两个文件:pub.key、flag.enc
vs code打开pub.key,是个公钥的样子。
—–BEGIN PUBLIC KEY—–
MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAMAzLFxkrkcYL2wch21CM2kQVFpY9+7+
/AvKr1rzQczdAgMBAAE=
—–END PUBLIC KEY—–
然后用python的rsa模块解密会报错,像是格式不对。
pubkey = rsa.PublicKey.load_pkcs1(pk) # raise ValueError('No PEM start marker "%r" found' % pem_start)
于是换成Crypto.PublicKey.RSA,可以了。
pubkey = Crypto.PublicKey.RSA.importKey(pk) print(pubkey) print(pubkey.n, pubkey.e) # <_RSAobj @0xffff94d979d0 n(256),e> # 86934482296048119190666062003494800588905656017203025617216654058378322103517 65537
用factordb.com对n做分解,可以解出p和q,然后就简单了,以下是脚本。
import gmpy2 import rsa from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP with open('./pub1.key',mode='rb') as fpk: pk = fpk.read() # pubkey = rsa.PublicKey.load_pkcs1(pk) pubkey = RSA.importKey(pk) print(pubkey) print(pubkey.n, pubkey.e) n = 0xC0332C5C64AE47182F6C1C876D42336910545A58F7EEFEFC0BCAAF5AF341CCDD e = 65537 p = 285960468890451637935629440372639283459 q = 304008741604601924494328155975272418463 phi = (p-1) * (q-1) d = gmpy2.invert(e, phi) with open('./flag.enc','rb+') as ff: cdata = ff.read() # 用Crypto库,试了N次都报错,放弃了 # rsadata = RSA.construct((n, e, int(d), p, q)) # key1 = RSA.importKey(rsadata.exportKey()) # key1 = PKCS1_OAEP.new(key1) # print(key1) # print(key1.decrypt(cdata)) # rsa模块直接搞定 key = rsa.PrivateKey(n, e, int(d), p, q) print(rsa.decrypt(cdata, key)) # Public RSA key at 0xFFFFA511FF10 # 86934482296048119190666062003494800588905656017203025617216654058378322103517 65537 # b'flag{decrypt_256}\n'