Skip to content
This repository has been archived by the owner on Mar 24, 2022. It is now read-only.

Commit

Permalink
Added new challenge for coppersmith
Browse files Browse the repository at this point in the history
  • Loading branch information
@ashutosh1206
ashutosh1206 committed Apr 13, 2019
1 parent a4795a0 commit 7e34fbf
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 2 deletions.
5 changes: 3 additions & 2 deletions RSA-encryption/Attack-Coppersmith/Challenges/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# Challenges


| S.No. | Challenge | CTF | Year | Difficulty Level | Points |
|-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:|
| 1 | [Stereotypes](stereotypes/) | Backdoor | 2017 | _None_ | |
| 2 | [Bazik](https://ctftime.org/task/6293) | Meepwn-Quals | 2018 | _None_ | 100 |
| 2 | [Bazik](https://ctftime.org/task/6293) | Meepwn-Quals | 2018 | _None_ | 100 |
| 3 | [Really Suspicious Acronym](Really-Suspicious-Acronym/) | CONFidence CTF Teaser | 2019 | _None_ | 99 |
10 changes: 10 additions & 0 deletions RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Really Suspicious Acronym

1. **Challenge Description**: You can't break my public key if you don't know it, amirite?
2. **Challenge write-ups**:
+ [by s0rc3r3r](https://ctftime.org/writeup/13941)

## Directory Contents
1. [task.sage](task.sage) - challenge encryption script
2. [output.txt](output.txt) - output file; includes public key, ciphertext etc.
3. [exploit.sage](exploit.sage) - solution script, written in sage
33 changes: 33 additions & 0 deletions RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/exploit.sage
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
from Crypto.Util.number import *
from sage.all import *

c1 = 4249729541274832324831915101850978041491970958978013333892918723306168770472089196478720527554982764987079625218029445015042835412969986610407794962546486526768377464483162272541733624521350257458334912357961557141551376502679112069746250223130120067678503609054343306910481618502449487751467838568736395758064426403381068760701434585433915614901796040740316824283643177505677105619002929103619338876322183416750542848507631412106633630984867562243228659040403724671325236096319784525457674398019860558530212905126133378508676777200538275088387251038714220361173376355185449239483472545370043145325106307606431828449482078191
c2 = 13075855845498384344820257559893309320125843093107442572680776872299102248743866420640323500087788163238819301260173322187978140866718036292385520509724506487692001245730298675731681509412177547061396861961413760298064385526657135656283464759479388590822600747903100354135682624356454872283852822117199641700847558605700370117557855396952083088645477966782338316017387406733063346986224014837246404581562813312855644424128648363175792786282857154624788625411070173092512834181678732914231669616670515512774709315620233482515821178277673737845032672993814500177126048019814877397547310166915188341668439101769932492677363463422
flag = 1325070956009103489249194637347510588506729608784127511926628895543304940415297099207601498626181915901848862854995077315475674257593360012633818395699000501896896712855638114932274873636706679536094148084825113213348693669110684534612150434985589138003619494080556587882502882245480530148296233019306164832959924719530089539412878605051284492900919153291539285764067215954480046474237129247005910958854570936626494664674014970792183182621261776942952172643573955950074108555363333808330455648256916095619261620286120748266415219259665310637340092503523139379869446053982200858497231506892485419429178671743186148288407233657
m1 = bytes_to_long("You can't factor the modulus")
m2 = bytes_to_long("If you don't know the modulus!")
e = 65537

N = 34825223743402829383680359547814183240817664070909938698674658390374124787235739502688056639022131897715513587903467527066065545399622834534513631867145432553730850980331789931667370903396032758515681278057031496814054828419443822343986117760958186984521716807347123949922837482460532728350223473430713058522361175980521908817215812291272284241848086260180382693014713901303747444753828636575351349026883294939561001468099252543181336195746032718177937417431101756313823635150129601855358558635996348271242920308406268552606733676301725088348399264293936151662467456410825402303921583389167882090767423931762347825907802328053

c = flag

hidden = 500
tmp = isqrt((N)/(0xdead * 0xbeef))
print "tmp: ", tmp
q_approx = 0xbeef*tmp - 2**500
print q_approx

F.<x> = PolynomialRing(Zmod(N), implementation='NTL')
f = x - q_approx

roots = f.small_roots(X=2**hidden, beta=0.1)
for delta in roots:
print('delta', delta)
print('q_approx - delta', q_approx-delta)
q = q_approx-delta
p = int(N)/int(q)
d = inverse_mod(65537, (p-1)*(q-1))
print("d", d)
decrypted = hex(int(pow(c,d,N)))
print('flag =', decrypted[2:-1].decode("hex"))
3 changes: 3 additions & 0 deletions RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/output.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
msg1 = 4249729541274832324831915101850978041491970958978013333892918723306168770472089196478720527554982764987079625218029445015042835412969986610407794962546486526768377464483162272541733624521350257458334912357961557141551376502679112069746250223130120067678503609054343306910481618502449487751467838568736395758064426403381068760701434585433915614901796040740316824283643177505677105619002929103619338876322183416750542848507631412106633630984867562243228659040403724671325236096319784525457674398019860558530212905126133378508676777200538275088387251038714220361173376355185449239483472545370043145325106307606431828449482078191
msg2 = 13075855845498384344820257559893309320125843093107442572680776872299102248743866420640323500087788163238819301260173322187978140866718036292385520509724506487692001245730298675731681509412177547061396861961413760298064385526657135656283464759479388590822600747903100354135682624356454872283852822117199641700847558605700370117557855396952083088645477966782338316017387406733063346986224014837246404581562813312855644424128648363175792786282857154624788625411070173092512834181678732914231669616670515512774709315620233482515821178277673737845032672993814500177126048019814877397547310166915188341668439101769932492677363463422
flag = 1325070956009103489249194637347510588506729608784127511926628895543304940415297099207601498626181915901848862854995077315475674257593360012633818395699000501896896712855638114932274873636706679536094148084825113213348693669110684534612150434985589138003619494080556587882502882245480530148296233019306164832959924719530089539412878605051284492900919153291539285764067215954480046474237129247005910958854570936626494664674014970792183182621261776942952172643573955950074108555363333808330455648256916095619261620286120748266415219259665310637340092503523139379869446053982200858497231506892485419429178671743186148288407233657
15 changes: 15 additions & 0 deletions RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/task.sage
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
def bytes_to_long(data):
return int(data.encode("hex"),16)

def rsa(msg,e,n):
return pow(bytes_to_long(msg),e,n)

flag = open('flag.txt','r').read()
tmp = randint(2**1023, 2**1024)
e = 65537
p = next_prime(0xDEAD*tmp+randint(2, 2**500))
q = next_prime(0xBEEF*tmp+randint(2, 2**500))
N = p*q
print('msg1 = '+str(rsa("You can't factor the modulus",e,N)))
print('msg2 = '+str(rsa("If you don't know the modulus!",e,N)))
print('flag = '+str(rsa(flag,e,N)))

0 comments on commit 7e34fbf

Please sign in to comment.