- 综合排序
- 最热优先
- 最新优先
- 来自专栏CTF Crypto
BUUCTF [GUET-CTF2019]虚假的压缩包 1
解压得到Key.txt文件,内容如下: 2、猜测为RSA加密,解密脚本如下: import gmpy2 """ gmpy2.mpz(n)#初始化一个大整数 gmpy2.mpfr(x)# 初始化一个高精度浮点数 x d = gmpy2.invert(e,n) # 求逆元,de = 1 mod n C = gmpy2.powmod(M,e,n)# 幂取模,结果是 C = (M^e) mod n gmpy2.is_prime (n) #素性检测 gmpy2.gcd(a,b) #欧几里得算法,最大公约数 gmpy2.gcdext(a,b) #扩展欧几里得算法 gmpy2.iroot(x,n) #x开n次根 """ p = gmpy2.mpz(3) q = gmpy2.mpz(11) e = gmpy2.mpz(3) l = (p-1) * (q-1) d = gmpy2.invert(e,l) c = gmpy2.mpz
60231编辑于 2025-11-30 - 来自专栏宸机笔记
RSA加密算法
import gmpy2 import binascii n = 4154220405062524632278989171077190153188438109 # p 和 q通过yafu得出 p = gmpy2 .mpz(56898061770151570660943) q = gmpy2.mpz(73011633012107403650963) e = gmpy2.mpz(0x10001) phi_n = ( p-1)*(q-1) d = gmpy2.invert(e, phi_n) c = gmpy2.mpz(0x346644dfe4c826c07a0ee6e0b2e10862d41aa8) m = pow
3K10发布于 2020-11-04 - 来自专栏kayden
HSC-1th WP CRYPTO
if Cipher==s[k:k+4]: print(Cipher,a,b) # korv 11 17 a=11 b=17 def decrypt(m, a, b): import gmpy2 c = [] for i in range(len(m)): ch=m[i] t=((letter.index(ch) - b) * gmpy2.invert(a, * e2]]) B = L2.LLL()[0] A = B * L2 ^ (-1) phi = int(e1 * A[1] // A[0]) print(long_to_bytes(pow(c1, gmpy2 q=t*p+k break import gmpy2 from Crypto.Util.number import long_to_bytes,bytes_to_long phi=(p-1)*( .gcd(e,phi) d=gmpy2.invert(e//t,phi) m=pow(c,d,n) msg=gmpy2.iroot(m,t) if msg[1]: print(long_to_bytes
89110编辑于 2022-09-29 - 来自专栏OneTS安全团队
RSA算法的使用及逆向中的识别技巧
coding: utf-8 -*- # date: 24/11/2020 09:19 # desc: Basic RSA 讲一下RSA的原理 # 借用了BUUCTF-rsarsa 这道题的参数 import gmpy2 9092085782510630477324439922306479038 87510065547947313543299303261986053486569407 e = 65537 phi_n = (p-1) * (q-1) N = p*q d = gmpy2 .invert(e, phi_n) m = "这是一串明文".encode() c = gmpy2.powmod(bytes_to_long(m), e, N) print("加密后:", c) c 835077353222099144775303121183696280369 509878368033433668751465953520047310688 45866341103159758984584205701452126 m = gmpy2
38310编辑于 2025-02-07 - 来自专栏历史专栏
【愚公系列】2021年12月 攻防世界-简单题-CRYPTO-011(Normal_RSA)
env python3 import base64 import fractions import argparse import random import sys try: import gmpy except ImportError as e: try: import gmpy2 as gmpy except ImportError: raise self.p - 1) * (self.q - 1) else: phi = (self.p ** 2) - self.p self.d = gmpy.invert fp.close() else: sys.stdout.buffer.write(data) 这里我使用了如下命令: python3 -m pip install gmpy openssl rsautl -decrypt -in flag.enc -inkey private.pem 得到flag:PCTF{256b_i5_m3dium} ---- 总结 openssl gmpy
60630编辑于 2021-12-27 - 来自专栏R0A1NG 技术分享
BUUCTF-crypto题
这里a−1a−1计算可以利用Python的gmpy2库中invert函数完成 注意仿射变换26个字母按数字0~25记,因此在需要将密文ASCII对应的数值减去97,解密完恢复成字母即加上97 此外,题目要求最后的 import gmpy2 import string import base64 m = gmpy2.invert(11,26) table = string.ascii_lowercase # print 到网站https://quipqiup.com/ flag{640e11012805f211b0ab24ff02a1ed09} 33.RSA2 类型:dp+n+e+c = m dp泄露 import gmpy2 _98924743502} 34.RSA 分解key文件得到n,到http://www.factordb.com/得到p和q import gmpy2 import rsa e = 65537 n = N,p,q,e=920139713,18443,49891,19 d=gmpy2.invert(e,(p-1)*(q-1)) result=[] with open("1.txt","r") as
2.6K30编辑于 2022-02-19 - 来自专栏十二惊惶的网络安全研究记录
2022年QFNU春季赛WP
d = gmpy2.invert(e,(p-1) * (q-1) * (r-1)) m = pow(c,d,n) print(long_to_bytes(m)) 方法二: 我们也可以不更改n,利用欧拉函数的性质 phip = (p-1) * p phiq = (q-1) * q**2 phir = (r-1) * r**4 phi = phip * phiq * phir d = gmpy2.invert .gcd(N,N1) q = N // p phi = (p-1) * (q-1) #第一段flag枚举e for e in range(10000): if(gmpy2.gcd(e, print(e) flag1 = long_to_bytes(m1) break #第二段flag低公钥e爆破 from gmpy2 .powmod(1011,n,n) p = gmpy2.gcd(n,kp) q = n // p phi = (p-1)*(q-1) d = gmpy2.invert(e,phi) m = gmpy2
29510编辑于 2024-02-28 - 来自专栏十二惊惶的网络安全研究记录
2023年蓝桥杯网络安全大赛
Cyberchef,先ROT13(好像就是凯撒密码,解密时Amount需要调整),然后解Base64: RSA RSA共模攻击: from Crypto.Util.number import * import gmpy2 1188105647021006315444157379624581671965264301631019818847700108837497109352704297426176854648450245702004723738154094931880004264638539450721642553435120 gcd, s, t = gmpy2 .gcdext(e1, e2) if s < 0: s = -s m1 = gmpy2.invert(m1, n) if t < 0: t = -t m2 = gmpy2.invert(m2, n) m1 = gmpy2.powmod(m1, s, n) m2 = gmpy2.powmod(m2, t, n) m = m1 * m2 % n flag = long_to_bytes(m) print(flag
1.3K10编辑于 2024-02-28 - 来自专栏Ga1@xy's W0r1d
Python 学习笔记(4.19更)
> x=7 > eval('x*3') 21 > a='abc' > for i in range(len(a)): print eval('0x'+a[i]) 10 11 12 gmpy2 求整数解 # gmpy2.iroot(a,b) a开b次方,返回一个xy元组,y=1的话结果是整数 > import gmpy2 > x=18 > y=9 > i=0 > while 1: if (gmpy2.iroot(x+i*y,2)[1]==1): print gmpy2.iroot(x+i*y,2) break i=i+1 (mpz(6)
42140编辑于 2023-04-25 - 来自专栏简言之
攻防世界-Crypto-进阶
求解私钥: from Crypto.PublicKey import RSA import gmpy n = long(3104649130901425335933838103517383) e = long 解密脚本: 准备: 1.我首先需要pcapng另存为pcap文件 2.需要python库:gmpy2,pycrypto,pypcapfile 3.将脚本和bob_alice_encrypted.pcap 放在一起,然后运行脚本 from Crypto.PublicKey import RSA import gmpy2 # Alice's public encryption parameters n1 import json, binascii # 用 gmpy 算模反元素,回传转成 int 的结果 def modinv(a, m): return int(gmpy.invert(gmpy.mpz (a), gmpy.mpz(m))) def chinese_remainder(n, a): #中国剩余定理 sum = 0 prod = reduce(lambda a, b:
1.7K20编辑于 2022-12-28 - 来自专栏Ga1@xy's W0r1d
WUST-CTF2020部分wp
73069886771625642807435783661014062604264768481735145873508846925735521695159 e = 65537 yafu分解n得到p,q,然后就是裸的rsa,跑脚本得到flag import gmpy2 import libnum p = gmpy2.mpz(386123125371923651191219869811293586459) q = gmpy2.mpz(189239861511125143212536989589123569301 ) e = gmpy2.mpz(65537) l = (p-1)*(q-1) d = gmpy2.invert(e,l) c = gmpy2.mpz(28767758880940662779934612526152562406674613203406706867456395986985664083182
78620编辑于 2023-04-25 BUUCTF RSA 1
或用工具求解,参考这篇文章https://blog.csdn.net/MikeCoke/article/details/105967809 import gmpy2 p = 473398607161 q = 4511491 e = 17 d = int(gmpy2.invert(e, (p-1)*(q-1))) print(d) flag: 125631357777427553
28111编辑于 2025-08-18- 来自专栏湛卢工作室
RSA常见解题思路及技巧
1已知p、q、e,求d 求d脚本:get-d.py//rsatool.py(需gmpy模块) 例: 在一次RSA密钥对生成中,假设p=473398607161,q=4511911,e=17,求解d。 代码: import gmpy2 p = gmpy2.mpz(473398607161) q = gmpy2.mpz(4511491) e = gmpy2.mpz(17) phi = (p - 1) * (q - 1) d = gmpy2.invert(e, phi) print d ?
5.4K30发布于 2019-11-20 - 来自专栏杂文共赏
angstromctf-2019-部分WriteUp
import gmpy2 import binascii p = gmpy2.mpz(8337989838551614633430029371803892077156162494012474856684174381868510024755832450406936717727195184311114937042673575494843631977970586746618123352329889 ) q = gmpy2.mpz(7755060911995462151580541927524289685569492828780752345560845093073545403776129013139174889414744570087561926915046519199304042166351530778365529171009493 ) e = gmpy2.mpz(65537) phi_n = (p - 1) * (q - 1) d = gmpy2.invert(e, phi_n) print ("private key:") print (d) c = gmpy2.mpz(7022848098469230958320047471938217952907600532361296142412318653611729265921488278588086423574875352145477376594391159805651080223698576708934993951618464460109422377329972737876060167903857613763294932326619266281725900497427458047861973153012506595691389361443123047595975834017549312356282859235890330349
1.6K50发布于 2019-04-26 - 来自专栏安恒网络空间安全讲武堂
RSA原理
# coding: utf-8 from Crypto.PublicKey import RSA import gmpy2 import codecs pub=RSA.importKey(open( .gcd(n1,n2) p1=n1//q p2=n2//q d1=gmpy2.invert(e1,(p1-1)*(q-1)) d2=gmpy2.invert(e2,(p2-1)*(q-1)) while ='0'+ m1 print m1.decode('hex') print m2.decode('hex') 0x04 低指数攻击 e=3时进行低指数攻击 # coding:utf-8 import gmpy2 .invert(c1,n)#若s1为负,s1取正,c1取逆 if(s2<0): s2=-s2 c2=gmpy2.invert(c2,n) m=libnum.n2s((pow(c1,s1, 按照本文的中国剩余定理小节容易求得m^e的值,当e较小时直接开e方即可,可使用gmpy2.iroot(M,e)。
3.6K30发布于 2018-12-24 - 来自专栏安恒网络空间安全讲武堂
由suctf一道题学到的中国余子式定理
联立方程组: 在集合{0,1,2……n-1}有唯一解: x= 其中Mi=n/ni,si(mod ni) (n=0,1,2,…k) 上边这道题用程序来解的话是这样的: import gmpy2 n = [ N *= i M = [] for i in n: M.append(N/i) s = [] for i in range(len(n)): s.append(gmpy2 还是上边的脚本,稍作修改: #coding:utf-8 import gmpy2 with open('sand.txt','r') as f: sand_src = f.readlines *= i M = [] for i in holes: M.append(n/i) s = [] for i in range(len(holes)): s.append(gmpy2
60930发布于 2018-06-26 - 来自专栏十二惊惶的网络安全研究记录
BJDCTF2020
250474028594377426111821218884061933467907597574578255066146260367094595399741196827532923836761733594976933366636149201492628708413319929361097646526652140204561542573663223469009835925309935515892458499676903149172534494580503088868430625144808189083708827363335045028702993282231537893799541685169911232442 Euler_function = n - final_p_and_q + 1 d = int(gmpy2 题目描述直接给出,模的相关攻击,再看一下给出的附件,发现两次的N是相同的,所以可以确定是共模攻击 from Crypto.Util.number import long_to_bytes import gmpy2 11298697323140988812057735324285908480504721454145796535014418738959035245600679947297874517818928181509081545027056523790022598233918011261011973196386395689371526774785582326121959186195586069851592467637819366624044133661016373360885158956955263645614345881350494012328275215821306955212788282617812686548883151066866149060363482958708364726982908798340182288702101023393839781427386537230459436512613047311585875068008210818996941460156589314135010438362447522428206884944952639826677247819066812706835773107059567082822312300721049827013660418610265189288840247186598145741724084351633508492707755206886202876227 # s & t gcd, s, t = gmpy2 .gcdext(e1, e2) if s < 0: s = -s message1 = gmpy2.invert(message1, n) if t < 0: t = -t message2 = gmpy2.invert(message2, n) plain = gmpy2.powmod(message1, s, n) * gmpy2.powmod(message2, t,
52110编辑于 2024-02-28 - 来自专栏安恒网络空间安全讲武堂
利用通用伪造签名绕过ElGamal
== 1 and '0' + m or m e = getRandomRange(2,p-1) #获得2,p-1之间的随机整数 v = getRandomRange(2,p-1) while gmpy2 = 1 : v = getRandomRange(2,p-1) r = gmpy2.powmod(g,e,p) * gmpy2.powmod(pk,v,p) % p s = (-r * mul_inv hashlib import sha1 import string from Crypto import Random from Crypto.Util.number import * import gmpy2 return len(m) % 2 == 1 and '0' + m or m e = getRandomRange(2,p-1) v = getRandomRange(2,p-1) while gmpy2 = 1 : v = getRandomRange(2,p-1) r = gmpy2.powmod(g,e,p) * gmpy2.powmod(pk,v,p) % p s = (-r * mul_inv
1.3K60发布于 2018-02-06 - 来自专栏宅男的天台
hgame-week2-writeup
Crypto signin 拿到一个 Python 程序 然后同样是安装库的问题,gmpy2 库在我电脑上编译不了,可能是什么库少装了。 Python 高版本解决方式: 在:https://www.lfd.uci.edu/~gohlke/pythonlibs/ 下载gmpy2安装包 选择合适的版本,下载并安装: pip install m % p c = a * m % p c = am(mod p) 然后得出m = c/a(mod p) 因为模运算中的除法操作是靠逆元实现的,所以c/a在模运算中应该写成c*(a的逆元) 这里利用 gmpy2 cipher = pow(s2n(FLAG), 2, n) 百度得知 rabin 加密的操作和本题相同 查看rabin解密流程 写程序: from libnum import * import gmpy2 .invert(p, q) yq = gmpy2.invert(q, p) a = (yp*p*mq + yq*q*mp) % n b = n - a c = (yp*p*mq - yq*q*mp)
74420编辑于 2022-09-19 - 来自专栏网络安全【故里】
河南金盾信安CTF
/usr/bin/env python3 \# coding:utf-8 \#power by jedi import gmpy2 import binascii p = gmpy2 159303842369547814925693476555868814571858842104258697105149515713993443203825659998652654127374510196025599003730143012113707484839253123496857732128701609968752699400092431858926716649428960535283324598902169712222454699617671683675932795780343545970625533166831907970102480122242685830820463772025494712199) q = gmpy2 (cnblogs.com) 图片 from libnum import n2s,s2n from gmpy2 import invert def egcd(a, b): if a == 0: 之后再转字符串得到flag 图片 图片 flag{m-co-pr1m3} CRYPTO-simpleR 又又又是个rsa,只给了c,e 用低加密指数分解攻击,爆破得到flag 脚本如下 import gmpy2 3136716033731914452763044128945241240021620048803150767745968848345189851269112855865110275244336447973330360214689062351028386721896599362080560109450218446175674155425523734453425305156053870568600329 m = gmpy2
1.2K60编辑于 2023-04-21
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号