攻防世界 best_rsa

题目

解压包后有四个文件

分析与解题

1. 先从两个公钥文件中提取公钥信息

from Crypto.PublicKey import RSA

f1 = open("F:\ChromeCommon\c2d6e7158d7b4cd6a747774f0bdc5f72\publickey1.pem","rb").read()
f2 = open("F:\ChromeCommon\c2d6e7158d7b4cd6a747774f0bdc5f72\publickey2.pem","rb").read()
pub1 = RSA.importKey(f1)
pub2 = RSA.importKey(f2)
n1 = pub1.n
e1 = pub1.e
n2 = pub2.n
e2 = pub2.e
print(n1)
print(n2)
print(e1)
print(e2)

n1 = 13060424286033164731705267935214411273739909173486948413518022752305313862238166593214772698793487761875251030423516993519714215306808677724104692474199215119387725741906071553437840256786220484582884693286140537492541093086953005486704542435188521724013251087887351409946184501295224744819621937322469140771245380081663560150133162692174498642474588168444167533621259824640599530052827878558481036155222733986179487577693360697390152370901746112653758338456083440878726007229307830037808681050302990411238666727608253452573696904083133866093791985565118032742893247076947480766837941319251901579605233916076425572961
n2 = 13060424286033164731705267935214411273739909173486948413518022752305313862238166593214772698793487761875251030423516993519714215306808677724104692474199215119387725741906071553437840256786220484582884693286140537492541093086953005486704542435188521724013251087887351409946184501295224744819621937322469140771245380081663560150133162692174498642474588168444167533621259824640599530052827878558481036155222733986179487577693360697390152370901746112653758338456083440878726007229307830037808681050302990411238666727608253452573696904083133866093791985565118032742893247076947480766837941319251901579605233916076425572961
e1 = 117
e2 = 65537

2. 发现n1==n2，所以共模攻击（此前已有总结，不再赘述）
3. 利用以前的共模攻击代码（通用）即可

from general_project.sameNAttack import same_n_attack
from Crypto.Util.number import *

n = 13060424286033164731705267935214411273739909173486948413518022752305313862238166593214772698793487761875251030423516993519714215306808677724104692474199215119387725741906071553437840256786220484582884693286140537492541093086953005486704542435188521724013251087887351409946184501295224744819621937322469140771245380081663560150133162692174498642474588168444167533621259824640599530052827878558481036155222733986179487577693360697390152370901746112653758338456083440878726007229307830037808681050302990411238666727608253452573696904083133866093791985565118032742893247076947480766837941319251901579605233916076425572961
e1 = 117
e2 = 65537
c1 = open("F:\ChromeCommon\c2d6e7158d7b4cd6a747774f0bdc5f72\cipher1.txt","rb").read()
c2 = open("F:\ChromeCommon\c2d6e7158d7b4cd6a747774f0bdc5f72\cipher2.txt","rb").read()
m = same_n_attack(n,e1,e2,bytes_to_long(c1),bytes_to_long(c2))
print long_to_bytes(m)

注意这里需要以二进制形式读入密文，在共模攻击时还需将字节流转成数字。
4. flag{interesting_rsa}