def main():
print("Generating parameters...\n")
print("e = 3\n")
p1, q1 = getPrimePair()
p2, q2 = getPrimePair()
p3, q3 = getPrimePair()
e = 3
n1 = p1 * q1 #667
n2 = p2 * q2 #1927
n3 = p3 * q3 #3127
if (GCD(n1, n2) != 1 or GCD(n1, n3) != 1 or GCD(n2, n3) != 1):
print("NE OK")
print("user1:")
print("p = ", p1)
print("q = ", q1)
print("n = ", n1)
print("\nuser2:")
print("p = ", p2)
print("q = ", q2)
print("n = ", n2)
print("\nuser3:")
print("p = ", p3)
print("q = ", q3)
print("n = ", n3)
#k = 0
#while(k<5):
#path = str(input("\nInput filepath: "))
encryptFile('wallpapers1.jpg', e, n1, n2, n3)
def _common_module_attack(n, e_b, d_b, e_a):
N = (e_b * d_b) - 1 # 1) N <- (e_b*d_b)-1
f, s = get_f_s_from_N(N) # N = (2^f)*s
a = randint(1, n - 1) # 2) a <- rand (Z/nZ)
b = pow(int(a), int(s), int(n)) # b <- a^s (mod n)
print("b = ", b)
l_and_t_found = False
print("start finding l")
l = find_l(b, int(n))
while (not l_and_t_found): # 3) b^(2^l) = 1 (mod n)
# if (b^(2^(l-1)) = -1 (mod n))
pow_b = pow(2, l - 1) # new rand a, go to 2)
if (pow(b, pow_b, n) == -1): # else
a = randint(1, n - 1) # t <- b^(2^(l-1)) (mod n)
b = pow(a, s, n)
l = find_l(b)
else:
t = pow(b, pow_b, n)
l_and_t_found = True
p = GCD(t + 1, n) # 4) p <- gcd(t+1,n)
q = GCD(t - 1, n) # q <- gcd(t-1,n)
f_n_2 = (p - 1) * (q - 1)
d_a = inverse(e_a, f_n_2)
while (d_a == d_b):
d_a = inverse(e_b, f_n_2)
if d_b != d_a:
print("Attack for common module: Success")
else:
print("Attack for common module: Failed")
def enc(self, m):
assert m < self.n
assert m >= 0
r = getRandomRange(0, self.n)
assert GCD(r, self.n) == 1
return pow(self.g, m, self.n2) * pow(r, self.n, self.n2) % self.n2
def _generate_a(r):
e = 0
d = 0
some = True
while (some == True):
e = randint(1, r - 1)
if (GCD(e, r) == 1):
d = inverse(e, r)
if ((e * d) % r == 1):
some = False
break
print("a = ", e)
print("a_1 = ", d)
return e, d
def _vinner_attack():
print("Generating vulnerable parameters...")
n, e_a, d_a = generate_e_d_P2()
print("n = ", n)
print("e_a = ", e_a)
print("d_a = ", d_a)
l = round(log2(n))
a_i = []
if e_a < n:
a_i.append(0)
_continuedFraction(e_a, n, a_i) # 1) (e/n) -> [0; a0, a1, ... al]
p_i = []
q_i = []
p_i.append(1)
p_i.append(0)
q_i.append(0)
q_i.append(1)
d = 0
i = 1 # 2) for i = 1, ... , l
# pi/qi
while i < len(a_i):
new_p_i = a_i[i] * p_i[i] + p_i[i - 1] # pi = ai*p_i-1 + p_i-2
new_q_i = a_i[i] * q_i[i] + q_i[i - 1] # qi = ai*q_i-1 + q_i-2
nod = GCD(new_p_i, new_q_i)
new_p_i //= nod
new_q_i //= nod
p_i.append(new_p_i)
q_i.append(new_q_i)
m = randint(pow(2, 5), pow(2, 16))
m_q = pow(m, new_q_i * e_a, n) # (m^e)^qi =? m (mod n)
if (m_q == m):
d = new_q_i
break
i = i + 1
if i == len(a_i):
d = new_q_i
if (d == d_a):
print("Success")
else:
print("d_a = ", d_a)
print("d = ", d)
print("Failure")
return True
def good_parameters():
p, q = getPrimePair()
n = p * q
f_n = (p - 1) * (q - 1)
while (True):
e = randint(1, f_n - 1)
if (GCD(e, f_n) == 1):
d = inverse(e, f_n)
if 36 * pow(d, 4) > n:
break
print("p = {}".format(p))
print("q = {}".format(q))
print("n = {}".format(n))
print("e = {}".format(e))
print("d = {}".format(d))
def _pollard(L, p, q, a, b, p_x, p_y, q_x, q_y):
print("q = ", q)
print("a = ", a)
print("p = ", p)
print("p_x = ", p_x)
print("p_y = ", p_y)
a_j = [None] * L
b_j = [None] * L
R_j_x = [None] * L
R_j_y = [None] * L
alg = 1
while True:
#print(" ---> STEP #3: Genetating a_j, b_j, R_j...")
#j=1
#a_j = [0 for i in range(L+1)]
#b_j = [0 for i in range(L+1)]
#R_j_x = [0 for i in range(L+1)]
#R_j_y = [0 for i in range(L+1)]
for j in range(L): #while j<=L:
a_j[j] = randint(2, q - 1)
b_j[j] = randint(2, q - 1)
#print(" a[{j}] = ", a_j[j])
#print(" b[{j}] = ", b_j[j])
###print("a_j*P = (",p_x,", ",p_y,") * ",a_j[j])
aP_x, aP_y = _mul_points(p_x, p_y, a_j[j], a, b, p)
#print("GOt aP = (",aP_x, " ", aP_y, ")")
###print("b_j*Q = (", q_x,", ",q_y,") * ",b_j[j])
bQ_x, bQ_y = _mul_points(q_x, q_y, b_j[j], a, b, p)
#print("GOt bQ = (",bQ_x, " ", bQ_y, ")")
###print("R_j = a_j*P + b_j*Q = (",aP_x,", ",aP_y,") + (",bQ_x,", ",bQ_y,")")
R_j_x[j], R_j_y[j] = sum(aP_x, aP_y, bQ_x, bQ_y, a, b, p)
#print(" R[{j}] = <", R_j_x[j],", ",R_j_y[j],">")
j = j + 1
#print(" ---> STEP #4: Genetating alpha, beta, T...")
alpha = randint(2, q - 1)
betta = randint(2, q - 1)
#print(" alpha' = ", alpha)
#print(" betta' = ", betta)
alphaP_x, alphaP_y = _mul_points(p_x, p_y, alpha, a, b, p)
bettaQ_x, bettaQ_y = _mul_points(q_x, q_y, betta, a, b, p)
T_x, T_y = sum(alphaP_x, alphaP_y, bettaQ_x, bettaQ_y, a, b, p)
#print(" T' = <", T_x,", ",T_y,">")
_T_x = T_x
_T_y = T_y
_alpha = alpha
_betta = betta
#print(" ---> STEP #5: While T' != T''...")
cycle = 1
while True:
j = H(T_x, L)
T_x, T_y = sum(T_x, T_y, R_j_x[j], R_j_y[j], a, b, p)
###print("#",cycle,": f^i(P) = (",T_x,", ",T_y,")")
alpha = (alpha + a_j[j]) % q
betta = (betta + b_j[j]) % q
#print(" T' = <", T_x,", ",T_y,">")
#print(" alpha' = ", alpha)
#print(" betta' = ", betta)
j = H(_T_x, L)
_T_x, _T_y = sum(_T_x, _T_y, R_j_x[j], R_j_y[j], a, b, p)
_alpha = (_alpha + a_j[j]) % q
_betta = (_betta + b_j[j]) % q
j = H(_T_x, L)
_T_x, _T_y = sum(_T_x, _T_y, R_j_x[j], R_j_y[j], a, b, p)
_alpha = (_alpha + a_j[j]) % q
_betta = (_betta + b_j[j]) % q
###print("#",cycle,": f^2i(P) = (",_T_x,", ",_T_y,")")
#print(" T'' = <", _T_x,", ",_T_y,">")
#print(" alpha'' = ", _alpha)
#print(" betta'' = ", _betta)
if T_x == _T_x and T_y == _T_y:
#print(" At step ",cycle," T' == T'' !!!")
break
cycle = cycle + 1
#print(" ---> STEP #6: Checking if alpha'==alpha'' and betta'==betta''...")
if alpha == _alpha or betta == _betta:
#print(" alpha'==alpha'' or betta'==betta'' !!!")
#print(" Chose another L !!!")
d = -1
#return False
alg = alg + 1
else:
if GCD(_betta - betta, q) == 1:
d = (alpha - _alpha) * invert(_betta - betta, q) % q
print(" alpha'!=alpha'' and betta'!=betta'' !!!")
print(" FOUND D !!!")
print(" d = ", d)
print("\n ---> Checking...")
print("Calculating Q=dP...")
tmp_x, tmp_y = _mul_points(p_x, p_y, d, a, b, p)
print("Initial Q = <", q_x, ", ", q_y, ">")
print("Calculd Q = <", tmp_x, ", ", tmp_y, ">")
if (q_x == tmp_x and q_y == tmp_y):
print("d found on #", alg)
return True
alg = alg + 1
return False
def kto(n1, n2, n3, c1, c2, c3, iv_fromCipher, kol):
print("IV = ", iv_fromCipher)
if (GCD(n1, n2) != 1 or GCD(n1, n3) != 1 or GCD(n3, n2) != 1):
print('wrong ni ')
return False
M_0 = n1 * n2 * n3
#print("n1*n2*n3 = ",n1," * ",n2," * ",n3," = ",M_0)
#print("c1 = ", c1)
#print("c2 = ", c2)
#print("c3 = ", c3)
M_1 = M_0 // n1
M_2 = M_0 // n2
M_3 = M_0 // n3
#print("M1 = ", M_1)
#print("M2 = ", M_2)
#print("M3 = ", M_3)
M_1_y = M_1 % n1
M_2_y = M_2 % n2
M_3_y = M_3 % n3
#print("b1 = ", M_1_y)
#print("b2 = ", M_2_y)
#print("b3 = ", M_3_y)
y1, y2, y3 = 1, 1, 1
while (y1 <= n1):
if (M_1_y * y1) % n1 == c1:
break
y1 += 1
while (y2 <= n2):
if (M_2_y * y2) % n2 == c2:
break
y2 += 1
while (y3 <= n3):
if (M_3_y * y3) % n3 == c3:
break
y3 += 1
x = (M_1 * y1 + M_2 * y2 + M_3 * y3) % M_0
print("x = ", x)
gmpy2.get_context().precision = 200
m = int(gmpy2.root(x, 3))
print("m = ", m)
print("x^(1/3) ", round(pow(x, 1 / 3)))
decryptedKey_S = m.to_bytes(16, 'big')
print('Dec Key s = ', decryptedKey_S)
b = bytearray()
with open('~tmp' + "wallpapers1.jpg.ecrypted", 'rb') as file:
data = file.read()
#print('Cipher:\n')
#print(data)
print('Decrypted:\n')
decryptedText = AES_data_Decryption(data, decryptedKey_S,
iv_fromCipher)
print("kol = ", kol)
print("len(cip) = ", len(decryptedText))
kol2 = len(decryptedText)
# i=0
# while i<kol:
# b.append(decryptedText[i])
# i=i+1
#pad(data,AES.block_size), decryptedKey_S, iv_fromCipher)
#decryptedText = unpad(decryptedText, AES.block_size)
#print(decryptedText)
os.remove('~tmp' + "wallpapers1.jpg.ecrypted")
output = open("wallpapers1.jpg.encrypted" + '.decrypted', 'wb')
output.write(b)
output.close()
# LEVEL 2
conn.recvuntil('My seed is')
seed = parse_onion(
conn.recvuntil('You should use my seed first!').strip()[:-29].decode())
conn.recvuntil('layer')
conn.sendline('8999')
k1n = pow(1 << 1023, 3) - bytes_to_long(bytes.fromhex(seed))
conn.recvuntil('your onion')
onion = parse_onion(
conn.recvuntil('You can now use your seed').strip()[:-25].decode())
onion = bytes_to_long(bytes.fromhex(onion))
k2n = pow(
onion, 3**8997, k1n
) - 4479489484355608421114884561136888556243290994469299069799978201927583742360321890761754986543214231552
n = GCD(k1n, k2n)
while True:
if n % 2 == 0:
n = n // 2
elif n % 3 == 0:
n = n // 3
elif n % 5 == 0:
n = n // 5
elif n % 7 == 0:
n = n // 7
else:
break
print("n = ", n)
conn.recvuntil('seed: ')
conn.sendline(
'20000000000000000000000000000000000000000000000000000000000000000000000000000000000000'