AlexCTF 2017 - CR3 What is this encryption?
Category: writeupsTags: alexctf-2017 crypto
CR3 What is this encryption?
Crypto - 150 Points
Fady assumed this time that you will be so n00b to tell what encryption he is using he send the following note to his friend in plain sight :
p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9
q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307
e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41
c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520
He is underestimating our crypto skills!
Writeup
p, q, e, c. Just casual name if you don’t know the most studied public-key cryptosystem RSA.
The security of RSA holds as long as the attacker can’t factorize n (that is equals to p*q).
Here Fady commited a big mistake by giving us p and q.
With those we can compute λ(n) using the Carmichael’s totient function with lcm(p-1,q-1) and finally find the decryption key d, the modular multiplicative inverse of e (modulo λ(n)) -> d⋅e ≡ 1 (mod λ(n))
So, this can be easily done with p4’s crypto-commons library
Magic
#!/usr/bin/env python2
from crypto_commons.rsa.rsa_commons import *
from crypto_commons.generic import *
p=0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9
q=0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307
e=0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41
c=0x7fe1a4f743675d1987d25d38111fae0f78bbea6852cba5beda47db76d119a3efe24cb04b9449f53becd43b0b46e269826a983f832abb53b7a7e24a43ad15378344ed5c20f51e268186d24c76050c1e73647523bd5f91d9b6ad3e86bbf9126588b1dee21e6997372e36c3e74284734748891829665086e0dc523ed23c386bb520
p=int(p)
q=int(q)
e=int(e)
c=int(c)
fi=lcm(p-1,q-1)
d=modinv(e,fi)
m=rsa(c,d,p*q)
print(long_to_bytes(m))The flag is ALEXCTF{RS4_I5_E55ENT1AL_T0_D0_BY_H4ND}