base64
base64编码之后的字符串具有的特点:
*字符串只可能包含A-Z,a-z,0-9,+,/,=字符
*字符串长度是4的倍数
* =只会出现在字符串最后,可能没有或者一个等号或者两个等号
工具:https://www.sojson.com/base64.html
python代码:(注意文件不要命名为base64.py,否则import base64错误)
import base64
cipher = "Y3liZXJwZWFjZXtXZWxjb21lX3RvX25ld19Xb3JsZCF9"
plaintext = base64.b64decode(cipher)
print(plaintext)
Caesar
工具:https://www.qqxiuzi.cn/bianma/kaisamima.php
python代码:
def caesar(cipher):
for j in range(26):
str_list = list(cipher)
i = 0
while i < len(cipher):
if not str_list[i].isalpha():
str_list[i] = str_list[i]
else:
a = "A" if str_list[i].isupper() else "a"
str_list[i] = chr((ord(str_list[i]) - ord(a) + j) % 26 + ord(a))
i = i + 1
print(''.join(str_list))
if __name__ == '__main__':
cipher = "oknqdbqmoq{kag_tmhq_xqmdzqp_omqemd_qzodkbfuaz}"
caesar(cipher)
Morse
特征:
* 用点(.)和划(-)来编码范围0-9、A-Z的字符,字母不区分大小写
* 两个字母之间的空格用斜杠(/)或者三个点(.)或者一个划(-)表示,两个单词之间的间隔是七个点(.)
* 根据摩斯编码的原理,CTF中也有出现过变种的摩斯编码,比如点(.)和划(-)用数字0和1来表示等此类变种的思路
工具:http://ctf.ssleye.com/morse.html
python代码:
table ={'a': ".-", 'b': "-...", 'c': "-.-.", 'd': "-..", 'e': ".", 'f': "..-.", 'g': "--.", 'h': "....", 'i': "..", 'j': ".---", 'k': "-.-", 'l': ".-..", 'm': "--", 'n': "-.", 'o': "---", 'p': ".--.", 'q': "--.-", 'r': ".-.", 's': "...", 't': "-", 'u': "..-", 'v': "...-", 'w': ".--", 'x': "-..-", 'y': "-.--", 'z': "--..", '0': '-----', '1': '.----', '2': '..---', '3': '...--', '4': '....-', '5': '.....', '6': '-....', '7': '--...', '8': '---..', '9': '----.', ',': '--..--', '.': '.-.-.-', ':': '---...', ';': '-.-.-.', '?': '..--..', '=': '-...-', "'": '.----.', '/': '-..-.', '!': '-.-.--', '-': '-....-', '_': '..--.-', '(': '-.--.', ')': '-.--.-', '$': '...-..-', '&': '. . . .', '@': '.--.-.'}
def morse(cipher):
msg = ''
codes = cipher.split(' ')
for code in codes:
if code == '':
msg += ' '
else:
UNCODE = dict(map(lambda t: (t[1], t[0]), table.items()))
msg += UNCODE[code]
return msg
if __name__ == '__main__':
cipher ="11 111 010 000 0 1010 111 100 0 00 000 000 111 00 10 1 0 010 0 000 1 00 10 110"
cipher = cipher.replace('1', '-')
cipher = cipher.replace('0', '.')
plaintext = morse(cipher)
print(plaintext)
混合编码
步骤:①base64 ②unicode ③base64 ④unicode(要将/改为&#)
Railfence-----栅栏密码
工具:http://www.atoolbox.net/Tool.php?Id=777
不仅仅是Morse
步骤:
①Morse编码(python代码中要把“cipher = cipher.replace('1', '-') cipher = cipher.replace('0', '.')”改为“cipher=cipher.repalce('/',' ')”
②培根密码(倍康尼密码、Bacon's cipher):仅仅由ab构成;求解方式如下所示
工具:https://tool.bugku.com/peigen/
python代码:
import re
table ={'a': 'aaaaa', 'b': 'aaaab', 'c': 'aaaba', 'd': 'aaabb', 'e': 'aabaa', 'f': 'aabab', 'g': 'aabba', 'h': 'aabbb', 'i': 'abaaa', 'j': 'abaab', 'k': 'ababa', 'l': 'ababb', 'm': 'abbaa', 'n': 'abbab', 'o': 'abbba', 'p': 'abbbb', 'q': 'baaaa', 'r': 'baaab', 's': 'baaba', 't': 'baabb', 'u': 'babaa', 'v': 'babab', 'w': 'babba', 'x': 'babbb', 'y': 'bbaaa', 'z': 'bbaab'}
def bacon(cipher):
msg = ''
codes = re.findall(r'.{5}', cipher)
for code in codes:
if code == '':
msg += ' '
else:
UNCODE = dict(map(lambda t: (t[1], t[0]), table.items()))
msg += UNCODE[code]
return msg
if __name__ == '__main__':
cipher = 'aaaaabaabbbaabbaaaaaaaabaababaaaaaaabbabaaabbaaabbaabaaaababaabaaabbabaaabaaabaababbaabbbabaaabababbaaabbabaaabaabaabaaaabbabbaabbaabaabaaabaabaabaababaabbabaaaabbabaabba'
plaintext = bacon(cipher)
print(plaintext)
幂数加密/云影密码
python代码:
#二进制幂数加密/云影密码
a=str(input("密文:"))
a=a.split("0")
flag=''
for i in range(0,len(a)):
str = a[i]
list=[]
sum=0
for j in str:
list.append(j)
length = len(list)
for k in range(0,length):
sum+=int(list[k])
flag+=chr(sum+64)
print("明文为:",flag)
easy_RSA(已知p、q、e,求d 或 已知p、q、d,求e)
python代码:
def rsa_moder(n):
base=2
while base<n:
if n%base==0:
return base,n//base
base+=1
def rsa_get_euler(prime1,prinme2):#求欧拉函数
return (prime1-1)*(prime2-1)
def rsa_get_key(e,euler):
k=1
while True:
if (((euler*k)+1)%e)==0:
return (euler*k+1)//e
k+=1
def get_rsa_e_d(n,e=None,d=None):
if e is None and d is None:
return 0
arg=e
if arg is None:
arg=d
primes=rsa_moder(n)
p=primes[0]
q=primes[1]
d=rsa_get_key(arg,rsa_get_euler(p,q))
return d
p=int(input("p="))
q=int(input("q="))
n=p*q
e=int(input("e="))
d=get_rsa_e_d(n,e,None)
print("d=",d)
easychallenge
.pyc文件:
* 由py文件经过编译后,生成的文件
* pip install uncompyle6 (安装uncompyle6库,用于反编译)
* 进入.pyc文件所在的文件夹,然后uncomplyle6 -o . easychallenge.pyc,即可在该文件夹中得到.py文件
得到的easychallenge.py文件:
# uncompyle6 version 3.6.5
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.5.2 (v3.5.2:4def2a2901a5, Jun 25 2016, 22:18:55) [MSC v.1900 64 bit (AMD64)]
# Embedded file name: ans.py
# Compiled at: 2018-08-09 11:29:44
import base64
def encode1(ans):
s = ''
for i in ans:
x = ord(i) ^ 36
x = x + 25
s += chr(x)
return s
def encode2(ans):
s = ''
for i in ans:
x = ord(i) + 36
x = x ^ 36
s += chr(x)
return s
def encode3(ans):
return base64.b32encode(ans)
flag = ' '
print 'Please Input your flag:'
flag = raw_input()
final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E==='
if encode3(encode2(encode1(flag))) == final:
print 'correct'
else:
print 'wrong'
根据上面的easychallenge.py文件,写求逆程序(easychallenge_resolve.py):
import base64
def decode1(s):
ans=''
for x in s:
x=ord(x)-25
i=x^36
ans+=chr(i)
return ans
def decode2(s):
ans=''
for x in s:
x=x^36
i=x-36
ans+=chr(i)
return ans
def decode3(ans):
return base64.b32decode(ans)
if __name__=="__main__":
final = 'UC7KOWVXWVNKNIC2XCXKHKK2W5NLBKNOUOSK3LNNVWW3E==='
flag=decode1(decode2(decode3(final)))
print("flag=",flag)
Normal_RSA
将flag.enc和pubkey.pem放入kali虚拟机中,在终端打开,输入“openssl rsa -pubin -text -modulus -in warmup -in pubkey.pem”
得到的Modulus即为n,Exponent即为e
将得到的Modulus=....转化为十进制(工具)为87924348264132406875276140514499937145050893665602592992418171647042491658461,即为n
大数分解,得到:
p=275127860351348928173285174381581152299
q=319576316814478949870590164193048041239
在终端中输入“python rsatool.py -o private.pem -e 65537 -p 275127860351348928173285174381581152299 -q 319576316814478949870590164193048041239”
将flag.enc放在rsatool文件夹中,在终端打开,输入“openssl rsautl -decrypt -in flag.enc -inkey private.pem”
转轮机加密
python代码:
import re
sss='''1:< ZWAXJGDLUBVIQHKYPNTCRMOSFE < 2: < KPBELNACZDTRXMJQOYHGVSFUWI < 3:< BDMAIZVRNSJUWFHTEQGYXPLOCK < 4: < RPLNDVHGFCUKTEBSXQYIZMJWAO < 5:< IHFRLABEUOTSGJVDKCPMNZQWXY < 6: < AMKGHIWPNYCJBFZDRUSLOQXVET < 7:< GWTHSPYBXIZULVKMRAFDCEONJQ < 8: < NOZUTWDCVRJLXKISEFAPMYGHBQ < 9:< XPLTDSRFHENYVUBMCQWAOIKZGJ < 10: < UDNAJFBOWTGVRSCZQKELMXYIHP <11 < MNBVCXZQWERTPOIUYALSKDJFHG < 12 < LVNCMXZPQOWEIURYTASBKJDFHG <13 < JZQAWSXCDERFVBGTYHNUMKILOP <'''
m="NFQKSEVOQOFNP"
content=re.findall(r'<(.*?) <',sss,re.S)
iv=[2,3,7,5,13,12,9,1,8,10,4,11,6]
vvv=[]
ans=""
for i in range(13):
index=content[iv[i]-1].index(m[i])
vvv.append(index)
for i inrange(0,26):
flag=""
for j in range(13):
flag+=content[iv[j]-1][(vvv[j]+i)%26]
print(flag)
easy_ECC
ECC:椭圆加密算法,ECC椭圆曲线加密学习笔记、椭圆曲线的奇妙比喻
python代码:
import collections
def inverse_mod(k, p):
"""Returns the inverse of k modulo p. This function returns the only integer x such that (x * k) % p == 1. k must be non-zero and p must be a prime. """
if k == 0:
raise ZeroDivisionError('division by zero')
if k < 0:
# k ** -1 = p - (-k) ** -1 (mod p)
return p - inverse_mod(-k, p)
# Extended Euclidean algorithm.
s, old_s = 0, 1
t, old_t = 1, 0
r, old_r = p, k
while r != 0:
quotient = old_r // r
old_r, r = r, old_r - quotient * r
old_s, s = s, old_s - quotient * s
old_t, t = t, old_t - quotient * t
gcd, x, y = old_r, old_s, old_t
assert gcd == 1
assert (k * x) % p == 1
return x % p# Functions that work on curve points #
def is_on_curve(point):
"""Returns True if the given point lies on the elliptic curve."""
if point is None:
# None represents the point at infinity.
return True
x, y = point
return (y * y - x * x * x - curve.a * x - curve.b) % curve.p == 0def point_neg(point):
"""Returns -point."""
assert is_on_curve(point)
if point is None:
# -0 = 0
return None
x, y = point
result = (x, -y % curve.p)
assert is_on_curve(result)
return resultdef point_add(point1, point2):
"""Returns the result of point1 + point2 according to the group law."""
assert is_on_curve(point1)
assert is_on_curve(point2)
if point1 is None:
# 0 + point2 = point2
return point2
if point2 is None:
# point1 + 0 = point1
return point1
x1, y1 = point1
x2, y2 = point2
if x1 == x2 and y1 != y2:
# point1 + (-point1) = 0
return None
if x1 == x2:
# This is the case point1 == point2.
m = (3 * x1 * x1 + curve.a) * inverse_mod(2 * y1, curve.p)
else:
# This is the case point1 != point2.
m = (y1 - y2) * inverse_mod(x1 - x2, curve.p)
x3 = m * m - x1 - x2
y3 = y1 + m * (x3 - x1)
result = (x3 % curve.p, -y3 % curve.p)
assert is_on_curve(result)
return resultdef scalar_mult(k, point):
"""Returns k * point computed using the double and point_add algorithm."""
assert is_on_curve(point)
if k < 0:
# k * point = -k * (-point)
return scalar_mult(-k, point_neg(point))
result = None
addend = point
while k:
if k & 1:
# Add.
result = point_add(result, addend)
# Double.
addend = point_add(addend, addend)
k >>= 1
assert is_on_curve(result)
return result# Keypair generation and ECDHE #
def make_keypair():
"""Generates a random private-public key pair."""
private_key = curve.n
public_key = scalar_mult(private_key, curve.g)
return private_key, public_keyEllipticCurve = collections.namedtuple('EllipticCurve', 'name p a b g n h')
curve = EllipticCurve(
'secp256k1',
# Field characteristic.
p=15424654874903,
# Curve coefficients.
a=16546484,
b=4548674875,
# Base point.
g=(6478678675,5636379357093),
# Subgroup order.
n=546768,
# Subgroup cofactor.
h=1,
)
private_key, public_key = make_keypair()
print("private key:", hex(private_key))
print("public key: (0x{:x}, 0x{:x})".format(*public_key))
print("x + y = " + str(public_key[0] + public_key[1]))
