この大会は2021/6/4 19:30(JST)~2021/6/6 19:30(JST)に開催されました。
今回もチームで参戦。結果は802点で509チーム中84位でした。
自分で解けた問題をWriteupとして書いておきます。
Sanity (Miscellaneous)
ボットとのダイレクトメッセージの画面で、キャプチャの画面があったので、それ通りに入力したら、認証され、たくさんのチャネルが現れた。
#generalチャネルのトピックにフラグが書いてあった。
zh3r0{pepega_welcomes_you}
alice_bob_dave (Cryptography)
コードから以下のことがわかる。
p, q, rが素数で、p*qがn_a、p*rがn_b d_a * e = phin_a * K1 + 1 d_b * e = phin_b * K2 + 1 d_a * e - 1 と d_b * e - 1の公約数がp-1の倍数 d_a * e - 1 は q -1の倍数 d_b * e - 1 は r -1の倍数
このことを元に、総当たりする。
from Crypto.Util.number import * with open('out.txt', 'r') as f: ct_a = int(f.readline().rstrip().split('=')[1]) ct_b = int(f.readline().rstrip().split('=')[1]) d_a = int(f.readline().rstrip().split('=')[1]) d_b = int(f.readline().rstrip().split('=')[1]) e = int(f.readline().rstrip().split('=')[1]) gcd = GCD(d_a * e - 1, d_b * e - 1) assert gcd == 2**2 * 3**2 * 1543 * 36097 * 1014259 * 17275267 * 33878479 * 64555363525704839503363 * 13843294374590501153575359748767274126053352729479537741977678154837940367725830968854964957283527886754718756686680847922782086222027205796563115693252960446483090290176656020345895604792952692850026400036720222060460108513404092975304800801154763470020377 found = False for p1 in [1, 3, 9]: for p2 in [1, 1543]: for p3 in [1, 36097]: for p4 in [1, 1014259]: for p5 in [1, 17275267]: for p6 in [1, 33878479]: for p7 in [1, 64555363525704839503363]: for p8 in [1, 13843294374590501153575359748767274126053352729479537741977678154837940367725830968854964957283527886754718756686680847922782086222027205796563115693252960446483090290176656020345895604792952692850026400036720222060460108513404092975304800801154763470020377]: p = 2 * p1 * p2 * p3 * p4 * p5 * p6 * p7 * p8 + 1 p_len = p.bit_length() if p_len >= 1024 and p_len < e and isPrime(p): found = True break if found: break if found: break if found: break if found: break if found: break if found: break if found: break assert (p - 1) == 2 * 3 * 1543 * 36097 * 1014259 * 17275267 * 33878479 * 64555363525704839503363 * 13843294374590501153575359748767274126053352729479537741977678154837940367725830968854964957283527886754718756686680847922782086222027205796563115693252960446483090290176656020345895604792952692850026400036720222060460108513404092975304800801154763470020377 q1_mul = (d_a * e - 1) // (p - 1) assert q1_mul == 2 * 3 * 17 * 28477 * 446123 * 3425679978376722446974230434232163920387229130754907722265986179928914393151313003930026636801644623099638625399801901729015562443496707013076331076237419405886597644185021528782663003968243002532905487627662567073247807979311630226501920897804604814041174853131931494489398720132565094809828020782561 found = False for q1 in [1, 3]: for q2 in [1, 17]: for q3 in [1, 28477]: for q4 in [1, 446123]: for q5 in [1, 3425679978376722446974230434232163920387229130754907722265986179928914393151313003930026636801644623099638625399801901729015562443496707013076331076237419405886597644185021528782663003968243002532905487627662567073247807979311630226501920897804604814041174853131931494489398720132565094809828020782561]: q = 2 * q1 * q2 * q3 * q4 * q5 + 1 q_len = q.bit_length() if q_len >= 1024 and q_len < e and isPrime(q): found = True break if found: break if found: break if found: break if found: break r1_mul = (d_b * e - 1) // (p - 1) assert r1_mul == 2 * 3 * 5 * 7**2 * 1061 * 3628661705374329801288584656206517727469079240696568564912797145160579905203512130357711158521367796173130983769813752899084424100760957640159746556085008812434696654436784654212606745417711422551821253640083639947075320534392852628962946756153019439438678191911446280633672359886787115206132834040058986343 found = False for r1 in [1, 3]: for r2 in [1, 5]: for r3 in [1, 7, 49]: for r4 in [1, 1061]: for r5 in [1, 3628661705374329801288584656206517727469079240696568564912797145160579905203512130357711158521367796173130983769813752899084424100760957640159746556085008812434696654436784654212606745417711422551821253640083639947075320534392852628962946756153019439438678191911446280633672359886787115206132834040058986343]: r = 2 * r1 * r2 * r3 * r4 * r5 + 1 r_len = r.bit_length() if r_len >= 1024 and r_len < e and isPrime(r): found = True break if found: break if found: break if found: break if found: break print '[+] p =', p print '[+] q =', q print '[+] r =', r n_a = p * q n_b = p * r phin_a = (p - 1) * (q - 1) phin_b = (p - 1) * (r - 1) d_a = inverse(e, phin_a) d_b = inverse(e, phin_b) pt_a = pow(ct_a, d_a, n_a) pt_b = pow(ct_b, d_b, n_b) msg_a = long_to_bytes(pt_a) msg_b = long_to_bytes(pt_b) print '[+] msg_a:', msg_a print '[+] msg_b:', msg_b
実行結果は以下の通り。
[+] p = 177279130816191665059944783286411855023035031289227941571673915784074353287733189099688126318264113305321082059619767094038966996649561164342515779196140056547333435193040798074799909334916510316728847254833619137382153503950749154356946058670079132324988450725735937306884337410304401871741381990982764516163 [+] q = 155884012157322571917571429609117477794801005792976713173607792359939561733216007547732077875565730627490168412882054028115468195925968305125054508969875158276459353283308944667481012666571096247936714275405402155862690247593753125976847078582510938772358086998385220759841590572613434454768180423789003022307 [+] r = 152403791625721851654120555560673744553701328109255879726337480096744356018547509475023868657897447439271501318332177621761545812231960220886709355355570370122257259486344955476929483307543879747176492652883512877777163462444499810416443763758426816456424484060280743786614239115245058838657579029682477426407 [+] msg_a: Hey Dave its Alice here.My flag is zh3r0{GCD_c0m3s_ [+] msg_b: Hey Dave its Bob here.My flag is 70_R3sCue_3742986}
zh3r0{GCD_c0m3s_70_R3sCue_3742986}
chaos (Cryptography)
パラメータの値で検索すると、Chaotic Hash Functionのことが書いてある。https://eprint.iacr.org/2005/403.pdfには衝突について書いてあるので、その値をそのまま使い、投入する。
$ nc crypto.zh3r0.cf 2222 input first string to hash : 0124fdce89ab57eaba89370afedc45ef401ab257b7cd34e176b3a27cf13c3adf input second string to hash : 0124fdce89ab57eaba89370afedc45efbfe54da84832cb1e894c5d830ec3c520 b'zh3r0{something_chaotic_may_look_random_enough_but_may_be_not_sufficiently_secure} ,courtsey crazy contini : https://littlemaninmyhead.wordpress.com/2015/09/28/so-you-want-to-learn-to-break-ciphers/'
zh3r0{something_chaotic_may_look_random_enough_but_may_be_not_sufficiently_secure}