--- layout: post title: "DeconstruCT.F 2021 | CRYPTO | RSA-3" date: 2021-10-03 13:37:00 +0700 tags: [ctf, writeup] --- <figure> <img src="https://cdn.discordapp.com/attachments/874145963407720513/894206917239513118/Group.png"> </figure> #### CRYPTO | RSA-3 (250 points | 85 solves) Challenge Description: ``` Alright, this is the big leagues. You have someone's Public Key. This isn't unusual, if you want to send someone an encrypted message, you have to have thier public key. Your job is to evaluate this public key, and obtain the value of the secret exponent or decryption exponent (The value of "d" in an RSA encryption). Wrap the number that you find with dsc{<number>}! ``` We're given a file(`mykey.pub`) that has the following content: ```python -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAQEB+34C7GuhHbhLHus9oqCf HR5N2e6WlnXb+MP5qCbY9fbjoWmgVqKTRu8Zv81KjjlQ531oc8x4tf0H4kyuPjng AI0UjWdEcNnNWy7ErnJzdwW8jGrZSpj7BZe9eoPdo3l16lnTDQCxTnm/1YF+crA1 Ek7wIQG5S0fguTGebiwLX79qVFcCRvCccSQKhiuJiZjK0MOrWYlnm8O518tw0ZUu aFhgtFaBJyTI04aN5oTZF3gyuPDZ8MCTp7wYoJ4CvcONlUpobAqSZ1/VIqDxlYM2 Yo6h101wGzW/jucsg+8Np+V+4vHXaSLpz6DOhA7TZIAozzL+4I5SfL0lzzfXSQB8 CQKCAQEBHvBcAbNv9v7I/ZieaKjZxEclI5AXjA/igQcW4sz7uHPyt0/5aX5TGEkr fROs9renIw7JTkXeo9uArubEIcp47g4346dg5i0tmxbUzF/Pzz3JJGqygmhbVnIl MP93Iwm2VUOMuTSffK01NdmyysC7xy0OudHb+GtzUv40H2rcTe6VqPuV0pVY5qiv njPeBKl5TVsxrwbyVXdj+1hjh2pwc2fUZY1LZUAhybrxK/9d2LcZeidUK8IWV92z gE/AYbNDsbwruLR91iO9DTEH99z0OIjMj/xnIkY/kb8j5lCdIITsU8VxAdzkx05I Ia54t6o2+2vXKYfQgSwjeXRBywgglQ== -----END PUBLIC KEY----- ``` Solution:<br> This is a public key commonly used for RSA. First we import the file, then get the public exponent (e) and the modulus (n). ```python #!/usr/bin/env python3 from Crypto.PublicKey import RSA key = RSA.import_key(open('./mykey.pub').read()) print("n :",key.n) print("==========") print("e :",key.e) ``` Output: ``` [>] python3 solve.py n : 64064959164923876064874945473407049985543119992992738119252749231253142464203647518777455475109972581684732621072998898066728303433300585291527582979430276357787634026869116095391514311111174206395195817672737320837240364944609979844601986221462845364070396665723029902932653368943452652854174197070747631242101084260912287849286644699582292473152660004035330616149016496957012948833038931711943984563035784805193474921164625068468842927905314268942153720078680937345365121129404384633019183060347129778296640500935382186867850407893387920482141216498339346081106433144352485571795405717793040441238659925857198439433 ========== e : 36222680858414256161375884602150640809062958718117141382923099494341733093172587117165920097285523276338274750598022486976083511178091392849986039384975758609343597548039166024042264614496506087597114091663955133779956176941325431822684716988128271384410010471755324833136859652978240297120618458534306923558546176110055737233883129780378153307730890915697357455996361736492022695824172516806204252765904924281272883818154621932085365817823019773860783687666788095035790491006333432295698178378520444810813882117817329847874531809530929345430796600870728736678389479159328119322587647856274762262358880664585675219093 ``` As we can see, the given public value of the exponent (e) has a large value. Which means the private exponent (d) has a small value. We can try the wiener attack to solve this problem. I used the [owiener library](https://github.com/orisano/owiener) to help solve this problem. Since the private exponent is the flag, wrap the value of d in the flag format. Solver: ```python #!/usr/bin/env python3 from Crypto.PublicKey import RSA import owiener key = RSA.import_key(open('./mykey.pub').read()) #print("n :",key.n) #print("==========") #print("e :",key.e) #print("==========") d = owiener.attack(key.e, key.n) if d is None: print("Failed") else: print("dsc{"+str(d)+"}") ``` Output: ```bash [>] python3 solve.py dsc{6393313697836242618414301946448995659516429576261871356767102021920538052481829568588047189447471873340140537810769433878383029164089236876209147584435733} ``` FLAG : **dsc{6393313697836242618414301946448995659516429576261871356767102021920538052481829568588047189447471873340140537810769433878383029164089236876209147584435733}**