def main():
if not proof_of_work():
return
print("Welcome to MRCTF2021, enjoy this friendly sign-in question~")
flag_bits = bin(bytes_to_long(flag.encode()))[2:]
N = [getPrime(Bits) for _ in range(length)]
print('N =', N)
X = []
for i in range(length):
x = [int(input().strip()) for _ in range(length)]
if x in X:
print('No cheat!')
return
if x.count(0) > 0:
print('No trivial!')
return
if not check_ans(N, x):
print('Follow the rule!')
return
X.append(x)
print('your gift:', flag_bits[i])
from flag import flag
e = 0x1337
p = 199138677823743837339927520157607820029746574557746549094921488292877226509198315016018919385259781238148402833316033634968163276198999279327827901879426429664674358844084491830543271625147280950273934405879341438429171453002453838897458102128836690385604150324972907981960626767679153125735677417397078196059
q = 112213695905472142415221444515326532320352429478341683352811183503269676555434601229013679319423878238944956830244386653674413411658696751173844443394608246716053086226910581400528167848306119179879115809778793093611381764939789057524575349501163689452810148280625226541609383166347879832134495444706697124741
n = p * q
assert (flag.startswith('NCTF'))
m = int.from_bytes(flag.encode(), 'big')
assert (m.bit_length() > 1337)
c = pow(m, e, n)
print(c)
# 10562302690541901187975815594605242014385201583329309191736952454310803387032252007244962585846519762051885640856082157060593829013572592812958261432327975138581784360302599265408134332094134880789013207382277849503344042487389850373487656200657856862096900860792273206447552132458430989534820256156021128891296387414689693952047302604774923411425863612316726417214819110981605912408620996068520823370069362751149060142640529571400977787330956486849449005402750224992048562898004309319577192693315658275912449198365737965570035264841782399978307388920681068646219895287752359564029778568376881425070363592696751183359
from Crypto.Util.number import *
from random import getrandbits
from flag import flag
flag = bytes_to_long(flag.encode("utf-8"))
flag = bin(flag)[2:]
length = len(flag)
A = []
a, b = 0, 0
for _ in range(length):
a += getrandbits(32) + b
b += a
A.append(a)
p = getStrongPrime(512)
q = getStrongPrime(512)
assert q > sum(A)
pub_key = [a * p % q for a in A]
cipher = sum([int(flag[i]) * pub_key[i] for i in range(length)])
f = open("output.txt", "w")
f.write("pub_key = " + str(pub_key) + "\n")
f.write("cipher = " + str(cipher) + "\n")
f.close()
from Crypto.Util.number import getPrime, bytes_to_long
import time, urandom
from flag import flag
iv = bytes_to_long(urandom(256))
assert len(flag) == 15
keystream = bin(int(flag.encode('hex'), 16))[2:].rjust(8 * len(flag),
'0') #120
p = getPrime(1024)
q = getPrime(1024)
n = p * q
print "n:", n
cnt = 0
while True:
try:
print 'give me a number:'
m = int(raw_input())
except:
break
ct = iv
for i in range(1, 8):
if keystream[cnt] == '1':
ct += pow(m ^ q, i**i**i, n)
ct %= n
cnt = (cnt + 1) % len(keystream)
print "done:", ct
beta = 0.34
delta = 0.02
amplification = 2048
p = getPrime(int(beta * amplification))
q = getPrime(int((1 - beta) * amplification))
N = p * q
while True:
dq = getrandbits(int(delta * amplification))
dp = getrandbits(int((beta - delta) * amplification))
if (dp - dq) % gcd(p - 1, q - 1) != 0:
continue
d = ((inverse(
(p - 1) // gcd(p - 1, q - 1),
(q - 1) // gcd(p - 1, q - 1)) * (dq - dp) // gcd(p - 1, q - 1)) %
((q - 1) // gcd(p - 1, q - 1))) * (p - 1) + dp
if gcd(d, (p - 1) * (q - 1)) == 1:
break
e = inverse(d, (p - 1) * (q - 1))
m = bytes_to_long(flag.encode())
c = pow(m, e, N)
print('N =', N)
print('e =', e)
print('c =', c)
'''
N = 7194944829894746935571965271122989443610702698015123026500274312320541540511952275333536082176132102091625202863345739074691901574020649953130369453360247690506566827078013306825941200018330639608298539682191482947557146237487451707849833303794107411686130468587672820352641436722348277258977791778239539008852841749667581869688275892813664557078043533743669277649148468667399393518112220602616186358353262921270486781426670131125521444335280904901224934061164334131460273779473387748722008412594372005590209919098686472153912130124772089012962023984089123929555594332030502775588070235834837667605812843128059372243
e = 5872666789397408936685003821802975734744078884385553897196686533187747297681714766542317071546532454504513425295170366015384657690105523240363850101369048640430719519784564240908244756652800934680608667950183962226340288720771217107508516125044088043789281574833079766048266075717484676158307477384862873719462770774288252074344824446884295300603035728339571606659365040029505127532956295163195257002051007447197735267997104725561159289832252522298457628452222155625714679911912616173849423059919537353814530280736653541415686756485413316581322357887750268983241858913704388088485132644523120028234659344174431547087
c = 6601667269134560091452287214083525217696007424340765571114688738279264700361513951309195757650152324371826111195352731779137577044473630747863137747356695892337017953751159248388157498368915463745769509485009626774902347006319659852239932231921393353157319713540010424345134411781723171111939891127671029064626426950125001347122070491553845919803891156107693973027238705710354919725550360159383455222982999904576805089837067774838194257113022653159325313574447189639317397889065351340828031907571541750274329094240472180870714728295651611160552345500801797030280900507979459558944006193012524181456837126192865748097
'''
def hash(self, m):
f = int(flag.encode("hex"), 16)
x = sha512(str(f | m)).digest().encode("hex")
self.request.sendall(x + "\n")
def encrypt(flag, pubkey):
enc = pow(bytes_to_long(flag.encode('utf-8')), 0x10001, pubkey[0] * pubkey[1])
return enc
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from Crypto.Util.number import *
from flag import flag
def create_tuple(nbit): # sorry for dirty code that is not performant!
while True:
p, q = [getPrime(nbit) for _ in range(2)]
P = int(str(p) + str(q))
Q = int(str(q) + str(p))
if isPrime(P) and isPrime(Q):
return P, Q
def encrypt(msg, pkey):
return pow(bytes_to_long(msg), 31337, pkey)
nbit = 256
P, Q = create_tuple(nbit)
pkey = P * Q
enc = encrypt(flag.encode('utf-8'), pkey)
print('pkey =', pkey)
print('enc =', enc)
from Crypto.Util.number import *
from flag import flag
def nextPrime(n):
n += 2 if n & 1 else 1
while not isPrime(n):
n += 2
return n
p = getPrime(1024)
q = nextPrime(p)
n = p * q
e = 0x10001
d = inverse(e, (p - 1) * (q - 1))
c = pow(bytes_to_long(flag.encode()), e, n)
# d = 19275778946037899718035455438175509175723911466127462154506916564101519923603308900331427601983476886255849200332374081996442976307058597390881168155862238533018621944733299208108185814179466844504468163200369996564265921022888670062554504758512453217434777820468049494313818291727050400752551716550403647148197148884408264686846693842118387217753516963449753809860354047619256787869400297858568139700396567519469825398575103885487624463424429913017729585620877168171603444111464692841379661112075123399343270610272287865200880398193573260848268633461983435015031227070217852728240847398084414687146397303110709214913
# c = 5382723168073828110696168558294206681757991149022777821127563301413483223874527233300721180839298617076705685041174247415826157096583055069337393987892262764211225227035880754417457056723909135525244957935906902665679777101130111392780237502928656225705262431431953003520093932924375902111280077255205118217436744112064069429678632923259898627997145803892753989255615273140300021040654505901442787810653626524305706316663169341797205752938755590056568986738227803487467274114398257187962140796551136220532809687606867385639367743705527511680719955380746377631156468689844150878381460560990755652899449340045313521804
#!/usr/bin/env python
import gmpy2
from fractions import Fraction
from secret import p, q, s, X, Y
from flag import flag
assert gmpy2.is_prime(p) * gmpy2.is_prime(q) > 0
assert Fraction(p, p+1) + Fraction(q+1, q) == Fraction(2*s - X, s + Y)
print 'Fraction(p, p+1) + Fraction(q+1, q) = Fraction(2*s - %s, s + %s)' % (X, Y)
n = p * q
c = pow(int(flag.encode('hex'), 16), 0x20002, n)
print 'n =', n
print 'c =', c
#!/usr/bin/env python3
from Crypto.Util.number import *
from flag import flag
nbit = 64
while True:
p, q = getPrime(nbit), getPrime(nbit)
P = int(str(p) + str(q))
Q = int(str(q) + str(p))
PP = int(str(P) + str(Q))
QQ = int(str(Q) + str(P))
if isPrime(PP) and isPrime(QQ):
break
n = PP * QQ
m = bytes_to_long(flag.encode('utf-8'))
if m < n:
c = pow(m, 65537, n)
print('n =', n)
print('c =', c)
#p=9324884768249686093
#q=10512422984265378151
#CCTF{wH3Re_0Ur_Br41N_Iz_5uP3R_4CtIVe_bY_RSA!!}