「配枪朱丽叶。」

RootのCTF学习笔记。

BUUCTF/HDCTF2019 together

rsa BUUCTF 密码学

题目下载

开局四个文件,分别来看一下嘛。
myflag1

R3Noy6r3WLItytAmb4FmHEygoilucEEZbO9ZYXx5JN03HNpBLDx7fXd2fl+UL5+11RCs/y0qlTGURWWDtG66eNLzGwNpAKiVj6I7RtUJl2Pcm3NvFeAFwI9UsVREyh7zIV6sI9ZP8l/2GVDorLAz5ULW+f0OINGhJmZm8FL/aDnlfTElhQ87LPicWpXYoMtyr6WrxjK6Ontn8BqCt0EjQ7TeXZhxIH9VTPWjDmFdmOqaqdVIT+LZemTgLNESwM5nn4g5S3aFDFwj1YiDYl0/+8etvKfOrfoKOwR0CxsRHagwdUUTES8EcHLmMGCxCkDZn3SzmmA6Nb3lgLeSgG8P1A==

myflag2

O+rRCXI3aTB6P1rYIOPUdalUp6ujpwEq4I20CoWA+HIL8xxGtqY6N5gpr0guZv9ZgOEAMFnBxOqMdVNnB9GgnhmXtt1ZWydPqIcHvlfwpd/Lyd0XSjXnjaz3P3vOQvR71cD/uXyBA0XPzmnTIMgEhuGJVFm8min0L/2qI7wg/Z7w1+4mOmi655JIXeCiG23ukDv6l9bZuqfGvWCa1KKXWDP31nLbp0ZN2obUs6jEAa1qVTaX6M4My+sks+0VvHATrAUuCrmMwVEivqIJ/nS6ymGVERN6Ohnzyr168knEBKOVj0FAOx3YLfppMM+XbOGHeqdKJRLpMvqFXDMGQInT3w==

pubkey1.pem

-----BEGIN PUBLIC KEY-----
MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQB1qLiqKtKVDprtS+NGGN++
q7jLqDJoXMlPRRczMBAGJIRsz5Dzwtt1ulr0s5yu8RdaufiYeU6sYIKk92b3yygL
FvaYCzjdqBF2EyTWGVE7PL5lh3rPUfxwQFqDR8EhIH5x+Ob8rjlkftIjHTBt1ThJ
JXvDBumXpQKGcBIknRaR9dwR1q8GU58/gIk5ND3eCTAadhrhLByWkHbFArxalx4Q
q8s2ZUe8lDc/N6V93EOFjbKbqqqtDmhniF6jdXQDAIwWTpx6+jmzxlCJoVHd2MBs
ZCcQhvklWtuKz4IYL4+iUpMKGHlhY1vCqFx2EzD4XIljFLP9rk7+9+CoyTuIVL/D
AgMACR0=
-----END PUBLIC KEY-----

pubkey2.pem

-----BEGIN PUBLIC KEY-----
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQB1qLiqKtKVDprtS+NGGN++
q7jLqDJoXMlPRRczMBAGJIRsz5Dzwtt1ulr0s5yu8RdaufiYeU6sYIKk92b3yygL
FvaYCzjdqBF2EyTWGVE7PL5lh3rPUfxwQFqDR8EhIH5x+Ob8rjlkftIjHTBt1ThJ
JXvDBumXpQKGcBIknRaR9dwR1q8GU58/gIk5ND3eCTAadhrhLByWkHbFArxalx4Q
q8s2ZUe8lDc/N6V93EOFjbKbqqqtDmhniF6jdXQDAIwWTpx6+jmzxlCJoVHd2MBs
ZCcQhvklWtuKz4IYL4+iUpMKGHlhY1vCqFx2EzD4XIljFLP9rk7+9+CoyTuIVL/D
AgJbJQ==
-----END PUBLIC KEY-----

先看看两个公钥的n和e:

openssl rsa -pubin -text -modulus -in warmup -in pubkey1.pem

https://s2.ax1x.com/2019/12/01/QeUIPI.png

openssl rsa -pubin -text -modulus -in warmup -in pubkey2.pem

https://s2.ax1x.com/2019/12/01/QeaMQK.png

可以发现n(就是Modulus)相同,e不相同。
使用共模攻击脚本,其中密文(C)的数值是拿winhex转了16进制之后拿py转十进制得到的:

from gmpy2 import invert


def gongmogongji(n, c1, c2, e1, e2):
    def egcd(a, b):
        if b == 0:
            return a, 0
        else:
            x, y = egcd(b, a % b)
            return y, x - (a // b) * y
    s = egcd(e1, e2)
    s1 = s[0]
    s2 = s[1]
    if s1 < 0:
        s1 = - s1
        c1 = invert(c1, n)
    elif s2 < 0:
        s2 = - s2
        c2 = invert(c2, n)
    m = pow(c1, s1, n) * pow(c2, s2, n) % n
    return m

n= 14853081277902411240991719582265437298941606850989432655928075747449227799832389574251190347654658701773951599098366248661597113015221566041305501996451638624389417055956926238595947885740084994809382932733556986107653499144588614105694518150594105711438983069306254763078820574239989253573144558449346681620784979079971559976102366527270867527423001083169127402157598183442923364480383742653117285643026319914244072975557200353546060352744263637867557162046429886176035616570590229646013789737629785488326501654202429466891022723268768841320111152381619260637023031430545168618446134188815113100443559425057634959299
e1= 2333
e2= 23333
c1= 9019830127966606906464163705535027700561898947418322215393908445009242179167597651925841118316630701618436764264699314552447720149593429706316419331896724446094136347810583285346557783936628597847493120016473433473330251114748446427062675501559006975193129803994725192341142651123081596938614511835997876348473802944655262159234368886342372288177602939577681373118900661853369729955669191349550944243083931363775278368006736861968373929659452324928717576454476283569924557611587202305905995850467023599457853064826143558839450619335648344789044580250617378775696602242486907674188020686038355268018529452212723060692

c2= 7563852349633487798997172876975591429209075092735397576666034100512529825482444173697941660689932482429363510797912607835964683622045467097999152958495208182723131508451922493376602015184587042150008175319229695236575996965109722740106063395302603470942179722934026775469056507532049664349338297417549652192151214021245619467351572107095850571209304871479252815905952520340200706932283707839077271667181519283111113310156811157311493370032898609825259831287805863768559277229081013434445216553375342584470159735519515161060405187679495646834149664149144845293116225595350930746749956697077616155117458970304949375967

result = gongmogongji(n, c1, c2, e1, e2)
print result

运行后得到:
42134526936691550760762663879928140680945300809179901073939714941

hex(42134526936691550760762663879928140680945300809179901073939714941)

得到'0x666c61677b323372655f534478465f79373868755f35724667537d'
用Coverter工具HextoText得到flag:
https://s2.ax1x.com/2019/12/01/QesB3d.png