def sqrt_chained_fractions(n, limit=None): ''' E.g. sqrt_chained_fractions(13) = [3,(1,1,1,1,6)] ''' s = nroot(n, 2) if s**2 == n: return [s] res = [] ps = 1, 0, 1 seen = {ps: 0} while limit != 0: v, ps = sqrt_iter(n, s, *ps) res.append(v) if ps in seen: pos = seen[ps] period = tuple(res[pos:]) res = res[:pos] res.append(period) return res else: seen[ps] = len(res) if limit is not None: limit -= 1 return res
def test_nroot(self): for x in range(0, 100): for p in range(1, 3): n = x ** p self.assertEqual(libnum.nroot(n, p), x) self.assertEqual(libnum.nroot(-64, 3), -4) self.assertEqual(libnum.nroot(100, 2), 10) self.assertEqual(libnum.nroot(999, 3), 9) self.assertEqual(libnum.nroot(1000, 3), 10) self.assertEqual(libnum.nroot(1001, 3), 10) self.assertRaises(ValueError, libnum.nroot, 100, -1) self.assertRaises(ValueError, libnum.nroot, -100, 4) self.assertRaises(ValueError, libnum.nroot, 1, 0) self.assertRaises(TypeError, libnum.nroot, "qwe")
#!/usr/bin/env python import libnum e = 3 c1 = 261345950255088824199206969589297492768083568554363001807292202086148198540785875067889853750126065910869378059825972054500409296763768604135988881188967875126819737816598484392562403375391722914907856816865871091726511596620751615512183772327351299941365151995536802718357319233050365556244882929796558270337 n1 = 1001191535967882284769094654562963158339094991366537360172618359025855097846977704928598237040115495676223744383629803332394884046043603063054821999994629411352862317941517957323746992871914047324555019615398720677218748535278252779545622933662625193622517947605928420931496443792865516592262228294965047903627 c2 = 147535246350781145803699087910221608128508531245679654307942476916759248311896958780799558399204686458919290159543753966699893006016413718139713809296129796521671806205375133127498854375392596658549807278970596547851946732056260825231169253750741639904613590541946015782167836188510987545893121474698400398826 n2 = 405864605704280029572517043538873770190562953923346989456102827133294619540434679181357855400199671537151039095796094162418263148474324455458511633891792967156338297585653540910958574924436510557629146762715107527852413979916669819333765187674010542434580990241759130158992365304284892615408513239024879592309 c3 = 633230627388596886579908367739501184580838393691617645602928172655297372145912724695988151441728614868603479196153916968285656992175356066846340327304330216410957123875304589208458268694616526607064173015876523386638026821701609498528415875970074497028482884675279736968611005756588082906398954547838170886958 n3 = 1204664380009414697639782865058772653140636684336678901863196025928054706723976869222235722439176825580211657044153004521482757717615318907205106770256270292154250168657084197056536811063984234635803887040926920542363612936352393496049379544437329226857538524494283148837536712608224655107228808472106636903723 key = libnum.solve_crt((c1, c2, c3), (n1, n2, n3)) m = libnum.nroot(int(key), 3) print libnum.n2s(m)
import libnum N = 247157208312655169175097941364280738161257111976460225724719907081110265510517450181419502794457206227461600647913804553439171851865273449559295717229024951735351965745325255241561391509015823198303928588939850683031392486366218841593013566932215141428061199015117025898704736991786081007198271335363347647516874679013119543722851148642512142186199102168074461255284546705588056994149297326331376082141145137980534967406372164077378650248545875219877244489040506317293082270408705203779841533080244655519849164084793887915122847280359452339072498784918027724621588636245527176960457003310429876627882173282069366037431766179722648353575718417895929519296072344510519198593252963273537190447967056699273665756186541135880261688073100218736960343554003491651502334045257343825793705434779809139021362473746587814528428007114308414633338220797896397738142172067161950968365434368211510967904096253326804711795198906393597153228365711080786247894858858419136771806150038968465644512536135428099037524022644906606239281576512245480765249280626544900781649017542649977530381598608436485399917576052247750573936190833224008929770080605906041913084656134359260509037195783858871830359437278131656343708211575987756873026171223324073191307367943843353573378426157170935012284820053625264544030714057464690450568057598110227083895395913850243271935830358181622027323185508807486853971929523201869477689585619024238113916052252320578711256593537267591407960305853736136636628575478996733430026632486500743561965770413140633948002705696925426367918545515713035754606128166993229587155817506068035187995926746472892280477401942441831391756895131543049750847590716935278314226902082626392655666615086297442052602217416486188297831289978272258543231414975069191549588547253936829655332588805672513945883351937495650167502066292697223592894483418517613405613285519159 c = 152721025887735064764471379084548069204525956728140596238274397757947415316727016281416993518884790524343567541799262176820909148208728616947040227306302164641933331109468512979068186962047716308015535717796123080303496277784765187481185086876434873226524784636408104495312136956587251145463229424950634548624036265557622592089071331292811066840281494102799063634204855779210798330603868025111521826209601342683209160845433746624786171189961029265101816540639855230011618388675527443511618729301028631422873421421991470450059414988968787693753741941765791793672069240992955177930884210118700416564364129283739917229225845073750451244070534919112957275948312337882004219145847493047815403283126471638320784008475284616178697542301935170768573588093196019976675846311280356987370969400610196847990069257614148181804915868273001764028563852238142447411811579695265293746037324400494199877368049162903819737962946786971556872009326814914717430484711885484790156341127433550909206551293806568904858726942820132521566970376839336895645431303013575622422180179687172859250687080526393904583834607514619581478966664406178290247731116920836372943133394640322159512633671870473674514938423231596849301615200001553851411828993918474534316510609878376462094608058640335426907349648369552864820322464995077358198844334320833893207364879282292959161203675080110629771237503657412087961891443054530286088807186134851425688726147108076040204500951624929585070273336203814962656253259257806100191430918121713005141607192112560560371475173081441671613602480052062955279287813475764285469835557663176529059039540417149792518941598550609678298901186032272305421028365295602810159191055078633881059737011784127699357480578433240110432805495328517379885306237631225477566136721077348329866885731002878563684349453668924250445128775992616650275173644658245397235667490402628 e = 65537 print libnum.nroot(27, 2) """ for k in range(100000000): diet = k*k + 40 * N temp = libnum.nroot(diet,2) if temp * temp == diet: print "find" print k break""" k = 1171 diet = k * k + 40 * N p = (-k + libnum.nroot(diet, 2)) / (2 * 10) q = N / p assert p * q == N phi = (p - 1) * (q - 1) d = libnum.invmod(e, phi) print libnum.n2s(pow(c, d, N))
import libnum from IPython import embed import pickle print('[*] Loading data') with open('pair.pkl', 'rb') as f: data = pickle.load(f) Cs, Ns = zip(*data) print('[*] Solving CRT') s = libnum.solve_crt(Cs, Ns) print('[*] Solving Root') k = libnum.nroot(s, 217) print('[+] Flag (hex):') print('[>] ' + hex(k)) print('[+] Flag:') k = libnum.n2s(k) print('[>] ' + k)
def is_root(x): if pow(nroot(x, 3), 3) == x: return True return False
# exploit = binascii.b2a_hex(sig) # print exploit # mmmm = "0001367927199750dbc1feaea40f044d426322390e3a8ae88957ceb94bdd8602fcfec8a3d0a7c248e1ea6e9f".decode('hex') # print len(mmmm) # print verify1(mmmm, message) # print rVerify(sig, message) message = "0YMrY4ZuMYU2YhoTZTSZROgC0HTQNI6M".encode("ASCII") message_hash = hashlib.sha512(message).digest() ASN1_blob = rsa.pkcs1.HASH_ASN1['SHA-512'] suffix = b'\x00' + ASN1_blob + message_hash sig_suffix = 1 for b in range(len(suffix) * 8): if get_bit(sig_suffix**3, b) != get_bit(from_bytes(suffix), b): sig_suffix = set_bit(sig_suffix, b, 1) while True: prefix = b'\x00\x01' + os.urandom(1024 / 8 - 2) sig_prefix = to_bytes(nroot(from_bytes(prefix), 3))[:-len(suffix)] + b'\x00' * len(suffix) sig = sig_prefix[:-len(suffix)] + to_bytes(sig_suffix) if b'\x00' not in to_bytes(from_bytes(sig)**3)[:-len(suffix)]: break exploit = binascii.b2a_hex(sig) print "message : 0YMrY4ZuMYU2YhoTZTSZROgC0HTQNI6M" print "hash: %s" % message_hash.encode('hex') print "exploit : ", exploit print rVerify(message, sig)
def attackRSA(): # lecture de la cle publique du destinataire 1 print("[+] Lecture de la cle publique 1") f1 = open("pubkey1.pem", "r") s1 = f1.read() pkey1 = RSA.importKey(s1) e1 = pkey1.e n1 = pkey1.n # lecture de la cle publique du destinataire 2 print("[+] Lecture de la cle publique 2") f2 = open("pubkey2.pem", "r") s2 = f2.read() pkey2 = RSA.importKey(s2) e2 = pkey2.e n2 = pkey2.n # lecture de la cle publique du destinataire 3 print("[+] Lecture de la cle publique 3") f3 = open("pubkey3.pem", "r") s3 = f3.read() pkey3 = RSA.importKey(s3) e3 = pkey3.e n3 = pkey3.n # Lecture des enveloppes print("[+] Lecture de l'enveloppe chiffree 1") enveloppe1bin = open("enveloppe1.bin", "rb") dataenveloppe1bin = enveloppe1bin.read() print("[+] Conversion du binaire en entier du fichier chiffre 1") c1 = convertBytesToInt(dataenveloppe1bin) print("[+] Lecture de l'enveloppe chiffree 2") enveloppe2bin = open("enveloppe2.bin", "rb") dataenveloppe2bin = enveloppe2bin.read() print("[+] Conversion du binaire en entier du fichier chiffre 2") c2 = convertBytesToInt(dataenveloppe2bin) print("[+] Lecture de l'enveloppe chiffree 3") enveloppe3bin = open("enveloppe3.bin", "rb") dataenveloppe3bin = enveloppe3bin.read() print("[+] Conversion du binaire en entier du fichier chiffre 3") c3 = convertBytesToInt(dataenveloppe3bin) # application du theoreme des restes chinois pour trouver result = m^3 #crt = libnum.solve_crt([c1,c2,c3], [n1,n2,n3]) N = n1 * n2 * n3 m1 = n2 * n3 m2 = n1 * n3 m3 = n1 * n2 result = ((c1 * m1 * libnum.invmod(m1, n1)) + (c2 * m2 * libnum.invmod(m2, n2)) + (c3 * m3 * libnum.invmod(m3, n3))) % N # calcul de la racine cubique de m^3 pour obtenir m m = libnum.nroot(result, 3) # Calcul et ecriture du message print("[+] Conversion de l'entier en binaire du fichier clair") decoded = convertIntToBytes(m) print("[+] Ecriture du fichier clair dans message.txt\n") message = open("symmetric_key.txt", "wb") message.write(decoded)
from Crypto.Util import Counter from Crypto.PublicKey import RSA import libnum from pwn import * import base64 with open('pubkey.pem') as f: key = f.read() rsakey = RSA.importKey(key) n = rsakey.n e = rsakey.e with open('key.enc') as f: key = f.read() enc_key = int(key) #print enc_key print libnum.nroot(27, 3) for i in range(1000000): temp = enc_key + i * n n_root = libnum.nroot(temp, e) if pow(n_root, e, n) == enc_key: print "find" print n_root res = n_root break assert pow(res, e, n) == enc_key key = libnum.n2s(res) print key, len(key) with open('file.enc') as f: file = f.read() enc_file = base64.b64decode(file) print enc_file, len(enc_file)
#!/usr/bin/env python import libnum n1 = 95118357989037539883272168746004652872958890562445814301889866663072352421703264985997800660075311645555799745426868343365321502734736006248007902409628540578635925559742217480797487130202747020211452620743021097565113059392504472785227154824117231077844444672393221838192941390309312484066647007469668558141 n2 = 98364165919251246243846667323542318022804234833677924161175733253689581393607346667895298253718184273532268982060905629399628154981918712070241451494491161470827737146176316011843738943427121602324208773653180782732999422869439588198318422451697920640563880777385577064913983202033744281727004289781821019463 n3 = 68827940939353189613090392226898155021742772897822438483545021944215812146809318686510375724064888705296373853398955093076663323001380047857809774866390083434272781362447147441422207967577323769812896038816586757242130224524828935043187315579523412439309138816335569845470021720847405857361000537204746060031 c1 = 64830446708169012766414587327568812421130434817526089146190136796461298592071238930384707543318390292451118980302805512151790248989622269362958718228298427212630272525186478627299999847489018400624400671876697708952447638990802345587381905407236935494271436960764899006430941507608152322588169896193268212007 c2 = 96907490717344346588432491603722312694208660334282964234487687654593984714144825656198180777872327279250667961465169799267405734431675111035362089729249995027326863099262522421206459400405230377631141132882997336829218810171728925087535674907455584557956801831447125486753515868079342148815961792481779375529 c3 = 43683874913011746530056103145445250281307732634045437486524605104639785469050499171640521477036470750903341523336599602288176611160637522568868391237689241446392699321910723235061180826945464649780373301028139049288881578234840739545000338202917678008269794179100732341269448362920924719338148857398181962112 m = libnum.n2s(libnum.nroot(int(libnum.solve_crt((c1,c2,c3),(n1,n2,n3))),3)) print m
from sympy import * from libnum import nroot, invmod from gmpy2 import next_prime e = 65537 n = 22001778874542774315484392481115711539281104740723517828461360611903057304469869336789715900703500619163822273767393143914615001907123143200486464636351989898613180095341102875678204218769723325121832871221496816486100959384589443689594053640486953989205859492780929786509801664036223045197702752965199575588498118481259145703054094713019549136875163271600746675338534685099132138833920166786918380439074398183268612427028138632848870032333985485970488955991639327 c = 1067382668222320523824132555613324239857438151855225316282176402453660987952614935478188752664288189856467574123997124118639803436040589761488611318906877644244524931837804614243835412551576647161461088877884786181205274671088951504353502973964810690277238868854693198170257109413583371510824777614377906808757366142801309478368968340750993831416162099183649651151826983793949933939474873893278527484810417812120138131555544749220438456366110721231219155629863865 # p * q1 * q2 = 12p**3 upper = nroot(n, 3) lower = 0 while True: mid = (upper + lower) // 2 print(mid) p = mid q1 = next_prime(2 * p) q2 = next_prime(3 * q1) tn = p * q1 * q2 print(tn, n) if tn > n: upper = mid if tn < n: lower = mid if tn == n: print(f"find p : {p}") phi = (p - 1) * (q1 - 1) * (q2 - 1) d = invmod(e, phi) m = pow(c, d, n) print(f"m = {m}")
def test_nroot(): for x in range(0, 100): for p in range(1, 3): n = x**p assert nroot(n, p) == x assert nroot(-64, 3) == -4 assert nroot(100, 2) == 10 assert nroot(999, 3) == 9 assert nroot(1000, 3) == 10 assert nroot(1001, 3) == 10 with pytest.raises(ValueError): nroot(100, -1) with pytest.raises(ValueError): nroot(-100, 4) with pytest.raises(ValueError): nroot(1, 0) with pytest.raises(TypeError): nroot("qwe")
print('********** find n **********') num = [] for _ in range(10): r = random.randint(2, 100) num.append(enc(r)**2 - enc(r**2)) n = gcd(*num) print(n) ppqs = (n - phi + 1)**2 pmqs = ppqs - 4 * n ppq = (n - phi + 1) pmq = nroot(pmqs, 2) q = (ppq - pmq) // 2 p = (ppq + pmq) // 2 assert n == p * q assert phi == (p - 1) * (q - 1) conn.interactive() factors = factordb() cs = [] ns = [] for k, v in factors: ns.append(pow(k, v)) cs.append(1)
#!/usr/bin/env python import libnum print libnum.n2s( libnum.nroot( libnum.solve_crt((c1, c2, c3, c4, c5, c6, c7), (n1, n2, n3, n4, n5, n6, n7)), 7))