crypto/even_rsa_can_be_broken

This commit is contained in:
2026-07-04 19:55:59 +09:00
parent 752af9a139
commit d0fe1fac6e
2 changed files with 87 additions and 0 deletions
+34
View File
@@ -0,0 +1,34 @@
from sys import exit
from Crypto.Util.number import bytes_to_long, inverse
from setup import get_primes
e = 65537
def gen_key(k):
"""
Generates RSA key with k bits
"""
p,q = get_primes(k//2)
N = p*q
d = inverse(e, (p-1)*(q-1))
return ((N,e), d)
def encrypt(pubkey, m):
N,e = pubkey
return pow(bytes_to_long(m.encode('utf-8')), e, N)
def main(flag):
pubkey, _privkey = gen_key(1024)
encrypted = encrypt(pubkey, flag)
return (pubkey[0], encrypted)
if __name__ == "__main__":
flag = open('flag.txt', 'r').read()
flag = flag.strip()
N, cypher = main(flag)
print("N:", N)
print("e:", e)
print("cyphertext:", cypher)
exit()
+53
View File
@@ -0,0 +1,53 @@
#!/usr/bin/env nix-shell
#!nix-shell -i sage -p sage python3Packages.pwntools python3Packages.pycryptodome
import time
import sys
from sage.all import *
from pwn import *
from Crypto.Util.number import long_to_bytes
ADDR, PORT, *_ = "verbal-sleep.picoctf.net 56956".split()
def factor_n(n) -> (int, int):
print('Factoring N')
start = time.time()
factors = ZZ(n).factor()
stop = time.time()
print(f"Took: {stop - start}")
p, q, *rest = [x[0] for x in list(factors)]
assert len(rest) == 0
return p, q
def decrypt(p: int, q: int, e: int, n: int, enc: int) -> bytes:
phi = (p - 1) * (q - 1)
d = inverse_mod(e, phi)
m = power_mod(enc, d, n)
return long_to_bytes(m)
def main():
r = remote(ADDR, PORT)
n = int(r.recvline().split(b' ')[1].strip())
e = int(r.recvline().split(b' ')[1].strip())
enc = int(r.recvline().split(b' ')[1].strip())
r.close()
print(f"{n=}")
print(f"{e=}")
print(f"{enc=}")
p, q = factor_n(n)
print(f"{p=}")
print(f"{q=}")
print(decrypt(p, q, e, n, enc).decode())
if __name__ == '__main__':
main()