又是CRT

import hashlib
from functools import reduce
from Crypto.Util.number import *

ms = [getRandomNBitInteger(128) for i in range(8)]
p = reduce(lambda x,y: x*y, ms)
x = getRandomRange(1, p)
cs = [x % m for m in ms]

flag = "flag{" + hashlib.sha256(str(x).encode()).hexdigest() + "}"
# assert("6db1ad4e" in flag)
print(flag)
# ms = [225171945994442247996581055098823263139, 310193846708532070976230730840060255113, 294717022803450326034461172866846896626, 323041742184244574340545985431264453307, 323134658040029031950091984536193316987, 198722498762116028361967364117672805554, 275420276991315547146652539118755199170, 220933201077147479374879093480591083540]
# cs = [50664790127162750730845109587767933015, 91745865104647958764847661520573459998, 88986425477751913267388500134576385858, 163483062360460301108125623316040949505, 120323223927022415995635580090556794061, 64307517531018530908505632173120904336, 7162453244593375550627134908252284080, 55840904472801221491492987502626897930]

ms并不互素
可以通过求他们的最小公倍数
再爆破

import hashlib
from functools import reduce
from gmpy2 import gcd
from Crypto.Util.number import *
Num=8
m = [225171945994442247996581055098823263139, 310193846708532070976230730840060255113, 294717022803450326034461172866846896626, 323041742184244574340545985431264453307, 323134658040029031950091984536193316987, 198722498762116028361967364117672805554, 275420276991315547146652539118755199170, 220933201077147479374879093480591083540]
a = [50664790127162750730845109587767933015, 91745865104647958764847661520573459998, 88986425477751913267388500134576385858, 163483062360460301108125623316040949505, 120323223927022415995635580090556794061, 64307517531018530908505632173120904336, 7162453244593375550627134908252284080, 55840904472801221491492987502626897930]
gbs=reduce(lambda x,y: x*y//gcd(x,y), m)#最小公倍数
p = reduce(lambda x,y: x*y, m)
def egcd(a, b):
      if a == 0:
            return (b, 0, 1)
      else:
            g, y, x = egcd(b % a, a)
      return (g, x - (b // a) * y, y)
def china(num):
      m1,a1,lcm=m[0],a[0],m[0]
      for i in range(1,num):
            m2=m[i]
            a2=a[i]
            c=a2-a1
            g,k1,k2=egcd(m1,m2)
            lcm=lcm*m[i]//gcd(lcm,m[i])
            if c%g :
                  print('No Answer!')
                  return 0
            x0=c//g*k1
            t=m2//g
            x0=(x0%t+t)%t
            a1+=m1*x0
            m1=m2//g*m1
      return a1
ans=china(Num)
i=0
x=ans+i*gbs
while x<p:
      flag = "flag{" + hashlib.sha256(str(x).encode()).hexdigest() + "}"
      if ("6db1ad4e" in flag):print(flag)
      i+=1
      x=ans+i*gbs

佛洛依德

刚做过buu的救世捷径
只会手撕
最后一个肯定是25-26
往上推 求他的平均权值

12-22-25-26
后面就是唯一的了

BKZ

#!/usr/bin/env python
# -*- coding: utf-8 -*-
from decimal import *
import math
from secret import flag
getcontext().prec = 100

assert (len(flag) == 48)
msg1 = [ord(_) for _ in flag[:24]]
msg2 = [ord(_) for _ in flag[24:]]

primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89]

keys = []
for i in range(len(msg1)):
    keys.append(Decimal(int(primes[i])).ln())#以e为底的对数

sum_ = Decimal(0.0)#一位小数
for i, c in enumerate(msg1):
    sum_ += c * Decimal(keys[i])

ct = math.floor(sum_ * 2 ** 256) #取整数部分
print(ct)#713371052192639014040959356443457250191678764845641399352042912147208581049649974

sum_ = Decimal(0.0)
for i, c in enumerate(msg2):
    sum_ += c * Decimal(keys[i])

ct = math.floor(sum_ * 2 ** 256)
print(ct)#5631701358814830099203833000006942388654775632803391247903458563308963482487505327

提示是背包原理 还有一个矩阵
应该是用矩阵相乘做的咩
https://www.cnblogs.com/czcz1024/p/12564626.html
还是不会咩