CTF密码学部分知识总结(一)

CTF密码学部分知识总结（⼀）

⽬录

openssl 解密RSA⼀般步骤

步骤：

①使⽤ openssl 解密.pem 中参数 --> ②参数⼗六进制转换为⼗进制 --> ③ 利⽤ factor 对⼤整数进⾏分解，得到 p 和 q --> ④⽤ rsatool ⽣成私钥⽂件: private.pem --> ⑤⽤ private.pem 解密

①使⽤ openssl 解密.pem 中参数。

Openssl 是 linux ⾃带的⼀个加密库，可以直接使⽤。

openssl rsa-pubin-text-modulus-in warmup-in./Normal_RSA/pubkey.pem

②参数⼗六进制转换为⼗进制 Python ⽀持直接将 16 进制转换为 10 进制 Linux 下进⼊ python 命令⾏ 0x

C2636AE5C3D8E43FFB97AB09028F1AAC6C0BF6CD3D70EBCA281BFFE97FBE30DD

也可使⽤python solve.py -g --dumpkey --key ../exercise/rsa-2/public.pem，得到的n直接是⼗进制的，可以省略步骤1和2

③，得到 p 和 q ：

p= 275127860351348928173285174381581152299

q= 319576316814478949870590164193048041239

④⽤ rsatool ⽣成私钥⽂件: private.pem

python rsatool.py -o private.pem -e 65537-p 275127860351348928173285174381581152299-q 319576316814478949870590164193048041239

⑤⽤ private.pem 解密：

openssl rsautl-decrypt-in./Normal_-inkey./private_1.pem

成功获取flag，这种⽅法⽐较啰嗦，作为⽤来弥补solve.py⽆法获取完整flag的情况，接下来总结常⽤的各种密码学解密⽅法：

1.凯撒密码（Caesar）

#-*-coding=utf-*-

def caesar(cipher):

for j in range(26):

str_list=list(cipher)

i=0

while i<len(cipher):

if not str_list[i].isalpha():

str_list[i]=str_list[i]

else:

a="A"if str_list[i].isupper()else"a"

str_list[i]=chr((ord(str_list[i])-ord(a)+j)%26+ord(a))

i=i+1

print(''.join(str_list))

if__name__=='__main__':

cipher="oknqdbqmoq{kag_tmhq_xqmdzqp_omqemd_qzodkbfuaz}"

caesar(cipher)

2.摩斯密码在线解密

#!/usr/bin/python

#-*-coding=utf-*-

table={'a':".-",'b':"-...",'c':"-.-.",'d':"-..",'e':".",'f':"..-.",'g':"--.",

'h':"....",'i':"..",'j':".---",'k':"-.-",'l':".-..",'m':"--",'n':"-.",

'o':"---",'p':".--.",'q':"--.-",'r':".-.",'s':"...",'t':"-",'u':"..-",

'v':"...-",'w':".--",'x':"-..-",'y':"-.--",'z':"--..",

'0':'-----','1':'.----','2':'..---','3':'...--','4':'....-',

'5':'.....','6':'-....','7':'--...','8':'---..','9':'----.',

',':'--..--','.':'.-.-.-',':':'---...',';':'-.-.-.',

'?':'..--..','=':'-...-',"'":'.----.','/':'-..-.',

'!':'-.-.--','-':'-....-','_':'..--.-','(':'-.--.',

')':'-.--.-','$':'...-..-','&':'. . . .','@':'.--.-.'}

def morse(cipher):

msg=''

codes=cipher.split(' ')

for code in codes:

if code=='':

msg+=' '

else:

UNCODE=dict(map(lambda t:(t[1],t[0]),table.items()))

msg+=UNCODE[code]

return msg

if__name__=='__main__':

#file=open(r'D:\CTF\攻防世界\','r')

#ad()

cipher="11 111 010 000 0 1010 111 100 0 00 000 000 111 00 10 1 0 010 0 000 1 00 10 110"

place('1','-')

place('0','.')

plaintext=morse(cipher)

print(plaintext)

3.unicode在线解码

ASC2码如下

Unicode特征如下：

最后解码到这⾥之后不会解码了

/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/1 19/111/114/108/100

照搬⼤神的程序

# a = open(','r')

# s = a.read()

s="JiM4NDsmIzEwNzsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzEyMDsmIzc2OyYjMTIyOyYjNjk7JiMxMjA7JiM3ODsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY 4OyYjMTAzOyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjMTE5Ow=="

# base64解密⼀下

b = base64.b64decode(s).decode('ascii')

# 对解密后的字符串进⾏处理

b = b.strip('&#;')

c = []

c = b.split(';&#')

# unicode解密

d = ''

for i in c:

d += chr(int(i))

# base64再次解密

e = base64.b64decode(d).decode('ascii')

# 对字符进⾏处理

e = e.strip('/')

f = []

f = e.split('/')

# 转化为ascii码

flag =''

for i in f:

flag += chr(int(i))

print('flag is ',flag)

4.栅栏密码在线解密

5.培根密码在线解密

# !/usr/bin/python

# -*- coding=utf -*-

import re

table = {'a': 'aaaaa', 'b': 'aaaab', 'c': 'aaaba', 'd': 'aaabb', 'e': 'aabaa', 'f': 'aabab', 'g': 'aabba',

'h': 'aabbb', 'i': 'abaaa', 'j': 'abaab', 'k': 'ababa', 'l': 'ababb', 'm': 'abbaa', 'n': 'abbab',

'o': 'abbba', 'p': 'abbbb', 'q': 'baaaa', 'r': 'baaab', 's': 'baaba', 't': 'baabb', 'u': 'babaa',

'v': 'babab', 'w': 'babba', 'x': 'babbb', 'y': 'bbaaa', 'z': 'bbaab'}

def bacon(cipher):

msg = ''

codes = re.findall(r'.{5}', cipher)

for code in codes:

if code == '':

msg += ' '

else:

UNCODE = dict(map(lambda t: (t[1], t[0]), table.items()))

msg += UNCODE[code]

return msg

if __name__ == '__main__':

cipher = 'AAAAABAABBBAABBAAAAAAAABAABABAAAAAAABBABAAABBAAABBAABAAAABABAABAAABBABAAABAAABAABABBAABBBABAAABABABB AAABBABAAABAABAABAAAABBABBAABBAABAABAAABAABAABAABABAABBABAAAABBABAABBA'

# cipher = cipher.upper()

cipher = cipher.lower()

plaintext = bacon(cipher)

print(plaintext)

6.python反编译⼯具uncompyle

python的.pyc⽂件，⼤致可以理解为python程序编译后得到的⽂件。可以下载uncompyle库后使⽤uncompyle6将easychallenge.pyc反编译成py⽂件。

uncompyle6easychallenge.pyc>easychallenge.py

7.Easy-RSA

python solve.py--verbose--private-N2135733555619387051-e17-p473398607161-q4511491

得到的d值就是FLAG

python solve.py--verbose-k examples/jarvis_oj_mediumRSA/pubkey.pem--decrypt examples/jarvis_oj_

8.将ASC码值转换成字符

import re

r="/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/119/111/114/108/100"

r=re.split("/",r)

flag=""

for i in range(1,len(r)):

flag=flag+chr(int(r[i]))

print flag

9.RSA共模攻击

import gmpy2

def ByteToHex( bins ):

return ''.join( [ "%02X" % x for x in bins ] ).strip()

def n2s(num):

t = hex(num)[2:]

if len(t) % 2 == 1:

t = '0'+ t

return ''.join([chr(int(b, 16)) for b in [t[i:i+2] for i in range(0, len(t), 2)]])

n = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65 db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489

284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa 123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c47 8bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74b a8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e6 11c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739c e00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb22 22a965cc30b3929

e1 = 17

e2 = 65537

s = dext(e1,e2) #dext(e1,e2)的运⾏结果为元组(mpz(1), mpz(30841), mpz(-8))，所以元组的第0个值不能取，第1个值才是s1，第2个值由于是负数，所以要取反，变为正数

s1 = s[1]

s2 = -s[2]

file1 = open("E:/04 CTF/i春秋/ISC2016训练赛——phrackCTF/Crypto-very hard RSA/veryhardRSA/fl

<1" ,'rb').read()

c1 = int(ByteToHex(file1),16)

file2 = open("E:/04 CTF/i春秋/ISC2016训练赛——phrackCTF/Crypto-very hard RSA/2" ,'rb').read()

c2 = int(ByteToHex(file2),16)

c2 = gmpy2.invert(c2, n) #由于根据前⾯的运算，s1是正数，s2是负数，后⾯需要运算c2的s2次幂。因为在数论模运算中，要求⼀个数的负数次幂，与常规⽅法并不⼀样，⽐如此处要求c2的s2次幂，就要先计算c2的模反元素c2r，然后求c2r的-s2次幂。

m = (pow(c1,s1,n) * pow(c2 , s2 , n)) % n

print(n2s(m))

这样⼦很⿇烦，⽤libnum库⾃带的n2s和s2n函数来代替代码⾥的n2s和ByteToHex函数，这⾥附上⼀个简单的将公钥加密的⽂本转换成数字的⼩程序：

import libnum

f=open("1",'rb')

c1=libnum.ad())

print(c1)

得到c的数值表⽰后我们配置好参数⽂件直接使⽤下⾯的脚本解密得到flag

python solve.py -i ../exercise/veryhardRSA/

10.Wiener’s attack的条件

e很⼤的，d可能就会⽐较⼩，可能会满⾜Wiener’s attack的条件

Wiener’s attack

python solve.py--verbose--private-i examples/

或者通过命令⾏，只要指定对应参数就⾏了

python solve.py --verbose --private -N

4606578138842896098963720565855441724853181170262462638997443292374927018206272195560 0778820059011913617389598900138215153600685382332638289236314360431451868638878600298 9248800814861248595075326277099645338694977097459168530898776007293695728101976069423 971696524237755227187061418202849911479124793990722597

-e

3546111024413075720565721818279258991983453502287537309310893932754639165444566268942 4541509610783446577840953237318712531855461472259930179152891621283936812106603554100 8808261534500586023652767712271625785204280964688004680328300124849680477105302519377 370092578107827116821391826210972320377614967547827619

10.16进制转字符串

11.RSA题⽬总结

已知p,q,e,c四个参数：

from Crypto.Util.number import*

import gmpy2

import binascii

import hashlib

import base64

p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee 1ed9

q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9 119307

e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1 c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e5250 94c41

c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad 15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed2 3c386bb520

pvi=(p-1)*(q-1)

n=q*p

d=gmpy2.invert(e,pvi)

print binascii.unhexlify(hex(pow(c,d,n))[2:])aaaaaaaaaaaaaaaaaa

注意⼀下压缩包的⽂件头PK：

已知RSA的公钥和密⽂，直接使⽤solve.py 解密

python solve.py -k ./cry200/key.pem --decrypt ./cry200/cipher.bin

本文发布于:2024-09-21 01:38:03，感谢您对本站的认可！

本文链接：https://www.17tex.com/tex/2/360176.html

上一篇：ApacheShiro1.2.4反序列化漏洞(CVE-2016-4437)

下一篇：《编译原理》课后习题答案第三章第3章文法和语言第1