-.-

주어진 암호문은 다음과 같다.


dah-dah-dah-dah-dah dah-di-di-dah di-di-di-di-dit dah-dah-di-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-dah-dah-dah di-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-di-dit dah-dah-dah-di-dit dah-dah-di-di-dit di-di-di-di-dah di-di-di-di-dah dah-dah-di-di-dit di-di-di-di-dit di-dah-dah-dah-dah di-di-di-dah-dah dah-dah-dah-di-dit dah-di-di-di-dit di-di-di-di-dit di-di-di-dah-dah dah-dah-dah-di-dit dah-dah-di-di-dit di-dah-dah-dah-dah dah-di-di-di-dit dit dah-di-di-di-dit dah-di-dit di-di-di-di-dah dah-di-dit di-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dit di-di-di-di-dit di-di-dah-dah-dah di-dah dah-dah-di-di-dit di-di-di-dah-dah dah-dah-di-di-dit dah-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit di-di-di-di-dah dah-dah-dah-di-dit dah-di-di-di-dit dah-di-di-dit dah-di-di-di-dit di-dah di-di-di-di-dah dah-dah-dah-dah-dit dah-dah-di-di-dit di-di-di-di-dah di-di-dah-dah-dah di-dah di-di-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-dah-dah-dah-dah di-di-dah-dah-dah dah-di-di-di-dit di-di-di-di-dah di-dah dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-di-di-dit di-dah dah-dah-di-di-dit dah-di-di-di-dit dah-di-di-di-dit di-dah dah-di-di-di-dit dah-di-dit di-di-dah-dah-dah di-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-dit di-di-di-di-dah di-di-di-di-dah dah-di-di-di-dit dah-di-di-dit dah-di-di-di-dit dah-di-di-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-di-dit dit di-di-di-di-dah dit di-di-di-dah-dah dah-dah-dah-dah-dit dah-di-di-di-dit dah-di-di-di-dit dah-di-di-di-dit dah-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-di-di-di-dit di-di-di-di-dah di-di-di-di-dit di-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-di-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-dah-dah dah-dah-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit di-di-dah-dit di-di-di-di-dit di-di-di-di-dah di-di-di-dah-dah dah-dah-dah-dah-dah di-di-di-di-dit dah-dah-dah-dah-dah di-di-di-di-dit di-dah di-di-di-di-dit di-dah-dah-dah-dah dah-di-di-di-dit dah-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-dit di-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-di-dah di-di-di-di-dit di-dah di-di-di-di-dah dah-di-dit dah-dah-di-di-dit dah-di-di-di-dit di-di-dah-dah-dah di-dah di-di-dah-dah-dah di-dah-dah-dah-dah di-di-di-di-dah dah-di-di-di-dit dah-di-di-di-dit dah-di-di-dit di-di-di-dah-dah dah-dah-dah-di-dit dah-di-di-di-dit dah-di-dah-dit di-di-dah-dah-dah di-di-di-di-dit dah-di-di-di-dit di-di-dah-dah-dah dah-di-di-di-dit di-dah dah-dah-di-di-dit di-dah-dah-dah-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-di-dit dah-dah-dah-dah-dah di-di-di-di-dah dah-di-dit dah-di-di-di-dit dah-di-di-di-dit di-di-di-di-dah dah-dah-dah-dah-dit di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit dah-di-dit dah-di-di-di-dit di-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit dah-dah-di-di-dit di-dah di-di-di-di-dah dah-dah-di-di-dit di-di-dah-dah-dah dah-dah-dah-dah-dah dah-di-di-di-dit dah-dah-di-di-dit dah-di-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit dah-dah-di-di-dit dah-di-di-di-dit di-di-di-di-dit dah-di-di-di-dit dah-di-dit dah-dah-di-di-dit dah-di-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-di-dah-dah di-dah-dah-dah-dah dah-di-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-di-di-dit di-di-di-di-dit di-di-dah-dit dah-di-di-di-dit di-di-di-dah-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-dah-dah di-dah-dah-dah-dah di-di-di-di-dah di-di-di-dah-dah di-di-di-di-dah dah-di-di-dit di-di-dah-dah-dah dah-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dit di-di-di-dah-dah dah-dah-dah-dah-dah dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dit di-di-dah-dit dah-di-di-di-dit dah-dah-dah-di-dit di-di-di-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-dah-dah di-di-di-di-dit di-di-dah-dit dah-di-di-di-dit dah-di-dit di-di-di-dah-dah di-di-di-di-dah di-di-di-di-dah dah-dah-dah-dah-dit di-di-di-dah-dah di-dah-dah-dah-dah dah-dah-di-di-dit dah-di-dit di-di-dah-dah-dah dah-dah-dah-dah-dah dah-dah-di-di-dit di-di-di-di-dit dah-dah-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit dah-dah-di-di-dit di-dah di-di-di-di-dah dah-di-di-dit di-di-di-di-dit di-dah dah-dah-di-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit di-di-dah-dit dah-di-di-di-dit dah-di-dit dah-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dah di-di-di-di-dah di-di-di-di-dit di-di-di-dah-dah dah-di-di-di-dit dah-dah-dah-di-dit di-di-di-di-dah dah-di-dah-dit dah-di-di-di-dit dah-di-dit di-di-di-dah-dah dah-dah-dah-di-dit di-di-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit dah-di-di-di-dit dit di-di-di-di-dit di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dah dah-dah-di-di-dit dah-dah-di-di-dit di-di-di-di-dah di-dah di-di-di-di-dah dah-dah-dah-dah-dah di-di-di-di-dah dit dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dah di-di-dah-dit di-di-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit dah-di-di-di-dit di-di-di-di-dit dah-dah-dah-di-dit di-di-dah-dah-dah dah-di-di-di-dit di-di-di-dah-dah dah-dah-dah-di-dit dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dah dah-dah-dah-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit dit di-di-dah-dah-dah di-dah-dah-dah-dah di-di-di-dah-dah di-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dit di-di-di-di-dah dah-dah-di-di-dit di-dah-dah-dah-dah dah-dah-di-di-dit dah-di-di-di-dit di-di-di-dah-dah dah-dah-dah-dah-dah di-di-di-di-dit dah-di-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dit di-di-dah-dah-dah dah-dah-di-di-dit di-dah di-di-di-di-dit dah-di-di-di-dit di-di-dah-dah-dah di-dah-dah-dah-dah dah-di-di-di-dit di-dah di-di-dah-dah-dah di-dah-dah-dah-dah dah-dah-di-di-dit dah-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-di-dah-dah dah-dah-dah-di-dit di-di-di-di-dah di-di-dah-dah-dah dah-di-di-di-dit di-dah dah-di-di-di-dit di-di-di-di-dah di-di-di-di-dah dit di-di-di-di-dah dah-dah-dah-dah-dit dah-dah-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-dah-dah di-di-di-di-dit dah-dah-di-di-dit dah-dah-di-di-dit di-di-dah-dah-dah di-di-di-dah-dah di-di-dah-dah-dah di-di-di-di-dah di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-di-dit di-di-di-di-dit di-dah di-di-di-di-dah di-di-dah-dit di-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dit di-dah di-di-di-dah-dah di-di-dah-dah-dah dah-dah-di-di-dit di-dah di-di-di-dah-dah dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dah di-di-di-dah-dah dah-dah-di-di-dit di-di-dah-dah-dah dah-di-di-di-dit dah-dah-di-di-dit dah-dah-dah-di-dit di-di-di-di-dah dah-di-dah-dit di-di-di-di-dah dah-dah-dah-dah-dah di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dah di-di-dah-dit di-di-di-dah-dah dah-dah-di-di-dit di-di-di-dah-dah di-di-di-di-dah di-di-di-dah-dah di-dah-dah-dah-dah di-di-di-dah-dah dah-dah-dah-dah-dah di-di-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah dah-dah-dah-dah-dit


-,공백은 구분자이고 실질적으로는 di,dah,dit로 이루어져있다. 구성 요소가 3개라 3진수인가 싶었는데 아니었고, 문제이름이 딱봐도 morse code였는데 구성 요소가 3개라

아닌가 싶었다. 여기서 좀 헤매다 결국 morse code 같아서 morse code 테이블이랑 하나씩 비교하면서보니 di,dit를 그냥 둘다 .으로 치환해버리면 구조가 딱 들어맞는것 같길래 싹다 치환해서 온라인 디코더로 돌려보니 hex값이 나왔고 이거 디코딩하니 플래그가 나왔다.


solve.py


a = """dah-dah-dah-dah-dah dah-di-di-dah di-di-di-di-dit dah-dah-di-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-dah-dah-dah di-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-di-dit dah-dah-dah-di-dit dah-dah-di-di-dit di-di-di-di-dah di-di-di-di-dah dah-dah-di-di-dit di-di-di-di-dit di-dah-dah-dah-dah di-di-di-dah-dah dah-dah-dah-di-dit dah-di-di-di-dit di-di-di-di-dit di-di-di-dah-dah dah-dah-dah-di-dit dah-dah-di-di-dit di-dah-dah-dah-dah dah-di-di-di-dit dit dah-di-di-di-dit dah-di-dit di-di-di-di-dah dah-di-dit di-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dit di-di-di-di-dit di-di-dah-dah-dah di-dah dah-dah-di-di-dit di-di-di-dah-dah dah-dah-di-di-dit dah-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit di-di-di-di-dah dah-dah-dah-di-dit dah-di-di-di-dit dah-di-di-dit dah-di-di-di-dit di-dah di-di-di-di-dah dah-dah-dah-dah-dit dah-dah-di-di-dit di-di-di-di-dah di-di-dah-dah-dah di-dah di-di-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-dah-dah-dah-dah di-di-dah-dah-dah dah-di-di-di-dit di-di-di-di-dah di-dah dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-di-di-dit di-dah dah-dah-di-di-dit dah-di-di-di-dit dah-di-di-di-dit di-dah dah-di-di-di-dit dah-di-dit di-di-dah-dah-dah di-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-dit di-di-di-di-dah di-di-di-di-dah dah-di-di-di-dit dah-di-di-dit dah-di-di-di-dit dah-di-di-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-di-dit dit di-di-di-di-dah dit di-di-di-dah-dah dah-dah-dah-dah-dit dah-di-di-di-dit dah-di-di-di-dit dah-di-di-di-dit dah-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-di-di-di-dit di-di-di-di-dah di-di-di-di-dit di-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-di-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-dah-dah dah-dah-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit di-di-dah-dit di-di-di-di-dit di-di-di-di-dah di-di-di-dah-dah dah-dah-dah-dah-dah di-di-di-di-dit dah-dah-dah-dah-dah di-di-di-di-dit di-dah di-di-di-di-dit di-dah-dah-dah-dah dah-di-di-di-dit dah-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-dit di-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-di-dah di-di-di-di-dit di-dah di-di-di-di-dah dah-di-dit dah-dah-di-di-dit dah-di-di-di-dit di-di-dah-dah-dah di-dah di-di-dah-dah-dah di-dah-dah-dah-dah di-di-di-di-dah dah-di-di-di-dit dah-di-di-di-dit dah-di-di-dit di-di-di-dah-dah dah-dah-dah-di-dit dah-di-di-di-dit dah-di-dah-dit di-di-dah-dah-dah di-di-di-di-dit dah-di-di-di-dit di-di-dah-dah-dah dah-di-di-di-dit di-dah dah-dah-di-di-dit di-dah-dah-dah-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-di-dit dah-dah-dah-dah-dah di-di-di-di-dah dah-di-dit dah-di-di-di-dit dah-di-di-di-dit di-di-di-di-dah dah-dah-dah-dah-dit di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit dah-di-dit dah-di-di-di-dit di-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-di-dit di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit dah-dah-di-di-dit di-dah di-di-di-di-dah dah-dah-di-di-dit di-di-dah-dah-dah dah-dah-dah-dah-dah dah-di-di-di-dit dah-dah-di-di-dit dah-di-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit dah-dah-di-di-dit dah-di-di-di-dit di-di-di-di-dit dah-di-di-di-dit dah-di-dit dah-dah-di-di-dit dah-di-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-di-dah-dah di-dah-dah-dah-dah dah-di-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-di-di-dit di-di-di-di-dit di-di-dah-dit dah-di-di-di-dit di-di-di-dah-dah dah-di-di-di-dit dah-di-dah-dit di-di-di-dah-dah di-dah-dah-dah-dah di-di-di-di-dah di-di-di-dah-dah di-di-di-di-dah dah-di-di-dit di-di-dah-dah-dah dah-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dit di-di-di-dah-dah dah-dah-dah-dah-dah dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dit di-di-dah-dit dah-di-di-di-dit dah-dah-dah-di-dit di-di-di-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-dah-dah di-di-di-di-dit di-di-dah-dit dah-di-di-di-dit dah-di-dit di-di-di-dah-dah di-di-di-di-dah di-di-di-di-dah dah-dah-dah-dah-dit di-di-di-dah-dah di-dah-dah-dah-dah dah-dah-di-di-dit dah-di-dit di-di-dah-dah-dah dah-dah-dah-dah-dah dah-dah-di-di-dit di-di-di-di-dit dah-dah-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit dah-dah-di-di-dit di-dah di-di-di-di-dah dah-di-di-dit di-di-di-di-dit di-dah dah-dah-di-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit di-di-dah-dit dah-di-di-di-dit dah-di-dit dah-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dah di-di-di-di-dah di-di-di-di-dit di-di-di-dah-dah dah-di-di-di-dit dah-dah-dah-di-dit di-di-di-di-dah dah-di-dah-dit dah-di-di-di-dit dah-di-dit di-di-di-dah-dah dah-dah-dah-di-dit di-di-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-di-dah dah-di-di-di-dit dah-di-di-di-dit dit di-di-di-di-dit di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dah dah-dah-di-di-dit dah-dah-di-di-dit di-di-di-di-dah di-dah di-di-di-di-dah dah-dah-dah-dah-dah di-di-di-di-dah dit dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dah di-di-dah-dit di-di-di-di-dit dah-dah-dah-dah-dit dah-di-di-di-dit dah-di-di-di-dit di-di-di-di-dit dah-dah-dah-di-dit di-di-dah-dah-dah dah-di-di-di-dit di-di-di-dah-dah dah-dah-dah-di-dit dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dah dah-dah-dah-dah-dah di-di-di-di-dah dah-dah-di-di-dit dah-di-di-di-dit dit di-di-dah-dah-dah di-dah-dah-dah-dah di-di-di-dah-dah di-dah-dah-dah-dah di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dit di-di-di-di-dah dah-dah-di-di-dit di-dah-dah-dah-dah dah-dah-di-di-dit dah-di-di-di-dit di-di-di-dah-dah dah-dah-dah-dah-dah di-di-di-di-dit dah-di-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dit di-di-dah-dah-dah dah-dah-di-di-dit di-dah di-di-di-di-dit dah-di-di-di-dit di-di-dah-dah-dah di-dah-dah-dah-dah dah-di-di-di-dit di-dah di-di-dah-dah-dah di-dah-dah-dah-dah dah-dah-di-di-dit dah-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dit dah-dah-di-di-dit dah-dah-dah-dah-dah di-di-di-dah-dah dah-dah-dah-di-dit di-di-di-di-dah di-di-dah-dah-dah dah-di-di-di-dit di-dah dah-di-di-di-dit di-di-di-di-dah di-di-di-di-dah dit di-di-di-di-dah dah-dah-dah-dah-dit dah-dah-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-dah-dah di-di-di-di-dit dah-dah-di-di-dit dah-dah-di-di-dit di-di-dah-dah-dah di-di-di-dah-dah di-di-dah-dah-dah di-di-di-di-dah di-di-dah-dah-dah di-di-di-di-dit di-di-di-di-dit dah-di-di-di-dit di-di-di-dah-dah di-di-di-di-dah di-di-di-di-dit di-di-di-di-dit di-di-di-di-dit di-dah di-di-di-di-dah di-di-dah-dit di-di-di-di-dit dah-dah-dah-dah-dit di-di-di-di-dit di-dah di-di-di-dah-dah di-di-dah-dah-dah dah-dah-di-di-dit di-dah di-di-di-dah-dah dah-dah-di-di-dit di-di-di-di-dit di-di-di-di-dah di-di-di-dah-dah di-di-dah-dah-dah di-di-di-dah-dah di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dah di-di-di-dah-dah dah-dah-di-di-dit di-di-dah-dah-dah dah-di-di-di-dit dah-dah-di-di-dit dah-dah-dah-di-dit di-di-di-di-dah dah-di-dah-dit di-di-di-di-dah dah-dah-dah-dah-dah di-di-di-di-dit dah-dah-di-di-dit di-di-di-di-dah di-di-dah-dit di-di-di-dah-dah dah-dah-di-di-dit di-di-di-dah-dah di-di-di-di-dah di-di-di-dah-dah di-dah-dah-dah-dah di-di-di-dah-dah dah-dah-dah-dah-dah di-di-di-di-dit di-dah-dah-dah-dah di-di-di-di-dah dah-dah-dah-dah-dit"""

a = a.replace("-","")

a = a.replace("dit",".")

a = a.replace("di",".")

a = a.replace("dah","-")

print a


print "57702a6c58744751386538716e6d4d59552a737646486b6a49742a5251264a705a766a6d2125254b446b6670235e4e39666b346455346c423372546f5430505a516d4351454b5942345a4d762a21466b386c25626a716c504d6649476d612525467a4720676967656d7b433169634b5f636c31434b2d7930755f683476335f6d3449317d20757634767a4b5a7434796f6d694453684c6d385145466e5574774a404e754f59665826387540476e213125547176305663527a56216a217675757038426a644e49714535772324255634555a4f595a327a37543235743726784c40574f373431305149".decode("hex")


RSAaaay


문제는 다음과 같다.


(2531257, 43)

p = 509

q = 4973

My super secret message: 906851 991083 1780304 2380434 438490 356019 921472 822283 817856 556932 2102538 2501908 2211404 991083 1562919 38268


n 값이 엄청 작아서 그냥 소인수 분해가 된다. 주어진 암호문을 공백으로 split한 뒤 각각 복호화 해보면 아래와 같은 값이 나온다.


103

105103

101109

12383

97118

97103

10195

83105

12095

70108

121105

110103

9584

105103

101114

115125


그냥 hex디코딩해보면 첫번째 값만 디코딩이 된다. 뭐지 하다 유심히 복호화된 값을 보니 아스키 값을 2개씩 이어붙인 것 같았고 이를 토대로 복호화 해보니 제대로 값이 나왔다.


solve.py


from gmpy2 import *

  

p = 509

q = 4973


phi = (p-1)*(q-1)


n = p*q


e = 43


d = invert(e,phi)



c = "906851 991083 1780304 2380434 438490 356019 921472 822283 817856 556932 2102538 2501908 2211404 991083 1562919 38268".split(" ")

flag = ""


for i in c:

        result = str(pow(int(i),d,n))

        if len(result)>3:

                if result[0]=="1":

                        flag += chr(int(result[0:3]))

                        flag += chr(int(result[3:]))

                else:

                        flag += chr(int(result[0:2]))

                        flag += chr(int(result[2:]))

        else:

                flag += chr(int(result))


print flag


smile

문제에서 준 암호문은 다음과 같다.


XUBdTFdScw5XCVRGTglJXEpMSFpOQE5AVVxJBRpLT10aYBpIVwlbCVZATl1WTBpaTkBOQFVcSQdH


base64 디코딩 해보면 이상한 값이 나오는데, 디코딩된 각 문자들이 모두 아스키 범위였다. 그래서 아스키범위로 카이사르 돌려봤는데 아니었고, 플래그 포멧이 gigem이라 해당 값으로 카이사르 키 같은게 있나 찾아봤는데 이것도 아니었다. 그래서 혹시하고 gigem이랑 xor를 돌려봤더니 58 41이 계속 반복되는걸 볼 수 있었다. 이걸 key로 해서 base64 디코딩된 값을 xor해보니 플래그가 나왔다.


solve.py


a = "XUBdTFdScw5XCVRGTglJXEpMSFpOQE5AVVxJBRpLT10aYBpIVwlbCVZATl1WTBpaTkBOQFVcSQdH"

a =  a.decode("base64")

key = ":)"

flag = ""

for i in range(0,len(a)):

    flag += chr(ord(a[i])^ord(key[i%2]))

print flag




블로그 이미지

JeonYoungSin

메모 기록용 공간

,

암호문과 pem 형식으로 된 두 개의 공개키를 제공해 준다. pem 파일에서 n을 각각 추출한 뒤 최대 공약수를 확인해보면 공개키 생성 과정에서  공통된 소수를 사용해 p 값을 구할 수 있다.


python RsaCtfTool.py --key ../rsa/seccon/pub1 --dumpkey

python RsaCtfTool.py --key ../rsa/seccon/pub2 --dumpkey


solve.py


from gmpy2 import *

from Crypto.PublicKey import RSA


n1 = 763718912475160487902804749669814117361530270298225094625871588939939773892509348006077810445741086683427253000695920011673348476297973798322806091336777405584801442639626925406721932533140226556519019440300864340670199686368307155860493615065198319490060598587202051942638792919648596288576294804549738135969737494734307362891313864027749187674251692407867312885251279302785352318725391842117065840058358065676707016006124478822206302825992616559261930620693061673348139416033418864269248381876692676529410115745518353146254670349865568255213560376368953292931958006941630719304442332912813624543600126197554727832190226632919876204677667384620275620336951964833888599634720101911051166398907898747710391394105753614253527704990658698844796442515669670816004761855554187277637871343595647487793209271354240148469085627742503649786300484610102224828274384484809539697728008552925590472129497180290668277790132130824141651399551803499770513576176720509094833332201946177880267399933460994496277590932311628302240154240967341858152145815276163397709272690500041597393678630136932574450837982593210399370333578887450410911663220219423601973078501237709613593311133945501455828164291429228495931943107997137587307522565029820756690578833


n2 = 847796795638781450678718708664542960446354226336422534142899480441478781747168340722544245493739168125415291376063352480076469305992008517388366298914970810765149321160596112226917023146371080685458239747986992197343482255681414590678694753885521068656675164266739274608505094927725285868801825144058835115051061857233824816176186349372737400492228548130718029270482313906040935333159681273527671359469173939861889228505791626525994180917670701909816457560622922219797109618405842358250940062127841301193206255543580550667149741357342408703680375118252445296600962244008043713708516004025217199954286478272550961283413053789743740774140439284662596273452124779590753836094450154459078034659421366584354005421566290862244000178569163732971816333961711759000171156293724203334889496589376907683142167883476184246287660764821622298961378903818077158234683927321823293466245584486980446609569799420950073036635602004293246754252079757527610246223280774592566063422181158810677919909523144033543195999214800559998598003329294711989868113423468536273984117507008756542731210465222475943122324672467669623079721727526348599823126409108190030551584092950358235465140166515452377475799157617227362838246912839086733412861436353117994501342653


p = gcd(n1,n2)


n = n2


q = n/p

e = 65537


phi = (p-1)*(q-1)


d = invert(e,phi)

f = open("./cipher","rb")

c = f.read()

c = int(c.encode("hex"),16)


print("%x"%pow(c,d,n))[1:].decode("hex")


블로그 이미지

JeonYoungSin

메모 기록용 공간

,

문제 파일은 아래와 같다.


revolutional-secure-angou-de97106aa248a41a40fdd001fc5f7b4b4f28a39eb6bcabf8401b108b7a8961c5.7z


압축을 풀어보면 암호화된 flag, pem 형식의 공개키, 문제 소스가 존재한다.


generator.rb


require 'openssl'


e = 65537

while true

  p = OpenSSL::BN.generate_prime(1024, false)

  q = OpenSSL::BN.new(e).mod_inverse(p)

  next unless q.prime?

  key = OpenSSL::PKey::RSA.new

  key.set_key(p.to_i * q.to_i, e, nil)

  File.write('publickey.pem', key.to_pem)

  File.binwrite('flag.encrypted', key.public_encrypt(File.binread('flag')))

  break

end


소스는 루비를 통해 pem 형식의 공개키를 만들고 해당 공개키로 flag를 암호화하는 구조이다.


pem 파일에 존재하는 공개키를 구하기 위해 아래 툴을 사용하였다.



ssrinc@ssrinc-virtual-machine:~/RsaCtfTool$ ./RsaCtfTool.py --key ./publickey.pem --dumpkey

[*] n: 16809924442712290290403972268146404729136337398387543585587922385691232205208904952456166894756423463681417301476531768597525526095592145907599331332888256802856883222089636138597763209373618772218321592840374842334044137335907260797472710869521753591357268215122104298868917562185292900513866206744431640042086483729385911318269030906569639399362889194207326479627835332258695805485714124959985930862377523511276514446771151440627624648692470758438999548140726103882523526460632932758848850419784646449190855119546581907152400013892131830430363417922752725911748860326944837167427691071306540321213837143845664837111

[*] e: 65537


n,e를 추출할 수 있고 n을 factor db에서 찾아보면 p,q를 구할 수 있다.

p =117776309990537864360810812340917258096636219871129327152749744175094693075913995854147376703562090249517854407162616412941789644355136574651545193852293544566513866746012759544621873312628262933928953504305148673201262843795559879423287920215664535429854303448257904097546288383796049755601625835244054479553

q = 142727552290123521017279182847387099553980176436653156686571005621360593567236973858972940588412513104338972342496604878974964273707518226570604980944855067127507753049804700855693115963197456876865788199179854448882972688495369967044453040443306336140280352904742571391288666823388345281672776486027914172087

이를 통해 phi를 구하고 d를 구해주면 된다.

d = 12685738484942314313789152088713015321019042297472437411782771035468772791022201521866687554829534334295978407562541895590222583725770119967316900820330308145867154895678917621233321220214541972265647639328917389446528753900228898248644358670442755834434712778789218829263758255497813697203332390148558830175147310866644665626759237615318035132719007400987467338201448864296771161037512985522673902009017617912715914889661745903763404559187778470360726556095437014337838584308534776262391743663242452258751468290150198568013508078353178322517408204393733661168920690604442379722902170230064742991792065054165583806721

이제 이 d값으로 pem 형식의 private key를 만들면 되는데, rsatool이란 툴을 이용해서 만들어보려고 하니까 내 환경에서 뭐가 꼬인건지 rsatool쪽 소스에서 자꾸 에러가 났다.

해결해보려다가 그냥 다른거 찾아보니 RsaCTFTool 여기에 pem 형식의 공개키를 읽어서 자동으로 pem 형식의 개인키를 만들어주는 기능이 있었다. 내부적으로 읽어온 n값이 소인수분해가 가능하거나 db에 존재하는 값일 경우 자동으로 개인키를 복구해서 만들어 주는 것 같았다.
이를 통해 pem 형식의 개인키를 복구한 뒤 해당 개인키로 암호화된 flag파일을 복구했다.

./RsaCtfTool.py --publickey ./publickey.pem --private > private.key

openssl rsautl -in ./flag.encrypted -decrypt -inkey private.key

TWCTF{9c10a83c122a9adfe6586f498655016d3267f195}





'Crypto & Network & Etc > Crypto Practice' 카테고리의 다른 글

TAMUCTF 2019 Crypto Writeup  (0) 2019.11.15
Seccon CTF 2017 Ps and Qs  (0) 2019.11.12
Plaid CTF 2015 Strength  (0) 2019.11.11
TokyoWesterns CTF 2019 baby_rsa  (0) 2019.11.11
KCTF Operation 1  (0) 2019.11.08
블로그 이미지

JeonYoungSin

메모 기록용 공간

,

문제에서 제공해주는 파일은 아래와 같다.


captured_a4ff19205b4a6b0a221111296439b9c7


{N : e : c}

{0xfd2066554e7f2005082570ddf50e535f956679bf5611a11eb1734268ffe32eb0f2fc0f105dd117d9d739767f300918a67dd97f52a3985483aca8aa54998a5c475842a16f2a022a3f5c389a70faeaf0500fa2d906537802ee2088a83f068aba828cc24cc83acc74f04b59a0764de7b64c82f469db4fecd71876eb6021090c7981L : 0xa23ac312c144ce829c251457b81d60171161655744b2755af9b2bd6b70923456a02116b54136e848eb19756c89c4c46f229926a48d5ac030415ef40f3ea185446fa15b5b5f11f2ec2f0f971394e285054182d77490dc2e7352d7e9f72ce25793a154939721b6a2fa176087125ee4f0c3fb6ec7a9fdb15510c97bd3783e998719L : 0x593c561db9a04917e6992328d1ecadf22aefe0741e5d9abbbc12d5b6f9485a1f3f1bb7c010b19907fe7bdecb7dbc2d6f5e9b350270002e23bd7ae2b298e06ada5f4caa1f5233f33969075c5c2798a98dd2fd57646ad906797b9e1ce77194791d3d0b097de31f135ba2dc7323deb5c1adabcf625d97a7bd84cdf96417f05269f4L}

{0xcb26469a1b726d964cc0d3c8f2e486860b7252643b3c974857abc04cc93eca7167138e0cc5cbaa39b4c47daa6ccc5d546d6bfd4171f3ed3f1b0bfe30c22010e3376ec551ba46380cfa25495c7b1299ae7b02409523845fc1b3ccba46a19a4f58dd92c330a8a1ccb5f9000fd8d2b526be54528a237bfc34e24e3c59b2dffba473L : 0xb2a434913ffa775d4204165e30f875eecbdd1be46ef437ee4b93822ccd983a53a5860fd81b5c3f7aabe4c4a04c0ff9440729b50e5386db77c396b9f59a1eb8fb6986c1c4a4c3b2da75ae9c84fc589330f597442f526e2303a83ce75b58821a41238c0f2c30065cc44341d742b30605cc651ee57ed42255a34b173bdba31ee567L : 0x99f2c46f900977a329de45c070b8323ba4927a9d09ae28eb72b8d6741eb7929e88f3c619df2f73e7bcb540ca1e342b6644883834ade9e49cfa534a60e60259222ddf4b7465aa5519654aa576c7b27dbfd5d9b7f8ad68ce99373b4cde87fdde3f2209067d8774c8512e75e32a359a555c62e4ac95f9063a14cb15516a5b9121a3L}

..생략..


위와 같은 형태로 {N : e : c}에 해당하는 값들이 여러개 존재하는데 e 값을 상당히 크게 잡아서 winner Attack 공격 가능성이 존재한다.


위의 모든 N:e:c 쌍 중 winner Attack이 먹히는 값이 있는지 브포돌려서 개인키 구하고 복호화하면 된다.


https://github.com/pablocelayes/rsa-wiener-attack


위 소스를 다운받아서 RSAwienerHacker.py 파일을 조금 수정해서 돌려줬다.


solve.py


Created on Dec 14, 2011

  

@author: pablocelayes

'''


import ContinuedFractions, Arithmetic, RSAvulnerableKeyGenerator


def hack_RSA(e,n):

    '''

    Finds d knowing (e,n)

    applying the Wiener continued fraction attack

    '''

    frac = ContinuedFractions.rational_to_contfrac(e, n)

    convergents = ContinuedFractions.convergents_from_contfrac(frac)


    for (k,d) in convergents:


        #check if d is actually the key

        if k!=0 and (e*d-1)%k == 0:

            phi = (e*d-1)//k

            s = n - phi + 1

            # check if the equation x^2 - s*x + n = 0

            # has integer roots

            discr = s*s - 4*n

            if(discr>=0):

                t = Arithmetic.is_perfect_square(discr)

                if t!=-1 and (s+t)%2==0:

                    print("Hacked!")

                    return d




if __name__ == "__main__":

    f = open("./capture","r")

    capture_list = f.read().split("\n")

    capture_list.pop(0)

    for i in capture_list:

        tmp = i.replace("{","").replace("}","").replace(" ","").replace("L","").split(":")

        n = int(tmp[0][2:],16)

        e = int(tmp[1][2:],16)

        c = int(tmp[2][2:],16)

        d = hack_RSA(e,n)

        if d!=None:

            print "d = " + str(d)

            print("%x"%pow(c,d,n)).decode("hex")


'Crypto & Network & Etc > Crypto Practice' 카테고리의 다른 글

Seccon CTF 2017 Ps and Qs  (0) 2019.11.12
TokyoWesterns CTF 2018 Revolutional Secure Angou  (0) 2019.11.12
TokyoWesterns CTF 2019 baby_rsa  (0) 2019.11.11
KCTF Operation 1  (0) 2019.11.08
HackZone VII 2019 CTF Legacy  (0) 2019.11.08
블로그 이미지

JeonYoungSin

메모 기록용 공간

,

문제는 다음과 같다.


source.py


flag = 'TWCTF{CENSORED}'

# Public Parameters
N = 36239973541558932215768154398027510542999295460598793991863043974317503405132258743580804101986195705838099875086956063357178601077684772324064096356684008573295186622116931603804539480260180369510754948354952843990891989516977978839158915835381010468654190434058825525303974958222956513586121683284362090515808508044283236502801777575604829177236616682941566165356433922623572630453807517714014758581695760621278985339321003215237271785789328502527807304614754314937458797885837846005142762002103727753034387997014140695908371141458803486809615038309524628617159265412467046813293232560959236865127539835290549091
e = 65537

# Encrypt the flag!
for char in flag:
    print(pow(ord(char), e, N))


enc_flag

9073209977571176486825453267118351996016396235857623493182258724402523182425555398048461088180575997426276026776186441023571190870577545894667546140441145538176352391499376279774875943812941321565506013356240326235158415041323709138860753984228634160552040417002326854872319407516200542564071756611880349380322282130265915072405694912128104078505106072784722670288292878670301302909960910520529391182927036489958388823511447221117040898358990430312656065571576446469592472217394596577973531530126373565564994195530324540432367900449603179849204693929275999798234441199340509474634967526614647348655247823230784374
35639404627961781906461142088755137025298630410895631726441472610366623418342364917283665767957562174282457589855677069495230225819581200731431201665184892116733696486682454477915290834433777530535524437371339472350901843618705506005661289326664321691979577977602624815055003117998229419500683672655441419257356643852257251251761502995787965709527112696847071565558861604427364918548619913860926470431333287513742767137365798593418198144415567391257323940575314966786015734312154108604715446101475223727342693907796501114753375280182345362719422538419079170715967729017805398797931366993519156066479380119809407749
29970742560802286128437550167617662948565107399193467157016675822924072945425459560240723871886060997775695066335935643764351669954293612699598869470877609376021471072760517084396091286414268314025266921431195032977653702514792415001248075629193225762672546597247381460826494613102523960838451955661302078496325094813575402182208938085376338620166447700573430340174738180230002573129580484509212273973043579080949823666844684955818141112680250709742302040557969338361223048029382382856263109719029545309245888995127887228177601466240736947809755549463788679785044683353591671286918635707381665684957867916158256949
9073209977571176486825453267118351996016396235857623493182258724402523182425555398048461088180575997426276026776186441023571190870577545894667546140441145538176352391499376279774875943812941321565506013356240326235158415041323709138860753984228634160552040417002326854872319407516200542564071756611880349380322282130265915072405694912128104078505106072784722670288292878670301302909960910520529391182927036489958388823511447221117040898358990430312656065571576446469592472217394596577973531530126373565564994195530324540432367900449603179849204693929275999798234441199340509474634967526614647348655247823230784374
6505165269355349459207146663366047441688194958375318364558535173856663450712228704199777355430120346472437926308005168084164236777799358193673817242751350551129761039157690169023013004512588912294543463516411036479035366287351595535944141685254682636766525957625559957518566299296096642785180632298737381753096931371353732906806665505797027298156421929506483811881951997420752668734446176972811145325901107674607822548260986050552942913613453978790269275942433813911123981987320096944112043982171977835970320689551870847467672632789230490245769533853283172375637080945198548214252880070232242439832820376020827270
21183213341593498738516444880543177493922005619583805574621036610845469192010328280773548470111009986871538885425478935646973995507100891215474272395863721865526341059719628170496111172777431901923738040338575993679287205000994133882661468882632557617292897597173414257540085862308519556541967532509933234492153275218004343688362709977324491456249463253627826867702931115952768729397718933895218798741394694581409210667757016552534836181469227211377884483066055101186770442079773603153741831446549174996578414814900577286574676828436588641203924556681193171762756103136365796626495419220299745139504044747791030657
35281408092375952281726917090787142632733066563620991872002918692378166030610011447579042180082695834448370457076107980397712190086934090736939295047739108983311280069632388023724537185206135081640708416065752200674950158226541934310820828884784320648574385481184792432883840428832675118865022388604992184306433162856083501724629453140816907588357066877849638057796037811471382243339150192266945556056920084520661254644740550996346916309525106638714564549966779826545146543226245351244347767520267740976227220806375754780018194765576617703742034900612204265907753037602258832036675965585326987121730208904172636707
9101532610704319801229002627568606593118376880231363961793878928022682616808257607109430196313625958134631704058601693308284947736738665470244813934118299151452767791230856972131812540721505259138770769757869844334681886944409230647759469220912955547226599154678486454341028553818030097462570293871670067871193147146142698847930591071625262873141933952857468878191419947394293498446678303058453036476382121602756768748298356860355063204128785975756727271149328857774395653350883235189149487626224203793753774251337959040605167763646680641380742690050113762978662536767158651047697949489504622384197817837009805899
19727343590375254587632064140287699566563861529445468621638884818761861540961749277853179945255843397536566044480303263556254457161104941393645917691400698065333537334779814570503718249229475690196783419679830207498236110734650420609935794287945715103900372168348961901833772377802379479319644431008757815787334189780063235801416793468059424958573205997627164009534531784146324794250969016066689012860836352144213050795110337215547546732047516573017499097151983502940550806452813587410367538308128332213316272151085118366028973986023768617211377151718510089448930252336976332354607451783997638889985033237270143000
19727343590375254587632064140287699566563861529445468621638884818761861540961749277853179945255843397536566044480303263556254457161104941393645917691400698065333537334779814570503718249229475690196783419679830207498236110734650420609935794287945715103900372168348961901833772377802379479319644431008757815787334189780063235801416793468059424958573205997627164009534531784146324794250969016066689012860836352144213050795110337215547546732047516573017499097151983502940550806452813587410367538308128332213316272151085118366028973986023768617211377151718510089448930252336976332354607451783997638889985033237270143000
4445090445035309816967308047543919771789262531454517330433510565884369964378364605126226379819564829968488441058652506153262173239057050014566164621236559886897342588940445365608806667121789509027430166785283629129835559641423222470548437137085092267666689140100996007770120912463378323231522269978350165368055010106191244418791128640304446285109189459476433859526044671708676266353806769784954069238002071785082141503102486267921996976823912847921270611519062660030226965810630623647778242153341864677007897561440886995514761812023703358772010858242587672016375310824639504946900189098924010345259054082842462952
31489402022237845095713161555001836257530006471622299194679768644155916609549158574276114572220392183225055133158459214892388896393994816734758651928499631810524923518775717585896197183719011892736579692280180081227822350261519282412322947820015241944858673902001159393951757302936493328485381201812608014183954031226460217543105912866745071626776230347839783360708720981407649649955548220895829413187995263132828649329317684457074878797275638819579478233856655925392114867070177288400223153091926885999827210039281985405009690948796370190764595673615665288826527052161511322777467493975861282833820882856374851534
12162447081760673920818643554030757796301331887670032400173183950958372037923153779101114518800878662669193327234676755098501994856505925588938588147627222346418579875160828453373675031697330271241666811616528649626590785905375841865930581008555819760506462114408403893584247203331887414856156039545144175164912450208727932613202090824467408538115899554054403698251263868802055049783186220064659756518127744287353679560300160686602645213626430963599368771180591237896905830755596491910302237379297313673792354864377434884060559130006006741703356932449048458603684568158407356416615593652760086365317869765908887325
7614305733781939066447122348803189917373287147568651764965213030749807399485484322047897612051860731714216366150477837361431739543136904485219669180916405411738000788721017772411359501201129068067345416077041593698798902971482702218995094662687418603328550543751730581653237946791319838231000903206634501454848858633475328021270871124103263667264998568239850985283877083399747580436290629850807257257822672682275745341774055095177776018754664274959088627193403505950285396668902896974422056354568588387407148914323680129699728249546517637740465696761867411721105292606132614457797912681190579464754692178074288432
4445090445035309816967308047543919771789262531454517330433510565884369964378364605126226379819564829968488441058652506153262173239057050014566164621236559886897342588940445365608806667121789509027430166785283629129835559641423222470548437137085092267666689140100996007770120912463378323231522269978350165368055010106191244418791128640304446285109189459476433859526044671708676266353806769784954069238002071785082141503102486267921996976823912847921270611519062660030226965810630623647778242153341864677007897561440886995514761812023703358772010858242587672016375310824639504946900189098924010345259054082842462952
17123640712605486455710331503622149566381895546952371114127099144731126664255209549917555867405427059867732972283523645802981139955091908210987774319048157763180620099419426954198298442527633557343921414871801495924365946643742260302222329777691088689490433561268494614133918271392455570351732278861137935534144740792912463367825185307909549573973115626433511890886427014705525168084527676204902364574079608349328609735158096556056534370160007219534807220550313946711950618126886431458992114623708552088071858757603459331590270703529871979587852610846623171550166793798422077258772030354999760223188522132363046991
7614305733781939066447122348803189917373287147568651764965213030749807399485484322047897612051860731714216366150477837361431739543136904485219669180916405411738000788721017772411359501201129068067345416077041593698798902971482702218995094662687418603328550543751730581653237946791319838231000903206634501454848858633475328021270871124103263667264998568239850985283877083399747580436290629850807257257822672682275745341774055095177776018754664274959088627193403505950285396668902896974422056354568588387407148914323680129699728249546517637740465696761867411721105292606132614457797912681190579464754692178074288432
4445090445035309816967308047543919771789262531454517330433510565884369964378364605126226379819564829968488441058652506153262173239057050014566164621236559886897342588940445365608806667121789509027430166785283629129835559641423222470548437137085092267666689140100996007770120912463378323231522269978350165368055010106191244418791128640304446285109189459476433859526044671708676266353806769784954069238002071785082141503102486267921996976823912847921270611519062660030226965810630623647778242153341864677007897561440886995514761812023703358772010858242587672016375310824639504946900189098924010345259054082842462952
20363550882654656735712963147998538133764637873870133611050214874932713869759354432762182489154746956659530792748712009467706322316422789671158849556725585574743014878264003153724533655903940543399055564251373527306367498696880372355974158195209245652047044565961920636169427251288081831523847056680568954082761535975143622487783020431400018132089211820129843634233950617494095939185923688192584293665299930423599277271190380871612729583568891854409495233551826919062929941588416043949225548978630364031281835831744459011897180506462438324390682101572937023619706529875639300879007478466999609188887673123117209214
35281408092375952281726917090787142632733066563620991872002918692378166030610011447579042180082695834448370457076107980397712190086934090736939295047739108983311280069632388023724537185206135081640708416065752200674950158226541934310820828884784320648574385481184792432883840428832675118865022388604992184306433162856083501724629453140816907588357066877849638057796037811471382243339150192266945556056920084520661254644740550996346916309525106638714564549966779826545146543226245351244347767520267740976227220806375754780018194765576617703742034900612204265907753037602258832036675965585326987121730208904172636707
25661750150853878754481240488233682685517882929639728814204202272300466944029751885011417647185955996359405511812784463409308971670683299387591171281003655244009584382686676455602431966589035323543850991548183390364717650691625896510716018736326547862654140089659211608838212532579483772844608519496561750351067818473538036061228592093439093498669900206177604488003600893640301509323953394788450530568965046074374334569239897130350502591930457667645069637013800325558226517891334098213138664593715281493978250742348707920991717528287382299191564243044640233524841905412208103707160260558591951416676959307806215873
4737418197186592391586354472202635752008590916595183972465218893728984408576507219754756034257570062765539718361106275457290914012214818230187592078034620492127916852822584051869220339575175210112415729295137337534016600589496188204746588011191924526335111889982129997219996968394467426912082167640098296817533219415565903060917501772614737710895898803203456338300434543951124098288424726341437663499204600285075025297455076520034553966868158129943277982252596529840140662262808730320101013990956487314997739426728293826606488664708795806275867014436712077975555430580706595074184505085748631037695311359265814207
11240119660150979130437010834353812296017155111309439220183308849078858227855991580629935251160701236908831103145069249874891107420683432062612665536612579632424859570115647906861174185022272424579522026855349536403185750057864269381747030358151291562103266385870512025415554221071516346694005930799310152192570760986978549090327441829191065302181485759112788523209845375063401092061615955074279097798169788747371586081874107564321734493519543850720805645294745402722149032580939364203729403311298491779041445545543686221479651228590917901489455191288730608899488042870032701482338129174915458598330333698339237521
9101532610704319801229002627568606593118376880231363961793878928022682616808257607109430196313625958134631704058601693308284947736738665470244813934118299151452767791230856972131812540721505259138770769757869844334681886944409230647759469220912955547226599154678486454341028553818030097462570293871670067871193147146142698847930591071625262873141933952857468878191419947394293498446678303058453036476382121602756768748298356860355063204128785975756727271149328857774395653350883235189149487626224203793753774251337959040605167763646680641380742690050113762978662536767158651047697949489504622384197817837009805899
31489402022237845095713161555001836257530006471622299194679768644155916609549158574276114572220392183225055133158459214892388896393994816734758651928499631810524923518775717585896197183719011892736579692280180081227822350261519282412322947820015241944858673902001159393951757302936493328485381201812608014183954031226460217543105912866745071626776230347839783360708720981407649649955548220895829413187995263132828649329317684457074878797275638819579478233856655925392114867070177288400223153091926885999827210039281985405009690948796370190764595673615665288826527052161511322777467493975861282833820882856374851534
11240119660150979130437010834353812296017155111309439220183308849078858227855991580629935251160701236908831103145069249874891107420683432062612665536612579632424859570115647906861174185022272424579522026855349536403185750057864269381747030358151291562103266385870512025415554221071516346694005930799310152192570760986978549090327441829191065302181485759112788523209845375063401092061615955074279097798169788747371586081874107564321734493519543850720805645294745402722149032580939364203729403311298491779041445545543686221479651228590917901489455191288730608899488042870032701482338129174915458598330333698339237521
16720704891001160160511604046230034068017443633324944107643953041525029637475359045544222918596906514858175672077005030029646528275973947925424106660603416024101755629235987451663480919716815710453555727545586520911951104742920461376732853160755293429400576680667408992248991205547254368426122415960086723047971053279114784542893495494822477973438479488654683797880988580652670499899163395980039135520914163301462064745612533965959340971637913982554044048195794501437803019655664987668673582368766149289378623999422915164409242126795125100072233351736630846695814184161368800692814633567060875440309395003605294126

암호화를 한글자씩 하고있어서 그냥 브포 돌려주면 된다.


solve.py


#flag = 'TWCTF{CENSORED}'

f = open("C:\Python27\\flag_enc.txt")

flag_list = f.read().split("\n")

print int(flag_list[1])


# Public Parameters

N = 36239973541558932215768154398027510542999295460598793991863043974317503405132258743580804101986195705838099875086956063357178601077684772324064096356684008573295186622116931603804539480260180369510754948354952843990891989516977978839158915835381010468654190434058825525303974958222956513586121683284362090515808508044283236502801777575604829177236616682941566165356433922623572630453807517714014758581695760621278985339321003215237271785789328502527807304614754314937458797885837846005142762002103727753034387997014140695908371141458803486809615038309524628617159265412467046813293232560959236865127539835290549091

e = 65537

flag = ""

# Encrypt the flag!

for i in flag_list:

    for j in range(127):

        if pow(j, e, N)==int(i):

            flag += chr(j)

            print flag

            break


'Crypto & Network & Etc > Crypto Practice' 카테고리의 다른 글

TokyoWesterns CTF 2018 Revolutional Secure Angou  (0) 2019.11.12
Plaid CTF 2015 Strength  (0) 2019.11.11
KCTF Operation 1  (0) 2019.11.08
HackZone VII 2019 CTF Legacy  (0) 2019.11.08
TG:Hack 2019 CTF Josefssons Final Exam  (0) 2019.11.07
블로그 이미지

JeonYoungSin

메모 기록용 공간

,

RSA

2019. 11. 11. 21:57

보호되어 있는 글입니다.
내용을 보시려면 비밀번호를 입력하세요.

주어진 소스는 다음과 같다.


source.py


import hashlib

import sys


def repeat(str1,length):

    return (str1*(length//len(str1)+1))[:length]


def operation(str1,str2):

    s=""

    for ch1,ch2 in zip(str1,str2):

        AopB = ~(ord(ch1)&ord(ch2))

        s+=chr(~((~(ord(ch1)&AopB))&(~(ord(ch2)&AopB))))

    return s


key = ""

plainText = "HAN_Was_sad_because_SKT1_LoST_THe_LOL_World_Cup"


plainText += key

plainText += hashlib.md5(plainText).hexdigest()

cipherText = operation(plainText,repeat(key,len(plainText)))

print(cipherText.encode('hex')) 

# result is 03021a192c323b6f243e096c3d110b042a3e56316012754c140f3b152f0c1c783200217c132b3f0a2d215731702c51360817123d281b786708325e6c2b1c0d3a127e5d5d6a785c1c7b2064764c6b2b0167675d053912590766280508506b101e727b6c7f483278

    

주어진 평문과 암호 값을 통해 키 값을 알아내면 된다. operation 함수에서 평문과 키를 통해 비트 연산들을 수행하는데, 암호화 값을 생성할 때 평문과 키 값을 1바이트씩 1:1 매칭해서 암호화 값을 만들어내기 때문에 1자리씩 브포 돌려서 키 값을 구해주면 된다.


solve.py


import hashlib

import sys


def repeat(str1,length):

    return (str1*(length//len(str1)+1))[:length]


def operation(str1,str2):

    s=""

    for ch1,ch2 in zip(str1,str2):

        AopB = ~(ord(ch1)&ord(ch2))

        s+=chr(~((~(ord(ch1)&AopB))&(~(ord(ch2)&AopB))))

    return s


enc_data = "03021a192c323b6f243e096c3d110b042a3e56316012754c140f3b152f0c1c783200217c132b3f0a2d215731702c51360817123d281b786708325e6c2b1c0d3a127e5d5d6a785c1c7b2064764c6b2b0167675d053912590766280508506b101e727b6c7f483278"

plainText = "HAN_Was_sad_because_SKT1_LoST_THe_LOL_World_Cup"

flag = ""


for j in range(0,len(plainText)*2,2):

    for i in range(0,127):

        key = chr(i)

        tmp = plainText[j/2]

        tmp += key

        tmp += hashlib.md5(tmp).hexdigest()

        cipherText = operation(tmp,repeat(key,len(plainText)))

        if cipherText.encode('hex')[0:2]==enc_data[j:j+2]:

            flag += key


print flag

블로그 이미지

JeonYoungSin

메모 기록용 공간

,

주어진 소스는 다음과 같다. 옛날 문제라 문제 서버가 닫혀있어서 그냥 소스에 플래그 임의로 구성해서 풀었다.


source.py

from Crypto.Util.number import *
import uuid

BLOCKSIZE = 32

key_1 = uuid.uuid4().hex
key_2 = uuid.uuid4().hex

flag = "HZVII{Test_Flag_Easy_Xor_Challenge!!!!!!!!!!!!!}"


def menu():
    print()
    print('[1] Encrypt')
    print('[2] Get Flag')
    print('[3] Exit')
    return input()


def chunky(string):
    return (string[0 + i:BLOCKSIZE + i] for i in range(0, len(string), BLOCKSIZE))


def encrypt(m):
    m = m
    cipher = ""
    chunks = list(chunky(m))
    if len(chunks) > 10:
        return "Calm down i'm not your slave .. "
    key = key_1
    for n in chunks:
        cipher += hex(int(n, 16) ^ int(key, 16) ^ int(key_2, 16))[2:]
        key = hex(int(key, 16) // 2)[2:]
    return cipher

while True:

    choice = menu()

    if choice == '1':
        m = bytes_to_long(input('\nYour_Plain >> ').strip().encode())
        print('\nCipher: ' + str(encrypt(hex(m)[2:])))

    elif choice == '2':
        print('\nFlag: ' + encrypt(hex(bytes_to_long(flag.encode()))[2:]))

    elif choice == '3':
        print('See ya H4cK3r')
        break


코드를 보면 키 값을 알 수 없는 상황이지만 암호화가 단순 xor 연산이라 그냥 플래그랑 동일한 크기의 인풋 으로 암호화 값을 구하고 이거 두 개를 xor해서 key 값을 구해주면 된다. 그 다음 플래그 암호화 값을 구해서 키 값이랑 위 코드 암호화 로직에 맞춰  xor 돌려주면 플래그를 구할 수 있다.



decrypt.py


from Crypto.Util.number import *

  

def get_key(input,enc_input):

    hex_input = hex(bytes_to_long(input.encode()))[2:]

    key_list = []


    for i in range(0,len(hex_input),32):

        key_list.append(int(hex_input[i:i+32],16)^int(enc_input[i:i+32],16))


    return key_list


def decrypt(enc_flag,key_list):

    dec_flag = ""

    for i in range(0,len(enc_flag),32):

        dec_flag += bytes.fromhex(hex(int(enc_flag[i:i+32],16)^key_list[int(i/32)])[2:]).decode("utf-8")

    return dec_flag


enc_flag = "8719d71f952e5ac948ae838f2d443c63db783fd5faed08878d56e93b16d74449d1d10b70b864727807d30eb2c6553d57"

input = "1"*48

enc_input = "fe72b067ed643f9d0aebedf870146a0daf287d9d948456c4e324b06b4b8a101687851b60a874626817c31ea2d6452d1b"


key_list = get_key(input,enc_input)

print(decrypt(enc_flag,key_list))


'Crypto & Network & Etc > Crypto Practice' 카테고리의 다른 글

Plaid CTF 2015 Strength  (0) 2019.11.11
TokyoWesterns CTF 2019 baby_rsa  (0) 2019.11.11
KCTF Operation 1  (0) 2019.11.08
TG:Hack 2019 CTF Josefssons Final Exam  (0) 2019.11.07
RITSEC CTF 2018 Nobody uses the eggplant emoji  (0) 2019.11.07
블로그 이미지

JeonYoungSin

메모 기록용 공간

,

주어진 암호문은 다음과 같다.



이진수를 그냥 문자열로 바꿔보면 의미 없는 값이 나온다. 문제에서 good_luck이라는 값을 주고 있어서 이걸로 xor해보면 base64 값이 나온다. 근데 이걸 또 base64 디코딩해보면 의미 없는 값이 나오는데 base64 인코딩 값을 카이사르로 전수 조사해 base64 디코딩 해보면 플래그가 나온다.


solve.py

enc_data = """00100011 00100010 00000100 00000010 00001000 00101010

00010111 00001011 00000001 01010101 01010110 00001100

00100010 01101100 00011000 00010001 00001111 00101111

01011110 00011111 00000100 00010001 00011011 00000010

00011001 00101100 00011011 00010011 00101001 01011101

00110010 00111000 00000001 00110011 00101001 01011011

00001101 01011110 01010110 00000110 00011000 00101010

00100011 01010011 00100011 00100001 00111101 01010110""".replace("\n"," ").split(" ")


key = "good_luck"

dec_data = ""

result = ""


for i in enc_data:

dec_data += chr(int(i,2))


for i in range(0,len(dec_data)):

result += chr(ord(dec_data[i])^ord(key[i%len(key)]))


for j in range(26):

caesar_text = ""

for i in result:

if i.isalpha()!=True:

caesar_text += i

else:

if i.isupper():

tmp = ord(i)+j

if tmp>ord('Z'):

tmp -= 26

caesar_text += chr(tmp)

else:

tmp = ord(i) + j

if tmp > ord('z'):

tmp -= 26

caesar_text += chr(tmp)

print caesar_text.decode("base64")


'Crypto & Network & Etc > Crypto Practice' 카테고리의 다른 글

Plaid CTF 2015 Strength  (0) 2019.11.11
TokyoWesterns CTF 2019 baby_rsa  (0) 2019.11.11
KCTF Operation 1  (0) 2019.11.08
HackZone VII 2019 CTF Legacy  (0) 2019.11.08
RITSEC CTF 2018 Nobody uses the eggplant emoji  (0) 2019.11.07
블로그 이미지

JeonYoungSin

메모 기록용 공간

,

문제에서 제공해주는 암호문은 다음과 같다.




이모티콘과 _ 문자로 이루어진 암호문인데 암호문에서 사용된 이모티콘의 개수를 확인해보면 26개이고 이는 알파벳 개수임을 알 수 있다.


이를 토대로 다음 코드를 통해 이모티콘을 우선 알파벳으로 치환해줬다.


# -*- encoding: utf-8 -*-


enc_data = "🤞👿🤓🥇🐼💩🤓🚫💪🤞🗣🙄🤓🥇🐼💩🤓😀✅😟🤓🍞🐼✅🚫💪🥇🤓🐼👿🤓🚫💪😟🤓👿😾😀😯🤓👿🤞✅🔥🚫🤓🥇🐼💩🤓👻💩🔥🚫🤓😀🗣🔥🍞😟✅🤓🚫💪😟🔥😟🤓🚫💪✅😟😟🤓💔💩😟🔥🚫🤞🐼🗣🔥😭🤓🍞💪😀🚫🤓🤞🔥🤓🥇🐼💩🤓🗣😀👻😟🤢🤓🍞💪😀🚫🤓🤞🔥🤓🥇🐼💩✅🤓💔💩😟🔥🚫🤢🤓🍞💪😀🚫🤓🤞🔥🤓🚫💪😟🤓😀🤞✅🤓🔥🐙😟😟😎🤓👀😟😾🐼🤬🤞🚫🥇🤓🐼👿🤓😀🗣🤓💩🗣😾😀😎😟🗣🤓🔥🍞😀😾😾🐼🍞😭🤓🥇🐼💩✅🤓👿😾😀😯🤓🤞🔥🤡🤓😀👿✅🤞🤬😀🗣_🐼✅_😟💩✅🐼🐙😟😀🗣_🔥🍞😀😾😾🐼🍞_🍞🐼🍞_🚫💪😟✅😟🔥_😀_😎🤞👿👿😟✅😟🗣🤬😟🤓"

result = []

for i in enc_data:

if "_"!=i:

result.append(i)


result = list(set(result))


for i in range(0,len(result)):

enc_data = enc_data.replace(result[i],chr(97+i))


print(enc_data)


result = nvlfuilwmnzalfuilsetlquewmfluvlwmtlvcsxlvneowlfuilpiowlszoqtelwmtotlwmettlkitownuzorlqmswlnolfuilzsptblqmswlnolfuielkitowblqmswlnolwmtlsnelodtthlytcujnwfluvlszlizcshtzloqsccuqrlfuielvcsxlnoglsvenjsz_ue_tieudtsz_oqsccuq_quq_wmteto_s_hnvvtetzjtl


출력 된 결과를 보면 단순 치환 암호 아니면, 비즈네르일 것 같아서 아래 사이트에 돌려보니 다음과 같은 결과가 나왔다.


https://www.guballa.de/substitution-solver


ifsyousthingsyousaresworthysofsthesflamsfirdtsyousjudtsandwersthedesthreesquedtiondpswhatsidsyousnajevswhatsidsyoursquedtvswhatsidsthesairsdbeekszelocitysofsansunlakensdwallowpsyoursflamsidxsafrican_or_eurobean_dwallow_wow_thered_a_kifferences


복호화가 어느 정도 되긴 했는데, 일부 문자들이 제대로 나오지 않았다. 그래서 조금 더 효율 좋은 사이트를 찾아보다 위 사이트 이상으로 복호화가 깔끔하게 나오는 곳을 못 찾았다. 그래서 그냥 어차피 복호화 된 문자열에서 정상적인 단어들이 많으니까 아래 사이트에서 수동으로 짜 맞췄다.


https://www.dcode.fr/monoalphabetic-substitution



Flag = RITSEC{african_or_european_swallow_wow_theres_a_difference} 






'Crypto & Network & Etc > Crypto Practice' 카테고리의 다른 글

Plaid CTF 2015 Strength  (0) 2019.11.11
TokyoWesterns CTF 2019 baby_rsa  (0) 2019.11.11
KCTF Operation 1  (0) 2019.11.08
HackZone VII 2019 CTF Legacy  (0) 2019.11.08
TG:Hack 2019 CTF Josefssons Final Exam  (0) 2019.11.07
블로그 이미지

JeonYoungSin

메모 기록용 공간

,