Time for RSA!
e = 65537
n = 134023913680045880492110426626164090971954352532495944119602241841766743315344885078078359876157853261789964632342961459801834169156073972150056251259429043527344585589350222304649100454018523375146422111308080990153227407607374257909945989989405880451908900962388521742688809203045971595430040363546058882461
c = 28029822339281125656746130462465126562337695724847502110361462137424051877785282190017747622367185811734822848358173889752744532793526865170001730008026265012114272142868291439355242497819138690415609825725896275747305098862360965342890612304634184172461662826694263502110523984165435588581876100119126419239
p = 10982621221489294931830537773519582919197608543135586716536756890800033254598710943732068869355188441831549541090720220093538940987353399632224377192068317
Flag Format: /flag{.+}/
Solution
RSA is a cryptosystem which allows for secure data transmission. RSA mangles
the plain text
in a form that makes it undecipherable
to people without the
key, while making it much easier for people with a key to open it and get back
the message.
The mathematics is out of the scope of this article, I would encourage a serious reading on your own to figure it out.
The steps to generate a RSA key is as follows.
- Generate two large prime numbers
p
, andq
. n
=p
*q
.e
is a number co-prime tolcm(p -1, q - 1)
and 1 <e
<n
d
=1 / e mod (p - 1)(q - 1)
The 1 / e
in this case, should not be confused with division. It is the
inverse_modulo
operation, I.E. d
is the number, which when multiplied with
e
has the following relation.
ed = 1 mod (p - 1)(q - 1)
This notation will also be confusing for a newbie to modular arithmatic. What this means is that
(e * d) mod (p - 1)(q - 1) = 1
The public key consists of n
and e
. The secret key consists of the rest.
Namely, d
, p
, q
.
The security of RSA relies on the one-way trap function of multiplication.
Which means that for a function f
f((x, y)) = x * y | x, y ∈ Z
It is easy enough to go from (x, y)
to x * y
(multiplication). But is is
far more difficult to go from x * y
to (x, y)
(factorization).
The encryption for an message, converted to an integer form, m
is given as…
c = RSA_e_n(m) = m ^ e mod n
c
is the cipher text. RSA_e_n
is a notation used to denote that the RSA
parameters of e
, and n
are constant and a feature of RSA instead of being
a part of the arguments to a RSA function.
To get back the m
from the c
we require the presence of d
, which is a good
hint as to why it is a part of the private
key in the first place.
m' = inverse_RSA_e_n_d(c) = c ^ d mod n
It is also now interesting to note why p
and q
are part of the private
key. That comes because if you have either of p
or q
, generating a d
for the RSA key is trivial. Because you can easily find the other factor, and
quickly generate the d
via doing a modular_inverse operation of e on base of
(p - 1) * (q - 1).
Once d
is obtained, decryption can be done since you now have the key.
Since this is the introductory RSA problem, I am kind enough to give the p
directly, which means that this RSA is totally broken.
I also give the following number to integer conversion scheme.
A -> 0x41 = 64
AA -> 0x4141 = 16705
AAAAAA -> 0x4141414141 = 280267669825
Which basically says that the number is converted to a hexadecimal representation, and then the hexadecimal is intepreted as an ASCII string.
So now, it's time for some sage
. Sage Math is a number crunching library with
a ton of useful functions built-in.
There are many alternatives to give, but it is a personal preference of quite a few people to use sage, and it is not without reason.
e = 65537
n = 134023913680045880492110426626164090971954352532495944119602241841766743315344885078078359876157853261789964632342961459801834169156073972150056251259429043527344585589350222304649100454018523375146422111308080990153227407607374257909945989989405880451908900962388521742688809203045971595430040363546058882461
c = 28029822339281125656746130462465126562337695724847502110361462137424051877785282190017747622367185811734822848358173889752744532793526865170001730008026265012114272142868291439355242497819138690415609825725896275747305098862360965342890612304634184172461662826694263502110523984165435588581876100119126419239
p = 10982621221489294931830537773519582919197608543135586716536756890800033254598710943732068869355188441831549541090720220093538940987353399632224377192068317
q = n / p
d = inverse_mod(e, (p - 1) * (q - 1))
m = pow(c, d, n)
print(m)
This prints out 240545625414703578862070172273428889513126431163886829837844391499244541180606084628879027055096318636117555581
.
Converting this to integer is done by.
print(bytes.fromhex(hex(240545625414703578862070172273428889513126431163886829837844391499244541180606084628879027055096318636117555581)[2:]))
Which prints out b'flag{breaking_rsa_is_easy_if_you_know_the_key}'
. Which is the flag.
Flag
flag{breaking_rsa_is_easy_if_you_know_the_key}
Recommended Reading
ZKP - Zero Knowledge Proofs
#binary #ctf #format string #pwn/*
ZKP : Zero Knwoledge Proof (https://en.wikipedia.org/wiki/Zero-knowledge_proof#Abstract_example)
In this example, Peggy knows the secret word to open a magical door in a cave.
This door interconnects all the entrances to the cave....
Configuring a USB dongle for OpenVZ
#OpenVZ #setup #sysadmin #usb_modeswitchIn order to setup a USB forwarding to a OpenVZ container, you would need to ensure that you have the following packages installed
usb_modeswitch
usb_modeswitch-data
Some device drives connect by default in USB Mass Storage mode. This allows them...
...