【2019看雪CTF】Q3赛季 第八题：人妒英才 WP

程序运行显示如下信息：

Ep =  y^2 = x^3 + 125*x
Prime field p=127,base point G(11,4),publicK(120,41) please find private key k

但是程序开始计算的点是9*G，而且求出的点和G并不在提示信息所表示的曲线上。后来注意到输入是单字节pack进行加密，且输入长度可以很长。于是乎全字母数字符号字符全输进去，dump出加密结果，然后整理表，然后查表（只需低字节即可）。

# -*- coding:utf-8 -*-
import string
def main():
  t1 = [0x02,0x5C,0x37,0x12,0x6C,0x47,0x22,0x7C,0x57,0x32,0x5E,0x39,0x14,0x6E,0x49,0x24,0x7E,0x59,0x34,0x0F,0x69,0x44,0x1F,0x79,0x54,0x2F,0x0A,0x64,0x3F,0x1A,0x74,0x4F,0x2A,0x05,0x5F,0x3A,0x08,0x62,0x3D,0x18,0x72,0x4D,0x28,0x03,0x5D,0x38,0x13,0x6D,0x48,0x23,0x7D,0x58,0x33,0x0E,0x68,0x43,0x1E,0x78,0x53,0x63,0x2E,0x09,0x31,0x0C,0x66,0x41,0x1C,0x76,0x51,0x2C,0x07,0x61,0x3C,0x17,0x71,0x4C,0x27,0x0D,0x67,0x42,0x1D,0x77,0x52,0x2D,0x3E,0x19,0x73,0x4E,0x29,0x04,0x15,0x6F,0x4A,0x25]
  t2 = string.digits+string.lowercase+string.uppercase+string.punctuation
  t = [0x13,0x5E,0x79,0x05,0x74,0x49,0x29,0x37,0x02,0x5C,0x32,0x29,0x33,0x12]
  s = ''
  for i in t:
    s += t2[t1.index(i)]
  print s
  print 'end.'

if __name__ == '__main__':
  main()

结果为Kanxue_2019_Q3。

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法