logoChat01.ai

密码挑战 CTF crypto 100 分 未解 动态分:初始 100 分,已解 0 队,最低 25...

Criado em: 22 de maio de 2026

Respondido usando GPT-5.5 Thinking por Chat01

Pergunta

zip (1)

密码挑战
CTF
crypto
100 分
未解
动态分:初始 100 分,已解 0 队,最低 25 分,当前 100 分。

Python

python
import os, pathlib, stat, mimetypes, json, subprocess, textwrap, zipfile, tarfile, gzip, shutil, sys, hashlib, binascii
p='/mnt/data/zip (1)'
print(os.path.exists(p), os.path.getsize(p))
print(open(p,'rb').read(16))
print(mimetypes.guess_type(p))

Python

python
import zipfile, os, pathlib, shutil, subprocess, json, textwrap, binascii
src='/mnt/data/zip (1)'
out='/mnt/data/chal'
shutil.rmtree(out, ignore_errors=True)
os.makedirs(out, exist_ok=True)
with zipfile.ZipFile(src) as z:
    print(z.namelist())
    z.extractall(out)
for root, dirs, files in os.walk(out):
    for f in files:
        fp=os.path.join(root,f)
        print(fp, os.path.getsize(fp), open(fp,'rb').read(80))

Python

python
fp='/mnt/data/chal/╕╜╝■.txt'
data=open(fp,'rb').read()
print(data.decode('utf-8','replace'))

Python

python
Sstr='1002773875431658367671665822006771085816631054109509173556585546508965236428620487083647585179992085437922318783218149808537210712780660412301729655917441546549321914516504576'
k=len(Sstr)
S=int(Sstr)
k, S % (2**min(k,200))


(175, 0)

Python

python
from math import log2
M=5**k
inv=pow(2, -10000, M)
r=(S*inv)%M
print(k, M.bit_length(), r.bit_length())
print(r)
b=r.to_bytes((r.bit_length()+7)//8,'big')
print(len(b), b)
print(b.decode(errors='replace'))
# verify
N=r << 10000
print(str(N).endswith(Sstr))
print(len(str(N)), str(N)[-200:])
print(len(b))

Pensamento

from math import log2 M=5**k inv=pow(2, -10000, M) r=(S*inv)%M print(k, M.bit_length(), r.bit_length()) print(r) b=r.to_bytes((r.bit_length()+7)//8,'big') print(len(b), b) print(b.decode(errors='replace'))

verify

N=r << 10000 print(str(N).endswith(Sstr)) print(len(str(N)), str(N)[-200:]) print(len(b))

Thought for 31s

Resposta

解出来了,flag 是:

text
TSGCTF{0K4y_Y0U_are_r3aDy_t0_Go_aNd_dO_M0r3_CryPt}

核心思路:

题目给的是:

python
assert(str(int.from_bytes(flag, 'big') << 10000).endswith(S))

也就是:

text
flag_int * 2^10000 ≡ S mod 10^k

其中 k = len(S) = 175

因为:

text
10^k = 2^k * 5^k

S 可以被 2^175 整除,所以只需要在模 5^175 下求解:

text
flag_int ≡ S * inverse(2^10000, 5^175) mod 5^175

恢复脚本:

python
S = int("1002773875431658367671665822006771085816631054109509173556585546508965236428620487083647585179992085437922318783218149808537210712780660412301729655917441546549321914516504576")
k = 175

M = 5 ** k
flag_int = S * pow(2, -10000, M) % M

flag = flag_int.to_bytes((flag_int.bit_length() + 7) // 8, "big")
print(flag.decode())

输出:

text
TSGCTF{0K4y_Y0U_are_r3aDy_t0_Go_aNd_dO_M0r3_CryPt}

Compartilhar esta Q&A