2024 XYCTF Crypto Sign1n_Revenge复现

from Crypto.Util.number import *
from tqdm import *
import gmpy2
flag=b'XYCTF{uuid}'
flag=bytes_to_long(flag)
leak=bin(int(flag))
while 1:
    leak += "0"
    if len(leak) == 514:
        break

def swap_bits(input_str):
    input_list = list(input_str[2:])
    length = len(input_list)

    for i in range(length // 2):
        temp = input_list[i]
        input_list[i] = input_list[length - 1 - i]
        input_list[length - 1 - i] = temp

    return ''.join(input_list)

input_str = leak
result = swap_bits(input_str)
a=result

def custom_add(input_str):
    input_list = list(input_str)
    length = len(input_list)
    
    for i in range(length):
        input_list[i] = str((int(input_list[i]) + i + 1) % 10)

    result = ''.join(input_list)
    return result


input_str = a
result = custom_add(input_str)
b=result
print(b)
#12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456799123455688912234567900124456899012456678011245577991223457780113355788911245667890234457889023346779001335668890223566780113445779912235567801133566889012356679901245567991223457790013356688902235667800124556780122346679001335668891123566790013445678012235567900123557889022356678011245577991223566890113455689911234677891224556899023

简单分析一下，将flag字符串转换为长整数再转换为二进制；

然后在二进制数后面不断＋0直至有514位；

对于swap_bits函数：

def swap_bits(input_str):
    input_list = list(input_str[2:])
    length = len(input_list)

    for i in range(length // 2):
        temp = input_list[i]
        input_list[i] = input_list[length - 1 - i]
        input_list[length - 1 - i] = temp

    return ''.join(input_list)

由于二进制数前两位通常是“0b”开头，所以去掉并list字符列表，然后将剩余的二进制数对称反转交换，最后再将列表还原成字符串的形式返回；
对于custom_add函数：

def custom_add(input_str):
    input_list = list(input_str)
    length = len(input_list)
    
    for i in range(length):
        input_list[i] = str((int(input_list[i]) + i + 1) % 10)

    result = ''.join(input_list)
    return result

则是一个自定义取模运算，最后返回了结果；

看起来我们需要做的就是逆向回去得到flag

对于

input_list[i] = str((int(input_list[i]) + i + 1) % 10)

实际上是一个模运算，首先要了解到两个模运算的性质：

$$(a+b) \bmod n = (a \bmod n + b \bmod n )\bmod n$$ $$(a-b) \bmod n = ((a \bmod n) - (b \bmod n) + n)\bmod n$$

加上 n 是为了确保结果为非负数

加法和减法的逆操作对于模数来说是对称的。换句话说，如果你加上一个数然后取模，你可以通过减去这个数再取模来逆向操作

例如：

$$y = (x + (i + 1)) \bmod 10$$

同时减去（i + 1）

$$y − (i + 1) = (x + (i + 1)) \bmod 10 − (i + 1)$$

同时取模10

$$(y − (i + 1)) \bmod 10 = (x + (i + 1) − (i + 1)) \bmod 10$$

这里也运用了模运算的性质：

$$(a \bmod n − b) \bmod n = (a − b) \bmod n$$

假设a mod n = r，a = qn + r

$$(r − b) \bmod n = (a − b) \bmod n$$ $$(a − b − qn) \bmod n$$

由于减的是n的整数倍，所以：

$$(a − b − qn) \bmod n = (a − b) \bmod n$$

证毕

回到刚才

$$(y − (i + 1)) \bmod 10 = x \bmod 10$$

由于 x 本来就是一个 0 到 9 之间的数字

$$x = (y − (i + 1)) \bmod 10$$

所以得出结论，而后的对称源代码照抄就好，最后再去掉多余的0即可

from Crypto.Util.number import *
b=str(12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456799123455688912234567900124456899012456678011245577991223457780113355788911245667890234457889023346779001335668890223566780113445779912235567801133566889012356679901245567991223457790013356688902235667800124556780122346679001335668891123566790013445678012235567900123557889022356678011245577991223566890113455689911234677891224556899023)

def reverse_custom_add(b):
    input_list = list(b)
    length = len(b)

    for i in range(length):
        input_list[i] = str((int(input_list[i]) - i - 1) % 10)

    return ''.join(input_list)

result = reverse_custom_add(b)

def reverse_swap_bits(result):
    input_list = list(result)
    length = len(result)

    for i in range(length // 2):
        temp = input_list[i]
        input_list[i] = input_list[length - 1 - i]
        input_list[length - 1 - i] = temp

    return ''.join(input_list)

final_result = reverse_swap_bits(result)

print(final_result)

enbyte = 0b11001100110110001100001011001110111101100110101011001100011001000110100001100010011100000110011001100010010110100110010001110000110001000110010001011010011010000110100011000010011000000101101011000010011010100110110001100100010110100110110011000110011100000111001001101010110010000110101011001100011100001100010001100000011001001111101

print(long_to_bytes(int(enbyte)))

flag{5f241831-28b2-44a0-a562-6c895d5f8b02}