Skip to content

Instantly share code, notes, and snippets.



Last active Aug 29, 2015
What would you like to do?
PlaidCTF 2015: curious writeup
#!/usr/bin/env python
import RSAwienerHacker
def int2ascii(n):
# Cut off 0x and L
h = hex(n)[2:-1]
# Convert each hex byte to ascii char
return "".join([chr(int(h[i:i+2], 16)) for i in range(0, len(h), 2)])
with open("captured_a4ff19205b4a6b0a221111296439b9c7") as f:
txt ="\n")[1:-1]
# Magic the input into a list of lists
data = [[int(y.strip()[2:-1], 16) for y in x[1:-1].split(":")] for x in txt]
for (N, e, c) in data:
d = RSAwienerHacker.hack_RSA(e, N)
if d != "NOPE":
m = pow(c, d, N)

The description mentioned e. Looking through the given data, some of the e are greater than their respective N. Going through the toolbox of standard RSA attacks, we find Wiener's attack, which lets us recover d < 1/3*N**(1/4)

I found an implementation, and threw the numbers at it.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment