PolarD&N—Crypto困难

分段解密

[[3202805436L, 509716930L], [3140667873L, 1667141091L], [3173275598L, 2248305098L], [709283154L, 3416762332L]]

import sys

def abc(First):  
    First = c_uint32(First) # 无符号数！
    return First


def enflag(i, j):
    a = 32
    tt = 0x9e3779b9
    b = [0,0]
    First = abc(i[0])
    Second = abc(i[1])
    add = abc(0)
    add=add.value
    while(a>0):
        add += tt
        First.value += ( Second.value << 4 ) + j[0] ^ Second.value + add ^ ( Second.value >> 5 ) + j[1]
        Second.value += ( First.value << 4 ) + j[2] ^ First.value + add ^ ( First.value >> 5 ) + j[3]
        a = a - 1
    b[0] = First.value
    b[1] = Second.value
    return b
    

def str_encoding(ecryptText, PK):
    List = []
    ecryptText += (8 - len(ecryptText) % 8) * chr(0) #用0补位，补到8n
    for m in range(len(ecryptText)/8): #8位为一组
        p = 0
        q = 0
        for n in range(4):
            p+= ord(ecryptText[m*8+n]) << (4-n-1)*8
            q+= ord(ecryptText[m*8+n+4]) << (4-n-1)*8
        List.append(enflag([p,q],PK))
    return List

if __name__ == "__main__":
    flag = xxxx
    PK = [141,262,339,425]
    crypto = str_encoding(flag,PK)
    print(crypto)

经过分析，该加密为TEA加密算法如下链接有该算法的讲解

TEA算法解析 - iBinary - 博客园 (cnblogs.com)

根据算法解密写出脚本

from ctypes import *
from libnum import n2s

def decipher(i,j):
    First = c_uint32(i[0])
    Second = c_uint32(i[1])
    a = 32
    tt = 0x9e3779b9
    add = tt << 5
    b = [0,0]
    while(a>0):
        a -= 1
        Second.value -= ((First.value << 4) + j[2]) ^ (First.value + add) ^ ((First.value >> 5) + j[3])
        First.value -= ((Second.value << 4) + j[0]) ^ (Second.value + add) ^ ((Second.value >> 5) + j[1])
        add -= tt
    b[0] = First.value
    b[1] = Second.value
    return b

# 将大整数转换为常规普通整数
c = [[3202805436, 509716930], [3140667873, 1667141091], [3173275598, 2248305098], [709283154, 3416762332]]
PK = [141,262,339,425]
for i in range(4):
    x,y = decipher(c[i],PK)
    print(n2s(x),n2s(y))
#b'{fla' b'g_s1'
#b'_LIN' b'JI_W'
#b'USHU' b'1}ga'
#b'lf\x00\x00' b''

b'{fla' b'g_s1'
b'_LIN' b'JI_W'
b'USHU' b'1}ga'
b'lf\x00\x00' b''

合并一下

{flag_s1_LINJI_WUSHU1}galf

逆序输出

s = '{flag_s1_LINJI_WUSHU1}galf'
print(s[::-1])
#flag}1UHSUW_IJNIL_1s_galf{

flag{1UHSUW_IJNIL_1s_galf}

BabyRSA

题目给出附件

flag.txt

??4N鄮?挅?编佔tQ>鴅鏠(Tk-0<瑗5G??`靖縓lfTGj?繤而?X??棭GP甕;F╡3%泟o?腟?R蒣Q畋慱?吰"堑`&~芈:＄2淨靼熙b?

private.key

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCsWryPAQj9cp1O9UDVRQEWg3k7dsQfalNs8Xa4/ZOsTVvWwfu6
EPWbr3av5ewn/SCWqJbltLaJd122sBH1lcPygyxTtkQvPCamnVdtN+3qzZ0VxZkT
i7jaoR+SPgsPEiCZYN0JsJ104A0SZ0bXtAslmpIc4sE/+kqHSd5dfZmHVQIDAQAB
AoGBAKXl6N2VV3vtmLFprHAcLYHoJwcvuHOsuoSAn5BMtJoDFEVRDuX4cRDcAdgp
7fhH09hwil6sZY9IEDJKo97Ju4LcjrT3UtOGXWJOeEZCJHfP5s/62/2lZCAHjK3G
V1udujf1K0g0M0RcZLE41Rep8zKj/ASr4cmXkQgEgZ4gsII5AkEA1BP03n7liHYj
9SMoUVGceGtBhvyfVjzU74q1TFpmhWzQ3/hMqIfI498I5+voPBnFJj1Op1aE2wHH
RVKtnlqW3wJBANAMs3TXKCTP/cJm0LRXttzXgpID/jkY4e0KHZhpuJdkbBFs+Z1Z
BxfgfHwXVO17O1VOwZZNf2uh//oeFqH/LEsCQEJ70xrhCxHhf1o84EnF3Nh/PzaT
AVxmi5ZglH9QI62WNFDSJS38C0UsST1zXgVhSsW3GG4rGFET2KVpytXGrl8CQHS1
a0Y0HFTqSJPxUUqZmf8w9hIrI0Wsa7CpaAjD5cUnlGgCFdTqyEvgpnSGMiI2awZj
87z5JG2gpxQMJO4jUxkCQBiGHY58w0/yuRRr6HnAbF1LiS7JzedbXK3f3vO/IhMs
jZPBfOdeQyWnih3FT83o+L/u+PfUIEy9iaz0+KriuHQ=
-----END RSA PRIVATE KEY-----

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from Crypto import Random
private_key = RSA.importKey(open('private.key','r').read())
c = open('flag.txt','rb').read()
cipher_obj = PKCS1_v1_5.new(private_key)
random_generator = Random.new().read
plain_text = cipher_obj.decrypt(c,random_generator)
print(plain_text)
#b'flag{57c2f8cf484134e31167e294cc8441c3}'

另一种：

题目给出了RSA的私钥文件和密文，因为RSA是非对称加密算法：公钥加密，私钥解密。因此针对密文通过私钥可以还原出明文值，而明文值就是本题对应所求的flag。

EasyRsa

from Crypto.Util.number import bytes_to_long, long_to_bytes, getPrime
import gmpy2, os

p = getPrime(512)
q = getPrime(512)
n = p*q
e = 65537
c = pow(flag1,e,n)
print(hex(n).strip("L"))
print(hex(c).strip("L"))
q = getPrime(512)
n = p*q
c = pow(flag2,e,n)
print(hex(n).strip("L"))
print(hex(c).strip("L"))
# 0x6364991c9ff97120fa450866ab1a3a0bd4e16bd71c8f7a0a4229b1307531fef6e2cb2410c3283db91e49476a8afcd590aedc3384b5045b2fb57208587a242e94e7528ea4998b66f3a57c7ac66b806d9631f8cff3e73557630a0e70467b5f6246ee3fbc6ed89d00af1e931cfabbc5f1deddb99a14dfac51820ffe48f2841bc1a1
# 0x17343966398f483e121de6c2515d630ebc31b0cbdbed5cdc2c09c2b253fc0bc9a055e222eac108e189b6bd6a705d2972c5ce435fa5a4469602bb7a0d0ee95c3f397a3fa4985e6cb7531eb1b5603be134d0dce2c47069d216063b5aea135681edebcfb20c86c3ab09c350901639ee5f74831b056b33c7c26fcef7a34fd39e9dab
# 0x4bf20122dc9f3fbd31bf4389d2a497392caa3de045fe217b692620874ce7a63146c6348c3f65a08bd3f9ec893236e904ceac4e54acdf04e198e7d2bb085c4d646be300158bafc27615875f65d2d1b196d14c024de581f511519631da1d727d6b4fd9c02298b6334938e5a6a7616389948fb9f35677fad6d596d95e5e67aa5549
# 0x2583826196498e3c4b5e1c9c967a74337e85f2b4f9827f2e0a164e3923644a3859c85bf8248ddfcb90f03c31f8704548d7dfd071581eee8a268ef715f93636485b56e559eef55ceee7a54706cf12717d035cc1f6fca838e8ce32fcbd413565ff78500c9810ff8c22ae09d3746b927b4768fc92e6d46a2dfb395cd14ae1321fd0

读代码，显然是公用一个p

from Crypto.Util.number import *
import gmpy2
n1 = 0x6364991c9ff97120fa450866ab1a3a0bd4e16bd71c8f7a0a4229b1307531fef6e2cb2410c3283db91e49476a8afcd590aedc3384b5045b2fb57208587a242e94e7528ea4998b66f3a57c7ac66b806d9631f8cff3e73557630a0e70467b5f6246ee3fbc6ed89d00af1e931cfabbc5f1deddb99a14dfac51820ffe48f2841bc1a1
n2 = 0x4bf20122dc9f3fbd31bf4389d2a497392caa3de045fe217b692620874ce7a63146c6348c3f65a08bd3f9ec893236e904ceac4e54acdf04e198e7d2bb085c4d646be300158bafc27615875f65d2d1b196d14c024de581f511519631da1d727d6b4fd9c02298b6334938e5a6a7616389948fb9f35677fad6d596d95e5e67aa5549
c1 = 0x17343966398f483e121de6c2515d630ebc31b0cbdbed5cdc2c09c2b253fc0bc9a055e222eac108e189b6bd6a705d2972c5ce435fa5a4469602bb7a0d0ee95c3f397a3fa4985e6cb7531eb1b5603be134d0dce2c47069d216063b5aea135681edebcfb20c86c3ab09c350901639ee5f74831b056b33c7c26fcef7a34fd39e9dab
c2 = 0x2583826196498e3c4b5e1c9c967a74337e85f2b4f9827f2e0a164e3923644a3859c85bf8248ddfcb90f03c31f8704548d7dfd071581eee8a268ef715f93636485b56e559eef55ceee7a54706cf12717d035cc1f6fca838e8ce32fcbd413565ff78500c9810ff8c22ae09d3746b927b4768fc92e6d46a2dfb395cd14ae1321fd0
e = 65537
p = gmpy2.gcd(n1,n2)
q1 = n1//p
q2 = n2//p
d1 = gmpy2.invert(e,(p-1)*(q1-1))
d2 = gmpy2.invert(e,(p-1)*(q2-1))
m1 = long_to_bytes(pow(c1,d1,n1))
m2 = long_to_bytes(pow(c2,d2,n2))
print(m1+m2)
#b'flag{c9bee33232dbbf7872763d69d769c74d}'

classic

FGAFDAXAGXDGDXAXAGDDAFDAAFFGFDAFGX

明显是ADFGX加密，字母表默认，密钥classic

# ADFGX密码
import re
INDEX_DIC = "ADFGX"
def judge_table(table):
    if len(table) != 25:
        return 0
    return 1
def sort_key(key):
    key_len = len(key)
    key_lis = re.findall(".", key)
    index_lis = [i for i in range(key_len)]
    # print(key_lis)
    # print(index_lis)
    # 冒泡法
    for i in range(key_len):
        for j in range(key_len-i-1):
            if key_lis[j] > key_lis[j+1]:
                key_lis[j], key_lis[j+1] = key_lis[j+1], key_lis[j]
                index_lis[j], index_lis[j+1] = index_lis[j+1], index_lis[j]
    # print(key_lis)
    # print(index_lis)
    return index_lis

def encrypt_adfgx(string, table, key):
    if not judge_table(table):
        return -1
    ciphertext = ""
    ciphertext_temp = ""
    for i in string.replace("j", "i"):
        index = table.index(i)
        ciphertext_temp += INDEX_DIC[index // 5] + INDEX_DIC[index % 5]
    ciphertext_lis = re.findall(".{1,"+str(len(key))+"}", ciphertext_temp)
    # print("ciphertext_lis", ciphertext_lis)
    sort_index = sort_key(key)
    for index in sort_index:
        for j in ciphertext_lis:
            try:
                ciphertext += j[index]
            except:
                pass
    # print(ciphertext_temp)
    return ciphertext

def decrypt_adfgx(string, table, key):
    key_len = len(key)
    string_len = len(string)
    if not judge_table(table):
        return -1
    if string_len % 2 != 0:
        return -1
    plaintext = ""
    plaintext_temp = ""
    plaintext_lis = []

    # 一列最小个数
    min_lin = string_len // key_len
    # 有多少最大个数的列
    max_col = string_len % key_len
    # print(f"m={m}, n={n}")
    index = 0
    # 分组
    sort_index = sort_key(key)
    for i in sort_index:
        if i < max_col:
            plaintext_lis.append(string[index:index+min_lin+1])
            index += min_lin+1
        else:
            plaintext_lis.append(string[index:index+min_lin])
            index += min_lin
    # 还原列顺序
    for i in range(key_len-1):
        for j in range(key_len-i-1):
            if sort_index[j] > sort_index[j+1]:
                sort_index[j], sort_index[j+1] = sort_index[j+1], sort_index[j]
                plaintext_lis[j], plaintext_lis[j+1] = plaintext_lis[j+1], plaintext_lis[j]
    # 合成字符串，并转为横纵坐标
    for i in range(min_lin+1):
        for j in plaintext_lis:
            try:
                plaintext_temp += str(INDEX_DIC.index(j[i]))
            except:
                pass
    # 查表
    plaintext_num_lis = re.findall(".{2}", plaintext_temp)
    for i in plaintext_num_lis:
        plaintext += table[int(i[0])*5 + int(i[1])]
    # print(plaintext_temp)
    return plaintext

if __name__ == '__main__':
    table_ = "phqgmeaynofdxkrcvszwbutil" #默认字母表，如需替换，另附
    key_ = "classic"    #密码
    m = "njntysecu"     #待加密明文
    c = "FGAFDAXAGXDGDXAXAGDDAFDAAFFGFDAFGX"    #待解密密文
    ciphertext_ = encrypt_adfgx(m, table_, key_)
    plaintext_ = decrypt_adfgx(c[::-1], table_, key_)#c[::-1]目的是令密文倒序
    print(f"{plaintext_}: {ciphertext_}")
# flagisadfgxcipher

提交不正确，转MD5小写

flag{2520c00687b0e5924a0d07fc33e86292}

波奥比利斯

hint:74686973206973206D643520426F6F6D21

6cd29f23de85b1309128ff736c7efbf6
efa4e6f5c6359cc2eadc5d731716468e
408a9c4a79800232ac656249af3162eb
6adff50182df8ad3b836f7fb9dc5c4ab
6ae0af41daeb79509ab3b47b5ed8a687

key:qwertyuiopasdfghjklzxcvbn

hint部分是十六进制，转文本看看

这是md5爆破

得到

43341353524234134123511341

易知是波利比奥斯密码的密文。附件中也给了密钥：qwertyuiopasdfghjklzxcvbn

flag{polarstar}

四个正方形

不要QQ.txt
明文:cajfedlarc
hint:两个key是该密码创始人的姓名

四个方块应该是四方密码，题目提示的也很明确，去掉字母q

四方密码是一种对称式加密法，由法国人Felix Delastelle（1840年–1902年）发明

a	b	c	d	e		f	e	l	i	x
f	g	h	i	j		a	b	c	d	g
k	l	m	n	o		h	j	k	m	n
p	r	s	t	u		o	p	r	s	t
v	w	x	y	z		u	v	w	y	z
xxxxxxxxxx1 1flag{b5ff0893e6522a037c144a1f502c2b48}txt	e	l	a	s		a	b	c	d	e
t	b	c	f	g		f	g	h	i	j
h	i	j	k	m		k	l	m	n	o
n	o	p	r	u		p	r	s	t	u
v	w	x	y	z		v	w	x	y	z

明文两两一组，分别作为矩形的两个顶点，补全矩形，另外两个顶点，先右上，后左下，对应得到密文

对“flagishere“MD5小写

flag{eedda7bea3964bfb288ca6004a973c2a}

数学大师

下载后发现是一个可执行exe文件，第一题是求1998阶乘，取前十位，在sagemath中计算

[*]LEVEL 1
[*]v = 1998*1997*1996*1995...*3*2*1
[*]str(v)[0:10]=?
[*]Please input your ansewer:

第二关

[*]LEVEL 2
[*]φ(718)=?
[*]hint:Euler's totient function
[*]Please input your ansewer:

百度一下可以得知是欧拉函数，欧拉函数φ(N)表示小于或等于N的正整数中与N互质的数的个数。

在sage中求解欧拉函数可以用euler_phi()，可得 358

第三关

[*]LEVEL 3
[*]3*x+z-y=14,2*y+3*x-z=439,x+y+z=318
[*]x = :

解方程

x,y,z = var('x y z')
solve([3*x+z-y==14,2*y+3*x-z==439,x+y+z==318],x,y,z)

拿到flag{2381885c659b0eb108fe24c4297e5c04}

大主教的猪

大主教开的猪圈里的所有猪都不见了，你能帮大主教找到他们在哪吗？
hint：得到的结果小写套上flag{}提交。

显然是猪圈密码，但是不同于其他猪圈密码的是，没有了pigs四个字母，只需要往前移就可以

对照解密即可

flag{they_are_on_the_truck}

玩转数独

（1,3,2,2）
（1,3,3,1）
（3,2,2,2）
（3,1,1,3）
（2,2,2,2）
（2,2,1,2）
（1,2,3,1）
（2,3,1,3）
（3,3,3,3）

记得结果MD5小写套上flag{}哟~

数独在线解

附件给的四维坐标，没啥头绪，看看博客

观察坐标，每组坐标有四个元素，但每个元素的范围都是在1-3，所以想到是不是分成了两个坐标系。一个大的，一个小的

前两个定位方块，后两个定位数字

692998839

flag{e19ba6a38dae099e68e3d05f7447755b}

堂吉诃德走入猪圈

附件内容

得到答案用MD532位小写加密套上flag{}
压缩包密码为数字

堂吉诃德分别对应” 678 5 56 67 “，第一眼让人很摸不着头脑，但是试了几次，发现就是找笔画

对应猪圈密码找到数字是”5748“，解压得到flag.txt,

TIAMO

将其转换为MD5小写

flag{ccc49f40c1c0dd3c0f3bd7da83eb2643}

Round

这里有两串密码，来找找flag在哪吧
（听说阿拉伯数字全世界通用哦）

和谐民主和谐富强和谐民主和谐自由和谐富强和谐民主和谐自由和谐富强和谐文明和谐富强和谐民主和谐自由和谐富强和谐爱国和谐爱国和谐民主和谐富强和谐爱国
和谐爱国和谐自由和谐文明和谐民主和谐富强和谐民主和谐富强和谐爱国和谐爱国和谐自由和谐民主和谐富强和谐爱国和谐爱国和谐文明和谐富强和谐民主和谐富强和谐爱
国和谐爱国和谐自由和谐文明和谐富强和谐爱国和谐爱国和谐自由和谐文明和谐民主和谐富强和谐爱国和谐爱国和谐自由和谐文明和谐民主和谐富强和谐爱国和谐爱国和谐
自由和谐文明和谐民主和谐富强和谐爱国和谐爱国和谐自由和谐文明和谐民主和谐富强和谐爱国和谐爱国和谐自由和谐文明和谐民主

lqbehgfdajmopcikn

将找到的字符串进行md5加密后套上flag{}即可

把社会主义核心价值观编码连起来解密

1014014020140881088421010884108820108842088421088421088421088421088421

只有”01248“，云影加密

a = "1014014020140881088421010884108820108842088421088421088421088421088421"
a = a.split("0")
flag = ''
for i in range(0, len(a)):
    str = a[i]
    sum = 0
    for i in str:
        sum += int(i)
    flag += chr(sum + 64)
print(flag)
#AEEBEQWAURAVWWWWW

第一个txt文件给的是轮转机加密

转轮密码机由多个转轮构成，每个转轮旋转的速度都不一样，比如有3个转轮，分别标号为1,2,3，其中1号转轮转动26个字母后，2号转轮就转动一个字母，当2号转轮转动26个字母后，3号转轮就转动1个字母。因此，当转轮密码机转动26X26X26次后，所有转轮恢复到初始状态，即3个转轮密码机的一个周期长度为26X26X26（17576）的多表代换密码。

所以把”lqbehgfdajmopcikn“换成字符”12,17,2,5,8,7,6,4,1,10,13,15,16,3,9,11,14“

import re
text=""
code = [
"BRUEIFYRGBEUNVUICRHFU",
"FYURGUAROINNIEURYVYRU",
"E3BYUGDUWRNYUTFSRDE5W",
"FURYGRUTGUTUNAWGDUIEB",
"UYGIGNGIHFYBFYURGFURB",
"TFRUBYFUVOVNERTWINDUE",
"HUGRURBIGGNSUITIMTQEI",
"GBUTNGUIJTINGIEGFURYU",
"TYVCTYSAIBYEIFWIRHUGF",
"TRTUBGUYTRGSONIUONRRI",
"6YMUYTNYTIUWABRWBTESS",
"BRUHGUFGTJNUBAFDEGTEF",
"DHYEUBFYEYFTYUEBFIUBA",
"CTBRTNUKMIWGRBEHSDDVC",
"RUEBFUIRGFRBVXUAVTYEF",
"YUGRTFBUKCZUIWEIHUEFB",
"FRVRUIYUFRLNRUYGQEBYE"
]
print(code)
codetext="AEEBEQWAURAVWWWWW"
codenum = "12,17,2,5,8,7,6,4,1,10,13,15,16,3,9,11,14"
codenum=codenum.split(",")#把这些数字都弄到一个里面去
#print(codenum)
a=0
print("解密后的：")
for i in codenum:
    index=code[int(i)-1].index(codetext[a])
    a=a+1
    code[int(i)-1]=code[int(i)-1][index:]+code[int(i)-1][:index]
    print(code[int(i)-1])

#完成了变形了

print("下面是每一列的")
for i in range(len(code[0])):
      str=""
      print("第{}列的是:".format(i),end="")
      for j in codenum:
          str+=code[int(j)-1][i]
      print(str.lower())

得到 ” 第14列的是:flagisvucuuub3ayr “

flag转化大写后再MD5

flag{52c85c0bb38a8fc993d335401b56d9b6}

low encryption exponent RSA

# -*- coding = utf-8 -*-
# @software:PyCharm
from Crypto.Util.number import *
import libnum

flag = b'***********************'
m = bytes_to_long(flag)
n = getRandomNBitInteger(2048)
e = 5
c = pow(m, e, n)
print(n)
print(c)
#n=18049146130359556157811138499355569967231668855528566823643376144155931993553424757354835027829037263429007310779886281743425186527415596058004878860570474866413182148724803537036078612785180550377667299555519230603647447077725080756322343538156406080031959768393145744701092093127752647143419553963316375696232038952573236311522683541862835602321038621904842874356522524316864553501304106884213097353522958546518042728628006318129608745487662533959888992223736595503203451378533217004433230837006796341055201266431153548000348148960250455415972226546646460918890401484239320725539304914347952245606818833495867312063
#c=377041108412334062897923100149371833160065752130578483588828849399791858197434981428466047315212724764223394695011882740933537996983126187094472520344493047769519118482187945467176598341785927269390299847888131061799861412055502165865052720513992259109503509827127768615772091500352075827289290029872935215672798059068944088543667111296361405639896493856695176145088430237388172420390881291650155157688737470414069130558367036786376549227175617218017578125

小王在学习了RSA加密后知道了，当n非常大时，将n拆分成两个素数相乘就变得十分困难，从而能够保证加密的安全性， 于是小王自以为是的使用了函数自动生成了很大的n，以为这样就很安全了，但他似乎没有考虑e对c的影响

常规的低加密指数攻击

exp:

from gmpy2 import iroot
import libnum
e = 0x5
n = 18049146130359556157811138499355569967231668855528566823643376144155931993553424757354835027829037263429007310779886281743425186527415596058004878860570474866413182148724803537036078612785180550377667299555519230603647447077725080756322343538156406080031959768393145744701092093127752647143419553963316375696232038952573236311522683541862835602321038621904842874356522524316864553501304106884213097353522958546518042728628006318129608745487662533959888992223736595503203451378533217004433230837006796341055201266431153548000348148960250455415972226546646460918890401484239320725539304914347952245606818833495867312063
c = 377041108412334062897923100149371833160065752130578483588828849399791858197434981428466047315212724764223394695011882740933537996983126187094472520344493047769519118482187945467176598341785927269390299847888131061799861412055502165865052720513992259109503509827127768615772091500352075827289290029872935215672798059068944088543667111296361405639896493856695176145088430237388172420390881291650155157688737470414069130558367036786376549227175617218017578125

k = 0
while 1:
    res = iroot(c+k*n,e)  #c+k*n 开5次方根 能开5次方即可
    if(res[1] == True):
        print(libnum.n2s(int(res[0]))) #转为字符串
        print(res[0])
    k=k+1
#b'flag{fea80b814dcb0ff0a17e36c1e72569e7}'

AFF

明显的仿射密码

flag = "WMPTPTRGGPED"
flaglist = []
for i in flag:
    flaglist.append(ord(i)-97)
flags = ""
for i in flaglist:
    for j in range(0,26):
        c = (3 * j - 17) % 26
        if(c == i):
            flags += chr(j+97)
print(a,b,flag)

读代码可知a = 3,b = 17,c = WMPTPTRGGPED

thisisaffine
flag{THISISAFFINE}

BASE

明显的base64换表

j2rXjx8wSZjD
GHI3KLMNJOPQRSTUb=cdefghijklmnopWXYZ/12+406789VaqrstuvwxyzABCDEF5
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789=+/

cyberchef

flag{666}