题目地址

第一层：CRC32 碰撞

打开题目压缩包，有三个 6 字节的文件，猜测是要根据这三个文件的 CRC32 值碰撞获得内容。

利用 脚本 碰撞得到密码：_CRC32_i5_n0t_s4f3。

第二层：维吉尼亚密码

keys.txt 中包含了密钥，找到密钥解密 ciphertext.txt。

先去 在线解密网站 解一下，出来一个很像的，但还是差一点，在 keys 中找相近的 key。

Clear text using key "yewrutewcybnhhipxoyubjjpqiraaymyoneomtsv":
the getenere cilger is a method of thensating alphamagic text bu tsing a series of schbycent caesar nechers basac on the letters ou u mashord it is a sticle form ob oolyalphabetic hodonttution so plofword is vefenere cipher fucha

找到正确的密钥 YEWCQGEWCYBNHDHPXOYUBJJPQIRAPSOUIYEOMTSV。

-- MESSAGE w/Key #1 = 'yewcqgewcybnhdhpxoyubjjpqirapsouiyeomtsv' ----------------
the vigenere cipher is a method of encrypting alphabetic text by using a series of different caesar ciphers based on the letters of a keyword it is a simple form of polyalphabetic substitution so password is vigenere cipher funny

第三层：sha1 碰撞

import hashlib
import itertools
import string


def sha1(s):
    sha1_hash = hashlib.sha1()
    sha1_hash.update(s)
    return sha1_hash.hexdigest()


def check(s):
    if s[0:7] == "619c20c" and s[8] == "a" and s[16] == "9":
        print("Find!")
        matched = True
        return matched

letters = itertools.product(string.printable, repeat=4)
for i in letters:
    password = "".join((i[0], "7", i[1], "5-", i[2], "4", i[3], "3?"))
    # print(password)
    hash = sha1(password.encode("utf-8"))
    if check(hash):
        print(password)
        break

第四层：md5 相同文件不同

搜到一篇 文章，下载里面的两个程序，运行一下。

第五层：RSA

openssl rsa -pubin -in rsa_public_key.pem -text -modulus

看了下，e 很大，应该是 wienerattack，找到利用脚本。

'''
Created on Dec 14, 2011

@author: pablocelayes
'''

import ContinuedFractions, Arithmetic, RSAvulnerableKeyGenerator

def hack_RSA(e,n):
    '''
    Finds d knowing (e,n)
    applying the Wiener continued fraction attack
    '''
    frac = ContinuedFractions.rational_to_contfrac(e, n)
    convergents = ContinuedFractions.convergents_from_contfrac(frac)

    for (k,d) in convergents:

        #check if d is actually the key
        if k!=0 and (e*d-1)%k == 0:
            phi = (e*d-1)//k
            s = n - phi + 1
            # check if the equation x^2 - s*x + n = 0
            # has integer roots
            discr = s*s - 4*n
            if(discr>=0):
                t = Arithmetic.is_perfect_square(discr)
                if t!=-1 and (s+t)%2==0:
                    print("Hacked!")
                    return d

# TEST functions

def test_hack_RSA():
    n = 460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597
    e = 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619
    d = hack_RSA(e, n)
    print "d=" + str(d)

if __name__ == "__main__":
    #test_is_perfect_square()
    #print("-------------------------")
    test_hack_RSA()

算出 d 后生成私钥解密。