diff --git a/crypto/even_rsa_can_be_broken/encrypt.py b/crypto/even_rsa_can_be_broken/encrypt.py new file mode 100644 index 0000000..2b39a7f --- /dev/null +++ b/crypto/even_rsa_can_be_broken/encrypt.py @@ -0,0 +1,34 @@ +from sys import exit +from Crypto.Util.number import bytes_to_long, inverse +from setup import get_primes + +e = 65537 + +def gen_key(k): + """ + Generates RSA key with k bits + """ + p,q = get_primes(k//2) + N = p*q + d = inverse(e, (p-1)*(q-1)) + + return ((N,e), d) + +def encrypt(pubkey, m): + N,e = pubkey + return pow(bytes_to_long(m.encode('utf-8')), e, N) + +def main(flag): + pubkey, _privkey = gen_key(1024) + encrypted = encrypt(pubkey, flag) + return (pubkey[0], encrypted) + +if __name__ == "__main__": + flag = open('flag.txt', 'r').read() + flag = flag.strip() + N, cypher = main(flag) + print("N:", N) + print("e:", e) + print("cyphertext:", cypher) + exit() + diff --git a/crypto/even_rsa_can_be_broken/solve.py b/crypto/even_rsa_can_be_broken/solve.py new file mode 100755 index 0000000..b2e4d69 --- /dev/null +++ b/crypto/even_rsa_can_be_broken/solve.py @@ -0,0 +1,53 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i sage -p sage python3Packages.pwntools python3Packages.pycryptodome + +import time +import sys + +from sage.all import * + +from pwn import * +from Crypto.Util.number import long_to_bytes + +ADDR, PORT, *_ = "verbal-sleep.picoctf.net 56956".split() + +def factor_n(n) -> (int, int): + print('Factoring N') + start = time.time() + factors = ZZ(n).factor() + stop = time.time() + print(f"Took: {stop - start}") + + p, q, *rest = [x[0] for x in list(factors)] + assert len(rest) == 0 + + return p, q + +def decrypt(p: int, q: int, e: int, n: int, enc: int) -> bytes: + phi = (p - 1) * (q - 1) + d = inverse_mod(e, phi) + m = power_mod(enc, d, n) + return long_to_bytes(m) + +def main(): + r = remote(ADDR, PORT) + + n = int(r.recvline().split(b' ')[1].strip()) + e = int(r.recvline().split(b' ')[1].strip()) + enc = int(r.recvline().split(b' ')[1].strip()) + + r.close() + + print(f"{n=}") + print(f"{e=}") + print(f"{enc=}") + + p, q = factor_n(n) + + print(f"{p=}") + print(f"{q=}") + + print(decrypt(p, q, e, n, enc).decode()) + +if __name__ == '__main__': + main()