defrot13(src): dst = [] for ch in src: if ch in lowerdict: dst.append(lowerdict[ch]) elif ch in upperdict: dst.append(upperdict[ch]) else: dst.append(ch) return''.join(dst)
defdecrypt(src): dst = [] for i in src: dst.append(chr(ord(i)-1)) return''.join(dst)
for i in mycode: if i == 'str_rot13': key = rot13(key) elif i == 'encrypt': key = decrypt(key) elif i == 'base64_encode': key = base64.b64decode(key).decode() elif i == 'strrev': key = key[::-1] print (key) res = requests.post(url1,data={'token':key}) print(res.text.split('<br>')[-1].split('\n')[-3])
#include<stdio.h> intmain() { int key[] = { 0x7d, 0x03, 0x7d, 0x04, 0x57, 0x17, 0x72, 0x2d, 0x62, 0x11, 0x4e, 0x6a, 0x5b, 0x04, 0x4f, 0x2c, 0x18, 0x4c, 0x3f, 0x44, 0x21, 0x4c, 0x2d, 0x4a, 0x22};//把题目里的输出便乘bytes for (int i = 24; i >= 1; i--) key[i] = key[i-1] ^ key[i]; for (int i = 24; i >= 0; i--) putchar(key[i]); return0; }
Crypto
0x01 Verification_code
我爱签到题
4位,直接爆破
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
import string, random from hashlib import sha256
table = ''.join(string.ascii_letters+string.digits) tail = 'ORJNRW14IaEbB5ND' res = 'e75027e00538dbf0f2de79d78467d3d9926695de7ed5639e7ae02df511d9a602'
print(table) for i in table: for j in table: for k in table: for l in table: buf = i+j+k+l if sha256((buf+tail).encode()).hexdigest() == res: print (buf)
p = 94598296305713376652540411631949434301396235111673372738276754654188267010805522542068004453137678598891335408170277601381944584279339362056579262308427544671688614923839794522671378559276784734758727213070403838632286280473450086762286706863922968723202830398266220533885129175502142533600559292388005914561 q = 150088216417404963893679242888992998793257903343994792697939121738029477790454833496600101388493792476973514786401036309378542808470513073408894727406158296404360452232777491992630316999043165374635001806841520490997788796152678742544032835808854339130676283497122770901196468323977265095016407164510827505883 r = 145897736096689096151704740327665176308625097484116713780050311198775607465862066406830851710261868913835866335107146242979359964945125214420821146670919741118254402096944139483988745450480989706524191669371208210272907563936516990473246615375022630708213486725809819360033470468293100926616729742277729705727 k1 = 78430786011650521224561924814843614294806974988599591058915520397518526296422791089692107488534157589856611229978068659970976374971658909987299759719533519358232180721480719635602515525942678988896727128884803638257227848176298172896155463813264206982505797613067215182849559356336015634543181806296355552543 k2 = 49576356423474222188205187306884167620746479677590121213791093908977295803476203510001060180959190917276817541142411523867555147201992480220531431019627681572335103200586388519695931348304970651875582413052411224818844160945410884130575771617919149619341762325633301313732947264125576866033934018462843559419 k3 = 48131077962649497833189292637861442767562147447040134411078884485513840553188185954383330236190253388937785530658279768620213062244053151614962893628946343595642513870766877810534480536737200302699539396810545420021054225204683428522820350356470883574463849146422150244304147618195613796399010492125383322922 e = 65537
M = p*q*r M1 = q*r M2 = p*r M3 = p*q t1 = gmpy2.invert(M1, p) t2 = gmpy2.invert(M2, q) t3 = gmpy2.invert(M3, r) n = p*q*r c = (k1*t1*M1 + k2*t2*M2 + k3*t3*M3) % n #利用中国剩余定理得到m^e,并用p*q*r做n当RSA算密文 d = gmpy2.invert(e, (p-1)*(q-1)*(r-1)) m = pow(c, d, n) #算出d和明文
msg = number.long_to_bytes(m) print (msg) #此处打印出结果为msgstr的二进制值 msgstr = '\n1hAyuFoOUCamGW9BP7pGKCG81iSEnwAOM8x\n********** DO NOT GUESS ME ********\nhg In number theory, \nam the Chinese \ne{ remainder theorem \nCr states that if one\nT_ knows the \nw0 remainders of the \nNt Euclidean division\n+6 of an integer n \nOt by several \nh3 integers, then \nR_ YOU CAN FIND THE \nmE FLAG, ;D\n!! \n!} \n********** USE YOUR BRAIN *********\ncbl8KukOPUvpoe1LCpBchXHJTgmDknbFE2z\n' print (msgstr) #打印出来后发现flag藏在中间几行的前两位,用以下操作拼接起来 msgstr = msgstr.split('\n')[3:-3] for substr in msgstr: print (substr[:2], end='') print('\n')