MISC

Sanity Check

  • 题目描述如下:加入Discord,在Discord上找flag

image-20240629220216927

  • 加入后在此处找到flag: uiuctf{plz_n0_ch4tGPT}

image-20240629220309274

CRYPTO

X Marked the Spot

  • 题目:给了个python代码和异或生成的密文(二进制文件)

image-20240629220438454

  • python代码如下:
1
2
3
4
5
6
7
8
9
10
from itertools import cycle

flag = b"uiuctf{????????????????????????????????????????}"
# len(flag) = 48
key  = b"????????"
# len(key) = 8
ct = bytes(x ^ y for x, y in zip(flag, cycle(key)))

with open("ct", "wb") as ct_file:
    ct_file.write(ct)

  • 思路:由flag的格式可以知道flag的前7位字符串 uiuctf{这时可以将密文的前7个字节提取出来,按顺序与uiuctf{异或操作,然后后之间可以得到key的前7为,然后最后一位采取爆破。在爆破的密文找到最后一位是}的字符串即可得到flag

  • exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# 以二进制读取模式打开文件ct
with open("D:\\CTF附件\\UIUCTF\\密码\\XMarkedtheSpot", "rb") as ct_file:
    # 读取文件内容
    ct_data = ct_file.read()

# 将二进制数据解码为字符串
binary_data1 = ct_data
binary_data = [bin(byte) for byte in ct_data]
print(binary_data1)
# 输出结果
for byte, binary in zip(ct_data, binary_data):
    print(f"{byte}",end=',')
list1 = [117,105,117,99,116,102,123]
list2 = [29,13,28,18,22,0,17,31,88,16,54,27,23,83,30,46,28,12,90,46,17,18,94,3,28,59,11,4,22,57,94,29,93,84,54,5,10,85,53,66,6,0,72,80,67,71,75,12]
key = []
print('')
for i in range(7):
    key = list1[i]^list2[i]
    print(key,end=',')
key = [104,100,105,113,98,102,106]
for a in range(255):
    b =key + [a]
    for i in range(48):
        print(chr(b[i%8]^list2[i]),end='')
    print('')
# uiuctf{n0t_ju5t_th3_st4rt_but_4l50_th3_3nd!!!!!}

Without a Trace

  • 题目是关于一个矩阵的,而且是靶机题,需要nacat到靶机上

  • 题目附件给了关于矩阵的一些运算,让用户输入一个对角矩阵。flag被分成5份,第n份被放在第n行第n列,也构成一个对角矩阵

  • 将这两个对角矩阵相乘,然后最后将输出相乘后对角矩阵的迹(矩阵对角元素的和)

  • 原理后就是简单的解方程题目了,直接就系数1 1 1 1 1 2 1 1 1 11 2 1 1 1 1 1 2 1 1 1 1 1 2 1 1 1 1 1 2解出每块flag的数值即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import numpy as np
from Crypto.Util.number import bytes_to_long
from itertools import permutations
from SECRET import FLAG

# 提示输入对角矩阵,如果输入不正确就返回None,输入正确就返回用户所输入的对角矩阵
#################################################################
def inputs():
    print("[WAT] Define diag(u1, u2, u3. u4, u5)")
    M = [
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
    ]
    for i in range(5):
        try:
            M[i][i] = int(input(f"[WAT] u{i + 1} = "))
        except:
            return None
    return M
###############################################################


# 定义一个信号检查函数,如果出现该信号,则抛出异常
def handler(signum, frame):
    raise Exception("[WAT] You're trying too hard, try something simpler")

# 检查对角矩阵M,
def check(M):
    def sign(sigma):
        l = 0
        for i in range(5):
            for j in range(i + 1, 5):
                if sigma[i] > sigma[j]:
                    l += 1
        return (-1)**l # 判断逆序数,并返回τ

    res = 0
    for sigma in permutations([0,1,2,3,4]):
        curr = 1
        for i in range(5):
            curr *= M[sigma[i]][i]
        res += sign(sigma) * curr
    return res # res为行列式M的值

def fun(M):
    f = [bytes_to_long(bytes(FLAG[5*i:5*(i+1)], 'utf-8')) for i in range(5)]
    F = [
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
    ]
    for i in range(5):
        F[i][i] = f[i]
# 将flag分成5分,第n份保存在第n行第n列的对角矩阵中
    try:
        R = np.matmul(F, M) # 计算矩阵F和矩阵M的乘积,返回矩阵乘法的结果,相乘后的矩阵乘法还是对角矩阵
        return np.trace(R)  # 返回R的迹,对角线元素之和

    except:
        print("[WAT] You're trying too hard, try something simpler")
        return None

def main():
    print("[WAT] Welcome")
    M = inputs()
    if M is None:
        print("[WAT] You tried something weird...")
        return
    elif check(M) == 0:
        print("[WAT] It's not going to be that easy...")
        return

    res = fun(M)
    if res == None:
        print("[WAT] You tried something weird...")
        return
    print(f"[WAT] Have fun: {res}")

if __name__ == "__main__":
    main()
  • 下面是nc输入的过程

image-20240629225531198

image-20240629225600015

image-20240629225610931

image-20240629225618752

image-20240629225626949

image-20240629225639292

  • 得到这些值后,直接写python解出flag
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import libnum
f1 = 2504408575853 - 2000128101369
f2 = 2440285994541 - 2000128101369
f3 = 2426159182680 - 2000128101369
f4 = 2163980646766 - 2000128101369
f5 = 2465934208374 - 2000128101369
print(f5)
list = [504280474484,440157893172,426031081311,163852545397,465806107005]
for i in range(5):
    print(libnum.n2s(list[i]))
# b'uiuct'
# b'f{tr4'
# b'c1ng_'
# b'&&_mu'
# b'lt5!}'

Determined

  • 还是一个靶机题目,nc过去获取数据,本质考点还是具有公共素数,求两数的最大公因数。
  • 题目描述

image-20240629233006449

  • 题目给了三个附件
  • server附件:将rsa加密的p、q还有另外的一个r放在矩阵里面,然后让用户输入矩阵中某些地方的值,计算出5阶方阵的行列式
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
from Crypto.Util.number import bytes_to_long, long_to_bytes
from itertools import permutations
from SECRET import FLAG, p, q, r



def inputs():
    print("[DET] First things first, gimme some numbers:")
    M = [
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
        [0, 0, 0, 0, 0],
    ]
    try:
        M[0][0] = p
        M[0][2] = int(input("[DET] M[0][2] = "))
        M[0][4] = int(input("[DET] M[0][4] = "))

        M[1][1] = int(input("[DET] M[1][1] = "))
        M[1][3] = int(input("[DET] M[1][3] = "))

        M[2][0] = int(input("[DET] M[2][0] = "))
        M[2][2] = int(input("[DET] M[2][2] = "))
        M[2][4] = int(input("[DET] M[2][4] = "))

        M[3][1] = q
        M[3][3] = r

        M[4][0] = int(input("[DET] M[4][0] = "))
        M[4][2] = int(input("[DET] M[4][2] = "))
    except:
        return None
    return M

def handler(signum, frame):
    raise Exception("[DET] You're trying too hard, try something simpler")

def fun(M):
    def sign(sigma):
        l = 0
        for i in range(5):
            for j in range(i + 1, 5):
                if sigma[i] > sigma[j]:
                    l += 1
        return (-1)**l

    res = 0
    for sigma in permutations([0,1,2,3,4]):
        curr = 1
        for i in range(5):
            curr *= M[sigma[i]][i]
        res += sign(sigma) * curr
    return res

def main():
    print("[DET] Welcome")
    M = inputs()
    if M is None:
        print("[DET] You tried something weird...")
        return

    res = fun(M)
    print(f"[DET] Have fun: {res}")

if __name__ == "__main__":
    main()

  • gen附件:一眼rsa加密
1
2
3
4
n = 158794636700752922781275926476194117856757725604680390949164778150869764326023702391967976086363365534718230514141547968577753309521188288428236024251993839560087229636799779157903650823700424848036276986652311165197569877428810358366358203174595667453056843209344115949077094799081260298678936223331932826351
e = 65535
c = 72186625991702159773441286864850566837138114624570350089877959520356759693054091827950124758916323653021925443200239303328819702117245200182521971965172749321771266746783797202515535351816124885833031875091162736190721470393029924557370228547165074694258453101355875242872797209141366404264775972151904835111

  • gen.py附件
1
2
3
4
5
6
7
8
9
10
from SECRET import FLAG, p, q, r
from Crypto.Util.number import bytes_to_long
n = p * q
e = 65535
m = bytes_to_long(FLAG)
c = pow(m, e, n)
# printed to gen.txt
print(f"{n = }")
print(f"{e = }")
print(f"{c = }")
  • 根据提示用户输入的地方可以输入0和1构造行列式的值为p*r(或-p*r)p*q(或-p*q)
p 0 0 0 0
0 1 0 0 0
0 0 0 0 1
0 q 0 r 0
0 0 1 0 0

(泄露pr或-pr)

p 0 0 0 0
0 0 0 1 0
0 0 0 0 1
0 q 0 r 0
0 0 1 0 0
  • 然后得到下图结果

image-20240629233746344

  • 之后之间正常rsa解密即可
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import libnum
import gmpy2
a = 89650932835934569650904059412290773134844226367466628096799329748763412779644167490959554682308225788447301887591344484909099249454270292467079075688237075940004535625835151778597652605934044472146068875065970359555553547536636518184486497958414801304532202276337011187961205104209096129018950458239166991017
b = 158794636700752922781275926476194117856757725604680390949164778150869764326023702391967976086363365534718230514141547968577753309521188288428236024251993839560087229636799779157903650823700424848036276986652311165197569877428810358366358203174595667453056843209344115949077094799081260298678936223331932826351
p = gmpy2.gcd(a,b)
# p = 12664210650260034332394963174199526364356188908394557935639380180146845030597260557316300143360207302285226422265688727606524707066404145712652679087174119
n = 158794636700752922781275926476194117856757725604680390949164778150869764326023702391967976086363365534718230514141547968577753309521188288428236024251993839560087229636799779157903650823700424848036276986652311165197569877428810358366358203174595667453056843209344115949077094799081260298678936223331932826351
e = 65535
c = 72186625991702159773441286864850566837138114624570350089877959520356759693054091827950124758916323653021925443200239303328819702117245200182521971965172749321771266746783797202515535351816124885833031875091162736190721470393029924557370228547165074694258453101355875242872797209141366404264775972151904835111
q = n//p
phi_n = (p-1)*(q-1)
d = gmpy2.invert(e,phi_n)
m = pow(c,d,n)
print(libnum.n2s(int(m)))
# uiuctf{h4rd_w0rk_&&_d3t3rm1n4t10n}