Ejemplo n.º 1
0
def same_n_sttack(n,e1,e2,c1,c2):
    def egcd(a, b):
        x, lastX = 0, 1
        y, lastY = 1, 0
        while (b != 0):
            q = a // b
            a, b = b, a % b
            x, lastX = lastX - q * x, x
            y, lastY = lastY - q * y, y
        return (lastX, lastY)

    s = egcd(e1, e2)
    s1 = s[0]
    s2 = s[1]
    if s1<0:
        s1 = - s1
        c1 = primefac.modinv(c1, n)
        if c1<0:
            c1+=n
    elif s2<0:
        s2 = - s2
        c2 = primefac.modinv(c2, n)
        if c2<0:
            c2+=n
    m=(pow(c1,s1,n)*pow(c2,s2,n)) % n
    return m
Ejemplo n.º 2
0
def gcd(public_key1, public_key2):
    public1 = public_key1.public_numbers().e
    public2 = public_key2.public_numbers().e
    n1 = public_key1.public_numbers().n
    n2 = public_key2.public_numbers().n
    p = primefac.gcd(n1, n2)
    q1 = n1 / p
    q2 = n2 / p
    private1 = primefac.modinv(public1, (p - 1) * (q1 - 1))
    private2 = primefac.modinv(public2, (p - 1) * (q2 - 1))
    return (build_rsa_private(n1, public1, private1, p, q1),
            build_rsa_private(n2, public2, private2, p, q2))
Ejemplo n.º 3
0
def rsa_gen():
    p = genprime(1024)
    q = genprime(1024)
    n = p * q
    e = 65537
    d = primefac.modinv(e, (p - 1) * (q - 1)) % ((p - 1) * (q - 1))
    return (p, q, n, e, d)
Ejemplo n.º 4
0
def gen_args():
    p=getPrime(1024)
    q=getPrime(1024)
    n=p*q
    e=0x10001
    d=primefac.modinv(e,(p-1)*(q-1))%((p-1)*(q-1))
    return (p,q,e,n,d)
Ejemplo n.º 5
0
def get_key(p, q, e):
    d = 0
    e = 0x10001
    p = 961756321
    q = 961760441
    # your code starts here
    d = primefac.modinv(e, (p - 1) * (q - 1)) % ((p - 1) * (q - 1))
    # your code ends here
    return d
Ejemplo n.º 6
0
def affine_guessab(m1,c1,m2,c2,origin="abcdefghijklmnopqrstuvwxyz"):
    x1=origin.index(m1)
    x2=origin.index(m2)
    y1=origin.index(c1)
    y2=origin.index(c2)
    n=len(origin)
    dxi=primefac.modinv(x1-x2,n)%n
    a=dxi*(y1-y2) % n
    b=(y1-a*x1)%n
    return (a,b)
Ejemplo n.º 7
0
def affine_decode(c,a,b,origin="abcdefghijklmnopqrstuvwxyz"):
    r=""
    n=len(origin)
    ai=primefac.modinv(a,n)%n
    for i in c:
        if origin.find(i)!=-1:
            r+=origin[(ai*(origin.index(i)-b))%len(origin)]
        else:
            r+=i
    return r
Ejemplo n.º 8
0
def factor(public_key):
    public = public_key.public_numbers().e
    n = public_key.public_numbers().n
    p = primefac.multifactor(
        n,
        verbose=False,
        methods=(primefac.pollardRho_brent, primefac.pollard_pm1,
                 primefac.williams_pp1, primefac.ecm, primefac.mpqs))
    q = n / p
    private = primefac.modinv(public, (p - 1) * (q - 1))
    return build_rsa_private(n, public, private, p, q)
Ejemplo n.º 9
0
def main():
    pub = """-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVRqqCXPYd6Xdl9GT7/kiJrYvy
8lohddAsi28qwMXCe2cDWuwZKzdB3R9NEnUxsHqwEuuGJBwJwIFJnmnvWurHjcYj
DUddp+4X8C9jtvCaLTgd+baSjo2eB0f+uiSL/9/4nN+vR3FliRm2mByeFCjppTQl
yioxCqbXYIMxGO4NcQIDAQAB
-----END PUBLIC KEY-----
"""
    pub = RSA.importKey(pub)
    print(pub.e, pub.n)
    p = long(williams_pp1(pub.n))
    q = pub.n / p
    print(p, q)
    assert pub.n == p * q
    priv = RSA.construct((pub.n, pub.e, modinv(pub.e, (p - 1) * (q - 1))))
    print(priv.exportKey('PEM'))
Ejemplo n.º 10
0
def problem_yafu_cheat_check(conn, address, teamtoken):
    (ip, port) = address
    conn.send("=next-rsa=\n")
    q = 0xab724df05ca87067ce1573550a6a05f41f93e910b0380c71cdc5de940ef790a475f5c3d512354bc57b3410e7f5158fb287f79397353acb169ef583260eec76f4c46d21e4cb43426e3c66ba9b75d3c1b009ff1f9a0fea9c7d9815eadc5f7ac776d6dcae3c1fa3de865253623b4121e6b4f51deea0b7ae9ca84aad5fe83ba56451L
    seed = int(hashlib.sha256(ip).hexdigest()[0:8], 16)
    p = primefac.nextprime(seed)
    n = p * q
    e = 0x10001
    conn.send("# n=" + hex(n).replace("L", "") + "\n")
    conn.send("# e=" + hex(e).replace("L", "") + "\n")
    m = random.randint(0x100000000000, 0xffffffffffff)
    c = pow(m, e, n)
    conn.send("# c=" + hex(c).replace("L", "") + "\n")
    conn.send("@ m=")
    rec_m = conn.recv(1024).strip()
    if rec_m == hex(m).replace("L", ""):
        d = primefac.modinv(e, (p - 1) * (q - 1))
        if d < 0:
            d += (p - 1) * (q - 1)
        successdn.append((d, n))
        f = open("success/" + ip, "a")
        f.write("teamtoken:" + teamtoken + "\n" + "time:" +
                time.strftime('%Y%m%d%H%M%S') + "\nm:" +
                hex(m).replace("L", "") + "\nd:" + hex(d).replace("L", "") +
                "\nn:" + hex(n).replace("L", "") + "\n\n")
        f.close()
        ok(conn)
        return 0
    else:
        for (cheat_d, cheat_n) in successdn:
            print "cheat!"
            rec_m_int = int(rec_m[0:], 16)
            if rec_m_int == pow(c, cheat_d, cheat_n):
                f = open("cheat/" + ip, "a")
                f.write("teamtoken:" + teamtoken + "\n" + "time:" +
                        time.strftime('%Y%m%d%H%M%S') + "\nm:" +
                        hex(rec_m_int).replace("L", "") + "\nd:" +
                        hex(cheat_d).replace("L", "") + "\nn:" +
                        hex(cheat_n).replace("L", "") + "\n\n")
                f.close()
                ok(conn)
                return 1
        error(conn)
        return 0
Ejemplo n.º 11
0
def modinv(a,n):
    return primefac.modinv(a,n) % n
Ejemplo n.º 12
0
from Crypto.Util.number import getPrime, isPrime
import binascii
import primefac
import itertools
'''
This Python code tries to illustrate how RSA is done at a basic level.
'''

e = 65537
n = 128299637852747781491257187842028484364103855748297296704808405762229741626342194440837748106022068295635777844830831811978557490708404900063082674039252789841829590381008343327258960595508204744589399243877556198799438322881052857422197506822302290812621883700357890208069551876513290323124813780520689585503
c = 43160414063424128744492209010823042660025171642991046645158489731385945722740307002278661617111192557638773493117905684302084789590107080892369738949935010170735247383608959796206619491522997896941432858113478736544386518678449541064813172833593755715667806740002726487780692635238838746604939551393627585159

p = 11326943005628119672694629821649856331564947811949928186125208046290130000912120768861173564277210907403841603312764378561200102283658817695884193223692869
q = 11326943005628119672694629821649856331564947811949928186125208046290130000912216246378177299696220728414241927034282796937320547048361486068608744598351187

phi = (q - 1) * (p - 1)

# Now, we can kind of unravel that modular arithmetic that was done during the
# ENCRYPTION formula. We can find the private key, d, with the MODULAR INVERSE,
# of e and phi.
# I use a module to do this that is reworked to use Trey's function
#     https://github.com/JohnHammond/primefac_fork
d = primefac.modinv(e, phi)

# Now, we can do a similar thing like before, but this time for DECRYPTION.
#        m = ( c ^ d ) % n
# This time we raise to our private key as an exponent, but still take the modulus.
# And we have successfully decrypted RSA!
m = pow(c, d, n)
print repr(binascii.unhexlify(hex(m)[2:-1]))
Ejemplo n.º 13
0
from cryptography.hazmat.primitives import serialization
from smashcipher.asymmetric.util import rsa as rsa_utils
import primefac

p = 111785135995915694872879065655450100824399060915246858692368272101498809780789
q = 95426003088967587203385239828634342249572881536732227152898005772259369509063
r = 115610435786510485451946829452875827768560089514770425913213861099648595711893

public = 65537

private1 = primefac.modinv(public, (p - 1) * (q - 1))
private2 = primefac.modinv(public, (q - 1) * (r - 1))

private_key1 = rsa_utils.build_rsa_private(p * q, public, private1, p, q)
private_key2 = rsa_utils.build_rsa_private(q * r, public, private2, q, r)

private_file1 = private_key1.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption())
file1 = open("test_keys/lowent/private-lowent1.key", "w")
file1.write(private_file1)
file1.close()

private_file2 = private_key2.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption())
file2 = open("test_keys/lowent/private-lowent2.key", "w")
file2.write(private_file2)
file2.close()
Ejemplo n.º 14
0
from Crypto.Util.number import getPrime, bytes_to_long
import primefac

p = getPrime(512)
q = getPrime(512)

n = p * q

d = getPrime(10)

e = primefac.modinv(d, (p - 1) * (q - 1)) % ((p - 1) * (q - 1))

flag = "flag{wnwnwnwnweifnjiowenfoiwenf}"
m = bytes_to_long(flag)

print "c=", pow(m, e, n)
print "e=", e
print "n=", n
Ejemplo n.º 15
0
n = 2344088051
p = 46099
q = 50849
e = 65537

import primefac
d = primefac.modinv(e, (p - 1) * (q - 1)) % ((p - 1) * (q - 1))

v = [1] * 100
v[15] = 622838535
v[16] = 0x1E53E463
v[17] = 0x217153B7
v[18] = 0xED044EB
v[19] = 0x26EC91AF
v[20] = 0x4F8C7090
v[21] = 0x45E4F9BB
v[22] = 0x26EC91AF
v[23] = 0x6D04B642
v[24] = 0x26EC91AF
v[25] = 0xFF559EE
v[26] = 0x1E53E463
v[27] = 0x55C81190
v[28] = 0x55C81190
v[29] = 0x58006440
v[30] = 0x217153B7
v[31] = 0x26EC91AF
v[32] = 0x35F1D9B2
v[33] = 0x4D3D8957
v[34] = 0x35F1D9B2
v[35] = 0x26EC91AF
v[36] = 0x7172720E