网站Logo Cat&Dog
首页
关于

第三届熵密杯 WriteUp

betacat
49
2025-07-19

初始谜题

3

本题提供了公钥,消息摘要和签名。题目需要我们提供一个新的消息和新的摘要,可以在验证签名算法中恢复出公钥。 观察验证函数

 def get_pubkey_from_signature(
         self, digest: bytes, signature: List[bytes]
     ) -> List[bytes]:
         msg_to_verify = self.get_signature_base_message(digest)
         # b"bff02a99"
 
         result = []
         for idx, val in enumerate(msg_to_verify):
             # loop 8
             sig_part = signature[idx]
             # val range 0-15
             chained_val = self._chain(sig_part, val, self.w - 1)  # self.w - 1 = 15
             result.append(chained_val)
         return result
 
 def _chain(self, value: bytes, startidx: int, endidx: int) -> bytes:
         print(value, startidx, endidx)
         for i in range(startidx, endidx):
             value = self.hashfunction(value)  # 每次迭代对当前哈希值进行哈希操作
         print(value)
 
         return value

endidx总为常数15。若startidx为15,即摘要值为f时,签名就是公钥本身。 因此构造fffffff作为摘要,签名就是公钥本身。得到flag

图片-lzGw.png

夺旗闯关

flag1

从流量包里提取出证书,随机字符串和签名即可

 // 从 authInfo 中提取 randomStr 和 signature
     if len(authInfo) != 256 {
         return "", errors.New("鉴别信息格式有误")
     }
     randomStr := authInfo[0:128]
     signature := authInfo[128:]

鉴别信息必须是256长度的hex字符串

图片-SgkV.png

 -----BEGIN CERTIFICATE-----
 
 MIICXzCCAgWgAwIBAgIIRdOoIoXXdMAwCgYIKoEcz1UBg3UwNjELMAkGA1UEBhMC
 
 Q04xEzARBgNVBAoTClNoYW5nTWlCZWkxEjAQBgNVBAMTCVNoYW5nTWlDQTAeFw0y
 
 NTA2MDkwMjUwNDlaFw00NTEwMTAxMjAxMDFaMFUxEzARBgNVBAoTClNoYW5nTWlC
 
 ZWkxFzAVBgNVBAsTDlNoYW5nTWlCZWkyMDI1MRgwFgYDVQQDEw9zaGFuZ21pYmVp
 
 YWRtaW4xCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE7+t5
 
 4QoxLPHIhxkdATembEfiRb//K8HBn9L4rJqVMb8dGN2Q9Q8ARuUSuV7q3oZPxJ4w
 
 sks9VEvU/Ahk90Cy6aOB3TCB2jAOBgNVHQ8BAf8EBAMCA4gwHQYDVR0lBBYwFAYI
 
 KwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdDgQIBAYBAgMEBQYwDwYDVR0jBAgwBoAE
 
 AQIDBDAuBgNVHREEJzAlgQtnaXRAZ2l0LmNvbYcEfwAAAYcQIAFIYAAAIAEAAAAA
 
 AAAAaDBXBgNVHR8EUDBOMCWgI6Ahhh9odHRwOi8vY3JsMS5leGFtcGxlLmNvbS9j
 
 YTEuY3JsMCWgI6Ahhh9odHRwOi8vY3JsMi5leGFtcGxlLmNvbS9jYTEuY3JsMAoG
 
 CCqBHM9VAYN1A0gAMEUCIAd+mmPuM/Cy+/D1Cs8bWGV1e9mvrcM6RZ9NHxWGHPlt
 
 AiEAjv414wEmlZd3PU7AkYaO5Dz6GbVoXxwj0ROR9OH+Dvw=
 
 -----END CERTIFICATE-----

图片-RPYQ.png

图片-SPde.png

图片-sejb.png

R:

6173646b66686a3233736c616a6466393233616664736c6a31336b7a486631726f69756c7361646a66616c733132736c646a30753233723233616e7376306a32

S:

8ef2a951b5194e0b5c98a6160bd79e024bb9585804aedc973a9fce6dcde217039e70c54283638b6fba3c003bd9172447ce4faa4c0e8bb7895754ac7b0e55d044

图片-Upgw.png

动物装饰