OVERVIEW
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
This course was very helpful to people who are willing to learn RSA in deep and how to play around with basic concepts to intermediate concepts and also how to solve RSA problems with programming language skills. My main aim was to understand RSA and use my python skills to solve the problems.
The course consist of 18 lessons
, while i was solving this course 80% i used python and 20% i used pen and piece of paper, but will try to solve it here with python from lesson 1-18
Modular Exponentiation
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
solution
Public Keys
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Were required to compute for the ciphertext.
solution
Euler's Totient
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
solution
Private Keys
The challenge needs us to compute for the value of the private key d
.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
solution
RSA Decryption
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
solution
RSA Signatures
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Now here we have been given an additional private.key file which consist of N and d
solution
Factoring
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Factorise the 150-bit number 510143758735509025530880200653196460532653147
into its two constituent primes. Give the smaller one as your answer.The simplest way to factorize such type of number we can do this with online(factordb.com) method.
solution
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Monoprime
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
also we have been given the file output.txt.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
solution
This challenge demotrate the use of one prime number, on the next challenge we will see how we can solve manyprimes challenge.
And on trying to run the script you get the flag.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Manyprime
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
In order to solve this challenge, we need first to find these prime numbers from N, we can use online too or simple python script. Am going to use online tool(factordb.com).
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Now my next step here was to create a array of these factors and use for loop.
solution
And when we run the script we get our flag.

Salty

also this challenge we can see were given two files, which are salt.py and output.txt


From the code above we can see that ths script starts by importing the libraries, then initialize the value of d
and e
and then compute for the value of p
and q
,phi
and d
but also good enough we can see how the ciphertext and plaintext is being generated, now from here lets try to implement the script that can solve all this all and give us a flag.
Implementing the solution of this was is very simple since because the value of e=1, we can only convert the ct
from long_t0_bytes and we get the flag.
solution

Modulus Inutilis

Also with this challenge were given two files, modulus_utilis.py and output.txt.


Now again we need to understand the script given and what we need to work on so as we can get the flag.
From the script above now we can see we have been given a small exponential again, possible attack here is small exponential attack
.
solution

Working with Fields

solution
Generators of Groups

solution
Computing Public Values

Well the description and details are very straight forward we just need to understand about Diffie-Hellman protocol
and the paramater and from here we can solve the rest the of the challenges.
Since because we have all the value we can just use pow()
to ge the calculate the public value with pow(g,a,p).
solution
Computing Public Values
In this challenge we will forcus on solving the shared secret, we all know that the shared secret between bob and alice should be the same.

solution

Deriving Symmetric Keys

Well this time were provided with some additional information such as IV and ciphertext but also were beeen given a almost simplified script that we will be using along the way to solve this challenges.
solution
And when we run the script we get the flag.

Parameter Injection
solution
First of all before automating everything, we have to understand what we want to automate. Here what i did,we can see what is being sent/received is json format, so I tried to send some bogus json data in the format they want us to send and observe it up to the end, i.e

Something to keep in mind that the encrypted_flag and IV keep changing, so inorder to find a way to decrypt this we need something like pwntools and the schema of decryption script we were given in the previous challenge.
And we finally get the flag.

Export-grade
What we have done from the previous challenge is what were going to apply but we will just make a simple twist based with the output we get after connecting back.


solution
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
import hashlib
from pwn import *
import json
from sympy.ntheory.residue_ntheory import * #help to calculate 'a' from diff Helman alg
def is_pkcs7_padded(message):
padding = message[-message[-1]:]
return all(padding[i] == len(padding) for i in range(0, len(padding)))
def decrypt_flag(shared_secret: int, iv: str, ciphertext: str):
# Derive AES key from shared secret
sha1 = hashlib.sha1()
sha1.update(str(shared_secret).encode('ascii'))
key = sha1.digest()[:16]
# Decrypt flag
ciphertext = bytes.fromhex(ciphertext)
iv = bytes.fromhex(iv)
cipher = AES.new(key, AES.MODE_CBC, iv)
plaintext = cipher.decrypt(ciphertext)
if is_pkcs7_padded(plaintext):
return unpad(plaintext, 16).decode('ascii')
else:
return plaintext.decode('ascii')
# remote connection
r = remote('socket.cryptohack.org', 13379)
r.recvuntil('Send to Bob:')
r.sendline(b'{"supported": ["DH64"]}')
r.recvuntil('Send to Alice:')
r.sendline(b'{"chosen": "DH64"}')
r.recvuntil('Intercepted from Alice:')
data = r.readline().strip()
data = json.loads(data)
p = int(data["p"], 16)
g = int(data["g"], 16)
A = int(data["A"], 16)
r.recvuntil("Intercepted from Bob:")
data = r.readline().strip()
data = json.loads(data)
B = int(data["B"], 16)
r.recvuntil("Intercepted from Alice:")
data = r.readline().strip()
data = json.loads(data)
iv = data["iv"]
ciphertext = data["encrypted_flag"]
# calculating shared secret
'''
From
A = pow(g,a,p) - we have everything except 'a'
B = pow(g,b,p) - we have no b,
calculating a
a =discrete_log(p,A,g)
b =discrete_log(p,B,g)
Then
shared_secret(alice) = shared_secret(bob)
shared_secret = pow(B,a,p)
'''
a = discrete_log(p, A, g)
b = discrete_log(p, B, g)
print("The value of a and b", {a,b})
#print(sharedSecretAlice = pow(A,b,p))
#SharedSecretBob = pow(B,a,p)
#print("Alice & Bob shared secret: ", {SharedSecretAlice,SharedSecretBob})
shared_secret = pow(B,a,p)
print("Shared_secret is: ", shared_secret)
print(decrypt_flag(shared_secret, iv, ciphertext))

And finally we get our course done.
