Writeup Log

RRe_Time_Limiter

EventDaily AlpacaHack
DifficultyMedium
URLhttps://alpacahack.com/daily/challenges/rre-time-limiter

## solve

ファイルを解凍すると、以下のファイルが含まれている。

bash 
❯ ls -la
total 16
drwxr-xr-x 2 nabeen nabeen 4096 Feb  3 22:08 .
drwxr-xr-x 3 nabeen nabeen 4096 Feb 13 02:14 ..
-rw-r--r-- 1 nabeen nabeen  513 Feb  3 22:08 chall.py
-rw-r--r-- 1 nabeen nabeen  290 Feb  3 22:08 output.txt
chall.py 
import os
from Crypto.Util.number import bytes_to_long

flag = os.getenv("FLAG", "Alpaca{EXAMPLE}").encode()
flag = bytes_to_long(flag)

primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349]
out = [flag % p for p in primes]

print(out)
output.txt 
[1, 2, 0, 4, 8, 9, 8, 13, 16, 27, 0, 17, 17, 28, 20, 6, 28, 4, 47, 30, 37, 56, 57, 77, 35, 57, 89, 70, 27, 26, 108, 124, 25, 75, 122, 54, 64, 42, 158, 25, 68, 90, 89, 42, 90, 147, 124, 148, 225, 50, 182, 5, 162, 159, 252, 129, 145, 24, 119, 41, 215, 264, 299, 51, 203, 24, 18, 38, 55, 266]

どうやら調べてみると、中国余弦定理で解けるらしい。ライブラリを使えば一発で解ける。

exploit.py 
from ast import literal_eval

from Crypto.Util.number import long_to_bytes
from sympy.ntheory.modular import crt

primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349]

def main() -> None:
    with open("output.txt", "r", encoding="utf-8") as f:
        residues = literal_eval(f.read().strip())

    flag_int, _ = crt(primes, residues)
    flag = long_to_bytes(int(flag_int))
    print(flag.decode("utf-8", errors="replace"))


if __name__ == "__main__":
    main()
bash 
❯ python exploit.py
Alpaca{Let's_kick_off_this_fly_party_night}

## flag

  • Alpaca{Let's_kick_off_this_fly_party_night}