Skip to content

Instantly share code, notes, and snippets.

@Lense Lense/solve_captured.py
Last active Aug 29, 2015

Embed
What would you like to do?
PlaidCTF 2015: curious writeup
#!/usr/bin/env python
# https://github.com/pablocelayes/rsa-wiener-attack
import RSAwienerHacker
def int2ascii(n):
# Cut off 0x and L
h = hex(n)[2:-1]
# Convert each hex byte to ascii char
return "".join([chr(int(h[i:i+2], 16)) for i in range(0, len(h), 2)])
with open("captured_a4ff19205b4a6b0a221111296439b9c7") as f:
txt = f.read().split("\n")[1:-1]
# Magic the input into a list of lists
data = [[int(y.strip()[2:-1], 16) for y in x[1:-1].split(":")] for x in txt]
for (N, e, c) in data:
d = RSAwienerHacker.hack_RSA(e, N)
if d != "NOPE":
m = pow(c, d, N)
print(int2ascii(m))
exit(0)

The description mentioned e. Looking through the given data, some of the e are greater than their respective N. Going through the toolbox of standard RSA attacks, we find Wiener's attack, which lets us recover d < 1/3*N**(1/4)

I found an implementation, and threw the numbers at it.

flag_S0Y0UKN0WW13N3R$4TT4CK!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.