Crypto(8) BUUCTF-bbbbbbrsa1

题目描述：

from base64 import b64encode as b32encode
from gmpy2 import invert,gcd,iroot
from Crypto.Util.number import *
from binascii import a2b_hex,b2a_hex
import randomflag = "******************************"nbit = 128p = getPrime(nbit)
q = getPrime(nbit)
n = p*qprint p
print nphi = (p-1)*(q-1)e = random.randint(50000,70000)while True:if gcd(e,phi) == 1:break;else:e -= 1;c = pow(int(b2a_hex(flag),16),e,n)print b32encode(str(c))[::-1]# 2373740699529364991763589324200093466206785561836101840381622237225512234632p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
c = ==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM

不难看出c被base64加密了，倒着输出然后解密

得到c:

c=2373740699529364991763589324200093466206785561836101840381622237225512234632

本道题是RSA题目，且几乎所有的条件都知道，就只有e需要在50000和70000之间爆破

直接枚举爆破就可以了

from Crypto.Util.number import *
import gmpy2
p = 177077389675257695042507998165006460849
n = 37421829509887796274897162249367329400988647145613325367337968063341372726061
q=n//p
# c="==gMzYDNzIjMxUTNyIzNzIjMyYTM4MDM0gTMwEjNzgTM2UTN4cjNwIjN2QzM5ADMwIDNyMTO4UzM2cTM5kDN2MTOyUTO5YDM0czM3MjM"
# print(c[::-1])
#c=MjM3Mzc0MDY5OTUyOTM2NDk5MTc2MzU4OTMyNDIwMDA5MzQ2NjIwNjc4NTU2MTgzNjEwMTg0MDM4MTYyMjIzNzIyNTUxMjIzNDYzMg==
c=2373740699529364991763589324200093466206785561836101840381622237225512234632
phi=(p-1)*(q-1)
for e in range(50000,70000):if gmpy2.gcd(e,phi) == 1:d = gmpy2.invert(e ,phi)m = pow(c,d,n)if 'flag' in str(long_to_bytes(m)):print(str(long_to_bytes(m))[2:])