#zer0ptsCTF2021 from Crypto.Util.number import getStrongPrime, GCD from random import randint from flag import flag import os def pad(m: int, n: int): # PKCS#1 v1.5 maybe ms = m.to_bytes((m.bit_length() + 7) // 8, "big") ns = n.to_bytes((n…

#zer0ptsCTF2021 #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include "signme.h" void authenticated(void) { puts("Thank you for signing my message!"); system("/bin/sh"); } void fatal(const char *msg) { fputs(msg, stderr); exit(1); } /** * Pad m</string.h></stdlib.h></stdio.h></unistd.h>…

#zer0ptsCTF2021 from Crypto.Util.number import* from flag import flag nbits = 256 p = random_prime(1 << nbits) Fp = Zmod(p) P.<v> = PolynomialRing(Fp) b = randrange(p) d = 2 F = v^2 + b v0 = randrange(p) v1 = F(v0) k = ceil(nbits * (d / (d + </v>…

#EllipticCurve 特異点(Singular Point)を持つ楕円曲線のこと。特異点の様子によってNode型かCusp型かに分けられる。 SingularなEllipticCurveは同型な別の群への写像を持ち、離散対数問題が簡単になることがある CuspかNodeか調べる 特異点（のx座標）を調…

#数学

#m0lecon2021

平方剰余 def legendre_symbol(a, p): ls = pow(a, (p - 1)//2, p) if ls == p - 1: return -1 return ls

https://mystiz.hk/posts/crypto-in-ctf/q3-2021/#

ので、getStrongPrimeを使った問題を見かけたときは小さい部分群を使ったsolutionを考えてみよう

いわゆる分枝限定法で、の半分程度のbit（実験によると大体53%〜が精度良く機能する）が分かっているときに素因数分解できる方法 ↓のコードでは分かっていると行ったbitのうち下位何bitかがエラーのケースに対応している。あと aeroctf と branch_and_prune …

#zh3ro_CTF_2021 from secret import flag import os import random state_len = 624*4 right_pad = random.randint(0,state_len-len(flag)) left_pad = state_len-len(flag)-right_pad state_bytes = os.urandom(left_pad)+flag+os.urandom(right_pad) stat…

#wani_ctf_2023 import os from Crypto.Util.number import bytes_to_long, getPrime flag = os.environb.get(b"FLAG", b"FAKE{THIS_IS_FAKE_FLAG}") p = getPrime(1024) q = getPrime(1024) n = p * q e = 0x10001 d = pow(e, -1, (p - 1) * (q - 1)) m = b…

#UUTCTF https://ctftime.org/task/8397 Flag is the decryption of the following: PublicKey= (114869651319530967114595389434126892905129957446815070167640244711056341561089,113) CipherText=10269275569175589823041226960202501992093822515833208…

#UTCTF https://ctftime.org/task/7796 https://furutsuki.hatenablog.com/entry/2019/03/11/203829#Cryptography-200ptsbasicscrypto

#tetctf2022 """ In this new version, I introduce a new feature: master share. A master share is always required to recover the original secret/password. I implement this feature by using the master share to "encrypt" the linear combination…

from Crypto.Util.number import getPrime, bytes_to_long from random import randint p = getPrime(2048) q = getPrime(2048) N = p * q e = 65537 with open('flag.txt', 'rb') as f: flag = bytes_to_long(f.read()) c = [] for x in range(3): m = 0 fo…

#ECDH #InvalidCurveAttack #CRT 楕円曲線の位数がある程度小さい数を含むように素因数分解できる場合に、楕円曲線のgenerator * (order / factor)をやると、位数がfactorな部分群のgeneratorが求まる（位数を調整するテク）。あとは #CRT で復元 #!/usr/bin…

#TG:HACK2019 This looks like a flag, but something is not quite right... or was it left? OB19{ocz_hjno_wvndx_otkz_ja_zixmtkodji} RotNをやる TG19{the_most_basic_type_of_encryption}

#Sekai_CTF_2022 from io import BytesIO from PIL import Image from flask import Flask, request, render_template import base64 app = Flask(__name__, template_folder="") app.config['MAX_CONTENT_LENGTH'] = 2 * 1000 * 1000 FLAG_PATH = "flag.png…

#Securinets_Quals_2022 from Crypto.Util.number import getStrongPrime, getPrime, isPrime, bytes_to_long FLAG = b"Securinets{REDACTED}" def genPrime(prime): while True: a = getPrime(256) p = 2*prime*a + 1 if isPrime(p): break while True: b =…

short integer solutions

#SECFEST_2022 https://gist.github.com/hellman/1b42cdb30bcf9eb87784b237ffe97ef2

#seccon2021 #xornet from Crypto.Util.number import bytes_to_long, long_to_bytes from Crypto.Util.Padding import pad import random from secret import msg1, msg2, flag flag = pad(flag, 96) flag1 = flag[:48] flag2 = flag[48:] # P-384 Curve p =…

#s4ctf_2021 隣接行列によって無向非巡回グラフが与えられるから、全域木の個数を返せ、という問題 全域木の個数はラプラシアン行列の余因子で与えられる from ptrlib import Socket import ast sock = Socket("198.211.127.76", 3580) while True: sock.rec…

#RCTF2021 from multiprocessing import Pool size = 2^22 flag = open("flag.txt", "rb").read() assert len(flag) == 22 assert flag[:5] == b"flag{" assert flag[-1:] == b"}" seed = flag[5:-1] # 128 bit seed = (int.from_bytes(seed,'big')<<48) + (…

#!/usr/bin/env python3 from Crypto.Util.number import isPrime, getPrime, getRandomRange, bytes_to_long from flag import flag def keygen(): p = getPrime(1024) q = p**2 + (1<<256) while not(isPrime(q)): q += 2 n = p**2 * q while True: g = ge…

#OMH2021CTF import base64 import hashlib import os import sys from datetime import datetime from Crypto.Cipher import AES def encrypt(data, key, iv): encryptor = AES.new(key, AES.MODE_CBC, IV=iv) return encryptor.encrypt(data) def pad(data…

#MidnightSunCTF_2022_Quals #!/usr/bin/python3 from sys import stdin, stdout, exit from flag import FLAG from secrets import randbelow from gmpy import next_prime p = int(next_prime(randbelow(2**512))) q = int(next_prime(randbelow(2**512)))…

#midnightsun2021finals ELFが渡される。 RSAでがもらえるオラクルがある。は32bitポインタの範囲内。 目的はを求めること。 LLLらしいがわかってない hpmv — Today at 7:03 PM Didn't even open some challenges Tabula was the best though, my favorite h…

#grocid #midnightsun2021finals sage: p1 = random_prime(2^2048) ....: p2 = next_prime(0xcafebabe * p1 + randint(0, 2^1024)) ....: ....: q1 = random_prime(2^512) ....: q2 = random_prime(2^512) ....: ....: n1 = ZZ(p1 * q1) ....: n2 = ZZ(p2 * …