from Crypto.Util.number import *import randomfrom gmpy2 import *from secret import flagassert len (flag) == 42 flag1 = flag[:len (flag)//2 ] flag2 = flag[len (flag)//2 :] print (flag1.encode())print (flag2.encode())m1 = bytes_to_long(flag1.encode()) m2 = bytes_to_long(flag2.encode()) def e_gen (bits ): e = [] for _ in range (5 ): e.append(getPrime(bits)) return e def enc1 (m, e, shift ): n = next_prime(m << shift) tmp = getPrime(256 ) cc = [] for i in range (len (e)): cc.append(int (pow (tmp, e[i], n))) return cc def key_gen (nbits ): p = getPrime(nbits) q = getPrime(nbits) return p, q def enc2 (m, p, q, n ): c = [pow (m, p, n),pow (m, q, n)] return c bits = 6 nbits = 1024 e = e_gen(bits) shift = 310 c1 = enc1(m1,e,shift) print ("e =" ,e)print ("c1 =" ,c1)p, q = key_gen(nbits) n = p * q c2 = enc2(m2, p, q, n) print ("n =" ,n)print ("c2 =" ,c2)''' e = [43, 37, 53, 61, 59] c1 = [304054249108643319766233669970696347228113825299195899223597844657873869914715629219753150469421333712176994329969288126081851180518874300706117, 300569071066351295347178153438463983525013294497692191767264949606466706307039662858235919677939911290402362961043621463108147721176372907055224, 294806502799305839692215402958402593834563343055375943948669528217549597192296955202812118864208602813754722206211899285974414703769561292993531, 255660645085871679396238463457546909716172735210300668843127008526613931533718130479441396195102817055073131304413673178641069323813780056896835, 194084621856364235027333699558487834531380222896709707444060960982448111129722327145131992393643001072221754440877491070115199839112376948773978] n = 16175064088648626038689748434699435826247716579187475966092822028609536761351820951820375552440329596553448265674841223230257463367834546091974959931391707199002842774795702094681528411058318007858638798643010942408552063479863545047616823056802010158288409527763686086960916160949496083789920012040215745627854092010308869223489833074860062054019221397227691063339148923860987250696934050122115972982286012688955816234717242567815830341836031567275888691320640526306946586793028267588302696611724356566003447616419092371914903382944112125852939011729294400479171568234647164730191643282793224422368321464125847020067 c2 = [12053085469218650692076937068797478047679005585690696222988148891925249697123080938461512785257424651119325211991331622346111396522606463631848519999574540677285771456451798811902760319940781754940936484802949729402283626052963389539032949160905330315285409948932070460455535716223838438994608837585387741418172014634472651248450564788332400265295308803291229281839428962457585593065595521459963501453576128172245723315811398209056633738967993602668795794847967331946516181453804430961308142497659799416125763566765485760600358126127595222197324155943818136202233758771243043559460620477085689770403810190118485243364, 13878717704635179949812987989626985689079485417345626168168664941124566737996226347895779823781042724620099437593856913505609774929187720381745418166924229828643565384137488017127800518133460531729559408120123922005898834268035918798610962941606864727966963354615441094676621013036726097763695675723672289505864372820096404707522755617527884121630784469379311199256277022770033036782130954108210409787680433301426480762532000133464370267551845990395683108170721952672388388178378604502610341465223041534665133155077544973384500983410220955683686526835733853985930134970899200234404716865462481142496209914197674463932] '''
flag1,我觉得就是共模攻击 ,但是不知n要求n,然后去大佬糖醋小鸡块那里翻了一下(搜共模攻击),还真有https://tangcuxiaojikuai.xyz/post/9c1c22d0.html 的Middle_RSA2
from Crypto.Util.number import *e = [43 , 37 , 53 , 61 , 59 ] c1 = [304054249108643319766233669970696347228113825299195899223597844657873869914715629219753150469421333712176994329969288126081851180518874300706117 , 300569071066351295347178153438463983525013294497692191767264949606466706307039662858235919677939911290402362961043621463108147721176372907055224 , 294806502799305839692215402958402593834563343055375943948669528217549597192296955202812118864208602813754722206211899285974414703769561292993531 , 255660645085871679396238463457546909716172735210300668843127008526613931533718130479441396195102817055073131304413673178641069323813780056896835 , 194084621856364235027333699558487834531380222896709707444060960982448111129722327145131992393643001072221754440877491070115199839112376948773978 ] knlist = [] for i in range (4 ): knlist.append(c1[i]**e[i+1 ] - c1[i+1 ]**e[i]) for i in range (3 ): kn = GCD(knlist[i], knlist[i+1 ]) n = kn print (long_to_bytes(n >> 310 ))
flag2,费马小定理化简得到,c 2 [ 0 ] ≡ m ( m o d p ) c2[0]\equiv m(mod\ p) c 2 [ 0 ] ≡ m ( m o d p ) c 2 [ 1 ] ≡ m ( m o d q ) c2[1]\equiv m(mod\ q) c 2 [ 1 ] ≡ m ( m o d q ) pow(m, p, n),pow(m, q, n)https://blog.csdn.net/shshss64/article/details/130036481 的第二种方法
from Crypto.Util.number import *P,Q = [12053085469218650692076937068797478047679005585690696222988148891925249697123080938461512785257424651119325211991331622346111396522606463631848519999574540677285771456451798811902760319940781754940936484802949729402283626052963389539032949160905330315285409948932070460455535716223838438994608837585387741418172014634472651248450564788332400265295308803291229281839428962457585593065595521459963501453576128172245723315811398209056633738967993602668795794847967331946516181453804430961308142497659799416125763566765485760600358126127595222197324155943818136202233758771243043559460620477085689770403810190118485243364 , 13878717704635179949812987989626985689079485417345626168168664941124566737996226347895779823781042724620099437593856913505609774929187720381745418166924229828643565384137488017127800518133460531729559408120123922005898834268035918798610962941606864727966963354615441094676621013036726097763695675723672289505864372820096404707522755617527884121630784469379311199256277022770033036782130954108210409787680433301426480762532000133464370267551845990395683108170721952672388388178378604502610341465223041534665133155077544973384500983410220955683686526835733853985930134970899200234404716865462481142496209914197674463932 ] n = 16175064088648626038689748434699435826247716579187475966092822028609536761351820951820375552440329596553448265674841223230257463367834546091974959931391707199002842774795702094681528411058318007858638798643010942408552063479863545047616823056802010158288409527763686086960916160949496083789920012040215745627854092010308869223489833074860062054019221397227691063339148923860987250696934050122115972982286012688955816234717242567815830341836031567275888691320640526306946586793028267588302696611724356566003447616419092371914903382944112125852939011729294400479171568234647164730191643282793224422368321464125847020067 PR.<m> = PolynomialRing(Zmod(n)) f = m^2 - (P+Q)*m + P*Q x0 = f.small_roots() print (long_to_bytes(int (x0[0 ])))
from Crypto.Util.number import *from random import * from secret import flagimport osdef pad_flag (flag, bits=1024 ): pad = os.urandom(bits//8 - len (flag)) return int .from_bytes(flag + pad, "big" ) p,q = [getPrime(1024 ) for _ in "RSA" [1 :]] a,b = [randint(0 , 2 **1024 ) for _ in "RSA" [:-1 ]] n = p * q e = 0x10001 m = pad_flag(flag) assert m < nc = pow (m, e, n) print (c)print (n)print (p + b * q)print (a * p + q)
懂的都懂,原题,上周的强网杯也上了https://dexterjie.github.io/2024/11/04/赛题复现/2024强网杯/
from Crypto.Util.number import *c=11850797596095451670524864488046085367812828367468720385501401042627802035427938560866042101544712923470757782908521283827297125349504897418356898752774318846698532487439368216818306352553082800908866174488983776084101115047054799618258909847935672497139557595959270012943240666681053544905262111921321629682394432293381001209674417203517322559283298774214341100975920287314509947562597521988516473281739331823626676843441511662000240327706777269733836703945274332346982187104319993337626265180132608256601473051048047584429295402047392826197446200263357260338332947498385907066370674323324146485465822881995994908925 n=21318014445451076173373282785176305352774631352746325570797607376133429388430074045541507180590869533728841479322829078527002230672051057531691634445544608584952008820389785877589775003311007782211153558201413379523215950193011250189319461422835303446888969202767656215090179505169679429932715040614611462819788222032915253996376941436179412296039698843901058781175173984980266474602529294294210502556931214075073722598225683528873417278644194278806584861250188304944748756498325965302770207316134309941501186831407953950259399116931502886169434888276069750811498361059787371599929532460624327554481179566565183721777 y=4780454330598494796755521994676122817049316484524449315904838558624282970709853419493322324981097593808974378840031638879097938241801612033487018497098140216369858849215655128326752931937595077084912993941304190099338282258345677248403566469008681644014648936628917169410836177868780315684341713654307395687505633335014603359767330561537038768638735748918661640474253502491969012573691915259958624247097465484616897537609020908205710563729989781151998857899164730749018285034659826333237729626543828084565456402192248651439973664388584573568717209037035304656129544659938260424175198672402598017357232325892636389317 x=9819969459625593669601382899520076842920503183309309803192703938113310555315820609668682700395783456748733586303741807720797250273398269491111457242928322099763695038354042594669354762377904219084248848357721789542296806917415858628166620939519882488036571575584114090978113723733730014540463867922496336721404035184980539976055043268531950537390688608145163366927155216880223837210005451630289274909202545128326823263729300705064272989684160839861214962848466991460734691634724996390718260697593087126527364129385260181297994656537605275019190025309958225118922301122440260517901900886521746387796688737094737637604 e = 65537 R = Integers(n) P.<a, b, p, q> = PolynomialRing(Integers(n)) f1 = a*p + q f2 = p + b*q f3 = p*q I = Ideal([f1 - x, f2 - y, f3 - n]) B = I.groebner_basis() g = B[-1 ] z = ZZ(g.coefficient({q: 1 })) assert g.constant_coefficient() == R(-y)_, (z1, _), (z2, _) = list (g) z1 = ZZ(z1) z2 = ZZ(z2) S = 2 ^1024 for p_upper_bits in range (16 ): p_upper = p_upper_bits << 1020 for q_upper_bits in range (16 ): q_upper = q_upper_bits << 1020 M = matrix(ZZ, [[S, -1 , 0 , 0 ], [S*z1, 0 , -1 , 0 ], [S*(z2 + p_upper + q_upper*z1), 0 , 0 , S], [S*n, 0 , 0 , 0 ]]) B = M.LLL() for b in B: if b[-1 ] == S: if b[1 ] < 0 : b *= -1 p_guess = b[1 ] + p_upper q_guess = b[2 ] + q_upper if p_guess * q_guess == n: d = pow (e, -1 , (p_guess - 1 )*(q_guess - 1 )) message = long_to_bytes(int (pow (c, d, n))) if b'flag' in message: print (message) break
奇怪的是,这个脚本好像打不出来,上周好像可以https://connor-mccartney.github.io/cryptography/rsa/BLAHAJ-angstrom-CTF-2024
from Crypto.Util.number import *from Crypto.Cipher import AESfrom hashlib import *import randomimport gmpy2from secrets import iv, KEYdef banner (): print ( """ ======================================================================================= _ _ _ _ ____ _ / \ | | (_) ___ ___ ( ) ___ / ___| ___ ___ _ __ ___ | |_ / _ \ | | | | / __| / _ \ |/ / __| \___ \ / _ \ / __| | '__| / _ \ | __| / ___ \ | | | | | (__ | __/ \__ \ ___) | | __/ | (__ | | | __/ | |_ /_/ \_\ |_| |_| \___| \___| |___/ |____/ \___| \___| |_| \___| \__| ======================================================================================= """ ) def pad (m ): return m + (16 - (len (m) % 16 )) * b"\x00" def get_pngdata (): with open ("picture.png" , "rb" ) as f: png_data = f.read() return pad(png_data) def get_Key (bits ): p = getPrime(bits) g = getPrime(bits // 2 ) d = random.randint(1 , p - 2 ) y = pow (g, d, p) public, private = (p, g, y), d return public, private def Signature (m, public, private ): m = bytes_to_long(m) p, g, _ = public d = private while True : k = random.randint(1 , p - 1 ) if gmpy2.gcd(k, p - 1 ) == 1 : break r = pow (g, k, p) s = ((m - d * r) * inverse(k, p - 1 )) % (p - 1 ) return (r, s) def Verity (m, sign, public ): m = bytes_to_long(m) p, g, y = public r, s = sign if pow (g, m, p) == (pow (y, r, p) * pow (r, s, p)) % p: return True else : return False def chall (): banner() pub, pri = get_Key(512 ) png_data = get_pngdata() print ( "Hello! I'm Alice. To ensure that you are truly Bob, I need to verify your identity first!" ) print ("Can I help you sign once? Is there anything you need to sign?" ) print (f"Here are your public key:{pub} " ) message = long_to_bytes(int (input ("Give me what you need to sign:" ))) if message == b"Bob" : print ("No, it's not possible!!!" ) exit(1 ) print ("Here are your sign:" ) r, s = Signature(message, pub, pri) print (f"r = {r} " ) print (f"s = {s} " ) print ("Tell me your signature so that I know you are truly Bob." ) r = int (input ("r = " )) s = int (input ("s = " )) if Verity(b"Bob" , (r, s), pub): print ( "I have a great photo that I would like to share with you. Let's send it to you in our old way! Hope you still keep our IV!" ) aes = AES.new(KEY, AES.MODE_CBC, iv) enc_data = hex (bytes_to_long(aes.encrypt(png_data)))[2 :] print (f"Here is my encoded data:{enc_data} " ) print (f"Here is my key:{KEY.decode()} " ) print ("In summary, I wish you a wonderful day!" ) else : print ("Alright, you're not Bob, I don't have anything to chat with anymore." ) exit(1 ) if __name__ == "__main__" : try : chall() except : exit(1 )
这道题(当时好眼熟,没看出来),ElGamal签名方案,但是环境题,想放后面做,结果没时间看了
赛后再看,应该就是选择签名伪造了,这里我们可以得到消息的签名(即rs),然后进行验证https://ctf-wiki.org/crypto/signature/elgamal/#_15 b'xxxx'与b'Bob模p-1同余,同时题目还把公钥给了我们(p, g, y),有p就够了
其实就是费马小定理,可以这样g m ≡ g m + k ∗ ( p − 1 ) ( m o d p ) g^{m}\equiv g^{m+k*(p-1)}(mod\ p) g m ≡ g m + k ∗ ( p − 1 ) ( m o d p ) message = long_to_bytes(bytes_to_long(b'Bob')+pub[0]-1)
后面是AES,题目会给我们KEY,还是CBC mode,所以我们要把iv找出来png的前十六字节是固定的,0x89504e470d0a1a0a0000000d49484452,我们可以把密文通过key解密之后的数据异或png的文件头,即可拿到题目中的ivkey解密之后的数据,可以自己把iv设成全零,即可得到
from Crypto.Util.number import *from Crypto.Cipher import AESpub = () message = bytes_to_long(b'Bob' )+pub[0 ]-1 print (message)enc_data = '' key = b'' head = 0x89504e470d0a1a0a0000000d49484452 aes = AES.new(key, AES.MODE_CBC, iv=b'\x00' *16 ) data = bytes_to_long(aes.decrypt(bytes .fromhex(enc_data)[:16 ])) iv = long_to_bytes(data ^ head) aes = AES.new(key, AES.MODE_CBC, iv) png_data =aes.decrypt(bytes .fromhex(enc_data)) with open ('picture.png' ,'wb' )as f: f.write(png_data)
思路跟大致的脚本如上,环境也没有了,就不写交互脚本了
from Crypto.Util.number import *from secret import flagimport randomnbit = 1024 beta = 0.30 delta = 0.10 p = getPrime(int (beta * nbit)) q = getPrime(nbit - int (beta * nbit)) N = p * q phi = (p-1 ) * (q-1 ) while 1 : dq = random.randrange(1 ,int (N ** delta)) if dq > q-1 : continue dp = random.randrange(1 ,p-1 ) try : d = Integer(crt([dp%(p-1 ),dq%(q-1 )],[p-1 ,q-1 ])) except : continue if GCD(d,phi) == 1 : e = int (inverse(d,phi)) break seckey, pubkey = (p,q,d,dp,dq), (N,e) print (f"N = {N} " )print (f"e = {e} " )c = pow (bytes_to_long(flag), e, N) print (f"c = {c} " )""" N = 61857467041120006957454494977971762866359211220721592255304580940306873708357617802596067329984189345493420858543581027612648626678588277060222860337783377316655375278359169520243355170247177279595812282793212550819124960549824278287538977769728573023023364686725321548391592858202718446127851076431000427033 e = 22696852369762746127523066296087974245933137295782964284054040654103039210164173227291367914580709029582944005335464668969366909190396194570924426653294883884186299265660358589254391341147028477295482787041170991166896788171334992065199814524969470117229229967188623636764051681654720429531708441920158042161 c = 41862679760722981662840433621129671566139143933210627878095169470855743742734397276638345217059912784871301273620533442249011607182329472311453700434692358352210197988000738272869600692181834281813995048665466937302183039555350612260646428575598237960405962714063137455677605629008760761743568236135324015278 """
这题很明显是crtRSAcrtrsadq是比dp小的,二者不平衡dq泄露https://www.cnblogs.com/vconlln/p/17066500.html https://dds.sciengine.com/cfs/files/pdfs/1674-7267/6qxpd6SSmokuc5vLD-mark.pdf
from copy import deepcopyN = 61857467041120006957454494977971762866359211220721592255304580940306873708357617802596067329984189345493420858543581027612648626678588277060222860337783377316655375278359169520243355170247177279595812282793212550819124960549824278287538977769728573023023364686725321548391592858202718446127851076431000427033 e = 22696852369762746127523066296087974245933137295782964284054040654103039210164173227291367914580709029582944005335464668969366909190396194570924426653294883884186299265660358589254391341147028477295482787041170991166896788171334992065199814524969470117229229967188623636764051681654720429531708441920158042161 c = 41862679760722981662840433621129671566139143933210627878095169470855743742734397276638345217059912784871301273620533442249011607182329472311453700434692358352210197988000738272869600692181834281813995048665466937302183039555350612260646428575598237960405962714063137455677605629008760761743568236135324015278 alpha = log(e, N) beta = 0.30 delta = 0.10 P.<x,y,z>=PolynomialRing(ZZ) X = ceil(2 * N^(alpha + beta + delta - 1 )) Y = ceil(2 * N^beta) Z = ceil(2 * N^(1 - beta)) def f (x,y ): return x*(N-y)+N def trans (f ): my_tuples = f.exponents(as_ETuples=False ) g = 0 for my_tuple in my_tuples: exponent = list (my_tuple) mon = x ^ exponent[0 ] * y ^ exponent[1 ] * z ^ exponent[2 ] tmp = f.monomial_coefficient(mon) my_minus = min (exponent[1 ], exponent[2 ]) exponent[1 ] -= my_minus exponent[2 ] -= my_minus tmp *= N^my_minus tmp *= x ^ exponent[0 ] * y ^ exponent[1 ] * z ^ exponent[2 ] g += tmp return g m = 5 tau = ((1 - beta)^2 - delta) / (2 * beta * (1 - beta)) sigma = (1 - beta - delta) / (2 * (1 - beta)) print (sigma * m)print (tau * m) s = ceil(sigma * m) t = ceil(tau * m) my_polynomials = [] for i in range (m+1 ): for j in range (m-i+1 ): g_ij = trans(e^(m-i) * x^j * z^s * f(x, y)^i) my_polynomials.append(g_ij) for i in range (m+1 ): for j in range (1 , t+1 ): h_ij = trans(e^(m-i) * y^j * z^s * f(x, y)^i) my_polynomials.append(h_ij) known_set = set () new_polynomials = [] my_monomials = [] while len (my_polynomials) > 0 : for i in range (len (my_polynomials)): f = my_polynomials[i] current_monomial_set = set (x^tx * y^ty * z^tz for tx, ty, tz in f.exponents(as_ETuples=False )) delta_set = current_monomial_set - known_set if len (delta_set) == 1 : new_monomial = list (delta_set)[0 ] my_monomials.append(new_monomial) known_set |= current_monomial_set new_polynomials.append(f) my_polynomials.pop(i) break else : raise Exception('GG' ) my_polynomials = deepcopy(new_polynomials) nrows = len (my_polynomials) ncols = len (my_monomials) L = [[0 for j in range (ncols)] for i in range (nrows)] for i in range (nrows): g_scale = my_polynomials[i](X * x, Y * y, Z * z) for j in range (ncols): L[i][j] = g_scale.monomial_coefficient(my_monomials[j]) for i in range (nrows): Lii = L[i][i] N_Power = 1 while (Lii % N == 0 ): N_Power *= N Lii //= N L[i][i] = Lii for j in range (ncols): if (j != i): L[i][j] = (L[i][j] * inverse_mod(N_Power, e^m)) L = Matrix(ZZ, L) nrows = L.nrows() L = L.LLL() reduced_polynomials = [] for i in range (nrows): g_l = 0 for j in range (ncols): g_l += L[i][j] // my_monomials[j](X, Y, Z) * my_monomials[j] reduced_polynomials.append(g_l) my_ideal_list = [y * z - N] + reduced_polynomials my_ideal_list = [Hi.change_ring(QQ) for Hi in my_ideal_list] for i in range (len (my_ideal_list),3 ,-1 ): print (i) V = Ideal(my_ideal_list[:i]).variety(ring=ZZ) if V: p = int (V[0 ]['y' ]) q = N//p from Crypto.Util.number import * d = inverse(e,(p-1 )*(q-1 )) m = pow (c,d,N) print (long_to_bytes(int (m)).decode()) break
确实是没有想到,比赛时方向一直卡在crtrsa,没太往dp泄露这边想Mini-Venom的wp看了一下,嘶,怎么知道打的是情形2呢?难道是根据2022-nctf-dp_promax的脚本摸索出来的吗?
下面挂的是还没打出来的密码题,都大致看了一眼,当时时间不够了,一堆事围着我,吐了吐了,还是太菜了,不够快
from Crypto.Util.number import getPrime, isPrime, bytes_to_longfrom secret import flagimport randomk = getPrime(333 * 5 ) e = 65537 m = bytes_to_long(flag) def temp_calc (x ): return (x * random.randint(2 , 5 )) ^ random.randint(100 , 500 ) def some_calc (size, depth ): def sums_calc (base, degree ): result = 0 for i in range (degree): temp = temp_calc(base ** i) result += base ** i + temp // temp_calc(base**(i + 1 )) return result while True : prime_number = getPrime(size) temp_number = temp_calc(prime_number) poly_primes = sums_calc(prime_number, depth) if temp_number % 3 == 0 : temp_number = temp_calc(poly_primes) continue if isPrime(poly_primes): return prime_number, poly_primes p, q = some_calc(333 , 5 ) n = p * q * k c = pow (m, e, n) print (f"{n = } " )print (f"{e = } " )print (f"{c = } " )
from Crypto.Util.number import *from Crypto.Util.Padding import padfrom pwn import xorimport osfrom hashlib import *from random import *HINT = ? FLAG = "flag{xxxxxxxx}" EFFECTIVE_ROW = 6 def rickroll_loader (): with open ("rickroll" , "r" ) as file: lines = [line.strip().encode() for line in file if line.strip()] return lines def find_ezprime (size ): while True : prime = getPrime(size) if isPrime(prime // 2 ): return prime def secure_encrypt (message_parts, hint_value ): modulus = find_ezprime(260 ) key_material = os.urandom(32 ) multipliers = [getrandbits(256 ) for _ in range (EFFECTIVE_ROW)] encrypted_parts = [ int ((multiplier * hint_value + bytes_to_long(xor(pad(chunk, 32 ) [::-1 ], key_material))) % (modulus - 1 )) for multiplier, chunk in zip (multipliers, message_parts) ] return encrypted_parts, multipliers, modulus if __name__ == "__main__" : rickroll = rickroll_loader() m = bytes_to_long(HINT) encrypted_lyrics, multipliers, modulus = secure_encrypt( rickroll[:EFFECTIVE_ROW], m) print ("S =" , encrypted_lyrics) print ("V =" , multipliers) print ("n =" , modulus) ''' S = [624073892368439332713131144655355187273652775732037030273908973687487472640419, 1129513550732743550887354593625951854836036688324123410864182971141396110133306, 1117643028354341949186759218964558582164677605237787761003042032239935547551873, 151619055620013230556169740951169935393567570823439146992800622058967940011364, 596106506159944398847755500086869373163910176213091804211992440336880292610397, 685472210701608040945173323626153641749419080165879222271110177606156013942182] V = [100024809269721744282017864103544473542698741247649693420201028956644193231147, 85493218764912449360009112267171851264674952927507787108286827385372626006804, 75451455656190167222034904545925816909383290106210237096763781707294423744719, 1864420400658866895837249178680154965580281261003086054650703872439476331244, 111069754111223622246512532174936637994215526100226395068812327641951277359169, 88031405587803201423744918486788030404029698214504194443110805396831023823738] n = 1497114501625523578039715607844306226528709444454126120151416887663514076507099 ''' Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you --A mysterious singer who does not want to be named.
还得找个时间补一下,中大爷Lst4r干了五题,QWQ
听说web有人AK了,指个路https://infernity.top/2024/11/09/2024鹏城杯web全wp/
