WHUCTF2025暑假新生赛(三)

WHUCTF2025暑假新生赛

CRYPTO

（）（）启动！

啊啊啊，原神启动！附件如下：

多么熟悉的原神字体，这不是我们枫丹语吗？枫丹·文字，对照表翻译得到flag
(想起了某些快乐的回忆)

秒速五厘米

附件如下：

结合题目，栅栏密码，key是5，找个栅栏密码在线解密得到flag，随波逐流也行
秒速五厘米？
flag什么？？？

第一个（？）脚本

附件如下：

RSA求d，初识rsa了，py代码如下：

点击查看代码

#sage10.6
from sage.all import *
p = 3487583947589437589237958723892346254777
q = 8767867843568934765983476584376578389
e = 65537
#d=?
phi = (p-1)*(q-1)
d = inverse_mod(e, phi)
print(d)

就乘了十七（）

附件C代码如下：

点击查看代码

#include <stdio.h>
#include <string.h>
int main()
{unsigned char flag[] = "whuctf{?????????????????}";int i;for (i = 0; i < 25; i++){flag[i] = flag[i] * 17;}if (flag[0] != 231){ /* 下标是从 0 开始的 */printf("CPU Error???\n");return 1;}/*** 比如119 * 17 = 2023* 如果在内存中保存 2023，会是 00000111 11100111* 但是 unsigned char 决定了只能存 8 位，CPU 硬件会自动取低 8 位，即 11100111* 11100111 即 231，所以 119 * 17 = 231** 注意到 8 个 0 或 1 有 256 种可能，即 0~255* 且取低 8 位即取模（取余数）256* 你可以验证：2023 除以 256 商为 7 余数为 231*/return 0;//flag[] = {231, 232, 197, 147, 180, 198, 43, 231, 99, 44, 147, 48, 61, 99, 79, 148, 95, 79, 115, 146, 9, 112, 180, 48, 77}
}

很简单了，不过我是用python写的解题脚本：

点击查看代码

flag = [231, 232, 197, 147, 180, 198, 43, 231, 99, 44, 147, 48, 61, 99, 79, 148, 95, 79, 115, 146, 9, 112, 180, 48, 77]
FLAG = []
for i in range(0, len(flag)):k = 0while 1:k += 1if (256*k+flag[i])/17 == (256*k+flag[i])//17 :FLAG.append(chr((256*k+flag[i])//17))break
FLAG = ''.join(FLAG)
print(FLAG)

ezRSA

题目附件源码：

点击查看代码

from Crypto.Util.number import bytes_to_long, getPrime
from random import randint
from gmpy2 import invert,gcd
from secret import flagm = bytes_to_long(flag)def KeyGen():Factor_BitLength = 120q = getPrime(Factor_BitLength)p = getPrime(Factor_BitLength)N = p * qphi = (p-1) * (q-1)while True:e = randint(1,phi)if gcd(e,phi) == 1:breakPub_Key = (N,e)return Pub_KeyPub = KeyGen()N = Pub[0]
e = Pub[1]c = pow(m,e,N)print(f'Pub_Key = {Pub}')
print(f'Encrypt_msg = {c}')# Pub_Key = (723566494652171389405671234837460796040679907585742023375742947688608779, 647601268864856264675626006722430254948926341857624674325741907941777821)
# Encrypt_msg = 622366886853907801654662128691587686062985457431448713613649742267997190

比较简单，解题代码:

点击查看代码

from Crypto.Util.number import long_to_bytes
from sage.all import *Pub_Key = [723566494652171389405671234837460796040679907585742023375742947688608779, 647601268864856264675626006722430254948926341857624674325741907941777821]
Encrypt_msg = 622366886853907801654662128691587686062985457431448713613649742267997190
n = Pub_Key[0]
e = Pub_Key[1]
print(factor(n))
factors = list(factor(n))
p = factors[0][0]
q = factors[1][0]
phi = (p-1)*(q-1)
d = inverse_mod(e, phi)
Decrypt_msg = pow(Encrypt_msg, d, n)
Decrypt_msg = long_to_bytes(Decrypt_msg)
print(Decrypt_msg)#WHUCTF{RSA_f1r5t_3nc0unter_XD}
#本题n较小，yafu和factordb都可以，上面sagemath的factor函数也行

咕咕咕~

题目描述：gugugaga？咕咕嘎嘎~ 估估嘎嘎！
题目附件：

点击查看代码

from Crypto.Util.number import *def next_prime(n):candidate = n + 2while True:if isPrime(candidate):return candidatecandidate += 2flag = b"??????????????????????"
m = bytes_to_long(flag)
p = getPrime(512)
q = next_prime(p)
n = p*q
e = 65537
c = pow(m, e, n)
print(c)
print(n)# c = 13676195166317109725074828826876246892836047475721421217220559325275105343216971263835343375147404957565919847004668396939834620233375469218501043399215596943818035908432345030425066349153519935482831948057412830239656500392756609698902469397937617254109136730438414862812157726737324461362372547951400796757
# n = 55170870934126529988718847908461371381297422940177939914659615818897231388168721881953059456049307686711557014403396948707560211077375331380299148212037788964601393422145157454100773501695383800169567126239079167264224701917134831030232001162580406764240332306958051058975324693949145992285508210801125888289

p，q接近，从sqrt(n)附近的数字开始尝试就行，解题代码：

点击查看代码

from Crypto.Util.number import *
from sage.all import *
def next_prime(n):candidate = n + 2while True:if isPrime(candidate):return candidatecandidate += 2e = 65537
c = 13676195166317109725074828826876246892836047475721421217220559325275105343216971263835343375147404957565919847004668396939834620233375469218501043399215596943818035908432345030425066349153519935482831948057412830239656500392756609698902469397937617254109136730438414862812157726737324461362372547951400796757
n = 55170870934126529988718847908461371381297422940177939914659615818897231388168721881953059456049307686711557014403396948707560211077375331380299148212037788964601393422145157454100773501695383800169567126239079167264224701917134831030232001162580406764240332306958051058975324693949145992285508210801125888289
p = floor(sqrt(n))
if p%2==0:p -= 1
while 1:p -= 2if isPrime(p):break
q = next_prime(p)
print('p=',p)
print('q=',q)
print(p*q==n)
phi = (p-1)*(q-1)
d = inverse_mod(e, phi)
m = pow(c, d, n)
m = long_to_bytes(m)
print(m)#whuctf{@pprox?Appr0X_Is_al1_y0u_Neeed!}
#p和q接近，试一下就出来了

GUGUGAGA!!!!

有意思，咕咕嘎嘎，咕咕，嘎嘎嘎。附件源码如下：

点击查看代码

from Crypto.Util.number import *
from secret import flag
import random
import hashlib
m=bytes_to_long(flag)def l2d(n):if n == 0:qd = [0,]qd = []while n > 0:n, r = divmod(n, 4)qd.append(str(r))dna=[]base=["A","U","!","G"]for i in reversed(qd):dna.append(base[int(i)])d="".join(dna)return ddef dbp(d):bpd=[]bp={"A":"U","U":"A","!":"G","G":"!"}for i in d:bpd.append(bp[i])pd="".join(bpd)return pddef mutation(d):case=random.randint(1,3)base=["A","U","!","G"]n=len(d)if case==1:t=random.randint(1,n)return d[0:t]+d[t+1:]if case==2:t=random.randint(1,n)b=random.randint(0,3)return d[0:t]+base[b]+d[t:]if case==3:t=random.randint(1,n)b=random.randint(0,3)return d[0:t]+base[b]+d[t+1:]dna1=l2d(m) # m转化为DNA序列
dna2=dbp(dna1)d3=[]
for i in range(10):dna3=mutation(dna2)dna3=mutation(dna3)d3.append(dna3)print(dna3)
print(hashlib.md5(flag).hexdigest())'''
AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAAG!AG!AAGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!!U!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A
AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAAG!!G!AAGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!A!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A
AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAAG!!AG!AAGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AUGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!U!!!A!!A
AAA!AUGUAAAAAUAU!AAAUAUAGA!G!AAGAAG!!AG!AAGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGGAU!!!U!!!A!!A
AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAG!!AG!AAGGAA!GAAGUAAUUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A
AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAAG!!AG!AAGGAAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!UAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A
AAA!AUGUAAAAAUU!AAAGUAUAGA!G!AAGAAG!!AG!AAGGAA!GAAGUAAUGUAGGAAG!GAGGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A
AAA!AUGUAAAAAUU!AAUAUAGA!G!AAGAAG!!AG!AAGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!!!A
AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAAG!!AG!AGGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!UAUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A
5166f2e9aa0a47752fd65b5b99a13d3a
'''

这道题还是比较有意思的，类似于高中生物的基因突变，直接对比9组输出就可以得到没有突变的互补链，之后再互补回去，得到原链，这是4进制，直接转回去就行，代码如下：

点击查看代码

from Crypto.Util.number import *
import hashlib#生成互补链
def dbp(d):bpd = []bp = {"A": "U", "U": "A", "!": "G", "G": "!"}for i in d:bpd.append(bp[i])pd = "".join(bpd)return pdencrypt = 'AAA!AUGUAAAAAUU!AAAUAUAGA!G!AAGAAG!!AG!AAGGAA!GAAGUAAUGUAGGAAG!GAGUAAA!!AU!!A!UGAA!!AAU!AGGUAGGAAG!GAGAUAG!!AUUAAG!AAGUAAG!GAGAAAA!!AAA!AGGUAG!!AA!!AGAUAG!!AA!!AAGAAG!!A!AAAA!!AUA!AGUAAGU!AGGUAGGAU!!!U!!!A!!A'
LEN = len(encrypt)
decrypt = dbp(encrypt)
print('decrypt :',decrypt)
num = []
for i in range(LEN):if decrypt[i] == 'A':num.append('0')if decrypt[i] == 'U':num.append('1')if decrypt[i] == '!':num.append('2')if decrypt[i] == 'G':num.append('3')
m = ''.join(num)
print('m :',m)
m = int(m)
sum = 0
for i in range(LEN):t = m % 10m = m // 10sum += t * pow(4,i)
m = long_to_bytes(sum)
print(m)
print(hashlib.md5(m).hexdigest())#WHUCTF{YomiyaHina_Or_ShindoAmane_Who_do_You_Gachi??}
#5166f2e9aa0a47752fd65b5b99a13d3a

接着咕的RRRRRSA

题目附件代码如下：

点击查看代码

# SageMath 9.5
from sage.all import *
from Crypto.Util.number import *flag = b'???????????????'
m = bytes_to_long(flag)
p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537
c = pow(m, e, n)
print(n)
print(c)x = var('x')
f = x^2 - (p/q)*x - ((3*n+1)/(9*q^4))
res = solve(f == 0, x)
hint = res[1].rhs().n(digits = 512) 
print(hint)# n = 57575109592903556552375845953532026861905996813405390199980304940606150400398386514156942167697297324778000151855243677779601760385476936878781253343801314758750366794577283551950824521922097208413021353164581823473169988479677199360658984591695666176277239319566161971996509399036254851735113339230362601699
# c = 20733299276845961429537808934532196638191038556087770302217016670215668388500550827716363081300859681410689706383657411380094504139958880567618876469407596806246950752505246446453253326817320480075029441842466557901212145771504971134817273592112083786346364128154297328638883279226038651879036016721488412224
# hint = 0.94463870995694354676275139019332001469858037384232979798316831631674566518769783240448008093250233627404068153814288221424540729427750124574509295326615501949350821527258136315768687396161128819435178899058736484265746258674380261724036945789849654512366369583170405999671562771171003634389077221689129442188167964887244710838363368027329713447737884573130981295592128191848147664625321872621987015579379195910480514285176112880671130900880843777176970139814820574398966115688868430265945009683775994694388132059

一个简单的解方程问题。
推导出q = sqrt( (3n+1)/(3hint) )
还要注意精度问题，解题代码如下:

点击查看代码

from sage.all import *
from Crypto.Util.number import *n = 57575109592903556552375845953532026861905996813405390199980304940606150400398386514156942167697297324778000151855243677779601760385476936878781253343801314758750366794577283551950824521922097208413021353164581823473169988479677199360658984591695666176277239319566161971996509399036254851735113339230362601699
C = 20733299276845961429537808934532196638191038556087770302217016670215668388500550827716363081300859681410689706383657411380094504139958880567618876469407596806246950752505246446453253326817320480075029441842466557901212145771504971134817273592112083786346364128154297328638883279226038651879036016721488412224
hint_str = '0.94463870995694354676275139019332001469858037384232979798316831631674566518769783240448008093250233627404068153814288221424540729427750124574509295326615501949350821527258136315768687396161128819435178899058736484265746258674380261724036945789849654512366369583170405999671562771171003634389077221689129442188167964887244710838363368027329713447737884573130981295592128191848147664625321872621987015579379195910480514285176112880671130900880843777176970139814820574398966115688868430265945009683775994694388132059'#关键：精度
hint = RealField(prec=2048)(hint_str)
e = 65537
q = int(sqrt((3*n+1)/(3*hint)))
p = n//q
print(p*q==n)
print('p=',p)
print('q=',q)
phi = (p-1)*(q-1)
d = inverse_mod(e, phi)
M = pow(C,d,n)
M = long_to_bytes(M)
print(M)

ezECC

了解一下什么是椭圆曲线~
附件代码如下：

点击查看代码

# sage 10.6
from Crypto.Util.number import *
from sage.all import *
#from secret import flag
flag = b'whuctf{666}'
p = getPrime(256)
a = getPrime(256)
b = getPrime(256)
E = EllipticCurve(GF(p),[a,b])
m = E.random_point()
G = E.random_point()
k = getPrime(256)
K = k * G
r = getPrime(256)
c1 = m + r * K
c2 = r * G
cipher_left  = bytes_to_long(flag[:len(flag)//2]) * m[0]
cipher_right = bytes_to_long(flag[len(flag)//2:]) * m[1]print(f"p = {p}")
print(f"a = {a}")
print(f"b = {b}")
print(f"k = {k}")
print(f"E = {E}")
print(f"c1 = {c1}")
print(f"c2 = {c2}")
print(f"cipher_left = {cipher_left}")
print(f"cipher_right = {cipher_right}")'''
p = 89746860568394093981596676947359554888819031833382424173216817397675147730259
a = 61502199311890011143806832330814155530954772711027609567557425609364635884233
b = 72843845950716187193068129376786238437298214321722120098022947660016655921367
k = 83850740903700096228877692351805950926997161874785119898197951761335204239673
E = Elliptic Curve defined by y^2 = x^3 + 61502199311890011143806832330814155530954772711027609567557425609364635884233*x + 72843845950716187193068129376786238437298214321722120098022947660016655921367 over Finite Field of size 89746860568394093981596676947359554888819031833382424173216817397675147730259
c1 = (39021853681471775488374703817403582713705559764035490787491963945834756304811 : 52718476225572629515840844257572127301129816430719951398852120750774053442089 : 1)
c2 = (48232294975144816094237910324886372211217154992512806489639630240339226298137 : 25984565417687520579227655619101689320005614526788177396162517464260466091390 : 1)
cipher_left = 61538255268512714814181850581796683299580504461261271869969882064390584769372
cipher_right = 56810564436693741033331980633605003778070103849071562425637017859058073078930
'''

非常简单的ECC加密，可以参考EC(Elliptic Curve)椭圆曲线，解密代码如下：

点击查看代码

from Crypto.Util.number import *
from sage.all import *# 椭圆曲线参数
p = 89746860568394093981596676947359554888819031833382424173216817397675147730259
a = 61502199311890011143806832330814155530954772711027609567557425609364635884233
b = 72843845950716187193068129376786238437298214321722120098022947660016655921367
k = 83850740903700096228877692351805950926997161874785119898197951761335204239673
cipher_left = 61538255268512714814181850581796683299580504461261271869969882064390584769372
cipher_right = 56810564436693741033331980633605003778070103849071562425637017859058073078930
# 构建椭圆曲线
E = EllipticCurve(GF(p), [a, b])
C1 = E(39021853681471775488374703817403582713705559764035490787491963945834756304811,52718476225572629515840844257572127301129816430719951398852120750774053442089)
C2 = E(48232294975144816094237910324886372211217154992512806489639630240339226298137,25984565417687520579227655619101689320005614526788177396162517464260466091390)
m = C1 - k*C2
mx_inv = inverse(m[0], p)  # 计算x坐标的模逆
my_inv = inverse(m[1], p)  # 计算y坐标的模逆
left = int((cipher_left * mx_inv) % p)
right = int((cipher_right * my_inv) % p)
left_bytes = long_to_bytes(left)
right_bytes = long_to_bytes(right)
flag = left_bytes + right_bytes
print(flag)#WHUCTF{y0U_R34lly_kn0w_ECC_&_MUL7!PLY}

先到这里吧