def handle(self): signal.alarm(1200) self.send(BANNER) if not self.proof_of_work(): return secret = bytes_to_long(os.urandom(16)) P = self.getMyPrime(512) n = P*getPrime(P.bit_length()) e = 65537 ciphertext = pow(secret, e, n) self.send("n = {}\ne = {}\nc = {}".format(n, e, ciphertext).encode()) while True: self.send(MENU, newline=False) choice = self.recv() if choice == b"1": module = getPrime(64) self.send(b"Give me the secret:") s = self.recv() if str(secret).encode() == s: self.send(b"Congratulations! Your flag is: "+flag.encode()) else: self.send(b"Wrong secret") continue self.request.close() break
def main(): print '''This is a WIP cipher that combines RSA and AES Encryption has been implemented, but I haven't figured how to decrypt yet Here is an encrypted message using this service that I recieved: %s , could you help me find the message?''' % flag.encode('hex') for _ in xrange(0x2000): print ''' 1. Encrypt service 2. Decrypt service 3. Quit ''' inp = raw_input().strip() if inp == '1': print 'Send a message to be encrypted' inp = raw_input().decode('hex') print 'Encrypted message:' print encrypt(inp).encode('hex') elif inp == '2': print 'Send a message to be decrypted' inp = raw_input().decode('hex') print 'Decrypted message:' print decrypt(inp) elif inp == '3': return 0 return 0
def handle(self): signal.alarm(1000) if not self.proof_of_work(): return self.send(b'[+] Welcome!') self.send(b'[+] Can you find the flag through the calculating?') self.score = 0 self.token = ''.join( random.sample(string.ascii_letters + string.digits, 8)) self.lenth = len(self.token) self.data = [] for i in range(self.lenth): self.data.append(getRandomInteger(17)) self.send(str(self.data).encode()) while True: self.send(MENU, newline=False) choice = self.recv() if (choice == b'1'): self.send(b"[+] Plz give me your x: ") now = int(self.recv().strip().decode()) now = self.function(now) self.send( ("[+] let me show you the answer: " + str(now)).encode()) elif (choice == b'2'): guess = self.recv().strip().decode() if (guess == self.token): self.score += 1 self.send(b"[+] You win!") self.send( ("[!] Now your score: " + str(self.score)).encode()) self.token = ''.join([ random.choice(string.digits + string.ascii_letters) for i in range((self.score + 1) * 8) ]) self.lenth = len(self.token) self.data = [] for i in range(self.lenth): self.data.append(getRandomInteger(17)) self.send(str(self.data).encode()) if (self.score >= 5): self.send(flag.encode()) else: self.send(b'[+] What do you want to say???') self.send(b'[!] Go away!') break else: break self.request.close()
def main(): poly = [bytes_to_long(flag.encode())] poly.extend(set([randint(1, P - 1) for i in range(MIN)])) print("┌───────────────┐") print("│ SSS Encryptor │") print("└───────────────┘") print("Enter text to encrypt, leave empty to quit.") while True: data = input(">>> ") if bytes_to_long(data.encode()) % P == 0: break print(eval_at(poly, bytes_to_long(data.encode()), P))
def main(): global flag N=8 key = generateMatrix(os.urandom(N*N),N) secret = encrypt(key,flag.encode(),N) print("Welcome to the Service.\n".center(100)) print("We allow only Encryption as our previous challs were hacked.\n") print("Take my secret and shut up :\n{}".format(secret.tolist())) while True: print("\n1 . Encryption") print("2 . Exit\n") try: type = int(input("Give me your choice : ")) if type==1: m = input("Give me your message : ").strip() secret = encrypt(key, m.encode(), N) print("Yeah, got your secret message :\n{}".format(secret.tolist())) else: print("Ok,bye!!") break except: print("Give me a number. Bye!!") break
#!/usr/bin/env python3 import os from pycryptography import encrypt from secret import flag if __name__ == '__main__': with open('flag.enc', 'wb+') as f: # 160 bits security! enc = encrypt(flag.encode(), os.urandom(20)) f.write(enc)
from sympy import mod_inverse from sympy import isprime from secret import flag from Crypto.Util.number import getPrime e = 65537 while True: p = getPrime(1024) q = mod_inverse(e, p) if isprime(q): break N = p * q m = int(flag.encode("hex"), 16) c = pow(m, e, N) f = open("pub.key", "a") f.write("e:" + str(e) + "\n") f.write("N:" + str(N)) f.close() f = open("flag.enc", "w") f.write(str(c)) f.close()
import os import base64 from Crypto.Cipher import AES from Crypto.Util.Padding import pad, unpad from secret import flag def encrypt(message, key): iv = os.urandom(16) cipher = AES.new(iv, AES.MODE_OFB, key) message = pad(message, 16) ciphertext = iv + cipher.encrypt(message) return ciphertext def decrypt(ciphertext, key): iv, ciphertext = ciphertext[:16], ciphertext[16:] cipher = AES.new(iv, AES.MODE_OFB, key) message = cipher.decrypt(ciphertext) return unpad(message, 16) if __name__ == '__main__': key = os.urandom(16) assert re.match(r'^firebird\{\w{58}\}$', flag) ciphertext = encrypt(flag.encode(), key) assert decrypt(ciphertext, key) == flag.encode() print(base64.b64encode(ciphertext).decode())
def write(self, data): self.stream.write(data) self.stream.flush() def writelines(self, datas): self.stream.writelines(datas) self.stream.flush() def __getattr__(self, attr): return getattr(self.stream, attr) sys.stdout = Unbuffered(sys.stdout) E = CurveFp(p, a, b) flag = int(flag.encode('hex'), 16) # submit SVATTT2018{flag} assert flag < order def check(number): if not all(c in string.digits for c in number): return False number = int(number) if number < 0 or number >= p: return False return True def calculate(number): n = (int(number) + 2) % p
from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from secret import flag import os rsa = RSA.generate(2048) public_key = rsa.publickey().exportKey() f = open("public.key", "w") f.write(public_key.decode()) f.close() rsakey = RSA.importKey(open("public.key", "r").read()) rsa = PKCS1_OAEP.new(rsakey) msg = rsa.encrypt(flag.encode()) f = open("message", "wb") f.write(msg) f.close()
P = add_points(P, P) n = n // 2 return Q def gen_key(): g = ( 29223879291878505213325643878338189297997503744039619988987863719655098, 32188620669315455017576071518169599806490004123869726364682284676721556 ) sk = random.randint(0, 2**256) pk = multiply(g, sk) return sk, pk a, A = gen_key() b, B = gen_key() print(A) print(B) shared = multiply(A, b)[0] key = sha256(long_to_bytes(shared)).digest() aes = AES.new(key, AES.MODE_ECB) ciphertext = aes.encrypt(pad(flag.encode(), AES.block_size)) print(ciphertext.hex()) """ (68279847973010227567437241690876400434176575735647388141445319082120661, 36521392659318312718307506287199839545959127964141955928297920414981390) (84698630137710906531637499064120297563999383201108850561060383338482806, 10975400339031190591877824767290004140780471215800442883565278903964109) 26b1b05962d188f1f2abdfad2cef049d45cfc27d9e46f40ebe52e367941bcfa05dd0ef698f528375be2185759e663431 """
from random import * from gmpy2 import * from fractions import * from binascii import hexlify from secret import flag #Setting up params a = randrange(2**10, 2**11) b = randrange(2**12, 2**13) c = randint(2, 2**1024) p = next_prime((a * c) + randint(2, 2**512)) q = next_prime((b * c) + randint(2, 2**512)) n = p * q e = randint(1024, 70000) while True: if ((e & (e + 1) == 0) and gcd(e, (p - 1) * (q - 1)) == 1): exp = e break e += 1 m = int(hexlify(flag.encode()).decode(), 16) enc = pow(m, exp, n) print("n : " + str(n)) print("a : " + str(a)) print("b : " + str(b)) print("enc : " + str(enc))
break while True: q = 2 * g * getPrime(int(nibt * (0.5 - gamma))) + 1 if isPrime(q): break assert 2 * p > q and 2 * q > p return p, q, g p1, q1, g1 = get_my_prime(1024, 0.2247) p2, q2, g2 = get_my_prime(1024, 0.3247) n1 = p1 * q1 n2 = p2 * q2 print(hex(n1)) # 0x48b11209b62c5bc580d00fc94886272b92814ce35fcd265b2915c6917a299bc54c2c0603c41f8bf7c8f6f2a545eb03d38f99ec995bf6658bb1a2d23056ee21c7230caa2decec688ea9ee00b0d50b39e8cd23eb2c3ddeb20f5ab26777b80052c171f47b716e72f6aee9cece92776fc65119046f9a1ad92c40e2094d7ed7526d49 print(hex(pow(bytes_to_long(b'Common prime RSA is a variant of RSA' + long_to_bytes(g1) + b'And the common factor g is large prime and p=2ga+1 q=2gb+1'), 3, n1))) # 0x27d8d7249643668ffc115be8b61775c60596e51f6313b47ad5af8493526922f5e10026a2cdaef74e22c3eec959dd8771abe3495b18d19f97623f5a3f65f22ff8fc294fc37ceb3b43ebbbf8a9bcf622922e22c5520dbd523483b9dc54fdffcd1a1b3f02ca1f53b75413fb79399ca00034f2acf108ac9a01bd24d2b9df6e27d156 print(hex(pow(g2, 65537, n1))) # 0xeaf06b9050a809659f962251b14d6b93009a7010f0e8d8f0fa4d71591757e98243b8ff50ec98a4e140fd8a63bbb4b8bb0a6d302a48845b8b09d1e40874fcb586ddccbb0bbf86d21540ec6c15c1d2bf925942f6f384fdc1baae7f8e06150ccd9459eb65d0f07eea16a911fa0a17e876a145dbfec83537ca2bee4641897b9f7f5 print(hex(n2)) # 0x6d457110d6044472d786936acbd3cd93c7728daa3343b35ccaa5c55eba6b35c28c831bb245b8cdd8fc8cb67a72f57e62a0e1259f5e804c487a8478f6895b302d39277bd73947598a5f8ec0a535be9e9a4d34df91df948ee44cc3d13d14e23b9651089e4767c7f0e7245df55619c92fe24483225d35f5f3ee6f74375065766ffd print(hex(pow(bytes_to_long(flag.encode()), 65537, n2))) # 0x15be2b0eaef8837a753587c47d3f31696a7d239d88837a9b7d903cd0d0648ef8e225ea555402693a23f305d19e7e13905be61b44c651dba5b26614bcf876234e765a724e0ed8af4a4e408e6a233c48ab9cc63e9c552ef9cd1999512aa0aca830fe6cbcbcc3c6bb354903124a2c3a12d442cdbdefdae6576f4bbc1515051b7111
#!/usr/bin/env python import os import pyDes from secret import flag key = os.urandom(8) d = pyDes.des(key) ciphertext = d.encrypt(flag.encode()) with open('ciphertext.txt', 'wb') as f: f.write(cipher) # print d.Kn[11] # [1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 0]
from Crypto.Util.number import getPrime, isPrime, bytes_to_long from Crypto.PublicKey.RSA import construct from secret import flag def getNextPrime(number): while not isPrime(number): number += 1 return number p = getPrime(2048) q = getNextPrime(p + 1) n = p * q e = 65537 encrypted_flag = pow(bytes_to_long(flag.encode('utf-16')), e, n) print("Public Key = \n{}".format( construct((n, e)).publickey().exportKey().decode())) print("Encrypted Flag = {}".format(hex(encrypted_flag)))
from Crypto.Util.number import getPrime, bytes_to_long from secret import flag p = getPrime(512) q = getPrime(512) r = getPrime(512) n = p * q * r nonsense = pow(p + 2020, 2020, n) c = pow(bytes_to_long(flag.encode()), 65537, n) print("flag_len =", len(flag)) print("n =", n) print("nonsense =", nonsense) print("c =", c) # Output: # # flag_len = 39 # n = 704454458221851461661183811203926482854224069127319092831751451353593479861145669240591809241910144278540140710664324485788702067202730173348138543405706520325862158575080868603258973193723181414713395304221676151508728657007690432094852411919839906992647582287289421088933359244150158455611463691097547815589984393918617205510503155570096657532151944758899768975179102179897817673589190234899461347962816263753280017774486016184285997899402529667104453243647041 # nonsense = 619702185453466044426440305546519560288553208384500754039920661789490438992638170809465127566997641711151823846830355670756118644043252626725422327872003280314907907831491100700042424275076075798162207363522831361472329212705500575689389167941348554649216729665288990191244293392337599621187627426580207781405496050863833453906886641616369766109818677629419264013197911109702601579819436760626969976959759016481496782589746018855952975293011977442058997629689532 # c = 413365447064806658027287713565823697294125119548502699216153382366328403747620921454187680760443877166701347567541889885099308594125683443351960016082217654533340845891753041076605199550617849923438029729514354415560524735562765460354940181029256500150489931090960564287104890261151827632423072700877388558658361537205944849043235617364002473905886332562388180061849847338211027956136484117425874841141830403441405316172557272275304138205252117732688669395833303
s = G.get_identity() a = self while n > 0: if n & 1: s = s.star(a) a = a.star(a) n = n >> 1 return s def __repr__(self): return repr(self.x) def __str__(self): return str(self.x) # PART 2: all you need to get flag import os from Crypto.Cipher.AES import AESCipher from secret import flag key = os.urandom(16) print( AESCipher(key).encrypt(flag.encode() + b"\x00" * (-len(flag) % 16)).hex()) # 4e8f206f074f895bde336601f0c8a2e092f944d95b798b01449e9b155b4ce5a5ae93cc9c677ad942c32d374419d5512c k = int.from_bytes(key, "big") g = G(2) print(g.repeated_star(k)) # 675847830679148875578181214123109335717
y = random.randint(1, p - 1) e = random.randint(1, p - 1) a = k * random.randint(1, p - 1)**2 % p b = (a * x**2 - y**2) * inverse(x, p) % p curve = SpecialCurve(p, a, b) G = (x, y) Q = curve.mul(G, e) print(f'curve={curve}') print(f'G={G}') print(f'Q={Q}') return e e1 = problem(128, 1) e2 = problem(256, 0) e3 = problem(512, -1) enc = bytes_to_long(hashlib.sha512( b'%d-%d-%d' % (e1, e2, e3)).digest()) ^ bytes_to_long(flag.encode()) print(f'enc={enc}') ''' curve=SpecialCurve(233083587295210134948821000868826832947,73126617271517175643081276880688551524,88798574825442191055315385745016140538) G=(183831340067417420551177442269962013567, 99817328357051895244693615825466756115) Q=(166671516040968894138381957537903638362, 111895361471674668502480740000666908829) curve=SpecialCurve(191068609532021291665270648892101370598912795286064024735411416824693692132923,0,58972296113624136043935650439499285317465012097982529049067402580914449774185) G=(91006613905368145804676933482275735904909223655198185414549961004950981863863, 96989919722797171541882834089135074413922451043302800296198062675754293402989) Q=(13504049588679281286169164714588439287464466303764421302084687307396426249546, 110661224324697604640962229701359894201176516005657224773855350780007949687952) curve=SpecialCurve(52373730653143623993722188411805072409768054271090317191163373082830382186155222057388907031638565243831629283127812681929449631957644692314271061305360051,28655236915186704327844312279364325861102737672471191366040478446302230316126579253163690638394777612892597409996413924040027276002261574013341150279408716,42416029226399083779760024372262489355327595236815424404537477696856946194575702884812426801334149232783155054432357826688204061261064100317825443760789993) G=(15928930551986151950313548861530582114536854007449249930339281771205424453985946290830967245733880747219865184207937142979512907006835750179101295088805979, 29726385672383966862722624018664799344530038744596171136235079529609085682764414035677068447708040589338778102975312549905710028842378574272316925268724240) Q=(38121552296651560305666865284721153617113944344833289618523344614838728589487183141203437711082603199613749216407692351802119887009907921660398772094998382, 26933444836972639216676645467487306576059428042654421228626400416790420281717654664520663525738892984862698457685902674487454159311739553538883303065780163) enc=4161358072766336252252471282975567407131586510079023869994510082082055094259455767245295677764252219353961906640516887754903722158044643700643524839069337 '''
key = 0x1234567890 else: key = getRandomInteger(keylen * 8) & 0xfffffffff0 #secret step if __debug__: print "##### challenge secret " ##### print "key = 0x%010x" % key keyHash = encryptKey(key) if __debug__: print "keyHash =", keyHash print "" print "####### given data #######" print "pt =", pt C = [0x31, 0x33, 0x33, 0x33, 0x37] A = shuffle(C, keyHash, pt) print "A =", A print "C =", C print "xorK =", reduce(lambda x, y: x ^ y, keyHash) flag = flag[ 5: -1] #removing CTF template. please make template again when submitting the flag. flag = zlib.compress(flag)[ 2:-4] #deompress: zlib.decompress(data, -zlib.MAX_WBITS) print "enc = \"" + encryptData(key, flag.encode("hex")) + "\""
#!/usr/bin/env python3 import json from secret import N, e, d, p, q, flag from Crypto.Cipher import AES from Crypto.PublicKey import RSA assert (len(str(p)) == 2457) assert (len(str(q)) == 2457) assert (len(flag) == 32) def pad(data): pad_size = AES.block_size - len(data) % AES.block_size return data + pad_size * bytes([pad_size]) rsa = RSA.construct((N, e, d, p, q)) pub = json.dumps({'N': N, 'e': e}).encode() priv = json.dumps({'N': N, 'e': e, 'p': p, 'q': q, 'd': d}).encode() aes = AES.new(flag, AES.MODE_ECB) priv_enc = aes.encrypt(pad(priv)) flag_enc = rsa.encrypt(flag.encode(), None)[0] open('pub.json', 'wb').write(pub) open('priv.json.enc', 'wb').write(priv_enc) open('flag.enc', 'wb').write(flag_enc)
from Crypto.Util.number import * from secret import flag flag = bytes_to_long(flag.encode()) def genkey(): p = getPrime(512) q = getPrime(512) N = p * q phi = (p - 1) * (q - 1) e = 0x10001 d = inverse(e, phi) assert GCD(e, phi) == 1 return N, e, d, pow(flag, e, N) def main(): N, e, d, c = genkey() print("Welcome to our secret RSA service.\n".center(100)) print( "Due to the corona virus epidemic, We are hiding our modulus but can your the public exponent = 0x10001.\n" ) print("Here's our secret Message : 0x{:x}\n".format(c)) while True: print("1. Encryption") print("2. Decryption") print("Give me choice > ", end="") try:
from secret import flag for i in range(5): flag= flag.encode('base64') flag=flag.encode('hex') f = open('ciphertext.txt','wb') f.write(flag)