moectf2023

wp是去年写的,记录了当时做出来的题,打算把去年题复现一遍,先把去年的wp修修发出来,其他的题慢慢再更新把

Classical crypto

ezrot

密文:

1
>@64E7LC@Ecf0:D0;FDE020D:>!=60=6EE6C0DF3DE:EFE:@?04:!96C0tsAJdEA6d;F}%0N

Flag:

1
moectf{rot47_is_just_a_simPle_letter_substitution_ciPher_EDpy5tpe5juNT_}

根据题目描述,应当是rot密码,出现@!等符号,所以是rot47,用cyberchef解得flag

可可的新围墙

密文:

1
mt3_hsTal3yGnM_p3jocfFn3cp3_hFs3c_3TrB__i3_uBro_lcsOp}e{ciri_hT_avn3Fa_j

Flag:

1
moectf{F3nc3_ciph3r_shiFTs_3ach_l3TT3r_By_a_Giv3n_nuMB3r_oF_plac3s_Ojpj}

​ 根据密文特征(“{}”位置)猜测是栅栏密码,枚举未得到flag,再仔细观察,发现密文中m和e只出现过1次,即加密方式类似如下:

1
2
3
mt3_hsTal3yGnM_p3j
ocfFn3cp3_hFs3c_3TrB__i3_uBro_lcsOp}
e{ciri_hT_avn3Fa_j

1
2
3
mt3_hsTal3yGnM_p3jocfFn3cp3_hFs3c_3TrB__i3_uBr
o_lcsOp}
e{ciri_hT_avn3Fa_j

猜测是w型栅栏,用脚本解得flag

皇帝的新密码

密文:

1
tvljam{JhLzhL_JPwoLy_Pz_h_cLyF_zPtwPL_JPwoLy!_ZmUVUA40q5KbEQZAK5Ehag4Av}

Flag:

1
moectf{CaEsaE_CIphEr_Is_a_vErY_sImpIE_CIphEr!_SfNONT40j5DuXJSTD5Xatz4To}

​ 密文显示flag形式的字符串,且开头tvljam与moectf偏移量均为7,猜测是凯撒密码,解得

不是“皇帝的新密码”

密文:

1
scsfct{wOuSQNfF_IWdkNf_Jy_o_zLchmK_voumSs_zvoQ_loFyof_FRdiKf_4i4x4NLgDn}

md5 of flag (utf-8) 

1
ea23f80270bdd96b5fcd213cae68eea5

flag:

1
moectf{vIgENErE_CIphEr_Is_a_lIttlE_hardEr_thaN_caEsar_CIphEr_4u4u4EXfXz}

​ 根据密文,开头字母与moectf偏移量并不呈规律变化,不是凯撒密码,根据古典密码的特征,最有可能的是Vigenere,但我们并不会知道密钥,用moectf做密钥解密得

发现密钥为goodjo,解得

提交flag并不正确,再仔细观察信息,发现提示flag的md5值,将刚刚得到的flag计算md5

发现刚刚得到的并不是flag,说明密钥不对,仔细观察,密钥出现good单词,剩下的jo极有可能是job,因此猜测密钥是goodjob,再进行·解密

并计算md5

发现值与题所给md5相同,得到正确flag

猫言喵语:

密文;

1
喵喵? 喵喵喵喵喵喵喵喵喵喵喵喵 喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵? 喵喵喵喵喵? 喵喵喵喵喵?喵喵? 喵喵喵喵喵? 喵喵喵喵喵喵 喵喵喵喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵?喵喵喵 喵喵喵喵喵? 喵喵? 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵喵喵喵喵 喵喵喵喵喵喵喵喵? 喵喵? 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵喵喵喵喵 喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵?喵喵喵 喵喵喵喵喵? 喵喵喵喵喵?喵喵喵喵喵喵 喵喵喵喵喵?喵喵喵喵喵喵 喵喵喵 喵喵?喵喵喵喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵?喵喵喵 喵喵?喵喵?喵喵? 喵喵喵喵喵喵喵喵? 喵喵?喵喵?喵喵喵喵喵喵 喵喵喵喵喵喵 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵?喵喵喵喵喵喵喵喵喵 喵喵?喵喵喵喵喵?喵喵? 喵喵喵喵喵喵喵喵?喵喵?喵喵喵喵喵? 喵喵喵喵喵?喵喵喵 喵喵?喵喵喵喵喵喵喵喵?

Flag:

1
moectf{THE_KAWAII_CAT_BUT_BE_CALLED_GOUZI_BY_RX}

​ 最开始猜测是兽语解密,但尝试了一番,并没有得到flag,同时注意到题目hint:morse code,告诉我们是摩斯密码,故将文本尝试转换成morse code,解得

Crypto

Crypto 入门指北

​ 运行脚本得flag

flag:

1
moectf{weLCome_To_moeCTf_CRypTo_And_enjoy_THis_gAme!_THis_is_yoUR_fLAg!}

baby_e

​ e很小,可以采用低加密指数攻击

编写脚本得

Flag:

1
moectf{SMaLL_3xPon3nt_Mak3_rSa_w3ak!_!lP0iYlJf!M3rux9G9Vf!JoxiMl903lllA}

bad_E

非预期脚本:(当时初学Crypto,不知道从那个师傅哪里看到了nthroot_mod这个有限域开方函数,发现还挺好用,一路套脚本😀)

1
2
3
4
5
6
7
8
from sympy.ntheory.residue_ntheory import nthroot_mod
from Crypto.Util.number import *
e = 65537
p=6853495238262155391975011057929314523706159020478084061020122347902601182448091015650787022962180599741651597328364289413042032923330906135304995252477571
q=11727544912613560398705401423145382428897876620077115390278679983274961030035884083100580422155496261311510530671232666801444557695190734596546855494472819
c=63388263723813143290256836284084914544524440253054612802424934400854921660916379284754467427040180660945667733359330988361620691457570947823206385692232584893511398038141442606303536260023122774682805630913037113541880875125504376791939861734613177272270414287306054553288162010873808058776206524782351475805
n=p*q
print(long_to_bytes(nthroot_mod(c,e,p))

预期解:

1
2
3
4
5
6
7
8
9
10
11
12
e = 65537
p=6853495238262155391975011057929314523706159020478084061020122347902601182448091015650787022962180599741651597328364289413042032923330906135304995252477571
q=11727544912613560398705401423145382428897876620077115390278679983274961030035884083100580422155496261311510530671232666801444557695190734596546855494472819
c=63388263723813143290256836284084914544524440253054612802424934400854921660916379284754467427040180660945667733359330988361620691457570947823206385692232584893511398038141442606303536260023122774682805630913037113541880875125504376791939861734613177272270414287306054553288162010873808058776206524782351475805
n=p*q
from Crypto.Util.number import *
from gmpy2 import *
print(gcd(e,p-1))   #e|(p-1), gcd(e,q-1)=1
d=invert(e,(q-1))
m=powmod(c,d,q)
print(m)
print(long_to_bytes(m))

Flag:

1
moectf{N0w_Y0U_hAve_kN0w_h0w_rsA_w0rks!_f!lP0iYlJf!M3ru}

xorrrrrrrrr

​ 先拿moectf{去和密文xor,根据密文翻译出来的明文猜测明文后面的单词,再与该段密文xor得到部分flag,重复操作,最终得到完整flag

Flag:

1
moectf{W0W_y0U_HaVe_mastered_tHe_x0r_0Peart0r!_0iYlJf!M3rux9G9Vf!JoxiMl}

factor_signin

​ 观察代码可知flag为rsa加密,前半部分的n1=p q,后半部分n2=p1 p2 * p3…p32,编写脚本得到两段flag,组合起来

脚本: 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from Crypto.Util.number import *
from gmpy2 import *


p=18055722101348711626577381571859114850735298658417345663254295930584841136416234624852520581982069555948490061840244710773146585295336094872892685938420880462305333393436098181186277450475949236132458958671804132443554885896037342335902958516394876382378829317303693655605215373555988755516058130500801822723195474873517960624159417903134580987202400855946137101429970119186394052011747475879598126195607938106163892658285305921071673588966184054026228745012993740035399652049777986535759039077634555909031397541116025395236871778797949216479130412500655359057128438928721459688727543057760739527720641179290282309741

q=19024691283015651666032297670418553586155390575928421823630922553034857624430114628839720683172187406577114034710093054198921843669645736474448836706112221787749688565566635453151716934583685087745112614898780150391513798368931496744574075511968933800467288441832780919514199410584786925010518564670786685241724643282580795568609339268652910564215887176803735675069372979560024792322029911970574914829712553975379661212645059271137916107885326625543090473004683836665262304916304580076748336858662108554591235698235221618061328251985929904075811056422186525179189846420226944944513865790999242309352900287977666792901

c1=10004937130983861141937782436252502991050957330184611684406783226971057978666503675149401388381995491152372622456604317681236160071166819028679754762162125904637599991943368450200313304999566592294442696755822585022667008378021280392976010576970877334159755332946926433635584313137140987588847077645814987268595739733550220882135750267567373532603503399428451548677091911410732474324157868011686641243202218731844256789044721309478991918322850448456919991540932206923861653518190974620161055008847475600980152660468279765607319838003177639654115075183493029803981527882155542925959658123816315099271123470754815045214896642428657264709805029840253303446203030294879166242867850331945166255924821406218090304893024711068773287842075208409312312188560675094244318565148284432361706108491327014254387317744284876018328591380705408407853404828189643214087638328376675071962141118973835178054884474523241911240926274907256651801384433652425740230755811160476356172444327762497910600719286629420662696949923799255603628210458906831175806791599965316549386396788014703044837917283461862338269599464440202019922379625071512100821922879623930069349084917919100015782270736808388388006084027673781004085620817521378823838335749279055639005125
e=65537

d1=invert(e,(p-1)*(q-1))
m1=powmod(c1,d1,p*q)
print(long_to_bytes(m1))
a=[9949603102225364603,10049235158029375571,10547615587767500213,10596280721192026229,10864078180916418691,11092420583960163379,11853704782834170959,12034779627328165471,12404642343676224637,12448177342966243757,13062839684118954553,13645878578452317313,14397830993057803133,14619040595108594017,14678737767649343977,14745811312384518031,14813953870710226847,15175734709842430433,15211380502610462057,15332916111580607077,15751974537676958401,16123604149048919099,16408421615173973083,16870346804576162551,17093292308638969889,17265001711647542137,17289161209347211817,17543713628803023199,17673334943789572513,18106525049998616747,18345408081492711641,18390046459144888243]
c2=4948422459907576438725352912593232312182623872749480015295307088166392790756090961680588458629287353136729331282506869598853654959933189916541367579979613191505226006688017103736659670745715837820780269669982614187726024837483992949073998289744910800139692315475427811724840888983757813069849711652177078415791290894737059610056340691753379065563574279210755232749774749757141836708161854072798697882671844015773796030086898649043727563289757423417931359190238689436180953442515869613672008678717039516723747808793079592658069533269662834322438864456440701995249381880745586708718334052938634931936240736457181295
n2=8582505375542551134698364096640878629785534004976071646505285128223700755811329156276289439920192196962008222418309136528180402357612976316670896973298407081310073283979903409463559102445223030866575563539261326076167685019121804961393115251287057504682389257841337573435085535013992761172452417731887700665115563173984357419855481847035192853387338980937451843809282267888616833734087813693242841580644645315837196205981207827105545437201799441352173638172133698491126291396194764373021523547130703629001683366722885529834956411976212381935354905525700646776572036418453784898084635925476199878640087165680193737
phi=1
for i in range(32):
    phi *= a[i]-1
d2=invert(e,phi)
m2=powmod(c2,d2,n2)
print(long_to_bytes(m2))

flag: 

1
moectf{fACtord6_And_YAfu_Are_6oth_good_utils_to_fACtorize_num6ers_ff90S}

feistel

​ 将密文明文互换,再用加密脚本加密既可解密出flag

n&n

​ 观察代码,得到e1,e2,c1,c2,n,故采用共模攻击

编写脚本得到flag

脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Util.number import *
from gmpy2 import *
e1 = 0x114514
e2 = 19198101
c1=5776799746376051463605370130675046329799612910435315968508603116759552095183027263116443417343895252766060748671845650457077393391989018107887540639775168897954484319381180406512474784571389477212123123540984850033695748142755414954158933345476509573211496722528388574841686164433315356667366007165419697987147258498693175698918104120849579763098045116744389310549687579302444264316133642674648294049526615350011916160649448726069001139749604430982881450187865197137222762758538645387391379108182515717949428258503254717940765994927802512049427407583200118969062778415073135339774546277230281966880715506688898978925
c2= 4664955020023583143415931782261983177552050757537222070347847639906354901601382630034645762990079537901659753823666851165175187728532569040809797389706253282757017586285211791297567893874606446000074515260509831946210526182765808878824360460569061258723122198792244018463880052389205906620425625708718545628429086424549277715280217165880900037900983008637302744555649467104208348070638137050458275362152816916837534704113775562356277110844168173111385779258263874552283927767924979691542028126412133709129601685315027689094437957165812994784648540588277901241854031439324974562449032290219652206466731675967045633360
n=13612969130810965900902742090064423006385890357159609755971027204203418808937093492927060428980020085273603754747223030702684866992231913349067578014240319426522039068836171388168087260774376277346092066880984406890296520951318296354893551565670293486797637522297989653182109744864444697818991039473180752980752117041574628063002176339235126861152739066489620021077091941250365101779354009854706729448088217051728432010328667839532327286559570597994183126402340332924370812383312664419874352306052467284992411543921858024469098268800500500651896608097346389396273293747664441553194179933758992070398387066135330851531
s=gcdext(e1,e2)
s1=s[1]
s2=s[2]
m=powmod(c1,s1,n)
a=powmod(c2,s2,n)
print(long_to_bytes(m*a%n))

flag:

1
moectf{dO_nOt_u53_5AM3_MOdulu5_tO_3ncrYPt_dIFF3r3nt_dAtA!_JY63x33iiA0Ji}

|p-q|

N分解得到p,q,编写rsa解题脚本,得flag

flag:

1
moectf{it_iS_vUlnErablE_iF_p_iS_aboUt_thE_SaME_SiZE_aS_Q_MVoAYArrlG3uco}

ez_chain

​ 运用到辗转相除法、cbc加密,但是不知道key,通过构造相同位数的flag,发现flag内容怎么修改,最后的余数都不会变,猜测最后那一部分和moect{有关,修改查看,发现最后一个余数改变,确定猜测,该余数即为blocks[0],同时已知密文、iv,异或求得key。

代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
from Crypto.Util.number import *
a=[8490961288, 122685644196, 349851982069, 319462619019, 74697733110,
   43107579733, 465430019828, 178715374673, 425695308534, 164022852989,
   435966065649, 222907886694, 420391941825, 173833246025, 329708930734]
iv = 3735927943
base = bytes_to_long(b"koito")
key=5329712293^a[0]^iv
b=[iv]
for i in range(len(a)-1):
    b.append(a[len(a)-2-i]^a[len(a)-1-i]^key)
b.append(a[0]^b[0]^key)
a1=list(reversed(b[1:]))
m=a1[0]
for i in range(1,len(a1)):
    m = base*m+a1[i]
flag = long_to_bytes(m)
print(flag)

minipack

代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
from Crypto.Util.number import *
 key=[]
 with open("E:\\key.txt", 'r') as fs:
   key1 = fs.read().split("," or '[' or ']')
 key1[0]=key1[0][1:]
 key1[-1]=key1[-1][:-1]
 for i in key1:
   key.append(int(i))
 key = list(reversed(key))
 with open("E:\\ciphertext.txt", 'r') as fs:
   cip = int(fs.read())
 m = ''
 for i in range(len(key)):
   if cip - key[i] >= 0:
     cip = cip - key[i]
     m += '1'
   else:
     m += '0'
 print(long_to_bytes(int(m[::-1],2)))

giant_e

​ rsa解题,e特别大,采用winerer攻击

脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
from Crypto.Util.number import *
from gmpy2 import *
class ContinuedFraction():
    def __init__(self,numerator,denumerator):
        self.numberlist = [] # number in continued fraction
        self.fractionlist = [] # the near fraction list
        self.GenerateNumberList (numerator, denumerator)
        self.GenerateFractionList ()
    def GenerateNumberList (self, numerator, denumerator):
        while numerator != 1:
            quotient = numerator // denumerator
            remainder = numerator % denumerator
            self.numberlist.append (quotient)
            numerator = denumerator
            denumerator = remainder
    def GenerateFractionList (self) :
        self.fractionlist.append ([self.numberlist[0], 1])
        for i in range (1, len (self.numberlist)):
            numerator = self.numberlist[i]
            denumerator = 1
            for j in range (i) :
                temp = numerator
                numerator = denumerator + numerator * self.numberlist[i-j-1]
                denumerator = temp
            self.fractionlist.append([numerator, denumerator])

e = 0x609778981bfbb26bb93398cb6d96984616a6ab08ade090c1c0d4fedb00f44f0552a1555efec5cc66e7960b61e94e80e7483b9f906a6c8155a91cdc3e4917fa5347c58a2bc85bb160fcf7fe98e3645cfea8458ea209e565e4eb72ee7cbb232331a862d8a84d91a0ff6d74aa3c779b2b129c3d8148b090c4193234764f2e5d9b2170a9b4859501d07c0601cdd18616a0ab2cf713a7c785fd06f27d68dff24446d884644e08f31bd37ecf48750e4324f959a8d37c5bef25e1580851646d57b3d4f525bc04c7ddafdf146539a84703df2161a0da7a368675f473065d2cb661907d990ba4a8451b15e054bfc4dd73e134f3bf7d8fa4716125d8e21f946d16b7b0fc43
n=0xbaa70ba4c29eb1e6bb3458827540fce84d40e1c966db73c0a39e4f9f40e975c42e02971dab385be27bd2b0687e2476894845cc46e55d9747a5be5ca9d925931ca82b0489e39724ea814800eb3c0ea40d89ebe7fe377f8d3f431a68d209e7a149851c06a4e67db7c99fcfd9ec19496f29d59bb186feb44a36fe344f11d047b9435a1c47fa2f8ed72f59403ebb0e439738fd550a7684247ab7da64311690f461e6dce03bf2fcd55345948a3b537087f07cd680d7461d326690bf21e39dff30268cb33f86eeceff412cd63a38f7110805d337dcad25e6f7e3728b53ca722b695b0d9db37361b5b63213af50dd69ee8b3cf2085f845d7932c08b27bf638e98497239
c=0x45a9ce4297c8afee693d3cce2525d3399c5251061ddd2462513a57f0fd69bdc74b71b519d3a2c23209d74fcfbcb6b196b5943838c2441cb34496c96e0f9fc9f0f80a2f6d5b49f220cb3e78e36a4a66595aa2dbe3ff6e814d84f07cb5442e2d5d08d08aa9ccde0294b39bfde79a6c6dcd2329e9820744c4deb34a039da7933ddf00b0a0469afb89cba87490a39783a9b2f8f0274f646ca242e78a326dda886c213bc8d03ac1a9150de4ba08c5936c3fe924c8646652ef85aa7ac0103485f472413427a0e9d9a4d416b99e24861ca8499500c693d7a07360158ffffa543480758cafff2a09a9f6628f92767764fa026d48a9dd899838505ae16e38910697f9de14
a = ContinuedFraction(e,n)
for k,d in a.fractionlist:
    s = long_to_bytes(pow(c, d, n))
    try:
        print(s.decode())
    except Exception:
        pass

flag:

1
moectf{too_larGe_exponent_is_not_a_iDea_too!_Bung92WPIBung92WPIBung9?WP}

rsa_signin

​ 出现多组c,n,可以考虑低加密指数广播攻击,但e=65337,比较大,不使用中国剩余定理,考虑在n_list找最大公因数,编写脚本得flag

脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import libnum
from Crypto.Util.number import *
from gmpy2 import *

e = 65537
n1 =

n11 =
c1 =

c11 =
c = [c1, c2, c3, c4, c5, c6, c7, c8, c9, c10, c11]
n = [n1, n2, n3, n4, n5, n6, n7, n8, n9, n10, n11]

for i in range(len(n)):
    for j in range(len(n)):
        if (i != j):
            if (gmpy2.gcd(n[i], n[j]) != 1):  # 对不同的n进行 欧几里得算法,以求出最大公约数(p)
                print(i, j)  # 输出对应的n的序号
                p = gmpy2.gcd(n[i], n[j])
                print("p = ", p)
                q = n[i] // p
                print("q = ", q)
                d = gmpy2.invert(e, (p - 1) * (q - 1))
                print("d = ", d)
                m = pow(c[i], d, n[i])
                print("m = ", m)
print(libnum.n2s(int(m)))

flag:

1
moectf{it_is_re@lly_@_signin_level_cryPto_ch@ll@nge_ng92WPIBung92WPIBun}

factorize_me!

​ 无法直接分解n,观察代码,发现n是由prime2累乘得到,而prime2可以由prime得到,而prime累乘数已经告知,尝试分解,得到al数组,编写脚本

脚本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
al=[6811480804433459752827714558479851837166061762294131563310130325846430072816177165149613687307165209577130630311477665591141650399740741396784593477667511,
6991223361118904775931217829045348785013077549030883418924453538830605687999480005714979700653172534877541317997174968789510984315425270755055110913347281,
7592439908930473591169395506464664967460880934907692099467559610659035874008829133810341129161864445676397227262130671224157308868678442281617413952593477,
7661276973316857207751367277881032536449069939447322837508906694964933673171693624171780997296797446643574508184011878230465391879808258241752897792891323,
8752762682421281693932454897190422008900505775990831144558827755415243453970083322530846132571648469860763497724505255094464743633789884168771246977571539,
9987009117206906203158749743824168660291275882852229158070368815160479543708376165641735042845357978292384303332559592302507789120810447986634662721490507,
10022455487144667211701100343824680124338467215246658405697280466931561838565228778624923751405642974058833143888323468902504576610147119708725877528011439,
11627877395179828773706504422918933052041685770731872812302758181943244472706231518350716590168708806854971155512042158777017234038219076771501368374236727,
12876877424944854147075816504195994138450356002779004886384584287813869165469217718717854027672044903401715370348223932937626725119320180795716270261309139]
n=899081756851564072995842371038848265712822308942406479625157544735473115850983700580364485532298999127834142923262920189902691972009898741820291331257478170998867183390650298055916005944577877856728843264502218692432679062445730259562784479410120575777748292393321588239071577384218317338474855507210816917917699500763270490789679076190405915250953860114858086078092945282693720016414837231157788381144668395364877545151382171251673050910143023561541226464220441
e = 65537
c = 841335863342518623856757469220437045493934999201203757845757404101093751603513457430254875658199946020695655428637035628085973393246970440054477600379027466651143466332405520374224855994531411584946074861018245519106776529260649700756908093025092104292223745612991818151040610497258923925952531383407297026038305824754456660932812929344928080812670596607694776017112795053283695891798940700646874515366341575417161087304105309794441077774052357656529143940010140

from Crypto.Util.number import *
from gmpy2 import *

from Crypto.Util.number import getPrime
from math import prod
from sympy import nextprime
for i in range(9):
    for j in range(9):
        for k in range(9):
            q=nextprime(al[i])
            w=nextprime(al[j])
            r=nextprime(al[k])
            z=q*w*r
            if(n==z):
                print("q=",q)
                print("r=",r)
                print("w=",w)
                phi=(q-1)*(w-1)*(r-1)
                d=invert(e,phi)
                m=powmod(c,d,n)
                print(long_to_bytes(m))

flag:

1
moectf{you_KNow_how_to_faCtorize_N_right?_9?WPIBung6?WPIBung6?WPIBund6?}

misc

Misc 入门指北

​ Base64解密

flag:moectf{h@v3_fun_@t_m15c_!}

打不开的图片1

用010editor打开,发现是jpg格式文件,修复文件头,可以打开,有exif信息,16进制转换得flag

Flag:moectf{XDU_i5_v3ry_6e@u2ifu1}

打不开的图片2

​ 用010editor打开,发现ihdr,查看文件尾,为png文件尾,修复文件头,成功打开图片得到flag

狗子(1) 普通的猫

​ 用010editor打开,文件尾部找到flag

Flag: 

1
moectf{eeeez_f1ag_as_A_G1ft!}

building_near_lake

​ 下载图片可以查询到拍摄信息,照相机制造商为Xiaomi,型号为22122RK93C,搜素发现是红米k60,搜索发布会时间,得到20221227,百度识图发现拍摄地点是厦门大学翔安德望图书馆,地图查询经纬度,得到flag

烫烫烫

​ 转储utf-7,正常显示,

计算key——b34edc782d68fda34dc2332967273b0f0900a0ebd0dcec48467851bc6117bad1,进行aes计算,得flag

Flag:

1
moectf{codep@ge_pl@ys_@n_iMport@nt_role_in_intern@tion@liz@tion_g92WPIB}

狗子(2) 照片

​ 用zsteg跑lsb,得flag

Flag:moectf{D0ggy_H1dd3n_1n_Pho7o_With_LSB!}

base乐队

​ 依次用base32、base58、base32解密得到

1
bYeNQXYZXbXZQfW31FGzzD0m0FHQ9RR85FFQYMB9M=lmo2ku11z0uiz=

发现中间有=,目前已知出现=均是在字符串尾部,猜测通过某种加密将=放在了中间,尝试暴力栅栏,得到flag

flag:moectf{Th4_6@nd_1nc1ud45_F3nc4_@nd_b@s3}

奇怪的压缩包

​ 压缩包打开,发现有个文件夹为ppt,根据题目描述,改后缀,成功得到ppt文件,通过改字体颜色、遮挡、批注、解压ppt文档隐藏

Flag:moectf{2ip123456_?_ n0_i4_pp4x!}

机位查询

三张图片的地点均在广西南宁,分别是南宁站、中山路美食街、华润大厦,查卫星地图可分析得到前两张图片拍摄地点为嘉士摩根国际、百盛步行街广场,最后一张始终分析不出拍摄的地点,仔细查看,发现有exif信息,有gps定位,查询,找到汇金宛,

Flag:moectf{jiashi_baisheng_huijin}

狗子(3) 寝室

​ 编写压缩包解压脚本或工具解压,得到flag.txt

Flag: moectf{Ca7_s133p1ng_und3r_zip_5hell5}

尊嘟假嘟?

​ 根据hint1涉及到base58,尝试base58解密

一堆乱码,而hint2提示为bl*sh加密,想到blowfish,将key和iv求出,带入解密,得到一个可疑字符串

再进行base64解密,得到flag

CTF WriteUp
#Crypto Misc
moectf2023
http://tmagwaro.github.io/2024/04/29/moectf2023/
作者
TMagWarO
发布于
2024年4月29日
许可协议