2024WMCTF

发表于 分类于 阅读次数: Waline: 本文字数: 6.1k 阅读时长 ≈ 22 分钟

记录2024WMCTF——Crypto部分题解,还有小作文(bushi)

K-Cessation

task.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
from typing import List,Union,Literal
from Crypto.Util.number import long_to_bytes
import secrets
import random,string,re

class K_Cessation:
    '''
    ## Background:
    K-Cessation cipher is a cipher that uses a K bit wheel to pick the next cipher bit from plaintext bit.
    When encryption starts, the wheel starts at the last bit of the wheel.
    The wheel loops around when it reaches the end.
    For every plaintext bit, the wheel is rotated to the next bit in the wheel that matches the plaintext bit, and the distance rotated is appended to the ciphertext.

    Therefore, if the wheel is not known, it is not possible to decrypt the ciphertext. 
    Or is it?

    
    ## Example:
    To encode "youtu.be/dQw4w9WgXcQ" in 64-Cessation with the wheel 1100011011100011100110100011110110010110010100001011111011111010:
    1. convert the plaintext to bits: 01111001 01101111 01110101 01110100 01110101 00101110 01100010 01100101 00101111 01100100 01010001 01110111 00110100 01110111 00111001 01010111 01100111 01011000 01100011 01010001
    2. from wheel[-1] to the next "0" bit in the wheel, distance is 3, the current wheel position is wheel[2]
    3. from wheel[2] to the next "1" bit in the wheel, distance is 3, the current wheel position is wheel[5]
    4. repeat the steps until all bits is encoded
    5. the result is 3312121232111411211311221152515233123332223411313221112161142123243321244111111311111112111131113211132412111212112112321122115251142114213312132313311222111112


    ## Challenge:
    A flag is encoded with 64-Cessation cipher. 
    The wheel is not known. 
    The ciphertext is given in ciphertext.txt.
    The flag is only known to be an ascii string that is longer than 64 characters. 
    No part of the flag is known, which means the flag is NOT in WMCTF{} or FLAG{} format.
    When submitting, please make the flag in WMCTF{} format.
    The most significant bit of each byte is flipped with a random bit.
    You need to extract the flag from the ciphertext and submit it.
    For your convenience, a salted sha256 hash of the flag is given in flag_hash.txt.

    '''

    def __is_valid_wheel(self):
        hasZero = False
        hasOne = False
        for i in self.wheel:
            if not isinstance(i,int):
                raise ValueError("Wheel must be a list of int")
            if i == 0:
                hasZero = True
            elif i == 1:
                hasOne = True
            if i > 1 or i < 0:
                raise ValueError("Wheel must be a list of 0s and 1s")
        if not hasZero or not hasOne:
            raise ValueError("Wheel must contain at least one 0 and one 1")

    def __init__(self,wheel:List[int]):
        self.wheel = wheel
        self.__is_valid_wheel()
        self.state = -1
        self.finalized = False
    def __find_next_in_wheel(self,target:Literal[1,0]) -> List[int]:
        result = 1
        while True:
            ptr = self.state + result
            ptr = ptr % len(self.wheel)
            v = self.wheel[ptr]
            if v == target:
                self.state = ptr
                return [result]
            result+=1
    def __iter_bits(self,data:bytes):
        for b in data:
            for i in range(7,-1,-1):
                yield (b >> i) & 1
    def __check_finalized(self):
        if self.finalized:
            raise ValueError("This instance has already been finalized")
        self.finalized = True
    def encrypt(self,data:Union[str,bytes]) -> List[int]:
        self.__check_finalized()
        if isinstance(data,str):
            data = data.encode()
        out = []
        for bit in self.__iter_bits(data):
            rs = self.__find_next_in_wheel(bit)
            # print(f"bit={bit},rs={rs},state={self.state}")
            out.extend(rs)
        return out
    
    def decrypt(self,data:List[int]) -> bytes:
        self.__check_finalized()
        out = []
        for i in data:
            assert type(i) == int
            self.state = self.state + i
            self.state %= len(self.wheel)
            out.append(self.wheel[self.state])
        long = "".join(map(str,out))
        return long_to_bytes(int(long,2))

# generate a random wheel with k bits.
def random_wheel(k=64) -> List[int]:
    return [secrets.randbelow(2) for _ in range(k)]

# the most significant bit of each byte is flipped with a random bit.
def encode_ascii_with_random_msb(data:bytes) -> bytes:
    out = bytearray()
    for b in data:
        assert b < 128, "not ascii"
        b = b ^ (0b10000000 * secrets.randbelow(2))
        out.append(b)
    return bytes(out)

# for your convenience, here is the decoding function.
def decode_ascii_with_random_msb(data:bytes) -> bytes:
    out = bytearray()
    for b in data:
        b = b & 0b01111111
        out.append(b)
    return bytes(out)


if __name__ == "__main__":
    try:
        from flag import flag
        from flag import wheel
    except ImportError:
        print("flag.py not found, using test flag")
        flag = "THIS_IS_TEST_FLAG_WHEN_YOU_HEAR_THE_BUZZER_LOOK_AT_THE_FLAG_BEEEP"
        wheel = random_wheel(64)

    # wheel is wheel and 64 bits
    assert type(wheel) == list and len(wheel) == 64 and all((i in [0,1] for i in wheel))
    # flag is flag and string
    assert type(flag) == str
    # flag is ascii
    assert all((ord(c) < 128 for c in flag))
    # flag is long
    assert len(flag) > 64
    # flag does not start with wmctf{ nor does it end with }
    assert not flag.lower().startswith("wmctf{") and not flag.endswith("}")
    # flag also does not start with flag{
    assert not flag.lower().startswith("flag{")

    # the most significant bit of each byte is flipped with a random bit.
    plaintext = encode_ascii_with_random_msb(flag.encode())

    c = K_Cessation(wheel)
    ct = c.encrypt(plaintext)
    with open("ciphertext.txt","w") as f:
        f.write(str(ct))

    import hashlib
    # for you can verify the correctness of your decryption.
    # or you can brute force the flag hash, it is just a >64 length string :)
    with open("flag_hash.txt","w") as f:
        salt = secrets.token_bytes(16).hex()
        h = hashlib.sha256((salt + flag).encode()).hexdigest()
        f.write(h + ":" + salt)

    # demostration that decryption works
    c = K_Cessation(wheel)
    pt = c.decrypt(ct)
    pt = decode_ascii_with_random_msb(pt)
    print(pt)
    assert flag.encode() in pt

根据密文的值,我们可以判断出轮子中部分位置的值是相反的。比如密文第一个值是2,那么说明wheel中第一位和第二位不同

密文第4个值是3,说明wheel中第5,6位和第七位不同。根据这些约束,我们可以解方程得到wheel

exp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
ct = [2, 1, 1, 3, 1, 1, 3, 2, 1, 4, 1, 2, 3, 1, 1, 1, 2, 1, 1, 2, 2, 2, 1, 3, 1, 6, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 2, 1, 1, 3, 3, 2, 1, 1, 3, 1, 1, 1, 3, 4, 1, 3, 1, 2, 2, 4, 2, 5, 1, 1, 1, 3, 2, 1, 4, 2, 2, 1, 2, 1, 3, 1, 1, 1, 1, 1, 2, 3, 1, 2, 1, 1, 1, 1, 3, 4, 1, 2, 2, 4, 2, 5, 1, 2, 1, 2, 2, 1, 4, 1, 2, 1, 2, 1, 1, 1, 1, 1, 1, 2, 2, 1, 4, 3, 1, 2, 1, 3, 1, 3, 3, 2, 1, 3, 1, 6, 2, 1, 1, 2, 1, 2, 1, 3, 1, 1, 2, 1, 2, 1, 1, 2, 1, 2, 2, 2, 3, 1, 1, 4, 1, 3, 1, 1, 1, 2, 1, 1, 2, 4, 1, 1, 5, 2, 4, 2, 2, 1, 1, 1, 2, 1, 1, 1, 2, 1, 3, 3, 1, 1, 1, 1, 1, 2, 1, 2, 3, 1, 1, 2, 1, 1, 2, 1, 2, 1, 2, 1, 1, 1, 2, 5, 1, 1, 1, 3, 1, 1, 2, 3, 1, 2, 2, 2, 1, 3, 3, 1, 1, 2, 1, 1, 4, 3, 1, 3, 4, 1, 1, 1, 2, 1, 3, 1, 6, 1, 2, 1, 1, 3, 2, 3, 1, 2, 2, 1, 3, 2, 1, 2, 2, 2, 3, 3, 3, 1, 1, 2, 4, 1, 1, 1, 1, 1, 4, 2, 1, 4, 1, 2, 3, 2, 1, 1, 1, 2, 1, 1, 1, 2, 1, 3, 2, 1, 2, 1, 1, 1, 4, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 2, 4, 2, 1, 4, 2, 4, 2, 2, 3, 1, 2, 2, 2, 1, 3, 3, 1, 2, 1, 1, 1, 1, 3, 3, 1, 3, 1, 1, 1, 1, 3, 1, 1, 4, 2, 5, 2, 1, 3, 1, 1, 2, 3, 1, 2, 2, 1, 1, 1, 1, 1, 1, 3, 1, 2, 1, 3, 1, 2, 3, 4, 4, 3, 2, 4, 2, 1, 4, 2, 4, 1, 2, 1, 3, 1, 2, 1, 1, 1, 3, 2, 1, 2, 2, 2, 3, 3, 1, 2, 1, 3, 1, 1, 1, 2, 1, 3, 4, 2, 1, 4, 1, 2, 1, 2, 2, 2, 1, 1, 2, 1, 1, 2, 2, 2, 1, 4, 2, 1, 4, 1, 1, 1, 1, 2, 4, 4, 3, 2, 4, 2, 1, 1, 1, 1, 1, 1, 1, 4, 2, 2, 3, 1, 1, 1, 2, 1, 3, 1, 4, 1, 2, 4, 1, 2, 3, 4, 1, 3, 1, 1, 1, 2, 4, 1, 1, 1, 4, 1, 1, 4, 2, 1, 4, 2, 2, 1, 1, 1, 1, 1, 2, 3, 2, 1, 4, 3, 3, 4, 4, 3, 2, 4, 2, 1, 1, 3, 2, 4, 1, 1, 2, 3, 1, 1, 1, 2, 2, 1, 1, 1, 1, 3, 1, 1, 1, 4, 3, 3, 1, 1, 2, 1, 1, 1, 1, 3, 1, 1, 4, 2, 5, 1, 1, 4, 2, 1, 1, 1, 1, 1, 1, 2, 2, 2, 1, 1, 2, 1, 2, 1, 2, 4, 3, 1, 1, 1, 1, 3, 4, 3, 1, 1, 4, 1, 6, 2, 1, 1, 1, 3, 1, 1, 3, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 4, 3, 1, 1, 5, 4, 1, 2, 2, 4, 1, 6, 1, 2, 1, 1, 3, 1, 4, 1, 2, 1, 2, 1, 1, 1, 1, 4, 2, 2, 3, 1, 2, 3, 1, 3, 4, 1, 1, 3, 4, 2, 5, 1, 1, 1, 3, 2, 2, 3, 2, 1, 2, 2, 2, 2, 3, 1, 2, 1, 3, 3, 3, 1, 1, 2, 1, 3, 3, 1, 1, 4, 2, 5, 2, 4, 1, 2, 4, 1, 2, 1, 2, 1, 1, 1, 2, 3, 1, 2, 4, 1, 1, 4, 4, 1, 1, 2, 3, 2, 4, 2, 5, 1, 2, 1, 2, 1, 1, 2, 3, 1, 2, 1, 2, 1, 1, 3, 1, 1, 2, 1, 2, 3, 1, 1, 1, 3, 4, 1, 1, 2, 1, 1, 1, 2, 4, 2, 1, 1, 3, 1, 2, 1, 2, 2, 2, 1, 2, 2, 1, 1, 1, 2, 1, 3, 1, 1, 2, 1, 2, 3, 1, 1, 1, 3, 4, 1, 1, 2, 3, 1, 2, 3, 1, 6, 2, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 2, 1, 1, 1, 4, 2, 1, 4, 1, 2, 3, 1, 1, 2, 1]
X_64 = BooleanPolynomialRing(64, [f"x{i}" for i in range(64)])
Xs = list(X_64.gens())
eqs = []
begin = 0
for i in ct:
    for j in range(i - 1):
        if j == i-2:
            eq = Xs[(begin + j) % 64] + Xs[(begin + j + 1) % 64] + 1
            eqs.append(eq)
        else:
            eq = Xs[(begin + j) % 64] + Xs[(begin + j + 1) % 64]
            eqs.append(eq)
    begin += i

m = []
B = []
for i in eqs:
    s = []
    for x in range(len(Xs)):
        if Xs[x] in i:
            s.append(1)
        else:
            s.append(0)
    if "+ 1" in str(i):
        B.append(1)
    else:
        B.append(0)
    m.append(s)
m = matrix(GF(2), m)
B = vector(GF(2), B)

particular_solution = m.solve_right(B)
homogeneous_solutions = m.right_kernel().basis()
solution_set = [particular_solution + h for h in homogeneous_solutions]

print(solution_set)
# [(0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1), (1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0)]

把所有的解都弄出来尝试解密。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
from typing import List,Union,Literal
from Crypto.Util.number import long_to_bytes
import secrets
import random,string,re

class K_Cessation:
    '''
    ## Background:
    K-Cessation cipher is a cipher that uses a K bit wheel to pick the next cipher bit from plaintext bit.
    When encryption starts, the wheel starts at the last bit of the wheel.
    The wheel loops around when it reaches the end.
    For every plaintext bit, the wheel is rotated to the next bit in the wheel that matches the plaintext bit, and the distance rotated is appended to the ciphertext.

    Therefore, if the wheel is not known, it is not possible to decrypt the ciphertext. 
    Or is it?

    
    ## Example:
    To encode "youtu.be/dQw4w9WgXcQ" in 64-Cessation with the wheel 1100011011100011100110100011110110010110010100001011111011111010:
    1. convert the plaintext to bits: 01111001 01101111 01110101 01110100 01110101 00101110 01100010 01100101 00101111 01100100 01010001 01110111 00110100 01110111 00111001 01010111 01100111 01011000 01100011 01010001
    2. from wheel[-1] to the next "0" bit in the wheel, distance is 3, the current wheel position is wheel[2]
    3. from wheel[2] to the next "1" bit in the wheel, distance is 3, the current wheel position is wheel[5]
    4. repeat the steps until all bits is encoded
    5. the result is 3312121232111411211311221152515233123332223411313221112161142123243321244111111311111112111131113211132412111212112112321122115251142114213312132313311222111112


    ## Challenge:
    A flag is encoded with 64-Cessation cipher. 
    The wheel is not known. 
    The ciphertext is given in ciphertext.txt.
    The flag is only known to be an ascii string that is longer than 64 characters. 
    No part of the flag is known, which means the flag is NOT in WMCTF{} or FLAG{} format.
    When submitting, please make the flag in WMCTF{} format.
    The most significant bit of each byte is flipped with a random bit.
    You need to extract the flag from the ciphertext and submit it.
    For your convenience, a salted sha256 hash of the flag is given in flag_hash.txt.

    '''

    def __is_valid_wheel(self):
        hasZero = False
        hasOne = False
        for i in self.wheel:
            if not isinstance(i,int):
                raise ValueError("Wheel must be a list of int")
            if i == 0:
                hasZero = True
            elif i == 1:
                hasOne = True
            if i > 1 or i < 0:
                raise ValueError("Wheel must be a list of 0s and 1s")
        if not hasZero or not hasOne:
            raise ValueError("Wheel must contain at least one 0 and one 1")

    def __init__(self,wheel:List[int]):
        self.wheel = wheel
        self.__is_valid_wheel()
        self.state = -1
        self.finalized = False
    def __find_next_in_wheel(self,target:Literal[1,0]) -> List[int]:
        result = 1
        while True:
            ptr = self.state + result
            ptr = ptr % len(self.wheel)
            v = self.wheel[ptr]
            if v == target:
                self.state = ptr
                return [result]
            result+=1
    def __iter_bits(self,data:bytes):
        for b in data:
            for i in range(7,-1,-1):
                yield (b >> i) & 1
    def __check_finalized(self):
        if self.finalized:
            raise ValueError("This instance has already been finalized")
        self.finalized = True
    def encrypt(self,data:Union[str,bytes]) -> List[int]:
        self.__check_finalized()
        if isinstance(data,str):
            data = data.encode()
        out = []
        for bit in self.__iter_bits(data):
            rs = self.__find_next_in_wheel(bit)
            # print(f"bit={bit},rs={rs},state={self.state}")
            out.extend(rs)
        return out
    
    def decrypt(self,data:List[int]) -> bytes:
        self.__check_finalized()
        out = []
        for i in data:
            assert type(i) == int
            self.state = self.state + i
            self.state %= len(self.wheel)
            out.append(self.wheel[self.state])
        long = "".join(map(str,out))
        return long_to_bytes(int(long,2))

# generate a random wheel with k bits.
def random_wheel(k=64) -> List[int]:
    return [secrets.randbelow(2) for _ in range(k)]

# the most significant bit of each byte is flipped with a random bit.
def encode_ascii_with_random_msb(data:bytes) -> bytes:
    out = bytearray()
    for b in data:
        assert b < 128, "not ascii"
        b = b ^ (0b10000000 * secrets.randbelow(2))
        out.append(b)
    return bytes(out)

# for your convenience, here is the decoding function.
def decode_ascii_with_random_msb(data:bytes) -> bytes:
    out = bytearray()
    for b in data:
        b = b & 0b01111111
        out.append(b)
    return bytes(out)

ct = [2, 1, 1, 3, 1, 1, 3, 2, 1, 4, 1, 2, 3, 1, 1, 1, 2, 1, 1, 2, 2, 2, 1, 3, 1, 6, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 2, 1, 1, 3, 3, 2, 1, 1, 3, 1, 1, 1, 3, 4, 1, 3, 1, 2, 2, 4, 2, 5, 1, 1, 1, 3, 2, 1, 4, 2, 2, 1, 2, 1, 3, 1, 1, 1, 1, 1, 2, 3, 1, 2, 1, 1, 1, 1, 3, 4, 1, 2, 2, 4, 2, 5, 1, 2, 1, 2, 2, 1, 4, 1, 2, 1, 2, 1, 1, 1, 1, 1, 1, 2, 2, 1, 4, 3, 1, 2, 1, 3, 1, 3, 3, 2, 1, 3, 1, 6, 2, 1, 1, 2, 1, 2, 1, 3, 1, 1, 2, 1, 2, 1, 1, 2, 1, 2, 2, 2, 3, 1, 1, 4, 1, 3, 1, 1, 1, 2, 1, 1, 2, 4, 1, 1, 5, 2, 4, 2, 2, 1, 1, 1, 2, 1, 1, 1, 2, 1, 3, 3, 1, 1, 1, 1, 1, 2, 1, 2, 3, 1, 1, 2, 1, 1, 2, 1, 2, 1, 2, 1, 1, 1, 2, 5, 1, 1, 1, 3, 1, 1, 2, 3, 1, 2, 2, 2, 1, 3, 3, 1, 1, 2, 1, 1, 4, 3, 1, 3, 4, 1, 1, 1, 2, 1, 3, 1, 6, 1, 2, 1, 1, 3, 2, 3, 1, 2, 2, 1, 3, 2, 1, 2, 2, 2, 3, 3, 3, 1, 1, 2, 4, 1, 1, 1, 1, 1, 4, 2, 1, 4, 1, 2, 3, 2, 1, 1, 1, 2, 1, 1, 1, 2, 1, 3, 2, 1, 2, 1, 1, 1, 4, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 2, 4, 2, 1, 4, 2, 4, 2, 2, 3, 1, 2, 2, 2, 1, 3, 3, 1, 2, 1, 1, 1, 1, 3, 3, 1, 3, 1, 1, 1, 1, 3, 1, 1, 4, 2, 5, 2, 1, 3, 1, 1, 2, 3, 1, 2, 2, 1, 1, 1, 1, 1, 1, 3, 1, 2, 1, 3, 1, 2, 3, 4, 4, 3, 2, 4, 2, 1, 4, 2, 4, 1, 2, 1, 3, 1, 2, 1, 1, 1, 3, 2, 1, 2, 2, 2, 3, 3, 1, 2, 1, 3, 1, 1, 1, 2, 1, 3, 4, 2, 1, 4, 1, 2, 1, 2, 2, 2, 1, 1, 2, 1, 1, 2, 2, 2, 1, 4, 2, 1, 4, 1, 1, 1, 1, 2, 4, 4, 3, 2, 4, 2, 1, 1, 1, 1, 1, 1, 1, 4, 2, 2, 3, 1, 1, 1, 2, 1, 3, 1, 4, 1, 2, 4, 1, 2, 3, 4, 1, 3, 1, 1, 1, 2, 4, 1, 1, 1, 4, 1, 1, 4, 2, 1, 4, 2, 2, 1, 1, 1, 1, 1, 2, 3, 2, 1, 4, 3, 3, 4, 4, 3, 2, 4, 2, 1, 1, 3, 2, 4, 1, 1, 2, 3, 1, 1, 1, 2, 2, 1, 1, 1, 1, 3, 1, 1, 1, 4, 3, 3, 1, 1, 2, 1, 1, 1, 1, 3, 1, 1, 4, 2, 5, 1, 1, 4, 2, 1, 1, 1, 1, 1, 1, 2, 2, 2, 1, 1, 2, 1, 2, 1, 2, 4, 3, 1, 1, 1, 1, 3, 4, 3, 1, 1, 4, 1, 6, 2, 1, 1, 1, 3, 1, 1, 3, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 4, 3, 1, 1, 5, 4, 1, 2, 2, 4, 1, 6, 1, 2, 1, 1, 3, 1, 4, 1, 2, 1, 2, 1, 1, 1, 1, 4, 2, 2, 3, 1, 2, 3, 1, 3, 4, 1, 1, 3, 4, 2, 5, 1, 1, 1, 3, 2, 2, 3, 2, 1, 2, 2, 2, 2, 3, 1, 2, 1, 3, 3, 3, 1, 1, 2, 1, 3, 3, 1, 1, 4, 2, 5, 2, 4, 1, 2, 4, 1, 2, 1, 2, 1, 1, 1, 2, 3, 1, 2, 4, 1, 1, 4, 4, 1, 1, 2, 3, 2, 4, 2, 5, 1, 2, 1, 2, 1, 1, 2, 3, 1, 2, 1, 2, 1, 1, 3, 1, 1, 2, 1, 2, 3, 1, 1, 1, 3, 4, 1, 1, 2, 1, 1, 1, 2, 4, 2, 1, 1, 3, 1, 2, 1, 2, 2, 2, 1, 2, 2, 1, 1, 1, 2, 1, 3, 1, 1, 2, 1, 2, 3, 1, 1, 1, 3, 4, 1, 1, 2, 3, 1, 2, 3, 1, 6, 2, 1, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 2, 1, 1, 1, 4, 2, 1, 4, 1, 2, 3, 1, 1, 2, 1]
wheels = [(0, 1, 0, 1, 0, 0, 1, 1, 0, 0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 1, 0, 0, 0, 1, 0, 1), (1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 1, 0, 1, 0)]

for wheel in wheels:
    c = K_Cessation(wheel)
    pt = c.decrypt(ct)
    pt = decode_ascii_with_random_msb(pt)
    print(pt)
"""
b';\x10\n\x1d\x13\x1a*\x12<\x0b9$,LL4N18 \x0b\r\nH\x17RH\x17L \x08N\x0cLR\x19N\x11\x1b N\x11JH\x1aK\x1bRNH\x0c \x0f\rO\x19O\n\x11\x1bRK\x1dJ\x1a\x11\x1c\x1a \x11O\x08R\x18O \x0cO\x13\tLR\x0b\x17L L\x06L\x0cRN\x11 1O\x16\x0b\x1e"'
b'DoubleUmCtF[S33K1NG_tru7h-7h3_w1s3-f1nd_1n57e4d-17s_pr0f0und-4b5ence_n0w-g0_s0lv3-th3_3y3s-1n_N0ita]'
"""

flag:WMCTF{S33K1NG_tru7h-7h3_w1s3-f1nd_1n57e4d-17s_pr0f0und-4b5ence_n0w-g0_s0lv3-th3_3y3s-1n_N0ita}

FACRT

task.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import gmpy2
from secret import flag
from Crypto.Util.number import *
Count=20
p=getPrime(512)
q=getPrime(512)
e=65537
n=p*q
d=gmpy2.invert(e,(p-1)*(q-1))
dp=d%(p-1)
dq=d%(q-1)
print(f"n={n}")
flag=bytes_to_long(flag)
length=flag.bit_length()
print(f"length={length}")
m=[]
for i in range(Count):
    m.append(getPrime(length))
sq=[]
sq_=[]
sp=[]
for i in range(Count):
    sq.append(pow(m[i],dq,q))
    sq_.append(int('0'*32+bin(pow(m[i],dq,q))[2:][32:],2))
    sp.append(pow(m[i], dp, p))
for i in range(Count):
    assert sq_[i] < q / 32
iq=inverse(q,p)
s=[]
for i in range(Count):
    s.append(int(sq_[i]+q*(((sp[i]-sq[i])*iq)%p)))
print(f"s={s}")
print(f"c={pow(flag,e,n)}")
'''
n=147633197136297320644148532167800594954463904917041365729781214689541810163409922050566363432759473356227399211204573839844534932354354132513677032099679754947582227369942835464578888307376910610182166537589845612944804885745392209830996561055058293663757559573736079810999615542354866920007861214183738025983
length=455
s=[135516280150137458535561766358086896198348823398876741567317041366935426854394060237235814065881756890818477438426875999503748746848408802883160976139168309216479723387043154316328752466115337006276833313025698482591954333004698732007362032602920842020200559463427548622804767419825141012760232500564198606888, 87138950331850035073233755923193357352015776817591237970872234630746818824503152055070348052111940612563932340910671611099400897135890145261451245577578879099083666861166614841834235097485990689182812564858373409987914436273165881047892580175317423057893816031028632720419872660582122916390309733324086153485, 138644295462947977586933469377687701489914340911921767410183452121042506019270712424245627451242649429408423057598802920666169608453899414528460692023716837136269325732757807484480055069814533664161537001762727348850128480964361110794017997076616622537153343830644577017008185863066319652708947485342513469942, 130919765117872700420555258668777170220585743300145967201676029268553369762501611700891574139388115937578229121079450407536963982339229719500478504489500235690293048515731859346431065030206394207045994366861194654126521065191859763903957682731311119322278004810859526215299984270862147897660764896871931296525, 114700370393183453087762195804219894122789831440066263230660331964018561704119945094712846882622289910478787117536755419287483635582978440493028286129198190921201156025431173751752743507530849046089710840106416071119787801330709608148349917138686962228418379795866832374558526179470426187199100866047189895398, 5526726757049511570122924251009639296817346269475117861098612689025237993752241296662636520025051472762072465223105287132204748691454643208692589407448303681720594661639751550346640974853714675951318971703834962983574657923366839131735681149307918005820142824780727533061358686675519367812942183782965460156, 144912005915009185433389709621768898379612902758176190094171990137016617813547436225820194585543950753591409962313416349983080186189291716456666174265994068233652987757656436662736504159419091874803636330149391525094620604417895137599924048423029008070688563937967247938795175561463188529887593887274447829757, 136250954616195732816473240575012270303125387854617764474032021538389021573726037002975200362404464882071072085887627232185387656472286476406393582907753248439212389626213347657516288312775908225085848334636924022113242155272938168661245231559256589332709251562390352253724058379737367174585436687621017694623, 62581851774850409035755528242738381905999051352008432547471965980273593728343556710086776830920012955472867109461528976241913935857428013748626805913556479910568244555311572298067590116614399220857206962127377751825672045446525674748896825242976163703599291103837976885179955618472741727241520609778322846005, 145854407984474847551927547284413490204495969306617565827750995876170774717809213321826036612782367152524129825636642176629348378245478404356883485091652713207020554564450132585121134356935492165152072283066165961023761302228624528890490009909363984222514631061033009247208437816124596049012309910840440309561, 124551623006909497965848991707513696948607938882176233365140848984406516643540438381538258922460588883294565931391660391812373244670311091543926813390568684148523894758100116918211999135492588543339785067482674405654655248001114133508625872962520401753384795662160688811171758878041475228921004115541651588149, 15938340419155549703292732921378484283671988749432038679365417994992859057494159116052524559743521485794692543381549875094855921795753932087886980295291140542937847588182771711846510176440458231173636452634043298156122152860644504752015830250690063832495966826188439527832958662817314634043438801092078111173, 86793422805279107846504839960808639992922541788273836408000957039906527697664805903722395255793430323591730573513732464380853123117859130756589515125491536316134863620706530836481623063642225089209431819777355554001327119466306759145993282751212553582691384017307673738794439532271560215747589628721710135897, 108675608374666743358023889479027512878400550037574532652565479774965642002565282273742545254311704772402696446846722391711332035309818100961301897022556307435354059324998874351394451945385491984524729822436607930537193897390621277431306545936473390631504396022406944910561421866589605078829721977335264154976, 87317748227288225233288224866786892964848811364878121564104341670954340348393418506174791619641614941888448848731903276361744955803183864888079233767189621441829023235771802783069311610169253651371628757455646066049167648114996530344278325612462268009587440597096690136975144034630898406289420602499264991623, 56652314874573546743584841968373113846850609963672297223607913939552862285375621862172324584570593402935091802803893885963277174956979046479939956703429737288793705461324779449285529662821030340203158503181009684937887687542388010343147675680002397630598445715400876202643169104742361423214638787268742234287, 98735788313453186782519834728824046613708479524564270665693218086798600541964070362862728960696910092702768075145925801913657156092005722008779014906938783990621453314812381950847944890837178907520481282447677162465215252648603374266972153988621533116563623242402366677831684416116807732808111964626488086987, 127540651954215161413641876933455408716614015796900097859173650400979733321781230732298931541274922911072112231027539634566966261240603321076224739659191443221985808678247919491141075440774231707687287562522535460013252508304387645505398442899700006526196099765002065480554613895222880144277349674640005507562, 133301958266564440496259158450519409455902192149222024966338884662576908051145274628854034018802181764563054480089111531034013218222971811942750317186820576575720998626362983321816936975595432624528396429872313110972358282919447478636004224335379606216720361742943716434992065840043748957089654449955193986860, 88160039502967812710045720428993741346375421128152598672398002732708719698481663322248764249302216242451840620334870977104442381110519298390156672581547539043729567682679341598750864890008905914145991583715826910836568061276943119691386206504777140515604809396852491015959654881350560399518061528959314304087]
c=123907837039511977819816858353976764990739800475355111239750335121820426041872830656170595604631534502233882297517774737660499087852687022473212169680375890135271089504199640532421067201796868951827680690124297723304485612987566782809086630400500307531954278635605686302923551049889311808990254356288059153559
'''

找到一篇名为Revisiting PACD-based Attacks on RSA-CRT的论文

根据论文的格实现攻击

exp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
import gmpy2
from Crypto.Util.number import *

n = 147633197136297320644148532167800594954463904917041365729781214689541810163409922050566363432759473356227399211204573839844534932354354132513677032099679754947582227369942835464578888307376910610182166537589845612944804885745392209830996561055058293663757559573736079810999615542354866920007861214183738025983
length = 455
s = [135516280150137458535561766358086896198348823398876741567317041366935426854394060237235814065881756890818477438426875999503748746848408802883160976139168309216479723387043154316328752466115337006276833313025698482591954333004698732007362032602920842020200559463427548622804767419825141012760232500564198606888, 87138950331850035073233755923193357352015776817591237970872234630746818824503152055070348052111940612563932340910671611099400897135890145261451245577578879099083666861166614841834235097485990689182812564858373409987914436273165881047892580175317423057893816031028632720419872660582122916390309733324086153485, 138644295462947977586933469377687701489914340911921767410183452121042506019270712424245627451242649429408423057598802920666169608453899414528460692023716837136269325732757807484480055069814533664161537001762727348850128480964361110794017997076616622537153343830644577017008185863066319652708947485342513469942, 130919765117872700420555258668777170220585743300145967201676029268553369762501611700891574139388115937578229121079450407536963982339229719500478504489500235690293048515731859346431065030206394207045994366861194654126521065191859763903957682731311119322278004810859526215299984270862147897660764896871931296525, 114700370393183453087762195804219894122789831440066263230660331964018561704119945094712846882622289910478787117536755419287483635582978440493028286129198190921201156025431173751752743507530849046089710840106416071119787801330709608148349917138686962228418379795866832374558526179470426187199100866047189895398, 5526726757049511570122924251009639296817346269475117861098612689025237993752241296662636520025051472762072465223105287132204748691454643208692589407448303681720594661639751550346640974853714675951318971703834962983574657923366839131735681149307918005820142824780727533061358686675519367812942183782965460156, 144912005915009185433389709621768898379612902758176190094171990137016617813547436225820194585543950753591409962313416349983080186189291716456666174265994068233652987757656436662736504159419091874803636330149391525094620604417895137599924048423029008070688563937967247938795175561463188529887593887274447829757, 136250954616195732816473240575012270303125387854617764474032021538389021573726037002975200362404464882071072085887627232185387656472286476406393582907753248439212389626213347657516288312775908225085848334636924022113242155272938168661245231559256589332709251562390352253724058379737367174585436687621017694623, 62581851774850409035755528242738381905999051352008432547471965980273593728343556710086776830920012955472867109461528976241913935857428013748626805913556479910568244555311572298067590116614399220857206962127377751825672045446525674748896825242976163703599291103837976885179955618472741727241520609778322846005, 145854407984474847551927547284413490204495969306617565827750995876170774717809213321826036612782367152524129825636642176629348378245478404356883485091652713207020554564450132585121134356935492165152072283066165961023761302228624528890490009909363984222514631061033009247208437816124596049012309910840440309561, 124551623006909497965848991707513696948607938882176233365140848984406516643540438381538258922460588883294565931391660391812373244670311091543926813390568684148523894758100116918211999135492588543339785067482674405654655248001114133508625872962520401753384795662160688811171758878041475228921004115541651588149, 15938340419155549703292732921378484283671988749432038679365417994992859057494159116052524559743521485794692543381549875094855921795753932087886980295291140542937847588182771711846510176440458231173636452634043298156122152860644504752015830250690063832495966826188439527832958662817314634043438801092078111173, 86793422805279107846504839960808639992922541788273836408000957039906527697664805903722395255793430323591730573513732464380853123117859130756589515125491536316134863620706530836481623063642225089209431819777355554001327119466306759145993282751212553582691384017307673738794439532271560215747589628721710135897, 108675608374666743358023889479027512878400550037574532652565479774965642002565282273742545254311704772402696446846722391711332035309818100961301897022556307435354059324998874351394451945385491984524729822436607930537193897390621277431306545936473390631504396022406944910561421866589605078829721977335264154976, 87317748227288225233288224866786892964848811364878121564104341670954340348393418506174791619641614941888448848731903276361744955803183864888079233767189621441829023235771802783069311610169253651371628757455646066049167648114996530344278325612462268009587440597096690136975144034630898406289420602499264991623, 56652314874573546743584841968373113846850609963672297223607913939552862285375621862172324584570593402935091802803893885963277174956979046479939956703429737288793705461324779449285529662821030340203158503181009684937887687542388010343147675680002397630598445715400876202643169104742361423214638787268742234287, 98735788313453186782519834728824046613708479524564270665693218086798600541964070362862728960696910092702768075145925801913657156092005722008779014906938783990621453314812381950847944890837178907520481282447677162465215252648603374266972153988621533116563623242402366677831684416116807732808111964626488086987, 127540651954215161413641876933455408716614015796900097859173650400979733321781230732298931541274922911072112231027539634566966261240603321076224739659191443221985808678247919491141075440774231707687287562522535460013252508304387645505398442899700006526196099765002065480554613895222880144277349674640005507562, 133301958266564440496259158450519409455902192149222024966338884662576908051145274628854034018802181764563054480089111531034013218222971811942750317186820576575720998626362983321816936975595432624528396429872313110972358282919447478636004224335379606216720361742943716434992065840043748957089654449955193986860, 88160039502967812710045720428993741346375421128152598672398002732708719698481663322248764249302216242451840620334870977104442381110519298390156672581547539043729567682679341598750864890008905914145991583715826910836568061276943119691386206504777140515604809396852491015959654881350560399518061528959314304087]
c = 123907837039511977819816858353976764990739800475355111239750335121820426041872830656170595604631534502233882297517774737660499087852687022473212169680375890135271089504199640532421067201796868951827680690124297723304485612987566782809086630400500307531954278635605686302923551049889311808990254356288059153559

Ge = Matrix(ZZ,20,20)

for i in range(1,20):
    Ge[i,i] = -n
    Ge[0,i] = s[i]
    
Ge[0,0] = 2^480
for line in Ge.LLL():
    q = (gmpy2.gcd(line[0],line[2]))
    p = n // q
    m = pow(c,inverse(65537,(p-1)*(q-1)),n)
    print(long_to_bytes(int(m)))
    # flag{Th3_Simultaneous_Diophantine_Approximation_Approach}

flag:WMCTF{Th3_Simultaneous_Diophantine_Approximation_Approach}

RSA

task.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from Crypto.Util.number import *
from secrets import flag
m = bytes_to_long(flag)
p = getPrime(1024)
q = getPrime(1024)
n = p * q
e = 0x10001

M = matrix(Zmod(n), [
    [m, -m-p-q, -m-2*p, 2*q-m],
    [m+p+q,  m, 2*q-m,  m+2*p],
    [m+2*p,  m-2*q,  m, -m-p-q],
    [m-2*q, -m-2*p,  m+p+q,  m]
])

enc = M**e

print(f"n = {n}")
print(f"e = {e}")
print(list(enc))
n=13228298199631335610499409465400552275305629934024756614227830931136508640681372951453757994834844498763877490566164031828108583453919741685657210448857955666192855872103622943922893572765718705893238315297600050789804418329650168680719372191579207505092037294294875908952803670819999025123209403251314588474192758376162806705064430837428828805477906627599506069017651159117664246131790529354533675662936081996490294431369820750274303028529977278828959613343997326534446148884333619071935180484450320323844737055406889458275298296950269660857078186043669204168045730995355857013530919638304423700701901063780318208789
e=65537
enc=[...]

$$
M = \begin{pmatrix}
m & -m-p-q&-m-2p&2q-m\\
m+p+q&m&2q-m&m+2p\\
m+2p&m-2q&m&-m-p-q\\
m-2q&-m-2p&m+p+q&m
\end{pmatrix}
$$

$$
C = M^e
$$

把M化成Jordan型,存在P矩阵使得
$$
P^{-1}MP = M_{jordan}
$$

$$
C \equiv (PM_{jordan}P^{-1})^{65537} \mod n
$$

$$
C \equiv PM_{jordan}^{65537}P^{-1} \mod n
$$

$$
CP \equiv PM_{jordan}^{65537} \mod n
$$

注意到$P$长这样
$$
P = \begin{pmatrix}
1 & 1 & 1 &1\\
0 & 0 & 0 & 0\\
p_{2,0} & p_{2,1} & p_{2,2} & p_{2,3}\\
p_{3,0} & p_{3,1} & p_{3,2} & p_{3,3}\\
\end{pmatrix}
$$
P矩阵下面两行都是比较复杂的式子

那可以知道$CP$这个矩阵的第二行全是0

$$
CP = \begin{pmatrix}
c_{0,0}&c_{0,1} &c_{0,2} & c_{0,3}\\
c_{1,0}&c_{1,1} &c_{1,2} & c_{1,3}\\
c_{2,0}&c_{2,1} &c_{2,2} & c_{2,3}\\
c_{3,0}&c_{3,1} &c_{3,2} & c_{3,3}\
\end{pmatrix}
\begin{pmatrix}
1 & 1 & 1 &1\\
0 & 0 & 0 & 0\\
p_{2,0} & p_{2,1} & p_{2,2} & p_{2,3}\\
p_{3,0} & p_{3,1} & p_{3,2} & p_{3,3}\
\end{pmatrix}
=
\begin{pmatrix}
t_{0,0}&t_{0,1} &t_{0,2} & t_{0,3}\\
0&0&0&0\\
t_{2,0}&t_{2,1} &t_{2,2} & t_{2,3}\\
t_{3,0}&t_{3,1} &t_{3,2} & t_{3,3}\
\end{pmatrix}
$$

利用sagemath把第二行的值打印出来

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
n = 13228298199631335610499409465400552275305629934024756614227830931136508640681372951453757994834844498763877490566164031828108583453919741685657210448857955666192855872103622943922893572765718705893238315297600050789804418329650168680719372191579207505092037294294875908952803670819999025123209403251314588474192758376162806705064430837428828805477906627599506069017651159117664246131790529354533675662936081996490294431369820750274303028529977278828959613343997326534446148884333619071935180484450320323844737055406889458275298296950269660857078186043669204168045730995355857013530919638304423700701901063780318208789
e = 65537
enc = [...]

m,p,q = var("m p q")

M = Matrix([
    [m, -m-p-q, -m-2*p, 2*q-m],
    [m+p+q,  m, 2*q-m,  m+2*p],
    [m+2*p,  m-2*q,  m, -m-p-q],
    [m-2*q, -m-2*p,  m+p+q,  m]
])

M_Jor, P = M.jordan_form(transformation=True)

C = Matrix(enc)
Tmp = C * P

# 实部
f1 = Tmp[1][0].real().simplify()
# 虚部
f2 = Tmp[1][0].imag().simplify()

print(f1)
print(f2)

得到的值还是有点复杂

我们利用factor(f1),factor(f2)之后得到

实部:

1
1/2*(17052685678039365270013190496832946145489532686813139436681089578815063755785409643085613503553322328467917636064547056454738567965386703908624012527031365247344488369836152611605160451744515518567219837090066720029021582070456558805601278690837844643268562196878579092551194141792712348605348322343228050741545344776716090210538284347791495687668816750212755678728525862290231697713904184274675956776869433417946196064261855983380873202924252325259311828108174084170721556701063654763472693089360654462799495747110428698600943282208665416086673092927590717594475387269370232970270383184853484202338342439437747977263*m*sqrt(abs(3*m^2 + 6*m*p + 5*p^2 - 2*(m - p)*q + 5*q^2))*cos(1/2*arctan2(0, -3*m^2 - 6*m*p - 5*p^2 + 2*(m - p)*q - 5*q^2)) + 23068797980682606520939695222878122197959337999989439659463060223100940821636820498796323501114581015229139528378476011747406619373674219012654711036679216185435206920458114821813684811803255215071210021993225524462202325898617081380757277198725994459984702472016033977488077163817512898930755857975634130292726390994608493384853082111236511030958876989952691833996481188400633235618992677715425955155661003765813385632286451112973798595901431845116019957199285671071239395739214529274342043100057378018195903606552798854032051006376267379308809102755448075675705613976371379827552646430651063130539035567468678816952*p*sqrt(abs(3*m^2 + 6*m*p + 5*p^2 - 2*(m - p)*q + 5*q^2))*cos(1/2*arctan2(0, -3*m^2 - 6*m*p - 5*p^2 + 2*(m - p)*q - 5*q^2)) - 11036573375396124019086685770787770093019727373636839213899118934529186689933998787374903505992063641706695743750618101162070516557099188804593314017383514309253769819214190401396636091685775822063229652186907915595840838242296036230445280182949694826552421921741124207614311119767911798279940786710821971190364298558823687036223486584346480344378756510472819523460570536179830159808815690833925958398077863070079006496237260853787947809947072805402603699017062497270203717662912780252603343078663930907403087887668058543169835558041063452864537083099733359513245160562369086112988119939055905274137649311406817137574*q*sqrt(abs(3*m^2 + 6*m*p + 5*p^2 - 2*(m - p)*q + 5*q^2))*cos(1/2*arctan2(0, -3*m^2 - 6*m*p - 5*p^2 + 2*(m - p)*q - 5*q^2)) + 22560657613978191375477017306509293966603093472162629514044986602824691581137520573628879186279837923450292843877114294489401932662806174310174535011834552453575619768167801524362710899553992664010513001245323140351297939039464273076188468633566862978692974707147660950346461885529480288581596435506812992993941532775791911128309535650765146800132045271805307465252696576252928039455244722474919107612539574517977159839835256103573993006377060019297877406788702675877424387498977689579664261693135390239437183436298614337177116319649815896196746861764980271198339158892140778622690348686160022060197178369707783596783*m^2 + 28068629549917017480940844116185641787716654257512119591408883626834319406489631504172144869006353518432668051689681532524065297360225644711725057496637739659806751166499450437120261347363469809453806165400579560673574296008471987346775658576295881314117387217416742808141729629266248228557844548670397935246337720774867732046080786953738797912595273793397859251776867290215624381196585260675162258448209715618008123615408656223767112809829867713336442985469231267584127218296891724395855830296910126016074871125486799975753289357090966376306820630602369824802202930514911324275110314187466559918056014299977819216303*m*p + 22052517247273776230014339390140465735246848944335819368626912982548442340638220648461434871445094831671446159375752577231397245951938129607694358986989888721716032615877488226911736987304730112949815980497420756240393552180311464771619660068407731497401246942279287923204846607241447678232437013037991855695156674556975328871765989190293782569305213553657923096508911964105222843291496767234412260069418145270140934047384061094174187416852688193479734856378119680683609379258740849884986480286213402460678463266044429820322181632923364413084684620774512466720972703807910177417828050941668980989855321171946888376614*p^2 - 50141776300709265519114215657761181973756109004785798019207121495892692786357629078921951880990480801846059539190917734848206330474424022320911685531404768278314290804927831239913533530735021453580265469774395391865255972493064059807666218942195270967222231060898991223370351868802071825117726122092041877627066317892515106118527760122431758601352786814343498298698008362575284700814216642343014175244365441758166136607883177931343008429724013324141650383503356262124534653622717284901062516454237987830881046900822917062092960473173093282035894796801836543828693251639649496501086554065578370466331312922791453491451*m*q - 34105371356078730540026380993665892290979065373626278873362179157630127511570819286171227007106644656935835272129094112909477135930773407817248025054062730494688976739672305223210320903489031037134439674180133440058043164140913117611202557381675689286537124393757158185102388283585424697210696644686456101483090689553432180421076568695582991375337633500425511357457051724580463395427808368549351913553738866835892392128523711966761746405848504650518623656216348168341443113402127309526945386178721308925598991494220857397201886564417330832173346185855181435188950774538740465940540766369706968404676684878875495954526*p*q + 10020292641987293728161329938050113630307238317983218923062971693976688208935398937040014876322577458149002374747894666646061143135363099399632961967694186845534595514633563806494688267187250719941835610691103147374032064523990419621307663052631431863968966392004378153331080563191846577581621941773179696592794582121190522523136393663403751882725093074178050785973001311884419767481319780352912263311835004574406554911334870834988336630898329153766318598195896506882573701182439100863247780264819955349885647547159689509459966184588160486640412601118797750558512250393907883703263524450073823133453934915885026697236*q^2)/(m^2 + 2*m*p + 2*p^2 - 2*m*q + 2*q^2)

提取出以下式子即可

1
f1 = 17052685678039365270013190496832946145489532686813139436681089578815063755785409643085613503553322328467917636064547056454738567965386703908624012527031365247344488369836152611605160451744515518567219837090066720029021582070456558805601278690837844643268562196878579092551194141792712348605348322343228050741545344776716090210538284347791495687668816750212755678728525862290231697713904184274675956776869433417946196064261855983380873202924252325259311828108174084170721556701063654763472693089360654462799495747110428698600943282208665416086673092927590717594475387269370232970270383184853484202338342439437747977263*m+23068797980682606520939695222878122197959337999989439659463060223100940821636820498796323501114581015229139528378476011747406619373674219012654711036679216185435206920458114821813684811803255215071210021993225524462202325898617081380757277198725994459984702472016033977488077163817512898930755857975634130292726390994608493384853082111236511030958876989952691833996481188400633235618992677715425955155661003765813385632286451112973798595901431845116019957199285671071239395739214529274342043100057378018195903606552798854032051006376267379308809102755448075675705613976371379827552646430651063130539035567468678816952*p-11036573375396124019086685770787770093019727373636839213899118934529186689933998787374903505992063641706695743750618101162070516557099188804593314017383514309253769819214190401396636091685775822063229652186907915595840838242296036230445280182949694826552421921741124207614311119767911798279940786710821971190364298558823687036223486584346480344378756510472819523460570536179830159808815690833925958398077863070079006496237260853787947809947072805402603699017062497270203717662912780252603343078663930907403087887668058543169835558041063452864537083099733359513245160562369086112988119939055905274137649311406817137574*q+22560657613978191375477017306509293966603093472162629514044986602824691581137520573628879186279837923450292843877114294489401932662806174310174535011834552453575619768167801524362710899553992664010513001245323140351297939039464273076188468633566862978692974707147660950346461885529480288581596435506812992993941532775791911128309535650765146800132045271805307465252696576252928039455244722474919107612539574517977159839835256103573993006377060019297877406788702675877424387498977689579664261693135390239437183436298614337177116319649815896196746861764980271198339158892140778622690348686160022060197178369707783596783*m^2+28068629549917017480940844116185641787716654257512119591408883626834319406489631504172144869006353518432668051689681532524065297360225644711725057496637739659806751166499450437120261347363469809453806165400579560673574296008471987346775658576295881314117387217416742808141729629266248228557844548670397935246337720774867732046080786953738797912595273793397859251776867290215624381196585260675162258448209715618008123615408656223767112809829867713336442985469231267584127218296891724395855830296910126016074871125486799975753289357090966376306820630602369824802202930514911324275110314187466559918056014299977819216303*m*p+22052517247273776230014339390140465735246848944335819368626912982548442340638220648461434871445094831671446159375752577231397245951938129607694358986989888721716032615877488226911736987304730112949815980497420756240393552180311464771619660068407731497401246942279287923204846607241447678232437013037991855695156674556975328871765989190293782569305213553657923096508911964105222843291496767234412260069418145270140934047384061094174187416852688193479734856378119680683609379258740849884986480286213402460678463266044429820322181632923364413084684620774512466720972703807910177417828050941668980989855321171946888376614*p^2-50141776300709265519114215657761181973756109004785798019207121495892692786357629078921951880990480801846059539190917734848206330474424022320911685531404768278314290804927831239913533530735021453580265469774395391865255972493064059807666218942195270967222231060898991223370351868802071825117726122092041877627066317892515106118527760122431758601352786814343498298698008362575284700814216642343014175244365441758166136607883177931343008429724013324141650383503356262124534653622717284901062516454237987830881046900822917062092960473173093282035894796801836543828693251639649496501086554065578370466331312922791453491451*m*q-34105371356078730540026380993665892290979065373626278873362179157630127511570819286171227007106644656935835272129094112909477135930773407817248025054062730494688976739672305223210320903489031037134439674180133440058043164140913117611202557381675689286537124393757158185102388283585424697210696644686456101483090689553432180421076568695582991375337633500425511357457051724580463395427808368549351913553738866835892392128523711966761746405848504650518623656216348168341443113402127309526945386178721308925598991494220857397201886564417330832173346185855181435188950774538740465940540766369706968404676684878875495954526*p*q+10020292641987293728161329938050113630307238317983218923062971693976688208935398937040014876322577458149002374747894666646061143135363099399632961967694186845534595514633563806494688267187250719941835610691103147374032064523990419621307663052631431863968966392004378153331080563191846577581621941773179696592794582121190522523136393663403751882725093074178050785973001311884419767481319780352912263311835004574406554911334870834988336630898329153766318598195896506882573701182439100863247780264819955349885647547159689509459966184588160486640412601118797750558512250393907883703263524450073823133453934915885026697236*q^2

虚部:

1
f2 = 17052685678039365270013190496832946145489532686813139436681089578815063755785409643085613503553322328467917636064547056454738567965386703908624012527031365247344488369836152611605160451744515518567219837090066720029021582070456558805601278690837844643268562196878579092551194141792712348605348322343228050741545344776716090210538284347791495687668816750212755678728525862290231697713904184274675956776869433417946196064261855983380873202924252325259311828108174084170721556701063654763472693089360654462799495747110428698600943282208665416086673092927590717594475387269370232970270383184853484202338342439437747977263*m+23068797980682606520939695222878122197959337999989439659463060223100940821636820498796323501114581015229139528378476011747406619373674219012654711036679216185435206920458114821813684811803255215071210021993225524462202325898617081380757277198725994459984702472016033977488077163817512898930755857975634130292726390994608493384853082111236511030958876989952691833996481188400633235618992677715425955155661003765813385632286451112973798595901431845116019957199285671071239395739214529274342043100057378018195903606552798854032051006376267379308809102755448075675705613976371379827552646430651063130539035567468678816952*p-11036573375396124019086685770787770093019727373636839213899118934529186689933998787374903505992063641706695743750618101162070516557099188804593314017383514309253769819214190401396636091685775822063229652186907915595840838242296036230445280182949694826552421921741124207614311119767911798279940786710821971190364298558823687036223486584346480344378756510472819523460570536179830159808815690833925958398077863070079006496237260853787947809947072805402603699017062497270203717662912780252603343078663930907403087887668058543169835558041063452864537083099733359513245160562369086112988119939055905274137649311406817137574*q

这里两个式子再利用上$p\times q =n$,用gb基可以解出m,p,q

exp

1
2
3
4
5
6
7
8
9
10
11
12
13
n = 13228298199631335610499409465400552275305629934024756614227830931136508640681372951453757994834844498763877490566164031828108583453919741685657210448857955666192855872103622943922893572765718705893238315297600050789804418329650168680719372191579207505092037294294875908952803670819999025123209403251314588474192758376162806705064430837428828805477906627599506069017651159117664246131790529354533675662936081996490294431369820750274303028529977278828959613343997326534446148884333619071935180484450320323844737055406889458275298296950269660857078186043669204168045730995355857013530919638304423700701901063780318208789
R.<m,p,q> = PolynomialRing(Zmod(n))

f1 = 17052685678039365270013190496832946145489532686813139436681089578815063755785409643085613503553322328467917636064547056454738567965386703908624012527031365247344488369836152611605160451744515518567219837090066720029021582070456558805601278690837844643268562196878579092551194141792712348605348322343228050741545344776716090210538284347791495687668816750212755678728525862290231697713904184274675956776869433417946196064261855983380873202924252325259311828108174084170721556701063654763472693089360654462799495747110428698600943282208665416086673092927590717594475387269370232970270383184853484202338342439437747977263*m+23068797980682606520939695222878122197959337999989439659463060223100940821636820498796323501114581015229139528378476011747406619373674219012654711036679216185435206920458114821813684811803255215071210021993225524462202325898617081380757277198725994459984702472016033977488077163817512898930755857975634130292726390994608493384853082111236511030958876989952691833996481188400633235618992677715425955155661003765813385632286451112973798595901431845116019957199285671071239395739214529274342043100057378018195903606552798854032051006376267379308809102755448075675705613976371379827552646430651063130539035567468678816952*p-11036573375396124019086685770787770093019727373636839213899118934529186689933998787374903505992063641706695743750618101162070516557099188804593314017383514309253769819214190401396636091685775822063229652186907915595840838242296036230445280182949694826552421921741124207614311119767911798279940786710821971190364298558823687036223486584346480344378756510472819523460570536179830159808815690833925958398077863070079006496237260853787947809947072805402603699017062497270203717662912780252603343078663930907403087887668058543169835558041063452864537083099733359513245160562369086112988119939055905274137649311406817137574*q+22560657613978191375477017306509293966603093472162629514044986602824691581137520573628879186279837923450292843877114294489401932662806174310174535011834552453575619768167801524362710899553992664010513001245323140351297939039464273076188468633566862978692974707147660950346461885529480288581596435506812992993941532775791911128309535650765146800132045271805307465252696576252928039455244722474919107612539574517977159839835256103573993006377060019297877406788702675877424387498977689579664261693135390239437183436298614337177116319649815896196746861764980271198339158892140778622690348686160022060197178369707783596783*m^2+28068629549917017480940844116185641787716654257512119591408883626834319406489631504172144869006353518432668051689681532524065297360225644711725057496637739659806751166499450437120261347363469809453806165400579560673574296008471987346775658576295881314117387217416742808141729629266248228557844548670397935246337720774867732046080786953738797912595273793397859251776867290215624381196585260675162258448209715618008123615408656223767112809829867713336442985469231267584127218296891724395855830296910126016074871125486799975753289357090966376306820630602369824802202930514911324275110314187466559918056014299977819216303*m*p+22052517247273776230014339390140465735246848944335819368626912982548442340638220648461434871445094831671446159375752577231397245951938129607694358986989888721716032615877488226911736987304730112949815980497420756240393552180311464771619660068407731497401246942279287923204846607241447678232437013037991855695156674556975328871765989190293782569305213553657923096508911964105222843291496767234412260069418145270140934047384061094174187416852688193479734856378119680683609379258740849884986480286213402460678463266044429820322181632923364413084684620774512466720972703807910177417828050941668980989855321171946888376614*p^2-50141776300709265519114215657761181973756109004785798019207121495892692786357629078921951880990480801846059539190917734848206330474424022320911685531404768278314290804927831239913533530735021453580265469774395391865255972493064059807666218942195270967222231060898991223370351868802071825117726122092041877627066317892515106118527760122431758601352786814343498298698008362575284700814216642343014175244365441758166136607883177931343008429724013324141650383503356262124534653622717284901062516454237987830881046900822917062092960473173093282035894796801836543828693251639649496501086554065578370466331312922791453491451*m*q-34105371356078730540026380993665892290979065373626278873362179157630127511570819286171227007106644656935835272129094112909477135930773407817248025054062730494688976739672305223210320903489031037134439674180133440058043164140913117611202557381675689286537124393757158185102388283585424697210696644686456101483090689553432180421076568695582991375337633500425511357457051724580463395427808368549351913553738866835892392128523711966761746405848504650518623656216348168341443113402127309526945386178721308925598991494220857397201886564417330832173346185855181435188950774538740465940540766369706968404676684878875495954526*p*q+10020292641987293728161329938050113630307238317983218923062971693976688208935398937040014876322577458149002374747894666646061143135363099399632961967694186845534595514633563806494688267187250719941835610691103147374032064523990419621307663052631431863968966392004378153331080563191846577581621941773179696592794582121190522523136393663403751882725093074178050785973001311884419767481319780352912263311835004574406554911334870834988336630898329153766318598195896506882573701182439100863247780264819955349885647547159689509459966184588160486640412601118797750558512250393907883703263524450073823133453934915885026697236*q^2
f2 = 17052685678039365270013190496832946145489532686813139436681089578815063755785409643085613503553322328467917636064547056454738567965386703908624012527031365247344488369836152611605160451744515518567219837090066720029021582070456558805601278690837844643268562196878579092551194141792712348605348322343228050741545344776716090210538284347791495687668816750212755678728525862290231697713904184274675956776869433417946196064261855983380873202924252325259311828108174084170721556701063654763472693089360654462799495747110428698600943282208665416086673092927590717594475387269370232970270383184853484202338342439437747977263*m+23068797980682606520939695222878122197959337999989439659463060223100940821636820498796323501114581015229139528378476011747406619373674219012654711036679216185435206920458114821813684811803255215071210021993225524462202325898617081380757277198725994459984702472016033977488077163817512898930755857975634130292726390994608493384853082111236511030958876989952691833996481188400633235618992677715425955155661003765813385632286451112973798595901431845116019957199285671071239395739214529274342043100057378018195903606552798854032051006376267379308809102755448075675705613976371379827552646430651063130539035567468678816952*p-11036573375396124019086685770787770093019727373636839213899118934529186689933998787374903505992063641706695743750618101162070516557099188804593314017383514309253769819214190401396636091685775822063229652186907915595840838242296036230445280182949694826552421921741124207614311119767911798279940786710821971190364298558823687036223486584346480344378756510472819523460570536179830159808815690833925958398077863070079006496237260853787947809947072805402603699017062497270203717662912780252603343078663930907403087887668058543169835558041063452864537083099733359513245160562369086112988119939055905274137649311406817137574*q
f3 = p*q-n
F = [f1,f2,f3]
# 使用F构建一个理想的Ideal。
ideal = Ideal(F)
# 计算Ideal的Gröbner基I
I = ideal.groebner_basis()

print(I[0])

这个I[0]返回的是p,具体原因我不太理解,得到p之后解矩阵RSA即可,注意$\phi(n) = (p^2-1)(q^2-1)$

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
from Crypto.Util.number import *

p = 98199204383444167136509999317652307746300154257439691314026803510437035509888229764173492052858804263577571331383214859652229706329210472593337809065208882042178413249493877596701444929209070708258353144837330382092255133776768117120874000890494449018234172972678168219613884207547781528635959091301251971281
n = 13228298199631335610499409465400552275305629934024756614227830931136508640681372951453757994834844498763877490566164031828108583453919741685657210448857955666192855872103622943922893572765718705893238315297600050789804418329650168680719372191579207505092037294294875908952803670819999025123209403251314588474192758376162806705064430837428828805477906627599506069017651159117664246131790529354533675662936081996490294431369820750274303028529977278828959613343997326534446148884333619071935180484450320323844737055406889458275298296950269660857078186043669204168045730995355857013530919638304423700701901063780318208789
q = n // p
e = 65537
enc = [(1491873293560323909465836471682585391496137454962536255211620436893391549603126009345148985699013899435764986980919290827837440218992944453711597495517127038406936254470963878149611067609857046502282994346483454884781103538081677117421537728730737422899739818406539050745938770868537148564365984825217449546939297237128543198112642950063626687602582556615437626388875069902892432216468378684299365817407995725759407957747215159745600867120912008194130121350313833434901083388223410629737737418961006112893999319596217781130922876695397872007871395908185274519733474161410964601075476672137735633842608230612826681061, 4956025543963860548224153175168493318238985854531591968596322951867101383038318092494673400475554880419342014784571362229741642826660412082585292197764604908450405263330703286845800303018092222139976907126517882830745820723998293430203137128739850924103620078289772876248014239067659155995114953314111131752812515097213052728067061893768763077056914111566820414025280534046400995356712414837449121046062079911435309295464490263283769221830037029108374974495201782045992874653920211537537724643230986981824349266978767367402293999209162694369772760075107747609491264902786041130826876918123202134703658442941891830242, 7710011511933273600956066580006667228795766247206337007278271463871915295714373557766306241838812677910529618690854981247073325175370147283360553440166198511565970962496527743224575526922830794861623489204146092991883999208502150565496732100104360091815826333424313805145648110936043125983239009895903602879010609096750963186952687545255588633288528372363096307287365891027749166227382683937570696463897150461450791183251190323380329123556440876127657763835466077899344290052877228945633508945118354870143193111572860186690380517929737934424809644493802524411423150714171313957036859668776471063633076408076909640002, 11534398990341303260469847611439061098979668999994719829731530111550470410818410249398161750557290507614569764189238005873703309686837109506327355518339608092717603460229057410906842405901627607535605010996612762231101162949308540690378638599362997229992351236008016988744038581908756449465377928987817065146363195497304246692426541055618255515479438494976345916998240594200316617809496338857712977577830501882906692816143225556486899297950715922558009978599642835535619697869607264637171021550028689009097951803276399427016025503188133689654404551377724037837852806988185689913776323215325531565269517783734339408476), (8272272655667475062275256290232058957066644079493164645631507979269407257643054858959084594359289618344535475781592669598366940627259329603071918251093350757742450608772919657077093269747626483753261408171082167959058597605651875250516235062839356580988417216005103032704789431752339869128094449937203456721380243278949753976997368943660065728420992516032685654992370625071263250775078114517084554616874002085054985135905330486990533806699940249720584638848795544488453274230413407534397455841219333342020387788428122090873004297741106966487305425968561456558554466092569815882704042720181221565998242620838426378547, 1491873293560323909465836471682585391496137454962536255211620436893391549603126009345148985699013899435764986980919290827837440218992944453711597495517127038406936254470963878149611067609857046502282994346483454884781103538081677117421537728730737422899739818406539050745938770868537148564365984825217449546939297237128543198112642950063626687602582556615437626388875069902892432216468378684299365817407995725759407957747215159745600867120912008194130121350313833434901083388223410629737737418961006112893999319596217781130922876695397872007871395908185274519733474161410964601075476672137735633842608230612826681061, 11534398990341303260469847611439061098979668999994719829731530111550470410818410249398161750557290507614569764189238005873703309686837109506327355518339608092717603460229057410906842405901627607535605010996612762231101162949308540690378638599362997229992351236008016988744038581908756449465377928987817065146363195497304246692426541055618255515479438494976345916998240594200316617809496338857712977577830501882906692816143225556486899297950715922558009978599642835535619697869607264637171021550028689009097951803276399427016025503188133689654404551377724037837852806988185689913776323215325531565269517783734339408476, 5518286687698062009543342885393885046509863686818419606949559467264593344966999393687451752996031820853347871875309050581035258278549594402296657008691757154626884909607095200698318045842887911031614826093453957797920419121148018115222640091474847413276210960870562103807155559883955899139970393355410985595182149279411843518111743292173240172189378255236409761730285268089915079904407845416962979199038931535039503248118630426893973904973536402701301849508531248635101858831456390126301671539331965453701543943834029271584917779020531726432268541549866679756622580281184543056494059969527952637068824655703408568787), (5518286687698062009543342885393885046509863686818419606949559467264593344966999393687451752996031820853347871875309050581035258278549594402296657008691757154626884909607095200698318045842887911031614826093453957797920419121148018115222640091474847413276210960870562103807155559883955899139970393355410985595182149279411843518111743292173240172189378255236409761730285268089915079904407845416962979199038931535039503248118630426893973904973536402701301849508531248635101858831456390126301671539331965453701543943834029271584917779020531726432268541549866679756622580281184543056494059969527952637068824655703408568787, 1693899209290032350029561853961491176325960934030036784496300819586038229862962702055596244277553991149307726376926025954405273767082632179329854930518347573475252411874565533016051166864091098357633304300987288558703255380341627990340733592216210275099686058286858920208765088911242575657831474263497523327829562878858560012637889781810573289998468132623160152019410564917347628322294190496820698085105580113583601615226595193787403730579261356270949634744354490998826451014726354434764158934421631314746785252130490031259272793762135971202673634665945166330192924007170167099754596422978892135432383280045978800313, 1491873293560323909465836471682585391496137454962536255211620436893391549603126009345148985699013899435764986980919290827837440218992944453711597495517127038406936254470963878149611067609857046502282994346483454884781103538081677117421537728730737422899739818406539050745938770868537148564365984825217449546939297237128543198112642950063626687602582556615437626388875069902892432216468378684299365817407995725759407957747215159745600867120912008194130121350313833434901083388223410629737737418961006112893999319596217781130922876695397872007871395908185274519733474161410964601075476672137735633842608230612826681061, 4956025543963860548224153175168493318238985854531591968596322951867101383038318092494673400475554880419342014784571362229741642826660412082585292197764604908450405263330703286845800303018092222139976907126517882830745820723998293430203137128739850924103620078289772876248014239067659155995114953314111131752812515097213052728067061893768763077056914111566820414025280534046400995356712414837449121046062079911435309295464490263283769221830037029108374974495201782045992874653920211537537724643230986981824349266978767367402293999209162694369772760075107747609491264902786041130826876918123202134703658442941891830242), (1693899209290032350029561853961491176325960934030036784496300819586038229862962702055596244277553991149307726376926025954405273767082632179329854930518347573475252411874565533016051166864091098357633304300987288558703255380341627990340733592216210275099686058286858920208765088911242575657831474263497523327829562878858560012637889781810573289998468132623160152019410564917347628322294190496820698085105580113583601615226595193787403730579261356270949634744354490998826451014726354434764158934421631314746785252130490031259272793762135971202673634665945166330192924007170167099754596422978892135432383280045978800313, 7710011511933273600956066580006667228795766247206337007278271463871915295714373557766306241838812677910529618690854981247073325175370147283360553440166198511565970962496527743224575526922830794861623489204146092991883999208502150565496732100104360091815826333424313805145648110936043125983239009895903602879010609096750963186952687545255588633288528372363096307287365891027749166227382683937570696463897150461450791183251190323380329123556440876127657763835466077899344290052877228945633508945118354870143193111572860186690380517929737934424809644493802524411423150714171313957036859668776471063633076408076909640002, 8272272655667475062275256290232058957066644079493164645631507979269407257643054858959084594359289618344535475781592669598366940627259329603071918251093350757742450608772919657077093269747626483753261408171082167959058597605651875250516235062839356580988417216005103032704789431752339869128094449937203456721380243278949753976997368943660065728420992516032685654992370625071263250775078114517084554616874002085054985135905330486990533806699940249720584638848795544488453274230413407534397455841219333342020387788428122090873004297741106966487305425968561456558554466092569815882704042720181221565998242620838426378547, 1491873293560323909465836471682585391496137454962536255211620436893391549603126009345148985699013899435764986980919290827837440218992944453711597495517127038406936254470963878149611067609857046502282994346483454884781103538081677117421537728730737422899739818406539050745938770868537148564365984825217449546939297237128543198112642950063626687602582556615437626388875069902892432216468378684299365817407995725759407957747215159745600867120912008194130121350313833434901083388223410629737737418961006112893999319596217781130922876695397872007871395908185274519733474161410964601075476672137735633842608230612826681061)]

C = Matrix(Zmod(n),enc)
phi = (p^2-1)*(q^2-1)
d = inverse(e,phi)

M = C ** d
m = M[0,0]
print(m)
print(long_to_bytes(int(m)))
# WMCTF{QU4t3rni0n_4nd_Matr1x_4r3_4un}

小作文

最近在评综测,导致对保研的事情比较焦虑,有些话不知道找谁说,就记录在博客理吧。回顾一下两年的大学生活

2022年9月中旬入学,12月中旬因为疫情提前回家,所以这个学期显得特别短,这个学期比较有意义的事情是进入了学校的网安协会,然后因为室友的带动,我也浅浅打了一点CTF,但是也只是浅浅的打,更多的时间还是打游戏和卷绩点(当时根本没这想法,只是沿用了高中的学习方法)。然后由于期末考之前大家都因为疫情回家了,有些同学可能受疫情影响没能发挥全部实力,这就让我的绩点来到了专业第五,这时候的我就对保研有了一点想法(也只是一点想法,根本没去了解保研相关的细则)。这个学期中还有个事情就是我对某个女生有好感(也只是有好感,懦弱的性格导致我也只是和人家聊聊天)。寒假的时候想着自己要不学点CTF相关的东西,由于自己没方向,像个无头苍蝇一样乱窜。一开始学了点php语法,然后因为校队没有密码手,自己就开始逐步摸索密码学。很遗憾的是,寒假也只是做了一点题,很多推导以我当时的知识水平根本理解不了。

接下来是大一下学期,由于对保研有了想法,前面也说了,我没有仔细了解保研的细则,导致我虽然是挺努力的,即想要绩点,又想要竞赛,结果我没有平衡好二者,投入不合理,导致最后的结果是绩点从专业第五掉到了专业第十二,CTF有了一定的进展,也很幸运的经过某个师傅介绍,进入了星盟的预备队,还有就是靠着学长的带领拿了ISCC的二等,在保研的加分中有一定的帮助。然后暑假的时候,Harry师傅给我们预备队的队员开了个暑期密码特训,出了3周的题,经过这些题,我的认知从RSA拓展到了其他密码体制。然后在开学前调到了主队。

后来就是大二上,这一学期应该是我密码水平提高比较多的时期。关键的时间点在23年的9月30日,鸡块师傅加了我的QQ,和我讨论了我博客里的一道题,从此之后跟着鸡块师傅学到了很多东西。这一学期最大的感受就是课程压力很大,周一到周五天天早八,然后课也多,而且这个学期时间很长,有19周,而且中间夹杂了两周的军训,以及我在这么大课程压力的情况下,还报考了6级。这就意味着我要在空余时间备考6级,还要学习课程内容,以及提高密码水平。结果是我成功顶住了压力,6级也顺利通过了,虽然只有459,绩点也有略微提高,密码水平也提了不少,能在一些大一点的比赛中做出题了。接下来是寒假,经过这么长一个学期的拷打,寒假刚开始的时候我是玩了几天,然后战队那边给了个川大极客少年的培训,让我赚了点外快,再接着就没什么了。

最后是大二下,这个学期是打比赛比较多(大部分国内的比赛都有参与,小部分的国外赛也有打),也是拿奖最多的一学期(虽然都是一些小奖项,但也足以让我开心)。直接从4月的长城杯说起,这是第一次打线下的比赛,线下赛制是AWD,很显然我前面学的都是密码,导致线下赛就是吉祥物,队友挺强的,带我拿了个三等奖。然后就是CISCN,队友带我拿了分区二等,没能进入决赛(要是我能帮上忙就好了),接下来就是开学前的闽盾决赛,队友更加给力,带我拿了一等。最后就是前几天的羊城杯,这次线下之旅还是比较开心的,体验了以前没体验过的东西,虽然比赛的时候只拿到了优胜奖,但是队友是真的厉害,在比赛前大半程的时间毫无进展的情况下,在偶然的扫描高端口发现入口点之后,2个半小时砍了1500多分。

两年的大学生活主要就是这些,几乎都是关于CTF。我的总结是,卡在保研的边缘,运气占了很大一部分,但由于我对保研细则没有仔细研究,导致我在大三这一年无论怎么努力,也无法把竞赛分拉满。尽管如此,我也要尽自己最大的努力,保持自己的竞争力,无论最后的结果是好是坏。再一个就是希望能谈个恋爱(😭)

-------------已经到底啦!-------------