WuCup-OhMyK（赛后）

前言#

虽然此题放在了密码方向，但从整个做题过程来看，其实是一道RE题（）

不过嘛，虽然对我来说，我自己会觉得比较shi；但还是可以做的，主要还是自己赛后做的时候比较死板了)))

这次记录就算作是给我自己的一个警示吧

（以上评价仅个人观点，请忽略）

做题过程#

分析apk并获得java代码#

首先，刚刚说了题目给的.apk文件，长这样：

然后模拟器安装试试，打开软件后会看到一个界面——有两行（一行ID一行没描述）：

在软件里，我们只能通过按Example键去看到一组值（算是挺符合 “咋全是Flag” 这个描述吧）；但这里还看不出个所以然，因此就得回看下.apk文件了。

毕竟我不是RE手，所以我的第一反应就是：直接加载到IDA里看下算了；然后便发现存在一些java的东西：

再加上我以前知道Python写的代码可以编译成.exe，所以我做的时候觉得这个应该也是java代码编译的，因此我们稍微查查这种能怎么逆出Java代码即可（算是我自己的第一直觉吧）；我是直接问的GPT，它告诉我可以使用jadx进行反编译（就像ucompyle6能反编译出python的代码一样，个人理解）：

所以我们找这个工具安装下，运行相关指令就能获得反编译出来的东西了：

而我们要找的代码是在sources文件夹里：

分析M.java，获取了些常量#

接下来就是分析这三个java代码了，但我们其实主要看M.java就行（其他两个定义了些会用到的Java类），我这里贴下M.java的代码吧：

M.java (点击展开)

1
package xyz.wztong.ohmyk;
2

3
import android.app.Activity;
4
import android.os.Bundle;
5
import android.text.Editable;
6
import android.text.TextWatcher;
7
import android.view.View;
8
import android.widget.CheckBox;
9
import android.widget.EditText;
10
import java.io.IOException;
11
import java.io.ObjectInputStream;
12
import java.math.BigInteger;
13
import java.nio.charset.StandardCharsets;
14
import java.security.MessageDigest;
15
import java.security.NoSuchAlgorithmException;
16
import java.util.Arrays;
17
import java.util.List;
18
import java.util.Random;
19
import java.util.zip.InflaterInputStream;
20

21
/* loaded from: classes.dex */
22
public class M extends Activity implements TextWatcher, View.OnClickListener {
23
    public static final int[] i = { 0, 1996959894, -301047508, -1727442502, 124634137, 1886057615, -379345611,
24
            -1637575261, 249268274, 2044508324, -522852066, -1747789432, 162941995, 2125561021, -407360249, -1866523247,
25
            498536548, 1789927666, -205950648, -2067906082, 450548861, 1843258603, -187386543, -2083289657, 325883990,
26
            1684777152, -43845254, -1973040660, 335633487, 1661365465, -99664541, -1928851979, 997073096, 1281953886,
27
            -715111964, -1570279054, 1006888145, 1258607687, -770865667, -1526024853, 901097722, 1119000684, -608450090,
28
            -1396901568, 853044451, 1172266101, -589951537, -1412350631, 651767980, 1373503546, -925412992, -1076862698,
29
            565507253, 1454621731, -809855591, -1195530993, 671266974, 1594198024, -972236366, -1324619484, 795835527,
30
            1483230225, -1050600021, -1234817731, 1994146192, 31158534, -1731059524, -271249366, 1907459465, 112637215,
31
            -1614814043, -390540237, 2013776290, 251722036, -1777751922, -519137256, 2137656763, 141376813, -1855689577,
32
            -429695999, 1802195444, 476864866, -2056965928, -228458418, 1812370925, 453092731, -2113342271, -183516073,
33
            1706088902, 314042704, -1950435094, -54949764, 1658658271, 366619977, -1932296973, -69972891, 1303535960,
34
            984961486, -1547960204, -725929758, 1256170817, 1037604311, -1529756563, -740887301, 1131014506, 879679996,
35
            -1385723834, -631195440, 1141124467, 855842277, -1442165665, -586318647, 1342533948, 654459306, -1106571248,
36
            -921952122, 1466479909, 544179635, -1184443383, -832445281, 1591671054, 702138776, -1328506846, -942167884,
37
            1504918807, 783551873, -1212326853, -1061524307, -306674912, -1698712650, 62317068, 1957810842, -355121351,
38
            -1647151185, 81470997, 1943803523, -480048366, -1805370492, 225274430, 2053790376, -468791541, -1828061283,
39
            167816743, 2097651377, -267414716, -2029476910, 503444072, 1762050814, -144550051, -2140837941, 426522225,
40
            1852507879, -19653770, -1982649376, 282753626, 1742555852, -105259153, -1900089351, 397917763, 1622183637,
41
            -690576408, -1580100738, 953729732, 1340076626, -776247311, -1497606297, 1068828381, 1219638859, -670225446,
42
            -1358292148, 906185462, 1090812512, -547295293, -1469587627, 829329135, 1181335161, -882789492, -1134132454,
43
            628085408, 1382605366, -871598187, -1156888829, 570562233, 1426400815, -977650754, -1296233688, 733239954,
44
            1555261956, -1026031705, -1244606671, 752459403, 1541320221, -1687895376, -328994266, 1969922972, 40735498,
45
            -1677130071, -351390145, 1913087877, 83908371, -1782625662, -491226604, 2075208622, 213261112, -1831694693,
46
            -438977011, 2094854071, 198958881, -2032938284, -237706686, 1759359992, 534414190, -2118248755, -155638181,
47
            1873836001, 414664567, -2012718362, -15766928, 1711684554, 285281116, -1889165569, -127750551, 1634467795,
48
            376229701, -1609899400, -686959890, 1308918612, 956543938, -1486412191, -799009033, 1231636301, 1047427035,
49
            -1362007478, -640263460, 1088359270, 936918000, -1447252397, -558129467, 1202900863, 817233897, -1111625188,
50
            -893730166, 1404277552, 615818150, -1160759803, -841546093, 1423857449, 601450431, -1285129682, -1000256840,
51
            1567103746, 711928724, -1274298825, -1022587231, 1510334235, 755167117 };
52
    public static MessageDigest j;
53
    public List a;
54
    public EditText b;
55
    public EditText c;
56
    public CheckBox d;
57
    public BigInteger e;
58
    public BigInteger f;
59
    public BigInteger g;
60
    public BigInteger h;
61

62
    public static BigInteger a(String str) {
63
        byte[] byteArray = new BigInteger(str, 16).toByteArray();
64
        if (byteArray[0] == 0) {
65
            byteArray = Arrays.copyOfRange(byteArray, 1, byteArray.length);
66
        }
67
        if (byteArray.length < 20) {
68
            byte[] bArr = new byte[20];
69
            System.arraycopy(byteArray, 0, bArr, 20 - byteArray.length, byteArray.length);
70
            byteArray = bArr;
71
        }
72
        int i2 = 0;
73
        while (i2 < byteArray.length) {
74
            int i3 = i2 + 4;
75
            int i4 = -1;
76
            for (byte b : Arrays.copyOfRange(byteArray, i2, i3)) {
77
                i4 = i[(i4 ^ b) & 255] ^ (i4 >>> 8);
78
            }
79
            int i5 = ~i4;
80
            System.arraycopy(new byte[] { (byte) (i5 >>> 24), (byte) (i5 >>> 16), (byte) (i5 >>> 8), (byte) i5 }, 0,
81
                    byteArray, i2, 4);
82
            i2 = i3;
83
        }
84
        StringBuilder sb = new StringBuilder();
85
        for (byte b2 : byteArray) {
86
            String hexString = Integer.toHexString(b2 & 255);
87
            if (hexString.length() == 1) {
88
                hexString = "0".concat(hexString);
89
            }
90
            sb.append(hexString);
91
        }
92
        return new BigInteger(sb.toString(), 16);
93
    }
94

95
    public static boolean b(byte[] bArr, String str, BigInteger bigInteger, BigInteger bigInteger2,
96
            BigInteger bigInteger3, BigInteger bigInteger4) {
97
        BigInteger a = a(str.substring(0, 40));
98
        BigInteger a2 = a(str.substring(40, 80));
99
        byte[] copyOfRange = Arrays.copyOfRange(j.digest(bArr), 0, 20);
100
        StringBuilder sb = new StringBuilder();
101
        for (byte b : copyOfRange) {
102
            String hexString = Integer.toHexString(b & 255);
103
            if (hexString.length() == 1) {
104
                hexString = "0".concat(hexString);
105
            }
106
            sb.append(hexString);
107
        }
108
        BigInteger bigInteger5 = new BigInteger(sb.toString(), 16);
109
        BigInteger modPow = a2.modPow(bigInteger2.subtract(BigInteger.valueOf(2L)), bigInteger2);
110
        return bigInteger3.modPow(bigInteger5.multiply(modPow).mod(bigInteger2), bigInteger)
111
                .multiply(bigInteger4.modPow(a.multiply(modPow).mod(bigInteger2), bigInteger)).mod(bigInteger)
112
                .mod(bigInteger2).equals(a);
113
    }
114

115
    @Override // android.text.TextWatcher
116
    public final void afterTextChanged(Editable editable) {
117
        this.d.setChecked(!r8.isChecked());
118
        this.d.setChecked(false);
119
        String obj = this.c.getText().toString();
120
        if (obj.length() != 80) {
121
            return;
122
        }
123
        try {
124
            this.d.setChecked(b(this.b.getText().toString().getBytes(StandardCharsets.UTF_8), obj, this.e, this.f,
125
                    this.g, this.h));
126
        } catch (Exception unused) {
127
            this.d.setChecked(false);
128
        }
129
    }
130

131
    @Override // android.text.TextWatcher
132
    public final void beforeTextChanged(CharSequence charSequence, int i2, int i3, int i4) {
133
    }
134

135
    @Override // android.view.View.OnClickListener
136
    public void onClick(View view) {
137
        E e = (E) this.a.get(new Random(System.currentTimeMillis()).nextInt(this.a.size()));
138
        this.b.setText(e.n);
139
        this.c.setText(e.f);
140
    }
141

142
    @Override // android.app.Activity
143
    public final void onCreate(Bundle bundle) {
144
        super.onCreate(bundle);
145
        try {
146
            ObjectInputStream objectInputStream = new ObjectInputStream(new InflaterInputStream(getAssets().open("a")));
147
            try {
148
                j = MessageDigest.getInstance("SHA256");
149
                this.e = (BigInteger) objectInputStream.readObject();
150
                this.f = (BigInteger) objectInputStream.readObject();
151
                this.g = (BigInteger) objectInputStream.readObject();
152
                this.h = (BigInteger) objectInputStream.readObject();
153
                this.a = (List) objectInputStream.readObject();
154
                objectInputStream.close();
155
                setContentView(R.layout.m);
156
                EditText editText = (EditText) findViewById(R.id.i);
157
                this.b = editText;
158
                editText.addTextChangedListener(this);
159
                EditText editText2 = (EditText) findViewById(R.id.v);
160
                this.c = editText2;
161
                editText2.addTextChangedListener(this);
162
                this.d = (CheckBox) findViewById(R.id.c);
163
                findViewById(R.id.b).setOnClickListener(this);
164
            } catch (Throwable th) {
165
                try {
166
                    objectInputStream.close();
167
                } catch (Throwable th2) {
168
                    th.addSuppressed(th2);
169
                }
170
                throw th;
171
            }
172
        } catch (IOException | ClassNotFoundException | NoSuchAlgorithmException e) {
173
            throw new RuntimeException(e);
174
        }
175
    }
176

177
    @Override // android.text.TextWatcher
178
    public final void onTextChanged(CharSequence charSequence, int i2, int i3, int i4) {
179
    }
180
}

在代码中，主函数是这块：

onCreate (点击展开)

1
public final void onCreate(Bundle bundle) {
2
    super.onCreate(bundle);
3
    try {
4
        ObjectInputStream objectInputStream = new ObjectInputStream(new InflaterInputStream(getAssets().open("a")));
5
        try {
6
            j = MessageDigest.getInstance("SHA256");
7
            this.e = (BigInteger) objectInputStream.readObject();
8
            this.f = (BigInteger) objectInputStream.readObject();
9
            this.g = (BigInteger) objectInputStream.readObject();
10
            this.h = (BigInteger) objectInputStream.readObject();
11
            this.a = (List) objectInputStream.readObject();
12
            objectInputStream.close();
13
            setContentView(R.layout.m);
14
            EditText editText = (EditText) findViewById(R.id.i);
15
            this.b = editText;
16
            editText.addTextChangedListener(this);
17
            EditText editText2 = (EditText) findViewById(R.id.v);
18
            this.c = editText2;
19
            editText2.addTextChangedListener(this);
20
            this.d = (CheckBox) findViewById(R.id.c);
21
            findViewById(R.id.b).setOnClickListener(this);
22
        } catch (Throwable th) {
23
            try {
24
                objectInputStream.close();
25
            }
26
            catch (Throwable th2) {
27
                th.addSuppressed(th2);
28
            }
29
            throw th;
30
        }
31
    }
32
    catch (IOException | ClassNotFoundException | NoSuchAlgorithmException e) {
33
        throw new RuntimeException(e);
34
    }
35
}

在这里边，我也只能看出——e、f、g、h、a这五个变量是由a文件（在resources/assets里能找到）读取得到的（前四个是BigInt类型，a是List类型），以及存在使用SHA256的地方；该函数的其他地方感觉可能是我们不需要管的。

但在分析其他函数之前，肯定得先读取出那五个变量，最简单的方法就是照着获取即可：

get_num (点击展开)

1
package xyz.wztong.ohmyk;
2

3
import java.io.FileInputStream;
4
import java.io.IOException;
5
import java.io.ObjectInputStream;
6
import java.math.BigInteger;
7
import java.util.List;
8
import java.util.zip.InflaterInputStream;
9

10
public class Main {
11
    public static void main(String[] args) {
12
        String path = "OhMyK_1.0\\ooo\\sources\\xyz\\wztong\\ohmyk\\a";
13

14
        try {
15
            ObjectInputStream objectInputStream = new ObjectInputStream(
16
                    new InflaterInputStream(new FileInputStream(path)));
17
            try {
18
                BigInteger e = (BigInteger) objectInputStream.readObject();
19
                BigInteger f = (BigInteger) objectInputStream.readObject();
20
                BigInteger g = (BigInteger) objectInputStream.readObject();
21
                BigInteger h = (BigInteger) objectInputStream.readObject();
22
                List<?> a = (List<?>) objectInputStream.readObject();
23
                System.out.println("e = " + e);
24
                System.out.println("f = " + f);
25
                System.out.println("g = " + g);
26
                System.out.println("h = " + h);
27
                System.out.println("List a: ");
28
                for (Object i : a) {
29
                    E i1 = (E) i;
30
                    // just for beautify
31
                    System.out.println(i1.n + " -> " + i1.f);
32
                }
33
            } catch (ClassNotFoundException e) {
34
                // TODO Auto-generated catch block
35
                e.printStackTrace();
36
            }
37
        } catch (IOException e) {
38
            e.printStackTrace();
39
        }
40
    }
41
}

然后就能获得数据了（数据太长，我就不粘了），写的时候发现a列表里的元素是自定义的class E类，所以就那样子输出了；此时发现输出的a列表刚好和最前面在软件上看到的类型一致，那估计会有点用。

继续分析，发现存在DSA的k复用#

然后我们看下别的函数，就会注意到afterTextChanged这个函数：

1
public final void afterTextChanged(Editable editable) {
2
    this.d.setChecked(!r8.isChecked());
3
    this.d.setChecked(false);
4
    String obj = this.c.getText().toString();
5
    if (obj.length() != 80) {
6
        return;
7
    }
8
    try {
9
        this.d.setChecked(b(this.b.getText().toString().getBytes(StandardCharsets.UTF_8), obj, this.e, this.f, this.g, this.h));
10
    } catch (Exception unused) {
11
        this.d.setChecked(false);
12
    }
13
}

里边有用到了刚刚获取的e、f、g、h，接着便是关键部分——b函数了（我没骂人，真就叫b函数）：

1
public static boolean b(byte[] bArr, String str, BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3, BigInteger bigInteger4) {
2
    BigInteger a = a(str.substring(0, 40));
3
    BigInteger a2 = a(str.substring(40, 80));
4
    byte[] copyOfRange = Arrays.copyOfRange(j.digest(bArr), 0, 20);
5
    StringBuilder sb = new StringBuilder();
6
    for (byte b : copyOfRange) {
7
        String hexString = Integer.toHexString(b & 255);
8
        if (hexString.length() == 1) {
9
            hexString = "0".concat(hexString);
10
        }
11
        sb.append(hexString);
12
    }
13
    BigInteger bigInteger5 = new BigInteger(sb.toString(), 16);
14
    BigInteger modPow = a2.modPow(bigInteger2.subtract(BigInteger.valueOf(2L)), bigInteger2);
15
    return bigInteger3.modPow(bigInteger5.multiply(modPow).mod(bigInteger2), bigInteger).multiply(bigInteger4.modPow(a.multiply(modPow).mod(bigInteger2), bigInteger)).mod(bigInteger).mod(bigInteger2).equals(a);
16
}

虽然对于我这个只会python的人而言看着挺高大上，但看最后几行会发现——最后是DSA的验签操作（只是嘛。。。感觉出题人是不是公式写错了？）

我这里放个我印象中的DSA验签 (这个别的师傅都有说过，我这里放个DexterJie师傅的DSA数字签名 | DexterJie’Blog，讲得十分详细，假如是密码小白看到这里的话，可以试着看下DexterJie师傅的文章入下Cry的门)：

g^{H(m)s^{-1}}h^{rs^{-1}}\equiv a\ (mod\ q)\\h\equiv g^x(mod\ q)

此时回看下a列表，是不是每个元素就是一组 m和(r, s) 呢？那肯定是了嘛（

可以从该函数的这两行代码看得出来：

1
BigInteger a = a(str.substring(0, 40));
2
BigInteger a2 = a(str.substring(40, 80));

因为当时题目没人解，所以当时还给了一堆hint，其中就有两条：OhMyK-sixT6ZZyVa和OhMyK-X5V1kiEt87；这时候去a列表里看对应的值就会发现——这两组的r一致，而我们知道DSA是这样签名的：

\begin{split} r&=g^k\ mod\ q \\s&=k^{-1}(H(m)+xr)\ mod\ q \end{split}

所以很明显——考点就是DAS的k复用问题了，再加上题目还有个提示：提交x即可，就能知道本题是让我们求上式的x。

于是有如下推导：

\begin{split} &\boxed{ \begin{aligned} s_1 &= k^{-1}(H(m_1) + xr) \mod q \\ s_2 &= k^{-1}(H(m_2) + xr) \mod q \end{aligned} }\\ &\Rightarrow {s_1}^{-1}(H(m_1)+xr)\equiv {s_2}^{-1}(H(m_2)+xr)\ mod\ q\\ &\Rightarrow x\equiv ({s_1}^{-1}H(m_1)-{s_2}^{-1}H(m_2)){({s_2}^{-1}r-{s_1}^{-1}r)}^{-1}\ mod\ q \end{split}

最后把x转成16进制套个flag格式就行。

不过就是——这里算之前需要对r和s先经过a函数的处理哈（如果将a函数转成其他编程语言的代码的话，需要注意一下数据类型的问题）

该部分的exp：

exp (点击展开)

1
from hashlib import sha256
2
from Crypto.Util.number import inverse, bytes_to_long
3

4

5
def a(hex_str):
6
    # 将输入的十六进制字符串转换为可变的字节数组
7
    byte_array = bytearray.fromhex(hex_str)
8

9
    # 去掉前导的0
10
    while len(byte_array) > 0 and byte_array[0] == 0:
11
        byte_array.pop(0)
12

13
    # 如果字节数组的长度少于20个字节，则前面填充0使其长度达到20字节
14
    if len(byte_array) < 20:
15
        byte_array = bytearray(20 - len(byte_array)) + byte_array
16

17
    # 自定义的查找表 i
18
    i = [
19
        0, 1996959894, -301047508, -1727442502, 124634137, 1886057615, -379345611,
20
        -1637575261, 249268274, 2044508324, -522852066, -1747789432, 162941995,
21
        2125561021, -407360249, -1866523247, 498536548, 1789927666, -205950648,
22
        -2067906082, 450548861, 1843258603, -187386543, -2083289657, 325883990,
23
        1684777152, -43845254, -1973040660, 335633487, 1661365465, -99664541,
24
        -1928851979, 997073096, 1281953886, -715111964, -1570279054, 1006888145,
25
        1258607687, -770865667, -1526024853, 901097722, 1119000684, -608450090,
26
        -1396901568, 853044451, 1172266101, -589951537, -1412350631, 651767980,
27
        1373503546, -925412992, -1076862698, 565507253, 1454621731, -809855591,
28
        -1195530993, 671266974, 1594198024, -972236366, -1324619484, 795835527,
29
        1483230225, -1050600021, -1234817731, 1994146192, 31158534, -1731059524,
30
        -271249366, 1907459465, 112637215, -1614814043, -390540237, 2013776290,
31
        251722036, -1777751922, -519137256, 2137656763, 141376813, -1855689577,
32
        -429695999, 1802195444, 476864866, -2056965928, -228458418, 1812370925,
33
        453092731, -2113342271, -183516073, 1706088902, 314042704, -1950435094,
34
        -54949764, 1658658271, 366619977, -1932296973, -69972891, 1303535960,
35
        984961486, -1547960204, -725929758, 1256170817, 1037604311, -1529756563,
36
        -740887301, 1131014506, 879679996, -1385723834, -631195440, 1141124467,
37
        855842277, -1442165665, -586318647, 1342533948, 654459306, -1106571248,
38
        -921952122, 1466479909, 544179635, -1184443383, -832445281, 1591671054,
39
        702138776, -1328506846, -942167884, 1504918807, 783551873, -1212326853,
40
        -1061524307, -306674912, -1698712650, 62317068, 1957810842, -355121351,
41
        -1647151185, 81470997, 1943803523, -480048366, -1805370492, 225274430,
42
        2053790376, -468791541, -1828061283, 167816743, 2097651377, -267414716,
43
        -2029476910, 503444072, 1762050814, -144550051, -2140837941, 426522225,
44
        1852507879, -19653770, -1982649376, 282753626, 1742555852, -105259153,
45
        -1900089351, 397917763, 1622183637, -690576408, -1580100738, 953729732,
46
        1340076626, -776247311, -1497606297, 1068828381, 1219638859, -670225446,
47
        -1358292148, 906185462, 1090812512, -547295293, -1469587627, 829329135,
48
        1181335161, -882789492, -1134132454, 628085408, 1382605366, -871598187,
49
        -1156888829, 570562233, 1426400815, -977650754, -1296233688, 733239954,
50
        1555261956, -1026031705, -1244606671, 752459403, 1541320221, -1687895376,
51
        -328994266, 1969922972, 40735498, -1677130071, -351390145, 1913087877,
52
        83908371, -1782625662, -491226604, 2075208622, 213261112, -1831694693,
53
        -438977011, 2094854071, 198958881, -2032938284, -237706686, 1759359992,
54
        534414190, -2118248755, -155638181, 1873836001, 414664567, -2012718362,
55
        -15766928, 1711684554, 285281116, -1889165569, -127750551, 1634467795,
56
        376229701, -1609899400, -686959890, 1308918612, 956543938, -1486412191,
57
        -799009033, 1231636301, 1047427035, -1362007478, -640263460, 1088359270,
58
        936918000, -1447252397, -558129467, 1202900863, 817233897, -1111625188,
59
        -893730166, 1404277552, 615818150, -1160759803, -841546093, 1423857449,
60
        601450431, -1285129682, -1000256840, 1567103746, 711928724, -1274298825,
61
        -1022587231, 1510334235, 755167117
62
    ]
63
    bb = []
64
    # 按4个字节处理
65
    for i2 in range(0, len(byte_array), 4):
66
        i4 = 0xFFFFFFFF
67
        for b in byte_array[i2:i2 + 4]:
68
            i4 = i[(i4 ^ b) & 0xFF] ^ ((i4 >> 8)&0xFFFFFF)
69
        i5 = ~i4 & 0xFFFFFFFF
70
        # 修改字节数组中的对应4个字节
71
        bb += list(i5.to_bytes(4, byteorder='big'))
72
        byte_array = byte_array[:i2] + i5.to_bytes(4, byteorder='big') + byte_array[i2+4:]
73

74
    # 返回最终转换为大整数
75
    return int.from_bytes(byte_array, byteorder='big')
76

77

78
h1 = bytes_to_long(sha256(b"OhMyK-sixT6ZZyVa").digest()[:20])
79
h2 = bytes_to_long(sha256(b"OhMyK-X5V1kiEt87").digest()[:20])
80
sig1 = "42def2b62f7231a4f0b0a59a557300c43875fceea0ef2d8f8514477e2a667c55ec2e67387310191c"
81
sig2 = "42def2b62f7231a4f0b0a59a557300c43875fcee32a9a8d59857e67e6dbc5c86bc70584f7b648cad"
82

83
e = 178011905478542266528237562450159990145232156369120674273274450314442865788737020770612695252123463079567156784778466449970650770920727857050009668388144034129745221171818506047231150039301079959358067395348717066319802262019714966524135060945913707594956514672855690606794135837542707371727429551343320695239
84
f = 864205495604807476120572616017955259175325408501
85
g = 174068207532402095185811980123523436538604490794561350978495831040599953488455823147851597408940950725307797094915759492368300574252438761037084473467180148876118103083043754985190983472601550494691329488083395492313850000361646482644608492304078721818959999056496097769368017749273708962006689187956744210730
86
h = 103232238666983971809327508066514356419787907649466949462394226369130871754234245874004092201548824299312939921557482756782309229667636222376851630500312178743987396738426156452022352302679982609351355870817034754415018536831514110999501105000359521022666210250084531007148927684341774040838911059131394088305
87

88
r = a(sig1[:40])
89
s1 = a(sig1[40:])
90
s2 = a(sig2[40:])
91

92

93
x = (h2*inverse(s2, f)-h1*inverse(s1, f))*inverse(r*inverse(s1, f)-r*inverse(s2, f), f) % f
94
print("\n")
95
print(f"WuCup{{{hex(x)[2:]}}}")
96
# WuCup{11b351053a7dae2c2fb80c08aa70f58ab6684d2a}

后记#

虽然还有两道题，但个人感觉记录了没啥意义，就懒得记录了（反正网上肯定能搜到，实在搜不到就再找我要思路吧）