- 在VisualStudio中部署GDAL库的C++版本(包括SQLite、PROJ等依赖)
- Android开机流程介绍
- STM32CubeMX教程31USB_DEVICE-HID外设_模拟键盘或鼠标
- 深入浅出Java多线程(五):线程间通信
这次的题目挺有意思,难度适中,*开头的代表未做出,简单记录一下解题笔记.
题目 。
The flag format for all challenges is UofTCTF{...}, case insensitive. If you are experiencing technical difficulties with challenges, support is on our Discord server: https://discord.gg/Un7avdkq7Z. The flag for this challenge is UofTCTF{600d_1uck}. 。
我的解答:
介绍题,没啥说的直接给了 。
UofTCTF{600d_1uck} 。
题目 。
I'm a known repeat offender when it comes to bad encryption habits. But the secrets module is secure, so you'll never be able to guess my key.
Author: SteakEnthusiast 。
gen.py 。
import os
import secrets
flag = "REDACATED"
xor_key = secrets.token_bytes(8)
def xor(message, key):
return bytes([message[i] ^ key[i % len(key)] for i in range(len(message))])
encrypted_flag = xor(flag.encode(), xor_key).hex()
with open("flag.enc", "w") as f:
f.write("Flag: "+encrypted_flag)
flag.enc 。
Flag: 982a9290d6d4bf88957586bbdcda8681de33c796c691bb9fde1a83d582c886988375838aead0e8c7dc2bc3d7cd97a4
我的解答:
标准的XOR加密,从题目可知,密钥长度为8个字节,这个是非常重要的。因为我们知道flag的前8个字节“uoftctf” 。
因此,由于XOR是个可逆函数,我们可以很容易得到flag 。
exp
from binascii import unhexlify
from Crypto.Util.strxor import strxor
ct = unhexlify("982a9290d6d4bf88957586bbdcda8681de33c796c691bb9fde1a83d582c886988375838aead0e8c7dc2bc3d7cd97a4")
key = strxor(ct[:8], b'uoftctf{')
def xor(message, key):
return bytes([message[i] ^ key[i % len(key)] for i in range(len(message))])
flag = xor(ct, key)
print(flag)
#uoftctf{x0r_iz_r3v3rs1bl3_w17h_kn0wn_p141n73x7}
题目 。
Windy, a piano prodigy, believes that RSA encryption may not provide sufficient security to safeguard his invaluable piano mastery secrets. So, he uses his musical talents to add another layer of security to the RSA encryption scheme. Now, no one will be able to figure out his secrets.
Note: The flag is UofTCTF{plaintext}. 。
Author: XiaoXiangjiao 。
Windy是一位钢琴神童,他认为RSA加密可能无法提供足够的安全性来保护他宝贵的钢琴掌握秘密。因此,他利用自己的音乐天赋为 RSA 加密方案增加了另一层安全性。现在,没有人能够弄清楚他的秘密! 。
注意:标志是 UofTCTF{plaintext}.
music_cipher.py 。
# no secrets for you!
flag = ...
# Prime numbers
p = 151974537061323957822386073908385085419559026351164685426097479266890291010147521691623222013307654711435195917538910433499461592808140930995554881397135856676650008657702221890681556382541341154333619026995004346614954741516470916984007797447848200982844325683748644670322174197570545222141895743221967042369
q = 174984645401233071825665708002522121612485226530706132712010887487642973021704769474826989160974464933559818767568944237124745165979610355867977190192654030573049063822083356316183080709550520634370714336131664619311165756257899116089875225537979520325826655873483634761961805768588413832262117172840398661229
n = p * q
# a public exponent hidden away by Windy's musical talents
e = ...
# Converting the message to an integer
m = int.from_bytes(message.encode(), 'big')
# Encrypting the message: c = m^e mod n
inc_m = pow(message_int, e, n)
print(encrypted_message_int)
musical_e.png 。
output.txt 。
13798492512038760070176175279601263544116956273815547670915057561532348462120753731852024424193899030774938204962799194756105401464136384387458651343975594539877218889319074841918281784494580079814736461158750759327630935335333130007375268812456855987866715978531148043248418247223808114476698088473278808360178546541128684643502788861786419871174570376835894025839847919827231356213726961581598139013383568524808876923469958771740011288404737208217659897319372970291073214528581692244433371304465252501970552162445326313782129351056851978201181794212716520630569898498364053054452320641433167009005762663177324539460
我的解答:
看了一下题目发现我们只要找到e,这道题就解决了 。
给了一个图片显然可以找到e,属于Music Sheet Cipher密码 。
e = 7029307 。
exp
import gmpy2
from Crypto.Util.number import *
p = 151974537061323957822386073908385085419559026351164685426097479266890291010147521691623222013307654711435195917538910433499461592808140930995554881397135856676650008657702221890681556382541341154333619026995004346614954741516470916984007797447848200982844325683748644670322174197570545222141895743221967042369
q = 174984645401233071825665708002522121612485226530706132712010887487642973021704769474826989160974464933559818767568944237124745165979610355867977190192654030573049063822083356316183080709550520634370714336131664619311165756257899116089875225537979520325826655873483634761961805768588413832262117172840398661229
c= 13798492512038760070176175279601263544116956273815547670915057561532348462120753731852024424193899030774938204962799194756105401464136384387458651343975594539877218889319074841918281784494580079814736461158750759327630935335333130007375268812456855987866715978531148043248418247223808114476698088473278808360178546541128684643502788861786419871174570376835894025839847919827231356213726961581598139013383568524808876923469958771740011288404737208217659897319372970291073214528581692244433371304465252501970552162445326313782129351056851978201181794212716520630569898498364053054452320641433167009005762663177324539460
e = 7029307
n = p*q
phi = (p-1) * (q-1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))
#uoftctf{AT1d2jMCVs03xxalViU9zTyiiV1INNJY}
题目 。
I think that Diffie-Hellman is better with some curves, maybe elliptic ones. Let's share a secret.
Wrap the secret (which is a point) in uoftctf{(x:y:z)}, where (x:y:z) are homogeneous coordinates. 。
Author: Phoenix 。
我认为 Diffie-Hellman 更适合一些曲线,也许是椭圆形曲线。让我们分享一个秘密! 。
将密钥(即一个点)包装在 uoftctf{(x:y:z)} 中,其中 (x:y:z) 是齐次坐标.
chal.sage 。
m = 235322474717419
F = GF(m)
C = EllipticCurve(F, [0, 8856682])
public_base = (185328074730054:87402695517612:1)
Q1 = (184640716867876:45877854358580:1) # my public key
Q2 = (157967230203538:128158547239620:1) # your public key
secret = ...
my_private_key = ...
assert(my_private_key*public_base == Q1)
assert(my_private_key*Q2 == secret)
我的解答:
这是非常标准的椭圆加密.
基本上,我们的私钥乘以公钥的标量乘法将返回我们的公钥 Q1,而我们的私钥与其他人的公钥 Q2 的标量乘法将返回共享密钥.
我们可以用Smart攻击。本文对Smart的攻击进行了更深入的描述。然而,我们需要知道的是,当有限群的阶数等价于 p 时,它就会起作用,我们可以用 Sage 的 .order() 函数轻松检查.
解题脚本参考这个。剩下的就是用我们的参数替换参数,然后将其乘以 Q2 以获得共享密钥! 。
exp
def SmartAttack(P,Q,p):
E = P.curve()
Eqp = EllipticCurve(Qp(p, 2), [ ZZ(t) + randint(0,p)*p for t in E.a_invariants() ])
P_Qps = Eqp.lift_x(ZZ(P.xy()[0]), all=True)
for P_Qp in P_Qps:
if GF(p)(P_Qp.xy()[1]) == P.xy()[1]:
break
Q_Qps = Eqp.lift_x(ZZ(Q.xy()[0]), all=True)
for Q_Qp in Q_Qps:
if GF(p)(Q_Qp.xy()[1]) == Q.xy()[1]:
break
p_times_P = p*P_Qp
p_times_Q = p*Q_Qp
x_P,y_P = p_times_P.xy()
x_Q,y_Q = p_times_Q.xy()
phi_P = -(x_P/y_P)
phi_Q = -(x_Q/y_Q)
k = phi_Q/phi_P
return ZZ(k)
# p = 235322474717419
# E = EllipticCurve(GF(p), [0, 8856682])
# P = E.point((185328074730054,87402695517612))
# Q = E.point((184640716867876,45877854358580))
# Curve parameters --> Replace the next three lines with given values
p = 235322474717419
a = 0
b = 8856682
# Define curve
E = EllipticCurve(GF(p), [a, b])
assert(E.order() == p)
# Replace the next two lines with given values
pub_base = E(185328074730054 , 87402695517612)
Q1 = E(184640716867876 , 45877854358580)
priv_key = SmartAttack(pub_base, Q1,p)
print(priv_key)
Q2 = E(157967230203538,128158547239620)
print(priv_key * Q2)
#uoftctf{(11278025017971:36226806176053:1)}
题目 。
A wheelbarrow ran over the flag. Can you fix it?
Please wrap the flag in uoftctf{}. Please keep the $ in the flag when submitting. 。
Author: notnotpuns 。
密文:hc0rhh3r3ylmsrwr___lsewt_03raf_rpetouin$_3tb0_t 。
我的解答:
根据题目名称查找相应密码发现 Burrows-Wheeler 变换 。
所有可能结果如下:
整合得到:burr0w_wh33ler_transform_is_pr3tty_c00l_eh$th3_ 。
根据题目意思最终得到:
uoftctf{th3_burr0w_wh33ler_transform_is_pr3tty_c00l_eh$} 。
题目 。
This "state of the art"™ cipher can be exported to your enemies without restriction. 。
Author: nullptr 。
nc 0.cloud.chals.io 23753 。
chal.py 。
import ast
import threading
from exportcipher import *
try:
from flag import FLAG
except:
FLAG = "test{FLAG}"
MAX_COUNT = 100
TIMEOUT = 120 # seconds
def input_bytes(display_msg):
m = input(display_msg)
try:
m = ast.literal_eval(m)
except:
# might not be valid str or bytes literal but could still be valid input, so just encode it
pass
if isinstance(m, str):
m = m.encode()
assert isinstance(m, bytes)
return m
def timeout_handler():
print("Time is up, you can throw out your work as the key changed.")
exit()
if __name__ == "__main__":
print("Initializing Export Grade Cipher...")
key = int.from_bytes(os.urandom(5))
cipher = ExportGradeCipher(key)
print("You may choose up to {} plaintext messages to encrypt.".format(MAX_COUNT))
print("Recover the 40-bit key to get the flag.")
print("You have {} seconds.".format(TIMEOUT))
# enough time to crack a 40 bit key with the compute resources of a government
threading.Timer(TIMEOUT, timeout_handler).start()
i = 0
while i < MAX_COUNT:
pt = input_bytes("[MSG {}] plaintext: ".format(i))
if not pt:
break
if len(pt) > 512:
# don't allow excessively long messages
print("Message Too Long!")
continue
nonce = os.urandom(256)
cipher.init_with_nonce(nonce)
ct = cipher.encrypt(pt)
print("[MSG {}] nonce: {}".format(i, nonce))
print("[MSG {}] ciphertext: {}".format(i, ct))
# sanity check decryption
cipher.init_with_nonce(nonce)
assert pt == cipher.decrypt(ct)
i += 1
recovered_key = ast.literal_eval(input("Recovered Key: "))
assert isinstance(recovered_key, int)
if recovered_key == key:
print("That is the key! Here is the flag: {}".format(FLAG))
else:
print("Wrong!")
exportcipher.py 。
import os
class LFSR:
def __init__(self, seed, taps, size):
assert seed != 0
assert (seed >> size) == 0
assert len(taps) > 0 and (size - 1) in taps
self.state = seed
self.taps = taps
self.mask = (1 << size) - 1
def _shift(self):
feedback = 0
for tap in self.taps:
feedback ^= (self.state >> tap) & 1
self.state = ((self.state << 1) | feedback) & self.mask
def next_byte(self):
val = self.state & 0xFF
for _ in range(8):
self._shift()
return val
class ExportGradeCipher:
def __init__(self, key):
# 40 bit key
assert (key >> 40) == 0
self.key = key
self.initialized = False
def init_with_nonce(self, nonce):
# 256 byte nonce, nonce size isnt export controlled so hopefully this will compensate for the short key size
assert len(nonce) == 256
self.lfsr17 = LFSR((self.key & 0xFFFF) | (1 << 16), [2, 9, 10, 11, 14, 16], 17)
self.lfsr32 = LFSR(((self.key >> 16) | 0xAB << 24) & 0xFFFFFFFF, [1, 6, 16, 21, 23, 24, 25, 26, 30, 31], 32)
self.S = [i for i in range(256)]
# Fisher-Yates shuffle S-table
for i in range(255, 0, -1):
# generate j s.t. 0 <= j <= i, has modulo bias but good luck exploiting that
j = (self.lfsr17.next_byte() ^ self.lfsr32.next_byte()) % (i + 1)
self.S[i], self.S[j] = self.S[j], self.S[i]
j = 0
# use nonce to scramble S-table some more
for i in range(256):
j = (j + self.lfsr17.next_byte() ^ self.lfsr32.next_byte() + self.S[i] + nonce[i]) % 256
self.S[i], self.S[j] = self.S[j], self.S[i]
self.S_inv = [0 for _ in range(256)]
for i in range(256):
self.S_inv[self.S[i]] = i
self.initialized = True
def _update(self, v):
i = self.lfsr17.next_byte() ^ self.lfsr32.next_byte()
self.S[v], self.S[i] = self.S[i], self.S[v]
self.S_inv[self.S[v]] = v
self.S_inv[self.S[i]] = i
def encrypt(self, msg):
assert self.initialized
ct = bytes()
for v in msg:
ct += self.S[v].to_bytes()
self._update(v)
return ct
def decrypt(self, ct):
assert self.initialized
msg = bytes()
for v in ct:
vo = self.S_inv[v]
msg += vo.to_bytes()
self._update(vo)
return msg
if __name__ == "__main__":
cipher = ExportGradeCipher(int.from_bytes(os.urandom(5)))
nonce = os.urandom(256)
print("="*50)
print("Cipher Key: {}".format(cipher.key))
print("Nonce: {}".format(nonce))
msg = "ChatGPT: The Kerckhoffs' Principle, formulated by Auguste Kerckhoffs in the 19th century, is a fundamental concept in cryptography that states that the security of a cryptographic system should not rely on the secrecy of the algorithm, but rather on the secrecy of the key. In other words, a cryptosystem should remain secure even if all the details of the encryption algorithm, except for the key, are publicly known. This principle emphasizes the importance of key management in ensuring the confidentiality and integrity of encrypted data and promotes the development of encryption algorithms that can be openly analyzed and tested by the cryptographic community, making them more robust and trustworthy."
print("="*50)
print("Plaintext: {}".format(msg))
cipher.init_with_nonce(nonce)
ct = cipher.encrypt(msg.encode())
print("="*50)
print("Ciphertext: {}".format(ct))
cipher.init_with_nonce(nonce)
dec = cipher.decrypt(ct)
print("="*50)
try:
print("Decrypted: {}".format(dec))
assert msg.encode() == dec
except:
print("Decryption failed")
题目 。
Check out my flag website.
Author: windex 。
https://storage.googleapis.com/out-of-the-bucket/src/index.html
我的解答:
题目给出了一个网站,访问会发现两张图,lsb隐写?也不是。其他方式也试了不行。。。.
修改下url试试,最终在 。
https://storage.googleapis.com/out-of-the-bucket 。
里发现啦一些东西。以 XML 格式列出该站点的文档树如下:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<ListBucketResult>
<Name>out-of-the-bucket</Name>
<Prefix/>
<Marker/>
<IsTruncated>false</IsTruncated>
<Contents>
<Key>secret/</Key>
<Generation>1703868492595821</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:48:12.634Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
</Contents>
<Contents>
<Key>secret/dont_show</Key>
<Generation>1703868647771911</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:50:47.809Z</LastModified>
<ETag>"737eb19c7265186a2fab89b5c9757049"</ETag>
<Size>29</Size>
</Contents>
<Contents>
<Key>secret/funny.json</Key>
<Generation>1705174300570372</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2024-01-13T19:31:40.607Z</LastModified>
<ETag>"d1987ade72e435073728c0b6947a7aee"</ETag>
<Size>2369</Size>
</Contents>
<Contents>
<Key>src/</Key>
<Generation>1703867253127898</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:27:33.166Z</LastModified>
<ETag>"d41d8cd98f00b204e9800998ecf8427e"</ETag>
<Size>0</Size>
</Contents>
<Contents>
<Key>src/index.html</Key>
<Generation>1703867956175503</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:39:16.214Z</LastModified>
<ETag>"dc63d7225477ead6f340f3057263643f"</ETag>
<Size>1134</Size>
</Contents>
<Contents>
<Key>src/static/antwerp.jpg</Key>
<Generation>1703867372975107</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:29:33.022Z</LastModified>
<ETag>"cef4e40eacdf7616f046cc44cc55affc"</ETag>
<Size>45443</Size>
</Contents>
<Contents>
<Key>src/static/guam.jpg</Key>
<Generation>1703867372954729</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:29:32.993Z</LastModified>
<ETag>"f6350c93168c2955ceee030ca01b8edd"</ETag>
<Size>48805</Size>
</Contents>
<Contents>
<Key>src/static/style.css</Key>
<Generation>1703867372917610</Generation>
<MetaGeneration>1</MetaGeneration>
<LastModified>2023-12-29T16:29:32.972Z</LastModified>
<ETag>"0c12d00cc93c2b64eb4cccb3d36df8fd"</ETag>
<Size>76559</Size>
</Contents>
</ListBucketResult>
显然有一些可疑的URL,尝试访问发现 secret/dont_show 里面有flag 。
uoftctf{allUsers_is_not_safe} 。
最后此篇关于UofTCTF2024比赛记录的文章就讲到这里了,如果你想了解更多关于UofTCTF2024比赛记录的内容请搜索CFSDN的文章或继续浏览相关文章,希望大家以后支持我的博客! 。
鉴于我使用 matches!宏观 当我尝试将它与枚举一起使用时 然后它显示出意想不到的行为。 请参阅以下最小示例,playground 中也提供了该示例 pub enum Test { FIR
鉴于我使用 matches!宏观 当我尝试将它与枚举一起使用时 然后它显示出意想不到的行为。 请参阅以下最小示例,playground 中也提供了该示例 pub enum Test { FIR
我使用 pcrecpp c++ (PCRE lib) 我需要循环获取所有匹配项。我该怎么做? 例如模式: “你好” 和主题: “你好你好” 循环应该循环 3 次(因为 3 次匹配) 1 你好 2
循环赛算法在每场比赛只有团队相遇时工作正常。但是,如何在超过两支球队在同一场比赛中相遇的体育比赛或比赛中实现它。例如彩弹射击锦标赛,其中 2 到 n 个团队在 2 到 n 场比赛中相遇。仍然保持尽可能
http://ecoocs.org/contests/ecoo_2007.pdf 我正在为我所在地区即将举行的 ecoo regionals 学习,但我对这个问题感到困惑。我真的不知道从哪里开始。 它
如果有人可以帮助我使用二维数组概念而不是使用集合,那就太好了。因为我必须在这个逻辑中使用数组并获取输出。 问题: 第 1 组有四支球队,名称分别为(“A”、“B”、“C”、“D”)第 2 组有四支球队
我几乎正在尝试重新开始 JAVA 编程,只是需要一些我正在从事的小项目的指导。 差不多,我正在举办一场台球锦标赛,我希望每个玩家都能与每个玩家交手一次: 我创建了该程序( https://sconte
我遇到了这个问题,但无法想出解决方案。有一场 Frog 赛跑, Frog 有一定数量的有效跳步。它可以向前或向后移动。为了赢得比赛, Frog 必须尽可能靠近终点线,但不能越过终点线。 例子。6, 1
Closed. This question needs to be more focused。它当前不接受答案。
我正在为篮球赛季创建一个数据库。在这一点上,我保持简单,并存储表: -联盟 id[PK], name->(NBA, NCAAM, etc) -年 id[PK], league_id[FK], year
我将在当前工作的网站上创建竞赛。每个比赛都不会相同,并且可能有不同数量的输入字段,用户必须输入这些字段才能成为比赛的一部分,例如。 比赛 1 可能只需要一个名字 比赛 2 可能需要名字、姓氏和电子邮件
我正在尝试执行一个查询,该查询可以返回 5 个条件中的大多数匹配的结果。但如果只有 5 场比赛中的 5 场比赛,则优先。 为了说明我的问题,已准备好以下 SQL。 declare @tmp table
我已将所有 Json 转换器放在一个文件 JsonUtil 中,然后有一个 ConvertToJson 方法,该方法尝试转换传递给 json 的任何对象。 基本上是这样的结构: implicit va
我是一名优秀的程序员,十分优秀!