rua

点击此处获得更好的阅读体验


本WP由Vanish提供

题目考点

  • RSA

  • 低指数加密攻击

解题思路

rsa低加密指数攻击,直接套先知上的一个脚本,刚开始测e=3,发现失败,于是爆破e

1
2
3
4
5
6
7
8
9
10
11
12
13
import binascii,gmpy2
def CRT(mi, ai):
assert(reduce(gmpy2.gcd,mi)==1)
assert (isinstance(mi, list) and isinstance(ai, list))
M = reduce(lambda x, y: x * y, mi)
ai_ti_Mi = [a * (M / m) * gmpy2.invert(M / m, m) for (m, a) in zip(mi, ai)]
return reduce(lambda x, y: x + y, ai_ti_Mi) % M
for e in range(1,20):
try:
m=gmpy2.iroot(CRT([n1,n2,n3], [c1,c2,c3]), e)[0]
print(binascii.unhexlify(hex(m)[2:].strip("L")))
except:
pass

Flag

1
flag{83f4dc02-22ee-44dd-abf2-2fe64f87512f}