给定 n,c, 通常情况下在无e情景中,应对明文做特殊限制,本题无其他信息,尝试在可见字符范围进行格规约,可转化为SVP问题,使用LLL算法求解即可。
又不明确字符串长度,尝试爆破,然后手工选择一个具有语义的,发现为flag
from Crypto.Util.number import *
p = 898278915648707936019913202333
q = 814090608763917394723955024893
newm = bytes_to_long(b'X\xee\x1ey\x88\x01dX\xf6i\x91\x80h\xf4\x1f!\xa7"\x0c\x9a\x06\xc8\x06\x81\x15')
n = p * q
c = newm
pre = b"DASCTF{"
suf = b"}"
for le in range(20, 60):
length = le - len(pre) - len(suf)
c -= 256^(len(suf) + length) * bytes_to_long(pre)
c -= bytes_to_long(suf)
c = c * inverse(256,n) % n
L = Matrix(ZZ,length+2,length+2)
for i in range(length):
L[i,i] = 1
L[i,-1] = 256^i
c -= 256^i*48
c -= 256^i*40
L[-2,-2] = 1
L[-2,-1] = -c
L[-1,-1] = n
L[:,-1:] *= n
res = L.LLL()
for i in res[:-1]:
flag = ""
if(all(abs(j) <= 40 for j in i[:-2])):
if(i[-2] == 1):
for j in i[:-2][::-1]:
flag += chr(48 + 40 + j)
elif i[-2] == -1:
for j in i[:-2][::-1]:
flag += chr(48 + 40 - j)
if(flag != ""):
print(prefix.decode()+flag+suf.decode())
break
c = newm
#DASCTF{o0p5_m3ssaGe_to0_b1g_nv93nd0}
DASCTF{b<Lgi[PdN[TEkChH:[<R~aWecC[6ee1h}
DASCTF{^YbCRf[XYfkoNdjWrK:sYWvJ]`Y=`DNWQL}
DASCTF{JZQZSZca@@yv_SsTjGHbO_b[OHPsapYPW?J}
DASCTF{Z_S>VZIZoax\L?nOZn[Y_k]a]GsQVSHUO\X_}
DASCTF{[OBCIdafdOPK\_J]VVf_ZvS`N@MX[\~a_bBY_}
DASCTF{NoILV[FXUgJMQtQTm`SoVZcW]RSQNjIcUfXSYP}
DASCTF{YQPSTI_MTRJ^V[VL_ZgSXcWOeYOMUeXIZZMS_Yk}
DASCTF{\_VNWb:[SYYNW_Y[]]hHaeT\iY^`?e`JWU^[b[Wc}
DASCTF{bZQXWbdK^QVQVW\YZZbffXeeSVQ_RYWaY;JSiUQOV}
DASCTF{XT[TVUWcVLYpQjPSKMaZW_N[_YJTUaWZ_QWZeUI_w[}
DASCTF{VOZXXVXRQWP\JQbjd\[SQMVVLYhUVSUW`=LgWNV]QGN}
DASCTF{Y_a^Rn\[TRUP[`f_PRX`UNd][kUY[\VXSh`T]`YNQck]}
DASCTF{ZbXaNUWb[UZb[aeKWhOX[a\RQNFZRScKaZPdVM^XVc\Nc}
DASCTF{YVVULZWjUNK]\YeX\ZYU\dTK[YRbZYO\]bINWUa]aSUaTj}
DASCTF{Y[R[Y`\Yd][QUO][[@NY^NR_]KX[WYNJVS]KMN`^[XdYVRc}
DASCTF{YRVWP]_^ZdaF\ULVV`YURUYZS_]VWTMXZ]RTX^bYS[PGI`gX}
DASCTF{VZSZ_Ve\TY_PN[cUWZKRVgXOdSZRV[ZPVL_JZKQ_`QQSR]aVb}
DASCTF{]]UWYPaPS[^MQQSZ]Y`T\Y]OXYRM]WVQaWXRV[[^Q^WX[NW[IS}
DASCTF{TW\U[TXMSZW^UV[\T\gV`ZWXUgUMY]XcU`[XTV]_UW]YY\Y]MTV}