攻防世界新手练习题_CRYPTO（加密）

来源：华佗小知识

攻防世界新⼿练习题_CRYPTO（加密）

攻防世界新⼿练习题_CRYPTO(加密)

0x01 base

Y3liZXJwZWFjZXtXZWxjb21lX3RvX25ld19Xb3JsZCF9

直接base Decode 得到flag cyberpeace{Welcome_to_new_World!}

0x02 Caesar

拿到附件内容是⼀串字母的组合，tiltle提⽰为凯撒密码。形式像极了flag答案cyberpeace{}，并没有其他编码加密的特征。经过oknqdbqmoq和cyberpeace的对应字母关系，可以推出字母的偏移量是12，如此便得到flag。

key为12 的恺撒密码，解密flag cyberpeace{you_have_learned_caesar_encryption}

0x03 Morse

摩斯密码 1替换成-,0替换成.,直接解密

11 111 010 000 0 1010 111 100 0 00 000 000 111 00 10 1 0 010 0 000 1 00 10 110-- --- .-. ... . -.-. --- -.. . .. ... ... --- .. -. - . .-. . ... - .. -. --.

解密得到flag cyberpeace{morsecodeissointeresting}贴出⼤佬的代码#!/usr/bin/env python3# -*- coding:utf-8 -*-

CODE_TABLE = { # 26 个英⽂字符

'A': '.-', 'B': '-...', 'C': '-.-.', 'D': '-..', 'E': '.', 'F': '..-.', 'G': '--.', 'H': '....', 'I': '..', 'J': '.---', 'K': '-.-', 'L': '.-..', 'M': '--', 'N': '-.', 'O': '---',

'P': '.--.', 'Q': '--.-', 'R': '.-.', 'S': '...', 'T': '-', 'U': '..-', 'V': '...-', 'W': '.--', 'X': '-..-', 'Y': '-.--', 'Z': '--..',

# 10 个数字

'0': '-----', '1': '.----', '2': '..---', '3': '...--', '4': '....-', '5': '.....', '6': '-....', '7': '--...', '8': '---..', '9': '----.',

# 16 个特殊字符

',': '--..--', '.': '.-.-.-', ':': '---...', ';': '-.-.-.', '?': '..--..', '=': '-...-', \"'\": '.----.', '/': '-..-.', '!': '-.-.--', '-': '-....-', '_': '..--.-', '(': '-.--.', ')': '-.--.-', '$': '...-..-', '&': '. . . .', '@': '.--.-.' # 你还可以⾃定义}

def morsedecode(morse): msg =''

codes = morse.split(' ') for code in codes: if code =='': msg += ' ' else:

UNCODE =dict(map(lambda t:(t[1],t[0]),CODE_TABLE.items())) msg += UNCODE[code] return msga = open(r'E:/3.txt','r')ciphertext = a.read()

ciphertext = ciphertext.replace('1','-')ciphertext = ciphertext.replace('0','.')FLAG = morsedecode(ciphertext)flag = FLAG.lower()

flag = 'cyberpeace{'+flag+'}'print('flag is ',flag)

0x04 Railfence

栅栏密码，栏数为5，解出来flag为 cyberpeace{railfence_cipher_gogogo}0

⽹上很多⼈都在这⾥遇到了问题，表⽰⽆法得出答案，其实这⾥主要的原因是国内外对栅栏密码的加密原理相同当实际过程有些不同，这道题就需要⽤国外的解密⽅法来解密贴张⽹图了解⼀下

0x05 easy RSA

⼀个RSA加密，直接贴出代码import gmpy2

p = 473398607161q = 4511491e = 17

s = (p-1)*(q-1)

d = gmpy2.invert(e,s)print(‘flag is :‘,d)

得flag ： cyberpeace{125631357777427553}

0X06 不仅仅是Morse

下载得⽂件是这样的

--/.-/-.--/..--.-/-..././..--.-/..../.-/...-/./..--.-/.-/-./---/-/...././.-./..--.-/-.././-.-./---/-.././..../..../..../..../.-/.-/.-/.-/.-/-.../.-/.-/-.../-.../-.../.-/.-/-.../-.../.-/.-/.-/.-/.-/.-/.-/.-/-.../.-/.-/-.../.-/-.../.-/.-/.-/.-/.-/.-/.-/-.../-.../.-/-.../.-/.-/.-/-.../-.../.-/.-/.-/-.../-.../.-/.-/-.../.-/.-/.-/.-/-讲/替换成空格，可得到⼀串摩斯密码，解密后

AAAAABAABBBAABBAAAAAAAABAABABAAAAAAABBABAAABBAAABBAABAAAABABAABAAABBABAAABAAABAABABBAABBBABAAABABABBAAABBABAAABAABAABAAAABBABBAABBAABAABAAABAABAABAABABAABBABA培根密码，贴出(⼤佬的)解密代码

import re

# 密⽂转化为指定格式

s = ‘AAAAABAABBBAABBAAAAAAAABAABABAAAAAAABBABAAABBAAABBAABAAAABABAABAAABBABAAABAAABAABABBAABBBABAAABABABBAAABBABAAABAABAABAAAABBABBAABBAABAABAAABAABAABAABABAABBa = s.lower()

# 字典

CODE_TABLE = {

‘a‘:‘aaaaa‘,‘b‘:‘aaaab‘,‘c‘:‘aaaba‘,‘d‘:‘aaabb‘,‘e‘:‘aabaa‘,‘f‘:‘aabab‘,‘g‘:‘aabba‘, ‘h‘:‘aabbb‘,‘i‘:‘abaaa‘,‘j‘:‘abaab‘,‘k‘:‘ababa‘,‘l‘:‘ababb‘,‘m‘:‘abbaa‘,‘n‘:‘abbab‘, ‘o‘:‘abbba‘,‘p‘:‘abbbb‘,‘q‘:‘baaaa‘,‘r‘:‘baaab‘,‘s‘:‘baaba‘,‘t‘:‘baabb‘,‘u‘:‘babaa‘, ‘v‘:‘babab‘,‘w‘:‘babba‘,‘x‘:‘babbb‘,‘y‘:‘bbaaa‘,‘z‘:‘bbaab‘}

# 5个⼀组进⾏切割并解密def peigendecode(peigen): msg =‘‘

codes = re.findall(r‘.{5}‘, a) for code in codes: if code ==‘‘: msg += ‘ ‘ else:

UNCODE =dict(map(lambda t:(t[1],t[0]),CODE_TABLE.items())) msg += UNCODE[code] return msg

flag = peigendecode(a)print(‘flag is ‘,flag)

得到flag cyberpeace{attackanddefenceworldisinteresting}

0x07 混合编码

先base Decode 解得

LzExOS8xMDEvMTA4Lzk5LzExMS8xMDkvMT更具ASCII转成字符串可得

LzExOS8xMDEvMTA4Lzk5LzExMS8xMDkvMTAxLzExNi8xMTEvOTcvMTE2LzExNi85Ny85OS8xMDcvOTcvMTEwLzEwMC8xMDAvMTAxLzEwMi8xMDEvMTEwLzk5LzEwMS8xMTkvMTExLzExNC8xMDgvMTAw在进⾏⼀次base Decode

/119/101/108/99/111/109/101/116/111/97/116/116/97/99/107/97/110/100/100/101/102/101/110/99/101/119/111/114/108/100去掉/再转⼀次字符串得到答案welcometoattackanddefenceworld顺便贴⼀个⼤佬的代码import base

a = open(r'C:/Users/14158/Desktop/78697fd20e9c4ad295a62e5aa30ae052.txt','r')s = a.read()

# base解密⼀下

b = base.bdecode(s).decode('ascii')# 对解密后的字符串进⾏处理b = b.strip('&#;')c = []

c = b.split(';&#')# unicode解密d = ''for i in c:

d += chr(int(i))# base再次解密

e = base.bdecode(d).decode('ascii')# 对字符进⾏处理e = e.strip('/')f = []

f = e.split('/')# 转化为ascii码flag =''for i in f:

flag += chr(int(i))print('flag is ',flag)

flag : cyberpeace{welcometoattackanddefenceworld}

0x08 Normal RSA

这道题主要考察得是RSAtool的使⽤，我都在kail⾥操作先准备rsatool

下载⽂件解压后得到flag.enc和pubkey.pem两个⽂件openssl提取出pubkey.pem中的参数；

openssl rsa -pubin -text -modulus -in warmup -in pubkey.pem

将得到的Modulus 16进制转为10进制，得到

87924348213240687527614051449993714505036656025929924181717042491658461

使⽤kail的factor()将这个数分解成两个素数的乘积时，直接报错了，应该是太长了，所以使⽤在线⼯具进⾏分解2751278603513428173285174381581152299 31957631681447498705901193048041239知道两个素数，随机定义⼤素数e,求出密钥⽂件

python rsatool.py -o private.pem -e 65537 -p 2751278603513428173285174381581152299 -q 31957631681447498705901193048041239

这时候我们会得到⼀个private.pem⽂件，利⽤这个⽂件进⾏解密openssl rsautl -decrypt -in flag.enc -inkey private.pem

得到flag ： PCTF{256b_i5_m3dium}

0x09 轮转机加密

题⽬如此，轮转机加密

1: < ZWAXJGDLUBVIQHKYPNTCRMOSFE <2: < KPBELNACZDTRXMJQOYHGVSFUWI <3: < BDMAIZVRNSJUWFHTEQGYXPLOCK <4: < RPLNDVHGFCUKTEBSXQYIZMJWAO <5: < IHFRLABEUOTSGJVDKCPMNZQWXY <6: < AMKGHIWPNYCJBFZDRUSLOQXVET <7: < GWTHSPYBXIZULVKMRAFDCEONJQ <8: < NOZUTWDCVRJLXKISEFAPMYGHBQ <9: < XPLTDSRFHENYVUBMCQWAOIKZGJ <10: < UDNAJFBOWTGVRSCZQKELMXYIHP <11： < MNBVCXZQWERTPOIUYALSKDJFHG <12： < LVNCMXZPQOWEIURYTASBKJDFHG <13： < JZQAWSXCDERFVBGTYHNUMKILOP <密钥为：2,3,7,5,13,12,9,1,8,10,4,11,6密⽂为：NFQKSEVOQOFNP

直接贴出⼤佬的代码#!/usr/bin/env python3# -*- coding:utf-8 -*-import re

sss = ‘1: < ZWAXJGDLUBVIQHKYPNTCRMOSFE < 2: < KPBELNACZDTRXMJQOYHGVSFUWI < 3: < BDMAIZVRNSJUWFHTEQGYXPLOCK < 4: < RPLNDVHGFCUKTEBSXQYIZMJWAO < 5: < IHFRLABEUOTSGJVDKCPMNm = ‘NFQKSEVOQOFNP‘# 将sss转化为列表形式

content=re.findall(r‘< (.*?) <‘,sss,re.S)

# re.S:DOTALL，此模式下，\".\"的匹配不受，可匹配任何字符，包括换⾏符iv=[2,3,7,5,13,12,9,1,8,10,4,11,6]print(content)vvv=[]

for i in range(13):

index=content[iv[i]-1].index(m[i]) vvv.append(index)print(vvv)

for i in range(0,26): flag=\"\"

for j in range(13):

flag += content[iv[j]-1][(vvv[j]+i)%26] print(flag.lower())

得到flag cyberpeace{fireinthehole}

0x10 easychallenge

pyc时是将python的py程序编译成的中间式⽂件，这道题我们需要将其反编译成我们可读的py代码反编译结果

#!/usr/bin/env python# encoding: utf-8

# 如果觉得不错，可以推荐给你的朋友！http://tool.lu/pycimport base

def encode1(ans): s = ‘‘

for i in ans:

x = ord(i) ^ 36 x = x + 25 s += chr(x) return s

def encode2(ans): s = ‘‘

for i in ans:

x = ord(i) + 36 x = x ^ 36 s += chr(x) return s

def encode3(ans):

return base.b32encode(ans)

flag = ‘ ‘

print ‘Please Input your flag:‘flag = raw_input()

final = ‘UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E===‘if encode3(encode2(encode1(flag))) == final: print ‘correct‘else:

print ‘wrong‘

分析代码，输⼊的flag需要进⾏三次加密（??），想求答案，写段代码import base

key = ‘UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E===‘temp = base.b32decode(key)

#可得temp为‘\\xa0\\xbe\\xa7Z\\xb7\\xb5Z\\xa6\\xa0Z\\xb8\\xae\\xa3\\xa9Z\\xb7Z\\xb0\\xa9\\xae\\xa3\\xa4\\xad\\xad\\xad\\xad\\xad\\xb2‘#⼿动赋值进⾏接下来的解密

b = \"\\xa0\\xbe\\xa7Z\\xb7\\xb5Z\\xa6\\xa0Z\\xb8\\xae\\xa3\\xa9Z\\xb7Z\\xb0\\xa9\\xae\\xa3\\xa4\\xad\\xad\\xad\\xad\\xad\\xb2\"s = ‘‘for i in b:

s += chr((ord(i) ^ 36) - 36)l = ‘‘

for i in s:

l += chr((ord(i) - 25) ^ 36)print (‘flag is ‘,l)

得到flag ：cyberpeace{interestinghhhhh}

0x11 幂数加密

下载下来分析后，式云影密码

884210122048022440401422420248012288421 122 48 2244 4 142242 248 12223 5 12 12 4 15 14 5w e l l d o n e

就这样，以0为分界，每组加起来，去对应顺序字母贴⼀段⼤佬的代码#!/user/bin/env python# -*-coding:utf-8 -*-a = open(r‘crypto11.txt‘,‘r‘)ciphertext = a.read()s = ciphertext.split(‘0‘)

flag = ‘‘

for i in range(len(s)): list = [] for j in s[i]:

list.append(j) b = 0

for k in list: b += int(k)

# 字母ascii值与字母顺序相差为96 flag += chr(b+96)print(‘flag is ‘,flag)

flag : cyberpeace{welldone}

0x12 easy ECC

ECC（椭圆曲线加密）

我现在还是⼀脸懵逼，只能⽤着⼤佬的脚本，苟延残喘#!/usr/bin/env python3# -*- coding:utf-8 -*-def get_inverse(mu, p): \"\"\"

获取y的负元 \"\"\"

for i in range(1, p): if (i*mu)%p == 1: return i return -1

def get_(zi, mu): \"\"\"

获取最⼤公约数 \"\"\" if mu:

return get_(mu, zi%mu) else:

return zi

def get_np(x1, y1, x2, y2, a, p): \"\"\"

获取n*p，每次+p，直到求解阶数np=-p \"\"\"

flag = 1 # 定义符号位（+/-）

# 如果 p=q k=(3x2+a)/2y1mod p if x1 == x2 and y1 == y2:

zi = 3 * (x1 ** 2) + a # 计算分⼦【求导】 mu = 2 * y1 # 计算分母

# 若P≠Q，则k=(y2-y1)/(x2-x1) mod p else:

zi = y2 - y1 mu = x2 - x1 if zi* mu < 0:

flag = 0 # 符号0为-（负数） zi = abs(zi) mu = abs(mu)

# 将分⼦和分母化为最简

_value = get_(zi, mu) # 最⼤公約數 zi = zi // _value # 整除 mu = mu // _value

# 求分母的逆元逆元： ∀a ∈G ，ョb∈G 使得 ab = ba = e # P(x,y)的负元是 (x,-y mod p)= (x,p-y) ，有P+(-P)= O∞ inverse_value = get_inverse(mu, p) k = (zi * inverse_value)

if flag == 0: # 斜率负数 flag==0 k = -k k = k % p

# 计算x3,y3 P+Q

x3 = (k ** 2 - x1 - x2) % p y3 = (k * (x1 - x3) - y1) % p return x3,y3

def get_rank(x0, y0, a, b, p): \"\"\"

获取椭圆曲线的阶 \"\"\"

x1 = x0 #-p的x坐标 y1 = (-1*y0)%p #-p的y坐标 tempX = x0 tempY = y0 n = 1

while True:

n += 1

# 求p+q的和，得到n*p，直到求出阶

p_x,p_y = get_np(tempX, tempY, x0, y0, a, p) # 如果 == -p,那么阶数+1，返回 if p_x == x1 and p_y == y1: return n+1 tempX = p_x tempY = p_y

def get_param(x0, a, b, p): \"\"\"

计算p与-p \"\"\"

y0 = -1

for i in range(p):

# 满⾜取模约束条件，椭圆曲线Ep(a,b)，p为质数，x,y∈[0,p-1] if i**2%p == (x0**3 + a*x0 + b)%p: y0 = i break

# 如果y0没有，返回false if y0 == -1: return False # 计算-y（负数取模） x1 = x0

y1 = (-1*y0) % p return x0,y0,x1,y1

def get_ng(G_x, G_y, key, a, p): \"\"\"

计算nG \"\"\"

temp_x = G_x temp_y = G_y while key != 1:

temp_x,temp_y = get_np(temp_x,temp_y, G_x, G_y, a, p) key -= 1

return temp_x,temp_y

def ecc_main(): while True:

a = int(input(\"请输⼊椭圆曲线参数a(a>0)的值：\")) b = int(input(\"请输⼊椭圆曲线参数b(b>0)的值：\"))

p = int(input(\"请输⼊椭圆曲线参数p(p为素数)的值：\")) #⽤作模运算 # 条件满⾜判断

if (4*(a**3)+27*(b**2))%p == 0:

print(\"您输⼊的参数有误，请重新输⼊\\n\") else: break

# 选点作为G点

print(\"在如上坐标系中选⼀个值为G的坐标\") G_x = int(input(\"请输⼊选取的x坐标值：\")) G_y = int(input(\"请输⼊选取的y坐标值：\")) # 获取椭圆曲线的阶

n = get_rank(G_x, G_y, a, b, p)

# user1⽣成私钥，⼩key

key = int(input(\"请输⼊私钥⼩key（<{}）：\".format(n))) # user1⽣成公钥，⼤KEY

KEY_x,kEY_y = get_ng(G_x, G_y, key, a, p) print(‘flag is ‘,KEY_,KEY_Y)if __name__ == \"__main__\": ecc_main()

然⽽题⽬的给的数值貌似太⼤，这个脚本的跑不出来，悲伤.jpg等以后看有没有机会补上（咕咕咕）

20191021,今天突然想起来了，找到了其他⼤佬的py代码，于是补上

import collectionsimport random

EllipticCurve = collections.namedtuple(‘EllipticCurve‘, ‘name p a b g n h‘)curve = EllipticCurve( ‘secp256k1‘,

# Field characteristic. p=int(input(‘p=‘)), # Curve coefficients. a=int(input(‘a=‘)), b=int(input(‘b=‘)), # Base point.

g=(int(input(‘Gx=‘)), int(input(‘Gy=‘))), # Subgroup order. n=int(input(‘k=‘)), # Subgroup cofactor. h=1,)

# Modular arithmetic ##########################################################def inverse_mod(k, p):

\"\"\"Returns the inverse of k modulo p.

This function returns the only integer x such that (x * k) % p == 1. k must be non-zero and p must be a prime. \"\"\"

if k == 0:

raise ZeroDivisionError(‘division by zero‘) if k < 0:

# k ** -1 = p - (-k) ** -1 (mod p) return p - inverse_mod(-k, p) # Extended Euclidean algorithm. s, old_s = 0, 1 t, old_t = 1, 0 r, old_r = p, k while r != 0:

quotient = old_r // r

old_r, r = r, old_r - quotient * r old_s, s = s, old_s - quotient * s

old_t, t = t, old_t - quotient * t , x, y = old_r, old_s, old_t assert == 1

assert (k * x) % p == 1 return x % p

# Functions that work on curve points #########################################def is_on_curve(point):

\"\"\"Returns True if the given point lies on the elliptic curve.\"\"\" if point is None:

# None represents the point at infinity. return True x, y = point

return (y * y - x * x * x - curve.a * x - curve.b) % curve.p == 0def point_neg(point): \"\"\"Returns -point.\"\"\"

assert is_on_curve(point) if point is None: # -0 = 0 return None x, y = point

result = (x, -y % curve.p) assert is_on_curve(result) return result

def point_add(point1, point2):

\"\"\"Returns the result of point1 + point2 according to the group law.\"\"\" assert is_on_curve(point1) assert is_on_curve(point2) if point1 is None:

# 0 + point2 = point2 return point2 if point2 is None:

# point1 + 0 = point1 return point1 x1, y1 = point1 x2, y2 = point2

if x1 == x2 and y1 != y2: # point1 + (-point1) = 0 return None if x1 == x2:

# This is the case point1 == point2.

m = (3 * x1 * x1 + curve.a) * inverse_mod(2 * y1, curve.p) else:

# This is the case point1 != point2.

m = (y1 - y2) * inverse_mod(x1 - x2, curve.p) x3 = m * m - x1 - x2 y3 = y1 + m * (x3 - x1) result = (x3 % curve.p, -y3 % curve.p)

assert is_on_curve(result) return result

def scalar_mult(k, point):

\"\"\"Returns k * point computed using the double and point_add algorithm.\"\"\" assert is_on_curve(point) if k < 0:

# k * point = -k * (-point)

return scalar_mult(-k, point_neg(point)) result = None addend = point while k: if k & 1: # Add.

result = point_add(result, addend) # Double.

addend = point_add(addend, addend) k >>= 1

assert is_on_curve(result) return result

# Keypair generation and ECDHE ################################################def make_keypair():

\"\"\"Generates a random private-public key pair.\"\"\" private_key = curve.n

public_key = scalar_mult(private_key, curve.g) return private_key, public_key

private_key, public_key = make_keypair()print(\"private key:\", hex(private_key))

print(\"public key: (0x{:x}, 0x{:x})\".format(*public_key))

因篇幅问题不能全部显示，请点此查看更多更全内容

查看全文