# NCtfU - 5/31 (Crypto? Onebone) (Online) ###### tags: `新手場` `nctfu2021` ## 會參加 - Onebone - idisused ## 講者 - Onebone ## 講者筆記 ### RSA $n = p * q$ $phi = (p-1)*(q-1)$ $ed \equiv 1 (mod\ phi)$ pt: plain text ct: cipher text $ct \equiv pt^e mod\ n$ $pt \equiv ct^d mod\ n$ $encrypt(m1) * encrypt(m2) = ((m1^e) * (m2^e)) mod\ n = (m1 * m2)^e mod\ n = encrypt(m1 * m2)$ ### when e is small ```python import gmpy2 from Crypto.Util.number import long_to_bytes for i in range(a_big_enough_integer): m, true_root = gmpy2.iroot(i*n + ct, e) if true_root: print(long_to_bytes(m)) break ``` ### when n is small - 直接找 p q ### Wiener's attack - The attack uses the continued fraction method to expose the private key **d** when **d** is small ```python import owiener d = owiener.attack(e, n) ``` ### python3 library - pip3 install pycryptodome - apt install python3-gmpy2 - pip3 install owiener - binascii ### 也許有幫助的網站 - [RsaCtfTool](https://github.com/Ganapati/RsaCtfTool) - [factordb](http://factordb.com/) - [字頻轉換](https://www.quipqiup.com/) - [rot online](http://theblob.org/rot.cgi) - [base64 online](https://www.base64decode.org/) - [Vigenère online](https://www.guballa.de/vigenere-solver) - [encode/decode 大雜燴](https://www.asciitohex.com/) ### blind sql injection - substr ```sql substr(select something, start_index, end_index) = 'a'; substr((select col_name from db_name.tbl_name limit 1, 1)1, 1) < '0' ``` ### lab - picoGym - Mind your Ps and Qs - Mini RSA - Dachshund Attacks - No Padding, No Problem - triple-secure - rsa-pop-quiz ## 共筆 - https://cryptohack.org/ - https://www.sagemath.org/