Crypto 36D杯wp

签到

W9@F0>:2?0D9:07=28X/3/TUW/o/7/PUo/ST7/T/6/R
1

先rot47解码

(hou_mian_shi_flag)^b^%&(^@^f^!&@^$%f^%^e^#
                   6b6579626f6172645f656e63
^6
%5
&7
(9
@2
!1
#3
1
2
3
4
5
6
7
8
9

键盘一一对应即可，然后再hex解码

rsaEZ

直接脚本跑

from Crypto.PublicKey import RSA
import libnum
import gmpy2

# 导入公钥
with open("public.key", "rb") as f:
    key = RSA.import_key(f.read())
    n = key.n
    e = key.e

with open("encrypted.message1", "rb") as f:
    c1 = libnum.s2n(f.read())
with open("encrypted.message2", "rb") as f:
    c2 = libnum.s2n(f.read())
with open("encrypted.message3", "rb") as f:
    c3 = libnum.s2n(f.read())

p = 302825536744096741518546212761194311477
q = 325045504186436346209877301320131277983
d = libnum.invmod(e, (p - 1) * (q - 1))
c = [c1, c2, c3]
flag = ''
for i in c:
    m = pow(i, d, n)
    m1 = str(libnum.n2s(int(m)))
    flag += (m1.split("x00")[1])[:-3]  # 以x00分段取后面那段，将 \n' 去掉
print(flag)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

justShow

hlcgoyfsjqknyifnpd:bcdefghijklmnopqrstuvwxyza
1

观察可知为凯撒移位

编码为-1，则解码为1

Playfair Cipher编码

密匙为：

abcdefghijklmnopqrstuvwxyz

flagisctfshowicome
1

飞鸽传书

TVdJd09HRm1NamMyWkdKak56VTVNekkzTVdZMFpXVTJNVFl5T0Rrek1qUWxNRUZsTW1GbE0yRXlNelV3TnpRell6VXhObU5rWVRReE1qUTVPV0poTTJKbE9TVXdRV0prWlRVeVkySXpNV1JsTXpObE5EWXlORFZsTURWbVltUmlaRFptWWpJMEpUQkJaVEl6WlRBd1ltVXpPV1F6Tm1Zek5EWXlaVFUzTm1FMk4yRTNaamt4T1RrbE1FRXhPR00zT1RJNE5XSTFNVFJqTmpObVl6a3dNelZsTTJZNU1qQmhaVFEzTnlVd1FXUmhORFJrWkRFNU1tUmxabVF4WW1VM09XWTJNMk16TlRCa01qa3lNR05tSlRCQk5ESTFNV00wWXpZME9XTTNaREptT0RZek1qZGxabVJsTWpNNU9USm1ZVGNsTUVGaFlXVTNZakprTkRneU16Z3lZV0ZoWkRjMVptUmxOalJrWmpobVpqZzJaaVV3UVRJNU5tWTNabVpqTW1VME5UUTFaR00zTnpreU1EVXdZMlZpTkdFNE56RXhKVEJCTmpFd04yRmpNV0UxTldZeFpUQm1aV05pTjJSa1lqWXdabUl6WW1ZeE1Ea2xNRUZoWldNeU16TXpNekl4WkRjek1EQXdNVFl4TmpneVpETmpOR1ZpWXpBd09TVXdRVFV3TURWaU0ySm1NREF3TlRCaVpqUm1OMlUwTTJGak16TmhNRFExTkdJNEpUQkI=
1

base64两次

得到：

1b08af276dbc7593271f4ee616289324%0Ae2ae3a2350743c516cda412499ba3be9%0Abde52cb31de33e46245e05fbdbd6fb24%0Ae23e00be39d36f3462e576a67a7f9199%0A18c79285b514c63fc9035e3f920ae477%0Ada44dd192defd1be79f63c350d2920cf%0A4251c4c649c7d2f86327efde23992fa7%0Aaae7b2d482382aaad75fde64df8ff86f%0A296f7ffc2e4545dc7792050ceb4a8711%0A6107ac1a55f1e0fecb7ddb60fb3bf109%0Aaec2333321d73000161682d3c4ebc009%0A5005b3bf00050bf4f7e43ac33a0454b8%0A
1

hex解码不行，观察有12个%0A间隔密文，试试分开然后md5

from re import split
a='1b08af276dbc7593271f4ee616289324%0Ae2ae3a2350743c516cda412499ba3be9%0Abde52cb31de33e46245e05fbdbd6fb24%0Ae23e00be39d36f3462e576a67a7f9199%0A18c79285b514c63fc9035e3f920ae477%0Ada44dd192defd1be79f63c350d2920cf%0A4251c4c649c7d2f86327efde23992fa7%0Aaae7b2d482382aaad75fde64df8ff86f%0A296f7ffc2e4545dc7792050ceb4a8711%0A6107ac1a55f1e0fecb7ddb60fb3bf109%0Aaec2333321d73000161682d3c4ebc009%0A5005b3bf00050bf4f7e43ac33a0454b8%0A'
b=a.split('%0A',12)
for i in b:
    print(i)
#flag{36D_me}
1
2
3
4
5
6
'
运行
运行