这是几次方？ 疑惑​

题目​

题目描述如下

^ w ^

^ 小猫的眼睛在 Python 里面到底是什么意思？不如先看看大蟒蛇运算符号的优先级吧

题目代码如下

python

from Crypto.Util.number import *


flag = b'flag{*****}'
p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537

m = bytes_to_long(flag)
c = pow(m, e, n)

hint = p^e + 10086

print("c =", c)
print("[n, e] =", [n, e])
print("hint =", hint)
'''
c = 36513006092776816463005807690891878445084897511693065366878424579653926750135820835708001956534802873403195178517427725389634058598049226914694122804888321427912070308432512908833529417531492965615348806470164107231108504308584954154513331333004804817854315094324454847081460199485733298227480134551273155762
[n, e] = [124455847177872829086850368685666872009698526875425204001499218854100257535484730033567552600005229013042351828575037023159889870271253559515001300645102569745482135768148755333759957370341658601268473878114399708702841974488367343570414404038862892863275173656133199924484523427712604601606674219929087411261, 65537]
hint = 12578819356802034679792891975754306960297043516674290901441811200649679289740456805726985390445432800908006773857670255951581884098015799603908242531673390
'''

出题思路：之前有遇到过运算符优先级的易错点，便拿来出题，异或运算符是先计算两边再进行异或的

解析​

结合题目描述，在网上搜索并用 AI 解读描述

在 Python 中异或先计算两边，再进行异或操作

EXP​

python

from Crypto.Util.number import *
c = 36513006092776816463005807690891878445084897511693065366878424579653926750135820835708001956534802873403195178517427725389634058598049226914694122804888321427912070308432512908833529417531492965615348806470164107231108504308584954154513331333004804817854315094324454847081460199485733298227480134551273155762
n, e = 124455847177872829086850368685666872009698526875425204001499218854100257535484730033567552600005229013042351828575037023159889870271253559515001300645102569745482135768148755333759957370341658601268473878114399708702841974488367343570414404038862892863275173656133199924484523427712604601606674219929087411261, 65537
hint = 12578819356802034679792891975754306960297043516674290901441811200649679289740456805726985390445432800908006773857670255951581884098015799603908242531673390

p = hint ^ e + 10086
q = n // p
phi = (p-1)*(q-1)
d = inverse(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m).decode())
# flag{yihuo_yuan_lai_xian_ji_suan_liang_bian_de2333}

Since you konw something​

题目代码如下

python

from pwn import xor
# The Python pwntools library has a convenient xor() function that can XOR together data of different types and lengths
from Crypto.Util.number import bytes_to_long

key = ?? # extremely short
FLAG = 'flag{????????}'
c = bytes_to_long(xor(FLAG,key))

print("c={}".format(c))

'''
c=218950457292639210021937048771508243745941011391746420225459726647571
'''

又是简单的签到题，出现了上周的老朋友 xor()

此题注释非常重要，希望新生能够充分地利用泄露的信息，即 flag 的前一部分

这道题可以关注的地方是 flag 的格式是明确的 flag{ 开头，结合注释，key 极短，直接把 c 和 flag{ 异或一下看看

python

from pwn import xor
from Crypto.Util.number import long_to_bytes

flag_head = 'flag{'
c=218950457292639210021937048771508243745941011391746420225459726647571
guess_key = xor(long_to_bytes(c), flag_head)
print(guess_key)
# b"nsnsnL2gVcf/xKa}1MQ8z@m'aa1`t"

可以看到，key 的前一部分是重复的 ns，不难猜测 key 就是 ns

python

from pwn import xor
from Crypto.Util.number import long_to_bytes
c=218950457292639210021937048771508243745941011391746420225459726647571
key='ns'
flag = xor(long_to_bytes(c),key)
print(flag)
# b'flag{Y0u_kn0w_th3_X0r_b3tt3r}'

just one and more than two​

很常见的 RSA 板子题。在一般的 RSA 中，我们有φ(n)=φ(p)∗φ(q)=(p−1)(q−1)

如果你不知道，那就再回去温习一下 Week 1 中对于 RSA 的相关知识

针对 just one 的情况：φ(n)=φ(p)=p−1

针对 more than two 的情况：φ(n)=φ(p)∗φ(q)∗φ(r)=(p−1)(q−1)(r−1)

其他和普通 RSA 一样解即可

实际上还会有其他情况，只要大家对欧拉函数有足够的了解，这类问题一定可以迎刃而解的

python

from Crypto.Util.number import *
p=11867061353246233251584761575576071264056514705066766922825303434965272105673287382545586304271607224747442087588050625742380204503331976589883604074235133
q=11873178589368883675890917699819207736397010385081364225879431054112944129299850257938753554259645705535337054802699202512825107090843889676443867510412393
r=12897499208983423232868869100223973634537663127759671894357936868650239679942565058234189535395732577137079689110541612150759420022709417457551292448732371
c1=8705739659634329013157482960027934795454950884941966136315983526808527784650002967954059125075894300750418062742140200130188545338806355927273170470295451
c2=1004454248332792626131205259568148422136121342421144637194771487691844257449866491626726822289975189661332527496380578001514976911349965774838476334431923162269315555654716024616432373992288127966016197043606785386738961886826177232627159894038652924267065612922880048963182518107479487219900530746076603182269336917003411508524223257315597473638623530380492690984112891827897831400759409394315311767776323920195436460284244090970865474530727893555217020636612445
e=65537

phi_1 = p-1
d1 = inverse(e, phi_1)
m1 = pow(c1, d1, p)

phi_2 = (p-1)*(q-1)*(r-1)
d2 = inverse(e, phi_2)
m2 = pow(c2, d2, p*q*r)

print(long_to_bytes(m1)+long_to_bytes(m2))
# b'flag{Y0u_re4lly_kn0w_Euler_4nd_N3xt_Eu1er_is_Y0u!}'

茶里茶气​

简单的 TEA（Tiny Encryption Algorithm）加密算法

只需要逆推一下过程，然后把字符串拼接在一起转成字符即可

对于 v2 这个变量，先进行正推得到最终值，再倒退进行解密（数量级不大，使用乘法和加法都可以）

注意每一步都要取模

python

v2 = 0
delta = 462861781278454071588539315363
v3 = 489552116384728571199414424951
v4 = 469728069391226765421086670817
v5 = 564098252372959621721124077407
v6 = 335640247620454039831329381071
l  = 199
p  = 446302455051275584229157195942211
v0 = 190997821330413928409069858571234
v1 = 137340509740671759939138452113480

for i in range( 32 ):
    v2 += delta ; v2 %= p

for i in range(32):
    v2 -= delta ; v2 %= p
    v0 -= (v1+v2) ^ ( 8*v1 + v5 ) ^ ( (v1>>7) + v6 ) ; v0 %= p
    v1 -= (v0+v2) ^ ( 8*v0 + v3 ) ^ ( (v0>>7) + v4 ) ; v1 %= p

a = hex((v0<<((l//2))) + v1)[2:]

flag = ""
for i in range(0,len(a),2):
    flag += chr(int(a[i]+a[i+1],16))

print(flag)
# flag{f14gg9_te2_1i_7ea_7}