Created
September 16, 2019 03:20
-
-
Save Nicholaz99/ff2e98d72382565d14f9c66fbf76b012 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socketserver | |
import random | |
import signal | |
import time | |
import gmpy2 | |
from pwn import * | |
from Crypto.Util.number import * | |
from itertools import product | |
context.log_level = 'error' | |
def s2n(s): | |
return bytes_to_long(bytearray(s, 'latin-1')) | |
def n2s(n): | |
return long_to_bytes(n).decode('latin-1') | |
def gen_fake(r, e, n): | |
arr = [] | |
for i in range(1500): | |
fake_flag = 'fake_flag{%s}' % (('%X' % i).rjust(32, '0')) | |
enc_fake_flag = pow(s2n(fake_flag), e, n) | |
arr.append(enc_fake_flag) | |
return arr | |
e = 0x10001 | |
r = remote("crypto.chal.csaw.io", 1001) | |
# Retrieving N value | |
r.recvuntil("encrypt\n====================================\n") | |
r.sendline('4') | |
r.recvuntil("data:") | |
r.sendline(n2s(2)) | |
enc1 = int(r.recvuntil("\n"), 16) | |
r.recvuntil("encrypt\n====================================\n") | |
r.sendline('4') | |
r.recvuntil("data:") | |
r.sendline(n2s(3)) | |
enc2 = int(r.recvuntil("\n"), 16) | |
r.recvuntil("encrypt\n====================================\n") | |
r.sendline('4') | |
r.recvuntil("data:") | |
r.sendline(n2s(5)) | |
enc3 = int(r.recvuntil("\n"), 16) | |
r.recvuntil("encrypt\n====================================\n") | |
r.sendline('4') | |
r.recvuntil("data:") | |
r.sendline(n2s(7)) | |
enc4 = int(r.recvuntil("\n"), 16) | |
# To prevent if the gcd result is not n but n*gcd(k1, k2) | |
n = gmpy2.gcd(gmpy2.gcd(2**e - enc1, 3**e - enc2), gmpy2.gcd(5**e - enc3, 7**e - enc4)) | |
print "[+] n:", n | |
# get the encrypted real flag | |
r.recvuntil("encrypt\n====================================\n") | |
r.sendline('1') | |
c = int(r.recvuntil("\n"), 16) | |
print "[+] c:", c | |
# Retrieving the factor of n | |
r.recvuntil("encrypt\n====================================\n") | |
r.sendline('3') | |
enc_fake_flag_test = int(r.recvuntil("\n"), 16) | |
fake_flags = gen_fake(r, e, n) | |
for i, enc_fake_flag in enumerate(fake_flags): | |
p = gmpy2.gcd(enc_fake_flag_test - enc_fake_flag, n) | |
if (p > 1): | |
print "[+] p:", p | |
q = n/p | |
phi = (p-1) * (q-1) | |
d = inverse(e, phi) | |
print "[+] Flag:", n2s(pow(c, d, n)) | |
break |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment