文章介绍了使用RSA算法进行加密的过程,包括生成公钥和私钥,以及如何通过给定的p、n和密文c进行解密。同时,讨论了中国剩余定理在解决同余方程组中的应用,提供了相应的Python脚本。通过脚本演示了解密过程,指出在实际解密时可能遇到的问题及解决策略。
bbbbbrsa
题目信息
压缩包解压后有两个文件,其中有用的信息如下
from base64 import b64encode as b32encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import random
flag = "******************************"
nbit = 128
p = getPrime(nbit)
q = getPrime(nbit)
n = p*q
print p
print n
phi = (p-1)*(q-1)
e = random.randint(50000,70000)
while True:
if gcd(e,phi) == 1:
break;
else:
e -= 1;
c = pow(int(b2a_hex(flag),16),e,n)
print b32encode(str(c))[::-1]
# 2373740699529364991763589324200093466206785561836101840381622237225512234632
从中可以知道p,n那么可以求出q,然后e和明文flag未知,但是我们知道e的范围,所以可以往爆破的方向考虑。
其次虽然在代码中的密文c是b32编码,但是在导包的时候并不是b32编码 而是b64编码 这也就是为什么使用b32解码根本得不到有用的信息的原因!!而且这个字符串要反序后才是能b64解密。
c经过反序后b64解密结果:2373740699529364991763589324200093466206785561836101840381622237225512234632
所以直接用脚本解密:需要考虑的条件是(e和phin互质,果然还是自己对RSA算法不够熟练,还是得多练!!)
import binascii
import gmpy2
from gmpy2 import gcd
from Crypto.Util.number import *
p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
c = 2373740699529364991763589324200093466206785561836101840381622237225512234632
q = 211330365658290458913359957704294614589
phin = (p-1)*(q-1)
for e in range(50000,70000):
if gcd(e,phin)==1:
d = gmpy2.invert(e,phin)
m = pow(c,d,n)
m = str(long_to_bytes(m))
#加一个限制条件 因为一般都会有flag出现在字符串中 可以减少筛选的数目
if "flag" in m:
print(m)
在用脚本解密的时候出现Crypto导包出错 安装了软件包但是还是报错的宝宝们 看这里
RSA4
题目信息
给出的信息就是很多组的N和C
关于中国剩余定理
什么是中国剩余定理?
中国剩余定理的内容是:
设m1,m2,...,mn是两两互质的整数,a1,a2,...,an也是整数。则同余方程组:x ≡ a1 (mod m1)
x ≡ a2 (mod m2)
...
x ≡ an (mod mn)必定存在一个解x,且这个解模m1m2...mn是唯一的。该定理表明,只要知道一组同余方程中的所有模数和余数,就可以利用定理求出唯一的解。
利用中国剩余的定理求解同余方程组的过程
1. 计算M = ∏mi 即所有模数的积
2. 对每个模数mi,计算Mi = M/mi
3. 对每个Mi计算乘法逆元Mi_inverse,满足 Mi * Mi_inverse ≡ 1 (mod mi) 所以在下面编写脚本的时候会以Mi和mLIst[i]的乘法逆元作为Mi_inverse的值
4. 构造解x = Σ(ai * Mi * Mi_inverse) mod M
脚本
import binascii
import gmpy2
# 中国剩余定理求解步骤:1.求出模数之积 M
# 2.计算Mi
# 3.计算Mi的乘法逆元 Mi_inverse
# 4.求出m^e 也就是x
#说明:aList是余数 mList是模数
def CRT(aList,mList):
M = 1
for i in mList:
M = M*i
#第二步 计算Mi
x = 0
for i in range(len(mList)):
Mi = M//mList[i]
#第三步 计算Mi——inverse
Mi_inverse = gmpy2.invert(Mi,mList[i])
x+=aList[i]*Mi*Mi_inverse
x = x%M
return x
n1 = "331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413033243132101010422240133122211400434023222214231402403403200012221023341333340042343122302113410210110221233241303024431330001303404020104442443120130000334110042432010203401440404010003442001223042211442001413004"
n2 = "302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114"
n3 = "332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323"
c1 = "310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243"
c2 = "112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344"
c3 = "10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242"
#注意上面的数据是五进制的数据
#注意m^e = c(mod ni)
mList = [int(n1,5),int(n2,5),int(n3,5)]
aList = [int(c1,5),int(c2,5),int(c3,5)]
temp = CRT(aList,mList)
#得到了m^e 下面开始爆破
for e in range(1, 10): #遍历e求解
m, f = gmpy2.iroot(temp, e) #m_e开e次根
print("加密指数e = %d:"%e)
if f==True:
print(hex(m))
脚本运行结果只有当e为1和3的时候会有结果 (也是这里e本身就比较小的原因所以比较好爆破,范围可以设置的再大一些,更加保险);把e=1和e=3的结果分别用在线网站转为字符串就能发现,当e=3的时候才能得到flag
记得把头改成以flag包头的格式才能通过提交!
今日总结:做了几个比较花里胡哨的题 明天打打比赛 然后就开始刷刷题 学学网课了
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
