng - ok > 1:
mid = (ok + ng) // 2if mid * mid * mid <= c:
ok = mid
else:
ng = mid
print(long_to_bytes(ok))
Logical_SEESAW[Crypto]
from Crypto.Util.number import *
from random import random, getrandbits
from flag import flag
flag = bytes_to_long(flag.encode("utf-8")) # flagをlong型に変える
length = flag.bit_length() # flagのbit長
key = getrandbits(length) # key = flagと同じbit長のランダムな数字whilenot length == key.bit_length():
key = getrandbits(length)
# 2進数に変換し、['1', '0', '1', ...]みたいなlistを作る
flag = list(bin(flag)[2:])
key = list(bin(key)[2:])
cipher_L = []
for _ inrange(16):
cipher = flag[:]
m = 0.5for i inrange(length):
n = random()
if n > m:
cipher[i] = str(eval(cipher[i] + "&" + key[i]))
cipher_L.append("".join(cipher))
print("cipher =", cipher_L)
FLAG = b'<censored>'
SIZE = 8
p = random_prime(2^128)
MS = MatrixSpace(GF(p), SIZE)
key = MS.random_element()
while key.rank() != SIZE:
key = MS.random_element()
M = copy(MS.zero())
for i inrange(SIZE):
for j inrange(SIZE):
n = i * SIZE + j
if n < len(FLAG):
M[i, j] = FLAG[n]
else:
M[i, j] = GF(p).random_element()
enc = key * M * key
print('p:', p)
print('key:', key)
print('enc:', enc)
from Crypto.Util.number import *
from random import getrandbits
from flag import flag
flag = bytes_to_long(flag.encode("utf-8"))
flag = bin(flag)[2:]
length = len(flag)
A = []
a, b = 0, 0for _ inrange(length):
a += getrandbits(32) + b
b += a
A.append(a)
p = getStrongPrime(512)
q = getStrongPrime(512)
assert q > sum(A)
pub_key = [a * p % q for a in A]
cipher = sum([int(flag[i]) * pub_key[i] for i inrange(length)])
f = open("output.txt", "w")
f.write("pub_key = " + str(pub_key) + "\n")
f.write("cipher = " + str(cipher) + "\n")
f.close()
from Crypto.Util.number import *
from random import getrandbits
from os import urandom
from flag import flag
defgen_primes(bits, e):
q = getStrongPrime(bits)
p = q
whileTrue:
p = p-8# p-8
phi = (p - 1) * (q - 1)
if isPrime(p) and GCD(phi, e) != 1:
breakreturn p, q
flag = flag.encode("utf-8") + urandom(64)
flag = bytes_to_long(flag)
e = 17
p, q = gen_primes(512, e)
n = p * q
print("n =", n)
print("e =", e)
print("c =", pow(flag, e, n))
withopen("flag.txt") as f:
flag = f.read().strip()
A = REDACTED
B = REDACTED
plaintext_space = "ABCDEFGHIJKLMNOPQRSTUVWXYZ_{}"assertall(x in plaintext_space for x in flag)
defencrypt(plaintext: str, a: int, b: int) -> str:
ciphertext = ""for x in plaintext:
if"A" <= x <= "Z":
x = ord(x) - ord("A")
x = (a * x + b) % 26
x = chr(x + ord("A"))
ciphertext += x
return ciphertext
if __name__ == "__main__":
ciphertext = encrypt(flag, a=A, b=B)
print(ciphertext)
withopen("output.txt") as f:
S = f.read().strip()
A = 5
B = 8defdecrypt(s: str, a: int, b: int) -> str:
res = ""for x in s:
if"A" <= x <= "Z":
x = ord(x) - ord("A")
x = (x - b + 26) % 26for i inrange(26):
if a * i % 26 == x:
x = i
break
x = chr(x + ord("A"))
res += x
return res
if __name__ == '__main__':
res = decrypt(S, A, B)
print(res)
siro53@MyComputer:~/CTF/waniCTF2021/crypto$ nc crt.cry.wanictf.org 50000
Mod >
サーバーのコードは次のようになっています。(適宜コメントを入れています)
from Crypto.Util.number import bytes_to_long
withopen("flag.txt", "rb") as f:
flag = f.read()
flag = bytes_to_long(flag)
assert flag <= 10 ** 103
upper_bound = 300whileTrue:
try:
mod = int(input("Mod > ")) # modを入力するif mod > upper_bound: # mod は 300以下じゃないとだめprint("Don't cheat 🤪")
continue
result = flag % mod
print(result) # flagをbytesから整数に直したものを、入力したmodであまりを計算し出力exceptException:
print("Bye 👋")
break
from Crypto.Util.number import getPrime, bytes_to_long
withopen("flag.txt", "rb") as f:
flag = f.read()
p, q = getPrime(1024), getPrime(1024)
N = p * q
M = 2 * p + q
e = 0x10001defencrypt(plaintext: bytes) -> int:
plaintext = bytes_to_long(plaintext)
c = pow(plaintext, e, N)
return c
if __name__ == "__main__":
c = encrypt(flag)
print(f"{N = }")
print(f"{M = }")
print(f"{e = }")
print(f"{c = }")
N = 22255382023772668851018179427844169178508638456713544208965498667359965716247243217931028270320680101854437928939452335472153643094266035953797432826168426002458800906764442624308120284177094975740468163835305872963635678413995878812492729432260346481442092245748885202467992527408086207041964831622724073720751839241897580988210971776031098476500998975223039782371635291859483569580516707907602619018780393060215756966917504096971372578145138070121288608502379649804953835336933545368863853793291348412017384228807171466141787383764812064465152885522264261710104646819565161405416285530129398700414912821358924882993
M = 455054308184393892678058040417894434538147052966484655368629806848690951585316383741818991249942897131402174931069148907410409095241197004639436085265522674198117934494409967755516107042868190564732371162423204135770802585390754508661199283919569348449653439331457503898545517122035939648918370853985174413495
e = 65537
c = 17228720052381175899005296327529228647857019551986416863927209013417483505116054978735086007753554984554590706212543316457002993598203960172630351581308428981923248377333772786232057445880572046104706039330059467410587857287022959518047526287362946817619717880614820138792149370198936936857422116461146587380005750298216662907558653796277806259062461884502203484610534512552197338982682870358910558302016481352035443274153409114492025483995668048818103066011831955626539382173160900595378864729936791103356604330731386911513668727994911216530875480647283550078311836214338646991447576725034118526046292574067040720093
from Crypto.Util.number import long_to_bytes
from math_lib import *
N, M, e, c = map(int, input().split())
defisqrt(n: int) -> int:
ok = 0
ng = n
while ng - ok > 1:
mid = (ok + ng) // 2if mid * mid <= n:
ok = mid
else:
ng = mid
return ok
s = isqrt(M*M-8*N)
assert (s * s == M*M-8*N)
p = (M + isqrt(M*M - 8*N)) // 4# p = (M - isqrt(M*M - 8*N)) // 4
q = N // p
assert (p * q == N)
phi = lcm(p-1, q-1)
d = inv_mod(e, phi)
m = pow(c, d, N)
print(long_to_bytes(m))