已经知道c, n,只需要再求出 d 即可 ∵e⋅d≡1modϕ(n) phi(n)=(p−1)(q−1)=pq−(p+q)+1
而p_q已经给出了p+q,直接就可以求出ϕ(n)了
pq, qp是来混淆视听的…
exp
1 2 3 4 5 6 7 8 9 10
from Crypto.Util.number import *
c = 5654386228732582062836480859915557858019553457231956237167652323191768422394980061906028416785155458721240012614551996577092521454960121688179565370052222983096211611352630963027300416387011219744891121506834201808533675072141450111382372702075488292867077512403293072053681315714857246273046785264966933854754543533442866929316042885151966997466549713023923528666038905359773392516627983694351534177829247262148749867874156066768643169675380054673701641774814655290118723774060082161615682005335103074445205806731112430609256580951996554318845128022415956933291151825345962528562570998777860222407032989708801549746 n = 18047017539289114275195019384090026530425758236625347121394903879980914618669633902668100353788910470141976640337675700570573127020693081175961988571621759711122062452192526924744760561788625702044632350319245961013430665853071569777307047934247268954386678746085438134169871118814865536503043639618655569687534959910892789661065614807265825078942931717855566686073463382398417205648946713373617006449901977718981043020664616841303517708207413215548110294271101267236070252015782044263961319221848136717220979435486850254298686692230935985442120369913666939804135884857831857184001072678312992442792825575636200505903 p_q = 279533706577501791569740668595544511920056954944184570513187478007551195831693428589898548339751066551225424790534556602157835468618845221423643972870671556362200734472399328046960316064864571163851111207448753697980178391430044714097464866523838747053135392202848167518870720149808055682621080992998747265496
phi = n-p_q+1 d = inverse(e, phi) m = pow(c, d, n) print(long_to_bytes(m))
ez_hash
源码:
1 2 3 4 5 6 7 8
from hashlib import sha256 from secret import flag, secrets
from Crypto.Util.number import * from hashlib import * from tqdm import *
hash_value = '3a5137149f705e4da1bf6742e62c018e3f7a1784ceebcb0030656a2b42f50b6a' for i in trange(1, 1000000): secret = b'2100' + str(i).zfill(6).encode() temp = sha256(secret).hexdigest() if temp == hash_value: flag = b'moectf{' + secret + b'}' break
print(f"结果是: {flag} ")
Big and small
源码:
1 2 3 4 5 6 7 8 9 10 11 12 13
from secret import flag from Crypto.Util.number import* m = long_to_bytes(flag) p = getPrime(1024) q = getPrime(1024) n = p*q e = 3 c = pow(m,e,n) ''' c = 150409620528288093947185249913242033500530715593845912018225648212915478065982806112747164334970339684262757 e = 3 n = 20279309983698966932589436610174513524888616098014944133902125993694471293062261713076591251054086174169670848598415548609375570643330808663804049384020949389856831520202461767497906977295453545771698220639545101966866003886108320987081153619862170206953817850993602202650467676163476075276351519648193219850062278314841385459627485588891326899019745457679891867632849975694274064320723175687748633644074614068978098629566677125696150343248924059801632081514235975357906763251498042129457546586971828204136347260818828746304688911632041538714834683709493303900837361850396599138626509382069186433843547745480160634787 '''
from Crypto.Util.number import * from gmpy2 import *
c = 150409620528288093947185249913242033500530715593845912018225648212915478065982806112747164334970339684262757 e = 3 n = 20279309983698966932589436610174513524888616098014944133902125993694471293062261713076591251054086174169670848598415548609375570643330808663804049384020949389856831520202461767497906977295453545771698220639545101966866003886108320987081153619862170206953817850993602202650467676163476075276351519648193219850062278314841385459627485588891326899019745457679891867632849975694274064320723175687748633644074614068978098629566677125696150343248924059801632081514235975357906763251498042129457546586971828204136347260818828746304688911632041538714834683709493303900837361850396599138626509382069186433843547745480160634787
m = iroot(c, e)[0] print(long_to_bytes(m))
baby_equation
源码:
1 2 3 4 5 6 7 8 9
from Crypto.Util.number import * from secret import flag
l = len(flag) m1, m2 = flag[:l//2], flag[l//2:] a = bytes_to_long(m1) b = bytes_to_long(m2) k = 0x2227e398fc6ffcf5159863a345df85ba50d6845f8c06747769fee78f598e7cb1bcf875fb9e5a69ddd39da950f21cb49581c3487c29b7c61da0f584c32ea21ce1edda7f09a6e4c3ae3b4c8c12002bb2dfd0951037d3773a216e209900e51c7d78a0066aa9a387b068acbd4fb3168e915f306ba40 assert ((a**2 + 1)*(b**2 + 1) - 2*(a - b)*(a*b - 1)) == 4*(k + a*b)