第三届陇剑杯CTF竞赛部分题目题解与教学<\/h1>

概述<\/h2>
本文对第三届陇剑杯CTF竞赛中的多个题目进行详细解析，涵盖AI对抗样本、密码学、逆向工程等多个领域的技术要点和解题思路。<\/p>

题目解析<\/h2>

1. 和我的保险说去吧！（AI对抗样本）<\/h3>

题目考点<\/h4>

AI对抗样本生成<\/li>
ResNet-18模型攻击<\/li>

图像分类器安全<\/li> <\/ul>

解题思路<\/h4>

目标分析<\/strong>：需要创建64×64像素的PNG补丁，当随机贴在交通标志图像上时，能使ResNet-18模型将至少75%的图像错误分类为类别32（"去除速度限制"）<\/p> <\/li>

技术实现<\/strong>：<\/p> <\/li> <\/ol>
import<\/span> torch <\/span><\/span>import<\/span> torch.nn as<\/span> nn <\/span><\/span>from<\/span> torchvision import<\/span> models, transforms, datasets <\/span><\/span>from<\/span> torch.utils.data import<\/span> DataLoader <\/span><\/span>from<\/span> PIL import<\/span> Image <\/span><\/span> <\/span><\/span>def<\/span> main<\/span>(): <\/span><\/span> device =<\/span> 'cpu'<\/span> <\/span><\/span> # 加载预训练的ResNet-18模型<\/span> <\/span><\/span> model =<\/span> models.<\/span>resnet18(weights=<\/span>None<\/span>, num_classes=<\/span>43<\/span>) <\/span><\/span> model.<\/span>load_state_dict(torch.<\/span>load(".\/model.pth"<\/span>, map_location=<\/span>device, weights_only=<\/span>True<\/span>)) <\/span><\/span> model.<\/span>to(device) <\/span><\/span> model.<\/span>eval() <\/span><\/span> <\/span><\/span> # 图像预处理<\/span> <\/span><\/span> transform =<\/span> transforms.<\/span>Compose([ <\/span><\/span> transforms.<\/span>Resize((224<\/span>, 224<\/span>)), <\/span><\/span> transforms.<\/span>ToTensor(), <\/span><\/span> ]) <\/span><\/span> <\/span><\/span> # 初始化随机补丁<\/span> <\/span><\/span> patch =<\/span> torch.<\/span>rand(3<\/span>, 64<\/span>, 64<\/span>, requires_grad=<\/span>True<\/span>, device=<\/span>device) <\/span><\/span> optimizer =<\/span> torch.<\/span>optim.<\/span>Adam([patch], lr=<\/span>0.03<\/span>) <\/span><\/span> criterion =<\/span> nn.<\/span>CrossEntropyLoss() <\/span><\/span> <\/span><\/span> # 加载数据集<\/span> <\/span><\/span> dataset =<\/span> datasets.<\/span>ImageFolder(root=<\/span>'.\/dataset'<\/span>, transform=<\/span>transform) <\/span><\/span> loader =<\/span> DataLoader(dataset, batch_size=<\/span>8<\/span>, shuffle=<\/span>True<\/span>) <\/span><\/span> <\/span><\/span> num_epochs =<\/span> 6<\/span> <\/span><\/span> target_class =<\/span> 32<\/span> <\/span><\/span> normalize =<\/span> transforms.<\/span>Normalize( <\/span><\/span> mean=<\/span>[0.3403<\/span>, 0.3121<\/span>, 0.3214<\/span>], <\/span><\/span> std=<\/span>[0.2724<\/span>, 0.2608<\/span>, 0.2669<\/span>] <\/span><\/span> ) <\/span><\/span> <\/span><\/span> # 训练对抗补丁<\/span> <\/span><\/span> for<\/span> epoch in<\/span> range(num_epochs): <\/span><\/span> total_loss =<\/span> 0.0<\/span> <\/span><\/span> success_count =<\/span> 0<\/span> <\/span><\/span> total_count =<\/span> 0<\/span> <\/span><\/span> <\/span><\/span> for<\/span> images, _ in<\/span> loader: <\/span><\/span> images =<\/span> images.<\/span>to(device) <\/span><\/span> batch_size =<\/span> images.<\/span>size(0<\/span>) <\/span><\/span> <\/span><\/span> # 随机位置应用补丁<\/span> <\/span><\/span> for<\/span> i in<\/span> range(batch_size): <\/span><\/span> h_start =<\/span> torch.<\/span>randint(0<\/span>, images.<\/span>shape[2<\/span>] -<\/span> patch.<\/span>shape[1<\/span>], (1<\/span>,)).<\/span>item() <\/span><\/span> w_start =<\/span> torch.<\/span>randint(0<\/span>, images.<\/span>shape[3<\/span>] -<\/span> patch.<\/span>shape[2<\/span>], (1<\/span>,)).<\/span>item() <\/span><\/span> h_end =<\/span> h_start +<\/span> patch.<\/span>shape[1<\/span>] <\/span><\/span> w_end =<\/span> w_start +<\/span> patch.<\/span>shape[2<\/span>] <\/span><\/span> images[i, :, h_start:h_end, w_start:w_end] =<\/span> patch <\/span><\/span> <\/span><\/span> images =<\/span> normalize(images) <\/span><\/span> outputs =<\/span> model(images) <\/span><\/span> targets =<\/span> torch.<\/span>full((batch_size,), target_class, dtype=<\/span>torch.<\/span>long, device=<\/span>device) <\/span><\/span> <\/span><\/span> loss =<\/span> criterion(outputs, targets) <\/span><\/span> total_loss +=<\/span> loss.<\/span>item() <\/span><\/span> <\/span><\/span> preds =<\/span> outputs.<\/span>argmax(dim=<\/span>1<\/span>) <\/span><\/span> success_count +=<\/span> (preds ==<\/span> target_class).<\/span>sum().<\/span>item() <\/span><\/span> total_count +=<\/span> batch_size <\/span><\/span> <\/span><\/span> optimizer.<\/span>zero_grad() <\/span><\/span> loss.<\/span>backward() <\/span><\/span> optimizer.<\/span>step() <\/span><\/span> <\/span><\/span> with<\/span> torch.<\/span>no_grad(): <\/span><\/span> patch.<\/span>clamp_(0<\/span>, 1<\/span>) <\/span><\/span> <\/span><\/span> avg_loss =<\/span> total_loss \/<\/span> len(loader) <\/span><\/span> success_rate =<\/span> success_count \/<\/span> total_count <\/span><\/span> print(f<\/span>"Epoch <\/span>{<\/span>epoch+<\/span>1<\/span>}<\/span>\/<\/span>{<\/span>num_epochs}<\/span>, Loss: <\/span>{<\/span>avg_loss:<\/span>.4f<\/span>}<\/span>, Success Rate: <\/span>{<\/span>success_rate:<\/span>.2%<\/span>}<\/span>"<\/span>) <\/span><\/span> <\/span><\/span> # 保存生成的对抗补丁<\/span> <\/span><\/span> save_patch(patch, "adversarial_patch.png"<\/span>) <\/span><\/span> print("对抗补丁已保存为 adversarial_patch.png"<\/span>) <\/span><\/span> <\/span><\/span>def<\/span> save_patch<\/span>(patch_tensor, filename): <\/span><\/span> patch_img =<\/span> transforms.<\/span>ToPILImage()(patch_tensor.<\/span>cpu().<\/span>detach()) <\/span><\/span> patch_img.<\/span>save(filename) <\/span><\/span> <\/span><\/span>if<\/span> __name__ ==<\/span> "__main__"<\/span>: <\/span><\/span> main() <\/span><\/span><\/code><\/pre> 关键参数<\/strong>：目标类别：32（去除速度限制）<\/li> 学习率：0.03<\/li> 训练轮次：6<\/li> 批大小：8<\/li> 图像归一化参数：特定均值和标准差<\/li> <\/ul> <\/li> <\/ol> FLAG<\/h4> flag{KQK22WPibibb8iMXTevUN9ILDqaRR79t}<\/code><\/p> 2. Dragon（XXTEA加密）<\/h3> 题目考点<\/h4> XXTEA加密算法<\/li> 逆向工程分析<\/li> 密钥生成机制<\/li> <\/ul> 解题思路<\/h4> 逆向分析<\/strong>：使用IDA Pro分析二进制文件，发现XXTEA加密实现<\/li> 密钥提取<\/strong>：从.rodata段提取密钥和密文数据<\/li> 算法识别<\/strong>：通过汇编代码分析确认XXTEA算法特征<\/li> 密钥生成<\/strong>：分析并复现密钥生成机制<\/li> <\/ol> FLAG<\/h4> flag{cbee3251-9cff-4542-bf15-337bb8df7f3f}<\/code><\/p> 3. HashBaseWorld（量子密码）<\/h3> 题目考点<\/h4> 量子密码算法<\/li> Wagner算法应用<\/li> <\/ul> 解题思路<\/h4> 原题参考<\/strong>：题目基于https:\/\/github.com\/conduition\/wagner<\/li> 算法实现<\/strong>：使用Wagner算法解决量子密码问题<\/li> 连接设置<\/strong>：通过SSL连接到远程服务器<\/li> <\/ol> remote("pwn-bbedf0f6d8.challenge.longjiancup.cn"<\/span>, 9999<\/span>, ssl=<\/span>True<\/span>) <\/span><\/span><\/code><\/pre>FLAG<\/h4> flag{hgnm5fnPJ8ZVYnkvjMxtUqNvpCMWBMeX}<\/code><\/p> 4. Prover（逆向与Z3约束求解）<\/h3> 题目考点<\/h4> 二进制逆向分析<\/li> Z3约束求解器<\/li> 优化算法<\/li> <\/ul> 解题思路<\/h4> 静态分析<\/strong>：<\/p> 定位关键函数：字节处理、dword打包、哈希计算<\/li> 提取数据段常量：5字节和7字节的变换表<\/li> <\/ul> <\/li> 逻辑复原<\/strong>：<\/p> 输入格式：22字节，格式为"flag{16个十六进制字符}"<\/li> 处理流程：每个字节经过线性变换、异或和循环移位<\/li> 处理后的字节填充为24字节并打包成6个32位整数（小端序）<\/li> 计算多种统计值：popcount求和、16位和、异或和等<\/li> 进行32位混合运算（旋转、加减、异或）和64位哈希（类似SplitMix64）<\/li> <\/ul> <\/li> <\/ul> <\/li> 约束建模<\/strong>：<\/p> 使用Z3的BitVec精确模拟每一步操作<\/li> 统一位宽处理<\/li> 添加输入格式约束（十六进制字符范围）<\/li> <\/ul> <\/li> 求解验证<\/strong>：多个校验点（哈希值、统计值等）共同保证正确性<\/p> <\/li> <\/ol> 关键点<\/h4> 严格匹配位宽<\/li> 区分逻辑与\/按位与<\/li> 识别哈希模式<\/li> <\/ul> FLAG<\/h4> flag{7ac1d3e59f0b2468}<\/code><\/p> 5. RSA.iso（RSA密码学）<\/h3> 题目考点<\/h4> Sage数学计算<\/li> RSA算法漏洞利用<\/li> Isogeny技巧<\/li> <\/ul> 解题思路<\/h4> 使用自动化工具分析RSA实现中的漏洞，利用Isogeny技巧恢复flag。<\/p> FLAG<\/h4> flag{S1mple_Is0geNy_7r1ck_t0_Recov3r_Fla9}<\/code><\/p> 6. EzHNP（格密码）<\/h3> 题目考点<\/h4> 格密码理论<\/li> 隐藏数问题（HNP）<\/li> <\/ul> 解题思路<\/h4> 原题参考<\/strong>：基于DownUnderCTF 2022的RSA区间预言机题目<\/li> 模板应用<\/strong>：直接套用已知解题模板<\/li> 格构造<\/strong>：构建适当的格来解决问题<\/li> <\/ol> FLAG<\/h4> Flag{67f56be77ad87032f8a91070057184bf}<\/code><\/p> 7. ez_rsa（RSA与数论）<\/h3> 题目考点<\/h4> RSA算法深入<\/li> 数论论文应用<\/li> <\/ul> 解题思路<\/h4> 论文参考<\/strong>：eprint.iacr.org\/2015\/399.pdf<\/li> 比赛复现<\/strong>：参考D3CTF题目的复现方法<\/li> 算法利用<\/strong>：应用特定的数论技巧破解RSA<\/li> <\/ol> FLAG<\/h4> Flag{fed177cf9f68e191a1dc4608788aa0e}<\/code><\/p> 8. qrandom（量子随机数）<\/h3> 题目考点<\/h4> 量子随机数生成<\/li> 密码学安全<\/li> <\/ul> 解题思路<\/h4> 密钥提取<\/strong>：获得Secret值<\/li> flag构造<\/strong>：基于量子随机数特性生成flag<\/li> <\/ol> Secret<\/h4> d6ab2cee1952cfce74f3bf22b1e460b974f767dd1bb3a4b90fb219047f214e8f<\/code><\/p> FLAG<\/h4> flag{cat_alive_cat_dead_cat_flag_e7ce8d437b5f}<\/code><\/p> 9. Lesscommon（对称加密）<\/h3> 题目考点<\/h4> 对称加密算法<\/li> 加密模式分析<\/li> <\/ul> 解题思路<\/h4> 分析并破解特定的对称加密算法实现。<\/p> FLAG<\/h4> flag{8c1fe64f-1085-48bb-947e-7635abc40f4c}<\/code><\/p> 总结<\/h2> 本次竞赛涵盖了多个安全领域的重要知识点：<\/p> AI安全<\/strong>：对抗样本生成和模型攻击<\/li> 密码学<\/strong>：包括传统加密（XXTEA、RSA）和现代密码学（格密码、量子密码）<\/li> 逆向工程<\/strong>：二进制分析、算法复原和约束求解<\/li> 数学应用<\/strong>：数论、代数和格理论在密码分析中的应用<\/li> <\/ol> 每个题目都体现了CTF竞赛中典型的技术挑战和解题思路，为安全研究人员提供了宝贵的学习资料和实践经验。<\/p>

第三届陇剑杯CTF竞赛部分题目题解与教学<\/h1>

概述<\/h2>
本文对第三届陇剑杯CTF竞赛中的多个题目进行详细解析，涵盖AI对抗样本、密码学、逆向工程等多个领域的技术要点和解题思路。<\/p>

题目解析<\/h2>

1. 和我的保险说去吧！（AI对抗样本）<\/h3>

2. Dragon（XXTEA加密）<\/h3>

3. HashBaseWorld（量子密码）<\/h3>

4. Prover（逆向与Z3约束求解）<\/h3>

5. RSA.iso（RSA密码学）<\/h3>

解题思路<\/h4>
使用自动化工具分析RSA实现中的漏洞，利用Isogeny技巧恢复flag。<\/p>

6. EzHNP（格密码）<\/h3>

7. ez_rsa（RSA与数论）<\/h3>

8. qrandom（量子随机数）<\/h3>

Secret<\/h4>
`d6ab2cee1952cfce74f3bf22b1e460b974f767dd1bb3a4b90fb219047f214e8f<\/code><\/p>`

9. Lesscommon（对称加密）<\/h3>

解题思路<\/h4>
分析并破解特定的对称加密算法实现。<\/p>

FLAG<\/h4>
`flag{8c1fe64f-1085-48bb-947e-7635abc40f4c}<\/code><\/p>`

第三届陇剑杯CTF竞赛部分题目题解与教学<\/h1>

概述<\/h2> 本文对第三届陇剑杯CTF竞赛中的多个题目进行详细解析，涵盖AI对抗样本、密码学、逆向工程等多个领域的技术要点和解题思路。<\/p>

题目解析<\/h2>

1. 和我的保险说去吧！（AI对抗样本）<\/h3>

2. Dragon（XXTEA加密）<\/h3>

3. HashBaseWorld（量子密码）<\/h3>

4. Prover（逆向与Z3约束求解）<\/h3>

5. RSA.iso（RSA密码学）<\/h3>

解题思路<\/h4> 使用自动化工具分析RSA实现中的漏洞，利用Isogeny技巧恢复flag。<\/p>

6. EzHNP（格密码）<\/h3>

7. ez_rsa（RSA与数论）<\/h3>

8. qrandom（量子随机数）<\/h3>

Secret<\/h4> d6ab2cee1952cfce74f3bf22b1e460b974f767dd1bb3a4b90fb219047f214e8f<\/code><\/p>

9. Lesscommon（对称加密）<\/h3>

解题思路<\/h4> 分析并破解特定的对称加密算法实现。<\/p>

FLAG<\/h4> flag{8c1fe64f-1085-48bb-947e-7635abc40f4c}<\/code><\/p>

概述<\/h2>
本文对第三届陇剑杯CTF竞赛中的多个题目进行详细解析，涵盖AI对抗样本、密码学、逆向工程等多个领域的技术要点和解题思路。<\/p>

解题思路<\/h4>
使用自动化工具分析RSA实现中的漏洞，利用Isogeny技巧恢复flag。<\/p>

Secret<\/h4>
`d6ab2cee1952cfce74f3bf22b1e460b974f767dd1bb3a4b90fb219047f214e8f<\/code><\/p>`

解题思路<\/h4>
分析并破解特定的对称加密算法实现。<\/p>

FLAG<\/h4>
`flag{8c1fe64f-1085-48bb-947e-7635abc40f4c}<\/code><\/p>`