AES加密

给的是一串base64,直接解密后会有Salted__字样，这主要是通过openssl加密如果不带base64就会出现Salted字段打头,以U2FsdGVkX1打头的主要是rabbit，AES，DES

rsa大整数分解

factor查询

yafu暴力破解

.\yafu-x64.exe "factor(6)"

[黑盾杯 2020]Factor

这题的q和p不互素，即n解出来有三位数

可以找一个乘积和e互素的从而计算m，flag较小只取两个因子就可以解出来

import gmpy2
from Crypto.Util.number import long_to_bytes
p= 17100682436035561357
q= 17172929050033177661
r = 11761833764528579549
n= 3454083680130687060405946528826790951695785465926614724373
e = 3
c = 1347530713288996422676156069761604101177635382955634367208
phi_n1 = [(q-1)*(r-1),(p-1)*(q-1),(p-1)*(r-1)]

# for phi_n in phi_n1:
#     print(gmpy2.gcd(e,phi_n))
print(phi_n1[0])
d=gmpy2.invert(e,phi_n1[0])
m = pow(c,d,q*r)
print(long_to_bytes(m))

e和phi不互素

通过AMM暴力求解循环域上开根

#sage
e=4
p= 182756071972245688517047475576147877841
q= 305364532854935080710443995362714630091
c= 14745090428909283741632702934793176175157287000845660394920203837824364163635
n= 55807222544207698804941555841826949089076269327839468775219849408812970713531

P.<a>=PolynomialRing(Zmod(p),implementation='NTL')
f=a^e-c
mps=f.monic().roots()

P.<a>=PolynomialRing(Zmod(q),implementation='NTL')
g=a^e-c
mqs=g.monic().roots()

for mpp in mps:
    x=mpp[0]
    for mqq in mqs:
        y=mqq[0]
        solution = hex(CRT_list([int(x), int(y)], [p, q]))[2:]
        print(solution)
        if solution.startswith('4e53'):#4e53 十六进制NS
            print(solution)

正常计算

首先算出phi

$\varphi(n)=\prod_{i=1}^{r} p_{i}^{k_{i}-1}\left(p_{i}-1\right)=\prod_{p\mid n} p^{\alpha_{p}-1}(p-1)=n\prod_{p\mid n}\left(1-\frac{1}{p}\right)$

然后算e mod phi的逆，再pow(c,d,n)就行了

ctf-crypto