2023-12-10から1日間の記事一覧
#zer0ptsCTF2021 #good_challenges_2021 from Crypto.Util.number import * from flag import flag assert len(flag) == 40 p = 74894047922780452080480621188147614680859459381887703650502711169525598419741 a1 = 224575631270940326485290529052700833…
#tetctf_2021 from collections import namedtuple from Crypto.Util.number import getPrime import random Complex = namedtuple("Complex", ["re", "im"]) def complex_mult(c1, c2, modulus): return Complex( (c1.re * c2.re - c1.im * c2.im) % modulu…
from sympy.solvers import solve from sympy import symbols x, y = symbols("x, y", integer=True) solutions = solve([x + y - 12, x*y - 4060]) for s in solutions: print(s[x], s[y])
modular sqrt # Source: https://codereview.stackexchange.com/q/43210 def legendre_symbol(a, p): """ Legendre symbol Define if a is a quadratic residue modulo odd prime http://en.wikipedia.org/wiki/Legendre_symbol """ ls = pow(a, (p - 1)//2,…
https://github.com/epicleet/write-ups/tree/master/2021/Pwn2Win
pbctf2020 半分reversing. import string from ptrlib import chunks table = {} rev_table = {} with open("table") as f: for l in f.read().strip().split("\n"): x, y, z = eval(l) table[(x,y)] = z rev_table[(y,z)] = x # plain_table = set(list(str…
#nullcon_HackIM_2022 #!/usr/bin/env sage from Crypto.Util.number import bytes_to_long, long_to_bytes from Crypto.PublicKey import RSA from secret import flag import sys msg = 'I love cookies.' key = RSA.importKey(open('privkey.pem','r').re…
gcd(phi, e) != 1のRSAで とかの場合にこれで解けるかも ちなみにこんなことをしなくてもsageにはnth_rootが実装されていてそれで良いかも Elements of \(\ZZ/n\ZZ\) — Sage 9.3 Reference Manual: Finite Rings import random def eth_root(x, e, p): """ A…
#m0lecon2021 from secret import flag from Crypto.Util.number import bytes_to_long, getStrongPrime, inverse from hashlib import sha256 import os def prepare(m): if len(m)>64: m = m[:64] elif len(m)<64: l = 64-len(m) m = m + os.urandom(l) as…
isomorphism
from pwn import * import sys import re def superpow(a, x, m): if x == 0: return 1 return pow(a, superpow(a, x-1, m-1), m) def chal(p): p.recvuntil('p = ') pp = int(p.recvuntil('\n', drop=True)) p.recvuntil('a = ') aa = int(p.recvuntil('\n'…
#corctf2021 from Crypto.Util.number import bytes_to_long, inverse from hashlib import sha256 from secrets import randbelow from private import flag from fastecdsa.curve import P256 G = P256.G N = P256.q class RNG: def __init__(self, seed, …
#corctf2021 import numpy as np import math import random flag = open('flag.txt').read() class Qubit: def __init__(self, vector): self.vec = vector def x(self): mat = np.array([[0, 1], [1, 0]]) self.vec = mat.dot(self.vec) def y(self): mat …
射のことば 全単射 のこと
#zh3ro_CTF_2021 import random from secret import flag from fractions import Fraction def score(a,b): if abs(a-b)<1/2**10: # capping score to 1024 so you dont get extra lucky return Fraction(2**10) return Fraction(2**53,int(2**53*a)-int(2**…
#UnionCTF 一般線形群上の離散対数問題 そしてこれは行列が対角化#### できないときには解ける import os from hashlib import sha1 from random import randint from Crypto.Cipher import AES from Crypto.Util.Padding import pad, unpad FLAG = b"union{…
#UTCTF_2022 import random import hashlib N = 111 MOD = 10**9+7 def get_secret_key(): key = [] for i in range(1, N): x = random.randrange(1,10) key += [i] * x random.shuffle(key) return key def compute_arr(arr, sk): for x in sk: new_arr = a…
とに対して、次を満たす整数の組が存在する これはLLLを使って効率的に求められる def thues_lemma(a, mod): ''' Find small elements x, y such that a * x = y and |x| < sqrt(mod) and |y| < sqrt(mod). ''' R = Zmod(mod) A = matrix([ [1, a], [0, mod]…
#tsg_live_ctf_10 #!/usr/bin/python3 from Crypto.Util.number import getPrime from flag import flag from sympy import nextprime dummy = b"GSTDIVE{this is a dummy}" dm = int.from_bytes(dummy,'little') assert(len(flag)==61) import secrets flag…
#TG:HACK2019 I got some mystical numbers here, but I don't know what it means. Can you help me? 84 71 49 57 123 65 83 67 73 73 95 97 110 100 95 121 111 117 95 115 104 97 108 108 95 114 101 99 101 105 118 101 125 >> "".join( chr(int(n)) for…
RSA https://eprint.iacr.org/2009/037 RSAでdが小さいときの攻撃。典型的にはWiener's_AttackやBoneh Durfee Attackだが、ここではあるに対して複数の(それぞれ比較的小さいと対応する)が与えられたときのことを考える。 とする として ここで次がなりた…
#Sekai_CTF_2022 reversing
#sandiegoctf2021
#sstf_2021
ecpyは遅い # http://mslc.ctf.su/wp/polictf-2012-crypto-500/ def hensel_lift(curve, p, point): A, B = map(int, (E.a4(), E.a6())) x, y = map(int, point.xy()) fr = y**2 - (x**3 + A*x + B) t = (- fr / p) % p t *= inverse_mod(2 * y, p) # (y**2)…
#secconbeginners2021 FLAG = b'<censored>' SIZE = 8 p = random_prime(2^128) MS = MatrixSpace(GF(p), SIZE) key = MS.random_element() while key.rank() != SIZE: key = MS.random_element() M = copy(MS.zero()) for i in range(SIZE): for j in range(SIZE): n </censored>…
#seccon2021 import os flag = os.getenv("FLAG", "fake{fakeflag_blahblah}") x = int.from_bytes(flag.encode(), "big") p = random_prime(1 << int(x.bit_length() * 2.5)) Fp = GF(p) params = [] while len(params) != 6: try: y = randint(2, x) a = r…
#ricerca_ctf_2023 #RSA #Franklin-Reiter_Related_Message_Attack #half-GCD https://furutsuki.hatenablog.com/entry/2023/04/23/143704#Rotated-Secret-Analysis
#rarctf2021 ''' Base-3 AES Just use SAGE lmao ''' T_SIZE = 3 # Fixed trits in a tryte W_SIZE = 3 # Fixed trytes in a word (determines size of matrix) POLY = (2, 0, 1, 1) # Len = T_SIZE + 1 POLY2 = ((2, 0, 1), (1, 2, 0), (0, 2, 1), (2, 0, 1…
#rtactf from Crypto.Util.number import getRandomInteger, getPrime, isPrime import os def getProthPrime(n=512): # Proth prime: https://en.wikipedia.org/wiki/Proth_prime while True: k = getRandomInteger(n) p = (2*k + 1) * (1<
