密码全题目链接
当初为了以后拷打学弟,全下了

Crypto

😢 雨霖铃

from Crypto.Util.number import *
from os import getenv

flag = getenv("FLAG")


def chal():
    e = 65537
    phi = e
    while GCD(e, phi) != 1:
        p = getPrime(512)
        q = getPrime(512)
        n = p * q
        phi = (p - 1) * (q - 1)
    d = pow(e, -1, phi)

    print(f"Alice -> Bob :The public key  {{'n':{hex(n)},'e':{hex(e)}}}")

    mess = b"I l0ve you---Bob"
    m = long_to_bytes(mess)
    print(f"Bob -> Alice :The encrypted message {{'c':{hex(pow(m,e,n))}}}")

    print("You can change the message Bob sent to Alice to help them study")
    c = int(input("Please input the encrypted message (in hex)"),16)
    message = bytes_to_long(pow(c, d, n))

    if message == b"Please keep away from me, I had to study hard":
        print(flag)


if __name__ == "__main__":
    chal()

messagecdmod(n)message\equiv c^{d}mod(n)
c(message)emod(n)c\equiv (message)^{e}mod(n)

😊 快乐王子

from Crypto.Util.number import *
from secret import flag

p = getPrime(1024)
e = 0x10001
m = bytes_to_long(flag)
c = pow(m, e, p)
print(f"{c = }")
print(f"{p = }")
print(f"{e = }")

"""
c = 94933879657019461326828225836780893807400776971235851915066913763683310991309173340557406241075423730347734496950200533575670368627940332981373490699790129749566410150515572724861054835984481560010703671000134856172771048226985683127931612726872883032424421652451138053080169329061035399029500996664744339122
p = 95855494001984957858370499068727677198914989191424438110665096413160144326163172754989614826773164540454657124564339977787908884977761972381683644262327181870316948741995100389232827854834171961842471759416662384703036141181130961351694018591639607368956764660290603455362026824834672239118472771981866952759
e = 65537
"""
from Crypto.Util.number import *
c = 
p = 
e = 65537
d = inverse(e, p-1)
print(long_to_bytes(pow(c, d, p)).decode())

PS: 单素数十分不安全

🦆 滕王阁序

from Crypto.Util.number import *
from random import randint
from hashlib import sha256

N = 2**32

a = randint(1, N)
b = randint(1, N)
seed = randint(1, N)


def gen():
    global seed
    seed = (seed * a + b) % N
    return seed


n = 10
lst = []
for i in range(10):
    lst.append(gen())

print(lst[:3])
flag = "cnss{" + sha256(str(lst).encode()).digest().hex() + "}"

"""
[1191871952, 424959397, 2071728008]
"""

简单LCG

from Crypto.Util.number import *
from hashlib import sha256


def gen():
    global seed
    seed = (seed * a + b) % N
    return seed


N = 2**32
lst = [1191871952, 424959397, 2071728008]
a = (lst[2]-lst[1]) * inverse(lst[1]-lst[0], N) % N
b = (lst[1] - a * lst[0]) % N
seed = (lst[0]-b)*inverse(a, N) % N
lst = []
for i in range(10):
    lst.append(gen())
flag = "cnss{" + sha256(str(lst).encode()).digest().hex() + "}"
print(flag)

😴 苦昼短

from Crypto.Util.number import getPrime, bytes_to_long, getRandomNBitInteger

from secret import flag

assert flag.endswith(b"th3ory}")
assert len(flag) <= 35

p = getPrime(256)
q = getPrime(256)
n = p * q

m = bytes_to_long(flag)

e1 = getRandomNBitInteger(512)
e2 = getRandomNBitInteger(512)

c1 = pow(m, e1, n)
c2 = pow(m, e2, n)

print(f"{n = }")
print(f"{e1 = }")
print(f"{e2 = }")
print(f"{c1 = }")
print(f"{c2 = }")


"""
n = 6515170721824235610077767341836933885840875127391251414241431058649905695517146798474612659595551169142861886184506103913942899261023340287984546344722437
e1 = 7629805664186543656889446705637291540349114025875443716836563834859596597787836018342790489334721556488151377780074075791508513529215301207684062773549978
e2 = 9039921587803845152307464731958928360172176091850551461858009351504282865228004545395872265680096691496208319524680982403075570587404216482639595725937778
c1 = 4051037378975864795768433612586859935577401638900306752031195646978965789412075981397854666117503427453968376495404896921769061877453267600673695437655064
c2 = 1553033793693524308294676475858121205684586044416915406366461468291436664838155112756117928278740586233365774778368046411859650684761456474837957111920903
"""

共模攻击,但e不互素,GCD(e1,e2)=2,然后打明文高低位泄露

# sage
from Crypto.Util.number import *
import gmpy2
n = 6515170721824235610077767341836933885840875127391251414241431058649905695517146798474612659595551169142861886184506103913942899261023340287984546344722437
e1 = 7629805664186543656889446705637291540349114025875443716836563834859596597787836018342790489334721556488151377780074075791508513529215301207684062773549978
e2 = 9039921587803845152307464731958928360172176091850551461858009351504282865228004545395872265680096691496208319524680982403075570587404216482639595725937778
c1 = 4051037378975864795768433612586859935577401638900306752031195646978965789412075981397854666117503427453968376495404896921769061877453267600673695437655064
c2 = 1553033793693524308294676475858121205684586044416915406366461468291436664838155112756117928278740586233365774778368046411859650684761456474837957111920903
s, x, y = gmpy2.gcdext(e1, e2)
m_2 = (pow(c1, x, n)*pow(c2, y, n)) % n
m_high = bytes_to_long(b'cnss{')
m_low = bytes_to_long(b'th3ory}')
R.< x > = PolynomialRing(Zmod(n))
f = ((m_high << 240)+x*2 ^ 56+m_low)^2-m_2
f = f.monic()
roots = f.small_roots(X=2 ^ 184, beta=0.4,epsilon=0.02)
for root in roots:
    m = (m_high << 240)+int(root)*2 ^ 56+m_low
    print(long_to_bytes(int(m)).decode())

🐬 詩超絆

import os
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad

with open("flag.png", "rb") as f:
    flag_pic = f.read()

key = os.urandom(16)
cipher  = AES.new(key = key, mode = AES.MODE_OFB, iv = os.urandom(16))
enc_pic = cipher.encrypt(pad(flag_pic, 16))

with open("data.txt", "w") as f:
    f.write(f"key = {key}\n")
    f.write(f"enc_pic = {enc_pic}\n")

可参考Sheep Counting,不过它那里是ECB模式,这里是OFB模式,我们只要获取到一开始iv加密后的密钥流作为后续解密的初始向量即可,具体原理学习OFB模式即可理解

from Crypto.Cipher import AES
from Crypto.Util.number import *
from pwn import xor
key = b'k\x18\xb9\xd2\x1f\xfb\xe8\nrz\xfaV\xd7\x1dB\xe4'
enc_pic = b'...'
png_head = bytes.fromhex('89504e470d0a1a0a0000000d49484452')
iv = xor(enc_pic[:16], png_head)
aes = AES.new(key=key, mode=AES.MODE_OFB, iv=iv)
flag = png_head+aes.decrypt(enc_pic[16:])
with open("flag.png", 'wb')as f:
    f.write(flag)

❤️ 春日影()

import hashlib
from Crypto.Util.number import *
from os import getenv

flag = getenv("FLAG")


def prod(ells):
    return 1 if ells == [] else ells[0] * prod(ells[1:])


while True:
    p = 2 * prod([getPrime(32) for _ in range(8)]) + 1
    if isPrime(p):
        break

print(p)

past = b"Welcome to cnss recruitment 2024!"
now = b"Congratulations! We hope you can join us!"

code = input("Enter your code to pass the time! >")

assert all([c == "+" or c == "*" for c in code]) and len(code) < 512

past = int(hashlib.sha256(past).hexdigest(), 16)
for c in code:
    if c == "+":
        past = past + past
    else:
        past = past * past
    past %= p

if past == int(hashlib.sha256(now).hexdigest(), 16):
    print(f"You make it! The flag is {flag}\n")

nc 152.136.11.155 10065

past不断地,乘2或平方之后取模p要等于now
说实话,没什么思路

else

有空再补,这些题目挺有意思的,说不定在XSCTF2025又能看见改版了()

Web

我记得简单打了几题,不是很想记录,跳了

Misc

👑 我意同君共天涯()

SUID提权,我记得有curl,但是我当时没做出来,后面看到有人说curl访问即可,不清楚,因为环境已经没了

🫡我很会C++

就简单的数据处理

with open("课堂作业.cpp", 'r')as f:
    content = f.readlines()
    j = 1
    print('CNSS{', end='')
    for i in range(0, len(content), 6):
        if i == len(content)-14:
            break
        if 0 <= j <= 9:
            num = content[13+i][26:27][::-1]
        elif 10 <= j <= 99:
            num = content[13+i][26:28][::-1]
        elif 100 <= j <= 999:
            num = content[13+i][26:29][::-1]
        elif 1000 <= j <= 9999:
            num = content[13+i][26:30][::-1]
        elif 10000 <= j <= 99999:
            num = content[13+i][26:31][::-1]
        if num != str(j):
            print(j, end='')
            j += 1
        j += 1
    print("}")

❓ 璇椾汉鎻℃寔

澹归浂鎹屽弫闆舵崒鎹屼紞璐伴浂闄嗛檰鍙侀浂鏌掓煉闄嗕紞闆跺9澹硅倖鑲嗘崒鎹岄檰鏌掍紞澹圭帠
http://www.mytju.com/classcode/tools/messycoderecover.asp
壹零捌叁零捌捌伍贰零陆陆叁零柒柒陆伍零壹壹肆肆捌捌陆柒伍壹玖
cnss{108308852066307765011448867519}