2025 数字中国创新大赛 数字安全赛道

题目不难，只是记录一些坑点。

这都给我知道你们Del0n1x是华南第一了

Crypto

AS

只有远程环境没有附件，不过我忘记截图了。

总之题目示例可以猜测出AS(a,b,c)是等差数列求和函数，第一个参数是首项，第二个参数是尾项，第三个参数是项数,满足题目要求的n1和n2其实就是并且n1和n2都大于

初等数论知识推一下就知道其实只是个Pell Equation而已。

exp

def solve_pell(D):
    # 连分数展开
    m = 0
    d = 1
    a0 = int(D**0.5)
    a = a0
    m_list, d_list, a_list = [], [], [a0]
    
    while True:
        m = d * a - m
        d = (D - m*m) // d
        a = (a0 + m) // d
        # 检查是否开始循环
        if (m, d, a) in zip(m_list, d_list, a_list):
            break
        m_list.append(m)
        d_list.append(d)
        a_list.append(a)
    

    h_list = [a_list[0], a_list[0]*a_list[1] + 1]
    k_list = [1, a_list[1]]
    for i in range(2, len(a_list)):
        h = a_list[i] * h_list[i-1] + h_list[i-2]
        k = a_list[i] * k_list[i-1] + k_list[i-2]
        h_list.append(h)
        k_list.append(k)
        if h*h - D*k*k == 1:
            return h, k
    return h_list[-1], k_list[-1]

hex_value = 0x149f
k_value = hex_value
D = 8 * k_value
threshold = 2 ** hex_value

x1, y1 = solve_pell(D)

x_current, y_current = x1, y1
n1 = (x_current - 1) // 2
n2 = y_current

while True:
    if n1 > threshold and n2 > threshold:
        break
    x_next = x1 * x_current + D * y1 * y_current
    y_next = x1 * y_current + y1 * x_current
    x_current, y_current = x_next, y_next
    n1 = (x_current - 1) // 2
    n2 = y_current

print(f"n1 = {n1}")
print(f"n2 = {n2}")

得到的n在粘贴进WezTerm的时候总是会被截断，而且只在nc到靶机的时候才会被截断，试了很久最终还是没能解决，换了台设备用Windows Terminal才成功把答案交上去。

RSSA

task

from Crypto.Util.number import *
from gmpy2 import *
import random
from secret import flag, hint

def rsa_hint(hint):
    p = getPrime(1024)
    q = getPrime(1024)
    n = p * q
    e = 0x10001
    a = (p >> 256) << 256
    c = powmod(bytes_to_long(hint), e, n)
    print('a =', hex(a))
    print('n =', hex(n))
    print('c =', hex(c))

rsa_hint(hint)

# a = 0xb0ee0627166579753f354ced7cdb6701a5ebbfaec3cd6af76decc33f95a765bd7e5f758e2076c42a76f5af867152757b97242034693f309973ffdebe4a5ce3dd822260dfa8a8d51f9aac7550474a3a4fe37ecea6cdc23b0cbba5aa6d0d93e9b10000000000000000000000000000000000000000000000000000000000000000
# n = 0x6b9f0bf43d3e9b3278d52b3cfaafadf9449048f8297fedf8f8909a030156a23c68552b5379adbf32fd9584aa42f694c8227d275f40391c7872400eda97c2b79f8349af6492c7b6ac12bae303cee1eb9b6059e5891a6535ca8310e9ba145b7b4d403d8e666e5a55a94e5f7dabe22b80032e936233d7a1f0e96b95aeb4249b8ea34ef8bf422ce9f725844478ee15b739dd70cc6e2c0bd0cb24d7d14baf66c5aca2023c24339d3b90eecb0e2568c148d438a5ce84270ce11159e3aa4d48ac8b2185c2fe8cb328e8f80602c9d7ae49799538154d325700349bb7cd2fb694fb9f8cbcf2ebced8f6c29a05c64aa78a036416c28e6e7b937a371c98feed2d826ca9ed63
# c = 0x4dba2f194b97d4dac89548c035bf18d708fb9edfd6b7706e6d7871c6129931cde88718bdcbd1e8410f1e7a4c709bdf9d31572ee371816e1d11e15e491d843a7277684202bc45e23f9f1b2e3a808bde94343a47a6a22b339aa651568ff55994260039defd790c0eb0abcf90730ecf3e097316ca87e607974544866a54d23aaaf2d089e346a68437a55afc4750b9ea1d7efcb7a6fd55c694a168f186531f0e8abb2dee73ff50ebeb2a39e1e9842013dc410e09987783cdd8e234a55388fffc025b1fe3b4036d6181ac8e6ec4d9c0822c012ac861b242b2c94433209369d0f271110d007202118e566646940f12179ee05b4e1b3c1871f09a4dbfe381d625c1166a

p = ?
n = ?
m = 195

assert len(flag) == 38
secret = []
s = bytes_to_long(flag)

for i in range(n):
    secret.append(random.randint(0, p))


secret = [random.randint(0, p) for _ in range(n)]
x = [[random.randint(0, 1) for _ in range(n)] for _ in range(m)]
e = [random.randint(0, p) for _ in range(m)]
h = [(sum(secret[j] * x[i][j] for j in range(n)) - s * e[i]) % p for i in range(m)]

print('e =', e)
print('h =', h)

输出太长了就不放了，可以自己生成数据测一下。

AHSSP问题，几乎照抄的d3pack原题。参考maple的博客。

后半部分的p其实就是前半部分RSA的p，奈何赛场上没能通灵，next_prime()爆破到比赛结束也没打通💩💩💩

Reverse

scsc

魔改了AES轮密钥扩展的过程，动调dump出来用的轮密钥就好了。

data=[

    0x3463303134323638 ,    0x3462373762333966,
    0x9a49ac92ae2a9ca3 ,    0xcc18a2c3f87a95f4,
    0x1a289d098061319b ,    0x2e4aaa3ee25208fd,
    0x28787a3a3250e733 ,    0xe460d8f9ca2a72c7,
    0x83414d60ab39375a ,    0xad0be75e496b3fa7,
    0x70ed51bef3ac1cde ,    0x948d894739866e19,
    0x236310e7538e4159 ,    0x8e68f7b91ae57efe,
    0x26f4149605970471 ,    0xb2799dd13c116a68,
    0x1d54a6393ba0b2af ,    0x933c51802145cc51,
    0xeb28ff5cf67c5965 ,    0x5951628dca6d330d,
    0x409f77a5abb788f9 ,    0xd3a326258af244a8,
]
res=[]
for i in range(len(data)):
    tmp = long_to_bytes(data[i])[::-1]
    res+=bytearray(tmp)
assert(len(res)==11*16)
print(res)

数据xx

一大坨，具体分类我也记不清了，各种数据xx

溯源取证2

Volatility可以从TrueCrypt的内存dump中取出masterkey。这个工具可以指定masterkey后挂载TrueCrypt加密卷，但是只能在Linux下使用。

数据社工

exp

SELECT * FROM location_data
WHERE name LIKE '张%'
AND phone LIKE '138____9377';

提取出的经纬度是假的，不能直接去地图上搜，需要去附件里的工商信息找。