Rating: 1.0
从题目上说明是左边有97位的空格,明文实际只有31字节。判断是为RSA 已知明文高位攻击。脚本从github上找到,自行修改如下:
```
import binascii
e = 0x3
b=0x2020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202000000000000000000000000000000000000000000000000000000000000000 #前面是空格的16进制,后接0的个数是明文字节数的两倍
n=0x6552f27b9fa5b4dbbd9859769cc058051533752de33574ab1b316fdf144babd3b095064c2b161e27b8c0d5f12652ce901e08540824367785cf28c38247549b72355ecb9eac0a613c125b33003c4780032a096c9e26313fc74dd37421664d305754d7755086e3ae422eb4eeb13ab2dbe16cbbc97675bc862c697f29fb8e73aabb4ff4b4a735f7f0f14d05e203b0bda4bc6f4b2b03fe4ec14eae229a8e3a5d4f02941c69a1d1f83cb45d090710531c51e9ac16863731543083c88f35d2b58587b2c7fbe0359d0b67b761871385652ddac164aea06b7de404d914e6cb9953fc540b58627ba403687c96055d64530f3f8ef9c0a7b3d04abd5683ab90ac54f45645b
c=0x1396c4db226f20a9076f0197826de0220f57cc4359107111b9eebf5e56b52e43e70aa2371b4db64260f0bbad80db0c7f8a121997bb02667a3d2d40d0e086209cd6e18568e251331a536d35257ae57bb7824e8dfbc6d1d1b421eab40ddfef686d8882806e44c353cc9efc2576c76ab856c7c2dbf27e43e2cc61da3f0aee94ed426f3b646981f60a965c9abe80bb09ea5def3db33929b1696d36f773c09989e511d7e16c99ddbe104331cd25e585483469ffeed7dbea1f2c829ed02eb98d6f4cb63ba67bc2aab0ddb44ef218141acd4a6ae14efa3dbf7d2834a6a40d054f1b0c49b757dabb75c5b91d6f415fe5c1e35d9f8a72200ac6a198279bde3e76eb5face
kbits=248 #这里的数字是明文的8倍 1byte=8bit
PR.<x> = PolynomialRing(Zmod(n))
f = (x + b)^e-c
x0 = f.small_roots(X=2^kbits, beta=1)[0]
x=hex(int(x0))
string=eval(x)
flag = binascii.a2b_hex(hex(string)[2:])
print (flag)
```
后面自行添加了解码脚本,[https://sagecell.sagemath.org/ ](https:// )在线一把梭。
flag:chCTF{D1d_y0u_us3_sm4l1_r00ts?}
