前言

比赛时间:2024.12.13 - 2024.12.15

这次比赛是三人组队打的,一个老登(St4rr)带2个小登(我和Yolo)。

我参与的:神秘dp、math、AmaZing_BruteForce、不要忘记仰望星空、base1024、真“签到”。

Reverse、Crypto方向,这两个方向的题目质量实在不行,要么是送分题,要么是把密码搞成杂项的。

Crypto

ezCrypto

1
2
3
4
5
6
7
8
9
10
11
12
import gmpy2
from Crypto.Util.number import *
e = 65537 
n = 1455925529734358105461406532259911790807347616464991065301847 
c = 69380371057914246192606760686152233225659503366319332065009 
p=1201147059438530786835365194567
q=1212112637077862917192191913841
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))
#flag{fact0r_sma11_N}

签到

神秘dp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
from Crypto.Util.number import *
e = 65537
n = 13851998696110232034312408768370264747862778787235362033287301947690834384177869107768578977872169953363148442670412868565346964490724532894099772144625540138618913694240688555684873934424471837897053658485573395777349902581306875149677867098014969597240339327588421766510008083189109825385296069501377605893298996953970043168244444585264894721914216744153344106498382558756181912535774309211692338879110643793628550244212618635476290699881188640645260075209594318725693972840846967120418641315829098807385382509029722923894508557890331485536938749583463709142484622852210528766911899504093351926912519458381934550361 
dp = 100611735902103791101540576986246738909129436434351921338402204616138072968334504710528544150282236463859239501881283845616704984276951309172293190252510177093383836388627040387414351112878231476909883325883401542820439430154583554163420769232994455628864269732485342860663552714235811175102557578574454173473
c = 6181444980714386809771037400474840421684417066099228619603249443862056564342775884427843519992558503521271217237572084931179577274213056759651748072521423406391343404390036640425926587772914253834826777952428924120724879097154106281898045222573790203042535146780386650453819006195025203611969467741808115336980555931965932953399428393416196507391201647015490298928857521725626891994892890499900822051002774649242597456942480104711177604984775375394980504583557491508969320498603227402590571065045541654263605281038512927133012338467311855856106905424708532806690350246294477230699496179884682385040569548652234893413
for k in range(1, e):
    p = (e * dp - 1) // k + 1
    if (e * dp - 1) % k == 0 and isPrime(p) and n % p == 0:
        q = n // p
        if isPrime(q):
            break
phi = (p - 1) * (q - 1)
d = inverse(e, phi)
dq = d % (q-1)
m_p = pow(c, dp, p)
m_q = pow(c, dq, q)
h = (inverse(q, p) * (m_p - m_q)) % p
m = (m_q + h * q)
plaintext = long_to_bytes(m).decode()
print("解密后的明文:", plaintext)
#flag{dp_i5_1eak}

math

观察规律发现,key的递推公式周期性变化,前三项之和加1或减1或不加

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from Crypto.Util.number import *
from gmpy2 import next_prime

n = 739243847275389709472067387827484120222494013590074140985399787562594529286597003777105115865446795908819036678700460141950875653695331369163361757157565377531721748744087900881582744902312177979298217791686598853486325684322963787498115587802274229739619528838187967527241366076438154697056550549800691528794136318856475884632511630403822825738299776018390079577728412776535367041632122565639036104271672497418509514781304810585503673226324238396489752427801699815592314894581630994590796084123504542794857800330419850716997654738103615725794629029775421170515512063019994761051891597378859698320651083189969905297963140966329378723373071590797203169830069428503544761584694131795243115146000564792100471259594488081571644541077283644666700962953460073953965250264401973080467760912924607461783312953419038084626809675807995463244073984979942740289741147504741715039830341488696960977502423702097709564068478477284161645957293908613935974036643029971491102157321238525596348807395784120585247899369773609341654908807803007460425271832839341595078200327677265778582728994058920387721181708105894076110057858324994417035004076234418186156340413169154344814582980205732305163274822509982340820301144418789572738830713925750250925049059
c = 229043746793674889024653533006701296308351926745769842802636384094759379740300534278302123222014817911580006421847607123049816103885365851535481716236688330600113899345346872012870482410945158758991441294885546642304012025685141746649427132063040233448959783730507539964445711789203948478927754968414484217451929590364252823034436736148936707526491427134910817676292865910899256335978084133885301776638189969716684447886272526371596438362601308765248327164568010211340540749408337495125393161427493827866434814073414211359223724290251545324578501542643767456072748245099538268121741616645942503700796441269556575769250208333551820150640236503765376932896479238435739865805059908532831741588166990610406781319538995712584992928490839557809170189205452152534029118700150959965267557712569942462430810977059565077290952031751528357957124339169562549386600024298334407498257172578971559253328179357443841427429904013090062097483222125930742322794450873759719977981171221926439985786944884991660612824458339473263174969955453188212116242701330480313264281033623774772556593174438510101491596667187356827935296256470338269472769781778576964130967761897357847487612475534606977433259616857569013270917400687539344772924214733633652812119743

a1, a2, a3 = 22, 40, 75

for i in range(2322):
    if i % 4 == 2:
        a1, a2, a3 = a2, a3, a1 + a2 + a3 - 1
    elif i % 4 == 3:
        a1, a2, a3 = a2, a3, a1 + a2 + a3 + 1
    else:
        a1, a2, a3 = a2, a3, a1 + a2 + a3
p = next_prime(a3)
if n % p == 0:
    q = n // p
    e = 65537
    d = inverse(e, (p - 1) * (q - 1))
    m = pow(c, d, n)
    print(long_to_bytes(m))
b'flag{77310934-21fa-4ee4-a783-dc1865ebab28}'

base1024

网上有base1024千字文,拿来解密一下

1
2
3
4
5
6
7
8
if __name__ == "__main__":
    b_已解字节内容 = h_千字文解码(
        "利师迩鉴石碣遥逍汉玄珍覆穑碣云罗侈平同此竹岱饭乎见槐洛五伦璧策缘芸武秦伤阮空创欲雁刻分超任策迩释机于焉笃僚施迩姿植沙疫书曲亲零零零"
    )  # b_千字文编码)
    b_文本内容 = b_已解字节内容.decode("utf-8")
    print("解码好的:" + b_文本内容)
    # 脑洞竞技 代码逆向 漏洞挖掘 团队协作 密码破译 云端对决
    # flag{脑洞竞技 代码逆向 漏洞挖掘 团队协作 密码破译 云端对决}

不要忘记仰望星空

将社会核心价值观解码后,得到了串盲文(实质上是些unicode码

1
⡳⠥⠦⠔⠶⠋⡳⠥⠢⠔⠆⠔⡳⠥⠢⠒⠙⠖⡳⠥⠶⠑⠉⠋⡳⠥⠶⠖⠦⠲⡳⠥⠢⠢⠂⠴⡳⠥⠲⠑⠴⠔⡳⠥⠦⠢⠉⠋⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠶⠔⠢⠑⡳⠥⠶⠔⠙⠦⡳⠥⠦⠴⠴⠉⡳⠥⠖⠶⠴⠔⡳⠥⠦⠴⠋⠙⡳⠥⠢⠆⠔⠃⡳⠥⠶⠖⠦⠲⡳⠥⠢⠃⠢⠔⡳⠥⠖⠴⠔⠋⡳⠥⠶⠁⠶⠁⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠖⠴⠒⠃⡳⠥⠖⠴⠋⠒⡳⠥⠖⠆⠢⠒⡳⠥⠔⠴⠴⠴⡳⠥⠢⠦⠴⠆⡳⠥⠔⠋⠂⠒⡳⠥⠶⠖⠦⠲⡳⠥⠶⠒⠆⠁⡳⠥⠢⠂⠖⠃⡳⠥⠖⠆⠂⠆⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠦⠙⠂⠋⡳⠥⠦⠙⠆⠒⡳⠥⠦⠴⠉⠉⡳⠥⠦⠦⠲⠉⡳⠥⠖⠶⠲⠑⡳⠥⠶⠖⠦⠲⡳⠥⠖⠉⠔⠔⡳⠥⠢⠴⠑⠶⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠲⠑⠆⠙⡳⠥⠔⠴⠂⠲⡳⠥⠢⠆⠁⠴⡳⠥⠢⠂⠖⠢⡳⠥⠶⠖⠦⠲⡳⠥⠶⠖⠶⠙⡳⠥⠔⠋⠔⠔⡳⠥⠔⠁⠖⠉⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠴⠴⠁⡳⠥⠢⠃⠋⠔⡳⠥⠲⠑⠦⠖⡳⠥⠋⠋⠴⠉⡳⠥⠦⠋⠙⠦⡳⠥⠖⠶⠴⠔⡳⠥⠔⠴⠁⠒⡳⠥⠖⠦⠒⠔⡳⠥⠦⠙⠦⠁⡳⠥⠖⠶⠖⠢⡳⠥⠦⠙⠦⠁⡳⠥⠔⠢⠶⠋⡳⠥⠶⠖⠦⠲⡳⠥⠢⠔⠦⠆⡳⠥⠖⠂⠴⠋⡳⠥⠔⠂⠙⠂⡳⠥⠶⠃⠦⠙⡳⠥⠖⠦⠙⠆⡳⠥⠴⠴⠁⡳⠥⠴⠴⠁⡳⠥⠆⠴⠂⠲⡳⠥⠆⠴⠂⠲⡳⠥⠒⠴⠴⠁⡳⠥⠴⠴⠖⠖⡳⠥⠴⠴⠖⠉⡳⠥⠴⠴⠖⠂⡳⠥⠴⠴⠖⠶⡳⠥⠒⠴⠴⠃

先是社会主义核心价值观解码,再8点盲文解码(选择“英国 美国 计算机8点”)

用这个在线网站就行https://www.lddgo.net/common/braille

1
2
3
4
5
6
7
8
9
10
11
12
print(
    """
    \u897f\u5929\u53d6\u7ecf\u7684\u5510\u4e09\u85cf\uff0c\u000a
    \u795e\u79d8\u800c\u6709\u80fd\u529b\u7684\u5b59\u609f\u7a7a\uff0c\u000a
    \u603b\u60f3\u6253\u9000\u5802\u9f13\u7684\u732a\u516b\u6212\uff0c\u000a
    \u8d1f\u8d23\u80cc\u884c\u674e\u7684\u6c99\u50e7\uff0c\u000a
    \u4e2d\u9014\u52a0\u5165\u7684\u767d\u9f99\u9a6c\uff0c\u000a
    \u000a
    \u5bf9\u4e86\uff0c\u8fd8\u6709\u90a3\u6839\u8d8a\u6765\u8d8a\u957f\u7684\u5982\u610f\u91d1\u7b8d\u68d2\u000a\u000a
    \u2014\u2014\u300a\u0066\u006c\u0061\u0067\u300b
    """
)

再unicode解码,得到:

1
2
3
4
5
6
7
8
9
西天取经的唐三藏,
神秘而有能力的孙悟空,
总想打退堂鼓的猪八戒,
负责背行李的沙僧,
中途加入的白龙马,

对了,还有那根越来越长的如意金箍棒

——《flag》

搜索提示找到https://www.douban.com/note/848680051/?_i=4157717HEPyz0H,4158109HEPyz0H

得到flag{宇宙探索编辑部},没错,这个flag是根据提示搜来的,没有用到上面的诗。

Reverse

AmaZing_BruteForce

先upx脱壳,按小端序输入数据,爆破是不必的,只需知道4位的key即可,其大概率为flag

异或反推出key再反代即可

就算key不是flag,也可以通过{}来确定两位字母,再考虑爆破中间两位

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#   v5[0] = 0x363E2315020A0508i64;
#   v5[1] = 0x183F5831552F363Ai64;
s = [
    0x08,
    0x05,
    0x0A,
    0x02,
    0x15,
    0x23,
    0x3E,
    0x36,
    0x3A,
    0x36,
    0x2F,
    0x55,
    0x31,
    0x58,
    0x3F,
    0x18,
]
print(s[0] ^ ord("f"))
print(s[1] ^ ord("l"))
print(s[2] ^ ord("a"))
print(s[3] ^ ord("g"))
key = [110, 105, 107, 101]
for i in range(16):
    print(chr(s[i] ^ key[i % 4]), end="")
# flag{JUST_D0_1T}