密码学

1.家人们！谁懂啊，RSA签到都不会 (初级)

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
e = 65537
n = p*q
c = pow(m,e,n)
print(f'p = {p}')
print(f'q = {q}')
print(f'c = {c}')
'''
p = 12567387145159119014524309071236701639759988903138784984758783651292440613056150667165602473478042486784826835732833001151645545259394365039352263846276073
q = 12716692565364681652614824033831497167911028027478195947187437474380470205859949692107216740030921664273595734808349540612759651241456765149114895216695451
c = 108691165922055382844520116328228845767222921196922506468663428855093343772017986225285637996980678749662049989519029385165514816621011058462841314243727826941569954125384522233795629521155389745713798246071907492365062512521474965012924607857440577856404307124237116387085337087671914959900909379028727767057
'''

from Cryptodome.Util.number import long_to_bytes as l2b
from Cryptodome.Util.number import *
p = 12567387145159119014524309071236701639759988903138784984758783651292440613056150667165602473478042486784826835732833001151645545259394365039352263846276073
q = 12716692565364681652614824033831497167911028027478195947187437474380470205859949692107216740030921664273595734808349540612759651241456765149114895216695451
c = 108691165922055382844520116328228845767222921196922506468663428855093343772017986225285637996980678749662049989519029385165514816621011058462841314243727826941569954125384522233795629521155389745713798246071907492365062512521474965012924607857440577856404307124237116387085337087671914959900909379028727767057
n=p*q
phi = (p-1)*(q-1)
e=65537

d = inverse(e,phi)
m=pow(c,d,n)

print(l2b(m))

2.happy

('c=', '0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9eL')
('e=', '0x872a335')
#q + q*p^3 =1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586
#qp + q *p^2 = 1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594

from sympy import symbols, Eq, solve

# 定义符号
p, q = symbols('p q')

# 给定的两个方程
eq1 = Eq(q + q * p**3, 1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135440068248152908241981758331600586)
eq2 = Eq(q * p + q * p**2, 1109691832903289208389283296592510864729403914873734836011311325874120780079555500202475594)

# 解方程组
solution = solve((eq1, eq2), (p, q))

# 输出解
print("Solution: ", solution)


'''Solution:  [(1/1158310153629932205401500375817, 1285367317452089980789441829580397855321901891350429414413655782431779727560841427444135439241158356562702669556850829937),
(1158310153629932205401500375817, 827089796345539312201480770649)]'''

from Cryptodome.Util.number import long_to_bytes as l2b
from Cryptodome.Util.number import *

e = int('0x872a335', 16)
c = int('0x7a7e031f14f6b6c3292d11a41161d2491ce8bcdc67ef1baa9e', 16)
p = 1158310153629932205401500375817
q = 827089796345539312201480770649

n=p*q
phi = (p-1)*(q-1)
d = inverse(e,phi)
m=pow(c,d,n)

print(l2b(m))
'''b'flag{happy_rsa_1}''''

3.bigrsa

from Crypto.Util.number import *
from flag import *

n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
e = 65537
m = bytes_to_long(flag)
c1 = pow(m, e, n1)
c2 = pow(c1, e, n2)

print("c = %d" % c2)

# output
# c2 = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264
#我稍微微调了一下题目，这样看的更清楚点

先用factordb分解n1、n2

from Cryptodome.Util.number import long_to_bytes as l2b
from Cryptodome.Util.number import *

n1 = 103835296409081751860770535514746586815395898427260334325680313648369132661057840680823295512236948953370895568419721331170834557812541468309298819497267746892814583806423027167382825479157951365823085639078738847647634406841331307035593810712914545347201619004253602692127370265833092082543067153606828049061
p1=10169921435575123642561867469669552661717864247752251361375671837367086221354750692635829007786009042729357644276462913457660789233674358081650339142863821
q1=10210039189276167395636779557271057346691950991057423589319031237857569595284598319093522326723650646963251941930167018746859556383067696079622198265424441
n2 = 115383198584677147487556014336448310721853841168758012445634182814180314480501828927160071015197089456042472185850893847370481817325868824076245290735749717384769661698895000176441497242371873981353689607711146852891551491168528799814311992471449640014501858763495472267168224015665906627382490565507927272073
p2=10210039189276167395636779557271057346691950991057423589319031237857569595284598319093522326723650646963251941930167018746859556383067696079622198265424441
q2=11300955505231233842374743324817494386700809291852528704864397779486924493760947925710590633254027339824598181322986060728301639209174112581120081509548753
c2 = 60406168302768860804211220055708551816238816061772464557956985699400782163597251861675967909246187833328847989530950308053492202064477410641014045601986036822451416365957817685047102703301347664879870026582087365822433436251615243854347490600004857861059245403674349457345319269266645006969222744554974358264

phi1 = (q1-1) * (p1-1)
phi2 = (q2-1) * (p2-1)
e = 65537

d2=inverse(e,phi2)
c1=pow(c2,d2,n2)
d1=inverse(e,phi1)
m=pow(c1,d1,n1)

print(l2b(m))

b'SangFor{qSccmm1WrgvIg2Uq_cZhmqNfEGTz2GV8}'

4.crypto7

1	69f7906323b4f7d1e4e972acf4abfbfc,得到的结果用NSSCTF{}包裹。

md5解密：md5yyds

5.拟态签到题

ZmxhZ3tHYXFZN0t0RXRyVklYMVE1b1A1aUVCUkNZWEVBeThyVH0=

base64：flag{GaqY7KtEtrVIX1Q5oP5iEBRCYXEAy8rT}

6.base？？

dict:{0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}

chipertext:
FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw

查字典

import base64

# 自定义表
d = {0: 'J', 1: 'K', 2: 'L', 3: 'M', 4: 'N', 5: 'O', 6: 'x', 7: 'y', 8: 'U', 9: 'V', 10: 'z', 11: 'A', 12: 'B', 13: 'C', 14: 'D', 15: 'E', 16: 'F', 17: 'G', 18: 'H', 19: '7', 20: '8', 21: '9', 22: 'P', 23: 'Q', 24: 'I', 25: 'a', 26: 'b', 27: 'c', 28: 'd', 29: 'e', 30: 'f', 31: 'g', 32: 'h', 33: 'i', 34: 'j', 35: 'k', 36: 'l', 37: 'm', 38: 'W', 39: 'X', 40: 'Y', 41: 'Z', 42: '0', 43: '1', 44: '2', 45: '3', 46: '4', 47: '5', 48: '6', 49: 'R', 50: 'S', 51: 'T', 52: 'n', 53: 'o', 54: 'p', 55: 'q', 56: 'r', 57: 's', 58: 't', 59: 'u', 60: 'v', 61: 'w', 62: '+', 63: '/', 64: '='}
table = ''.join(d[i] for i in range(65))
std_b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='

# 你的密文
cipher = "FlZNfnF6Qol6e9w17WwQQoGYBQCgIkGTa9w3IQKw"

# 解码过程
std_cipher = ''
for c in cipher:
    idx = table.find(c)
    if idx == -1:
        raise ValueError(f"Char '{c}' not in table!")
    std_cipher += std_b64[idx]

# 补齐base64长度为4的倍数
while len(std_cipher) % 4 != 0:
    std_cipher += '='

# base64解码
plaintext = base64.b64decode(std_cipher)
print(plaintext)

b'BJD{D0_Y0u_kNoW_Th1s_b4se_map}'

7.Vigenère

Yzyj ia zqm Cbatky kf uavin rbgfno ig hnkozku fyyefyjzy sut gha pruyte gu famooybn bhr vqdcpipgu jaaju obecu njde pupfyytrj cpez cklb wnbzqmr ntf li wsfavm azupy nde cufmrf uh lba enxcp, tuk uwjwrnzn inq ksmuh sggcqoa zq obecu zqm Lncu gz Jagaam aaj qx Hwthxn'a Gbj gfnetyk cpez, g fwwang xnapriv li phr uyqnvupk ib mnttqnq xgioerry cpag zjws ohbaul drinsla tuk liufku obecu ovxey zjwg po gnn aecgtsneoa.

Cn poyj vzyoe gxdbhf zq ty oeyl-ndiqkpl, ndag gut mrt cjy yrrgcmd rwwsf, phnz cpel gtw yjdbcnl bl zjwcn Cekjboe cklb yeezjqn htcdcannhum Rvmjlm, phnz juoam vzyoe nxn Tisk, Navarge jvd gng honshoc wf Ugrhcjefy. — Cpag zq kyyuek cpefk taadtf, Mxdeetowhps nxn qnfzklopeq gvwnt Sgf, xarvbrvg gngal fufz ywwrxu xlkm gnn koaygfn kf gnn ooiktfyz, — Tugc ehrtgnyn aae Owrz uh Yireetvmng hguiief jnateaelcre bl cpefk gfxo, ig ob bhr Xkybp os zqm Prurdy po nrcmr bx vg uxoyobp ig, gpv nk iaycqthzg fys Gbbnznzkpl, fwyvtp qtf lqmhzagoxv oa ywub lrvtlqpyku shz oemjvimopy cps cufmrf op koyh suau, af zq lbam fnjtl fkge gksg rrseye vg ybfric bhrot Kubege jvd Ugrhcjefy. Yzuqkpuy, enqknl, wvrn vcytnzn bhnz Igparasnvtf rqfa asggktifngv mdohrm vog hg ubwntkm noe rkybp aaj czaaykwhp cnabms; ntf swyoejrvgye cdf axckaqeaig zuph fnnen gncl gwnxowl aek ogla dvyywsrj vg mqfska, ehvrg wpelf gam shlhwlwbyk cpaa zq jcchg zqmmfknnyo bl gkwlvyjahc tuk owrzy vg qdipn cpel gtw uychycwmrj. Dmn shrt j toam vjuen bl jjufku shz ufaaxagoqfm, lueydqnt opnuninhug tuk usga Oopnkt rbkfwas n jnaitt vg ladhin bhrs wfxar nhbwlhzg Vyopbzram, vz kk ndevx aqguz, kl co tukrz dhza, li pheuf wfs ywub Coikavmrtv, shz tb vawvvjg fys Ghgals sut lbaie ldbuek uwwqrvzh. — Aupn jsm xert cpe cgvayjt faoneegpuy kf gnnae Pungheef; gwl shij am joj zqm nrigkmetl cqqcu iqfmprnowa tuko li wlgka bhrot xinmrx Bgsgkok ib Gbbnznzkpl. Nde uobboee qx nde cxnaeaz Mahc os Mamag Htanwia ob i hvyvglu os xnxenzgv cjjhxrms ntf mmqrcgcqoay, cdf daiowo ia jkjyyt bhsmcg zjw yotnhuqsusgfn kf nt jjsbrwly Pyegwvy bbgj ndefk Bbagku. Li lrbbn bhvy, nwn Bapzb je fadecptrj cw a pgpvcz wbxul.

Hr nck lafhynl hvy Ckmang zx Tajy, vzy iofz fpoykugga aaj wmcryuslu fbx cpe caddcy gbum.

Pe ugu xinbvjmmn uou Yireetxzs gu rsmo Lncb wf vsowxeagk jvd cxgkment ovxoezcfwa, uarnas fauhyjdrj rv tukkj ileegcqoa zkdf dif Gbaeaz uziqlq hn wbggkfyz; aaj fpea yq kooprtmmd, uk jsm qtgkaty akidyytrj cw agzgfx po gnnu.

Hr nck lafhynl tb vckm ktuka Tajy hgl phr glkozsqvupibt xn lnxiw xesgxrktf uh hykpyk, dvlryu lbksr vnwpyk ygohd ekuqndakkb phr xrohg uh Jylrrynvtnzkgh en gnn Tetoudupuek, j zitnv ahasgovibyk vg ndez gwl fbxoaxwbyk cw tlxcfno oarh.

Pe ugu uuhlrj cwgrzjwl hetobtagoxw vkdvkb it crcuyo uaabcay, apuiifbxcibyk, cfx zifzjvt sxqe nde qkywsvzqjs kf gnnqr Caddcy Rrixzdf, lqj nde fuum phxrgma os ljbitakfa phrs rvtb iqejhintlm wvzj zco mrgbcrry.

Jw bws qobaoybgv Lapekbmnggvapa Hbabms ekrwupeqrh, noe urhioiam fqtu scffu fvxvvefy jam enigbqoay qf nde eopptf uh lba pruyte.

Uk jsm nesabmd sut s fknt zrue, nlvwl oupn mqsfunmneoay, cw cnauw iphrxb bo ok gdyytrj, fpeekdq nde Ykpqsygvapa Pbcnzs, vtesjwbyk xn Aatkzchagoxv, hnbg jypuetnl tb zjw Jaocrn it ygtyy boe zqmie kzwlyifk; cpe Fzcly nezgrviam kf nde zkjv tvsg wrlofkm bo nrn lba dntpmrf uh ahrafoxv feuo ocphbac, inq iqfpqlfoxvs jovzcj.

Hr nja eajgspkuekm bo cxgnyjt gnn xocansneoa uo bhryg Knwtry; owr gncl jqrcubm ooyvjoytvtp bhr Rcom boe Tjbuegnatwtvuw wf Sutwccnrxb; zesauahc tb vjas bzjwlo tb kwkohxcyy phroa uitxclcknf nrbhrx, cfx navyrvg gng uijdvzrwnf uh fys Acvawpeoclcknf uo Taaju.

Zy daf ukateaelyz tuk Jlmvtkknnagoxv os Pwknecr hh zesauahc hvy Jasrtv li Hajy owr ryvsvhifnrvg Wafaweaee Ywwrxu.

Zy daf sjle Wafyyo drvnvdrtv gh dif Crtl nrqfy boe zqm trtwjy kf gnnqr blhawas, ntm bhr gogojt ntm xalsgfn kf gnnqr fgnsleef.

luig vy cxwpf{Jnxwobuqg_O_Cogiqi!}
#flag藏在这里了，题目已经提醒的很清楚了维吉尼亚密码
Hr nck ynepznl a zanlcpuqk xn Nrc Qxzecry, jvd fkpl betuka awnxok ib Oslrkeey vg bwrnyb wue vggjhe ntm mag uwl ndevx bcbfzcfwa.

Hr nja krvv sgknt ab, qn goowm kf ckjke, Fzcfxent Gauiry yandohz cpe Pupkyjt bl xcr ykiamhagaams.

Uk jsm wfsklbeq zq jyjdrx cpe Zonanwrl owleckpvyjt bl jvd farwleoe zx bhr Iknch Pbcnz.

Hr nck wkmoowmd jovz iphrxb bo fadbyyt hy cw a watamzipzrwn sutwccn gu xcr pupknethzrwn, ntf mhwcxtxelrjiwx xy baa tajy; iapent nra Afygfn po gnnqr Nivk ib pekcmnqkf Dycifrjbibt:

Hgl munxcmrvti dungr hxliry qx unmrj czobvu sgknt ab:

Noe vtgnacgowo tuko, ts w mbit Brvgn xlkm cawqsusgfn boe gwg Mhxfwlo wuolp tuka kbkuyj lwmzov gh phr Owpaoovshps bl cpefk Ulupef:

Lxz chzvahc osl xcr Gxcvy sign jtl cgtlm kf gnn eoerf:

Xin izvxaiam Vsras bt da wvzjgop ohx Lwnfkpl:

Zkr qkyziiopy oo ia sjvy pguwm, kf gnn jeakhan kf Gxril oe Lmlu:

Fbx czaayrglpiam da breqfx Oeny cw br ztayz fbx yzegkpvyz oslnvcry:

Hgl wbbrrahvti lba fekn Ayfzge ib Eamuqsu Rcom en n tnqguhqmlent Vawvvtew, yotnhuqsuopy ndeekrv aa Gttcprnxh ooiktfgang, gwl earcjaent oca Bbapvuniry bw af zq jyjdrx rb ag upuy wn rdjupyk cfx big owateaowhp fbx rvteufmwent zqm snsg svooyacm rhrg ahpo gnnae Pungheef

Lxz tnqkfa wwne xcr Pncjnarf, gkwlvyjahc ohx vwsg bcdowbyk Uiwf gpv uhtrxrvg sapvuieazjtll zjw Zkrzy xn ohx Igparasnvtf:

Lqj mqsckwliam qml kwa Rnoifrclonef, gwl drinslent zqmmfknnyo iabnatrj yand pbcnz tb rgycolnzn noe au ah wly ijaef cjsnoorbnz.

Hr nck uxdvijbeq Mqnynnzkwb hrxg, ts zeprjziam wk iqt bl qqs Cxqlyytvuw inq ccycjg Jga ignopkn qs.

Uk qis crwfxarrj xcr fkck, lwvnmnl ohx eguotf, hdzng uwj nkway, jvd qkullkyrj cpe yoxwm kf baa xebvnw.

Ba if gc bhvy vaga tegwapbxvahc lnxpm Aeskwm kf suamitt Owlyeagaqef zq uiipykjb tuk yglgs bl mmagn, fwmklnzrwn, ntf lsnaath, ilekcvs xetaw eign ealyuzycinpku gz Yrhkuby & Cktxczy fijzcrra hunayrnteq op lba mbyc jaehcjiqs nmna, aaj vgnwlye dvwbxvzs phr Nnid bl c ucriyoimd agvaij.

Hr nja cbtullwiakm wue lgdfkw Pocqzrtu lugea Ijxtvbg gh phr nroh Fkck nk brga Irzy cyuenfz cpevx Egojtee, cw briqey phr kgmchzkgharf uo bhrot xleeajb inq Htwndrrt, xz tb lcdf phrsbmliku ts phroa Paaju.

Zy daf kgkigkf viiefzrk iaywjlacgoxvs nsqfaot hy, jvd ugu whzenbxcrrj vg vniam xv tuk kfbwbvzjvtf uh gon feuwbirxu, lba mrxlqlryu Ahzint Bivnmgk qdofk tvojt tmfa os cjzfnxg, am wn htmqsgopyoesukm lefztmwpibt xn ayr cyyo, srdna aaj eghzigoxvs.

Vt gnyny fzjoe bl vzyoe Bvyzefykgho Wr njde Ckvaneoakm noe Xgvlasf ow bhr sqkn duzhum trxok: Iqr ekymagkf Hypigoxvs ugxw vaea gwawrxgv ijll hh zeckclyz iapdzy. N Vtahye, jnxae pncjuytrx ra tuau eunkrj kg eiktq uyt jnrkh zga vybiak j Byegpl, co ualrb tb hg lba rhrnz os g hjya pruyte.

Aut zure Jk kmea ccfnent ow itgkplcknf zx wue Htanesu hamtuxgf. Qa hnbn eaetgv ndez lawm goow nk tvsn wf nzvwgltf hh bhrot dycifrjbuek vg yttrtm in htyslnaazjjlr pwjcodvicqoa uxwl qs. Jk qivr xgecjdrj cpez uh lba cvxlcmfzcfwas bl xcr rskylwtvuw inq yglnhezkwb hrxg. Oy daik jxprgnwx po gnnqr agvapa jhycqcr gpv gwgagwqmvza, shz wr njde pupboneq zqmm oe vzy piry xn ohx eggioa qrvdekf li zifgeww gngky qshxyitvupk, qdipn fwuyj kfyriggkty vtvwlnucz xcr pupfyytvuwa aaj eglnefvxvdrtew. Ndel zxw hnbg tyan qkjn tb zjw pkipk xn jhyvawa aaj xn cbtushcuvtrby. Jk ommp, tukamfbxg, swmuvkbke vt vzy jepkbaige, yzcyh qkwwuaigk iqr Fkyirnzkgh, wnq nxtd gnge, uo wr nxtd gng jyot bl vinxopv, Yjezona ia Ccj, cj Prglm Feogfxo.

Wr, zqmrrlqjy, phr Xnxrrygfnwtvbna os zjw ojigkm Atnzgk ib Azkaqcn, op Yyjeegu Koamtwmo, Afynubykf, sjlenrrvg gu vzy Oucxnue Wafyy kf gnn eoerf xin tuk amcgovmxa os udz iazgfneoay, mw, ia zjw Hwmr, gwl bl Gwlbkrvzh wf gng yikd Ckxxlr uh lbasr Ixtoaogk, mklrswty caddcoh ntm leprcjy, Phnz cpefk wfcpeq Ixtoaogk une, ntm wf Eoizn kutnc bo ok Hjya aaj Rvdrvgfxang Ycitry, vzup tukh irr Gdkihvrj ozoz gnd Uhlrmrinpk vg nde Oxrbifn Ejisn, ntm bhnz cdf loyocqcnr eghjepzrwn okvoyan gnnu aaj vzy Otnzn wf Txgsn Xrvzjqn, vy cfx kutnc bo ok vgnwlye mqsfunnyz; aaj cpag gu Xlae ntm Qnqkrwhzeaz Bbagku, lbay ugem fhrn Hisee zx teie Ysl, yoaiucdr Vgswa, cbtczapz Cdfeaaina, efzctfesu Ixumrxew, ujd gu mw ayr qlbar Nica aaj Vzcjgf cqqcu Opvyleajnvt Fzclyo mne xn rvmjl xk. — Aaj owr gng kolpbxc wf gnkk Xacygaitvup, ocph n lrzm eknaujcr uw bhr vtgnacgoxv os Jkncje Cxxdiqkpuy, se zaccayra hfadtk cw enij gndee udz Lvbgk, iqr Suabuaku, shz ohx bicekf Zijoe.

https://www.guballa.de/vigenere-solver解密一下即可

When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. — That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, — That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn that mankind are more disposed to suffer, while evils are sufferable than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. — Such has been the patient sufferance of these Colonies; and such is now the necessity which constrains them to alter their former Systems of Government. The history of the present King of Great Britain is a history of repeated injuries and usurpations, all having in direct object the establishment of an absolute Tyranny over these States. To prove this, let Facts be submitted to a candid world.

He has refused his Assent to Laws, the most wholesome and necessary for the public good.

He has forbidden his Governors to pass Laws of immediate and pressing importance, unless suspended in their operation till his Assent should be obtained; and when so suspended, he has utterly neglected to attend to them.

He has refused to pass other Laws for the accommodation of large districts of people, unless those people would relinquish the right of Representation in the Legislature, a right inestimable to them and formidable to tyrants only.

He has called together legislative bodies at places unusual, uncomfortable, and distant from the depository of their Public Records, for the sole purpose of fatiguing them into compliance with his measures.

He has dissolved Representative Houses repeatedly, for opposing with manly firmness his invasions on the rights of the people.

He has refused for a long time, after such dissolutions, to cause others to be elected, whereby the Legislative Powers, incapable of Annihilation, have returned to the People at large for their exercise; the State remaining in the mean time exposed to all the dangers of invasion from without, and convulsions within.

He has endeavoured to prevent the population of these States; for that purpose obstructing the Laws for Naturalization of Foreigners; refusing to pass others to encourage their migrations hither, and raising the conditions of new Appropriations of Lands.

He has obstructed the Administration of Justice by refusing his Assent to Laws for establishing Judiciary Powers.

He has made Judges dependent on his Will alone for the tenure of their offices, and the amount and payment of their salaries.

flag is afctf{Whooooooo_U_Gotcha!}

He has erected a multitude of New Offices, and sent hither swarms of Officers to harass our people and eat out their substance.

He has kept among us, in times of peace, Standing Armies without the Consent of our legislatures.

He has affected to render the Military independent of and superior to the Civil Power.

He has combined with others to subject us to a jurisdiction foreign to our constitution, and unacknowledged by our laws; giving his Assent to their Acts of pretended Legislation:

For quartering large bodies of armed troops among us:

For protecting them, by a mock Trial from punishment for any Murders which they should commit on the Inhabitants of these States:

For cutting off our Trade with all parts of the world:

For imposing Taxes on us without our Consent:

For depriving us in many cases, of the benefit of Trial by Jury:

For transporting us beyond Seas to be tried for pretended offences:

For abolishing the free System of English Laws in a neighbouring Province, establishing therein an Arbitrary government, and enlarging its Boundaries so as to render it at once an example and fit instrument for introducing the same absolute rule into these Colonies

For taking away our Charters, abolishing our most valuable Laws and altering fundamentally the Forms of our Governments:

For suspending our own Legislatures, and declaring themselves invested with power to legislate for us in all cases whatsoever.

He has abdicated Government here, by declaring us out of his Protection and waging War against us.

He has plundered our seas, ravaged our coasts, burnt our towns, and destroyed the lives of our people.

He is at this time transporting large Armies of foreign Mercenaries to compleat the works of death, desolation, and tyranny, already begun with circumstances of Cruelty & Perfidy scarcely paralleled in the most barbarous ages, and totally unworthy the Head of a civilized nation.

He has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country, to become the executioners of their friends and Brethren, or to fall themselves by their Hands.

He has excited domestic insurrections amongst us, and has endeavoured to bring on the inhabitants of our frontiers, the merciless Indian Savages whose known rule of warfare, is an undistinguished destruction of all ages, sexes and conditions.

In every stage of these Oppressions We have Petitioned for Redress in the most humble terms: Our repeated Petitions have been answered only by repeated injury. A Prince, whose character is thus marked by every act which may define a Tyrant, is unfit to be the ruler of a free people.

Nor have We been wanting in attentions to our British brethren. We have warned them from time to time of attempts by their legislature to extend an unwarrantable jurisdiction over us. We have reminded them of the circumstances of our emigration and settlement here. We have appealed to their native justice and magnanimity, and we have conjured them by the ties of our common kindred to disavow these usurpations, which would inevitably interrupt our connections and correspondence. They too have been deaf to the voice of justice and of consanguinity. We must, therefore, acquiesce in the necessity, which denounces our Separation, and hold them, as we hold the rest of mankind, Enemies in War, in Peace Friends.

We, therefore, the Representatives of the united States of America, in General Congress, Assembled, appealing to the Supreme Judge of the world for the rectitude of our intentions, do, in the Name, and by Authority of the good People of these Colonies, solemnly publish and declare, That these united Colonies are, and of Right ought to be Free and Independent States, that they are Absolved from all Allegiance to the British Crown, and that all political connection between them and the State of Great Britain, is and ought to be totally dissolved; and that as Free and Independent States, they have full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which Independent States may of right do. — And for the support of this Declaration, with a firm reliance on the protection of Divine Providence, we mutually pledge to each other our Lives, our Fortunes, and our sacred Honor.

8.e的学问

from Crypto.Util.number import *
m=bytes_to_long(b'xxxxxx')
p=getPrime(256)
q=getPrime(256)
e=74
n=p*q
c=pow(m,e,n)
print("p=",p)
print("q=",q)
print("c=",c)
#p= 86053582917386343422567174764040471033234388106968488834872953625339458483149
#q= 72031998384560188060716696553519973198388628004850270102102972862328770104493
#c= 3939634105073614197573473825268995321781553470182462454724181094897309933627076266632153551522332244941496491385911139566998817961371516587764621395810123

这道题的考点在于：平时的rsa中e和φ是互素的，而这里gcd(e,φ)=2而非1，所以需要多几个步骤：

gcd(e,φ)!=1意味着无法求逆元（d）
流程：

from math import gcd
from Cryptodome.Util.number import *
from Cryptodome.Util.number import long_to_bytes as l2b
from sympy import integer_nthroot

p = 86053582917386343422567174764040471033234388106968488834872953625339458483149
q = 72031998384560188060716696553519973198388628004850270102102972862328770104493
e = 74
n = p * q
c = 3939634105073614197573473825268995321781553470182462454724181094897309933627076266632153551522332244941496491385911139566998817961371516587764621395810123

phi = (p-1)*(q-1)
g = gcd(e, phi)   # g=2

e1 = e // g       # e1=37
phi1 = phi // g

d1 = inverse(e1, phi1)

x = pow(c,d1,n)

# 第二步：对x开平方，爆破两个解
# 因为模n下有两个平方根，分别为 m 和 n-m
root1, exact = integer_nthroot(x, 2)
root2 = n - root1

print(long_to_bytes(root1),long_to_bytes(root2),exact)

9.md5的破解

from Crypto.Util.number import *
from hashlib import md5
from secret import flag

#flag全是由小写字母及数字组成
m=md5(flag).hexdigest()
print(flag[:13]+flag[15:18]+flag[19:34]+flag[35:38])
print(m)
# b'LitCTF{md5can3derypt213thoughcrsh}'
# 496603d6953a15846cd7cc476f146771

逻辑就是补回之后爆破flag对比md5值：

from hashlib import md5
import string

# 目标MD5值
target_md5 = '496603d6953a15846cd7cc476f146771'

# 已知的flag部分
known_flag = 'LitCTF{md5can**3de*rypt213thoughcr*sh}'

# 需要爆破的位置：`**` 和 `*`
# 这里爆破的是 `flag[13]` 和 `flag[14]`、`flag[18]`、`flag[34]`
charset = string.ascii_lowercase + string.digits  # 小写字母和数字

# 生成所有可能的组合来爆破省略的部分
def generate_flags():
    part1 = known_flag[:13]  # LitCTF{md5can
    part2 = known_flag[15:18]  # der
    part3 = known_flag[19:34]  # ypt213
    part4 = known_flag[35:38]  # ough
    part5 = known_flag[38:]  # sh

    # 穷举爆破位置的字符
    for c1 in charset:  # 爆破 `**`
        for c2 in charset:  # 爆破 `**`
            for c3 in charset:  # 爆破 `*`
                for c4 in charset:  # 爆破 `*`
                    # 插入爆破字符，拼接成完整的flag
                    flag = part1 + c1 + c2 + part2 + c3 + part3 + c4 + part4 + part5
                    yield flag

# 爆破并验证MD5
def crack_flag():
    for flag in generate_flags():
        m = md5(flag.encode()).hexdigest()
        print(f"Trying flag: {flag} -> MD5: {m}")  # 输出每次的flag和对应的MD5值
        if m == target_md5:
            return flag
    return None

# 执行爆破
result_flag = crack_flag()
if result_flag:
    print(f"Found flag: {result_flag}")
else:
    print("Flag not found.")

Found flag: LitCTF{md5can123dexrypt213thoughcrpsh}

10.crypto1

from gmpy2 import *
from Crypto.Util.number import *



flag  = '****************************'
flag = {"asfajgfbiagbwe"}
p = getPrime(2048)
q = getPrime(2048)
m1 = bytes_to_long(bytes(flag.encode()))

e1e2 = 3087
n = p*q
print()

flag1 = pow(m1,e1,n)
flag2 = pow(m1,e2,n)
print('flag1= '+str(flag1))
print('flag2= '+str(flag2))
print('n= '+str(n))


#flag1= 463634070971821449698012827631572665302589213868521491855038966879005784397309389922926838028598122795187584361359142761652619958273094398420314927073008031088375892957173280915904309949716842152249806486027920136603248454946737961650252641668562626310035983343018705370077783879047584582817271215517599531278507300104564011142229942160380563527291388260832749808727470291331902902518196932928128107067117198707209620169906575791373793854773799564060536121390593687449884988936522369331738199522700261116496965863870682295858957952661531894477603953742494526632841396338388879198270913523572980574440793543571757278020533565628285714358815083303489096524318164071888139412436112963845619981511061231001617406815056986634680975142352197476024575809514978857034477688443230263761729039797859697947454810551009108031457294164840611157524719173343259485881089252938664456637673337362424443150013961181619441267926981848009107466576314685961478748352388452114042115892243272514245081604607798243817586737546663059737344687130881861357423084448027959893402445303299089606081931041217035955143939567456782107203447898345284731038150377722447329202078375870541529539840051415759436083384408203659613313535094343772238691393447475364806171594
#flag2= 130959534275704453216282334815034647265875632781798750901627773826812657339274362406246297925411291822193191483409847323315110393729020700526946712786793380991675008128561863631081095222226285788412970362518398757423705216112313533155390315204875516645459370629706277876211656753247984282379731850770447978537855070379324935282789327428625259945250066774049650951465043700088958965762054418615838049340724639373351248933494355591934236360506778496741051064156771092798005112534162050165095430065000827916096893408569751085550379620558282942254606978819033885539221416335848319082054806148859427713144286777516251724474319613960327799643723278205969253636514684757409059003348229151341200451785288395596484563480261212963114071064979559812327582474674812225260616757099890896900340007990585501470484762752362734968297532533654846190900571017635959385883945858334995884341767905619567505341752047589731815868489295690574109758825021386698440670611361127170896689015108432408490763723594673299472336065575301681055583084547847733168801030191262122130369687497236959760366874106043801542493392227424890925595734150487586757484304609945827925762382889592743709682485229267604771944535469557860120878491329984792448597107256325783346904408
#n= 609305637099654478882754880905638123124918364116173050874864700996165096776233155524277418132679727857702738043786588380577485490575591029930152718828075976000078971987922107645530323356525126496562423491563365836491753476840795804040219013880969539154444387313029522565456897962200817021423704204077133003361140660038327458057898764857872645377236870759691588009666047187685654297678987435769051762120388537868493789773766688347724903911796741124237476823452505450704989455260077833828660552130714794889208291939055406292476845194489525212129635173284301782141617878483740788532998492403101324795726865866661786740345862631916793208037250277376942046905892342213663197755010315060990871143919384283302925469309777769989798197913048813940747488087191697903624669415774198027063997058701217124640082074789591591494106726857376728759663074734040755438623372683762856958888826373151815914621262862750497078245369680378038995425628467728412953392359090775734440671874387905724083226246587924716226512631671786591611586774947156657178654343092123117255372954798131265566301316033414311712092913492774989048057650627801991277862963173961355088082419091848569675686058581383542877982979697235829206442087786927939745804017455244315305118437

这道题参考一下共模算法的单独的那个文档

11.crypto4

from gmpy2 import *
from Cryptodome.Util.number import *

flag  = '**********'

p = getPrime(512)
q = next_prime(p)
m1 = bytes_to_long(bytes(flag.encode()))

p = 7221289171488727827673517139597844534869368289455419695964957239047692699919030405800116133805855968123601433247022090070114331842771417566928809956044421
q = 7221289171488727827673517139597844534869368289455419695964957239047692699919030405800116133805855968123601433247022090070114331842771417566928809956045093
#我自己分解的
e = 4096
n = p*q


flag1 = pow(m1,e,n)
print('flag= '+str(flag1))
print('n= '+str(n))

'''
flag= 10227915341268619536932290456122384969242151167487654201363877568935534996454863939953106193665663567559506242151019201314446286458150141991211233219320700112533775367958964780047682920839507351492644735811096995884754664899221842470772096509258104067131614630939533042322095150722344048082688772981180270243
n= 52147017298260357180329101776864095134806848020663558064141648200366079331962132411967917697877875277103045755972006084078559453777291403087575061382674872573336431876500128247133861957730154418461680506403680189755399752882558438393107151815794295272358955300914752523377417192504702798450787430403387076153
'''

12.yafu (中级)

from Cryptodome.Util.number import *
from sympy import factorint

n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
e = 65537

def factorize(n):
    factors = factorint(n)  # 返回因式分解结果
    return factors

print(factorize(n))

c = pow(m,e,n)
print(f'n = {n}')
print(f'c = {c}')
'''
n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
c = 12608550100856399369399391849907846147170257754920996952259023159548789970041433744454761458030776176806265496305629236559551086998780836655717
'''

这里附上一个代码直接调用factordb的api然后直接分解：

import requests
# 输入 n
n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
def queryFactors(n):
    s=[]
    url="http://factordb.com/api?query="+str(n)
    r = requests.get(url)
    factors=r.json()['factors']
    for f in factors:
       for i in range(f[1]):
          s.append(int(f[0]))
    return s
print(queryFactors(n))

13.crypto2

from gmpy2 import *
from Crypto.Util.number import *



flag  = '***************'

p = getPrime(512)
q = getPrime(512)
m1 = bytes_to_long(bytes(flag.encode()))


n = p*q
e1 = getPrime(32)
e2 = getPrime(32)
print()

flag1 = pow(m1,e1,n)
flag2 = pow(m1,e2,n)
print('flag1= '+str(flag1))
print('flag2= '+str(flag2))
print('e1= ' +str(e1))
print('e2= '+str(e2))
print('n= '+str(n))


#flag1= 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280
#flag2= 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075
#e1= 3247473589
#e2= 3698409173
#n= 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313

简单的一b啊

flag1= 100156221476910922393504870369139942732039899485715044553913743347065883159136513788649486841774544271396690778274591792200052614669235485675534653358596366535073802301361391007325520975043321423979924560272762579823233787671688669418622502663507796640233829689484044539829008058686075845762979657345727814280
flag2= 86203582128388484129915298832227259690596162850520078142152482846864345432564143608324463705492416009896246993950991615005717737886323630334871790740288140033046061512799892371429864110237909925611745163785768204802056985016447086450491884472899152778839120484475953828199840871689380584162839244393022471075
e1= 3247473589
e2= 3698409173
n= 103606706829811720151309965777670519601112877713318435398103278099344725459597221064867089950867125892545997503531556048610968847926307322033117328614701432100084574953706259773711412853364463950703468142791390129671097834871371125741564434710151190962389213898270025272913761067078391308880995594218009110313

import gmpy2
from Cryptodome.Util.number import long_to_bytes as l2b

s,s1,s2=gmpy2.gcdext(e1,e2)
print(s,s1,s2)
m = (pow(flag1,s1,n)*pow(flag2,s2,n))%n
print("m=",(l2b(m)))

14.childRSA

from random import choice
from Crypto.Util.number import isPrime, sieve_base as primes
from flag import flag


def getPrime(bits):
    while True:
        n = 2
        while n.bit_length() < bits:
            n *= choice(primes)
        if isPrime(n + 1):
            return n + 1

e = 0x10001
m = int.from_bytes(flag.encode(), 'big')
p, q = [getPrime(2048) for _ in range(2)]
n = p * q
c = pow(m, e, n)

# n = 32849718197337581823002243717057659218502519004386996660885100592872201948834155543125924395614928962750579667346279456710633774501407292473006312537723894221717638059058796679686953564471994009285384798450493756900459225040360430847240975678450171551048783818642467506711424027848778367427338647282428667393241157151675410661015044633282064056800913282016363415202171926089293431012379261585078566301060173689328363696699811123592090204578098276704877408688525618732848817623879899628629300385790344366046641825507767709276622692835393219811283244303899850483748651722336996164724553364097066493953127153066970594638491950199605713033004684970381605908909693802373826516622872100822213645899846325022476318425889580091613323747640467299866189070780620292627043349618839126919699862580579994887507733838561768581933029077488033326056066378869170169389819542928899483936705521710423905128732013121538495096959944889076705471928490092476616709838980562233255542325528398956185421193665359897664110835645928646616337700617883946369110702443135980068553511927115723157704586595844927607636003501038871748639417378062348085980873502535098755568810971926925447913858894180171498580131088992227637341857123607600275137768132347158657063692388249513
# c = 26308018356739853895382240109968894175166731283702927002165268998773708335216338997058314157717147131083296551313334042509806229853341488461087009955203854253313827608275460592785607739091992591431080342664081962030557042784864074533380701014585315663218783130162376176094773010478159362434331787279303302718098735574605469803801873109982473258207444342330633191849040553550708886593340770753064322410889048135425025715982196600650740987076486540674090923181664281515197679745907830107684777248532278645343716263686014941081417914622724906314960249945105011301731247324601620886782967217339340393853616450077105125391982689986178342417223392217085276465471102737594719932347242482670320801063191869471318313514407997326350065187904154229557706351355052446027159972546737213451422978211055778164578782156428466626894026103053360431281644645515155471301826844754338802352846095293421718249819728205538534652212984831283642472071669494851823123552827380737798609829706225744376667082534026874483482483127491533474306552210039386256062116345785870668331513725792053302188276682550672663353937781055621860101624242216671635824311412793495965628876036344731733142759495348248970313655381407241457118743532311394697763283681852908564387282605279108

这里的随机大素数算法其实跟费马小定理很像：

def getPrime(bits):
    while True:
        n = 2
        while n.bit_length() < bits:
            n *= choice(primes)
        if isPrime(n + 1):
            return n + 1

这段 getPrime函数的目标是生成一个指定位数（如2048位）的大素数，其过程是：

从一个初始值 n = 2开始。
在一个循环中，不断用 n乘以一个从 primes列表中随机选择的小素数，直到 n的比特长度达到或超过目标位数。
然后检查 n + 1是否为素数。如果是，就返回 n + 1；如果不是，就重复整个过程。

这意味着最终生成的素数 p具有 p = n + 1的形式，而 n是许多小素数（前10000个质数中的一部分）的乘积。因此，p - 1（即 n）的所有质因数都“很小”，并且都来自那个预设的小素数列表。

构造一个特殊的指数 m：令 m 为前10000个质数的乘积。由于 p-1 是许多小质数的乘积，并且这些小质数都包含在前10000个质数中，所以 p-1 一定能整除 m（m % (p-1) == 0）。同理，q-1 也能整除 m。
应用费马小定理：根据费马小定理，因为 p 是素数，且 2 不是 p 的倍数，所以有：
$ 2^{p-1} \equiv 1 \pmod{p} $
利用同余定理的幂规则：如果 a ≡ b (mod m)，那么 a^k ≡ b^k (mod m)。因为 (p-1) 能整除 m，我们可以设 m = k * (p-1)（k 是某个整数）。那么：
$ 2^m = 2^{k*(p-1)} = (2^{p-1})^k \equiv 1^k \equiv 1 \pmod{p} $
这意味着 2^m ≡ 1 (mod p)。换算成等式就是 2^m = 1 + t * p，其中 t 是某个整数。
得到关键关系：从 2^m = 1 + t * p 可以得到 2^m - 1 = t * p。也就是说，2^m - 1 是 p 的整数倍。
同理对 q：完全相同的推导也适用于 q。因为 q-1 也能整除 m，所以 2^m - 1 也是 q 的整数倍。
分解模数 n：现在我们知道：
- 2^m - 1 是 p 的倍数。
- 2^m - 1 是 q 的倍数。
- 而 n = p * q。
  所以，2^m - 1 同时是 p 和 q 的倍数，即它是 p 和 q 的公倍数，因此也必然是它们最小公倍数 lcm(p,q) 的倍数。由于 p 和 q 都是素数，lcm(p, q) = n。
  但是，更直接有效的方法是计算最大公约数 (gcd)：
- 计算 p = gcd(2^m - 1, n)。因为 2^m - 1 是 p 的倍数，但不是 q 的倍数（除非极其巧合），所以 gcd(2^m - 1, n) 很大概率会等于 p。
- 一旦得到 p，就可以轻易计算出 q = n / p。

这里用了一个优化算法， gcd(2^num−1,n)和gcd(gmpy2.powmod(2, num, n) - 1, n)等价（其实我有点担心这个算法，所以这里gmpy2.powmod(2, num, n) - 1之后加一个n保险点）

from Cryptodome.Util.number import isPrime, sieve_base as primes, long_to_bytes
import gmpy2

e = 0x10001
n = 32849718197337581823002243717057659218502519004386996660885100592872201948834155543125924395614928962750579667346279456710633774501407292473006312537723894221717638059058796679686953564471994009285384798450493756900459225040360430847240975678450171551048783818642467506711424027848778367427338647282428667393241157151675410661015044633282064056800913282016363415202171926089293431012379261585078566301060173689328363696699811123592090204578098276704877408688525618732848817623879899628629300385790344366046641825507767709276622692835393219811283244303899850483748651722336996164724553364097066493953127153066970594638491950199605713033004684970381605908909693802373826516622872100822213645899846325022476318425889580091613323747640467299866189070780620292627043349618839126919699862580579994887507733838561768581933029077488033326056066378869170169389819542928899483936705521710423905128732013121538495096959944889076705471928490092476616709838980562233255542325528398956185421193665359897664110835645928646616337700617883946369110702443135980068553511927115723157704586595844927607636003501038871748639417378062348085980873502535098755568810971926925447913858894180171498580131088992227637341857123607600275137768132347158657063692388249513
c = 26308018356739853895382240109968894175166731283702927002165268998773708335216338997058314157717147131083296551313334042509806229853341488461087009955203854253313827608275460592785607739091992591431080342664081962030557042784864074533380701014585315663218783130162376176094773010478159362434331787279303302718098735574605469803801873109982473258207444342330633191849040553550708886593340770753064322410889048135425025715982196600650740987076486540674090923181664281515197679745907830107684777248532278645343716263686014941081417914622724906314960249945105011301731247324601620886782967217339340393853616450077105125391982689986178342417223392217085276465471102737594719932347242482670320801063191869471318313514407997326350065187904154229557706351355052446027159972546737213451422978211055778164578782156428466626894026103053360431281644645515155471301826844754338802352846095293421718249819728205538534652212984831283642472071669494851823123552827380737798609829706225744376667082534026874483482483127491533474306552210039386256062116345785870668331513725792053302188276682550672663353937781055621860101624242216671635824311412793495965628876036344731733142759495348248970313655381407241457118743532311394697763283681852908564387282605279108

num = 1
for i in primes:
    num *= i
p = gmpy2.gcd(gmpy2.powmod(2, num, n) - 1+n, n)
q = n // p
d = gmpy2.invert(e, (p - 1) * (q - 1))
m = gmpy2.powmod(c, d, n)

print(long_to_bytes(m))

其实这个n我没想到的是这个居然是可以用分解网站直接分解。。

15.crypto6

var="************************************"
flag='NSSCTF{' + base64.b16encode(base64.b32encode(base64.b64encode(var.encode()))) + '}'
print(flag)

小明不小心泄露了源码，输出结果为：4A5A4C564B36434E4B5241544B5432454E4E32465552324E47424758534D44594C4657564336534D4B5241584F574C4B4B463245365643424F35485649534C584A5A56454B4D4B5049354E47593D3D3D，你能还原出var的正确结果吗？

解密流程base16-32-64即可

NSSCTF{5e110989-dc43-1bd3-00b4-9009206158fe}

16.Is this only base?

SWZxWl=F=DQef0hlEiSUIVh9ESCcMFS9NF2NXFzM

IfqZQC{IbQ_Rp_E4S3_cR0!!!!!}

凯撒23：LitCTF{LeT_Us_H4V3_fU0!!!!!}

17.factordb中级

1
2
3

e = 65537
n = 87924348264132406875276140514499937145050893665602592992418171647042491658461
c = 87677652386897749300638591365341016390128692783949277305987828177045932576708

from Cryptodome.Util.number import long_to_bytes as l2b
from Cryptodome.Util.number import *
e = 65537
n = 87924348264132406875276140514499937145050893665602592992418171647042491658461
p = 275127860351348928173285174381581152299
q = 319576316814478949870590164193048041239
c = 87677652386897749300638591365341016390128692783949277305987828177045932576708

phi = (p-1)*(q-1)
d=pow(e,-1,phi)
m=pow(c,d,n)
print(long_to_bytes(m))

18.yafu

from Crypto.Util.number import *
from secret import flag

m = bytes_to_long(flag)
n  = 1
for i in range(15):
    n *=getPrime(32)
e = 65537
c = pow(m,e,n)
print(f'n = {n}')
print(f'c = {c}')
'''
n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
c = 12608550100856399369399391849907846147170257754920996952259023159548789970041433744454761458030776176806265496305629236559551086998780836655717
'''

让ai打个工即可

from Cryptodome.Util.number import long_to_bytes as l2b
from Cryptodome.Util.number import *

n = 15241208217768849887180010139590210767831431018204645415681695749294131435566140166245881287131522331092026252879324931622292179726764214435307
e = 65537
c = 12608550100856399369399391849907846147170257754920996952259023159548789970041433744454761458030776176806265496305629236559551086998780836655717
phi=(2201440207-1) * (3354884521-1) * (2719600579-1) * (4171911923-1) * (2151018733-1) * (4021078331-1) * (2315495107-1) * (4044505687-1) * (2923522073-1) * (2906576131-1) * (2758708999-1) * (2767137487-1) * (3355651511-1) * (3989697563-1) * (2585574697-1)
d=pow(e,-1,phi)
m=pow(c,d,n)
print(l2b(m))

19.Crazy_Rsa_Tech

from Crypto.Util.number import *
from Crypto.Util.Padding import *

FLAG = bytes_to_long(pad(b"flag{??????}",64))
def init_key():
    p, q = getPrime(512), getPrime(512)
    n = p*q
    e = 9
    while(GCD((p-1)*(q-1),e)!=1):
        p, q = getPrime(512), getPrime(512)
        n = p*q
    d = inverse(e,(p-1)*(q-1))
    return n,e,d

n_list=list()
c_list=list()
for i in range(9):
    N,e,d=init_key()
    n_list.append(N)
    c=pow(FLAG,e,N)
    c_list.append(pow(FLAG,e,N))
    assert(pow(c,d,N)==FLAG)
print("n_list:",n_list)
print("c_list:",c_list)

output：

涉及到低指数加密攻击，我单开一个文档讲。

弄懂之后就直接可以用crt代码解出来：

from Cryptodome.Util.number import long_to_bytes as l2b
from Cryptodome.Util.number import *
import gmpy2
from sympy.ntheory.modular import crt

n_list = [71189786319102608575263218254922479901008514616376166401353025325668690465852130559783959409002115897148828732231478529655075366072137059589917001875303598680931962384468363842379833044123189276199264340224973914079447846845897807085694711541719515881377391200011269924562049643835131619086349617062034608799, 92503831027754984321994282254005318198418454777812045042619263533423066848097985191386666241913483806726751133691867010696758828674382946375162423033994046273252417389169779506788545647848951018539441971140081528915876529645525880324658212147388232683347292192795975558548712504744297104487514691170935149949, 100993952830138414466948640139083231443558390127247779484027818354177479632421980458019929149817002579508423291678953554090956334137167905685261724759487245658147039684536216616744746196651390112540237050493468689520465897258378216693418610879245129435268327315158194612110422630337395790254881602124839071919, 59138293747457431012165762343997972673625934330232909935732464725128776212729547237438509546925172847581735769773563840639187946741161318153031173864953372796950422229629824699580131369991913883136821374596762214064774480548532035315344368010507644630655604478651898097886873485265848973185431559958627423847, 66827868958054485359731420968595906328820823695638132426084478524423658597714990545142120448668257273436546456116147999073797943388584861050133103137697812149742551913704341990467090049650721713913812069904136198912314243175309387952328961054617877059134151915723594900209641163321839502908705301293546584147, 120940513339890268554625391482989102665030083707530690312336379356969219966820079510946652021721814016286307318930536030308296265425674637215009052078834615196224917417698019787514831973471113022781129000531459800329018133248426080717653298100515701379374786486337920294380753805825328119757649844054966712377, 72186594495190221129349814154999705524005203343018940547856004977368023856950836974465616291478257156860734574686154136925776069045232149725101769594505766718123155028300703627531567850035682448632166309129911061492630709698934310123778699316856399909549674138453085885820110724923723830686564968967391721281, 69105037583161467265649176715175579387938714721653281201847973223975467813529036844308693237404592381480367515044829190066606146105800243199497182114398931410844901178842049915914390117503986044951461783780327749665912369177733246873697481544777183820939967036346862056795919812693669387731294595126647751951, 76194219445824867986050004226602973283400885106636660263597964027139613163638212828932901192009131346530898961165310615466747046710743013409318156266326090650584190382130795884514074647833949281109675170830565650006906028402714868781834693473191228256626654011772428115359653448111208831188721505467497494581]
c_list = [62580922178008480377006528793506649089253164524883696044759651305970802215270721223149734532870729533611357047595181907404222690394917605617029675103788705320032707977225447998111744887898039756375876685711148857676502670812333076878964148863713993853526715855758799502735753454247721711366497722251078739585, 46186240819076690248235492196228128599822002268014359444368898414937734806009161030424589993541799877081745454934484263188270879142125136786221625234555265815513136730416539407710862948861531339065039071959576035606192732936477944770308784472646015244527805057990939765708793705044236665364664490419874206900, 85756449024868529058704599481168414715291172247059370174556127800630896693021701121075838517372920466708826412897794900729896389468152213884232173410022054605870785910461728567377769960823103334874807744107855490558726013068890632637193410610478514663078901021307258078678427928255699031215654693270240640198, 14388767329946097216670270960679686032536707277732968784379505904021622612991917314721678940833050736745004078559116326396233622519356703639737886289595860359630019239654690312132039876082685046329079266785042428947147658321799501605837784127004536996628492065409017175037161261039765340032473048737319069656, 1143736792108232890306863524988028098730927600066491485326214420279375304665896453544100447027809433141790331191324806205845009336228331138326163746853197990596700523328423791764843694671580875538251166864957646807184041817863314204516355683663859246677105132100377322669627893863885482167305919925159944839, 2978800921927631161807562509445310353414810029862911925227583943849942080514132963605492727604495513988707849133045851539412276254555228149742924149242124724864770049898278052042163392380895275970574317984638058768854065506927848951716677514095183559625442889028813635385408810698294574175092159389388091981, 16200944263352278316040095503540249310705602580329203494665614035841657418101517016718103326928336623132935178377208651067093136976383774189554806135146237406248538919915426183225265103769259990252162411307338473817114996409705345401251435268136647166395894099897737607312110866874944619080871831772376466376, 31551601425575677138046998360378916515711528548963089502535903329268089950335615563205720969393649713416910860593823506545030969355111753902391336139384464585775439245735448030993755229554555004154084649002801255396359097917380427525820249562148313977941413268787799534165652742114031759562268691233834820996, 25288164985739570635307839193110091356864302148147148153228604718807817833935053919412276187989509493755136905193728864674684139319708358686431424793278248263545370628718355096523088238513079652226028236137381367215156975121794485995030822902933639803569133458328681148758392333073624280222354763268512333515]
e = 9

for i in n_list:
    for j in n_list:
        if i != j:
            if gmpy2.gcd(i, j) == 1:
                continue
            else:
                print(i, j)
                print(gmpy2.gcd(n_list[i-1], n_list[j-1]))

c,N=crt(n_list,c_list)
m,exact=gmpy2.iroot(c,e)
print(l2b(m))

#b'flag{H0w_Fun_13_HAstads_broadca5t_AtTack!}\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16\x16'
#这里出现\x16的原因是加密算法中：FLAG = bytes_to_long(pad(b"flag{??????}",64)) 进行了填充

nss密码学到此结束🎇

reverse

1.NSSCTF2025入门题目-Maze

还拿了三血无敌

用ida逆向发现了主函数：

点进move_player:

点进target_x：发现了初始位置和目标位置1,1和8,8

找了半天没找到地图，于是抱着试试的心态直接运行软件，之后竟然是可以移动的:

至此已经知道了目标和初始位置，就开始走迷宫：

走出了两条路（画箭头的地方都可以走）：

ssdddwwddssddssaaassddds

ssddssaassddddddds
第一个不行，第二是答案（看来是要选短的那个）

2.NSSCTF2025入门题目-Xor

int __fastcall main(int argc, const char argv, const char envp)
{
  char v4[108]; // [rsp+20h] [rbp-70h] BYREF
  int i; // [rsp+8Ch] [rbp-4h]

  _main(argc, argv, envp);
  printf("please input flag:");
  scanf("%s", v4);
  for ( i = 0; i <= 27; ++i )
  {
    if ( ((unsigned __int8)v4[i] ^ 0x7A) != enc_0[i] )
    {
      printf("FLAG is wrong!\n");
      system("pause");
      exit(0);
    }
  }
  printf("FLAG is right!\n");
  system("pause");
  return 0;
}

输入值和0x7A异或之后和数组enc_0比较，点进去看：

然后写代码逆回去：

# enc_0 数组的值（十六进制）
enc_0 = [
    0x34, 0x29, 0x39, 0x2E, 0x3C, 0x01, 0x22, 0x15, 0x08, 0x25,
    0x13, 0x09, 0x25, 0x18, 0x1B, 0x09, 0x13, 0x19, 0x25, 0x08,
    0x1F, 0x1F, 0x07, 0x04
]

# 异或操作的常量
xor_value = 0x7A

# 计算每个字符
flag = ''.join(chr(enc ^ xor_value) for enc in enc_0)

print(f"Recovered FLAG: {flag}")

Recovered FLAG: NSCTF{Xor_is_basic_ree}~但是结果不对我等回来看

3.NSSCTF2025入门题目-Base64

base64加密，但是常规加密不对，接着看伪代码中的b64_encode函数：

__int64 __fastcall b64_encode(__int64 a1, unsigned __int64 a2, __int64 a3)
{
  unsigned __int64 v3; // rax
  unsigned __int64 v4; // rax
  int v5; // eax
  unsigned __int64 v6; // rax
  int v7; // eax
  __int64 v8; // rax
  char v9; // dl
  __int64 v10; // rax
  char v11; // dl
  __int64 v12; // rax
  __int64 result; // rax
  unsigned int v14; // [rsp+0h] [rbp-20h]
  int v15; // [rsp+8h] [rbp-18h]
  int v16; // [rsp+Ch] [rbp-14h]
  __int64 v17; // [rsp+10h] [rbp-10h]
  __int64 v18; // [rsp+10h] [rbp-10h]
  __int64 v19; // [rsp+10h] [rbp-10h]
  unsigned __int64 v20; // [rsp+18h] [rbp-8h]

  v20 = 0i64;
  v17 = 0i64;
  while ( v20 < a2 )
  {
    v3 = v20++;
    v16 = *(unsigned __int8 *)(a1 + v3);
    if ( v20 >= a2 )
    {
      v5 = 0;
    }
    else
    {
      v4 = v20++;
      v5 = *(unsigned __int8 *)(a1 + v4);
    }
    v15 = v5;
    if ( v20 >= a2 )
    {
      v7 = 0;
    }
    else
    {
      v6 = v20++;
      v7 = *(unsigned __int8 *)(a1 + v6);
    }
    v14 = v7 | (v16 << 16) | (v15 << 8);
    *(_BYTE *)(v17 + a3) = B64_TABLE[(v14 >> 18) & 0x3F];
    v8 = v17 + 1;
    v18 = v17 + 2;
    *(_BYTE *)(v8 + a3) = B64_TABLE[(v14 >> 12) & 0x3F];
    if ( a2 < v20 - 1 )
      v9 = 61;
    else
      v9 = B64_TABLE[(v14 >> 6) & 0x3F];
    v10 = v18;
    v19 = v18 + 1;
    *(_BYTE *)(a3 + v10) = v9;
    if ( a2 < v20 )
      v11 = 61;
    else
      v11 = B64_TABLE[v14 & 0x3F];
    v12 = v19;
    v17 = v19 + 1;
    *(_BYTE *)(a3 + v12) = v11;
  }
  result = a3 + v17;
  *(_BYTE *)(a3 + v17) = 0;
  return result;
}

ai解析发现了一个：B64_TABLE，也就是自定义的base64

NSSCTF{Kind_of_different_Base64}

4.NSSCTF2025入门题目-Rc4

RC4 是一种加密方法，属于 流密码，它的工作原理相对简单。基本流程是这样的：

密钥生成：RC4 使用一个密钥（比如一串字符或数字）来生成一个密钥流（一个伪随机的字节序列）。
加密过程：加密时，RC4 会把明文和这个密钥流的每个字节进行异或操作。简单来说，异或就是两者比较，结果是相同为 0，不同为 1。这个过程每次使用一个新的字节。
解密过程：因为加密和解密都用相同的密钥流，只要再次用同样的密钥流和密文进行异或，就能还原出原来的明文。
这是一道rc4的题目：

1.主函数：

int __fastcall main(int argc, const char argv, const char envp)
{
  unsigned int v3; // eax
  unsigned int v4; // eax
  char Str[112]; // [rsp+20h] [rbp-60h] BYREF
  char v7[264]; // [rsp+90h] [rbp+10h] BYREF
  int i; // [rsp+198h] [rbp+118h]
  int v9; // [rsp+19Ch] [rbp+11Ch]

  _main(argc, argv, envp);
  printf("please input flag:");
  scanf("%s", Str);
  v3 = strlen("SakuraiCora");
  rc4_init(v7, "SakuraiCora", v3);
  v4 = strlen(Str);
  rc4_crypt(v7, Str, v4);
  v9 = 1;
  for ( i = 0; i <= 23; ++i )
  {
    if ( Str[i] != enc_0[i] )
    {
      v9 = 0;
      break;
    }
  }
  if ( v9 )
    printf("You get flag!\n");
  else
    printf("Wrong flag!\n");
  return 0;
}

2.rc4_init函数：unsigned __int64 __fastcall rc4_init(__int64 a1, __int64 a2, int a3)
{
  unsigned __int64 result; // rax
  unsigned __int8 v4; // [rsp+7h] [rbp-9h]
  int v5; // [rsp+8h] [rbp-8h]
  int i; // [rsp+Ch] [rbp-4h]
  int j; // [rsp+Ch] [rbp-4h]

  v5 = 0;
  for ( i = 0; i <= 255; ++i )
  {
    result = i + a1;
    *(_BYTE *)result = i;
  }
  for ( j = 0; j <= 255; ++j )
  {
    v5 = (*(unsigned __int8 *)(j + a1) + v5 + *(unsigned __int8 *)(j % a3 + a2)) % 256;
    v4 = *(_BYTE *)(j + a1);
    *(_BYTE *)(j + a1) = *(_BYTE *)(v5 + a1);
    result = v4;
    *(_BYTE *)(a1 + v5) = v4;
  }
  return result;
}

3.rc4_crypt函数：__int64 __fastcall rc4_crypt(__int64 a1, __int64 a2, int a3)
{
  __int64 result; // rax
  char v4; // [rsp+3h] [rbp-Dh]
  unsigned int i; // [rsp+4h] [rbp-Ch]
  int v6; // [rsp+8h] [rbp-8h]
  int v7; // [rsp+Ch] [rbp-4h]

  v7 = 0;
  v6 = 0;
  for ( i = 0; ; ++i )
  {
    result = i;
    if ( (int)i >= a3 )
      break;
    v7 = (v7 + 1) % 256;
    v6 = (v6 + *(unsigned __int8 *)(v7 + a1)) % 256;
    v4 = *(_BYTE *)(v7 + a1);
    *(_BYTE *)(v7 + a1) = *(_BYTE *)(v6 + a1);
    *(_BYTE *)(a1 + v6) = v4;
    *(_BYTE *)((int)i + a2) ^= *(_BYTE *)((unsigned __int8)(*(_BYTE *)(v7 + a1) + *(_BYTE *)(v6 + a1)) + a1);
  }
  return result;
}

4.enc_0的内容

.rdata:0000000140013050 enc_0           db 0E8h, 2Bh, 33h, 25h, 0B2h, 55h, 0E9h, 0Dh, 5Dh, 0AAh 
.rdata:0000000140013050                                         ; DATA XREF: main+AD↑o
.rdata:000000014001305A                 db 69h, 0FDh, 1Bh, 47h, 0D1h, 7Ch, 0A6h, 0FFh, 52h, 0E1h
.rdata:0000000140013064                 db 6Ch, 0E8h, 4Ch, 19h dup(0)

1. 分析 RC4 加密过程

你提供的代码使用了 RC4 加密算法。RC4 的工作原理是：首先使用一个密钥初始化一个状态数组 S（在 rc4_init 函数中），然后使用该数组生成伪随机的密钥流，与数据进行异或操作以加密或解密数据。

在这段代码中，密钥是 "SakuraiCora"，并且数据是通过 rc4_crypt 函数加密或解密的。

2. 主函数解析

在主函数中，程序首先通过 scanf 获取用户输入的 flag，然后进行如下操作：

使用 "SakuraiCora" 作为密钥初始化 RC4 算法（通过 rc4_init）。
使用 rc4_crypt 对用户输入的 flag 进行 RC4 解密。
将解密后的结果与预定义的加密数据 enc_0 进行比较。

如果解密后的前 24 个字符与 enc_0 完全匹配，则输出 "You get flag!"，否则输出 "Wrong flag!"。

3. `rc4_init` 函数解析

rc4_init 函数用于初始化 RC4 算法的 S-盒（状态数组）。该函数的核心是通过密钥来打乱 256 字节的数组 S，这个数组在加密和解密过程中会被不断修改。具体步骤如下：

先将数组 S 初始化为 0, 1, 2, ..., 255。
然后使用密钥 "SakuraiCora" 对 S 数组进行打乱。

4. `rc4_crypt` 函数解析

rc4_crypt 函数用于加密或解密数据。其核心原理是利用 RC4 的伪随机生成算法（PRGA）生成伪随机的密钥流，并将密钥流与数据进行异或操作，得到加密或解密后的结果。

5. 破解步骤

密钥 **SakuraiCora**：密钥用于初始化 RC4 算法。将 "SakuraiCora" 作为输入，调用 rc4_init 函数来初始化状态数组 S。
密文 **enc_0**：enc_0 是预定义的密文数组，它存储了正确 flag 的加密结果。我们需要将用户输入的 flag 与这个加密结果进行比较。
解密过程：通过 rc4_crypt 函数，我们可以对加密后的密文（即用户输入的 flag）进行解密。将 "SakuraiCora" 作为密钥，解密后得到原始的 flag。
对比结果：解密后的前 24 个字符需要与 enc_0 数组完全匹配。如果匹配，说明解密成功，输出正确的 flag。

# RC4 算法
def rc4(key, data):
    # 初始化 S-盒
    S = list(range(256))
    j = 0
    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) % 256
        S[i], S[j] = S[j], S[i]
    
    # 加密/解密过程
    i = 0
    j = 0
    result = []
    for byte in data:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        key_byte = S[(S[i] + S[j]) % 256]
        result.append(byte ^ key_byte)
    return bytes(result)

# enc_0 的密文数据（以十六进制表示）
enc_0 = bytes([0xE8, 0x2B, 0x33, 0x25, 0xB2, 0x55, 0xE9, 0x0D, 0x5D, 0xAA,
               0x69, 0xFD, 0x1B, 0x47, 0xD1, 0x7C, 0xA6, 0xFF, 0x52, 0xE1,
               0x6C, 0xE8, 0x4C, 0x19])

# 密钥
key = b"SakuraiCora"

# 解密密文
decrypted_flag = rc4(key, enc_0)

# 打印解密后的 flag
print(f"Decrypted flag: {decrypted_flag.decode('utf-8')}")

NSSCTF{y0u_solved_Rc4!}

misc

1.这是哪里

百度识图：

其实这个酒店非常有特征这个床和床旁边居然是透明玻璃隔了一个厕所。。。

这个酒店都搜不到了。。。其实我是搜到了解析、这也未尝不是一道misc呢

{厦门市思明区鼓浪屿康泰路25号17746048875}

2.GIF有点大

导入剪映，逐帧看看，有二维码NSS{The_G1F_ls_T00_b1g}

密码学