BUUCTF/HDCTF2019 together
开局四个文件,分别来看一下嘛。
myflag1
R3Noy6r3WLItytAmb4FmHEygoilucEEZbO9ZYXx5JN03HNpBLDx7fXd2fl+UL5+11RCs/y0qlTGURWWDtG66eNLzGwNpAKiVj6I7RtUJl2Pcm3NvFeAFwI9UsVREyh7zIV6sI9ZP8l/2GVDorLAz5ULW+f0OINGhJmZm8FL/aDnlfTElhQ87LPicWpXYoMtyr6WrxjK6Ontn8BqCt0EjQ7TeXZhxIH9VTPWjDmFdmOqaqdVIT+LZemTgLNESwM5nn4g5S3aFDFwj1YiDYl0/+8etvKfOrfoKOwR0CxsRHagwdUUTES8EcHLmMGCxCkDZn3SzmmA6Nb3lgLeSgG8P1A==
myflag2
O+rRCXI3aTB6P1rYIOPUdalUp6ujpwEq4I20CoWA+HIL8xxGtqY6N5gpr0guZv9ZgOEAMFnBxOqMdVNnB9GgnhmXtt1ZWydPqIcHvlfwpd/Lyd0XSjXnjaz3P3vOQvR71cD/uXyBA0XPzmnTIMgEhuGJVFm8min0L/2qI7wg/Z7w1+4mOmi655JIXeCiG23ukDv6l9bZuqfGvWCa1KKXWDP31nLbp0ZN2obUs6jEAa1qVTaX6M4My+sks+0VvHATrAUuCrmMwVEivqIJ/nS6ymGVERN6Ohnzyr168knEBKOVj0FAOx3YLfppMM+XbOGHeqdKJRLpMvqFXDMGQInT3w==
pubkey1.pem
-----BEGIN PUBLIC KEY----- MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQB1qLiqKtKVDprtS+NGGN++ q7jLqDJoXMlPRRczMBAGJIRsz5Dzwtt1ulr0s5yu8RdaufiYeU6sYIKk92b3yygL FvaYCzjdqBF2EyTWGVE7PL5lh3rPUfxwQFqDR8EhIH5x+Ob8rjlkftIjHTBt1ThJ JXvDBumXpQKGcBIknRaR9dwR1q8GU58/gIk5ND3eCTAadhrhLByWkHbFArxalx4Q q8s2ZUe8lDc/N6V93EOFjbKbqqqtDmhniF6jdXQDAIwWTpx6+jmzxlCJoVHd2MBs ZCcQhvklWtuKz4IYL4+iUpMKGHlhY1vCqFx2EzD4XIljFLP9rk7+9+CoyTuIVL/D AgMACR0= -----END PUBLIC KEY-----
pubkey2.pem
-----BEGIN PUBLIC KEY----- MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQB1qLiqKtKVDprtS+NGGN++ q7jLqDJoXMlPRRczMBAGJIRsz5Dzwtt1ulr0s5yu8RdaufiYeU6sYIKk92b3yygL FvaYCzjdqBF2EyTWGVE7PL5lh3rPUfxwQFqDR8EhIH5x+Ob8rjlkftIjHTBt1ThJ JXvDBumXpQKGcBIknRaR9dwR1q8GU58/gIk5ND3eCTAadhrhLByWkHbFArxalx4Q q8s2ZUe8lDc/N6V93EOFjbKbqqqtDmhniF6jdXQDAIwWTpx6+jmzxlCJoVHd2MBs ZCcQhvklWtuKz4IYL4+iUpMKGHlhY1vCqFx2EzD4XIljFLP9rk7+9+CoyTuIVL/D AgJbJQ== -----END PUBLIC KEY-----
先看看两个公钥的n和e:
openssl rsa -pubin -text -modulus -in warmup -in pubkey1.pem
openssl rsa -pubin -text -modulus -in warmup -in pubkey2.pem
可以发现n(就是Modulus)相同,e不相同。
使用共模攻击脚本,其中密文(C)的数值是拿winhex转了16进制之后拿py转十进制得到的:
from gmpy2 import invert def gongmogongji(n, c1, c2, e1, e2): def egcd(a, b): if b == 0: return a, 0 else: x, y = egcd(b, a % b) return y, x - (a // b) * y s = egcd(e1, e2) s1 = s[0] s2 = s[1] if s1 < 0: s1 = - s1 c1 = invert(c1, n) elif s2 < 0: s2 = - s2 c2 = invert(c2, n) m = pow(c1, s1, n) * pow(c2, s2, n) % n return m n= 14853081277902411240991719582265437298941606850989432655928075747449227799832389574251190347654658701773951599098366248661597113015221566041305501996451638624389417055956926238595947885740084994809382932733556986107653499144588614105694518150594105711438983069306254763078820574239989253573144558449346681620784979079971559976102366527270867527423001083169127402157598183442923364480383742653117285643026319914244072975557200353546060352744263637867557162046429886176035616570590229646013789737629785488326501654202429466891022723268768841320111152381619260637023031430545168618446134188815113100443559425057634959299 e1= 2333 e2= 23333 c1= 9019830127966606906464163705535027700561898947418322215393908445009242179167597651925841118316630701618436764264699314552447720149593429706316419331896724446094136347810583285346557783936628597847493120016473433473330251114748446427062675501559006975193129803994725192341142651123081596938614511835997876348473802944655262159234368886342372288177602939577681373118900661853369729955669191349550944243083931363775278368006736861968373929659452324928717576454476283569924557611587202305905995850467023599457853064826143558839450619335648344789044580250617378775696602242486907674188020686038355268018529452212723060692 c2= 7563852349633487798997172876975591429209075092735397576666034100512529825482444173697941660689932482429363510797912607835964683622045467097999152958495208182723131508451922493376602015184587042150008175319229695236575996965109722740106063395302603470942179722934026775469056507532049664349338297417549652192151214021245619467351572107095850571209304871479252815905952520340200706932283707839077271667181519283111113310156811157311493370032898609825259831287805863768559277229081013434445216553375342584470159735519515161060405187679495646834149664149144845293116225595350930746749956697077616155117458970304949375967 result = gongmogongji(n, c1, c2, e1, e2) print result
运行后得到:
42134526936691550760762663879928140680945300809179901073939714941
hex(42134526936691550760762663879928140680945300809179901073939714941)
得到'0x666c61677b323372655f534478465f79373868755f35724667537d'
用Coverter工具HextoText得到flag: