def lsb_oracle(encrypted_data, multiplicator, upper_bound, oracle_fun):
"""
LSB oracle attack implementation.
This one is actually working for all bytes, taking into account +-1 errors.
:param encrypted_data: initial encrypted data
:param multiplicator: function to multiply ciphertext in a way such that plaintext after decoding is multiplied by 2
:param upper_bound: upper bound for the plaintext, most likely modulus
:param oracle_fun: lsb oracle function returning LSB of plaintext for given ciphertext
:return: plaintext value
"""
flag_count = n_count = 1
data_lower_bound = 0
data_upper_bound = upper_bound
ciphertext = encrypted_data
mult = 1
while data_upper_bound > data_lower_bound + 1:
ciphertext = multiplicator(ciphertext)
flag_count *= 2
n_count = n_count * 2 - 1
print("upper = %d" % data_upper_bound)
print("upper flag = %s" % long_to_bytes(data_upper_bound))
print("lower = %d" % data_lower_bound)
print("lower flag = %s" % long_to_bytes(data_lower_bound))
print("bit = %d" % mult)
mult += 1
if oracle_fun(ciphertext) == 0:
data_upper_bound = upper_bound * n_count / flag_count
else:
data_lower_bound = upper_bound * n_count / flag_count
n_count += 1
return data_upper_bound
def recover_modulus(enc, dec, bitsize):
for bit in range(bitsize - 1, -1, -1):
payload = 2**bit
e = enc(long_to_bytes(payload)).decode("hex")
result = dec(e)
if result == '00':
start_bit = bit
break
print('start bit', start_bit)
payload = 2**start_bit # 100000...
for bit in range(start_bit - 1, 7, -1):
payload ^= 2**bit
print(bin(payload))
e = enc(long_to_bytes(payload)).decode("hex")
result = dec(e)
if result != '00': # didn't work, set the bit back
payload ^= 2**bit
print('almost modulus', payload)
too_large = payload ^ 0xff
e = enc(long_to_bytes(too_large)).decode("hex")
result = int(dec(e), 16)
for i in range(256):
potential_n = payload ^ i
mod = too_large % potential_n
if mod == result:
return potential_n
def lsb_oracle_from_bits(upper_bound, bits):
"""
Use binary search to recover plaintext from LSB bits.
:param upper_bound: upper bound for the plaintext, most likely modulus
:param bits: list of LSB bits
:return: recovered plaintext
"""
flag_count = n_count = 1
data_lower_bound = 0
data_upper_bound = upper_bound
mult = 1
for bit in bits:
flag_count *= 2
n_count = n_count * 2 - 1
print("bit = %d" % bit)
print("upper = %d" % data_upper_bound)
print("upper flag = %s" % long_to_bytes(data_upper_bound))
print("lower = %d" % data_lower_bound)
print("lower flag = %s" % long_to_bytes(data_lower_bound))
print("bit = %d" % mult)
print("flag_cnt = %d" % flag_count)
print("n_cnt = %d" % n_count)
mult += 1
if bit == 0:
data_upper_bound = upper_bound * n_count / flag_count
else:
data_lower_bound = upper_bound * n_count / flag_count
n_count += 1
if data_upper_bound <= data_lower_bound + 1:
break
return data_upper_bound
def recover_next_iv(s):
outputs = collect_outputs(s)
mtr = MT19937Recover()
r2 = mtr.go(outputs)
iv = long_to_bytes(r2.getrandbits(16 * 8))
sanity = get_iv(s)
assert sanity == iv
return long_to_bytes(r2.getrandbits(16 * 8)).encode("hex")
def solve(ct, e, n, padding_len):
new_ct = ct * pow(modinv(256, n) ** padding_len, e, n)
new_ct %= n
for i in range(256):
potential_pt, is_cube = gmpy2.iroot(new_ct + (n * i), e)
if is_cube:
print(i, long_to_bytes(potential_pt))
def sanity():
spn = SPN()
ct = [spn.enc(pad("\0", "A").encode("hex"))]
for i in range(1, 256):
ct.append(spn.enc(pad(long_to_bytes(i), "A").encode("hex")))
ct = [[ord(c) for c in x.decode("hex")] for x in ct]
integral(ct)
def recover_aes_key(n, s):
send(s, '4')
r = receive_until_match(s, "here is encrypted key :\)\n.+\n")
encrypted_aes_key = re.findall("here is encrypted key :\)\n(.*)\n", r)[0]
print('aes key', encrypted_aes_key)
decrypted_aes_key = lsb_oracle(int(encrypted_aes_key, 16), lambda ct: ct * pow(2, 65537, n) % n, n, lambda ct: oracle(s, ct))
decrypted_aes_key = long_to_bytes(int(decrypted_aes_key))
return decrypted_aes_key
def rsa_printable(x, exp, n):
"""
Calculate RSA encryption/decryption and return result as bytes
:param x: plaintex or ciphertext, can be either bytes or long
:param exp: exponent
:param n: modulus
:return: result bytes
"""
return long_to_bytes(rsa(x, exp, n))
def decrypt(m0, m1):
k0 = c_m0
for e in m0:
k0 ^= p[e]
k1 = c_m1
for e in m1:
k1 ^= p[e]
d_m0 = s_m0 ^ k0
d_m1 = s_m1 ^ k1
if len(m0) == 2:
d_m0 ^= d_m1
if len(m1) == 2:
d_m1 ^= d_m0
print(long_to_bytes(d_m0), long_to_bytes(d_m1))
def oracle(s, ct):
send(s, '2')
print(receive_until_match(s, 'input hexencoded cipher text: '))
payload = long_to_bytes(ct).encode("hex")
print("Sending payload", payload)
send(s, payload)
r = receive_until_match(s, 'RSA: .*\n')
receive_until_match(s, '4: get encrypted key\n')
bit = int(re.findall('RSA: (.*)\n', r)[0], 16) & 1
return bit
def paillier_decrypt_printable(c, factors, g):
"""
Decrypt data using Paillier Cryptosystem
Actually it's the same as Damgard Jurik with s=1
:param c: ciphertext
:param factors: prime factors
:param g: random public integer g
:return: decrypted data as bytes
"""
return long_to_bytes(paillier_decrypt(c, factors, g))
def sanity2():
spn = SPN()
ct = [spn.enc_modified(pad("\0", "A").encode("hex"))]
for i in range(1, 256):
ct.append(spn.enc_modified(pad(long_to_bytes(i), "A").encode("hex")))
ct = [[ord(c) for c in x.decode("hex")] for x in ct]
for pos in range(8):
res = 0
for c in range(256):
res ^= ct[c][pos]
assert res == 0
def sanity_test():
x = bytes_to_long("alamakota")
e = gmpy2.next_prime(50)
inputs = []
for _ in range(e - 40):
print(_)
p = gmpy2.next_prime(getrandbits(1024))
q = gmpy2.next_prime(getrandbits(1024))
n = p * q
inputs.append((pow(x, e, n), n))
result = hastad_attack_parallel(inputs, e)
print(result)
print(long_to_bytes(result))
def main():
e = 1048583
d = 20899585599499852848600179189763086698516108548228367107221738096450499101070075492197700491683249172909869748620431162381087017866603003080844372390109407618883775889949113518883655204495367156356586733638609604914325927159037673858380872827051492954190012228501796895529660404878822550757780926433386946425164501187561418082866346427628551763297010068329425460680225523270632454412376673863754258135691783420342075219153761633410012733450586771838248239221434791288928709490210661095249658730871114233033907339401132548352479119599592161475582267434069666373923164546185334225821332964035123667137917080001159691927
ipmq = 22886390627173202444468626406642274959028635116543626995297684671305848436910064602418012808595951325519844918478912090039470530649857775854959462500919029371215000179065185673136642143061689849338228110909931445119687113803523924040922470616407096745128917352037282612768345609735657018628096338779732460743
iqmp = 138356012157150927033117814862941924437637775040379746970778376921933744927520585574595823734209547857047013402623714044512594300691782086053475259157899010363944831564630625623351267412232071416191142966170634950729938561841853176635423819365023039470901382901261884795304947251115006930995163847675576699331
ct = 0x32074de818f2feeb788e36d7d3ee09f0000381584a72b2fba0dcc9a2ebe5fd79cf2d6fd40c4dbfea27d3489704f2c1a30b17a783baa67229d02043c5bc9bdb995ae984d80a96bd79370ea2c356f39f85a12d16983598c1fb772f9183441fea5dfeb5b26455df75de18ce70a6a9e9dbc0a4ca434ba94cf4d1e5347395cf7aafa756c8a5bd6fd166bc30245a4bded28f5baac38d024042a166369f7515e8b0c479a1965b5988b350064648738f6585c0a0d1463bd536d11a105bb926b44236593b5c6c71ef5b132cd9c211e8ad9131aa53ffde88f5b0df18e7c45bcdb6244edcaa8d386196d25297c259fca3be37f0f2015f40cb5423a918c51383390dfd5a8703
for potential_phi in find_phi(e, d):
res = solve_for_phi(ipmq, iqmp, potential_phi)
if res:
p, q = res
n = p * q
print(long_to_bytes(pow(ct, d, n)))
break
def prepare_values():
prefix = bytes_to_long("X: ")
factors, _ = factor(prefix)
random.shuffle(factors)
base1 = multiply(factors[:len(factors) / 2])
base2 = multiply(factors[len(factors) / 2:])
assert base1 * base2 == prefix
shift = 5
x = base1 * 256**shift + 0
y = base2 * 256**shift + 0
z = base1 * 256**shift + 1
v = base2 * 256**shift + 1
A = x * y
B = z * v
C = x * v
D = y * z
assert (A * B == C * D == x * y * z * v)
for x in [A, B, C, D]:
assert (long_to_bytes(x)[:3] == 'X: ')
assert (len(long_to_bytes(x)) < 16)
return A, B, C, D
def factor_worker(data):
flag, i, primes = data
factors, residue = factor_p(flag, primes)
print('factors', i, factors)
for potential_exp in subsets(factors):
if len(potential_exp) == 0:
continue
exp = multiply(potential_exp)
bits = recover_bits(flag, exp)
if bits is not None:
data = int("".join(map(str, bits[::-1])), 2)
data = long_to_bytes(data)
if "IHDR" in data and "PNG" in data:
print("FOUND!", i, flag, data)
save_png(data, i, exp)
return data
def main():
n1 = read_collision_n("col1")
factors1 = [
234616432627,
705869477985961204313551643916777744071330628233585786045998984992545254851001542557142933879996265894077678757754161926225017823868556053452942288402098017612976595081470669501660030315795007199720049960329731910224810022789423585714786440228952065540955255662140767866791612922576360776884260619L
]
# col1 = base64.b64encode(n1)
# sig1 = get_sig(col1)
# value cached below
sig1 = 45254147107316604985838940723873087065648716656505719897465763752188344559259982909946582387581238630810505111702280156530580024162354320922165321462910808027195861156154913029659141369366731116256144166513466262820414101619676170670462164924122480441158287460305618685897536866567703872210447139212329752485
n2 = read_collision_n("col2")
factors2 = [
119851, 236017,
5854608817710130372948444562294396040006311067115965740712711205981029362712183315259168783815905208719000197236691607700100836391807927746833977891792631066541406816904680111217125634549418611669208807316369565620310660295144628581977856740654199823679135895590513942858128229967305158632385155587L
]
# col2 = base64.b64encode(n2)
# sig2 = get_sig(col2)
# value cached below
sig2 = 75192947990007542085188766184539371284719071358445557426300109324739891690549237742257214192631557978881958688601121333533557280909118797353696869434142069884160391258848066603116809532123308968051639065681186651011928077675380204482405509591787282691679920144780885427200808239335447140493957969342214523565
real_signature1 = decode_rsa_signature(n1, factors1, sig1)
real_signature2 = decode_rsa_signature(n2, factors2, sig2)
print(real_signature1)
print(real_signature2)
k = (h(makeMsg("test", n1)) - h(makeMsg("test", n2))) * modinv(
real_signature1 - real_signature2, Q) % Q
print(k)
r = real_signature1 / Q
s = real_signature1 % Q
private_key = ((s * k) - h(makeMsg("test", n1))) * modinv(r, Q)
print(private_key)
admin_sig = simple_sign("admin", "1", private_key)
name = base64.b64encode("admin")
n = base64.b64encode("1")
sig = base64.b64encode(long_to_bytes(admin_sig))
url = "pki.hackable.software"
port = 1337
s = nc(url, port)
send(s, "login:"******"," + n + "," + sig)
sleep(5)
flag = s.recv(9999)
print(flag)
def recover_flag(dec, flag, n, bitsize, known_suffix=''):
f = ''
divisor = modinv(2**8, n)
for last_byte in known_suffix[::-1]: # strip known suffix
sub = paillier_encrypt_simple(n - bytes_to_long(last_byte), n + 1, n)
flag = flag * sub % (n * n)
flag = pow(flag, divisor, n * n)
for i in range(14):
last_byte = dec(long_to_bytes(flag)).decode("hex")
if last_byte == '':
return f[::-1] + known_suffix
f += last_byte
print(f[::-1] + known_suffix)
sub = paillier_encrypt_simple(n - bytes_to_long(last_byte), n + 1, n)
flag = flag * sub % (n * n)
flag = pow(flag, divisor, n * n)
return f[::-1] + known_suffix
def worker(pad_char):
port = 5959
host = "simple-spn.ctf.defenit.kr"
s = nc(host, port)
x = receive_until(s, "\n")
x = receive_until(s, "\n")
ct = []
payloads = [pad("\0", pad_char).encode("hex")]
for i in range(1, 256):
payloads.append(pad(long_to_bytes(i), pad_char).encode("hex"))
for payload in payloads:
send(s, payload)
c = receive_until(s, "\n")
ct.append(re.findall("ciphertext: (.*)\n", c)[0])
x = receive_until(s, "\n")
print('cts', ct)
ct = [[ord(c) for c in x.decode("hex")] for x in ct]
candidates = integral(ct)
return candidates
def get_kn():
host = "3.115.26.78"
port = 31337
s = nc(host, port)
receive_until_match(s, "! ")
flag_ct = receive_until(s, "\n")[:-1]
plaintexts = [long_to_bytes(x)[3:] for x in prepare_values()]
results = []
for pt in plaintexts:
receive_until_match(s, ": ")
send(s, pt.encode("hex"))
res = receive_until(s, "\n")[:-1]
results.append(res)
s.close()
CTA = int(results[0], 16)
CTB = int(results[1], 16)
CTC = int(results[2], 16)
CTD = int(results[3], 16)
kn = (CTA * CTB) - (CTD * CTC)
print("Got k*N", kn)
return kn
def pad(s):
while len(s) % 8 != 0:
s += long_to_bytes(len(s) % 256)
return s
def encryptor(p, q, data):
data = bytes_to_long(data)
encrypted = paillier_encrypt_simple(data, (p * q) + 1, p * q)
to_bytes = long_to_bytes(encrypted)
return to_bytes.encode("hex")
def decryptor(p, q, data):
data = bytes_to_long(data)
decrypted = paillier_decrypt(data, [p, q], p * q + 1)
to_bytes = long_to_bytes(decrypted)
return to_bytes.encode("hex")[-2:]
def main():
m = 0x91e47e4dcab9b838d1742e1bf51251a4ff01e316a5fe72558bc5d99e903cc42570d845b94486e3652eae9e3961e1aa35d40e704723485f780bfe4d7b66526f8b
phi = m - 1
e = 65536
d = modinv(e, phi)
L2 = [
'0x438dbe24c43ebf426c8f87a70021a68b38dde7cf01baa5fe29cc6d84b76e96b7507a12b52dbe05c9d3967a5be573d5c36d442f519f5083e5dac7d335ea6cad24',
'0x4d4dc0aac87cc9000967e0bbcfd3cc288fe570b7e8cd1894be964426d2cf27b9304bed7747e5e4fb545b691f8c973c5fdba159ce4bd71faca973811c85aef4dc',
'0x6358687fe36892ceb65ea15d1f9caee1b9337c76b95d7dfbf839d95b3293a781c55cbe98c9ffcc6f7e61b3642f1604eb6355fbc55499ba357cee7b117ab7f4d2',
'0x599c9582744fda91916fb97b9c57d8aacd52aed6dfb70114e37cba74c55b2f87dbe5201e99a71d94ff389363abbe2699b5b3ab0357b030b81c1e460a4ac8c63a',
'0x5b3d8ca3a27fb0910a720b10c7bc6bc69312633c05cdb2fc80175eb1c5859dbf90410b4858c99d0acd0f7e18143601056259d10f90c0d9c9697371e2c8f57a64',
'0x4dec97d011adcc5afbf2a264a1f53b74df22d4f6226c5bd4f031ea35d79e7c5607dbb0953c6fc7c7ffd05a992fb37f1a0c2153ecb0d3103cb89dd0835da231e9',
'0x80fcbfa87e1fa2f47c5a05aa2b8d03e6eb71d45f43ccb964ea175496d360c0da3558c0ae27a6ce0ae7e187f4b92acde755b5e53755c44c83a5be88cbe628b189',
'0x531ccfbc54b510df28741c3fbbb13c8e81fc0160988ae8ec7f993d203f5892ac5b8b2a1b5eb71c42d2890f56df13ff893fc64bf3d02c25bdf9f3ea2f7b6fc9e8',
'0x864f7eba18cc8d9eb42d6c411bcc1e133b3bbb58ec58732940e19b8602fe5f01df38efbd029da5b855ca822da2d260c8c2efadfe49f9f29c4b7664a1f078d2af',
'0x670c8ae9b1228914a76a05c5186becd151684092db46826a93e6c9d1863820ad41478e19d255c52ce9c36a6e104ee1935e543ea73ec314db2bcb50a46296bda3',
'0x7d149e00e2097adef0627363f1dc42557ce9a2f06bf3faa1aa62258b468433eef393d4fcb353270802a78d8c47d79cf1f9084b221967e532db065038eef0cb09',
'0x8ffa49769e4a0ee898a48f430b76a7d4de4ba508c54062513d5c36c11adb0e2aa68df00c3811fb80fa362b2af65907ba3b6811f29dc13ea1655850cf2e4aebe9',
'0x75f02a942b1c19acb3a3d4be2c68ae0b40216dc90d86a6549d9dd078b6ed13942533c37ffeb952135221d3a17e50153117502672f2a997e1db3a1c490dbb1854',
'0x6c6ea69d81946e98712dd3c56d156d3b4e4d1c2d8d3c983fd11a4a32e8676ee4ac6fd665db4314c344f9ffbaf2c4d72a9fa99b15a37c839c0803665970659337',
'0x777309f845aa8104571b3db4d45725d198d6b3c666d5a2478716935d7bc8433b1d480dd121cfa646c484e0d9405e68edf9d83e326d3cccbbbf409dad247121e9',
'0x47d6dc4e05c618c4b36b48749a213c5306b7e05fbc2343d9ebf505032791d8d771d82449e32bda220325be7c5a44b72147970568c3fb2c2644dcea3a0e66abfa',
'0x7d87e0ee896b02dde7d15910299214dfaefaf3d6d401285566c0e0cf752a047e1010101bf9af7a83ddee02eb15d0750709187dfe1bbffe88884df39f74884990',
'0x6f115fadad147c19cc923cb8b38aaa7fc8a393519ffa971de6520d0cba4cd1c73a95d9537e627d202fbabb5b9c52d4af41735e3f8bf841230c1763ddfbdc338a',
'0x7eaaff9b34ce3ac84007082cf6ad3f819eef5785756f0977d79bc018b401cd45a7233fb416a37f29a55772744ee96e45f8c44a271f236497722d8af272a711eb',
'0x2d9be15e9efda2a029d6c042047504c8fa8fd3a2724ab03c6e9a859fb04d90a03f6fab3bdbc84ac36c2810250abdc0c7ca69048a2bb78b209e34c6a4f6c44c23',
'0x5e0f1fb0594bef14bc6aa66770dc48dd14168ac764ca5c815641cd19cc3621e1b04f1f85ea38c63e5df22430252920324041fcac2af9909f086261499720415a',
'0x34e21a550a46bcd74ca6131e14dfff4452149d6dfd77ff60cd57e0ee610416d72d462c03bf72eb412e0dd870f972d50afdc71eb89f6e759367c4e44009c9ec23',
'0x91c91362e4ed52deec2d03ef6b5fb0a846896c49290b8c75f79b478fe71c8d5743e39939003531e001bd59a2c2c1fdd3c11998166aa652f592f9f4784300b981',
'0x1db89c840423c04f1b0955dd942b261fa41d47485b059dd1cb26288b0673c68329044cfb4921badbc19b85d879883269c90c4c7374e6cfafc51621ba99d380c8',
'0x70078fc222791c3150cb56fcf28a5df0a9db9e2517bb9dcc5455f0a1c619f305396b8758bbfcf29c33a115698e10b229432bf5a00d9ee2b56accd6a8d65668cc',
'0x104c0cbfff74cd0439f8dd8ec7cc1da2f9d37e4f7ea4706740fc6c1fb76dffbad9f1c329321e2584b86880b941e81e89a9f1590a4e0e4390ca5e0786294634f',
'0x6dd5e2cf94c0eb90b7221fe1cbf99db1c915787a4dfd73f754c7442c5b3640f66b96e0b94b2118d9092a7f2a9b5fdabd4915c75c61a30bb437a4c1c9447472ad',
'0x86b6ef1d36a7319a5107651cedd933aa4351b4ada9ffd941482ae29e3e1a07211e65bfc3ee0e8c979464931a2cd2b1af5d17963906a96de31d6925d03a24f8ef',
'0x2e94c70ee616f63c8aa08a56a07314e5d4ef4d1272820c966ba8adcb141a249cdd2077a6628296cab6727f21d81e35a94280b144a88bb187929a711c0558536c',
'0x6a9a375c1cf3e23be3a2e2901bb44a5f0f41b05a099b2a591f23121d0f6db499c780eb6c891e9686b00d130fca875fc0699d35f3521da52fd43a067ddda65366',
'0x443fb65754b68ed2e5e0e9c9d2c470f8f6b9ab2505849a1e5c179c494de08b5c09f380c7de411d7339d30c93da7f34141610e14a0537021930d06101ef457d8',
'0x3ebb671e1afd0708bfb7715c8a05f5e4c38e1f91b709e6ed50ee2236cddeaa573e25e7887bb253dda4bccc8d1787b8325acf72a04bd97d8ac54cc7f76d6f7714',
'0xff6045a79caa479c7b7d5554fc003cb2b93c81b43f6acea2ff6cc38e43c7ca4f8fd5ef9489aeb4662f2d27e7efd21ce9d3ca5e4af204b460d6aecdd537f44d7',
'0x75715e97ee436fbdc76c14612011c9da25c1a7a01fb849456bdd152eb5d4b8fdd4bb3a5954a4ce6d3fc4ecc18f34003c0e7aa7d42a3cddda9dd62224c9aef49e',
'0x5d3ac1e218da1ee3dcde8a6c323c5650befafbac36285698dce9310466cbf89a54ebdc98cf71dbdd50748e7eafca7e7a63ea334bf28e230323ab5a0579195c44',
'0x86840bd2c1ebbef5b2c59b5e090559405e2aae9634c69ddb5be665fc9dd6ca8caae2e9dc406e2abcd28fa915b7e9e69d56385410285558858cf4dc68337f24d4',
'0x65405264805b8077de96713b0b993c3ed9353ea91bc1f48bf6a4cc05ba1174dc1b69567edaaa8716270c3754deab1601db6af1b3fe1d578bf946e5b92fd745dd',
'0x63ddfe23d9d844a8e974434176741bcf16425d8477a2bfb5ba17fb1b1bd6d5bc0a9929d7aebbcef92ec941c458f208673109ee4ba095220c63c259e917f6b845',
'0xc3fe5db927d9ba8375a046b3cec17aacc6e2030b02efd70f0f760a7f44d8511cfb5eac667c78960a243184b2c66a00bcf205b91649d65595a096fffcaf6fa86',
'0x8297ab762c627ca50bca40181d175929245c4bcd36ef201c561c1ee79c65c4fbf290b30f3c412ac9bfeccb3e04aecd219bbc1c909bbc30d7e7136f64d66bfad6',
'0x5678b2413d5023e730352b67b40a7320408847e02c596a67bddefe47b712726f5c4202bb9796ba389fb78b7b9dcd3d82a1e416253ce347fd5189e1d64ae75aa5',
'0x855ccc6831b02dc53b2db028c1a8c87025de202ef1eb24c02be632e3c7591456d076532dd9e3616c0c6468b57a2b6f1e1c529e05f3e3c41f6fc090053c55f247',
'0x2f2e2662e007cbf9bbf6285f10c4fabb03b20220a55642d6ba980fe27fe76aa3f9b3dd3fadc71441ed30e11bb0ab6b96ff088e2187e2c690c40ccee4d8434487',
'0x611675acab4edfbc6fbd7b6b4321e6a627c29a49e6794c9971d779c15915124b075fbba95a032f7597013616c620bf3c584a3350e4c9c4c280954edb2e7bbda3',
'0x8717128a919ad2aac4fee981fba015ff9136ce43168e1a060c2d4a79e068b38bf14afbc5df3c6fd1a110f9f6bfc24d8b8865c766fdab7a54370e948e73c70c15',
'0x79e159225e9fb790147339772d865b6e2ee254e991d4f3073bbbcc158649aee577142e93670ecbe146fd98a9592493e34e58cc2d9842ccf9fabbe3dead779963',
'0x126992be248c9f6da43ee1a7a7fde32b9f3b73e239724357afa3a9cd7b592dde26ed3279210c2e15e000b8a3ba32a7a1d597a4e0364783cd360f84252a860204',
'0x1a2a913ee4aa073d5ee0c3fc4f69cf9274535f3e9ae72fbeff9067bd215578af7ad6cbd37b1221a228740166c166efa0b20b4a043ba52f3ec6ebc13c2b78e50b',
'0x1d892e8b3ef4cf4a0576a8b42fac2b7ff5daf9cd2e4976c23f57e81064e0ab9611c2b3ab79c7561dc1613d997edce731997c2182d778186c990fdd52a383e33e',
'0x2a5d616ae4340dfc362fc8b05ab138d2f059c7831dd13385f034bd6e1db26435d06948861204d3158677b2e6448e2461c3782b0ea852ebb93e8650ef40a1b495',
'0x8c1fca56f93b8bbfcfe458e35c3754c5080e9d411d985499f9b8475d63c58ca07336f1b9380d3b7aa9c410a95dde577eb2558250f8d479ee0919aadaa56ee322',
'0x3d73908cfb40db22ded1b97ffe5310eb65a559ee165b3fcfdc61ec1cd48fa81023f725153255ee5d16a6cafcba12da16dd6a04a7b98473f6aa788b8edcec2568',
'0x805f7eec96ab864c22f4deebbdd470b91305471ecaf5c5434925bc66e632d69e9c24d01e5f37db460e5f55fa18bd8760dde4911630cb9fff9e802adf0277ce99',
'0x388110c2419ec6f9001298eeb6d8142756c08023c3cce585e98dc9eefba5962d92d14039025dd6a0716c79158633c3949da9d3b3e32a612a55d407478b80a90d',
'0x12e938bde9d892e7ec05fa8a35924a6d9661bfc6cdcf6287e97062b972756841da23b1eecd06009c5a76bcaf21b8427a558e0ae888f9ebe2b1fd82ab4c08a382',
'0x1a0f96285135219e83c8f841a00f10eab254778505cb0327cbc48ca37e1d06f787b213e5948437289224c0f6eb7865fd26155ce607246799af8ff04c30a09195',
'0x63914787f99ddf194336c02a775befcf1e7a58dee80e02028ac3c39ff060bc4924a5f0cab75763b0df2b4b8302455dda413e3603e6265d42f8cc0a45610cc8ef',
'0x32edaf3b24f8e19c91e51693142bd1c7822381b9b74052e4f9082e27291a60fb9a84acc5b521dc458d3bcd1e9aa4b1e3498f060566ba5656a68ed480e275885f',
'0x8edf11bc707189d9a9d09d764cf3a6fb571593ef985c513b9f9dad839fda6c5b95827c71d2d292a7214d0dc2673588cb54008b19d19ca47a5d8aa5a86d51300c',
'0x7c9b2ecbf7c1774e1345026d25db4ffdd7a97cf3fc9a8925befaf32b579a056c949e8c70d3933fb8349c712bc5c2122fb83eadb5fe0861c8abfea238e3be072e',
'0x17d6196b13a8ffaaaf43d287fdb6bb1e21e4ce6eb44bc79ef9827a2826e141f66de19f6bb61c0c544f7c577f16751647c29dddf42c84ef7cd1791393743f4393',
'0x45effcfb066e8b020221fe3a342849f7c793fa71d00480c8af3d540c20e8705f7c855e1cd430a17f5d8bcaeb7c6637447aeaf3efec4279355cea60d023fe56d',
'0x5a202f4c0cb97aec66e8f45a02717eb2f1292008d64684d1b6fd1b807178655ac25eed764f82df04d47ec446372a6ccbc0349ab3b06f7d0dd0fe72083263c7bf',
'0xb2ba210a718eca5296bfb986f2b5d81f1e913e5660b29f742d7d893e0716361ff4d65855b801414ccd4d04bbb2eb92195fc2298cf7665b14207a352018a18bf',
'0x8f02bf48795377129e99e8e5099a0675a07351cf3f3f3f93af727cab449098808d13d05b79a3a924b550350573b404486050d04575624aa3e4ec6f2d9a4cb21b',
'0x1211f706c6b17c2cf9ecd0db12701b93b410269b837a807e2bcd5206f9c1c62b14a51016bfdc93d2076d8e943cf97b36a082e500747afeb74c451fdf422f52ff',
'0x2e9f83f345f6b7afa714f015ae74f15493ab9615f019201c0f5b79eb6b2cc8575c12fb275ef44e9081492797392e856f0dac98ae7fc566b455eed48b2c9686df',
'0x23cfb5d46b3d3917a585ad94a220d54c1bb5c889a842a624dfae0c49a5c9ce56cef667ce8171e05c49601afed956f2ac8856b7de063fa7dcf01a5596cf5ca9fc',
'0x5be4c0c1ae9ef0b620bd994603d5a83e2ff350642b50f73afc498f3b50f0317fd661c7374fe7255db993317690333baafe4a410011ad8310026af2f59890ba13',
'0x70586b0feba9bf1233e9ab44116ce9135c681f6bb891d7d65eb03cbbc5fd39cc64549a2ac56f8a47a7cea23528551913ec3b530106f40552657aae2f3ef1077e',
'0x10a5ba70873fdac3894fbd6f666877c85950c8f1d1e10bb889f8702cb96133856439e0c5651dd179d6b9bf8c10f521911864f1d08d8a591040898dbb18b2061f',
'0x2f0adfcd662b9aff7f914a446f41419b731214b0e83f088bcfd01980d396906d64858380e0314adfa8e23dfee6013dcfac7bd4ea8a34f645d19c4a6a095c1e1d',
'0x3ef616c1e7c315fa75f69b40fca9d2fde3b6b7612af6b38df6950c0d60fe49baa0ab4524fba06255fdfcc7d759082045934457875136af46c00c02e296b15b14',
'0x4ccada62cf2ffc05305ab83214df0e30b37e291ba9a0d1859fa06537852a662bdef654b1eff51d0889feb3df64f4600cf97e1dbe50ab213037437cdc6924d65c',
'0x399040974aa53f9dd325e05bf8c133b45d5ad58df022c8325449cdee81a3bf6319a0206e5c0ce8428a88e69e063a415d57e3f8b21b8161f943a93f652373ebf8',
'0x69936af6d8569fd7fb1d628db9453d6958567d18ecd49e9d8a6e1959524c13bf2d3aad0fda42edc61770c8c913c66cf5b0f73e4fa0224be6c38ed19103da8b75',
'0x82ec870ceff9d1de1f0e00eacbd797843e6f286152bec24be764da124caf8bd7df3a5f900c612326c83d9fa7db45ccd729d1c94a527ae5a6d1e8f9afc87a0392',
'0x7c1321f5908a555bc9976fad5073419294e54b7d0007961d16b9f191442b69fde351ae84deb11367cfa3b8122aec0920eb1c32b635bc94b8ad2fb5ecd761ad75',
'0x6c26e24af4a5ba06ca0c0b184d8d48a51799b4169bbf935063156e6ec41846a5db73aa24775b6939b94c822aab71c1e877f8c12db7b8d07a292ed7a36933eeab',
'0x49e3abd173aef462c2284e02798c60df3ca06cfa6c712030533ee6764e242e8f5cbd34147236543b7fa3ec76f7bb38cb5e8dca5daac196a840274e7f7e3e5a47',
'0x2e02d1cdc9e484586b28cd9b5bb7ac6addc151598383684fec4eee78854437ac3298b8a8c7f7f08da357fb27ee32f8d5b92b93ca86026d4412b7e7383b7014ce',
'0x3e326b0592884ca397a126c4561237fa4b70335b529ac96f7510c29eff460967baaaed9415f24a46eb0e96d7a50cebe08f3657e59fc7e240399d69f879350274',
'0x3e4aa219d60a841cc7ca12c6c3e01fe5ced655d222d7ce370349ab6acbce241b58c1bf5c46a1ed42c26a2c24bf9f1340b44acffbeb6ed60293fd6f39a65939e6',
'0x17fe839bbcf5a7bb8f1129cf7da86ab0cffb6ee05dc3b3287e31c5f596a0be262c173fa333cf7eb1064b0e0fc726415a42a1b03a8cb3dce8aefef950dd748fb9',
'0x150ec1974dedc3ed5d560367f4b71d77373ef585e5cec15496fae2b17dff687d91ea1e1475fcfaa7c4e73e768acb65ca2f97b604ea250ed00c556969a5c843ec',
'0x2d0877284be274be69bd89f19db9b0fd747f0a87db6500fb146478e3388fafc3e15306b934d9e2c9d9cdfce6990af37f9857fd3376c8ca0e49ffeda3e716f4eb',
'0x8621d68e15e9a70afd8f2c7cf8b367e9aa6f50d6b365fd9ce353b07dceb09ad9063a271638f2019dc4ee9bb1fac899475da69b9a79248bd6af0c01fe4d9888f6',
'0x589211dc02b690a26db7bc7a01ae3ad0710ece967b29f4087d1c5a5423796ff4037a53ac2bb962fcda170e7feb124b26261e8d79bc4378d67c42577509fbc33e',
'0x1496d1a7f2a4d494b17456d137d95acbc67d88a4761c22164762c5eec3b6a87c050fe01e400e1add2c3ac077ac01142f34dc66a4d31a794038931f27b42f472c',
'0x4ff8f179ade386e43ade6118e126a83b300ca73c4993782e0c1c1f5e4e73541abf9567a88869be5f74f7271bd7436a6b9bf4e1358d136d396fa5be413ea1fb5c',
'0x7af647be1fa333843385a8e4da8426298453be6072785c76d5df872784a63476f342be46fc73f1a6a4b2d1449aa8c7db2b36fc6059348b7ce4fe71be6765e05e',
'0x8ce2eb0c00003ca9c2b0ae7ff9069ccc8fa86245362a1b9f266eb8b4b9d145f6fa58913f27e793b5c8bb2c7a9695554d1e9e02b286f3531bd4d0357f3fc6b40b',
'0xd1adf03b91241ce93125a38d0d9b2211ff367b7736d8909e48252db629ce3382876adf933e491edef904c267a7fec54a7b0c08e88884fc60a94b7a3d9386d6a',
'0x2dbecb91d0c44a0d20baac53cce00570bc201825a093ecd539ccffa7c24de2c71085ffb4e0db02cd6b9fb99df0a938afaa0ea907cec47525ecf8153a5bf9d80b',
'0x5b82e2a51273fe8b36ae631d1da8565be841c8082d6e729d70e656cccbe80b0a9be06a1d4e973cbb4c44c3f93d7c16cacb829e334c9653269156e5fc259244af',
'0x1a3467c05916abf0839011b9c384594921852a52097d49c7f91cdc82d773151fa47ce723fa33d811914c52aba20366aa66552675a314da1cd136e69575084f75',
'0x557ea9806a668c843314341370ce0dc8bab4e1a088e380127a2a7abcf4693012f5fcafcc5c4b81e736d9d661f3fef0a29e7e285b92d7f3f663c78b00a3352450',
'0x47fa721d969d84806586da7d20c015969c06c12a3acbf4c5606e437e4ae7444ad3e205843d4dc503100890bf4ce9fc76bbf2aaffb744ef637af8c69a97c46e75',
'0x232dd65f1ca5adf03dcc3cfffaf8df7813c6c1e00485393ca0b4b6fbd7fb88319899e3cbee8e68a4f71c22b5f3cad91b69f0ab332103f30e66df0683f5918d43',
'0x413cf4ec1550fe29fbcc3b082a62582e06b4f6d1bfb1b97b0a12e7f353800b5388c603f1a6cee8fd76a3deb09f222993e45ffbf350c2061ccf49456b950996dd',
'0x1b7cee599b31a06748566d3a9103c59a4ead6e8b924aeb0ea79652de8baea5cd0bc33f3966ad67cce7714a91d0a3cc5e36ced47f8022e0e3fc0ab175a4fb3007',
'0xb621860b16f005066198f47b0a61e3378825ee713d8103a5561a913abf468a6c1270faa171404e29823532a1ffc1b700167eb00e7d0d9d103806827820bd2d',
'0x73a182fb694bbd6354e5811c54dc12b42e0cefde1cba82b42e3dbb3cab7fc5dfc0012b94bb237940d6e743e3e0fac035eaf7d183bea97b9549947d98f28ceafe',
'0x5130c776c82ed3e39709068445b4de33514f1ff785434f12441ff5e4a82d6a700503c8d13bb01d088ee959f94768e183303ad952cc905ddb18b46b87488c0a50',
'0x31194484031f7030a80237c04657d9c6fd89ebe9f4117ce951c3eb2bebf82f23def372dce51928aba0108c381e2a2c4a8cb43e819d6ce55affa09ac3fb547cd3',
'0x3b139eb9f2938d4a9bba564d6606f9657c1cf75d9f12809440d9a7637f6c16bd5767dae7c808150a6c36d1fd87668c8cd4c6e2ef0d12c9ac09f14804a595ab0a',
'0x21a76933e110b6d29c4ad5307890e1005da8b0477f6fb6d0dd29d11b272a79db8ac8c7477e7fd9d2eb313a893a5adce53a30c67d30389926850eac62a6fa9d4a',
'0x4dc1128c6ce1d99745fd95633dfd58e1bd1b602bc1033c1a1eb26ab39420b1b3f8b425ffacab1594f9d79eee1a6244228fe82ac68d56cf8a9df4bab17fbd4c1f',
'0x78cad1f6cd0f89722de292f24e2cb6c038a62b9da6bab2458d67f57bb2d7885caeca3c6b5867973655a3e7ef7c7ef772ee62efe476f0e73574d3b252ed39cfce',
'0x89f41cd3fbb2b25da08fc727278215c8ea0e471af6e60f6d3b992067755097411e1a668fb28cf7bd55bf186d704dba84bd7725064aedad258c362eac993379bc',
'0x7acdcd07768855aa65a544413adb01e13eef8c4b97ee1c1f8183c6c8bff5e1e33f405893b9c939ac1faa066b4870de8ef1cbc9b7f994de6fff43608b6612055',
'0x55a81c4c0f9d98efcfe424eb72dd4cfc6ad134c132a260f9eb33b52e39ff37f66c13e0f1fbe9708535bb9465ab50af0327f22766df533bb286348c2efd775a53',
'0xd07bbacf2144712202bf12ed934d6b7676a89313356d972b6a830d3a7e9d41c70cba44860490cc3d8ebdbe632220692a6f4b1ae2ffb11c431f7b759650cd443',
'0x5d9c35530608c6723affea3d8d7d1ac8860882931dd1e3d77b856f953294cd404fcadd8fac1c8d9b1828f612a2c550d13a819872cc3f2ec1ffbfadc15769ed90',
'0x248650e89638d51476620bf9eb9922ec9d8400aecd287582e98d97e9b66d24f5a3ebc6e7fb648fb6f19a324b05aaed796d97ffb4c4c1458b518c8232faebf74',
'0x5f76f3bbf80370ef1700528783acdfaa03645e5a86db9a6eea48ad8d9269732f70482b16f061171264494aee1cd8f2543a6ca1481322819294bd1d3a29839b7f',
'0x2c4f5a28f15303b1260bd01cf9ee603217f06050437ad5b06f26b770eb52ced41a194741ccc4af416e22569248825b0000d8388610389dcb3d6a38b654f164e9',
'0x4f342297076900422e28d9bbce25f02790e9d8a474872a65cce76c3431323f7fb0f20a0d855b2153fd5afce56b08a27272d51c6f03ec8bb9cbb5917113d4cd2e',
'0x81da4f6e07fb11628aa579f277a7354ae488b0811fce257cab3fa6a3d242d856046b98427f5f41e14d4289712053e3b354a66246304bbb77c6ede602a430afb4',
'0x1916a812fde843781b992849de99d20ae23f8ad443e4e862fd9f94a20f0c91b0e59efb098ae913d3a6043188faf14ee51f5e52c117c23a9b583e5c57d2c0b1de',
'0x1a7f88317fba66774599bab804864e6b6a5e7e7ed53afe73101d05e0a38ef7aaccf6903033e19edb01b44c5d8c25637a595f38d2c37ee78de152a6e5b5cbd69d',
'0x26578ac3f09432d6914353866baebc9cc1a8cab84911319c14b9f9ac07b040eb947345f353806e1fb23b9ea8030342a20ccea98c31fb79b81146d3db4c98ac9b',
'0x15a016d19bb7178c7709d135daab9808c509c490f213c5c01388026629af0f6d144aab51c33223d3f783bc3d598105616ab1e496fe62fa961f57be3d54d989b',
'0x4af40108f462ef8f71726fe9a71deb2d49a4f7618f77b51fef96eea2c4ad2b85cd4a502fffafed46c6518169fba14397aedc18114a25000aa79371a9ab977e20',
'0x63ebf8c41e14cb6b3c0a9ccdda8d7e4ff3afdec84b48730943b21bddbb6c19278f979370be315af4881a529e7a7fbb35dcda7c438322076e3af1ac9664fc3d2c',
'0x7a12a4eb38570bd50a805e150a7cfc5252ec398f598cd8c17c39861b180a90351b77793cd69763255ed873d27a0783712915b3328034d6982a8809a61fef5752',
'0x5677161e219eeda8dc5fa5fdd4058f8a5ccdfc9b677f2857be143b94cad3d01c6915f6973a0a0e413a2daea3a4fde905bc4006441aafd1771ebfa0a8bc649454',
'0x4e64358cf721eb305ddbec2509772f57dfb605c5497642221b5ce2a052b496cb872118ef37e3a27b57672dd873fea76ecd9d84c605a49a7bb157a12671fd644a'
]
L2 = map(lambda x: int(x, 16), L2)
suffixes = map(lambda x: long_to_bytes(x), [x for x in range(8, 1024, 8)])
suffixes.insert(0, '\0')
suffixes = suffixes[::-1]
key_parts = []
L = []
for k in L2:
decrypted1, decrypted2 = [long_to_bytes(x) for x in decrypt(k, d, m)]
for suffix in suffixes:
decrypted = decrypted1 if len(decrypted1) < 12 else decrypted2
if decrypted.endswith(suffix):
key_part = decrypted[:-len(suffix)]
key_part = '\00' * (8 - len(key_part)) + key_part
key_parts.append(key_part)
L.append(bytes_to_long(suffix))
break
assert len(key_parts) == 128
assert len(set(L)) == 128
assert all(map(lambda x: len(x) == 8, key_parts))
flag = 'gevktwWdgwre7OR4ICIOX8+j+UkprTDjk6vFE0cpn5ik/i7RaiYrjw=='.decode(
"base64")
print(decrypt_des(flag, key_parts, L))
from crypto_commons.generic import long_to_bytes from crypto_commons.rsa.rsa_commons import hastad_broadcast n1 = "331310324212000030020214312244232222400142410423413104441140203003243002104333214202031202212403400220031202142322434104143104244241214204444443323000244130122022422310201104411044030113302323014101331214303223312402430402404413033243132101010422240133122211400434023222214231402403403200012221023341333340042343122302113410210110221233241303024431330001303404020104442443120130000334110042432010203401440404010003442001223042211442001413004" c1 = "310020004234033304244200421414413320341301002123030311202340222410301423440312412440240244110200112141140201224032402232131204213012303204422003300004011434102141321223311243242010014140422411342304322201241112402132203101131221223004022003120002110230023341143201404311340311134230140231412201333333142402423134333211302102413111111424430032440123340034044314223400401224111323000242234420441240411021023100222003123214343030122032301042243" n2 = "302240000040421410144422133334143140011011044322223144412002220243001141141114123223331331304421113021231204322233120121444434210041232214144413244434424302311222143224402302432102242132244032010020113224011121043232143221203424243134044314022212024343100042342002432331144300214212414033414120004344211330224020301223033334324244031204240122301242232011303211220044222411134403012132420311110302442344021122101224411230002203344140143044114" c2 = "112200203404013430330214124004404423210041321043000303233141423344144222343401042200334033203124030011440014210112103234440312134032123400444344144233020130110134042102220302002413321102022414130443041144240310121020100310104334204234412411424420321211112232031121330310333414423433343322024400121200333330432223421433344122023012440013041401423202210124024431040013414313121123433424113113414422043330422002314144111134142044333404112240344" n3 = "332200324410041111434222123043121331442103233332422341041340412034230003314420311333101344231212130200312041044324431141033004333110021013020140020011222012300020041342040004002220210223122111314112124333211132230332124022423141214031303144444134403024420111423244424030030003340213032121303213343020401304243330001314023030121034113334404440421242240113103203013341231330004332040302440011324004130324034323430143102401440130242321424020323" c3 = "10013444120141130322433204124002242224332334011124210012440241402342100410331131441303242011002101323040403311120421304422222200324402244243322422444414043342130111111330022213203030324422101133032212042042243101434342203204121042113212104212423330331134311311114143200011240002111312122234340003403312040401043021433112031334324322123304112340014030132021432101130211241134422413442312013042141212003102211300321404043012124332013240431242" n1 = int(n1, 5) n2 = int(n2, 5) n3 = int(n3, 5) c1 = int(c1, 5) c2 = int(c2, 5) c3 = int(c3, 5) print(long_to_bytes(hastad_broadcast([(c1, n1), (c2, n2), (c3, n3)])))
