import libnum import gmpy2 n = [175244107616547332866730750185981814617957387479206131883327619678143859414917261557090068672641419524614082746718149196623832474591257254688029368786873659380810545544100093732206528310797663780323115004084293607571875376201003925886997130958845085335102862834229352381711568684829807273446043286026429784507] c = [21584853678639373844706372673402978302367491374400753174448826706430954893731606437969950845160175905352220952818580141736392378203099462357081187525146295619472153677345050680091134337322577619625346776539480539709599567808902655164874470864640210333208364478253093461945151332942720768877894297441396061122] e = 98 phi_n = n[0] - 1 print(gmpy2.gcd(e,phi_n0)) e_2 = e // 2 print(gmpy2.gcd(e_2,phi_n)) dd = gmpy2.invert(e_2,phi_n) m2 = pow(c[0],dd,n[0]) m = gmpy2.iroot(m2,2) print(m[0]) print(long_to_bytes(m[0]))
MISC
EasyPy
打开文件,发现是个字节码文件 手撕字节码尝试复原所表达的大概为:
1 2 3 4 5 6
defa(): flag = 'r1ght0us' flag = flag.upper() flag = flag[::-1] for i inrange(len(flag)): print(chr((ord(flag[i])+i)^(len(flag)-i)))
那么我们写出逆向的脚本来
1 2 3 4 5 6 7
flag = '[cgjegl_&]!VW&KS_GVXHWI_EVCVDXGc^mgrj'#res res = '' for i inrange(len(flag)): test = ord(flag[i])^(len(flag)-i) res += chr(test-i) print(res) print(res[::-1].lower())
#!/usr/bin/env python3 ''' deepsound2john extracts password hashes from audio files containing encrypted data steganographically embedded by DeepSound (http://jpinsoft.net/deepsound/). This method is known to work with files created by DeepSound 2.0. Input files should be in .wav format. Hashes can be recovered from audio files even after conversion from other formats, e.g., ffmpeg -i input output.wav Usage: python3 deepsound2john.py carrier.wav > hashes.txt john hashes.txt This software is copyright (c) 2018 Ryan Govostes <rgovostes@gmail.com>, and it is hereby released to the general public under the following terms: Redistribution and use in source and binary forms, with or without modification, are permitted. '''
import logging import os import sys import textwrap
defdecode_data_low(buf): return buf[::2]
defdecode_data_normal(buf): out = bytearray() for i inrange(0, len(buf), 4): out.append((buf[i] & 15) << 4 | (buf[i + 2] & 15)) return out
defdecode_data_high(buf): out = bytearray() for i inrange(0, len(buf), 8): out.append((buf[i] & 3) << 6 | (buf[i + 2] & 3) << 4 \ | (buf[i + 4] & 3) << 2 | (buf[i + 6] & 3)) return out
defis_magic(buf): # This is a more efficient way of testing for the `DSCF` magic header without # decoding the whole buffer return (buf[0] & 15) == (68 >> 4) and (buf[2] & 15) == (68 & 15) \ and (buf[4] & 15) == (83 >> 4) and (buf[6] & 15) == (83 & 15) \ and (buf[8] & 15) == (67 >> 4) and (buf[10] & 15) == (67 & 15) \ and (buf[12] & 15) == (70 >> 4) and (buf[14] & 15) == (70 & 15)
# Check if it's a .wav file buf = f.read(12) ifnot is_wave(buf): global convert_warn logger.error('file not in .wav format') convert_warn = True return f.seek(0, os.SEEK_SET)
if args.verbose: logging.basicConfig(level=logging.INFO) else: logging.basicConfig(level=logging.WARN)
convert_warn = False
for f in args.files: process_deepsound_file(f)
if convert_warn: print(textwrap.dedent(''' --------------------------------------------------------------- Some files were not in .wav format. Try converting them to .wav and try again. You can use: ffmpeg -i input output.wav --------------------------------------------------------------- '''.rstrip()), file=sys.stderr)