from Crypto.Util.number import \nfrom gmpy2 import \nfrom secret import flag\n\nBITS = 233\n\ndef broken(x, bits):\n return x>>bits\n\ndef gen():\n p,q = getPrime(512),getPrime(512)\n n = pq\n e = 65537\n return n, broken(p+q, BITS)\n\nn, hint = gen()\n e = 0x10001\n m = bytes_to_long(flag)\n assert m < n\n c = pow(m, e, n)\n\nprint(n)\nprint(hint)\nprint(c)\n\n'''\n107847645025513535850791225440130707186374273414737521825714442885442542984529827092766916748308266623066053421754530398675086374798530909982183476265477598220972320436343536618913608933549054793948336438240303192183575843300257235195070331758555882832698815894168120103459360566404203412796086643598204242029\n1505246122706281178983443268987790509406564031452059494152554645294649335244676839890\n16589212605025468264862689939961340646400626438824064459026078002373801735937861932598660491280834517490394340315480853421268981930217857435669572426110105938015092688880859031418213297139875807487434491329423279700179082306961439610731922669459168752958192842026918421354512654494583087220572962719510130677\n'''\n以上代码源于一个CTF试题,我该如何得到其中的flag呢\n并且请你给出你所认为正确的最终结果内容:根据提供的代码,我们可以看出加密过程是将明文m进行RSA加密,得到密文c。我们需要使用RSA的解密操作来获得明文m。\n\n在给定的代码中,函数broken(x, bits)将一个整数x右移bits位,作为提示hint。这个提示是p+q右移BITS位的结果。我们需要使用这个提示来还原p+q。\n\n首先,我们知道n = pq。由于hint = broken(p+q, BITS),我们可以将hint左移BITS位,即hint << BITS,得到p+q的近似值。然后,我们可以使用牛顿迭代法来还原p和q。\n\n具体来说,我们可以将问题转化为寻找方程f(x) = x^2 - (p+q)x + n = 0的根,其中p和q是方程的两个根。我们已经得到了一个近似值hint,我们可以使用牛顿迭代法来逐步逼近根的精确值。\n\n以下是实现这个过程的代码:\n\npython\nfrom Crypto.Util.number import *\nfrom gmpy2 import *\nfrom secret import flag\n\nBITS = 233\n\ndef broken(x, bits):\n return x>>bits\n\ndef gen():\n p,q = getPrime(512),getPrime(512)\n n = p*q\n e = 65537\n return n, broken(p+q, BITS)\n\ndef newton_method(n, hint):\n x = hint << BITS\n while True:\n f = x**2 - n\n if f == 0:\n return x\n x = x - f//(2*x)\n\nn, hint = gen()\n e = 0x10001\n m = bytes_to_long(flag)\n assert m < n\n c = pow(m, e, n)\n\n p_plus_q = newton_method(n, hint)\n p = (p_plus_q + isqrt(p_plus_q**2 - 4*n)) // 2\n q = n // p\n phi = (p-1) * (q-1)\n d = invert(e, phi)\n m = pow(c, d, n)\n flag = long_to_bytes(m)\n print(flag)\n\n\n运行代码后,我们可以得到flag的明文输出。\n


原文地址: https://www.cveoy.top/t/topic/poBY 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录