20211114 L3HCTF Crypto方向部分WP
作者:互联网
L3HCTF
EzECDSA
太恐怖了吧,这个我task放在本地跑CPU都直接占满???
好多知识要恶补。题目意思比较简单了,ECDSA椭圆曲线签名,而且知道100个nonce的低8位
看la佬的博客上上面有篇链接指向的文章说,泄漏每个nonce的低位就可以攻击ECDSA
看不懂论文,所以只能在github上疯狂搜代码,终于找到了这位师傅的
https://github.com/bitlogik/lattice-attack
这个师傅是通过json传递数据,稍微改一下就好,bitlogik师傅的代码要用sage运行,用到了fpylll,提供LLL,BKZ等矩阵运算
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from hashlib import sha256
from string import ascii_letters, digits
from pwn import *
from itertools import product
from re import findall
table = ascii_letters + digits
# context.log_level = 'debug'
class Solve():
def __init__(self):
# self.sh = remote('127.0.0.1', 23333)
self.sh = remote('121.36.197.254', 9999)
self.pk = (0, 0)
self.dA = 0
self.r, self.s, self.kp, self.hash = [[] for _ in range(4)]
def proof_of_work(self):
# sha256(XXXX+EiHCHlPjoO2PnV2Z) == c4f17d1f76f7f11f75349dcd84f51b6e615aa756271841558ec8dda57e274959
# Give me XXXX:
proof = self.sh.recvuntil(b'Give me XXXX:')
tail = proof[12:28].decode()
_hash = proof[33:97].decode()
for i in product(table, repeat=4):
head = ''.join(i)
t = sha256((head + tail).encode()).hexdigest()
if t == _hash:
self.sh.sendline(head.encode())
break
def solve_param(self):
self.pk = self.sh.recvline().decode()
self.pk = list(map(int, findall(r"\d+", self.pk)))
def solve_flag(self):
self.sh.sendlineafter(b'Give me dA\n', str(self.dA).encode())
flag = self.sh.recvline()
print(flag)
def solve_rskphash(self, _msg):
# r = 52048392139623372592078752615260846843189290463527724311126948642962323725543
# s = 109433217428494848625070143495220795563459361957459040433009455008946372438244
# kp = 4
# hash = 7233656426779106235949203295872203792378863493827336253291317784541539210508
self.sh.sendlineafter(b'Give me your message:\n', _msg)
_r = int(self.sh.recvline().decode()[4:-1])
_s = int(self.sh.recvline().decode()[4:-1])
_kp = int(self.sh.recvline().decode()[4:-1])
_hash = int(self.sh.recvline().decode()[7:-1])
self.r.append(_r), self.s.append(_s), self.kp.append(_kp), self.hash.append(_hash)
def solve(self):
self.proof_of_work()
self.solve_param()
_param = []
for i in range(100):
self.solve_rskphash(b'4XWi11')
_param.append({"r": self.r[i], "s": self.s[i], "kp": self.kp[i], "hash": self.hash[i]})
print(_param)
print(self.pk)
self.sh.interactive()
if __name__ == '__main__':
solution = Solve()
solution.solve()
然后把得到的两个列表丢进去,手动交互一下
干出这道直接冲到第九
p0o0w
什么玩意就又Crypto手开始逆向了
标签:20211114,hash,L3HCTF,self,Crypto,decode,sh,solve,kp 来源: https://blog.csdn.net/m0_49109277/article/details/121350267