arm macOS 的平行桌面无法安装 9008 驱动的解决方案：不用平行桌面，用 brew 安装安卓调试桥工具后，找到刷机包或 MiFlash 目录中的 flash*.bat，将其修改为 bash 语法，具体修改后的脚本如下。

Lab util: Unix utilities [1/2] What’s in this part? [???] 本章会涉及到 LEC 1 (rtm): Introduction and examples (handouts: xv6 book) / 简介和示例 (讲义: xv6 书籍) / Preparation: Read chapter 1 (for your amusement: Unix) / 准备: 阅读第 1 章 (供您娱乐: Unix)

目前仅做记录，题目都挺有意思，后面复现，最近忙 / bard 1 solve / Do you like poetry? If you can understand my poetry, I’ll give you what you want! Tcache 0 solve / I have a T(table), I have a cache(simulation).en~ Tcache. (本题不建议多开交互，可能会出现灵异bug) collisions 0 solve

With LLM / 划分并开启 Swap 检查当前的 Swap 状态： 使用以下命令查看当前系统的 Swap 使用情况： swapon --show 创建 Swap 文件 创建一个 Swap 文件，例如 2GB 大小的文件： fallocate -l 2G /swapfile 或者 / sudo dd if=/dev/zero of=/swapfile bs=1M count=2048 设置文件的权限和格式： chmod 600 /swapfile mkswap /swapfile 启用 Swap 文件 swapon /swapfile 持久配置 Swap 修改 /etc/fstab，添加 /swapfile none swap sw 0 0 以自动启用 Swap 文件。

创建 san.cnf 配置文件，用于定义证书的详细信息，包括国家、组织、域名等。 定义扩展属性，如 subjectAltName。 [ req ] default_bits = 256 default_md = sha256 default_keyfile = key.pem prompt = no encrypt_key = no distinguished_name = dn req_extensions = req_ext x509_extensions = v3_ca [ dn ] C=HK ST=Hong Kong L=Hong Kong O=Example Organization OU=IT Department [email protected] CN = example.hk [ req_ext ] subjectAltName = @alt_names [ v3_ca ] subjectAltName = @alt_names [ alt_names ] IP.1 = 192.168.1.1 DNS.1 = example.hk 生成 ECDSA 私钥： openssl ecparam -genkey -name prime256v1 -out ecdsa_private.key 生成证书签名请求 (CSR)： openssl req -new -key ecdsa_private.key -out ecdsa.csr -config san.cnf 生成自签名证书： openssl x509 -req -in ecdsa.csr -signkey ecdsa_private.key -out ecdsa_certificate.crt -days 365 -extensions v3_ca -extfile san.cnf 自签名 ECDSA 证书和私钥就生成完成了

上文配置好 Nix 管理后（还没完全发布），有些洁癖，就用 apt 卸载掉部分基础包，同时执行 apt auto-remove。这时习惯性 reboot 后发现 ssh 连接失败，控制台重启系统也还是不行。无奈，用 KVM 提供的 VNC 上去看看。但并不能复制

多平台多系统的版本控制工具(?)，且能在不破坏环境变量的情况下临时加载程序 / 安装 Nix 我选择非官方安装程序安装 / curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install Nix commands nix search 搜索包在此WebSite搜索，但在终端中也许会更方便。例如，我要搜索 fish / nix search nixpkgs fish 更精准的搜索（多加几个关键词）

8abyRSA 题面 from Crypto.Util.number import getPrime, bytes_to_long from LCGRandom import lcg flag = b"DASCTF{xxxx}" m = bytes_to_long(flag) q = getPrime(512) p = getPrime(512) Q = pow(q, 2, p) # Q = q^2 mod p n = p*q e = getPrime(512) c = pow(m, e, n) print('c = ' + str(c)) mul = p n = e c = Q lcg1 = lcg(2023, mul, n, c) print(lcg1.generate(6)) # Data # c = 14968774972802568447907734980942381885170753466134942777553237930032293557412276601708303806296932877792965437305452274767013479132983066980557420348521340748653518789837988349171582558831336243036976332252071289409948879158346086243451785505819420501498240344839999096449458990633841326838003742773196414924 # [1829291767649461103161355195365566822501625317566021355553611375584303624765389047237072963403651896280059309840080549881138083110457632256619677785411889, 8614784647131959905489143385414473366220060118109917221659356152996027731619256154868253763867569947876938642677951734943013867186530789820165520197525548, 7845112879564311528346861967994968539141359532994486000551038947867807602664345244223622318955917969589790931596150225393028516278795565957075910272882168, 464696663556289552651401659156226806419638205935729756668755007052945250273596319671267391086858010496056118762904740103810918505838370732992982394379753, 6368769952056267497431070536699202267447921981615807369090285698513090854334005214066202915932322373348204466447234330868540529876844912401907159350901200, 4401214958628797991805307100256403706658940216552816808894942142670769563264366171079551655390635613048161714797548328158857275108940238519111063046341755] c = 14968774972802568447907734980942381885170753466134942777553237930032293557412276601708303806296932877792965437305452274767013479132983066980557420348521340748653518789837988349171582558831336243036976332252071289409948879158346086243451785505819420501498240344839999096449458990633841326838003742773196414924 lcg_gen_6 = [1829291767649461103161355195365566822501625317566021355553611375584303624765389047237072963403651896280059309840080549881138083110457632256619677785411889, 8614784647131959905489143385414473366220060118109917221659356152996027731619256154868253763867569947876938642677951734943013867186530789820165520197525548, 7845112879564311528346861967994968539141359532994486000551038947867807602664345244223622318955917969589790931596150225393028516278795565957075910272882168, 464696663556289552651401659156226806419638205935729756668755007052945250273596319671267391086858010496056118762904740103810918505838370732992982394379753, 6368769952056267497431070536699202267447921981615807369090285698513090854334005214066202915932322373348204466447234330868540529876844912401907159350901200, 4401214958628797991805307100256403706658940216552816808894942142670769563264366171079551655390635613048161714797548328158857275108940238519111063046341755] seed = 2023 Exploit SageMath’s Code / from sage.all import * import random from Crypto.Util.number import long_to_bytes lcg_gen_6 = [1829291767649461103161355195365566822501625317566021355553611375584303624765389047237072963403651896280059309840080549881138083110457632256619677785411889, 8614784647131959905489143385414473366220060118109917221659356152996027731619256154868253763867569947876938642677951734943013867186530789820165520197525548, 7845112879564311528346861967994968539141359532994486000551038947867807602664345244223622318955917969589790931596150225393028516278795565957075910272882168, 464696663556289552651401659156226806419638205935729756668755007052945250273596319671267391086858010496056118762904740103810918505838370732992982394379753, 6368769952056267497431070536699202267447921981615807369090285698513090854334005214066202915932322373348204466447234330868540529876844912401907159350901200, 4401214958628797991805307100256403706658940216552816808894942142670769563264366171079551655390635613048161714797548328158857275108940238519111063046341755] """ seed = 2023 x = [seed] x = x + lcg_gen_6 """ x = lcg_gen_6 x1 = x[0] x2 = x[1] x3 = x[2] t = [] for i in range(1, len(x)): t.append(x[i] - x[i-1]) # 恢复 Modulus m = 0 for i in range(1, len(t)-1): m = GCD(t[i+1]*t[i-1] - t[i]*t[i], m) print(f'[+] modulus: {m}') n = m # 恢复 Multiplier, Increment (a, b) R = Zmod(n) a = R(x[2] - x[1]) / (x[1] - x[0]) b = R(x[1] - a * x[0]) print(f'[+] a = {a}\n[+] b = {b}') # 也许参数位置不对 p = ZZ(a) e = ZZ(b) Q = ZZ(n) # Q \equiv q^2 \pmod{p} # 求二次剩余, 返回空, 大概率位置错了 # [] # check location print(f'[*] Parameters location check:\t{is_prime(p)} {is_prime(e)} {is_prime(Q)}') # 1 0 1 # p, q, e 均为 512-bits 素数, 而上面第二个返回值为 False, 则说明位置错了 Q, e = e, Q # 判二次剩余 if not legendre_symbol(Q, p) == 1: print('[-] No solution') else: print('[+] Found solution') # Solution quadratic residue # Modulus is prime, So # Cipolla Algorithm class CipollaAlgorithm: def __init__(self, p): self.p = p # 模数p def mul(self, a, b, w): # 复数乘法 x = (a[0] * b[0] + a[1] * b[1] * w) % self.p y = (a[0] * b[1] + a[1] * b[0]) % self.p return (x, y) def qpow_r(self, a, b): # 实数快速幂 res = 1 while b: if b & 1: res = res * a % self.p a = a * a % self.p b >>= 1 return res def qpow_i(self, a, b, w): # 复数快速幂 res = (1, 0) while b: if b & 1: res = self.mul(res, a, w) a = self.mul(a, a, w) b >>= 1 return res[0] def cipolla(self, n): n %= self.p if self.qpow_r(n, (self.p - 1) // 2) == self.p - 1: return -1 # 没有解 while True: a = random.randint(0, self.p-1) w = (a*a - n) % self.p if self.qpow_r(w, (self.p - 1) // 2) == self.p - 1: break x = (a, 1) return self.qpow_i(x, (self.p + 1) // 2, w) # Q = q^2 mod p p = p n = Q cipolla = CipollaAlgorithm(p) ans1 = cipolla.cipolla(n) ans2 = (-ans1) % p ans = [] if ans1 == -1: print("[-] No solution") else: if ans1 > ans2: ans1, ans2 = ans2, ans1 if ans1 == ans2: ans.append(ans1) else: ans.append(ans1) ans.append(ans2) # check prime for i in ans: if not is_prime(i): # print(f'[-] {i} is not prime') pass else: q = i print(f'[+] {i} is prime') print('[*] DONE Quadratic Residue') phi = (p - 1) * (q - 1) d = inverse_mod(e, phi) c = 14968774972802568447907734980942381885170753466134942777553237930032293557412276601708303806296932877792965437305452274767013479132983066980557420348521340748653518789837988349171582558831336243036976332252071289409948879158346086243451785505819420501498240344839999096449458990633841326838003742773196414924 m = pow(c, d, p * q) print(f'[*] 全因子解密: \n{long_to_bytes(m)}') # uuid 长 42 bytes # DASCTF{} 长 8 bytes # 50 * 8 = 400 bits < 512 bits # 单因子解密 phi = p - 1 d = inverse_mod(e, phi) m = power_mod(c, d, p) print(f'[*] 单因子解密: \n{long_to_bytes(m)}') """ inva = inverse(a, n) x1 = x[0] for i in range(300): x1 = (x1 - b) * inva % n try: flag = long_to_bytes(x1) if b'flag{' in flag: print(flag) except Exception as err: print(err) continue """

老蕃享 | 人均 20 RMB 依托，又贵又难吃 麦当劳 | 人均 22 RMB 麦门，神中神 肆同粥铺 | 人均 14 RMB 偶尔会有免费的粥喝（多在晚上非饭点），下班较早 热干面八块，大份11（周边最便宜的面店） 好+多 手工面 | 人均 20 RMB 开在便利店里，周围唯一一家陕西面店，店主关门不干了（肉夹馍不好吃，油泼面还行）小贵 KFC | 人均 23 RMB 不多说，也是神，但周四人真是太多了 Dicos | 人均 18 RMB 炸鸡不错，但打包后的手提袋如果要的话 0.3 RMB 一个 零食有鸣 | 人均 NaN RMB 买水挺便宜，散装零食不如打开淘宝点击天猫超市 米由米拌饭馆 | 人均 26 RMB 依托，但能吃，就是量太少，米饭还行