HWS2023 冬令营

CRYPTO

math

题目信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
from Crypto.Util.number import *
from secret import flag,a,b
from random import shuffle
 
D = 0x1337
assert a**2 - D*b**2 == 1
m = bytes_to_long(flag)
p = getPrime(512)
x = (a * m + b) % p
y=bin(x)[2:]
c=[y[i:i+85] for i in range(0,len(y),85)]
shuffle(c)
print(p)
print(c)
 
# p=11199186558148426014734492874345932099384932524559726349180064588241518696390926354448476750322781683505497782040786332571272422812867731614415519029276349
# c=['0010101111100011101101011111111001011000100110001001000000010001111011110101110011111', '0011010010010010110010011011001100110001100010101110001010001101110001100000111011010', '0110101101011101110000100001000000010001110110001010000000010110010101100100101110000', '0100111001011010000101100111100110101100011100100111011000110001111101000110110101101', '1100100110011101010011011111000101011011010000101100011001110100101000101101111110100', '1110111110001110000101100000000100111010110000001111010001101001100001010110101010001']

D = 0x1337 a2 - D*b2 == 1为Pell方程 网站在线([http://www.numbertheory.org/php/pell.html](http://www.numbertheory.org/php/pell.html))解一下,得到方程a,b的最小整数解 a = 1809338099956399320,b = 25797719546469589

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from Crypto.Util.number import *
from itertools import permutations

D = 0x1337
a = [1809338099956399320]
b = [25797719546469589]

for i in range(20):
    a, b = a + [a[-1] * a[0] + D * b[-1] * b[0]], b + [a[-1] * b[0] + b[-1] * a[0]]

p=11199186558148426014734492874345932099384932524559726349180064588241518696390926354448476750322781683505497782040786332571272422812867731614415519029276349
c=['0010101111100011101101011111111001011000100110001001000000010001111011110101110011111', '0011010010010010110010011011001100110001100010101110001010001101110001100000111011010', '0110101101011101110000100001000000010001110110001010000000010110010101100100101110000', '0100111001011010000101100111100110101100011100100111011000110001111101000110110101101', '1100100110011101010011011111000101011011010000101100011001110100101000101101111110100', '1110111110001110000101100000000100111010110000001111010001101001100001010110101010001']
res = [int(''.join(res), 2) for res in permutations(c)]
for i in range(len(a)):
    ai, bi = a[i], b[i]
    for c in res:
        m = (c - bi) * inverse(ai, p) % p
        flag = long_to_bytes(m)
        if b'flag' in flag:
            print(flag)

#b'flag{5b80aaa2-2bb2-0ef1-4aa0-a5a9387239d5}'

Numbers Game

题目不难,比赛的时候没搞出来很难受呜呜呜
MT19937还原,根据624组32bit的数据还原state之后逆推上一组state进而得到前12个32bit的随机数值。参考: https://blog.csdn.net/zippo1234/article/details/109279944

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
from randcrack import *
from random import Random
from hashlib import md5
# right shift inverse
def inverse_right(res,shift,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp >> shift
    return tmp

# right shift with mask inverse
def inverse_right_values(res,shift,mask,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp>>shift & mask
    return tmp

# left shift inverse
def inverse_left(res,shift,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp << shift
    return tmp

# left shift with mask inverse
def inverse_left_values(res,shift,mask,bits=32):
    tmp = res
    for i in range(bits//shift):
        tmp = res ^ tmp << shift & mask
    return tmp

def backtrace(cur):
    high = 0x80000000
    low = 0x7fffffff
    mask = 0x9908b0df
    state = cur
    for i in range(11,-1,-1): #逆求的32bit 组数 此处需要逆求12组
        tmp = state[i+624]^state[i+397]
        # recover Y,tmp = Y
        if tmp & high == high:
            tmp ^= mask
            tmp <<= 1
            tmp |= 1
        else:
            tmp <<=1
        # recover highest bit
        res = tmp&high
        # recover other 31 bits,when i =0,it just use the method again it so beautiful!!!!
        tmp = state[i-1+624]^state[i+396]
        # recover Y,tmp = Y
        if tmp & high == high:
            tmp ^= mask
            tmp <<= 1
            tmp |= 1
        else:
            tmp <<=1
        res |= (tmp)&low
        state[i] = res
    return state

def recover_state(out):
    state = []
    for i in out:
        i = inverse_right(i,18)
        i = inverse_left_values(i,15,0xefc60000)
        i = inverse_left_values(i,7,0x9d2c5680)
        i = inverse_right(i,11)
        state.append(i)
    return state

if __name__ == '__main__':
    id=['d5d97afad7ef619b4badd8d2da10ee24', '67f4660a8335fb9f4152a9fbc44c9c77', '8cd43c85ebe9cc7036a37f47ccd1d1e4',
     'ee3e8c62e8b0100027589d6de82677ef', '463bb2f3731ad0e786302bf78da08330', 'e245b1852a3b92734e46eb3421bd76c9',
     '0b74736786b4ab94651e3b706a548e55', '79cb596b28c2b4e02738f93b5bfbe0d3', '5a9c46837952952045564b5b395acad1',
     'd3c2d90a05d1a059fbeba4a05a608798', '4da0306c8ab58097d2fef9114e6fcb6d', '9707fabbd3c96de66917f15998ac9201',
     '9dd3e46fc930abfb523fe31e8ee8a658', '3716a8fd05f7388e7151d09431e61ee1', '9acf027679a6d7a674a43dee4f5bea35',
     '78702a2b125a940519337b1bf50aff8a', '262cf3b8c8072a602048a24756c83fcf', '092f8d227ec583c4734a6f449de521a3',
     '712aa300302b57fed458553426348fce', '834d4a0ea451cc04b469636b18c56435', '754b5284b14402c61e3b1e56cb2d41e9',
     '51d742ca6a341032afcb5dc645f54bfa', 'c1a33d104f47e33d6932905b483a2018', '3def7c2a14cff6b2864a2100956df07f',
     '7e3606e4ec1c99fe5a8593ae44f25a70', '404c6139570883dbab8e5a299d7a5017', 'f07597079e1b68ebb4e2d16b83b7b484',
     '0723daf5c65f8ba6cd6e43fcdf9d18dc', '4c54db12829f165837384b66978e8438', 'cd056e64e1f31461cab2e66ece9d3278',
     '2f6ae16fab122cbce240e32464a1ab57', 'f86e0e9ee23498340f62d8617f6f5218', 'af4ebe2535885c783c89f8d8c4815076',
     'c8eae5b5c7aca2c5fdb4f284e2cf65c5', 'bec0d8ecabedd9811a8ecb6052b21d8c', '731bd3421b6517aa101357fe1c49caf3',
     '344f4a26cdaf1a782d9b32208e1a3e92', '892b1741d304878461dd0774a335ea3d', '56e2a484ca40f43e059bf5f0bd822bdc',
     'd7c0762df71b31c14654147fb9a0595c', '57016a179ba5509f6b04a161ac628b34', 'e49a2d573522c1ee3e8348ceca0295a4',
     '4b0f49c7e6469e82832e9cc90b9e17c0', 'eadc9d0c8b75127fe0a7f71881de1ea7', 'db9fe5537768207bd8cdf770bcd42dfa',
     'ba2f57578752628d1ecac419b3a8bc36', '3752e70b5d2b578a8d412d84aab43705', '54e97795df8781c776cbb1ce4f5f31fc',
     '32794880abc9f68102c24e92ad9c7cd5',
     'b5eb7e651ca298f6873694c47d1cd3da', 'a188934777d2c67e3d59692135005497', '34c308fa1644b387169ea88c1b575490']
    code=['2eebed894580fb900c3615d4866150e68322ff4d48e7509f85ff4543969b0cf6',
     '017aefd63b4ce14eb376161902d92894a15f680e7b055ce25c3b02c6b49db0a6',
     'e12d945904032887c967ae03a48c8b096abc79dc64134d872693599d4f6c91cc',
     '0f8957f365f53a7209baa852905c5da5dba54ddb403ab17a4c9b3a051540d49c',
     '091e3e41815cd32f482f2cf54ac3338fc918c2a657896af1aa1b23ea528664f4',
     '5916cd18e8c48c545232112f2179aa7a722350a8a0ced4f1363cc61bc9d83630',
     '37702710d47a1c17278743253123f6eac85b16d9393432ec65100143bc8657e8',
     'c3a7006293c48957cba5c010f945483cfdc47650a79d0e8a8a9a52c174244a10',
     'e1a90a475dd21da64d64ea1dd50a82a622061d08e9d4b3016982c4a0b42f1251',
     '2f40ff85024765e58ed175927c53e0a279cda96ce755b602f89bfc171108ba3d',
     'f4f8337dd7267d02638a9cc531c8a02fe0316dd5ff6f8c8aec898c060c6fb217',
     '0df2f3fe1eb976944a2de5729fca4a12b83c8329b4f514869856ebb94b7d7bf9',
     'abb2f1277b1cb5ad07254b7f7ed346bcdb73282b306123ce0b5befe42a9e796d',
     '6ef31ed6a2a465bcd146c2438bf391bfd9f3187cf54afae512220a7a94714bf3',
     '6981f99ba288923a5cd68908ecc8795bf301f1e7d081ac6580a63902fd52da01',
     'b6b07975697de1c0342e3711b59165b849125794ef2541c6c60dcf40e689df7b',
     '20e3af3a2bcedfd15199975cc9edcde14cb13fdff3ea0607a4747601e500aede',
     '606aa1daf188b9dd5fd6141312f1828846f92baa519e70e5c6923a352421fe2f',
     '1dc6a60112e99c5b884c0bb5430a7a54eba8aef34fada9cb96bce79a22456cf2',
     'fd81e36f576119a19185cd12e87544b42f9fcc3dcb5e7ba282b1a128d73d63c5',
     '7a01e947ca012a5c9a8dd20e693a7788cd6157a5c3fce5fa7c7e09014ea3266e',
     'ccd162b182c773062514ffc3551ed47f32293700083782d902efc55b1e9795c6',
     'dbb6115aefd2638eebf44d3be6e9525e09ff036269d954469a0f925b496327a7',
     'ac08696fe64bb5e58cd3e558463213ca08ab7805e33f45459ae14b35fc5858c6',
     '6e1594596ad1c656635af29d14b22a5ed10e545442eea5f4e056e20d11aa33b3',
     '4afd17e64562603c66ce0ca42d544ca48511c3d560f9180c231a9ccb28a0e55e',
     '06b2d2b24ca626e18fdcb3196e989e3b05150500815511f48200ddea9aacda48',
     '947a11e8258fd161d02b0eb1b2e8fcd9ff1684a7c75f7c506ddee91f08316f56',
     'a0e58b15736cab055be1d03860dedb6b8136f6739308c2e0ef6a7490c6b4a1f1',
     '31476f64f96d72a398e7eb789068b8cfd61ed9cac95d76824a2bbf5b682ea72d',
     '974259198846a4849d318afd325d860a6e40dfd39e1ed8c7b6d87c990e35efcf',
     'e93d02ba7079c488c30e377794b4fcc62eeafb6c3f02197f1ebc059e3e5f7f07',
     'ded96eec0d25c05a54671a001bcd99f5c6d3991d2fdf80afb8f0861a44f3fd64',
     '86f34c1da65f07634de7c302a6df306dd545806022411a318900bd33b0aff9bd',
     '59baf4cf3d3b85fcdefd1a9b60c3d78926ff73650ac375c616b30fe9063b377d',
     '02f2ee251ecc19fa52dd42c0e0b609bc2e7a8ae11ce6ca35396a4bc74d12ac63',
     '597d09b4c43012b1b4b040d8c62d5fb02d1c4249de4eea06e1447000ba53f50c',
     'bb87bd8e1903db2df41c349914e9f3591bb032400be6e86ed10e7d292243a374',
     'cec38960069fdc8090cfbdd166e15ec8a77ce5b4d6b350805a63d2b54cbf0187',
     '1439d35a9c0caa9cacabe8e6179a02d51ebb9fb51125d5eeaba47ff6b8abcc97',
     '820d72d49e0fd86ef47b022a3091b326be8b0d2a42f87cbc918737b9972ea62f',
     'e625e82100031fa4a4410700034859cd4b35c086f5ac2870c6909c16a6831bfc',
     'f0e22f5167d29331351e1718c17b5420f6a29d84357273e1bfb24c2ff34fa675',
     'a5a7991f0c5c6a44f68c5c18661611057dbabeff7847623315ce784095645f75',
     '07cd3f5c5c690214af5feda27b3aec257543a8f96bc509805028a0e95c5d98c6',
     '6e5dd4405c1b446b9530e4d9356c05b71d1bfcf8a79778588143c3b6fec3fded',
     'a33f821d277e6f73c09a5ecd14cef80bac29ffe2b917225c27725d2447ac0489',
     'c18a4a02dd1f7ee65bf5596c53549c286a754afb0e3b90b2369cdd1e43c0b986',
     '6b8df66aa27b40ca275bc133958b5d543167edf919e7e623a496c9afbf7594d6',
     'c48124eeef995c7bb705bd240a26dbf6bdbe42ba29addf7ac78fa28dbed3debe',
     '040eef11dc6e0f3bb3e58e12d2a57ee274071a9c6224f27db70e19a8aa7d4df2',
     '4ecd0a955e52657fab8dfdac2df4d805f1d08b031df8bce22ac01fe20ca72c5b']

    data = []
    for i in range(len(id)):
        t1 = int(id[i], 16)
        for j in range(4):
            data.append(t1 & 0xffffffff)
            t1 >>= 32
        t2 = int(code[i], 16)
        for j in range(8):
            data.append(t2 & 0xffffffff)
            t2 >>= 32
    print(len(data))
state1=recover_state(data)
state0=backtrace([0]*12+state1)[:624]
ran=Random()
ran.setstate((3,tuple(state0+[0]),None))
id0=ran.getrandbits(128)
code0=ran.getrandbits(256)
assert ran.getrandbits(32)==data[0]
flag=md5((hex(id0)[2:].zfill(32)+hex(code0)[2:].zfill(64)).encode()).hexdigest()
print("flag{%s}"%flag)

#flag{22b307a4ac14c89888d5a6c79f7f963c}

REVERSE

babyre

jadx打开在MainActivity中发现判断逻辑

查看check函数

因为看到了check函数,根据逻辑去解发现解不出来

看到了c这个类中对enc这个文件进行了异或。将apk解压发现assets文件夹下有enc这个文件。按逻辑复原数据。

发现这是一个dex文件,接着用jadx打开

发现aes加密,网站直接解

MISC

sound from somewhere

一眼顶针为SSTV 使用MSSTV转换

CTF > Write Up
#Write Up
HWS2023 冬令营
https://g1at.github.io/2023/02/06/2023HWS/
作者
g0at
发布于
2023年2月6日
许可协议