知识点:Fermat分解


首先使用openssl:

openssl rsa -text -modulus -pubin < almost_almost_almost_almost_there.pub

得到第一关的n和e(这里也可以yafu.exe)

然后使用Fermat分解,得到p和q,求得明文(即压缩包的密码)

def isqrt(n):
  x = n
  y = (x + n // x) // 2
  while y < x:
    x = y
    y = (x + n // x) // 2
  return x

def fermat(n):
	x = isqrt(n) + 1
	y = isqrt(x * x - n)

	while True:
		w = x * x - n - y * y
		if w == 0:
			break
		elif w > 0:
			y += 1
		else:
			x += 1
	return x+y, x-y
XtCgoEKksjKFWlqOSxqsEhK/+tsr1k5c


第二关:

上factordb.com得到:

rlSpJ6HbP+cZXaOuSPOe4pgfevGnXtLt

(其实题目作者的意思可能是:求第一个n和第二个n的gcd……)


第三关:

小素数暴力打表分解n

#!/usr/bin/env python
# coding=utf-8

prime = [0 for x in range(1000000)]
tot = 0
maxint = 1000000

i = 2
while i * i <= maxint:
    if prime[i] == 0:
        j = i * i
        while j < maxint:
            prime[j] = 1
            j += i
    i += 1

i = 2
while i < maxint:
    if prime[i] == 0:
        tot += 1
        prime[tot] = i
    i += 1

#print prime[1],prime[2]
#print tot

n3 = 0xBAD20CF97ED5042DF696CE4DF3E5A678CF4FB3693D3DF12DFE9FD3FD8CC8AAB8B95533E414E3FC0C377F4EE54827118B1D30561A3C741BEA7C76899789B51743E076092DF9EB05DC97EB1505CE9EB12B5AB9E10ABF56F920A58E7E00ECF05977E872834DD8584CF4AC87CB7DC50159BD962C75CBEFB6C6AC3A31A74E7D8F1E4C10D5

p = 0
q = 0
for i in xrange(1,tot+1):
    if n3 % prime[i] == 0:
        p = prime[i]
        q = n3 / prime[i]
        break
print "[+]p:",p
print "[+]q:",q


#!/usr/bin/env python
# coding=utf-8

maxint = 1000000
vis = [0 for x in range(maxint)]
prime = [0 for x in range(maxint)]
tot = 0

i = 2
while i < maxint:
    if vis[i] == 0:
        tot += 1
        prime[tot] = i
    j = 1
    while ((j <= tot) + (i * prime[j] < maxint) == 2):
        vis[i * prime[j]] = 1
        if (i % prime[j] == 0):
            break
        j += 1
    i += 1

i = 2
while i < maxint:
    if prime[i] == 0:
        tot += 1
        prime[tot] = i
    i += 1

#print prime[1],prime[2]
#print tot

n3 = 0xBAD20CF97ED5042DF696CE4DF3E5A678CF4FB3693D3DF12DFE9FD3FD8CC8AAB8B95533E414E3FC0C377F4EE54827118B1D30561A3C741BEA7C76899789B51743E076092DF9EB05DC97EB1505CE9EB12B5AB9E10ABF56F920A58E7E00ECF05977E872834DD8584CF4AC87CB7DC50159BD962C75CBEFB6C6AC3A31A74E7D8F1E4C10D5

p = 0
q = 0
for i in xrange(1,tot+1):
    if n3 % prime[i] == 0:
        p = prime[i]
        q = n3 / prime[i]
        break
print "[+]p:",p
print "[+]q:",q

然后得到明文

hQdK+dKleMJqth/dofWyFaiWp3PW7jil


第四关:

wiener-attack,直接上github搜工具就好

/3aAP5dF2zmrPh9K6A4AqMLsIiYDk2C2

就得到了flag:BKPCTF{Its_not_you,_its_rsa_(that_is_broken)}

这个题降低了很多难度,因为题目有提示:

> Alice and Bob are close together, likely because they have a lot of things in common.  This is why Alice asked him a small \*q\*uestion, about something cooler than a wiener

close together:yafu.exe或者Fermat

in common:考虑gcd

small question:小素数暴力

wiener:工具