CTF密码学部分知识总结(⼀)
⽬录
openssl 解密RSA⼀般步骤
步骤:
①使⽤ openssl 解密.pem 中参数 --> ②参数⼗六进制转换为⼗进制 --> ③ 利⽤ factor 对⼤整数进⾏分解,得到 p 和 q --> ④⽤ rsatool ⽣成私钥⽂件: private.pem --> ⑤⽤ private.pem 解密
①使⽤ openssl 解密.pem 中参数。
Openssl 是 linux ⾃带的⼀个加密库,可以直接使⽤。
openssl rsa-pubin-text-modulus-in warmup-in./Normal_RSA/pubkey.pem
②参数⼗六进制转换为⼗进制 Python ⽀持直接将 16 进制转换为 10 进制 Linux 下进⼊ python 命令⾏ 0x
C2636AE5C3D8E43FFB97AB09028F1AAC6C0BF6CD3D70EBCA281BFFE97FBE30DD
也可使⽤python solve.py -g --dumpkey --key ../exercise/rsa-2/public.pem,得到的n直接是⼗进制的,可以省略步骤1和2
③,得到 p 和 q :
p= 275127860351348928173285174381581152299
q= 319576316814478949870590164193048041239
④⽤ rsatool ⽣成私钥⽂件: private.pem
python rsatool.py -o private.pem -e 65537-p 275127860351348928173285174381581152299-q 319576316814478949870590164193048041239
⑤⽤ private.pem 解密 :
openssl rsautl-decrypt-in./Normal_-inkey./private_1.pem
成功获取flag,这种⽅法⽐较啰嗦,作为⽤来弥补solve.py⽆法获取完整flag的情况,接下来总结常⽤的各种密码学解密⽅法:
1.凯撒密码(Caesar)
#-*-coding=utf-*-
def caesar(cipher):
for j in range(26):
str_list=list(cipher)
i=0
while i<len(cipher):
if not str_list[i].isalpha():
unicode在线工具str_list[i]=str_list[i]
else:
a="A"if str_list[i].isupper()else"a"
str_list[i]=chr((ord(str_list[i])-ord(a)+j)%26+ord(a))
i=i+1
print(''.join(str_list))
if__name__=='__main__':
cipher="oknqdbqmoq{kag_tmhq_xqmdzqp_omqemd_qzodkbfuaz}"
caesar(cipher)
2.摩斯密码在线解密
#!/usr/bin/python
#-*-coding=utf-*-
table={'a':".-",'b':"-...",'c':"-.-.",'d':"-..",'e':".",'f':"..-.",'g':"--.",
'h':"....",'i':"..",'j':".---",'k':"-.-",'l':".-..",'m':"--",'n':"-.",
'o':"---",'p':".--.",'q':"--.-",'r':".-.",'s':"...",'t':"-",'u':"..-",
'v':"...-",'w':".--",'x':"-..-",'y':"-.--",'z':"--..",
'0':'-----','1':'.----','2':'..---','3':'...--','4':'....-',
'5':'.....','6':'-....','7':'--...','8':'---..','9':'----.',
',':'--..--','.':'.-.-.-',':':'---...',';':'-.-.-.',
'?':'..--..','=':'-...-',"'":'.----.','/':'-..-.',
'!':'-.-.--','-':'-....-','_':'..--.-','(':'-.--.',
')':'-.--.-','$':'...-..-','&':'. . . .','@':'.--.-.'}
def morse(cipher):
msg=''
codes=cipher.split(' ')
for code in codes:
if code=='':
msg+=' '
else:
UNCODE=dict(map(lambda t:(t[1],t[0]),table.items()))
msg+=UNCODE[code]
return msg
if__name__=='__main__':
#file=open(r'D:\CTF\攻防世界\','r')
#ad()
cipher="11 111 010 000 0 1010 111 100 0 00 000 000 111 00 10 1 0 010 0 000 1 00 10 110"
place('1','-')
place('0','.')
plaintext=morse(cipher)
print(plaintext)
3.unicode在线解码
ASC2码如下
Unicode特征如下:
最后解码到这⾥之后不会解码了
/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/1 19/111/114/108/100
照搬⼤神的程序
# a = open(','r')
# s = a.read()
s="JiM4NDsmIzEwNzsmIzExODsmIzc3OyYjODQ7JiM2OTsmIzEyMDsmIzc2OyYjMTIyOyYjNjk7JiMxMjA7JiM3ODsmIzY3OyYjNTY7JiMxMjA7JiM3NzsmIzY 4OyYjMTAzOyYjMTE4OyYjNzc7JiM4NDsmIzY1OyYjMTE5Ow=="
# base64解密⼀下
b = base64.b64decode(s).decode('ascii')
# 对解密后的字符串进⾏处理
b = b.strip('&#;')
c = []
c = b.split(';&#')
# unicode解密
d = ''
for i in c:
d += chr(int(i))
# base64再次解密
e = base64.b64decode(d).decode('ascii')
# 对字符进⾏处理
e = e.strip('/')
f = []
f = e.split('/')
# 转化为ascii码
flag =''
for i in f:
flag += chr(int(i))
print('flag is ',flag)
4.栅栏密码在线解密
5.培根密码在线解密
# !/usr/bin/python
# -*- coding=utf -*-
import re
table = {'a': 'aaaaa', 'b': 'aaaab', 'c': 'aaaba', 'd': 'aaabb', 'e': 'aabaa', 'f': 'aabab', 'g': 'aabba',
'h': 'aabbb', 'i': 'abaaa', 'j': 'abaab', 'k': 'ababa', 'l': 'ababb', 'm': 'abbaa', 'n': 'abbab',
'o': 'abbba', 'p': 'abbbb', 'q': 'baaaa', 'r': 'baaab', 's': 'baaba', 't': 'baabb', 'u': 'babaa',
'v': 'babab', 'w': 'babba', 'x': 'babbb', 'y': 'bbaaa', 'z': 'bbaab'}
def bacon(cipher):
msg = ''
codes = re.findall(r'.{5}', cipher)
for code in codes:
if code == '':
msg += ' '
else:
UNCODE = dict(map(lambda t: (t[1], t[0]), table.items()))
msg += UNCODE[code]
return msg
if __name__ == '__main__':
cipher = 'AAAAABAABBBAABBAAAAAAAABAABABAAAAAAABBABAAABBAAABBAABAAAABABAABAAABBABAAABAAABAABABBAABBBABAAABABABB AAABBABAAABAABAABAAAABBABBAABBAABAABAAABAABAABAABABAABBABAAAABBABAABBA'
# cipher = cipher.upper()
cipher = cipher.lower()
plaintext = bacon(cipher)
print(plaintext)
6.python反编译⼯具uncompyle
python的.pyc⽂件,⼤致可以理解为python程序编译后得到的⽂件。可以下载uncompyle库后使⽤uncompyle6将easychallenge.pyc反编译成py⽂件。
uncompyle6easychallenge.pyc>easychallenge.py
7.Easy-RSA
python solve.py--verbose--private-N2135733555619387051-e17-p473398607161-q4511491
得到的d值就是FLAG
python solve.py--verbose-k examples/jarvis_oj_mediumRSA/pubkey.pem--decrypt examples/jarvis_oj_
8.将ASC码值转换成字符
import re
r="/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/119/111/114/108/100"
r=re.split("/",r)
flag=""
for i in range(1,len(r)):
flag=flag+chr(int(r[i]))
print flag
9.RSA共模攻击
import gmpy2
def ByteToHex( bins ):
return ''.join( [ "%02X" % x for x in bins ] ).strip()
def n2s(num):
t = hex(num)[2:]
if len(t) % 2 == 1:
t = '0'+ t
return ''.join([chr(int(b, 16)) for b in [t[i:i+2] for i in range(0, len(t), 2)]])
n = 0x00b0bee5e3e9e5a7e8d00b493355c618fc8c7d7d03b82e409951c182f398dee3104580e7ba70d383ae5311475656e8a964d380cb157f48c951adfa65 db0b122ca40e42fa709189b719a4f0d746e2f6069baf11cebd650f14b93c977352fd13b1eea6d6e1da775502abff89d3a8b3615fd0db49b88a976bc20568489
284e181f6f11e270891c8ef80017bad238e363039a458470f1749101bc29949d3a4f4038d463938851579c7525a69984f15b5667f34209b70eb261136947fa 123e549dfff00601883afd936fe411e006e4e93d1a00b0fea541bbfc8c5186cb6220503a94b2413110d640c77ea54ba3220fc8f4cc6ce77151e29b3e06578c47 8bd1bebe04589ef9a197f6f806db8b3ecd826cad24f5324ccdec6e8fead2c2150068602c8dcdc59402ccac9424b790048ccdd9327068095efa010b7f196c74b a8c37b128f9e1411751633f78b7b9e56f71f77a1b4daad3fc54b5e7ef935d9a72fb176759765522b4bbc02e314d5c06b64d5054b7b096c601236e6ccf45b5e6 11c805d335dbab0c35d226cc208d8ce4736ba39a0354426fae006c7fe52d5267dcfb9c3884f51fddfdf4a9794bcfe0e1557113749e6c8ef421dba263aff68739c e00ed80fd0022ef92d3488f76deb62bdef7bea6026f22a1d25aa2a92d124414a8021fe0c174b9803e6bb5fad75e186a946a17280770f1243f4387446ccceb22 22a965cc30b3929
e1 = 17
e2 = 65537
s = dext(e1,e2)    #dext(e1,e2)的运⾏结果为元组(mpz(1), mpz(30841), mpz(-8)),所以元组的第0个值不能取,第1个值才是s1,第2个值由于是负数,所以要取反,变为正数
s1 = s[1]
s2 = -s[2]
file1 = open("E:/04 CTF/i春秋/ISC2016训练赛——phrackCTF/Crypto-very hard RSA/veryhardRSA/fl
<1" ,'rb').read()
c1 = int(ByteToHex(file1),16)
file2 = open("E:/04 CTF/i春秋/ISC2016训练赛——phrackCTF/Crypto-very hard RSA/2" ,'rb').read()
c2 = int(ByteToHex(file2),16)
c2 = gmpy2.invert(c2, n)        #由于根据前⾯的运算,s1是正数,s2是负数,后⾯需要运算c2的s2次幂。因为在数论模运算中,要求⼀个数的负数次幂,与常规⽅法并不⼀样,⽐如此处要求c2的s2次幂,就要先计算c2的模反元素c2r,然后求c2r的-s2次幂。
m = (pow(c1,s1,n) * pow(c2 , s2 , n)) % n
print(n2s(m))
这样⼦很⿇烦,⽤libnum库⾃带的n2s和s2n函数来代替代码⾥的n2s和ByteToHex函数,这⾥附上⼀个简单的将公钥加密的⽂本转换成数字的⼩程序:
import libnum
f=open("1",'rb')
c1=libnum.ad())
print(c1)
得到c的数值表⽰后我们配置好参数⽂件直接使⽤下⾯的脚本解密得到flag
python solve.py  -i ../exercise/veryhardRSA/
10.Wiener’s attack的条件
e很⼤的,d可能就会⽐较⼩,可能会满⾜Wiener’s attack的条件
Wiener’s attack
python solve.py--verbose--private-i examples/
或者通过命令⾏,只要指定对应参数就⾏了
python solve.py --verbose --private -N
4606578138842896098963720565855441724853181170262462638997443292374927018206272195560 0778820059011913617389598900138215153600685382332638289236314360431451868638878600298 9248800814861248595075326277099645338694977097459168530898776007293695728101976069423 971696524237755227187061418202849911479124793990722597
-e
3546111024413075720565721818279258991983453502287537309310893932754639165444566268942 4541509610783446577840953237318712531855461472259930179152891621283936812106603554100 8808261534500586023652767712271625785204280964688004680328300124849680477105302519377 370092578107827116821391826210972320377614967547827619
10.16进制转字符串
11.RSA题⽬总结
已知p,q,e,c四个参数:
from Crypto.Util.number import*
import gmpy2
import binascii
import hashlib
import base64
p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee 1ed9
q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9 119307
e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1 c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e5250 94c41
c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad 15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed2 3c386bb520
pvi=(p-1)*(q-1)
n=q*p
d=gmpy2.invert(e,pvi)
print binascii.unhexlify(hex(pow(c,d,n))[2:])
注意⼀下压缩包的⽂件头PK:
已知RSA的公钥和密⽂,直接使⽤solve.py 解密
python solve.py -k ./cry200/key.pem --decrypt ./cry200/cipher.bin

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。