CTF-Crypto题目cr4-poor-rsa的WriteUp

cr4-poor-rsa

题目描述:

附件:

CTF-cr4-poor-rsa-writeup_python

涉及知识点:

RSA
RSA是一种公钥加密算法,RSA算法的具体描述如下:

  1. 任意选取两个不同的大素数p和q计算乘积

    CTF-cr4-poor-rsa-writeup_php_02

  2. 任意选取一个大整数e,满足

    CTF-cr4-poor-rsa-writeup_php_03

    ,整数e用做加密钥(注意:e的选取是很容易的,例如,所有大于p和q的素数都可用)

  3. 确定的解密钥d,满足

    CTF-cr4-poor-rsa-writeup_后缀_04

    ,即

    CTF-cr4-poor-rsa-writeup_公钥加密_05

    是一个任意的整数;所以,若知道e和

    CTF-cr4-poor-rsa-writeup_公钥加密_06

    ,则很容易计算出d ;

  4. 公开整数n和e,秘密保存d

  5. 将明文m(m<n是一个整数)加密成密文c,加密算法为

    CTF-cr4-poor-rsa-writeup_后缀_07

  6. 将密文c解密为明文m,解密算法为

    CTF-cr4-poor-rsa-writeup_html_08

  7. 然而只根据n和e(注意:不是p和q)要计算出d是不可能的。因此,任何人都可对明文进行加密,但只有授权用户(知道d)才可对密文解密。

 

解题思路:

1.以二进制编辑打开题目所给附件,发现里面隐藏两个文件,修改文件后缀为.zip,解压得到flag.b64和key.pub
2.尝试解码flag.b64,得到乱码,考虑该文件被加密
3.尝试解析key.pub得到n和e
n=833810193564967701912362955539789451139872863794534923259743419423089229206473091408403560311191545764221310666338878019
e=65537
4.到质数库查询n分解得到的p和q
http://factordb.com/index.php?query=
p = 863653476616376575308866344984576466644942572246900013156919
q = 965445304326998194798282228842484732438457170595999523426901
5.计算φ(n),尝试获得d
6.将flag.b64进行base64解码后使用rsa算法进行解密,解码后得到flag

附件:

from Crypto.PublicKey import RSA
import gmpy2
import rsa
import base64

f = open("key.pub","rb")
pu = RSA.importKey(f.read())
#https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA-module.html

n = pu.n
e = pu.e

#print(n,e)
#quit()

p = 863653476616376575308866344984576466644942572246900013156919
q = 965445304326998194798282228842484732438457170595999523426901
#http://factordb.com/index.php?query=

fn = (p - 1) * (q - 1)

d = int(gmpy2.invert(e,fn))
#https://gmpy2.readthedocs.io/en/latest/intro.html

pri = rsa.PrivateKey(n,e,d,p,q)
#https://stuvel.eu/files/python-rsa-doc/index.html

with open("flag.b64","r") as fl:
    data = fl.read()
    datas = base64.b64decode(data)
    m = rsa.decrypt(datas,pri)
    print(m.decode("ascii"))

FLAG

ALEXCTF{SMALL_PRIMES_ARE_BAD}