RSA-Warmup
Description
RSA is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and distinct from the decryption key which is kept secret.
You all know this :p
here is a warmup question.
nc crypto.zh3r0.ml 8451
Author : Finch
Lets quickly net cat
nc crypto.zh3r0.ml 8451
N: 435484878707323717609558908428491732080200620496222706225612081470705045338826568738839503441895810259829684805194635719585140773967024755976185135262187024552092814455723595911873136367728098843543576413761698077300341835156919036506196997741966308833553400592985253519980085783152705343962743180838960657525326043909
e 65537
CT: 344574180374241624848705934620869545190736337907266252318911171383290243897129862062313026831187186976704177305590626082499994500075570738182284039651256397437868001748970087145045390243038430722206063983740148183702626114632523965797127289304488799040619348710378056179517002039171315275774158768719676479442190241480
We have N, we have e, we have CT, No other information, This is most likely to be the generic RSA challenge where N is some special case factorizable. OKAY lets do this
from pwn import remote
from sympy import factorint
HOST, PORT = "crypto.zh3r0.ml", 8451
REM = remote(HOST, PORT)
n = int(REM.recvline().strip()[2:])
e = int(REM.recvline().strip()[2:])
c = int(REM.recvline().strip()[3:])
p, q = factorint(n)
phi = (p-1)*(q-1)
d = pow(e, -1, phi)
m = pow(c, d, n)
print(bytes.fromhex(hex(m)[2:]).decode())
# zh3r0{RSA_1s_Fun}
And we get our flag, just like that.
Checking why was it easibly factorizable?
p,q =
(2942026403, 134575070417930364036003727741376685615812461954350484569708437014667994680713813781468183983386234011962070146684234011280627785955402931339880339689145836820522726630562036268896319664602063579145594582463191728917055827142635500611088623983035188866470062494891880603875253301899285045944864340088876075089)
Since p was small, RSA makes no promise :sad:
zh3r0{RSA_1s_Fun}
PREVIOUSCTFs-2020