# WannaGame Freshman 2023 - Crypto ## 1. EasyRSA > I gave you two hints! Now it's your turn to give me my flag. ### Attachments: - easyRSA.py ```python from Crypto.Util.number import bytes_to_long, getPrime FLAG = b"W1{??????????????????????????}" p = getPrime(512) q = getPrime(512) e = 65537 n = p*p*q*q hint1 = p + q hint2 = p*q - p - q + 1 print("c =", pow(bytes_to_long(FLAG),e,n)) print("hint 1:", hint1) print("hint 2:", hint2) ``` - outputRSA.txt ```python c = 3778334964020085693122279865085669931544565594340822345918989508952697153279656102136896766069941711654206670695651429514092145744418890327941850114654449578138707810321552701030453820757236624767312202504750622959336960778419511800007797894081002357542180182105523582777650174695635469165347460411204007947912540366848738081190639561262267609709489546444644666346330477076696996699487362844232320060737648554287501932392681294728341607571792807384910146769288304726543715115373869342606973465866039825063286085254744403580981503955159533367921918990386586002820616696289107796591370087382822623875066545105848859819 hint 1: 20978135329472294939914714948198369484813382661367102444419294293577936274622454399412643333395069230540445488817871514639266385242274229865025904807357796 hint 2: 107283957759499663953333972940428532630825517639279168870550288698510570747194633174133941850038669632558664539532901591228896545932212704369190692506696118889217688783240077805671896860608066777266155415930965012190554894872594664088620308010376579887314084964024069034816205917207469185957050769629280580688 ``` ### Solution Ta thấy: $hint1 = p + q$ $hint2 = p * q - p - q + 1$ Đặt $q = hint1 - p$ và thế vào $hint2$ ta sẽ được $p^2 - hint1 * p + hint1 + hint2 - 1 = 0$ Giờ ta chỉ cần giải phương trình bậc 2 để tìm p và sau đó tìm q ```python from gmpy2 import iroot from Crypto.Util.number import long_to_bytes, inverse c = 3778334964020085693122279865085669931544565594340822345918989508952697153279656102136896766069941711654206670695651429514092145744418890327941850114654449578138707810321552701030453820757236624767312202504750622959336960778419511800007797894081002357542180182105523582777650174695635469165347460411204007947912540366848738081190639561262267609709489546444644666346330477076696996699487362844232320060737648554287501932392681294728341607571792807384910146769288304726543715115373869342606973465866039825063286085254744403580981503955159533367921918990386586002820616696289107796591370087382822623875066545105848859819 h1 = 20978135329472294939914714948198369484813382661367102444419294293577936274622454399412643333395069230540445488817871514639266385242274229865025904807357796 h2 = 107283957759499663953333972940428532630825517639279168870550288698510570747194633174133941850038669632558664539532901591228896545932212704369190692506696118889217688783240077805671896860608066777266155415930965012190554894872594664088620308010376579887314084964024069034816205917207469185957050769629280580688 # p * p - h1 * p + h1 + h2 - 1 = 0 p = (h1 + iroot(h1 * h1 - 4 * (h1 + h2 - 1), 2)[0]) // 2 q = h1 - p phi = p * (p - 1) * (q - 1) * q e = 65537 d = inverse(e, phi) m = pow(c, d, p * p * q * q) print(long_to_bytes(m)) ``` ### (Sau giải) Ta thấy $p * q = hint2 + hint1 - 1$ Mà $phi = p * q * (p - 1) * (q - 1)$ $\rightarrow phi = p * q * hint2$ $\rightarrow phi = (hint2 + hint1 - 1) * hint2$ ```python from Crypto.Util.number import long_to_bytes, inverse c = 3778334964020085693122279865085669931544565594340822345918989508952697153279656102136896766069941711654206670695651429514092145744418890327941850114654449578138707810321552701030453820757236624767312202504750622959336960778419511800007797894081002357542180182105523582777650174695635469165347460411204007947912540366848738081190639561262267609709489546444644666346330477076696996699487362844232320060737648554287501932392681294728341607571792807384910146769288304726543715115373869342606973465866039825063286085254744403580981503955159533367921918990386586002820616696289107796591370087382822623875066545105848859819 h1 = 20978135329472294939914714948198369484813382661367102444419294293577936274622454399412643333395069230540445488817871514639266385242274229865025904807357796 h2 = 107283957759499663953333972940428532630825517639279168870550288698510570747194633174133941850038669632558664539532901591228896545932212704369190692506696118889217688783240077805671896860608066777266155415930965012190554894872594664088620308010376579887314084964024069034816205917207469185957050769629280580688 phi = (h2 + h1 - 1) * h2 n = (h2 + h1 - 1) * (h2 + h1 - 1) e = 65537 d = inverse(e, phi) m = pow(c, d, n) print(long_to_bytes(m)) ``` ### Flag ``` W1{0k_th1s_1s_e4sy_RSA_1nd33d} ``` ## 2. Multi - Multi > More encryption, more secure. or is it? ### Attachments: - multi-multi.py ```python from random import randrange flag = b'W1{????????????????????????????}' base = [[randrange(1,2**10) for _ in range(len(flag))] for _ in range(len(flag))] def MM_encrypt(base,mul): enc = [] for i in range(len(base)): enc.append(sum(i*j for i,j in zip(base[i],mul))) return enc enc = [num for num in flag] for _ in range(100): enc = MM_encrypt(base,enc) print(base) print(enc) ``` - output.txt ```python [[604, 230, 565, 184, 702, 350, 373, 158, 242, 774, 293, 410, 120, 196, 543, 206, 878, 924, 496, 280, 615, 353, 973, 56, 492, 369, 513, 150, 779, 1004, 23, 782], [849, 180, 741, 904, 163, 835, 162, 243, 814, 755, 247, 221, 391, 836, 572, 473, 877, 889, 705, 439, 183, 724, 882, 463, 240, 989, 744, 1001, 303, 570, 188, 786], [306, 915, 654, 740, 215, 94, 645, 904, 782, 685, 51, 154, 184, 44, 434, 869, 130, 778, 769, 113, 804, 343, 344, 6, 489, 437, 976, 1, 472, 39, 770, 440], [865, 247, 597, 1010, 363, 971, 896, 218, 815, 417, 166, 586, 91, 322, 1019, 549, 227, 763, 179, 276, 28, 724, 375, 216, 447, 265, 128, 41, 503, 100, 831, 106], [632, 587, 328, 765, 815, 465, 757, 725, 209, 119, 235, 625, 822, 499, 646, 445, 430, 440, 131, 575, 487, 902, 799, 854, 659, 246, 365, 383, 736, 157, 343, 567], [282, 18, 299, 920, 513, 43, 599, 637, 140, 310, 91, 40, 1019, 517, 136, 863, 25, 3, 94, 832, 66, 541, 216, 605, 614, 803, 135, 270, 949, 777, 872, 1006], [779, 656, 435, 280, 97, 262, 369, 568, 850, 325, 293, 977, 269, 925, 363, 309, 226, 90, 296, 868, 417, 410, 383, 288, 702, 54, 200, 708, 696, 626, 140, 565], [513, 409, 846, 248, 463, 780, 694, 71, 540, 950, 684, 723, 264, 445, 455, 433, 85, 520, 203, 1004, 364, 178, 715, 546, 345, 642, 139, 929, 337, 750, 987, 359], [760, 98, 325, 713, 328, 430, 62, 557, 287, 681, 23, 292, 386, 554, 103, 90, 886, 111, 311, 56, 21, 623, 846, 28, 52, 76, 256, 523, 496, 401, 738, 203], [693, 424, 395, 836, 955, 346, 992, 1017, 960, 407, 227, 30, 319, 1, 933, 851, 867, 255, 55, 575, 402, 1010, 708, 978, 432, 430, 358, 574, 547, 683, 707, 475], [619, 649, 491, 413, 169, 167, 767, 670, 817, 985, 139, 814, 682, 780, 441, 338, 470, 225, 638, 732, 557, 305, 821, 476, 457, 399, 987, 399, 14, 277, 255, 925], [261, 907, 410, 706, 537, 891, 427, 966, 887, 292, 25, 225, 356, 771, 957, 971, 455, 177, 754, 595, 685, 835, 823, 984, 937, 1019, 702, 108, 886, 824, 796, 441], [522, 944, 492, 403, 495, 760, 771, 883, 860, 571, 978, 582, 24, 629, 702, 960, 13, 534, 531, 883, 690, 1010, 611, 198, 429, 544, 163, 593, 385, 207, 665, 1014], [169, 606, 63, 888, 227, 51, 354, 659, 39, 155, 643, 2, 401, 73, 12, 661, 36, 23, 49, 508, 1004, 1021, 86, 22, 443, 782, 816, 998, 650, 638, 685, 690], [896, 571, 240, 662, 434, 138, 20, 132, 576, 279, 629, 492, 268, 593, 384, 206, 567, 325, 327, 987, 175, 658, 834, 358, 614, 124, 388, 994, 106, 544, 114, 877], [323, 455, 337, 532, 971, 185, 1017, 416, 246, 513, 946, 122, 839, 496, 559, 680, 1002, 718, 337, 845, 684, 989, 898, 44, 905, 553, 458, 221, 895, 916, 670, 40], [870, 748, 178, 112, 250, 943, 183, 620, 595, 47, 342, 525, 989, 707, 108, 173, 157, 549, 711, 90, 581, 566, 988, 51, 53, 32, 572, 660, 916, 40, 42, 800], [987, 96, 608, 985, 461, 166, 157, 778, 959, 52, 12, 52, 352, 245, 20, 440, 822, 545, 136, 117, 678, 35, 849, 35, 365, 330, 387, 351, 417, 163, 331, 843], [526, 409, 910, 1006, 16, 985, 641, 14, 353, 269, 295, 851, 50, 80, 545, 780, 895, 139, 809, 527, 82, 330, 473, 832, 870, 174, 906, 354, 659, 637, 375, 640], [163, 100, 210, 127, 471, 845, 489, 234, 833, 655, 386, 259, 22, 128, 448, 777, 530, 379, 767, 199, 697, 879, 791, 711, 491, 119, 22, 790, 882, 400, 182, 683], [221, 157, 483, 267, 641, 204, 432, 823, 319, 543, 928, 1018, 501, 649, 49, 332, 68, 640, 573, 474, 572, 489, 33, 312, 695, 178, 628, 227, 326, 685, 980, 369], [814, 898, 501, 464, 158, 360, 779, 484, 590, 735, 643, 513, 80, 975, 552, 716, 333, 355, 484, 917, 260, 651, 996, 807, 498, 293, 742, 288, 476, 992, 146, 35], [428, 571, 528, 393, 976, 829, 153, 16, 52, 953, 54, 992, 370, 9, 270, 832, 766, 948, 641, 861, 591, 708, 674, 688, 1007, 702, 154, 49, 876, 227, 170, 256], [784, 446, 703, 398, 936, 620, 211, 907, 597, 674, 959, 156, 339, 605, 126, 684, 136, 249, 14, 209, 169, 595, 585, 365, 311, 930, 227, 12, 725, 562, 560, 457], [540, 25, 170, 924, 27, 80, 204, 273, 444, 775, 318, 154, 986, 70, 757, 881, 639, 784, 943, 375, 939, 669, 931, 787, 363, 899, 154, 558, 329, 576, 461, 649], [307, 719, 354, 876, 652, 970, 960, 772, 63, 164, 798, 584, 414, 666, 624, 28, 544, 236, 321, 781, 823, 1019, 900, 728, 280, 44, 935, 666, 844, 967, 199, 891], [499, 9, 506, 531, 336, 370, 379, 155, 657, 960, 877, 433, 595, 168, 637, 143, 899, 990, 850, 301, 193, 216, 230, 724, 614, 342, 995, 614, 549, 662, 137, 362], [547, 142, 80, 622, 525, 665, 19, 1011, 595, 461, 132, 164, 942, 989, 769, 118, 534, 688, 503, 539, 852, 271, 942, 619, 800, 906, 829, 947, 865, 674, 30, 755], [163, 88, 786, 511, 29, 1002, 14, 786, 880, 203, 994, 829, 1020, 527, 980, 810, 423, 787, 651, 232, 279, 67, 296, 130, 901, 410, 832, 6, 46, 491, 962, 607], [158, 288, 284, 261, 424, 195, 269, 784, 441, 675, 535, 365, 619, 270, 765, 524, 287, 768, 875, 441, 386, 147, 512, 581, 686, 798, 79, 523, 485, 143, 938, 51], [426, 181, 382, 156, 802, 611, 202, 710, 1017, 610, 167, 625, 631, 745, 599, 88, 885, 148, 214, 762, 810, 868, 537, 249, 560, 788, 941, 79, 77, 196, 127, 803], [231, 11, 458, 427, 364, 377, 575, 760, 410, 789, 98, 811, 919, 522, 91, 856, 1023, 903, 471, 196, 839, 399, 416, 622, 131, 592, 802, 128, 709, 751, 142, 496]] [227510606685383183557059443546311359559947627729227291585295252346148724168066165621844521179550182815965186726570779352943727096524282809823132474750822079219624193540090488608541925570767137751518478199127015832994338185392122775316304984177007483632215279398406145253814852275968477360924641914926409613486499854269792859154419133029317765216718373438357354506558677296992506341651558329141230442522075154555613354397979, 284202787706439076090218110622636767540060223899561228911375755714780501110297734591794353795262981520477819808871112689813480213804653808076337135159006533594684199435738688546215778994880545322298900311842837585145496883540798654564778198385162894027067522770149263114747184014902342533848524132339947555965358985670210878096995008947782852351503650395221876501469666957648243827866549576188614920684364061654348008545273, 227450610857303656363981531327378192873015210671184487214405047733279073154879721905741992948225424964353002078094114828069191799245876940223495969793580455200640478544608863154303324176089172405957573379907311591859211448388355319663880511600350671665273986806999015757422884746244058973207272851358765693678146003593458696538689105159373402493741577003841739738253068994894530499955532059992153808914776033538287418154056, 217885252369664157215688284265459070909654399307419948898684067816177079884636882988800236128480061705673725582423992257586160500682075692381150039858426513615026070221112753717185338760912782199459434075078697023543788905457011732918612668301347308023563088847214038100317022065755586978247211031965368466619098123676444859533887188154028171169246961670933365198490031380921418917391639256693364007815261653629215882429802, 265356130189614418724236509433044034706695267657772332760051568359857845902216440800157259032080165710906080389833423102144554526462830434249411029277380004804400572757197500383256953055077000371052458840801255308254059490568607795751384580642660129777539001978173279170127517427985112801699125239427372339891644925400467165148163144098164640906282809196502866615570136296928146741032362207255114981474624666010875933877230, 228237518167879297764230808428386047518840970983978788592879724315819001520111527888910713447140696633280252669234601683988114462964100890616006524746092449050908330809911162093640168070724712735590056990203988400740975014117004157967196192439066185142607078656225498312954105257419501557869196262762826599565979809943382764962892381328714167293705201981595781006382579154213638517126140173248111871135720654244918912368309, 226653018247408759760677188660018879547345955720634929186437700311285243533689472001921982422174175205109338123536282590403451085063974520989628763718126721483488933538207433015136680333908511941826008876452066178791402792532182049013677425361288792888666295414528859524410624882304544335770777843578666365055936302760627989721716920819930164258791477104938594465749812073855950574804010979435918428597314929204659645704811, 262334236078386870356742825706300882754861454370056626836530624661849135710855182686375832323509045730386873827467272916878336505671421474323841301298986958002322295205375388148808542248007491585600263522908903730191329106165614845260691231160393611902203053108106956413947163895695028727035923265377849006551414801002970721185099004468724485190546059271113130970515257267959465403142402122689095015434327425919182798159215, 177618462598234756919793038745108251914020453613733552513875083836099980267661353658709645203832864689469393520758939811856797015857200619600314429084336174163355195096732578895889494481515460792489517955126326084720612357091945741604199817953398958062300663525527226786623483763017431490414512591066606203844248913772886555182146412132902917099445233025169260254509012834114827771351895063389912793930688795189087539524344, 286103621077833029183086469762544477593878189889303607394903924982782539000759445422556520606711021955419069955820013959755912830349352322957014569945654066558881486973634781555447777780933083217110358294834872620181540737778294065129809592741315354092099254941645636377471099508143268118611431613988899008844736965574704363799063447524288306069894242220410310250543329362811756678273187698876854622144364141714138628218378, 266408057497271933933845382599898039252959699550949706389073076108651798561820304006805121774585941520815243245280770918872660545226447842358458559383103278444087604654212837520849540417308021360004323257307741243985376980223315271217664425756440690759027874205559651803761039809679406505088440820410951879938681978845329913439994918747087721921470533005719719503188119671948812029776925903999425251023568774384922252985056, 323045128896915580582823174981743883213571905275649306820469860522866553073571494422492966050463878563309180857331107932978739505531652579843197101237382105781247133492898925636954353087237280884888071806015165771404472829777262545365986089956951304675158980346540984761277029649011699595351784652907456936183647271295156538801733759869717682582589417211538079225104824858513293626703438570060964974017542797673346896031836, 300697462057882014331542228394400736731112264376447499350296767968606261917540094871477189979402374073597838963294408368220311705963069154960386197635054267838901895301182907984644562037140606097813469020497485765778506916339849640700556883616645432127514806627297185385637990495929030968455361252908585125629109721758731191442757478092130818270360883068649989345473432733651740401731503440671508896606249250881291259554888, 218504599841666904611645033730058236298030018312606988116077841207385340859937746188619805103176528008341126166319670530017849608733432942641903509206623051351810995523924519405751376331937667056812288950388134208688384926983229308304043457439282598153631562356797905598746412492238937398590351452270711099860247972645332458105587055138006469500346332821480245692097764088241542625543000728137469140466934301715315074901798, 227654983222847428253745928419044735150545505470683916931341531926531988694726378518349790716204433200128962288836861509239658137849235590447424864749273610330199239199911157416630941500410138635589880070750921137913574710212257432360198582676775112262453056219972420623995815727611933599983618002699020543372137794912086279887273951433944713475848640157522266381045410401134423765904456305088448598227875985407109331605696, 296248140439043002003635353470072309255261455345496812979046628653196052671854887405436627369724347819153647277005466913210756138275544174489572518812495504598615377536497046025628358419474102543343239292453880332715489558284276260653721452123387811904536048284416874208744677558976444812273660685873475838854327046712503221048665163381260757643571284485136295053658449394616892900949951371029846031790557837216098456623842, 225192968430329892944543727383748151178873809423994588383698822510697303609548380649792818859001149380236236780375500044614007762825359842612559123715028371675341393742973012502834456318107932695170972383983841968740671803060118103215932055430216835843744732682509988889598722036874424790659054923424673617853745848134804898125169712936581117773967998722160816715595365998366491497595697668560463576524409360137913314713327, 193810187984880006000238695260501819468944855417807202125463733938522422154146778160557254606956056198720902844989301390364149855531288199201253266789437776219662473213699245507006632807935400686210580321172432601343691721481473236800659841117482011167781618710676801932077701341334921514399126791801781824603766325657253469401703787795211081209613512427485359167535369459968953155548473124480070583604518796461649271416706, 256340877188721363444214423056434514542976030204347146243105817220638427533100648145678330203212942305844925519720306060454001983217948214991827821413928997687829151171306713200999726090811425932670687404195223482156787753879447224302058524296574411398758830417880509805023123989237943120647792615981157716383098975274396147049700679907546176109818046837384495657647469924463053375616357184635113845175152993234135013615461, 230472815737354641633294501578170079587960644250288936024451331176120203231799080554474095216103310636796425599028374672831373755145523179861708011471161098059157741407377050102017824772095485010556928889870297453013128425552622445600735152432323603393176767100620266714208969821260281425571856286279386724713133455236836017740049277883522645950910944958268674783029791488693454307027466633508548643910849714049333723106223, 235759696031589507528189291422912084802991633690199964688618913558554484874590524194777178940697589257362929453778730742318582178028530503386825958755890906073721935519880085785510199023985296424824007858154654888883546392437461316247941931679335288524557627623435391814469436032313016557077933005287817657388411199524892806318937198324508987229640183945118534691798030075593049276411466905895993191277385641553924058817741, 273490268697919478973659765648940825705222207370141610875154512097577513120807635588519356344456742801813272912472416474141729928159668431580794501625531597776771754946434302995077608452451064721613094362758973375778795474256362721560243774086710625152057904761069009002343987726408243208354339628749473190303238271726155655137481875149956780818505951009687685491156239236043055976398348306089577855443955718760649231484436, 269159630617047966530543700909862079622033212880489659269181871845113909848424957734520496190684498172928922295486645058653582139389631552750363048939460635497406443655925696050350232475414033642082868951317377690424788583915620794484257594551814151014122230718888560616998089383451689610401926692742913473064910133196468023532836232355023603469755390130883568089725081032904266862109675962110830157564993881060784588344721, 242036318069032200086085377053500774107669970618448263752180145780176272350331581937432366791617969666515443044825842711949068191924748256363594863112346098974618208154855273158716107323311046807981997109797555864478857409682880676077285875418447158661525058225693513040224327784402878875629994572059841556782921202365373350641787053670719192641953372831401060564045737851658436255609845784614305941183670612634024945940744, 264247952226103996297452269119473359928737785002862679616993756457299768374748986960665584438834165782015381435992529642210209413211288736960159555016204163089772504634689964418261642570406533352367032966817527391228680119859687308300418745912844840698582896872410906580920053219897051967117657899438959033454570208794332839754153812778896205072723421807701431337000747575267862210847828018764252994210891852752251547805523, 299658569868361683299863994518333729363625941279140260829396717571931429517670666886983222281782261158031748500813478173035299914569080079583765983802824368893022526348870643198625123848850802928229105886783995726110451037673131713125487275815053562019301747216431390344239701683696340027438685263002059031208673480284225704061168787899456252446969941181043200025840150681675695537776692233093278822516207477471041914208357, 246825240666240608154019123979679194704874782748009364080109561651253995535241183857594824619112211789923158001912413195862012030364429173854065476684228950723070994468964968624298166448761549488605427704135921776978456299779900056392215074050476219917188573170081706456289916294121930433943967956431985531444546262291620933230366381084947231876583600407584450581219535996320751485619996358835327353133679717469630384977948, 290230534183548521227388526456818567465261727612748680798882246607022513644126451401120817676234566010732484550933533934794817864660428608803904878985348120219227444172288478009763719044547080629545898050299428943330083428793995206718267773029279121337479475345286492132456678631612413894970093304433849597991299089321603275430346879506489031567702464185893204866606383975973456865895754429378429674755966949529442425137273, 261375969353269334476947121027066442608574050856756847054730904603457637972750622521928562180538593045826724666240044391882658251928948283319181673420496671883745299864497179583222673115655038339353472726943520713110009936012713876690520390606920791435259135688478348085458160219948776420015688705156257063408503060358166727182632646183679704042697148857316622775661621889848964989888495609225236255922228320673197582831848, 232227258855376147794159106471828131373730234529980986226065051280464909858787113275327186103873047296592229731870408761562670933025757476032188339074055986763143913252532282476732323178385109592107274058494330484193184427792228191346369039501175443250808361956150064857716773069933741570808494924325616699848188418413629783385158716356036428032791580000787964771478695805238020992122317652264751149704219026998617894913223, 250188535783304914477281529805820269439870530513171881864762433857136291941940186050812426625472906610275376154503157328827489804191572054351989517496235522209263000780520378320373155850745224099269436528665364419164547962374403835691906495116643025474170311424935592905383372313500455326293066023551352179058905753294260094362822929887492789771253494232712173229412599261032472856908345442600446845779980094921223936684483, 257817556568896521727746403402280111505028510165058489570852734144162295821080462325123491766236012151948538460211491763577164113807195009107631457559042705560586690710190297432537516343739548608432517793832802935157246712686193623510018321880452188843566392686045346720018796654889743340519971559863996035411450217157249216813049690243305343718544353134576700613259764600361066080606139275262275027050219544763006369556001] ``` ### Solution Sau khi đọc đoạn code trên ta thấy flag được mã hoá theo cách: $\begin{cases} enc[1] = base[1][1] * flag[1] + base[1][2] * flag[2] + \ ... \ + base[1][n] * flag[n]\\ enc[2] = base[2][1] * flag[1] + base[2][2] * flag[2] + \ ... \ + base[2][n] * flag[n]\\ ... \\ enc[n] = base[n][1] * flag[1] + base[n][2] * flag[2] + \ ... \ + base[n][n] * flag[n] \end{cases}$ Và điều này được thực hiện lặp lại 100 lần Vậy nên chúng ta chỉ cần giải ngược hệ phương trình trên 100 lần - solution.sage ```python from sympy import symbols, Eq, solve from Crypto.Util.number import long_to_bytes def descryption(base, enc): x = symbols('x0:32') equations = [] for i in range(len(base)): equations.append(Eq(sum([x[j] * base[i][j] for j in range(len(base[i]))]), enc[i])) return solve(equations, x) base = [[604, 230, 565, 184, 702, 350, 373, 158, 242, 774, 293, 410, 120, 196, 543, 206, 878, 924, 496, 280, 615, 353, 973, 56, 492, 369, 513, 150, 779, 1004, 23, 782], [849, 180, 741, 904, 163, 835, 162, 243, 814, 755, 247, 221, 391, 836, 572, 473, 877, 889, 705, 439, 183, 724, 882, 463, 240, 989, 744, 1001, 303, 570, 188, 786], [306, 915, 654, 740, 215, 94, 645, 904, 782, 685, 51, 154, 184, 44, 434, 869, 130, 778, 769, 113, 804, 343, 344, 6, 489, 437, 976, 1, 472, 39, 770, 440], [865, 247, 597, 1010, 363, 971, 896, 218, 815, 417, 166, 586, 91, 322, 1019, 549, 227, 763, 179, 276, 28, 724, 375, 216, 447, 265, 128, 41, 503, 100, 831, 106], [632, 587, 328, 765, 815, 465, 757, 725, 209, 119, 235, 625, 822, 499, 646, 445, 430, 440, 131, 575, 487, 902, 799, 854, 659, 246, 365, 383, 736, 157, 343, 567], [282, 18, 299, 920, 513, 43, 599, 637, 140, 310, 91, 40, 1019, 517, 136, 863, 25, 3, 94, 832, 66, 541, 216, 605, 614, 803, 135, 270, 949, 777, 872, 1006], [779, 656, 435, 280, 97, 262, 369, 568, 850, 325, 293, 977, 269, 925, 363, 309, 226, 90, 296, 868, 417, 410, 383, 288, 702, 54, 200, 708, 696, 626, 140, 565], [513, 409, 846, 248, 463, 780, 694, 71, 540, 950, 684, 723, 264, 445, 455, 433, 85, 520, 203, 1004, 364, 178, 715, 546, 345, 642, 139, 929, 337, 750, 987, 359], [760, 98, 325, 713, 328, 430, 62, 557, 287, 681, 23, 292, 386, 554, 103, 90, 886, 111, 311, 56, 21, 623, 846, 28, 52, 76, 256, 523, 496, 401, 738, 203], [693, 424, 395, 836, 955, 346, 992, 1017, 960, 407, 227, 30, 319, 1, 933, 851, 867, 255, 55, 575, 402, 1010, 708, 978, 432, 430, 358, 574, 547, 683, 707, 475], [619, 649, 491, 413, 169, 167, 767, 670, 817, 985, 139, 814, 682, 780, 441, 338, 470, 225, 638, 732, 557, 305, 821, 476, 457, 399, 987, 399, 14, 277, 255, 925], [261, 907, 410, 706, 537, 891, 427, 966, 887, 292, 25, 225, 356, 771, 957, 971, 455, 177, 754, 595, 685, 835, 823, 984, 937, 1019, 702, 108, 886, 824, 796, 441], [522, 944, 492, 403, 495, 760, 771, 883, 860, 571, 978, 582, 24, 629, 702, 960, 13, 534, 531, 883, 690, 1010, 611, 198, 429, 544, 163, 593, 385, 207, 665, 1014], [169, 606, 63, 888, 227, 51, 354, 659, 39, 155, 643, 2, 401, 73, 12, 661, 36, 23, 49, 508, 1004, 1021, 86, 22, 443, 782, 816, 998, 650, 638, 685, 690], [896, 571, 240, 662, 434, 138, 20, 132, 576, 279, 629, 492, 268, 593, 384, 206, 567, 325, 327, 987, 175, 658, 834, 358, 614, 124, 388, 994, 106, 544, 114, 877], [323, 455, 337, 532, 971, 185, 1017, 416, 246, 513, 946, 122, 839, 496, 559, 680, 1002, 718, 337, 845, 684, 989, 898, 44, 905, 553, 458, 221, 895, 916, 670, 40], [870, 748, 178, 112, 250, 943, 183, 620, 595, 47, 342, 525, 989, 707, 108, 173, 157, 549, 711, 90, 581, 566, 988, 51, 53, 32, 572, 660, 916, 40, 42, 800], [987, 96, 608, 985, 461, 166, 157, 778, 959, 52, 12, 52, 352, 245, 20, 440, 822, 545, 136, 117, 678, 35, 849, 35, 365, 330, 387, 351, 417, 163, 331, 843], [526, 409, 910, 1006, 16, 985, 641, 14, 353, 269, 295, 851, 50, 80, 545, 780, 895, 139, 809, 527, 82, 330, 473, 832, 870, 174, 906, 354, 659, 637, 375, 640], [163, 100, 210, 127, 471, 845, 489, 234, 833, 655, 386, 259, 22, 128, 448, 777, 530, 379, 767, 199, 697, 879, 791, 711, 491, 119, 22, 790, 882, 400, 182, 683], [221, 157, 483, 267, 641, 204, 432, 823, 319, 543, 928, 1018, 501, 649, 49, 332, 68, 640, 573, 474, 572, 489, 33, 312, 695, 178, 628, 227, 326, 685, 980, 369], [814, 898, 501, 464, 158, 360, 779, 484, 590, 735, 643, 513, 80, 975, 552, 716, 333, 355, 484, 917, 260, 651, 996, 807, 498, 293, 742, 288, 476, 992, 146, 35], [428, 571, 528, 393, 976, 829, 153, 16, 52, 953, 54, 992, 370, 9, 270, 832, 766, 948, 641, 861, 591, 708, 674, 688, 1007, 702, 154, 49, 876, 227, 170, 256], [784, 446, 703, 398, 936, 620, 211, 907, 597, 674, 959, 156, 339, 605, 126, 684, 136, 249, 14, 209, 169, 595, 585, 365, 311, 930, 227, 12, 725, 562, 560, 457], [540, 25, 170, 924, 27, 80, 204, 273, 444, 775, 318, 154, 986, 70, 757, 881, 639, 784, 943, 375, 939, 669, 931, 787, 363, 899, 154, 558, 329, 576, 461, 649], [307, 719, 354, 876, 652, 970, 960, 772, 63, 164, 798, 584, 414, 666, 624, 28, 544, 236, 321, 781, 823, 1019, 900, 728, 280, 44, 935, 666, 844, 967, 199, 891], [499, 9, 506, 531, 336, 370, 379, 155, 657, 960, 877, 433, 595, 168, 637, 143, 899, 990, 850, 301, 193, 216, 230, 724, 614, 342, 995, 614, 549, 662, 137, 362], [547, 142, 80, 622, 525, 665, 19, 1011, 595, 461, 132, 164, 942, 989, 769, 118, 534, 688, 503, 539, 852, 271, 942, 619, 800, 906, 829, 947, 865, 674, 30, 755], [163, 88, 786, 511, 29, 1002, 14, 786, 880, 203, 994, 829, 1020, 527, 980, 810, 423, 787, 651, 232, 279, 67, 296, 130, 901, 410, 832, 6, 46, 491, 962, 607], [158, 288, 284, 261, 424, 195, 269, 784, 441, 675, 535, 365, 619, 270, 765, 524, 287, 768, 875, 441, 386, 147, 512, 581, 686, 798, 79, 523, 485, 143, 938, 51], [426, 181, 382, 156, 802, 611, 202, 710, 1017, 610, 167, 625, 631, 745, 599, 88, 885, 148, 214, 762, 810, 868, 537, 249, 560, 788, 941, 79, 77, 196, 127, 803], [231, 11, 458, 427, 364, 377, 575, 760, 410, 789, 98, 811, 919, 522, 91, 856, 1023, 903, 471, 196, 839, 399, 416, 622, 131, 592, 802, 128, 709, 751, 142, 496]] enc =[227510606685383183557059443546311359559947627729227291585295252346148724168066165621844521179550182815965186726570779352943727096524282809823132474750822079219624193540090488608541925570767137751518478199127015832994338185392122775316304984177007483632215279398406145253814852275968477360924641914926409613486499854269792859154419133029317765216718373438357354506558677296992506341651558329141230442522075154555613354397979, 284202787706439076090218110622636767540060223899561228911375755714780501110297734591794353795262981520477819808871112689813480213804653808076337135159006533594684199435738688546215778994880545322298900311842837585145496883540798654564778198385162894027067522770149263114747184014902342533848524132339947555965358985670210878096995008947782852351503650395221876501469666957648243827866549576188614920684364061654348008545273, 227450610857303656363981531327378192873015210671184487214405047733279073154879721905741992948225424964353002078094114828069191799245876940223495969793580455200640478544608863154303324176089172405957573379907311591859211448388355319663880511600350671665273986806999015757422884746244058973207272851358765693678146003593458696538689105159373402493741577003841739738253068994894530499955532059992153808914776033538287418154056, 217885252369664157215688284265459070909654399307419948898684067816177079884636882988800236128480061705673725582423992257586160500682075692381150039858426513615026070221112753717185338760912782199459434075078697023543788905457011732918612668301347308023563088847214038100317022065755586978247211031965368466619098123676444859533887188154028171169246961670933365198490031380921418917391639256693364007815261653629215882429802, 265356130189614418724236509433044034706695267657772332760051568359857845902216440800157259032080165710906080389833423102144554526462830434249411029277380004804400572757197500383256953055077000371052458840801255308254059490568607795751384580642660129777539001978173279170127517427985112801699125239427372339891644925400467165148163144098164640906282809196502866615570136296928146741032362207255114981474624666010875933877230, 228237518167879297764230808428386047518840970983978788592879724315819001520111527888910713447140696633280252669234601683988114462964100890616006524746092449050908330809911162093640168070724712735590056990203988400740975014117004157967196192439066185142607078656225498312954105257419501557869196262762826599565979809943382764962892381328714167293705201981595781006382579154213638517126140173248111871135720654244918912368309, 226653018247408759760677188660018879547345955720634929186437700311285243533689472001921982422174175205109338123536282590403451085063974520989628763718126721483488933538207433015136680333908511941826008876452066178791402792532182049013677425361288792888666295414528859524410624882304544335770777843578666365055936302760627989721716920819930164258791477104938594465749812073855950574804010979435918428597314929204659645704811, 262334236078386870356742825706300882754861454370056626836530624661849135710855182686375832323509045730386873827467272916878336505671421474323841301298986958002322295205375388148808542248007491585600263522908903730191329106165614845260691231160393611902203053108106956413947163895695028727035923265377849006551414801002970721185099004468724485190546059271113130970515257267959465403142402122689095015434327425919182798159215, 177618462598234756919793038745108251914020453613733552513875083836099980267661353658709645203832864689469393520758939811856797015857200619600314429084336174163355195096732578895889494481515460792489517955126326084720612357091945741604199817953398958062300663525527226786623483763017431490414512591066606203844248913772886555182146412132902917099445233025169260254509012834114827771351895063389912793930688795189087539524344, 286103621077833029183086469762544477593878189889303607394903924982782539000759445422556520606711021955419069955820013959755912830349352322957014569945654066558881486973634781555447777780933083217110358294834872620181540737778294065129809592741315354092099254941645636377471099508143268118611431613988899008844736965574704363799063447524288306069894242220410310250543329362811756678273187698876854622144364141714138628218378, 266408057497271933933845382599898039252959699550949706389073076108651798561820304006805121774585941520815243245280770918872660545226447842358458559383103278444087604654212837520849540417308021360004323257307741243985376980223315271217664425756440690759027874205559651803761039809679406505088440820410951879938681978845329913439994918747087721921470533005719719503188119671948812029776925903999425251023568774384922252985056, 323045128896915580582823174981743883213571905275649306820469860522866553073571494422492966050463878563309180857331107932978739505531652579843197101237382105781247133492898925636954353087237280884888071806015165771404472829777262545365986089956951304675158980346540984761277029649011699595351784652907456936183647271295156538801733759869717682582589417211538079225104824858513293626703438570060964974017542797673346896031836, 300697462057882014331542228394400736731112264376447499350296767968606261917540094871477189979402374073597838963294408368220311705963069154960386197635054267838901895301182907984644562037140606097813469020497485765778506916339849640700556883616645432127514806627297185385637990495929030968455361252908585125629109721758731191442757478092130818270360883068649989345473432733651740401731503440671508896606249250881291259554888, 218504599841666904611645033730058236298030018312606988116077841207385340859937746188619805103176528008341126166319670530017849608733432942641903509206623051351810995523924519405751376331937667056812288950388134208688384926983229308304043457439282598153631562356797905598746412492238937398590351452270711099860247972645332458105587055138006469500346332821480245692097764088241542625543000728137469140466934301715315074901798, 227654983222847428253745928419044735150545505470683916931341531926531988694726378518349790716204433200128962288836861509239658137849235590447424864749273610330199239199911157416630941500410138635589880070750921137913574710212257432360198582676775112262453056219972420623995815727611933599983618002699020543372137794912086279887273951433944713475848640157522266381045410401134423765904456305088448598227875985407109331605696, 296248140439043002003635353470072309255261455345496812979046628653196052671854887405436627369724347819153647277005466913210756138275544174489572518812495504598615377536497046025628358419474102543343239292453880332715489558284276260653721452123387811904536048284416874208744677558976444812273660685873475838854327046712503221048665163381260757643571284485136295053658449394616892900949951371029846031790557837216098456623842, 225192968430329892944543727383748151178873809423994588383698822510697303609548380649792818859001149380236236780375500044614007762825359842612559123715028371675341393742973012502834456318107932695170972383983841968740671803060118103215932055430216835843744732682509988889598722036874424790659054923424673617853745848134804898125169712936581117773967998722160816715595365998366491497595697668560463576524409360137913314713327, 193810187984880006000238695260501819468944855417807202125463733938522422154146778160557254606956056198720902844989301390364149855531288199201253266789437776219662473213699245507006632807935400686210580321172432601343691721481473236800659841117482011167781618710676801932077701341334921514399126791801781824603766325657253469401703787795211081209613512427485359167535369459968953155548473124480070583604518796461649271416706, 256340877188721363444214423056434514542976030204347146243105817220638427533100648145678330203212942305844925519720306060454001983217948214991827821413928997687829151171306713200999726090811425932670687404195223482156787753879447224302058524296574411398758830417880509805023123989237943120647792615981157716383098975274396147049700679907546176109818046837384495657647469924463053375616357184635113845175152993234135013615461, 230472815737354641633294501578170079587960644250288936024451331176120203231799080554474095216103310636796425599028374672831373755145523179861708011471161098059157741407377050102017824772095485010556928889870297453013128425552622445600735152432323603393176767100620266714208969821260281425571856286279386724713133455236836017740049277883522645950910944958268674783029791488693454307027466633508548643910849714049333723106223, 235759696031589507528189291422912084802991633690199964688618913558554484874590524194777178940697589257362929453778730742318582178028530503386825958755890906073721935519880085785510199023985296424824007858154654888883546392437461316247941931679335288524557627623435391814469436032313016557077933005287817657388411199524892806318937198324508987229640183945118534691798030075593049276411466905895993191277385641553924058817741, 273490268697919478973659765648940825705222207370141610875154512097577513120807635588519356344456742801813272912472416474141729928159668431580794501625531597776771754946434302995077608452451064721613094362758973375778795474256362721560243774086710625152057904761069009002343987726408243208354339628749473190303238271726155655137481875149956780818505951009687685491156239236043055976398348306089577855443955718760649231484436, 269159630617047966530543700909862079622033212880489659269181871845113909848424957734520496190684498172928922295486645058653582139389631552750363048939460635497406443655925696050350232475414033642082868951317377690424788583915620794484257594551814151014122230718888560616998089383451689610401926692742913473064910133196468023532836232355023603469755390130883568089725081032904266862109675962110830157564993881060784588344721, 242036318069032200086085377053500774107669970618448263752180145780176272350331581937432366791617969666515443044825842711949068191924748256363594863112346098974618208154855273158716107323311046807981997109797555864478857409682880676077285875418447158661525058225693513040224327784402878875629994572059841556782921202365373350641787053670719192641953372831401060564045737851658436255609845784614305941183670612634024945940744, 264247952226103996297452269119473359928737785002862679616993756457299768374748986960665584438834165782015381435992529642210209413211288736960159555016204163089772504634689964418261642570406533352367032966817527391228680119859687308300418745912844840698582896872410906580920053219897051967117657899438959033454570208794332839754153812778896205072723421807701431337000747575267862210847828018764252994210891852752251547805523, 299658569868361683299863994518333729363625941279140260829396717571931429517670666886983222281782261158031748500813478173035299914569080079583765983802824368893022526348870643198625123848850802928229105886783995726110451037673131713125487275815053562019301747216431390344239701683696340027438685263002059031208673480284225704061168787899456252446969941181043200025840150681675695537776692233093278822516207477471041914208357, 246825240666240608154019123979679194704874782748009364080109561651253995535241183857594824619112211789923158001912413195862012030364429173854065476684228950723070994468964968624298166448761549488605427704135921776978456299779900056392215074050476219917188573170081706456289916294121930433943967956431985531444546262291620933230366381084947231876583600407584450581219535996320751485619996358835327353133679717469630384977948, 290230534183548521227388526456818567465261727612748680798882246607022513644126451401120817676234566010732484550933533934794817864660428608803904878985348120219227444172288478009763719044547080629545898050299428943330083428793995206718267773029279121337479475345286492132456678631612413894970093304433849597991299089321603275430346879506489031567702464185893204866606383975973456865895754429378429674755966949529442425137273, 261375969353269334476947121027066442608574050856756847054730904603457637972750622521928562180538593045826724666240044391882658251928948283319181673420496671883745299864497179583222673115655038339353472726943520713110009936012713876690520390606920791435259135688478348085458160219948776420015688705156257063408503060358166727182632646183679704042697148857316622775661621889848964989888495609225236255922228320673197582831848, 232227258855376147794159106471828131373730234529980986226065051280464909858787113275327186103873047296592229731870408761562670933025757476032188339074055986763143913252532282476732323178385109592107274058494330484193184427792228191346369039501175443250808361956150064857716773069933741570808494924325616699848188418413629783385158716356036428032791580000787964771478695805238020992122317652264751149704219026998617894913223, 250188535783304914477281529805820269439870530513171881864762433857136291941940186050812426625472906610275376154503157328827489804191572054351989517496235522209263000780520378320373155850745224099269436528665364419164547962374403835691906495116643025474170311424935592905383372313500455326293066023551352179058905753294260094362822929887492789771253494232712173229412599261032472856908345442600446845779980094921223936684483, 257817556568896521727746403402280111505028510165058489570852734144162295821080462325123491766236012151948538460211491763577164113807195009107631457559042705560586690710190297432537516343739548608432517793832802935157246712686193623510018321880452188843566392686045346720018796654889743340519971559863996035411450217157249216813049690243305343718544353134576700613259764600361066080606139275262275027050219544763006369556001] for i in range(100): tmp = descryption(base, enc) cnt = 0 for x, y in tmp.items(): enc[cnt] = y cnt += 1 plaintext = b"" for i in enc: plaintext += long_to_bytes(i) print(plaintext) ``` #### (Sau giải) Từ những ý trên ta có thể nhận thấy được khi cho $base$ và $flag$ là một ma trận thì: $flag * {base}^{100} = enc$ $\rightarrow flag = enc * ({base}^{100})^{-1}$ Từ đây ta chỉ cần nhân ma trận là giải xong bài toán ```python import numpy as np from Crypto.Util.number import long_to_bytes base = [[604, 230, 565, 184, 702, 350, 373, 158, 242, 774, 293, 410, 120, 196, 543, 206, 878, 924, 496, 280, 615, 353, 973, 56, 492, 369, 513, 150, 779, 1004, 23, 782], [849, 180, 741, 904, 163, 835, 162, 243, 814, 755, 247, 221, 391, 836, 572, 473, 877, 889, 705, 439, 183, 724, 882, 463, 240, 989, 744, 1001, 303, 570, 188, 786], [306, 915, 654, 740, 215, 94, 645, 904, 782, 685, 51, 154, 184, 44, 434, 869, 130, 778, 769, 113, 804, 343, 344, 6, 489, 437, 976, 1, 472, 39, 770, 440], [865, 247, 597, 1010, 363, 971, 896, 218, 815, 417, 166, 586, 91, 322, 1019, 549, 227, 763, 179, 276, 28, 724, 375, 216, 447, 265, 128, 41, 503, 100, 831, 106], [632, 587, 328, 765, 815, 465, 757, 725, 209, 119, 235, 625, 822, 499, 646, 445, 430, 440, 131, 575, 487, 902, 799, 854, 659, 246, 365, 383, 736, 157, 343, 567], [282, 18, 299, 920, 513, 43, 599, 637, 140, 310, 91, 40, 1019, 517, 136, 863, 25, 3, 94, 832, 66, 541, 216, 605, 614, 803, 135, 270, 949, 777, 872, 1006], [779, 656, 435, 280, 97, 262, 369, 568, 850, 325, 293, 977, 269, 925, 363, 309, 226, 90, 296, 868, 417, 410, 383, 288, 702, 54, 200, 708, 696, 626, 140, 565], [513, 409, 846, 248, 463, 780, 694, 71, 540, 950, 684, 723, 264, 445, 455, 433, 85, 520, 203, 1004, 364, 178, 715, 546, 345, 642, 139, 929, 337, 750, 987, 359], [760, 98, 325, 713, 328, 430, 62, 557, 287, 681, 23, 292, 386, 554, 103, 90, 886, 111, 311, 56, 21, 623, 846, 28, 52, 76, 256, 523, 496, 401, 738, 203], [693, 424, 395, 836, 955, 346, 992, 1017, 960, 407, 227, 30, 319, 1, 933, 851, 867, 255, 55, 575, 402, 1010, 708, 978, 432, 430, 358, 574, 547, 683, 707, 475], [619, 649, 491, 413, 169, 167, 767, 670, 817, 985, 139, 814, 682, 780, 441, 338, 470, 225, 638, 732, 557, 305, 821, 476, 457, 399, 987, 399, 14, 277, 255, 925], [261, 907, 410, 706, 537, 891, 427, 966, 887, 292, 25, 225, 356, 771, 957, 971, 455, 177, 754, 595, 685, 835, 823, 984, 937, 1019, 702, 108, 886, 824, 796, 441], [522, 944, 492, 403, 495, 760, 771, 883, 860, 571, 978, 582, 24, 629, 702, 960, 13, 534, 531, 883, 690, 1010, 611, 198, 429, 544, 163, 593, 385, 207, 665, 1014], [169, 606, 63, 888, 227, 51, 354, 659, 39, 155, 643, 2, 401, 73, 12, 661, 36, 23, 49, 508, 1004, 1021, 86, 22, 443, 782, 816, 998, 650, 638, 685, 690], [896, 571, 240, 662, 434, 138, 20, 132, 576, 279, 629, 492, 268, 593, 384, 206, 567, 325, 327, 987, 175, 658, 834, 358, 614, 124, 388, 994, 106, 544, 114, 877], [323, 455, 337, 532, 971, 185, 1017, 416, 246, 513, 946, 122, 839, 496, 559, 680, 1002, 718, 337, 845, 684, 989, 898, 44, 905, 553, 458, 221, 895, 916, 670, 40], [870, 748, 178, 112, 250, 943, 183, 620, 595, 47, 342, 525, 989, 707, 108, 173, 157, 549, 711, 90, 581, 566, 988, 51, 53, 32, 572, 660, 916, 40, 42, 800], [987, 96, 608, 985, 461, 166, 157, 778, 959, 52, 12, 52, 352, 245, 20, 440, 822, 545, 136, 117, 678, 35, 849, 35, 365, 330, 387, 351, 417, 163, 331, 843], [526, 409, 910, 1006, 16, 985, 641, 14, 353, 269, 295, 851, 50, 80, 545, 780, 895, 139, 809, 527, 82, 330, 473, 832, 870, 174, 906, 354, 659, 637, 375, 640], [163, 100, 210, 127, 471, 845, 489, 234, 833, 655, 386, 259, 22, 128, 448, 777, 530, 379, 767, 199, 697, 879, 791, 711, 491, 119, 22, 790, 882, 400, 182, 683], [221, 157, 483, 267, 641, 204, 432, 823, 319, 543, 928, 1018, 501, 649, 49, 332, 68, 640, 573, 474, 572, 489, 33, 312, 695, 178, 628, 227, 326, 685, 980, 369], [814, 898, 501, 464, 158, 360, 779, 484, 590, 735, 643, 513, 80, 975, 552, 716, 333, 355, 484, 917, 260, 651, 996, 807, 498, 293, 742, 288, 476, 992, 146, 35], [428, 571, 528, 393, 976, 829, 153, 16, 52, 953, 54, 992, 370, 9, 270, 832, 766, 948, 641, 861, 591, 708, 674, 688, 1007, 702, 154, 49, 876, 227, 170, 256], [784, 446, 703, 398, 936, 620, 211, 907, 597, 674, 959, 156, 339, 605, 126, 684, 136, 249, 14, 209, 169, 595, 585, 365, 311, 930, 227, 12, 725, 562, 560, 457], [540, 25, 170, 924, 27, 80, 204, 273, 444, 775, 318, 154, 986, 70, 757, 881, 639, 784, 943, 375, 939, 669, 931, 787, 363, 899, 154, 558, 329, 576, 461, 649], [307, 719, 354, 876, 652, 970, 960, 772, 63, 164, 798, 584, 414, 666, 624, 28, 544, 236, 321, 781, 823, 1019, 900, 728, 280, 44, 935, 666, 844, 967, 199, 891], [499, 9, 506, 531, 336, 370, 379, 155, 657, 960, 877, 433, 595, 168, 637, 143, 899, 990, 850, 301, 193, 216, 230, 724, 614, 342, 995, 614, 549, 662, 137, 362], [547, 142, 80, 622, 525, 665, 19, 1011, 595, 461, 132, 164, 942, 989, 769, 118, 534, 688, 503, 539, 852, 271, 942, 619, 800, 906, 829, 947, 865, 674, 30, 755], [163, 88, 786, 511, 29, 1002, 14, 786, 880, 203, 994, 829, 1020, 527, 980, 810, 423, 787, 651, 232, 279, 67, 296, 130, 901, 410, 832, 6, 46, 491, 962, 607], [158, 288, 284, 261, 424, 195, 269, 784, 441, 675, 535, 365, 619, 270, 765, 524, 287, 768, 875, 441, 386, 147, 512, 581, 686, 798, 79, 523, 485, 143, 938, 51], [426, 181, 382, 156, 802, 611, 202, 710, 1017, 610, 167, 625, 631, 745, 599, 88, 885, 148, 214, 762, 810, 868, 537, 249, 560, 788, 941, 79, 77, 196, 127, 803], [231, 11, 458, 427, 364, 377, 575, 760, 410, 789, 98, 811, 919, 522, 91, 856, 1023, 903, 471, 196, 839, 399, 416, 622, 131, 592, 802, 128, 709, 751, 142, 496]] enc = [227510606685383183557059443546311359559947627729227291585295252346148724168066165621844521179550182815965186726570779352943727096524282809823132474750822079219624193540090488608541925570767137751518478199127015832994338185392122775316304984177007483632215279398406145253814852275968477360924641914926409613486499854269792859154419133029317765216718373438357354506558677296992506341651558329141230442522075154555613354397979, 284202787706439076090218110622636767540060223899561228911375755714780501110297734591794353795262981520477819808871112689813480213804653808076337135159006533594684199435738688546215778994880545322298900311842837585145496883540798654564778198385162894027067522770149263114747184014902342533848524132339947555965358985670210878096995008947782852351503650395221876501469666957648243827866549576188614920684364061654348008545273, 227450610857303656363981531327378192873015210671184487214405047733279073154879721905741992948225424964353002078094114828069191799245876940223495969793580455200640478544608863154303324176089172405957573379907311591859211448388355319663880511600350671665273986806999015757422884746244058973207272851358765693678146003593458696538689105159373402493741577003841739738253068994894530499955532059992153808914776033538287418154056, 217885252369664157215688284265459070909654399307419948898684067816177079884636882988800236128480061705673725582423992257586160500682075692381150039858426513615026070221112753717185338760912782199459434075078697023543788905457011732918612668301347308023563088847214038100317022065755586978247211031965368466619098123676444859533887188154028171169246961670933365198490031380921418917391639256693364007815261653629215882429802, 265356130189614418724236509433044034706695267657772332760051568359857845902216440800157259032080165710906080389833423102144554526462830434249411029277380004804400572757197500383256953055077000371052458840801255308254059490568607795751384580642660129777539001978173279170127517427985112801699125239427372339891644925400467165148163144098164640906282809196502866615570136296928146741032362207255114981474624666010875933877230, 228237518167879297764230808428386047518840970983978788592879724315819001520111527888910713447140696633280252669234601683988114462964100890616006524746092449050908330809911162093640168070724712735590056990203988400740975014117004157967196192439066185142607078656225498312954105257419501557869196262762826599565979809943382764962892381328714167293705201981595781006382579154213638517126140173248111871135720654244918912368309, 226653018247408759760677188660018879547345955720634929186437700311285243533689472001921982422174175205109338123536282590403451085063974520989628763718126721483488933538207433015136680333908511941826008876452066178791402792532182049013677425361288792888666295414528859524410624882304544335770777843578666365055936302760627989721716920819930164258791477104938594465749812073855950574804010979435918428597314929204659645704811, 262334236078386870356742825706300882754861454370056626836530624661849135710855182686375832323509045730386873827467272916878336505671421474323841301298986958002322295205375388148808542248007491585600263522908903730191329106165614845260691231160393611902203053108106956413947163895695028727035923265377849006551414801002970721185099004468724485190546059271113130970515257267959465403142402122689095015434327425919182798159215, 177618462598234756919793038745108251914020453613733552513875083836099980267661353658709645203832864689469393520758939811856797015857200619600314429084336174163355195096732578895889494481515460792489517955126326084720612357091945741604199817953398958062300663525527226786623483763017431490414512591066606203844248913772886555182146412132902917099445233025169260254509012834114827771351895063389912793930688795189087539524344, 286103621077833029183086469762544477593878189889303607394903924982782539000759445422556520606711021955419069955820013959755912830349352322957014569945654066558881486973634781555447777780933083217110358294834872620181540737778294065129809592741315354092099254941645636377471099508143268118611431613988899008844736965574704363799063447524288306069894242220410310250543329362811756678273187698876854622144364141714138628218378, 266408057497271933933845382599898039252959699550949706389073076108651798561820304006805121774585941520815243245280770918872660545226447842358458559383103278444087604654212837520849540417308021360004323257307741243985376980223315271217664425756440690759027874205559651803761039809679406505088440820410951879938681978845329913439994918747087721921470533005719719503188119671948812029776925903999425251023568774384922252985056, 323045128896915580582823174981743883213571905275649306820469860522866553073571494422492966050463878563309180857331107932978739505531652579843197101237382105781247133492898925636954353087237280884888071806015165771404472829777262545365986089956951304675158980346540984761277029649011699595351784652907456936183647271295156538801733759869717682582589417211538079225104824858513293626703438570060964974017542797673346896031836, 300697462057882014331542228394400736731112264376447499350296767968606261917540094871477189979402374073597838963294408368220311705963069154960386197635054267838901895301182907984644562037140606097813469020497485765778506916339849640700556883616645432127514806627297185385637990495929030968455361252908585125629109721758731191442757478092130818270360883068649989345473432733651740401731503440671508896606249250881291259554888, 218504599841666904611645033730058236298030018312606988116077841207385340859937746188619805103176528008341126166319670530017849608733432942641903509206623051351810995523924519405751376331937667056812288950388134208688384926983229308304043457439282598153631562356797905598746412492238937398590351452270711099860247972645332458105587055138006469500346332821480245692097764088241542625543000728137469140466934301715315074901798, 227654983222847428253745928419044735150545505470683916931341531926531988694726378518349790716204433200128962288836861509239658137849235590447424864749273610330199239199911157416630941500410138635589880070750921137913574710212257432360198582676775112262453056219972420623995815727611933599983618002699020543372137794912086279887273951433944713475848640157522266381045410401134423765904456305088448598227875985407109331605696, 296248140439043002003635353470072309255261455345496812979046628653196052671854887405436627369724347819153647277005466913210756138275544174489572518812495504598615377536497046025628358419474102543343239292453880332715489558284276260653721452123387811904536048284416874208744677558976444812273660685873475838854327046712503221048665163381260757643571284485136295053658449394616892900949951371029846031790557837216098456623842, 225192968430329892944543727383748151178873809423994588383698822510697303609548380649792818859001149380236236780375500044614007762825359842612559123715028371675341393742973012502834456318107932695170972383983841968740671803060118103215932055430216835843744732682509988889598722036874424790659054923424673617853745848134804898125169712936581117773967998722160816715595365998366491497595697668560463576524409360137913314713327, 193810187984880006000238695260501819468944855417807202125463733938522422154146778160557254606956056198720902844989301390364149855531288199201253266789437776219662473213699245507006632807935400686210580321172432601343691721481473236800659841117482011167781618710676801932077701341334921514399126791801781824603766325657253469401703787795211081209613512427485359167535369459968953155548473124480070583604518796461649271416706, 256340877188721363444214423056434514542976030204347146243105817220638427533100648145678330203212942305844925519720306060454001983217948214991827821413928997687829151171306713200999726090811425932670687404195223482156787753879447224302058524296574411398758830417880509805023123989237943120647792615981157716383098975274396147049700679907546176109818046837384495657647469924463053375616357184635113845175152993234135013615461, 230472815737354641633294501578170079587960644250288936024451331176120203231799080554474095216103310636796425599028374672831373755145523179861708011471161098059157741407377050102017824772095485010556928889870297453013128425552622445600735152432323603393176767100620266714208969821260281425571856286279386724713133455236836017740049277883522645950910944958268674783029791488693454307027466633508548643910849714049333723106223, 235759696031589507528189291422912084802991633690199964688618913558554484874590524194777178940697589257362929453778730742318582178028530503386825958755890906073721935519880085785510199023985296424824007858154654888883546392437461316247941931679335288524557627623435391814469436032313016557077933005287817657388411199524892806318937198324508987229640183945118534691798030075593049276411466905895993191277385641553924058817741, 273490268697919478973659765648940825705222207370141610875154512097577513120807635588519356344456742801813272912472416474141729928159668431580794501625531597776771754946434302995077608452451064721613094362758973375778795474256362721560243774086710625152057904761069009002343987726408243208354339628749473190303238271726155655137481875149956780818505951009687685491156239236043055976398348306089577855443955718760649231484436, 269159630617047966530543700909862079622033212880489659269181871845113909848424957734520496190684498172928922295486645058653582139389631552750363048939460635497406443655925696050350232475414033642082868951317377690424788583915620794484257594551814151014122230718888560616998089383451689610401926692742913473064910133196468023532836232355023603469755390130883568089725081032904266862109675962110830157564993881060784588344721, 242036318069032200086085377053500774107669970618448263752180145780176272350331581937432366791617969666515443044825842711949068191924748256363594863112346098974618208154855273158716107323311046807981997109797555864478857409682880676077285875418447158661525058225693513040224327784402878875629994572059841556782921202365373350641787053670719192641953372831401060564045737851658436255609845784614305941183670612634024945940744, 264247952226103996297452269119473359928737785002862679616993756457299768374748986960665584438834165782015381435992529642210209413211288736960159555016204163089772504634689964418261642570406533352367032966817527391228680119859687308300418745912844840698582896872410906580920053219897051967117657899438959033454570208794332839754153812778896205072723421807701431337000747575267862210847828018764252994210891852752251547805523, 299658569868361683299863994518333729363625941279140260829396717571931429517670666886983222281782261158031748500813478173035299914569080079583765983802824368893022526348870643198625123848850802928229105886783995726110451037673131713125487275815053562019301747216431390344239701683696340027438685263002059031208673480284225704061168787899456252446969941181043200025840150681675695537776692233093278822516207477471041914208357, 246825240666240608154019123979679194704874782748009364080109561651253995535241183857594824619112211789923158001912413195862012030364429173854065476684228950723070994468964968624298166448761549488605427704135921776978456299779900056392215074050476219917188573170081706456289916294121930433943967956431985531444546262291620933230366381084947231876583600407584450581219535996320751485619996358835327353133679717469630384977948, 290230534183548521227388526456818567465261727612748680798882246607022513644126451401120817676234566010732484550933533934794817864660428608803904878985348120219227444172288478009763719044547080629545898050299428943330083428793995206718267773029279121337479475345286492132456678631612413894970093304433849597991299089321603275430346879506489031567702464185893204866606383975973456865895754429378429674755966949529442425137273, 261375969353269334476947121027066442608574050856756847054730904603457637972750622521928562180538593045826724666240044391882658251928948283319181673420496671883745299864497179583222673115655038339353472726943520713110009936012713876690520390606920791435259135688478348085458160219948776420015688705156257063408503060358166727182632646183679704042697148857316622775661621889848964989888495609225236255922228320673197582831848, 232227258855376147794159106471828131373730234529980986226065051280464909858787113275327186103873047296592229731870408761562670933025757476032188339074055986763143913252532282476732323178385109592107274058494330484193184427792228191346369039501175443250808361956150064857716773069933741570808494924325616699848188418413629783385158716356036428032791580000787964771478695805238020992122317652264751149704219026998617894913223, 250188535783304914477281529805820269439870530513171881864762433857136291941940186050812426625472906610275376154503157328827489804191572054351989517496235522209263000780520378320373155850745224099269436528665364419164547962374403835691906495116643025474170311424935592905383372313500455326293066023551352179058905753294260094362822929887492789771253494232712173229412599261032472856908345442600446845779980094921223936684483, 257817556568896521727746403402280111505028510165058489570852734144162295821080462325123491766236012151948538460211491763577164113807195009107631457559042705560586690710190297432537516343739548608432517793832802935157246712686193623510018321880452188843566392686045346720018796654889743340519971559863996035411450217157249216813049690243305343718544353134576700613259764600361066080606139275262275027050219544763006369556001] base = Matrix(base) base = base.T ** 100 enc = Matrix(enc) flag = base.solve_left(enc) flag = np.matrix(flag) flag = flag.tolist() plaintext = b"" for i in flag[0]: plaintext += long_to_bytes(i) print(plaintext) ``` Tham khảo: [S1gm4](https://hackmd.io/@S1gm4) ### Flag ``` W1{m4tr1x_1s_r3ally_c00l_r1ght?} ``` ## 3. Xorpher > More xor for more ex-or! ### Attachments: - Xorpher.py ```python from random import randint from string import ascii_letters,digits table = ascii_letters+digits with open('message.txt') as flag: flag = flag.read() key = bytearray([randint(0,256) for _ in range(4)]) key = (key + key[::-1])[::-1] ciphertext = "".join(str(hex(key[i%len(key)]^ord(flag[i]))[2:].zfill(2)) if flag[i] in table else flag[i] for i in range(len(flag))) with open('ciphertext.txt','w') as enc: enc.write(ciphertext) ``` - ciphertext.txt ``` 082f26 4e0c15 333726647737282e 2e30 733b332e392a267a6f 2433312a2c78 2234 3d 20797b332832392937 7f2d 31333526 752c2a2c30223b 752a3734393530. 013e 353330737a25, 29342a7871 26 3f282d6562222928 352666732233353220 7d733a, 3d 307f7b332b39 1f0c44 202e2c342231 752229 28352a607f222b3025 2173 21353337222d 63302e323b 25647332323932243a 772d263025342a65. 0e3a 332b73 20283228222d62 2c21 3d293a 7b26342f3d2026 752229 3e22 716326342f3923 7964 2828342231617f3022 37292c6178 33343929 627e26 37393e 75772d 3e39 3173602626303923. 5f3734 2c352a7b77313e 3122317f62 2e2f 332b7762 2e28 2e30 652a2a2c3022 6279 2e312c2b267b732d33, 262d72 372f3d28 377e73 1f130e 2c667331262835282d 7f30 3f332a3363622233353329227a7a3a 3532223b66732d34352a22. 57 343531372f73 31222c3926377f7824 041315 (7f.22. 32307f7824 283422 65772e22 37223a 702c35 242831 7933222e3d332a7978 2832 332b73 342f333022 72773726) 242a667e2635 3534 627e2635393a283173 30283139332a7b7330 292f2227 702c35 342e277f7824 3532212c647b2233353329 7f78 243d2f2230 612b222e39 2d79 33262e282e20637a2235 2f222063642a3325 2e30 6426362935352672. 133439 1b5944 24352c2f2664 2a34 3321377378 322f3923 7f78 2433313736627331 313d2b34776426 2833 2e777d26 2e393126646526 3932202a78732635353220 7b793122 382e25707f20323028. 427e26 3a302624 7f30 0b6d{3b2664_762f_24737b7b7329_6d29_75647437286c} ``` ### Solution Ta thấy rằng key được sinh ra bằng cách random 4 ký tự đầu tiên và sau đó cộng thêm xâu nghịch đảo của chính nó Xâu được mã hoá bằng cách: - Nếu ký tự của xâu không phải là số hoặc chữ thì giữ nguyên - Còn nếu là số hoặc chữ thì sẽ xor với key Khi nhìn vào ciphertext ta thấy đoạn ``` 3a302624 7f30 0b6d{3b2664_762f_24737b7b7329_6d29_75647437286c} ``` rất khả nghi. Có thể đây là "flag is W1{....}" Và sau khi đếm độ dài của xâu trên Thì ta thấy được rằng xâu trên sẽ xor với key bắt đầu từ chữ "lag is ..." Vậy nên ta sẽ dựa vào đó để tìm key Rồi sau đó xor ciphertext với key tìm được ```python from string import ascii_letters, digits table = ascii_letters + digits def descryption(ciphertext, key): plaintext = '' cnt = 0 tmp = '' for i in range(len(ciphertext)): if ciphertext[i] not in table: plaintext += ciphertext[i] cnt += 1 else: if len(tmp) < 2: tmp += ciphertext[i] if len(tmp) == 2: plaintext += chr(int(tmp, 16) ^ key[cnt % 8]) tmp = '' cnt += 1 return plaintext key = [] key.append(int('30', 16) ^ ord('l')) key.append(int('26', 16) ^ ord('a')) key.append(int('24', 16) ^ ord('g')) key.append(int('7f', 16) ^ ord('i')) key = (key + key[::-1])[::-1] key = bytearray(key) print(descryption("302624 7f30 0b6d{3b2664_762f_24737b7b7329_6d29_75647437286c}", key)) ``` ### Flag ``` W1{x0r_1s_c0mm0n_1n_cr7pt0} ``` ## 4. QuipQuip > That's cute, right?? ### Attachments: - chall.py ```python import string import secrets # Hidden file from message import message message = message.lower() for i in message: if ord(i) not in range(97,123): message = message.replace(i, "") alphabet = string.ascii_letters key = [] while True: if len(key) == 26: break char = "".join(alphabet[secrets.randbelow(len(alphabet))] for _ in range(3)) if char not in key: key.append(char) alphabet = string.ascii_lowercase dic = {term : char for term, char in zip(alphabet, key)} cipher = "" for i in message.lower(): if i in alphabet: cipher += dic[i] else: cipher += i print(f"{cipher = }") # cipher = 'ZJjczesjQzxwcdAeyuTDNymWaDIzxwoePeyudmmcdAoePPWSxCeoskPWSTDNZJjTDNxCeTDNZJjymWczesjQZJjeyudmmgDfzxwZJjPWSoePjyLgDfTDNdmmymWHMFymWykbgDfczesjQzxwcdAeyuTDNZJjczeaDIZJjczeNLZdmmZJjsjQdmmxCeczeZJjTDNPWSymWykbeyuNpYoePZJjczeTDNgDfgrNTDNoePzxwgDfzxwgDfeyuNpYoePsjQgDfHMFNLZZJjTDNdmmTDNdmmgDfsjQZJjeyudmmgDfzxwTDNgDfgrNTDNZJjczeoePHMFgDfykbZJjczegDfHMFjyLoePczeczegDfzxwNLZZJjTDNdmmTDNdmmgDfdmmgDfNpYeyuymWykboePDJrgDfcdATDNdmmgDfxCeczeZJjTDNPWSjyLoePcdAoskgDfPWSZJjczeaDINpYgDfNpYgDfTDNTDNgDfzxwPWSTDNdmmgDfjyLymWPWSTDNsjQymWjyLjyLymWczeeyuoePZJjzxwPWSymWykbNpYgDfTDNTDNgDfzxwPWSTDNzxwZJjeyuNpYgDfTDNPWSymWykbNpYgDfTDNTDNgDfzxwPWSjyLZJjgrNTDNxCezxwgDfPWSymWykbTDNdmmgDfoePoskymWpcAgDfoePczeHMFPWSymWykbymWzxwTDNdmmTDNdmmgDfzxwgDfsjQgDfZJjpcAgDfzxwHMFgDfsjQZJjeyudmmgDfzxwPWSTDNdmmgDfTDNgDfgrNTDNoskcdAeyugDfzxwykbymWzxwjyLZJjczeaDITDNdmmgDfZJjczepcAgDfzxwPWSgDfPWSxCeoskPWSTDNZJjTDNxCeTDNZJjymWczeeyuzxwymWsjQgDfPWSPWSTDNymWgDfgrNTDNzxwoePsjQTDNTDNdmmgDfymWzxwZJjaDIZJjczeoePNpYjyLgDfPWSPWSoePaDIgDfTDNdmmgDfykbNpYoePaDIZJjPWSgDfpcAgDfzxwcdATDNdmmZJjczeaDIoePykbTDNgDfzxwTDNdmmZJjPWSTDNgDfzxwoePTDNymWPWSoePxCezxwxCePWS' ``` ### Solution Ta thấy đầu tiên code sẽ tạo ra 26 cặp 3 ký tự bất kỳ Sau đó sẽ mã hoá xâu đã cho tương ứng với các cặp 3 ký tự đó Đầu tiên ta sẽ tìm các cặp 3 ký tự trong ciphertext Sau đó ta sẽ đổi cặp ký tự đó thành 1 ký tự trong bảng chữ cái ```python import string alphabet = string.ascii_letters cipher = 'ZJjczesjQzxwcdAeyuTDNymWaDIzxwoePeyudmmcdAoePPWSxCeoskPWSTDNZJjTDNxCeTDNZJjymWczesjQZJjeyudmmgDfzxwZJjPWSoePjyLgDfTDNdmmymWHMFymWykbgDfczesjQzxwcdAeyuTDNZJjczeaDIZJjczeNLZdmmZJjsjQdmmxCeczeZJjTDNPWSymWykbeyuNpYoePZJjczeTDNgDfgrNTDNoePzxwgDfzxwgDfeyuNpYoePsjQgDfHMFNLZZJjTDNdmmTDNdmmgDfsjQZJjeyudmmgDfzxwTDNgDfgrNTDNZJjczeoePHMFgDfykbZJjczegDfHMFjyLoePczeczegDfzxwNLZZJjTDNdmmTDNdmmgDfdmmgDfNpYeyuymWykboePDJrgDfcdATDNdmmgDfxCeczeZJjTDNPWSjyLoePcdAoskgDfPWSZJjczeaDINpYgDfNpYgDfTDNTDNgDfzxwPWSTDNdmmgDfjyLymWPWSTDNsjQymWjyLjyLymWczeeyuoePZJjzxwPWSymWykbNpYgDfTDNTDNgDfzxwPWSTDNzxwZJjeyuNpYgDfTDNPWSymWykbNpYgDfTDNTDNgDfzxwPWSjyLZJjgrNTDNxCezxwgDfPWSymWykbTDNdmmgDfoePoskymWpcAgDfoePczeHMFPWSymWykbymWzxwTDNdmmTDNdmmgDfzxwgDfsjQgDfZJjpcAgDfzxwHMFgDfsjQZJjeyudmmgDfzxwPWSTDNdmmgDfTDNgDfgrNTDNoskcdAeyugDfzxwykbymWzxwjyLZJjczeaDITDNdmmgDfZJjczepcAgDfzxwPWSgDfPWSxCeoskPWSTDNZJjTDNxCeTDNZJjymWczeeyuzxwymWsjQgDfPWSPWSTDNymWgDfgrNTDNzxwoePsjQTDNTDNdmmgDfymWzxwZJjaDIZJjczeoePNpYjyLgDfPWSPWSoePaDIgDfTDNdmmgDfykbNpYoePaDIZJjPWSgDfpcAgDfzxwcdATDNdmmZJjczeaDIoePykbTDNgDfzxwTDNdmmZJjPWSTDNgDfzxwoePTDNymWPWSoePxCezxwxCePWS' key = [] tmp = "" plaintext = "" cnt = 0 for i in cipher: if len(tmp) < 3: tmp += i if len(tmp) == 3: if tmp not in key: key.append(tmp) tmp = "" cnt += 1 tmp = "" for i in cipher: if len(tmp) < 3: tmp += i if len(tmp) == 3: plaintext += chr(key.index(tmp) + 97) tmp = "" print(plaintext) ``` ``` abcdefghidjfkejlmnlgagmgahbcafkodaljpogkhqhrobcdefgabiabskackmbaglhrftjabgougjdodoftjcoqsagkgkocafkodgougabjqoraboqpjbbodsagkgkokotfhrjvoegkombaglpjenolabitotoggodlgkophlgchpphbfjadlhrtoggodlgdaftoglhrtoggodlpaugmdolhrgkojnhwojbqlhrhdgkgkodocoawodqocafkodlgkogougnefodrhdpabigkoabwodlolmnlgagmgahbfdhcollghougdjcggkohdaiabjtpolljiogkortjialowodegkabijrgodgkalgodjghljmdml ``` Tiếp đến ta lên web [quipquip.com](https://quipqiup.com/) để solve  ### Flag ``` W1{teratosaurus} ``` ## 5. ASR > Vào tiết học thứ 3 môn crypto của lớp ATTN20xx, thầy T đã giới thiệu cho cả lớp về 1 hệ mã tuy mới mà cũ mang tên ASR và giao bài tập về nhà. Tuy nhiên, vốn là 1 con lười bẩm sinh, bạn H đã quyết định lên mạng và tìm kiếm sự trợ giúp. Vì thế, các bạn hãy trợ giúp bạn H trong quá trình giải bài tập về nhà khó nhằn mà thầy T đã giao nhé. ### Attachments: - chall.py ```python from Crypto.Util.number import * from secret import flag, gen_safe_prime def gen_pub_key(prime, difficulty): #Apparently it will be so easy if the modulus is a prime power so imma change it to composite >:) p = prime-1 return p**difficulty BITS = 1024 e = gen_safe_prime(BITS) #credit to my super secure prime generation algorithm n = gen_pub_key(e, 3) c = pow(e, flag, n) print(f"{n = }") print(f"{e = }") print(f"{c = }") """ n = 9626912030792174837089280258600102740074144565313609606856956447057292779760707486627439638031093898990359642579611801405976623349846447818354157911542406757178599107040847977879312092464037129719361539094583081643357907227250023310497470562651187174411256422894281517811682729191241141797862452302734157208894850120830774047887099622082036102101344195960471265155472900400161582226293806547521104323716214780313931496782479659929046188019980280886144855942348737152435792403865442462858560013668776243793183442302112720510259225740921966440786154573056415759976657141060588068779877664201690594106348006004654643492524995296530321997319269464291899585873947032984194667679929953742382649595617645473317569811490649341196703964294962656746219906291929144447944304463077353788213169461273798377058867184491126881846240770702771063896701868026005619983810052696252492896946768866511659524299059937779630525251707259037171312232 e = 212730127851272469598164524775254842917085564506368105794827052954967711862616952670426149110511386835842600684124719661140008505076412114619966237126102296510748842334414280131533533748048613866538037089578702536019693871135293320231491614582238717425627700779733348523273997375657274362175801227064022666219 c = 2306491750678864267321670404655622235699701190732922071734855944947067225444098611132475216598648012618954183627035527625981975714037956389745244131776123611601273827028740891300134473540377593798686736004577855876744131929409065637981469626958302527783283082829190311942693426367708128098887636048271252795058327800884368566009935696146959018798725163585284608759688125143304490409202502889585890995939122882495885388630679916494369239681571705087175099808753171161099525462602565304803714978355572028436998439262102409729076110593935485452145563593542450924849024171568070666431651350412419976455007653996132833205707677221718228579545152592360506378450040265204372393058466906835080727478402765911666587345248615812548476992324057249863566893229035932307974908845710699931 """ ``` ### Solution Ở đây ta có 2 điều cần chú ý: - Đầu tiên là flag được mã hoá theo dạng $e^{flag} \bmod n = c$ - $e$ là một `Safe Prime` nên $e$ sẽ có dạng $e = 2p + 1$ với $p$ là số nguyên tố và $n = (e - 1)^3$ Vì vậy ta có thể viết lại biểu thức dưới dạng: $(2p + 1)^{flag} \equiv c \ (\bmod (2p)^3)$ Đặt $2p = x$ thì ta có: $(x + 1)^{flag} \equiv c \ (\bmod x^3)$ Nhìn $(x + 1)^{flag}$ Ta nghĩ ngay đến nhị thức Newton Và với số $\bmod$ là $x^3$ biểu thức trên sẽ bằng $C_{flag}^{flag - 2} * x^2 + C_{flag}^{flag - 1} * x + 1 = c$ $\rightarrow C_{flag}^{2} * x^2 + C_{flag}^{1} * x + 1 = c$ $\rightarrow \frac{flag * (flag - 1)}{2} * x^2 + flag * x + 1 = c$ $\rightarrow x^2 * {flag}^2 - (x^2 - 2x) * flag + 2 - 2c = 0$ Đến đây ta chỉ cần giải phương trình để tìm flag ```python from Crypto.Util.number import long_to_bytes from gmpy2 import iroot n = 9626912030792174837089280258600102740074144565313609606856956447057292779760707486627439638031093898990359642579611801405976623349846447818354157911542406757178599107040847977879312092464037129719361539094583081643357907227250023310497470562651187174411256422894281517811682729191241141797862452302734157208894850120830774047887099622082036102101344195960471265155472900400161582226293806547521104323716214780313931496782479659929046188019980280886144855942348737152435792403865442462858560013668776243793183442302112720510259225740921966440786154573056415759976657141060588068779877664201690594106348006004654643492524995296530321997319269464291899585873947032984194667679929953742382649595617645473317569811490649341196703964294962656746219906291929144447944304463077353788213169461273798377058867184491126881846240770702771063896701868026005619983810052696252492896946768866511659524299059937779630525251707259037171312232 e = 212730127851272469598164524775254842917085564506368105794827052954967711862616952670426149110511386835842600684124719661140008505076412114619966237126102296510748842334414280131533533748048613866538037089578702536019693871135293320231491614582238717425627700779733348523273997375657274362175801227064022666219 c = 2306491750678864267321670404655622235699701190732922071734855944947067225444098611132475216598648012618954183627035527625981975714037956389745244131776123611601273827028740891300134473540377593798686736004577855876744131929409065637981469626958302527783283082829190311942693426367708128098887636048271252795058327800884368566009935696146959018798725163585284608759688125143304490409202502889585890995939122882495885388630679916494369239681571705087175099808753171161099525462602565304803714978355572028436998439262102409729076110593935485452145563593542450924849024171568070666431651350412419976455007653996132833205707677221718228579545152592360506378450040265204372393058466906835080727478402765911666587345248615812548476992324057249863566893229035932307974908845710699931 x = e - 1 # x^2 * f^2 - (x^2 - 2x) * f + 2 - 2c = 0 delta = (x * x - 2 * x) * (x * x - 2 * x) - 4 * x * x * (2 - 2 * c) f = (x * x - 2 * x + iroot(delta, 2)[0]) // (2 * x * x) print(long_to_bytes(f)) ``` ### Flag ``` W1{b4n_H_R4t_vU1_V1_du0c_Di3m_10} ``` ## 6. CSR > Ngày nảy ngày nay, ai cũng biết đến danh bạn D như một ông trùm 4n6. Tuy nhiên, bạn D lại vô cùng tham vọng, bạn muốn trở thành ông trùm của mọi mảng và bạn quyết định chọn mảng crypto đầu tiên. Sau khi đã tìm hiểu kĩ lưỡng về mật mã Caesar, bạn D đã sáng tạo nên một biến thể của nó mang tên CSR. Bạn D đã đưa bài này lên mạng để test trình độ của những người chơi crypto khác. Theo bạn, liệu bạn D có đủ trình độ để đá chén cơm của những người chơi crypto lúc bấy giờ hay không? ### Attachments: - chall.py ```python import string import random flag = "W1{s0m3_r3ad4ble_5tr1ng_like_7his}" # Test flag alphabet = string.ascii_letters + string.digits + "!{_}?" assert all(i in alphabet for i in flag) for i in range(3): k = random.randint(0, len(alphabet)) alphabet = alphabet[:k] + alphabet[k+1:] key = random.randint(0, 2**256) ct = "" for i in flag: ct += (alphabet[(alphabet.index(i) + key) % len(alphabet)]) print(f"{ct=}") """ ct = 'RV5tUp6{?Zo6Ht6xvY0ZM6{p26CiR44947' """ ``` ### Solution Ta thấy đây là một bài Substitution Cipher với alphabet bị thiếu mất 3 ký tự Mặc dù key lớn nhưng mà sau khi $\bmod$ cho độ dài xâu alphabet thì ta chỉ cần bruteForce Tiếp đến ta chỉ cần bruteForce 3 vị trí cần xoá và descrypt dựa trên alphabet mới đó ```python import string from tqdm import tqdm alphabet = string.ascii_letters + string.digits + "!{_}?" ct = "RV5tUp6{?Zo6Ht6xvY0ZM6{p26CiR44947" pltArr = [] for key in tqdm(range(len(alphabet))): for i in range(0, len(alphabet)): for j in range(0, len(alphabet)): for k in range(0, len(alphabet)): alphabet = string.ascii_letters + string.digits + "!{_}?" alphabet = alphabet[:i] + alphabet[i + 1:] alphabet = alphabet[:j] + alphabet[j + 1:] alphabet = alphabet[:k] + alphabet[k + 1:] try: all(i in alphabet for i in ct) plaintext = '' for m in ct: plaintext += alphabet[(alphabet.index(m) - key) % len(alphabet)] pltArr.append(plaintext) # print(key) except: pass for i in pltArr: if "W1{" in i: print(i) ``` Sau khi chạy xong code ta sẽ thấy rất nhiều flag Đến đây thì ta chỉ cần chút may mắn và kiên nhẫn để tìm được flag đúng =)) ### Flag ``` W1{y0u_be4t_My_CA354R_bu7_HoW!!?!} ``` ## 7. Shorty > Shorty: Break this line ### Attachments: - Code: ```python print("Encrypted message: ", pow(int(input("Your message in integer: ")), int.from_bytes(open("e", "rb").read(), byteorder="big"), int.from_bytes(open("flag", "rb").read(), byteorder="big"))) ``` - Connection Info: 45.122.249.68 20019 ### Solution Dựa vào đoạn code ta thấy được flag được mã hoá theo kiểu: ${m}^e \bmod flag = c$ Thật may mắn khi e là số lẻ Vì vậy nên $(-1)^e = -1$ Mà $(-1) \bmod flag = flag - 1$ Vậy nên ta chỉ cần nhập -1 vào thì sẽ ra flag  ```python from Crypto.Util.number import long_to_bytes print(long_to_bytes(52422951528134523511291931281485341189516551950932588573966702479602214259329259267065013615493691353216729424252 + 1)) ``` #### (Sau giải) Nếu như bài này chặn số âm thì còn một cách khác Áp dụng [Homomorphic Encryption](https://en.wikipedia.org/wiki/Homomorphic_encryption#Partially_homomorphic_cryptosystems) vào RSA ta có được  Vì vậy khi ta cho nhập lần lượt $m_1$ và $m_2 = m_1^2$ thì ta sẽ có được $c_2 \equiv c_1^2 \ (mod \ flag)$ Và khi đó ta cũng sẽ có $c_1^2 - c_2 \ \vdots \ flag$ Đến đây ta chỉ cần cho nhiều cặp $m_1$ và $m_2$ rồi tìm ước chung giữa các giá trị $c_1^2 - c_2$       ```python from Crypto.Util.number import long_to_bytes import math c1 = 34588380977318405526290523071336342731862813323984745666138240262860330876510628182089522429973363823128876997005 c2 = 15625718151292696475045921616920670280505726055335288085655591062899079823225573327330752419259557860313687574059 c3 = 38495511596629025499946708978588020059760376581371743943869521949972113695472047173297154537967816039535507250585 c4 = 19396844291668400393554078620640362452269122133802101271756709026351373623290275306466449805213971927078711572359 c5 = 27930353550712738859799874626602659235509910442502298942190411758249181856410914469382537463829672932634214184797 c6 = 1563896233180680352615808035147707755312145279274736439950394129811141608028524986817201696699619734425677344278 print(long_to_bytes(math.gcd(c1 ** 2 - c2, c5 ** 2 - c6, c3 ** 2 - c4))) ``` ### Flag ``` W1{so_happy_that_I_can_create_one_line_crypto!} ``` ## 8. Multi-RSA > The more encryptions, the safer it is ?? ### Attachments: - multiRSA.py ```python from Crypto.Util.number import long_to_bytes, getPrime from flag import flag p = getPrime(512) q = getPrime(512) e = 0x10001 n = p*q print(f"{n=}") out = open("cipher.txt", "w") for i in flag: out.write(str(pow(i,e,n))+'\n') # n=137011087466687507043856080810007427676937372756720323313836337110015956311054965751021707260815779836225195061060567426076623047184467073381300274273736204725459186831416986630039134760936272393597299287460953675802510481111090704695373863158640914763202192071078887569535605405964001133848039027030595079721 ``` - cipher.txt ``` 65918322879346416600345832047745202046876396664802017451366213606826954989078448564690241238685775973165093620764888119539966864907876794219384381937815202751119406662962985687766423487484137405583642740596908948601805289488132624000378049378017514836500513605295781237996364376261731149737474188736611207491 67380237638238043084510354097114727752119188081310523520280893613834632764023083950993136591812696197098388055011933401342658691083461983471844809068116162838347415256777371390017970528736010705939399255038742452752683132902020349488396038345229498824573260121398223933547806109238642068798635308621828538127 29073410665406678202849872375854692259785081514146395708295603687292734662782444030983819209133494182173384739493051868386896156972489292109081316025150331970889588322578045743091674467692265397611970988388745216338909267915237691132880177245409564627740583016828001007765125794571933812252067450950266550470 49862304814428571511079586237062586867884753725241189074812319378101321598687272968636907483083297693439605084371840803717291778997883610801185541732906650011682693977108499249269454024984619646457640578696291445172164196419052116074927848364509700746477732741202558508374879376968556891380447119048376370530 76353585669934784387045995928925626939218957635681447830824568472356451739214190133061315320867185480430707264142381983556821653088656464921518940757207780526246410785652415911947580336290872375910276189912290271113874328270033086118282709101613975271373061107503667741653335484943189441923670263514566809060 27065502174743257855933593700812864473979845536609600513256488254175742935322042455457999884857608053300116266258763300486328629697328057416107972520641263186087156849610172321321998229028950771796794650121643753497236344799948321630732348889213857412824382589039916043276462523690735488311605870955135849421 75011933524609869148167542958805386695965674948761056650350763462235115742889755477612927859033970345549670974045367825307142953097025680172688287739963981871661775521643347605979522156709594565813577894267468537435833453410647872718783147033907179965086017336582013159600456444118208503837884027810532083223 57704856336645565527940298876394506411675260101927427860983569189325021424136297500716473461338741139610562985271379292687582284304691306725703853756079211974458241333431974178525621748880711325790724244932206980041673355427179137169843022593314558684966452748660325497999336072439425663635884756768488012343 85150635655694856877782206375048006140370368436556616206523102349493968237942557767939401943311514560282482481915669251909918832446967962160523662498698761486327635566650687808886285817209080273624751199473811018825151347132890186307990325047509195268844561801164654428827830640930410715323305237254690016958 109383434968693235621383172234588139992037808427471013055254192945435292309238595318216036479645554614578622929596254960495173697123359937115069829629287738617511354322362225302286929900674682353975669765479320917785325179397630264506826609764405737809803995808746325096133648008838318035930742471413696555335 80170087859941085032824569807445630889266737557387221768204640891233537094518697147872941604763518743550146728749014342867177248850377914592912095595337533772660882256692059187639120107679695907161074068820652243349410226470216474667459370304030035091917533476897446650363238052538003866444302815800668587637 76353585669934784387045995928925626939218957635681447830824568472356451739214190133061315320867185480430707264142381983556821653088656464921518940757207780526246410785652415911947580336290872375910276189912290271113874328270033086118282709101613975271373061107503667741653335484943189441923670263514566809060 105292595966436596297510894189493869704955903211895305922213061175690112857317523340565010413936445347934446599561394485544534991067186551589646138521369611610178308740129225051339259969634528214335024797900735851963324434986150951389695314203909160323182720618677688254169508548159773465374729894636089057027 57704856336645565527940298876394506411675260101927427860983569189325021424136297500716473461338741139610562985271379292687582284304691306725703853756079211974458241333431974178525621748880711325790724244932206980041673355427179137169843022593314558684966452748660325497999336072439425663635884756768488012343 83223737363747724154868610396470767209715468638342122473408394473375459661617280123549811538930718231683956285345985855559420759834413875769207749000282750140935598511287093244805767464342310813880823002551138888979476878384927482381959280027393533618432161433294410874161177698091074719513804287108070062613 105292595966436596297510894189493869704955903211895305922213061175690112857317523340565010413936445347934446599561394485544534991067186551589646138521369611610178308740129225051339259969634528214335024797900735851963324434986150951389695314203909160323182720618677688254169508548159773465374729894636089057027 48854372518320907941355413556282389232673519992768413182397463803250519682715689769358208506522417617201369825851266613103198689925160259759393983269219345030854946340820353647806139459612662821234101048890682324370324754655859036038842112947075939687751904432474661328883432845643812036009833874895661920981 54952609283853777104207208926145443997911414541650039814603005009627172626538606306904581800102810237791473339901272853421968952849295766811096326571310375225506820700622851977806114139998953330339659098017843596114579383937843741294725875633974194304520104881516037141802450890354507379596725668820973060914 83223737363747724154868610396470767209715468638342122473408394473375459661617280123549811538930718231683956285345985855559420759834413875769207749000282750140935598511287093244805767464342310813880823002551138888979476878384927482381959280027393533618432161433294410874161177698091074719513804287108070062613 45637071587007441576378554782731887265664186394492931343103872085672556971651792315748481579841123734614459202501939576626491012729672342546635838068544606744412672142719483311781459604409635442811858025200784293617543402118115952928436857312161776117650984472205600249667842528748976133183252843909440329790 80170087859941085032824569807445630889266737557387221768204640891233537094518697147872941604763518743550146728749014342867177248850377914592912095595337533772660882256692059187639120107679695907161074068820652243349410226470216474667459370304030035091917533476897446650363238052538003866444302815800668587637 1553390144346827715623662948115133324185435937346716011429474953887682850376325482345420092488345360664479748178371535644056265578389543463772169017354866446678811173294242535006807724558060291790287641979401048813878640701985540038271409430786469677572821144384226867151876451818946967711466404874241248558 45571903066507776794103432884388768765864350891946705273744000721218358562305644023037622615141463787366115356087709162678599802287224757602589000323567397113935642154823528739761588052626274197458632867204754267463928863870986716384329602183575032571584471255010025454590521162056917776326623016395380168323 121340190351291418556036874256661561520127698021195689371971443507374155638172532502127105563206366409194465631353007759986024835645619799753389113525643846253089437830029869229813249913268435000385764936195972490096003248905063899009515842917737129485104080305821588698362334137883620642220548168712952571669 83223737363747724154868610396470767209715468638342122473408394473375459661617280123549811538930718231683956285345985855559420759834413875769207749000282750140935598511287093244805767464342310813880823002551138888979476878384927482381959280027393533618432161433294410874161177698091074719513804287108070062613 121340190351291418556036874256661561520127698021195689371971443507374155638172532502127105563206366409194465631353007759986024835645619799753389113525643846253089437830029869229813249913268435000385764936195972490096003248905063899009515842917737129485104080305821588698362334137883620642220548168712952571669 45571903066507776794103432884388768765864350891946705273744000721218358562305644023037622615141463787366115356087709162678599802287224757602589000323567397113935642154823528739761588052626274197458632867204754267463928863870986716384329602183575032571584471255010025454590521162056917776326623016395380168323 121340190351291418556036874256661561520127698021195689371971443507374155638172532502127105563206366409194465631353007759986024835645619799753389113525643846253089437830029869229813249913268435000385764936195972490096003248905063899009515842917737129485104080305821588698362334137883620642220548168712952571669 76353585669934784387045995928925626939218957635681447830824568472356451739214190133061315320867185480430707264142381983556821653088656464921518940757207780526246410785652415911947580336290872375910276189912290271113874328270033086118282709101613975271373061107503667741653335484943189441923670263514566809060 68146667389288148485607813994579778257647069525460274704097164811383477825574415884502838844080905187043958465877906203562972029415841399020704549465657421219881619778156679280283173543004792608945030478499323495703508532730555245105363350901182152285945230260871236814158753460108836548676585422250755332273 75011933524609869148167542958805386695965674948761056650350763462235115742889755477612927859033970345549670974045367825307142953097025680172688287739963981871661775521643347605979522156709594565813577894267468537435833453410647872718783147033907179965086017336582013159600456444118208503837884027810532083223 86683297578172245603784177284915238705598278531561208593534597699409964670232700335487417798715948999540406079342613285588175446511783838915578453792437417893252165599062540008130498812411489120647259669174417552076948146256033302451396399478236291481327839459025533802478783470773317077764030896229760947217 67380237638238043084510354097114727752119188081310523520280893613834632764023083950993136591812696197098388055011933401342658691083461983471844809068116162838347415256777371390017970528736010705939399255038742452752683132902020349488396038345229498824573260121398223933547806109238642068798635308621828538127 54952609283853777104207208926145443997911414541650039814603005009627172626538606306904581800102810237791473339901272853421968952849295766811096326571310375225506820700622851977806114139998953330339659098017843596114579383937843741294725875633974194304520104881516037141802450890354507379596725668820973060914 57549677107752912948936130877301503725603352724804165510821658494096122760558985857752483935890098320913813395322770424902429919304473160746148836166027690065427663398556102679871953615201176430995107981694414036799521286557322726207818408786857077519382797504578143994317487441638349437863999509815488355933 85708619858363505998339121167444431398168966687075472054804199829283038156086647306362774672133983414251003603548947262065733975041618889999222901017650339449177610499704641974065348629518541195988263041015902669647853429826618224536528823052495358806313579063067440099582014536903016871180894669840416804886 ``` ### Solution Ta thấy flag được mã hoá lần lượt từng chữ Vậy nên ta chỉ cần bruteforce hết 256 ký tự rồi so sánh với cipher là được ```python n = 137011087466687507043856080810007427676937372756720323313836337110015956311054965751021707260815779836225195061060567426076623047184467073381300274273736204725459186831416986630039134760936272393597299287460953675802510481111090704695373863158640914763202192071078887569535605405964001133848039027030595079721 with open("cipher.txt", "r") as f: c = [int(line.strip()) for line in f.readlines()] e = 65537 plaintext = "" for i in range(len(c)): for j in range(255): if pow(j, e, n) == c[i]: plaintext += chr(j) print(plaintext) ``` ### Flag ``` W1{brut3-f0rc3_c4n_s0lve_everyth1n9} ``` ## 9. Mathy ### Attachments: - mathy.py ```python from Crypto.Util.number import * import random total_round = 50 print(f"Welcome to mathy challenge, you have {total_round} rounds to get the flag") for round in range(50): p = getPrime(512) ans = random.randint(0, p) print(f"Round {round+1}:") print(f"{p = }") print(f"{ans = }") x = int(input(f"Find x such that x^x = {ans} (mod {p}): ")) if pow(x, x, p) == ans: print("Correct!") else: print("Wrong!") exit(0) print("Congrats! Here is your flag: ", open("flag.txt", "r").read()) ``` - Connection Info: 45.122.249.68:20027 ### Solution Trong giải mình có osint ra một [bài viết](https://math.stackexchange.com/questions/3779167/under-what-conditions-is-xx-equiv-c-pmod-p) liên quan đến bài này Theo như định lý Fermat nhỏ: $\begin{cases} x \equiv a \ (mod \ p) \\ x \equiv b \ (mod \ p - 1) \\ \end{cases}$ $\rightarrow x^x \equiv a^b \ (mod \ p)$ với mọi $a \ne 0$ Vì thế nên ta sẽ đặt $a = ans \rightarrow b = 1$ Tiếp đến ta dùng `Chinese Remainder Theorem` để tính được x ```python from Crypto.Util.number import inverse, long_to_bytes from pwn import * def crt(mod, remainders): prod = 1 for m in mod: prod *= m result = 0 for m, r in zip(mod, remainders): p = prod // m result += r * inverse(p, m) * p return result % prod r = remote("45.122.249.68", 20027) for i in range(1, 51): r.recvuntil(bytes(f"Round {i}:\n", "utf-8")) r.recvuntil(bytes("p = ", "utf-8")) p = int(r.recvline().decode().strip()) r.recvuntil(bytes("ans = ", "utf-8")) ans = int(r.recvline().decode().strip()) r.recvuntil(bytes("x such that x^x = ", "utf-8")) r.recvuntil(bytes(" (mod ", "utf-8")) mod = [p - 1, p] rem = [1, ans] r.sendline(str(crt(mod, rem))) r.interactive() ``` ### Flag ``` W1{I_learned_this_trick_from_CryptoHack_discord!https://discord.gg/h9E7cna5pV} ```