2021 SCIST miniCTF write-up

CTF SCIST write-up
SCIST
Publish Date:   2021-01-24
Word Count:   845
Read Times:   4 Min
Read Count:  
作者: Gunjyo

Information

第一屆 SCIST 資安課程 練習賽

ID gunjyo
Date 2021/01/24 9:30-13:00
Rank(team) 2
Score 940

Crypto

Caesar

題目:

Tj5ETk92VVVVWj4vYG5cbVpgXG50WmdqZzg4eAU=

看到字串後面有=就可以猜到題目先做了base64的加密

含有不可視字元,丟上去線上工具會爛掉

所以要用 terminal 裡面的
然後自己寫一個 Caesar
script

from base64 import b64decode as b64d

a='Tj5ETk92VVVVWj4vYG5cbVpgXG50WmdqZzg4eAU='
a=(b64d(a).decode())

for i in range(256):
        if(chr((ord(a[0])+i)%256)=='S'):
                key=i
                break

for i in a:
        print(chr((ord(i)+key)%256),end='')

flag:SCIST{ZZZ_C4esar_easy_lol==}

Triple Prime

孿生質數 Twin Prime 的三胞胎版本(?
可以參考Rsa in CTF的第八頁

script

c= 67492486663486144772221547069643364693153882987514859982801483371495669234313843407759516594581600505367563236786229196073368724923881815927703467529105355771821522774825198758466493383723698769253456158342022557472368699641009606588908947853294254252464792031328215741187269870367497007150999774039497278814

e= 65537

n1= 129460532860596440160706624843422070781645956231421467972744690581522205174258577915016187584314083476242785444854594515879017256215500086068771217735325021467405636414989186151325017345519162566774426861247861213205744866676097362990428554608031872143809925068116556339068532303253893915296775431906994181539

n2= 129460532860596440160706624843422070781645956231421467972744690581522205174258577915016187584314083476242785444854594515879017256215500086068771217735325067405197029444112630416870299593351527503478052614265205752423349122130014615189517699859405374248112610462948216897942561697411354097800772588356777342511

n3= 129460532860596440160706624843422070781645956231421467972744690581522205174258577915016187584314083476242785444854594515879017256215500086068771217735325159280779815502359518947960864089016257376885304120299894830858557633037849119587695990362152378456717981252611538015690620485726274462808766901256343664479

from Crypto.Util.number import *

pq=(n2-n1-4)//2

phi1=n1-pq+1
phi2=n1+pq+1
phi3=n1+5*pq+25

d1=inverse(e,phi1)
d2=inverse(e,phi2)
d3=inverse(e,phi3)

m=pow(pow(pow(c,d3,n3),d2,n2),d1,n1)

print(bytes.fromhex(hex(m)[2:]))

flag:SCIST{twin_prime==vykp_rtkog}

Winner Winner Chicken Dinner

低解密指數攻擊 Wiener Attack
特性:

  1. q<p<2q

可以參考Rsa in CTF的第21頁

git clone https://github.com/pablocelayes/rsa-wiener-attack

記得要把py檔放在同一目錄下

script

import RSAwienerHacker
from Crypto.Util.number import *

n = 68126437388977012491646508485989748986441131328587518477687317430610358060299259889270096202942172667026765693121007244799277906816721129879871839668534245685223273320285357819059314305041568152938631311930694380458197864770594205779250872221180313165818499006934672425382344026926216633834392646021142886769
e = 15950795120525802915045576886792784828953195706868419082039089065630551280007920240748167126298220976040006667069839541710102987502293373955109113066554922904845606595280968695858510227233594594345712943776826231898942926115077969092158946886802684295287362659572633661590452939636520740933192957991470727487
c = 64084228016799140236089362630474537548271913453940735254127977713219774643382144415063040580056793784702386932065587548669067894646547290107939535980687043376839097247039277684116912998816751608587498829246494557174907620772811870282348713591834440433602622206371153329743437983172303794473772691521200966081

d=RSAwienerHacker.hack_RSA(e,n)
m=pow(c,d,n)
print(long_to_bytes(m))

flag:SCIST{w13n3R_aTt4cK_1S_Ez_wh3n_d_with_E}

Shuffle Puzzle

此題為 Substitution cipher

task.py可以看到freq是把flag去做詞頻分析後 字母高到低遞減輸出

所以我們把resdecode()拿到密文之後
也把密文去做詞頻分析

再將兩者的頻率對照
就可以把密文轉回明文了

from collections import Counter
from Crypto.Util.number import *

f = open("output.txt",'rb')

c = f.readline()
c = c.strip()
c = bytes.fromhex((c).decode('latin-1'))
c = c.decode('latin-1')

print(c)

#明文的字母頻率高低
freq=' EATNISORHLDCGWUBFYPKMVXZJQ'

#計算密文的字母頻率高低
newf = "".join(map(lambda i : i[0] , sorted(Counter(c).items() , key = lambda i : i[1] , reverse = True)))

print(newf)

#用頻率高低對照替換前的字母和替換後的字母,然後把你的密文替換回明文
for i in c:
        for j in range(len(freq)):
                if(newf[j]==i):
                        print(freq[j],end='')

flag 

HEREUPON LEGRAND AROSE WITH A GRAVE AND STATELY AIR AND BROUGHT ME THE BEETLEFROM A GLASS CASE IN WHICH IT WAS ENCLOSED IT WAS A BEAUTIFUL SCARABAEUS AND ATTHAT TIME UNKNOWN TO NATURALISTSOF COURSE A GREAT PRIZE IN A SCIENTIFIC POINTOF VIEW THERE WERE TWO ROUND BLACK SPOTS NEAR ONE EXTREMITY OF THE BACK AND ALONG ONE NEAR THE OTHER THE SCALES WERE EXCEEDINGLY HARD AND GLOSSY WITH ALL THEAPPEARANCE OF BURNISHED GOLD THE WEIGHT OF THE INSECT WAS VERY REMARKABLE ANDTAKING ALL THINGS INTO CONSIDERATION I COULD HARDLY BLAME JUPITER FOR HIS OPINIONRESPECTING IT SCIST I KNOW THIS FLAG IS VERY LONG BECAUSE I NEED MAKE FREQUENCY ANALYSIS WORK ON THIS CHALLENGE AND I WANT TO ASK WHETHER DID U SOLVE THIS BY HAND

Misc

Fuck…?

檔案裡面的東東用包起來了
所以可以試著用php執行

先裝php sudo apt install php7.2-cli

執行一次 將ERROR丟掉 抓SCIST的關鍵字
php output.txt 2>&1 | grep "SCIST{.*}

Regex標準式

flag:SCIST{Wtf_1s_th3sE_bu!L_sH1T...PHPFuck= =?}

Bits

既然他只有兩種顏色 1 和 0
那整體的形狀還是看的出來吧XD
所以可以縮小就得到 flag

Re[g][eE]x

此題為 Regex 正規表示式
按照格式打出合理的 flag 就可以了
^SCIST{[KCck]+[0Oo]*[1!Lli]{2,}_[\d\D]+_[\W]{1, 3}_(fL4G|flag)_no(?!ne)_ex(PRES|pres)(S[1L!lil0N])}$
可以拿到 regex101

flag
Ex. SCIST{k11_1_##_fL4G_no_exPRESSioN}

Author: Gunjyo
Link: https://gunjyo0817.github.io/2021/01/24/2021-SCIST-miniCTF-write-up/
Reprint policy: All articles in this blog are used except for special statements CC BY 4.0 reprint policy. If reproduced, please indicate source Gunjyo !
CTF SCIST write-up
  TOC