0x01题目：

题目很简单就七行代码。

#!/usr/bin/env python # -*- coding: utf-8 -*- from Crypto.Util.number import * import random n = 2 ** 512 m = random.randint(2, n-1) | 1 c = pow(m, bytes_to_long(flag), n) print 'm = ' + str(m) print 'c = ' + str(c) # m = 391190709124527428959489662565274039318305952172936859403855079581402770986890308469084735451207885386318986881041563704825943945069343345307381099559075 # c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211308485605397024123180085924117610802485972584499

0x02 思路

要解决的是离散对数问题 c = m^flag mod n 这里m,n,c已知，可使用sagemath的 discrete_log(a,base,ord,operation)函数求解flag discrete详解

0x03 exp:

sage: m = 3911907091245274289594896625652740393183059521729368594038550795814027709868903084690847354512078853863189 ....: 86881041563704825943945069343345307381099559075 ....: c = 6665851394203214245856789450723658632520816791621796775909766895233000234023642878786025644953797995373211 ....: 308485605397024123180085924117610802485972584499 ....: n = 2 ** 512 ....: c = Mod(c,n) ....: m = Mod(m,n) ....: flag = discrete_log(c,m) ....: print(flag) ....: 56006392793405651552924479293096841126763872290794186417054288110043102953612574215902230811593957757 from Crypto.Util.number import * d = 56006392793405651552924479293096841126763872290794186417054288110043102953612574215902230811593957757 print(long_to_bytes(d))

得到flag