#zer0ptsCTF2022 from Crypto.Util.number import isPrime, getPrime, getRandomRange, inverse import os import signal signal.alarm(300) flag = os.environ.get("FLAG", "0nepoint{GOLDEN SMILE & SILVER TEARS}") flag = int(flag.encode().hex(), 16) …

Extract 、難しいですよね。リストのスライスっぽく使える関数を用意しました def extract_as_list(x, l=None, r=None): """ splice [l, r) 011110011.....1011 ^^^^^^^^^ ^ 012345678.........size """ size = x.size() if l is None: l = 0 if r is None: …

を 体上の楕円曲線とする。の次のねじれ (n'th torsion (subgroup)) とは、次のような点の集合からなる代数的閉包である。つまり位数の点の集合 具体的なはdivision polynomialから求められる（n-th torsion pointはn-th division polynomialのrootをx座標と…

#pwn2win2021 import hashlib import hmac import os flag = open("flag.txt", "rb").read() p = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC b = 0x5AC6…

#pwn2win2021 kangurei_2d5cf6c7539fce2f747b905167b0dce3904181b760b0d1bab7adbd2151665547.tar.gz hellman — Today at 3:30 AM kangurei: look at the encryption and notice that the quadratic map does not have full rank (only 48/64); => check for …

#diceCTF_2021 #good_challenges_2021 Two agents, Blex and Kane, have simultaneously known very secret message and transmitted it to Center. You know following: 1) They used RSA with this public key 2) They sent exactly the same messages exc…

#corctf2021 from Crypto.Cipher import AES from Crypto.Util import Counter from Crypto.Util.Padding import pad, unpad from Crypto.Util.number import bytes_to_long import os flag = open("/challenge/flag.txt").read().encode() key = os.urandom…

#wani_ctf_2023 import os import random ANSWER = list(range(10**4)) random.shuffle(ANSWER) CHANCE = 15 def peep(): global CHANCE if CHANCE <= 0: print("You ran out of CHANCE. Bye!") exit(1) CHANCE -= 1 index = map(int, input("Index (space-s…

require "functions_framework" require "digest/sha2" fail unless ENV["FLAG"] key = JSON.parse(File.read("pubkey.txt")) n = key["n"].to_i k = key["k"].to_i EXPECTED_MESSAGE = 'SUNSHINE RHYTHM' FunctionsFramework.http("index") do |request| if…

#Polynomial #GCD あとから考えたらこれFranklin-Reiter Related Message Attackだな で 各c, a, eと nが与えられる を考える。上だから自明になのでこの多項式はそれぞれで割り切れる。 したがって が得られる。一変数多項式のgcd ただし、こうして得た一次…

#hakatashi #TSGCTF_2021 require 'openssl' require 'digest' STDOUT.sync = true class OpenSSL::PKey::EC::Point def xy n = to_bn(:uncompressed).to_i mask = (1 << group.degree) - 1 return (n >> group.degree) & mask, n & mask end alias_method :…

#TAMUCTF19 https://ctftime.org/task/7711 XUBdTFdScw5XCVRGTglJXEpMSFpOQE5AVVxJBRpLT10aYBpIVwlbCVZATl1WTBpaTkBOQFVcSQdH from pwn import * import base64 text = base64.b64decode('XUBdTFdScw5XCVRGTglJXEpMSFpOQE5AVVxJBRpLT10aYBpIVwlbCVZATl1WTBpa…

#SecurinetsCTFQuals2019 https://ctftime.org/task/7853 One member of our team, piece of sh#t an#s_boss, made a huge mistake using multi time pad. He knew that the OTP, if it is well applied, it is unbreakable. But this usesless brainless re…

https://www.ipa.go.jp/security/pki/024.html がわかりやすいと思うので参考にする。目的としては Alice と Bobの通信において、Bobは#### 受け取ったメッセージが確かにAliceからのものであるか確かめたいと思っている。このために署名を行うが、署名の処…

Paillier暗号 https://furutsuki.hatenablog.com/entry/2020/06/01/023111#cryptorev-S1-Protocol

https://ctftime.org/task/7823 #pragyanctf It's a new age Order of the Phoenix. The current members are: Harry Hermione Ron George Charlie Bill Ginny Fleur Luna Neville Each of them has a secret QR code associated with him/her which is give…

DLPやECDLPを解く手法。乱択アルゴリズム [** Pollard's for ECDLP] def pollard_rho(P, Q, G, order): """ Q = xP G: generator """ a, b, x = 0, 0, (1, 0) A, B, X = a, b, x def walk(a, b, x): if x[0] % 3 == 0: return (a*2) % order, (b*2) % order,…

#midnightsun2021finals sage: q = 1 ....: while not q.is_prime(): ....: q = 2*random_prime(2**511, proof=False) + 1 ....: ....: def smooth(b, B): ....: n = 1 ....: while log(n)/log(2) < b: ....: n *= random_prime(B, proof=False) ....: retur…

#LINECTF2022 package main import ( "bufio" "crypto/aes" "crypto/rand" "crypto/sha256" "crypto/sha512" "crypto/tls" "fmt" "log" "net" "github.com/andreburgaud/crypt2go/ecb" ) func main() { var key0 [32]byte var key1 [32]byte var zero_value …

#inctf2021 #include <vector> #include <string> #include <random> #include <sstream> #include <iostream> #include <algorithm> #include <boost/lexical_cast.hpp> #include "utils.cpp" #define HIGH 9 #define LOW 0 using namespace std; //####################################################################…</boost/lexical_cast.hpp></algorithm></iostream></sstream></random></string></vector>

#inctf2020 PolynomialRSA sage: p 2470567871 sage: n 1932231392*x^255 + 1432733708*x^254 + 1270867914*x^253 + 1573324635*x^252 + 2378103997*x^251 + 820889786*x^250 + 762279735*x^249 + 1378353578*x^248 + 1226179520*x^247 + 657116276*x^246 + …

#googlectf2021 #!/usr/bin/env dart import 'dart:convert'; import 'dart:io'; // NOTE: calculate and randomize functions are private (i.e., you don't have access). import 'package:ctf_story/private.dart' show calculate, randomize; int main(L…

#fwordctf2021

#downunderctf2021 import sqlite3 from Crypto.PublicKey import RSA from math import gcd from Crypto.Util.number import isPrime from Crypto.Cipher import PKCS1_OAEP, AES def dict_factory(cursor, row): d = {} for idx, col in enumerate(cursor.…

#downunderctf2021

import os class AffinePoint: def __init__(self, curve, x, y): self.curve = curve self.x = x self.y = y def __add__(self, other): return self.curve.add(self, other) def __iadd__(self, other): return self.__add__(other) def __rmul__(self, sc…

#cryptoctf2021 #!/usr/bin/env python3 from Crypto.Util.number import * from flag import flag l = len(flag) m_1, m_2 = flag[: l // 2], flag[l // 2:] x, y = bytes_to_long(m_1), bytes_to_long(m_2) k = ''' 000bfdc32162934ad6a054b4b3db8578674e2…

#CrewCTF_2022 #uninterested_challenge_list from Crypto.PublicKey import RSA from Crypto.Util.number import bytes_to_long import random import binascii from secret import flag e = 3 BITSIZE = 8192 key = RSA.generate(BITSIZE) n = key.n flag …

https://github.com/DDOS-Attacks/ctf-writeups/tree/master/2019/BambooFox%20CTF%202019/Crypto/Oil%20Circuit%20Breaker

#RSA #LSBLeakAttack #!/usr/bin/env python3 from Crypto.Util.number import * with open("flag", "rb") as f: flag = int.from_bytes(f.read(), "big") def genkeys(): e = 65537 while True: p, q = getPrime(512), getPrime(512) n, phi = p * q, (p - …