[原创]看雪CTF2016 第19题分析-19-HellScream-CTF对抗-看雪-安全社区|安全招聘|kanxue.com

[原创]看雪CTF2016 第19题分析-19-HellScream

发表于: 2016-12-13 11:14 8114

[原创]看雪CTF2016 第19题分析-19-HellScream

AloneWolf

2016-12-13 11:14

8114

此CM用到了RSA加密算法，所以用到了工具RSATool(看雪工具里有下载),BigIntCalc大数计算器(看雪工具里有下载)
拿到此题时OD中扫描串就发现大数串N，就想到可能是RSA算法，之前也接触过一点RSA算法，不过对RSA中的E，D没什么概念，只知道E一般就是0x10001，只要用工具对N因式分解得到Q，P再加上E用工具就能得到D，问题就解决了。不过对N的因式分解用工具完成了，但动态从头跟到尾没发现那个0x10001（相信有不少玩此CM的朋友也同我一样有此疑问），而经过分析，发现的确是RSA的算法，所以就在网上查了查，了解了E，D的由来，并不是E一定是0x10001,而是只要满足1 < E < ((Q-1)*(P-1))且E同N互质就行了，此题中它在一个范围里变化，关键是找到一个合适的E,用工具就能求出对应的D，从而也就能计算出SN。

下面对算法进行一个分析：
004016A0  /$  55                push ebp
004016A1  |.  8BEC                mov    ebp, esp
004016A3  |.  83E4 F8             and    esp, FFFFFFF8                            ; qword (8-byte) stack alignment
004016A6  |.  51                push ecx
004016A7  |.  53                push ebx
004016A8  |.  56                push esi
004016A9  |.  57                push edi
004016AA  |.  C705 80864400 000000 mov    dword ptr ds:[448680], 0
004016B4  |.  B0 41             mov    al, 41
004016B6  |.  BF 68754000       mov    edi, offset 00407568                      ; ASCII "A324F100182D501F6F6F78F397A3AA59641023D6A3DED8A4BF344F1E0FC71C188F4D"
004016BB  |.- EB 03             jmp    short 004016C0
004016BD  | 8D49 00             lea    ecx, [ecx]
004016C0  |>  0FB6C0             /movzx eax, al                                  ; //开始读入大数常数记作 N = "A324F100182D501F6F6F78F397A3AA59641023D6A3DED8A4BF344F1E0FC71C188F4D"
004016C3  |.  0FB698 B0814200    |movzx ebx, byte ptr ds:[eax+4281B0]
004016CA  |.  BE 80864400       |mov    esi, offset 00448680
004016CF  |.  8BCE                |mov    ecx, esi
004016D1  |.  E8 1A030000       |call BigIntShl4
004016D6  |.  8BCB                |mov    ecx, ebx
004016D8  |.  8BC6                |mov    eax, esi
004016DA  |.  E8 61020000       |call BigIntAddInt                            ; [BS272.BigIntAddInt
004016DF  |.  8A47 01             |mov    al, ds:[edi+1]
004016E2  |.  47                |inc    edi
004016E3  |.  84C0                |test al, al
004016E5  |.- 75 D9             \jnz    short 004016C0
004016E7  |.  8B35 AC704000       mov    esi, ds:[<&MSVCR100.printf>]
004016ED  |.  68 B0754000       push offset 004075B0                            ; /format = "Please input username:"
004016F2  |.  FFD6                call esi                                        ; \MSVCR100.printf
004016F4  |.  83C4 04             add    esp, 4
004016F7  |.  68 00280000       push 2800                                     ; /count = 10240.
004016FC  |.  6A 00             push 0                                        ; |c = 00
004016FE  |.  68 A08E4400       push offset 00448EA0                            ; |dest = BS272.448EA0 -> 'D'
00401703  |.  E8 3C560000       call <jmp.&MSVCR100.memset>                   ; \MSVCR100.memset
00401708  |.  83C4 0C             add    esp, 0C
0040170B  |.  68 A08E4400       push offset 00448EA0                            ; /<%s> = "DFA"
00401710  |.  68 C8754000       push offset 004075C8                            ; |format = "%s"
00401715  |.  68 CC754000       push offset 004075CC                            ; |string = "0bdK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0f1I4j5i4y4E0i4K6u0W2j5$3!0E0"
0040171A  |.  FF15 A8704000       call ds:[<&MSVCR100.sscanf>]                   ; \MSVCR100.sscanf
00401720  |.  83C4 0C             add    esp, 0C
00401723  |.  68 CC754000       push offset 004075CC                            ; ASCII "6cfK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0f1I4j5i4y4E0i4K6u0W2j5$3!0E0"
00401728  |.  68 DC754000       push offset 004075DC                            ; ASCII "%s
"
0040172D  |.  FFD6                call esi
0040172F  |.  B8 A08E4400       mov    eax, offset 00448EA0                      ; ASCII "DFA"
00401734  |.  83C4 08             add    esp, 8
00401737  |.  8D48 01             lea    ecx, [eax+1]
0040173A  |.  8D9B 00000000       lea    ebx, [ebx]
00401740  |>  8A10                /mov    dl, ds:[eax]
00401742  |.  40                |inc    eax
00401743  |.  84D2                |test dl, dl
00401745  |.- 75 F9             \jnz    short 00401740
00401747  |.  2BC1                sub    eax, ecx
00401749  |.  8BD8                mov    ebx, eax
0040174B  |.  B8 A08E4400       mov    eax, offset 00448EA0                      ; ASCII "DFA"
00401750  |.  E8 DB4A0000       call 00406230                                  ; //将串"66aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0f1I4j5i4y4E0i4K6u0W2j5$3!0E0"读入大数常数记作 K
00401755  |.  68 E0754000       push offset 004075E0                            ; ASCII "Please input vericode:"
0040175A  |.  FFD6                call esi
0040175C  |.  83C4 04             add    esp, 4
0040175F  |.  68 00280000       push 2800                                     ; /count = 10240.
00401764  |.  6A 00             push 0                                        ; |c = 00
00401766  |.  68 A08E4400       push offset 00448EA0                            ; |dest = BS272.448EA0 -> 'D'
0040176B  |.  E8 D4550000       call <jmp.&MSVCR100.memset>                   ; \MSVCR100.memset
00401770  |.  83C4 0C             add    esp, 0C
00401773  |.  68 A08E4400       push offset 00448EA0                            ; /<%s> = "DFA"
00401778  |.  68 C8754000       push offset 004075C8                            ; |format = "%s"
0040177D  |.  FF15 A4704000       call ds:[<&MSVCR100.scanf>]                   ; \MSVCR100.scanf, //读入输入注册码记作 sSN
00401783  |.  B8 A08E4400       mov    eax, offset 00448EA0                      ; ASCII "DFA"
00401788  |.  83C4 08             add    esp, 8
0040178B  |.  33D2                xor    edx, edx
0040178D  |.  8D78 01             lea    edi, [eax+1]
00401790  |>  8A08                /mov    cl, ds:[eax]
00401792  |.  40                |inc    eax
00401793  |.  84C9                |test cl, cl
00401795  |.- 75 F9             \jnz    short 00401790
00401797  |.  2BC7                sub    eax, edi
00401799  |.  8BF8                mov    edi, eax
0040179B  |.- 74 28             jz    short 004017C5
0040179D  |.  8D49 00             lea    ecx, [ecx]
004017A0  |>  8A8A A08E4400       /mov    cl, ds:[edx+448EA0]                      ; //验证输入注册码 sSN必须为数字，字母
004017A6  |.  8D41 D0             |lea    eax, [ecx-30]
004017A9  |.  3C 09             |cmp    al, 9
004017AB  |.- 76 13             |jbe    short 004017C0
004017AD  |.  8D41 9F             |lea    eax, [ecx-61]
004017B0  |.  3C 19             |cmp    al, 19
004017B2  |.- 76 0C             |jbe    short 004017C0
004017B4  |.  80E9 41             |sub    cl, 41                                  ; Switch (cases 41..5A, 2 exits)
004017B7  |.  80F9 19             |cmp    cl, 19
004017BA  |.- 0F87 E9000000       |ja    004018A9
004017C0  |>  42                |inc    edx                                     ; Cases 41 ('A'), 42 ('B'), 43 ('C'), 44 ('D'), 45 ('E'), 46 ('F'), 47 ('G'), 48 ('H'), 49 ('I'), 4A ('J'), 4B ('K'), 4C ('L'), 4D ('M'), 4E ('N'), 4F ('O'), 50 ('P'), 51 ('Q'), 52 ('R'), 53 ('S'), 54 ('T'), 55 ('U'), 56 ('V'), 57 ('W'), 58 ('X'), 59 ('Y...
004017C1  |.  3BD7                |cmp    edx, edi
004017C3  |.- 72 DB             \jb    short 004017A0
004017C5  |>  A0 A08E4400       mov    al, ds:[448EA0]                            ; ASCII "DFA"
004017CA  |.  C705 908A4400 000000 mov    dword ptr ds:[448A90], 0
004017D4  |.  84C0                test al, al
004017D6  |.- 74 35             jz    short 0040180D
004017D8  |.  BB A08E4400       mov    ebx, offset 00448EA0                      ; ASCII "DFA"
004017DD  |.  8D49 00             lea    ecx, [ecx]
004017E0  |>  0FB6C8             /movzx ecx, al                                  ; //将 sSN 作为大数读入，记作 SN
004017E3  |.  0FB6B9 B0814200    |movzx edi, byte ptr ds:[ecx+4281B0]
004017EA  |.  BE 908A4400       |mov    esi, offset 00448A90
004017EF  |.  8BCE                |mov    ecx, esi
004017F1  |.  E8 FA010000       |call BigIntShl4
004017F6  |.  8BCF                |mov    ecx, edi
004017F8  |.  8BC6                |mov    eax, esi
004017FA  |.  E8 41010000       |call BigIntAddInt                            ; [BS272.BigIntAddInt
004017FF  |.  8A43 01             |mov    al, ds:[ebx+1]
00401802  |.  43                |inc    ebx
00401803  |.  84C0                |test al, al
00401805  |.- 75 D9             \jnz    short 004017E0
00401807  |.  8B35 AC704000       mov    esi, ds:[<&MSVCR100.printf>]
0040180D  |>  68 1C764000       push offset 0040761C                            ; ASCII 0A,"input acce"
00401812  |.  FFD6                call esi
00401814  |.  BF 00280000       mov    edi, 2800
00401819  |.  83C4 04             add    esp, 4
0040181C  |.  BA A08E4400       mov    edx, offset 00448EA0                      ; ASCII "DFA"
00401821  |.  B9 988C4400       mov    ecx, offset 00448C98
00401826  |.  893D 7C864400       mov    ds:[44867C], edi
0040182C  |.  E8 FF4A0000       call BigIntToHexString                         ; [BS272.BigIntToHexString
00401831  |.  68 A08E4400       push offset 00448EA0                            ; ASCII "DFA"
00401836  |.  68 34764000       push offset 00407634                            ; ASCII "Username : %s
"
0040183B  |.  FFD6                call esi
0040183D  |.  BA A08E4400       mov    edx, offset 00448EA0                      ; ASCII "DFA"
00401842  |.  B9 908A4400       mov    ecx, offset 00448A90
00401847  |.  893D 7C864400       mov    ds:[44867C], edi
0040184D  |.  E8 DE4A0000       call BigIntToHexString                         ; [BS272.BigIntToHexString
00401852  |.  68 A08E4400       push offset 00448EA0                            ; ASCII "DFA"
00401857  |.  68 44764000       push offset 00407644                            ; ASCII "Vericode : %s
"
0040185C  |.  FFD6                call esi
0040185E  |.  68 54764000       push offset 00407654                            ; ASCII 0A,"verifying."
00401863  |.  FFD6                call esi
00401865  |.  83C4 14             add    esp, 14
00401868  |.  68 988C4400       push offset 00448C98
0040186D  |.  E8 BE250000       call BigIntModN                               ; //计算 K = K MOD N，这儿K 小于 N 所以没有用
00401872  |.  83C4 04             add    esp, 4
00401875  |.  68 908A4400       push offset 00448A90
0040187A  |.  E8 B1250000       call BigIntModN                               ; //计算 SN = SN MOD N，截断太长的 SN(如果SN > N的话)
0040187F  |.  83C4 04             add    esp, 4
00401882  |.  E8 89FCFFFF       call Vericode                                  ; //由RSA算法解码 SN，验证正确性，并由SN解码成功提示信息串
00401887  |.  85C0                test eax, eax
00401889  |.- 74 37             jz    short 004018C2                            ; //不成功转
0040188B  |.  68 B58E4400       push offset 00448EB5
00401890  |.  68 DC754000       push offset 004075DC                            ; ASCII "%s
"
00401895  |.  FFD6                call esi                                        ; //输出成功信息，不过是由SN解码而来，可以是空也可是几个字的任意字串
00401897  |.  83C4 08             add    esp, 8
0040189A  |.  FF15 A0704000       call ds:[<&MSVCR100._getch>]                   ; [MSVCR100._getch
004018A0  |.  33C0                xor    eax, eax
004018A2  |.  5F                pop    edi
004018A3  |.  5E                pop    esi
004018A4  |.  5B                pop    ebx
004018A5  |.  8BE5                mov    esp, ebp
004018A7  |.  5D                pop    ebp
004018A8  |.  C3                retn
004018A9  |>  68 F8754000       push offset 004075F8                            ; ASCII "Invalid char found in input string", default case of switch BS272.4017B4
004018AE  |.  FFD6                call esi
004018B0  |.  83C4 04             add    esp, 4
004018B3  |.  FF15 A0704000       call ds:[<&MSVCR100._getch>]                   ; [MSVCR100._getch
004018B9  |.  33C0                xor    eax, eax
004018BB  |.  5F                pop    edi
004018BC  |.  5E                pop    esi
004018BD  |.  5B                pop    ebx
004018BE  |.  8BE5                mov    esp, ebp
004018C0  |.  5D                pop    ebp
004018C1  |.  C3                retn
004018C2  |>  68 64764000       push offset 00407664                            ; ASCII "failed
"
004018C7  |.  FFD6                call esi
004018C9  |.  83C4 04             add    esp, 4
004018CC  |.  FF15 A0704000       call ds:[<&MSVCR100._getch>]                   ; [MSVCR100._getch
004018D2  |.  5F                pop    edi
004018D3  |.  5E                pop    esi
004018D4  |.  33C0                xor    eax, eax
004018D6  |.  5B                pop    ebx
004018D7  |.  8BE5                mov    esp, ebp
004018D9  |.  5D                pop    ebp
004018DA  \.  C3                retn

//核心验证程序：
00401510  /$  55                push ebp
00401511  |.  8BEC                mov    ebp, esp
00401513  |.  81EC 34080000       sub    esp, 834
00401519  |.  A1 00804000       mov    eax, ds:[408000]
0040151E  |.  33C5                xor    eax, ebp
00401520  |.  8945 FC             mov    ss:[ebp-4], eax
00401523  |.  53                push ebx
00401524  |.  56                push esi
00401525  |.  B8 01000000       mov    eax, 1
0040152A  |.  57                push edi
0040152B  |.  C785 F8FDFFFF 000000 mov    dword ptr ss:[ebp-208], 0
00401535  |.  C785 F4FDFFFF 110000 mov    dword ptr ss:[ebp-20C], 11
0040153F  |.  8985 F0FDFFFF       mov    ss:[ebp-210], eax
00401545  |>  83BC85 F4FDFFFF 00 /cmp    dword ptr ss:[eax*4+ebp-20C], 0
0040154D  |.- 75 09             |jne    short 00401558
0040154F  |.  48                |dec    eax
00401550  |.  8985 F0FDFFFF       |mov    ss:[ebp-210], eax
00401556  |.- 79 ED             \jns    short 00401545
00401558  |>  40                inc    eax
00401559  |.  8D8D E8FBFFFF       lea    ecx, [ebp-418]
0040155F  |.  8DB5 F0FDFFFF       lea    esi, [ebp-210]
00401565  |.  BB 988C4400       mov    ebx, offset 00448C98
0040156A  |.  8985 F0FDFFFF       mov    ss:[ebp-210], eax
00401570  |.  E8 5B4F0000       call BigIntPower                               ; //计算 E0 = K ^ 17，作为后面 RSA 解码用的 E存在于 E0 到 E0+99 中
00401575  |.  33DB                xor    ebx, ebx
00401577  |.  33F6                xor    esi, esi
00401579  |.  8DA424 00000000    lea    esp, [esp]
00401580  |>  33C0                /xor    eax, eax                                  ; //E从 E0 到 E0 + 99，分别作为RSA解码运算，解码比较，成功就返回
00401582  |.  C705 8C884400 010000 |mov    dword ptr ds:[44888C], 1
0040158C  |.  A3 88884400       |mov    ds:[448888], eax
00401591  |>  391C85 8C884400    |/cmp    ds:[eax*4+44888C], ebx
00401598  |.- 75 08             ||jne    short 004015A2
0040159A  |.  48                ||dec    eax
0040159B  |.  A3 88884400       ||mov    ds:[448888], eax
004015A0  |.- 79 EF             |\jns    short 00401591
004015A2  |>  40                |inc    eax
004015A3  |.  A3 88884400       |mov    ds:[448888], eax
004015A8  |.  53                |push ebx                                     ; /Arg3
004015A9  |.  8D85 D0F7FFFF       |lea    eax, [ebp-830]                            ; |
004015AF  |.  50                |push eax                                     ; |Arg2
004015B0  |.  68 80864400       |push offset 00448680                         ; |Arg1 = BS272.448680
004015B5  |.  E8 563D0000       |call 00405310                                  ; //用 N 初始化RSA运算参数
004015BA  |.  83C4 0C             |add    esp, 0C
004015BD  |.  85C0                |test eax, eax
004015BF  |.- 75 26             |jnz    short 004015E7
004015C1  |.  8B95 E8FBFFFF       |mov    edx, ss:[ebp-418]
004015C7  |.  8D8D D0F7FFFF       |lea    ecx, [ebp-830]
004015CD  |.  51                |push ecx
004015CE  |.  52                |push edx
004015CF  |.  BF 88884400       |mov    edi, offset 00448888
004015D4  |.  8D95 ECFBFFFF       |lea    edx, [ebp-414]
004015DA  |.  B9 908A4400       |mov    ecx, offset 00448A90
004015DF  |.  E8 1CFAFFFF       |call 00401000                                  ; //用E，N 对 SN 进行RSA解码运算
004015E4  |.  83C4 08             |add    esp, 8
004015E7  |>  8B0D 88884400       |mov    ecx, ds:[448888]
004015ED  |.  C705 7C864400 002800 |mov    dword ptr ds:[44867C], 2800
004015F7  |.  3BCB                |cmp    ecx, ebx
004015F9  |.- 74 07             |je    short 00401602
004015FB  |.  E8 A04C0000       |call 004062A0
00401600  |.- EB 19             |jmp    short 0040161B
00401602  |>  68 00280000       |push 2800                                     ; /count = 10240.
00401607  |.  53                |push ebx                                     ; |c
00401608  |.  68 A08E4400       |push offset 00448EA0                         ; |dest = BS272.448EA0 -> 'D'
0040160D  |.  E8 32570000       |call <jmp.&MSVCR100.memset>                   ; \MSVCR100.memset
00401612  |.  83C4 0C             |add    esp, 0C
00401615  |.  891D 7C864400       |mov    ds:[44867C], ebx
0040161B  |>  B9 A08E4400       |mov    ecx, offset 00448EA0                      ; //比较RSA解码后的结果从高位起，以"Happy Birthday Buddy"串（含串结束符\x0）开头就算成功
00401620  |.  B8 50754000       |mov    eax, offset 00407550                      ; ASCII "Happy Birthday Buddy"
00401625  |>  8A10                |/mov    dl, ds:[eax]
00401627  |.  3A11                ||cmp    dl, ds:[ecx]
00401629  |.- 75 1A             ||jne    short 00401645
0040162B  |.  3AD3                ||cmp    dl, bl
0040162D  |.- 74 12             ||je    short 00401641
0040162F  |.  8A50 01             ||mov    dl, ds:[eax+1]
00401632  |.  3A51 01             ||cmp    dl, ds:[ecx+1]
00401635  |.- 75 0E             ||jne    short 00401645
00401637  |.  83C0 02             ||add    eax, 2
0040163A  |.  83C1 02             ||add    ecx, 2
0040163D  |.  3AD3                ||cmp    dl, bl
0040163F  |.- 75 E4             |\jne    short 00401625
00401641  |>  33C0                |xor    eax, eax
00401643  |.- EB 05             |jmp    short 0040164A
00401645  |>  1BC0                |sbb    eax, eax                                  ; Calculates sign(eax)
00401647  |.  83D8 FF             |sbb    eax, -1
0040164A  |>  3BC3                |cmp    eax, ebx
0040164C  |.- 74 2D             |je    short 0040167B
0040164E  |.  B9 01000000       |mov    ecx, 1
00401653  |.  8D85 E8FBFFFF       |lea    eax, [ebp-418]
00401659  |.  E8 E2020000       |call BigIntAddInt                            ; [BS272.BigIntAddInt, //下一个E
0040165E  |.  46                |inc    esi
0040165F  |.  83FE 64             |cmp    esi, 64                                  ; //循环100次，及E 从E0 至 E0+99依次试着解码
00401662  |.- 0F8C 18FFFFFF       \jl    00401580
00401668  |.  33C0                xor    eax, eax
0040166A  |.  5F                pop    edi
0040166B  |.  5E                pop    esi
0040166C  |.  5B                pop    ebx
0040166D  |.  8B4D FC             mov    ecx, ss:[ebp-4]
00401670  |.  33CD                xor    ecx, ebp
00401672  |.  E8 E24E0000       call 00406559
00401677  |.  8BE5                mov    esp, ebp
00401679  |.  5D                pop    ebp
0040167A  |.  C3                retn
0040167B  |>  8B4D FC             mov    ecx, ss:[ebp-4]
0040167E  |.  5F                pop    edi
0040167F  |.  5E                pop    esi
00401680  |.  33CD                xor    ecx, ebp
00401682  |.  B8 01000000       mov    eax, 1
00401687  |.  5B                pop    ebx
00401688  |.  E8 CC4E0000       call 00406559
0040168D  |.  8BE5                mov    esp, ebp
0040168F  |.  5D                pop    ebp
00401690  \.  C3                retn

由以上分析可以得到验证过程:
已知:
CBigInt N = A324F100182D501F6F6F78F397A3AA59641023D6A3DED8A4BF344F1E0FC71C188F4D
LPCSTR sKEY = "8c4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6e0f1I4j5i4y4E0i4K6u0W2j5$3!0E0"
LPCSTR sConst = "Happy Birthday Buddy"
CBigInt K = CBigInt(sKEY) = 6D6F632E6D736131352E777777
CBigInt E0 = K ^ 17 MOD N = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6C3

设串输入为: sSN
CBigInt SN.Get(sSN) //sSN转成大数(16进制)
int idx;
CBigInt DESN;//SN解密得到的值
CBigInt E;//SN解密的KEY
//依次从 E0 开始,到 E0+99作为E对SN解码,再比较解码结果是否为"Happy Birthday Buddy"开头的串(含串结束符'\x0')
//是则成功,输入解码结果后面的串提示成功
for(idx = 0,E = E0; idx < 100; idx++,E++)
{
DESN = SN ^ E MOD N
char sDESN[] = BigIntToString(DESN)
if(!strcmp(sDESN, sConst)){
print(sDESN + 21); //成功,输出sDESN后面的串作为成功提示
return true;
}
}
if(idx >= 100){ //100个E都试了,没有成功,则提示失败
print("failed");
}

由以上验证过程分析,设注册成功的提示为"ok",有:
DESN = "Happy Birthday Buddy\x0ok" = 6B6F007964647542207961646874726942207970706148; //这个是反向的
因为算法是RSA,由已知N,DESN,E的取值范围,所以只要在E的取值范围里找到一对D,E就可以得到SN:
SN = DESN ^ D MOD N
用因式分解工具(比如RSATool)可以得到:
P = B89EB7E0C9A568202F38B169D9D7E27B93
Q = E2389B3C140BE6423EE5EB9DB5DAC2559F
对于已知P,Q,E的情况求D,偶在网上查了有公式:
欧拉函数 f(N) = (P-1) * (Q-1)
则有 E * D = 1 (MOD f(N)),通过公式能解出D
然后就是求D了,可惜我找的大数库没有能直接求D的函数,而之前我遇到的RSA算法都有E为0x10001,这儿E是可变的,当时也不知道有此题中没有这样一个合适的E,所以在这儿卡了很久,相信有不少人也卡在这儿了吧,后来一个个手动试(用RSATool求D),没想到刚试了E=E0+2就有一个合适的(早知道这么容易就能找到一个,早就手动试了,耽搁了不少时间):
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6C5
D = 3AD75813052BC545DAC589519734FF0972200E8E31DFA08DE50D15CFA2667132E4E1
最后用大数计算器可以得到注册码:
SN = DESN ^ D MOD N = 274964845CCC8AAA8A0CD62B0971A23954F741240EEDD43A02F79DA2B7372D68C80C

后记：
1.由于注册成功的提示不定（由攻击者任意构造，不过长度有限，必须满足SN < N）,可以是空,也可以是任意几个字符,所以此题多解
2.又由于注册成功的提示以\0x为结束，也就是正确提示后加上'\x0任意字串'都显示正确提示，所以此题多解
3.题虽然做出来了,不过对于D的求解还是很迷惑,但有一个重要的条件,就是 E的选取条件就是E 同 f(N) 要互质,也就是E,f(N)的最大公约数GCD(E,f(N))为1,这个倒是有,写段程序可以列出此题中所有可用的E:
for(idx = 0, E = E0; idx < 100; idx++, E++)
{
if(E.GCD(E, f(N)) == 1){
print(E.ToString());
}
}
再用RSATool由P,Q,E来计算对应的D,要是有大数库能直接计算出D当然更好,这样可以得到多对可用的E,D,所以此题多解

下面给出E 在E0到 E0+99中能用的所有E，D对，以及对应的SN:

当E = E0 + 2时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6C5
D = 3AD75813052BC545DAC589519734FF0972200E8E31DFA08DE50D15CFA2667132E4E1
SN = 274964845CCC8AAA8A0CD62B0971A23954F741240EEDD43A02F79DA2B7372D68C80C
当E = E0 + 4时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6C7
D = 795D345B5232AF06D5DD8751192E71AE437912F808C9E6EABAD1CEEC634473C60F4F
SN = 788A15C2449039546351F51847E351E573B76A1A5368997962336E47A36A35A87FF7
当E = E0 + 10时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6CD
D = 26BB2E1FBB77985CA946816474301ACBE035A7529C4800F9AB85A93C0193DF59F59D
SN = 47D6F1B69E2DB26F5FCC7B9584B517DD50FEBFA8EA4729FC2CACF7E5E561640C8B9E
当E = E0 + 14时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6D1
D = 626EECEFDF7FEFE2274970AF42859AF37D12DEDC0E163FBDB665B55CDCBC2EBD0249
SN = 5CF3EFE82F404C88FCC351BE66AE6655AD3F6D640C5F6A87D6FBD5FF2BB25630EE86
当E = E0 + 16时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6D3
D = 916D926F6900AFF0DE2E245DA7E99941F9FA44A4AD291DCA1697BA724DBBD4652167
SN = 52E893DEC5D2532D2A827951F23313AA4D1EECAC33EA66BBE1711FD12BF5BBDA6E6D
当E = E0 + 20时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6D7
D = 543C80AE2BDBADE2D27FF245CF8586B6B0FAAA0F2C38136E21FDFA1681817C8AE657
SN = 3D623C409BCABE7A46E3982A350747872C85072E999A3C595D487E328A54AD60480F
当E = E0 + 26时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6DD
D = 84F8AED5B5512BAD019A0E968687C473E4F8D95C1DEBD2836B854CA14D15875D579
SN = 4DC41AF7F1272BFDC733D022B7B4C169199BB55213EF35EAEEF61C94B06021D3EBCF
当E = E0 + 28时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6DF
D = 43F3A130DDD4EBCF5F71630D89CB397EA6B0EB2EAC1FA4F9992FD33C2C51BAEC46C3
SN = 3E7EACD2C1F6CE164E9DA69CF75099D7E8999614461FD5B9DC5575430BC5BEA88162
当E = E0 + 32时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6E3
D = 605BC13E5482EDF220C407EEE3781F1F06A86F9DB0EF71F59A0EA8266798953FAA37
SN = 8433F48391D8F1D3EFEE244AC8B6936992308F6546749ACCBF48F44853A18590FC08
当E = E0 + 34时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6E5
D = 2F9DA50DC2276A784BABBA0C82B4260144CF9EBDC9793184DB3A961947E66ED79E95
SN = 7295C311B53C5A56DD5445E7332B66F7A42CBA78E6DE7CF7D244CCCE800B6EAAAA49
当E = E0 + 38时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6E9
D = 8542CD82A4522ECF7033B17112DE27AB8006F87EE95009E38A0E20C284B33578634D
SN = A228D4D539E357EA3BD5AC801976F4F8CBFFC81DA18E62FB1451239B1AE9845EAF35
当E = E0 + 40时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6EB
D = 2ABB3497887C279C4FA326C1EE03D1BE7BF8154DDA5F62E4A8823DFCCD7AE0C05D0F
SN = 7E96DCAE11636C75DCE9851C2BBFE981C27C531D6112548200CBFCC2D81DE15492CE
当E = E0 + 44时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6EF
D = 1FDC7E755C646A815A4080DBB9EF06AEE9F68B37BB8311D1D350F969CF82236F2F7B
SN = 8A0DFD8B0A74ADAC08516FC501B1DC0DB322C916694A1140CD24FDCD925487812167
当E = E0 + 46时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6F1
D = 2B15C4F4D9786DAA1467A3E437241E95327EC27292B481EB6A165041B9514D454D79
SN = BDC702D974FF959F52E3AC83BA199881EAE0EB400DEC2C138605B1AC9C18577BDB7
当E = E0 + 52时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6F7
D = 1A3E0ECAFD6490E687FCF1673B7272360A71A1EC7E18A39A3752453F0BCF65FB384B
SN = 9E0508C05378E011B74F5F1C51505902AAAEE4D5A1469B6C000E7B5F237491BB1590
当E = E0 + 56时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6FB
D = 3CDA7966CAD743A1054F4BB160BCA9FE3D5A1523E5C9C13F253FA4EA1F9D23DA1B37
SN = 79EAE166FB69C37C501DFE215F3BB5EE6905300AAFC8277EB7A596ECBBCF15221AF3
当E = E0 + 58时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A6FD
D = 4FBD2F768B030EE4D4A64C9E12C8115452A41FA0800B774539F4C990E1C98ABC84F9
SN = 348BF241943D87FD2CCEAC220A110DC42B102A09558C018261005B84EEAAC8204C2
当E = E0 + 62时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A701
D = 3AECBFFA3752CEA567D238B3F3371D93BD1C5F6213CEC15058A0CADCB4EB1A14B6C1
SN = 50D7F45C75B0BF61A8BBFF4574EA1661A1679F8AD64A3985B79DCAF4B5F8DFB0214E
当E = E0 + 68时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A707
D = 81FC60B7776B7EE30962113DB2DE1EC1EDCB9ADF8C35B5FF720F0CD0D5E94B1FC46B
SN = 48AFEA3B472BDC0DD240CB6EF9D4F67C2097498381E8AAA763D8A8B7D6C7496E6798
当E = E0 + 70时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A709
D = 488EDC62CAB9F79C29A2E55DF7B0F22EA56D1FECF20825CA0C4AC7E51F7A542417F1
SN = 383C58BC3850C08177872A8EF298126F80731B04CB5816DF11FFF3A557216557E820
当E = E0 + 74时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A70D
D = 5698829124C23D9EBD7EB25D6FA313EA840A57D4649FE099CC252C2685F2FCC132CD
SN = 4771FDE89E1AA505E79E3F2067A2775230D93257BA3B30A472A3E1A8B9BDF935B61E
当E = E0 + 76时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A70F
D = 1847413C045D3972BC59B980E89E7D154ADFC7061AD3BDD083C61F22E027E588778B
SN = 35DB95FCB8C702044A3B366B7C1FB40E161457BF21626EBE80412376844634E28018
当E = E0 + 80时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A713
D = 89BC2213C0A7435D8A046CAF97E8D70E3180C913431460359A7071877FE633110363
SN = 99FC6EB79AA4F0F34AE53824F68D054D29C4FD2330D0949FD0F596D641F7D202D5EC
当E = E0 + 82时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A715
D = 52644C6F267B75C8DEBBD77DBA19AF2CD19BE4CA5C3E0188DFC024CA130000EA3979
SN = 9B649A9C6645787A5D91A27213F09D24F5D392C96E69FDFCCE7F02C4082875C510F0
当E = E0 + 86时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A719
D = 7E17849D5FC518A65840AB6221A8C4A4DEEAD524008F9AD0B6E1634BC337ED45C265
SN = 4BCB5BF34F9E3E1443FC6E35B5713470AB2A603BB57D218E9F6F4AF12D17147C6E43
当E = E0 + 88时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A71B
D = 3282E41D8A8474990E59E08C24753A1154416397C3A598090685BCF8CD7FD34FC323
SN = 2411EA16A974C3ACF4E88582DF50965C67BB23AC33C4842C926C2A417925F20DE08F
当E = E0 + 94时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A721
D = AAB3C5425125F534EE1DCFE444A9C42E7C41E8354C05DD7966A7E3267810A9B8121
SN = 35FF51D4397D60A68AC2EA0BF8B1995799B1AF92B85FCE5784AE9153B92C091ED954
当E = E0 + 98时：
E = 9CA87DE3775787F7695F3F316E503600348AB6F58BEF375D0ED8F8BE84425FA7A725
D = 5416163189510E56151181CB522E21B498CA3774C9B80C5D4BFB8566FFBAA28B5F1
SN = 4C3577912870B8D0AB162146949A179B33E15DF320771D7BDE3C87BC48A0E004ED8E

登录后可查看完整内容

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・3

免费・1

支持

最新回复 (2)
AloneWolf 雪币： 14179 活跃值： (5087) 能力值： ( LV15，RANK：1673 ) 在线值：发帖 36 回帖 354 粉丝 18 关注私信	AloneWolf 3 2 楼还少说了一个多解的理由: 因为CM有中 SN = SN MOD N的运算,所以,对于任意可用的SN , 有: SN2 = SN + N * n (n为正整数) 只要不溢出,SN2也是一个可用的注册码...所以多解... 2016-12-13 16:29 0
风间仁雪币： 30320 活跃值： (8824) 能力值： ( LV15，RANK：3306 ) 在线值：发帖 111 回帖 591 粉丝 89 关注私信	风间仁 19 3 楼我弄错了..1234567 2016-12-13 18:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

AloneWolf

发帖

354

回帖

1673

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
AloneWolf 雪币： 14179 活跃值： (5087) 能力值： ( LV15，RANK：1673 ) 在线值：发帖 36 回帖 354 粉丝 18 关注私信	AloneWolf 3 2 楼还少说了一个多解的理由: 因为CM有中 SN = SN MOD N的运算,所以,对于任意可用的SN , 有: SN2 = SN + N * n (n为正整数) 只要不溢出,SN2也是一个可用的注册码...所以多解... 2016-12-13 16:29 0
风间仁雪币： 30320 活跃值： (8824) 能力值： ( LV15，RANK：3306 ) 在线值：发帖 111 回帖 591 粉丝 89 关注私信	风间仁 19 3 楼我弄错了..1234567 2016-12-13 18:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复