本文主要是介绍buuctf [WUSTCTF2020]dp_leaking_1s_very_d@angerous,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
文件下载下来,把后缀名改为txt,发现
是一个已知e,n,c,dp的rsa题
那就用python写一个来解
#已知e,n,dp,c
#dp × e= x × (p−1)+1
#dp < p−1
#x < e
#x ∈ ( 0 , e )
#p-1=(e*dp-1)/ximport gmpy2
e = 65537
n = 156808343598578774957375696815188980682166740609302831099696492068246337198792510898818496239166339015207305102101431634283168544492984586566799996471150252382144148257236707247267506165670877506370253127695314163987084076462560095456635833650720606337852199362362120808707925913897956527780930423574343287847
c = 108542078809057774666748066235473292495343753790443966020636060807418393737258696352569345621488958094856305865603100885838672591764072157183336139243588435583104423268921439473113244493821692560960443688048994557463526099985303667243623711454841573922233051289561865599722004107134302070301237345400354257869
dp = 734763139918837027274765680404546851353356952885439663987181004382601658386317353877499122276686150509151221546249750373865024485652349719427182780275825for x in range(1,e):if((e*dp-1)%x==0):p=(e*dp-1)//x+1if(n%p!=0):continueq=n//pphin=(p-1)*(q-1)d=gmpy2.invert(e, phin) #求逆反m=pow(c,d,n) #表示c的的次方再取余nprint('m:',m) #十进制明文print('hex(m):',hex(m)[2:]) #十六进制明文print('flag:',bytes.fromhex(hex(m)[2:])) #十六进制转文本
得出dp*e=x8(p-1)+1可以看这个
之所以用//是因为不能让数字太大导致无法输出,小数点对最终结果无影响
buuctf的RSA2也是这个类型的,也可以如法炮制。
这篇关于buuctf [WUSTCTF2020]dp_leaking_1s_very_d@angerous的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
