def solver(N1_, N2_):
N1 = mpz(N1_)
N2 = mpz(N2_)
common_p = gcd(N1, N2)
q1 = gmpy2.c_div(N1, common_p)
q2 = gmpy2.c_div(N2, common_p)
return (common_p, q1, q2)
def key_from_sig(self) -> (int, int):
"""
gcd(c1**e - m1, c2**e - m2, cn**e - mn) as described in:
https://crypto.stackexchange.com/questions/30289/is-it-possible-to-recover-an-rsa-modulus-from-its-signatures/30301#30301
And expanded on in:
https://crypto.stackexchange.com/questions/33642/given-enough-rsa-signature-values-is-it-possible-to-determine-the-public-key-va
"""
# Check if signature lengths match.
if len({len(i) for i in self.token_list}) != 1:
Exception("Token signatures are not all the same length!")
for e in self.exponent:
ti = []
for checksum in self.token_list:
ti.append(
pow(mpz(int(self.token_list[checksum], 16)), mpz(e)) -
mpz(int(checksum, 16)))
N = reduce(lambda x, y: gcd(x, y), ti)
# If the N is too short, say 1 or 2, this cannot be correct.
if N.bit_length() > 100:
checksum = random.choice(list(self.token_list))
for i in range(1, 100):
# Verify N
if pow(int(self.token_list[checksum], 16), e,
c_div(N, mpz(i))) == int(checksum, 16):
n = int(c_div(N, mpz(i)))
return e, n
return None, None
def _step2c_searching_with_one_interval_left(self):
## this is the hardest one.
# You need to get the most recent interval set from M,
# and then get the first interval of that set. Unpack
# the interval tuple to variables a, b
most_recent_interval_set = self.M[-1]
(a, b) = most_recent_interval_set[0]
# Next, compute ri = (2(b x s[-1] - 2B))/self.n
# (use gmpy2.c_div for these computations)
div_ri = 2 * ((b * self.s[-1]) - self.B * 2)
ri = gmpy2.c_div(div_ri, self.n)
# Finally, search for an s between (2B+(ri x n))/b
# and (3B+(ri x n))/a
low = gmpy2.f_div((self.B * 2 + (ri * self.n)), b)
high = gmpy2.c_div((self.B * 3 + (ri * self.n)), a)
si = self._find_s(low, high)
#
# If no si is found, increase ri by one and try again.
while not si:
ri += 1
low = gmpy2.f_div((self.B * 2 + (ri * self.n)), b)
high = gmpy2.c_div((self.B * 3 + (ri * self.n)), a)
si = self._find_s(low, high)
return si
def _step2c_searching_with_one_interval_left(self):
## this is the hardest one.
# You need to get the most recent interval set from M,
# and then get the first interval of that set. Unpack
# the interval tuple to variables a, b
# Next, compute ri = (2(b x s[-1] - 2B))/self.n
# (use gmpy2.c_div for these computations)
#
# Finally, search for an s between (2B+(ri x n))/b
# and (3B+(ri x n))/a
#
# If no si is found, increase ri by one and try again.
mostRecentInterval = self.M[-1][0]
a,b = mostRecentInterval
ri = (2 * (b * self.s[-1] - 2*self.B))
ri = gmpy2.c_div(ri, self.n)
si = None
while si is None:
start_s = 2 * self.B + (ri * self.n)
start_s = gmpy2.c_div(start_s, b)
s_max = 3 * self.B + (ri * self.n)
s_max = gmpy2.c_div(s_max, a)
si = self._find_s(start_s, s_max)
ri += 1
return si
def _step2c_searching_with_one_interval_left(self):
a,b = self.M[-1][0]
ri = gmpy2.c_div(2*(b*self.s[-1] - 2*self.B),self.n)
si = None
while si == None:
si = gmpy2.c_div((2*self.B+ri*self.n),b)
s_max = gmpy2.c_div((3*self.B+ri*self.n),a)
si = self._find_s(start_s=si, s_max=s_max)
ri += 1
return si
def create_keypair(size):
while True:
p = get_prime(size // 2)
q = get_prime(size // 2)
if q < p < 2*q:
break
N = p * q
phi_N = (p - 1) * (q - 1)
# Recall that: d < (N^(0.25))/3
max_d = c_div(isqrt(isqrt(N)), 3)
max_d_bits = max_d.bit_length() - 1
while True:
d = urandom.getrandbits(max_d_bits)
try:
e = int(gmpy2.invert(d, phi_N))
except ZeroDivisionError:
continue
if (e * d) % phi_N == 1:
break
assert test_key(N, e, d)
return N, e, d, p, q
def create_keypair(size):
while True:
p = get_prime(size // 2)
q = get_prime(size // 2)
if q < p < 2 * q:
break
N = p * q
phi_N = (p - 1) * (q - 1)
# Recall that: d < (N^(0.25))/3
max_d = c_div(isqrt(isqrt(N)), 3)
max_d_bits = max_d.bit_length() - 1
while True:
d = urandom.getrandbits(max_d_bits)
try:
e = int(gmpy2.invert(d, phi_N))
except ZeroDivisionError:
continue
if (e * d) % phi_N == 1:
break
assert test_key(N, e, d)
return N, e, d, p, q
def _step2c_searching_with_one_interval_left(self):
## this is the hardest one.
# You need to get the most recent interval set from M,
# and then get the first interval of that set. Unpack
# the interval tuple to variables a, b
# Next, compute ri = (2(b x s[-1] - 2B))/self.n
# (use gmpy2.c_div for these computations)
#
# Finally, search for an s between (2B+(ri x n))/b
# and (3B+(ri x n))/a
#
# If no si is found, increase ri by one and try again.
si = None
intervalSet = self.M[-1]
interval = intervalSet[0]
a, b = interval
ri = gmpy2.c_div(2 * ((b * self.s[-1]) - (2 * self.B)), self.n) - 1
while (si == None):
bBound = (2 * self.B + (ri * self.n)) // b
aBound = (3 * self.B + (ri * self.n)) // a
si = self._find_s(bBound, aBound)
ri += 1
return si
def _step2a_start_the_searching(self):
# this function should return a found s where s starts
# at n/3B. Because these are big numbers, you should use
# gmpy2.c_div to divide n and 3B.
# return the si found.
si = gmpy2.c_div(self.n, 3 * self.B)
return self._find_s(si)
def solve(*lines):
P, Q = lines
Q = mpz(Q)
P = mpz(P)
_gcd = gcd(P, Q)
if gcd > 1:
P = c_div(P, _gcd)
Q = c_div(Q, _gcd)
if not log2(Q).is_integer():
return 'impossible'
res = log2(P)
res = mpz(floor(res))
res, rem = c_divmod(Q, 2**res)
if rem:
return 'impossible'
return int(log2(res))
def _step3_narrowing_set_of_solutions(self, si):
# This step reduces the number of possible solutions
# It will start by iterating through all the Intervals in the
# most recent M. As you iterate through each Interval, unpack
# the Interval to variables a, b
#
# For each interval a,b
# r_min is ((a x si) - 3B+1)/n (use gmpy2.c_div)
# r_max is ((b x si) - 2B)/n (use **gmpy2.f_div**)
# For r in range (r_min, r_max):
# new_a = (2B + (r x n))/ si (use gmpy2.c_div)
# new_b = ((3B-1) + (r x n))/si (use **gmpy2.f_div**)
# new_interval = Interval( max(a, new_a), min(b, new_b))
# add interval to a set of intervals
# append the new intervals to M (the new last element of M will
# be the list of intervals discovered)
# append si to self.s
# IF the length of new intervals is 1 AND this single Interval's
# a == b, return True, otherwise False
# For explanations on why to use c_div vs f_div, look up these
# functions in gmpy2 and then see if you can figure out why one is
# used over the other
mostRecentM = self.M[-1]
intervals = []
for a,b in mostRecentM:
r_min = ((a * si) - 3 * self.B + 1)
r_min = gmpy2.c_div(r_min, self.n)
r_max = ((b * si) - 2 * self.B)
r_max = gmpy2.f_div(r_max, self.n)
for r in range(r_min, r_max + 1):
new_a = (2 * self.B + (r * self.n))
new_a = gmpy2.c_div(new_a, si)
new_b = ((3 * self.B-1) + (r * self.n))
new_b = gmpy2.f_div(new_b, si)
new_interval = Interval( max(a, new_a), min(b, new_b))
intervals.append(new_interval)
self.M.append(intervals)
self.s.append(si)
if len(intervals) == 1 and intervals[0].a == intervals[0].b:
return True
else:
return False
def _step3_narrowing_set_of_solutions(self, si):
# This step reduces the number of possible solutions
# It will start by iterating through all the Intervals in the
# most recent M. As you iterate through each Interval, unpack
# the Interval to variables a, b
#
most_recent_M = self.M[-1]
new_intervals = []
# For each interval a,b
for interval in most_recent_M:
(a, b) = interval
# r_min is ((a x si) - 3B+1)/n (use gmpy2.c_div)
div_a = (a * si) - ((self.B * 3) - 1)
r_min = gmpy2.c_div(div_a, self.n)
# r_max is ((b x si) - 2B)/n (use **gmpy2.f_div**)
div_b = (b * si) - (self.B * 2)
r_max = gmpy2.f_div(div_b, self.n)
# For r in range (r_min, r_max):
for r in range(r_min, r_max + 1):
# new_a = (2B + (r x n))/ si (use gmpy2.c_div)
div_new_a = (self.B * 2) + (r * self.n)
new_a = gmpy2.c_div(div_new_a, si)
# new_b = ((3B-1) + (r x n))/si (use **gmpy2.f_div**)
div_new_b = ((self.B * 3) + 1) + (r * self.n)
new_b = gmpy2.f_div(div_new_b, si)
# new_interval = Interval( max(a, new_a), min(b, new_b))
new_interval = Interval(max(a, new_a), min(b, new_b))
# add interval to a set of intervals
new_intervals.append(new_interval)
# append the new intervals to M (the new last element of M will
# be the list of intervals discovered)
self.M.append(new_intervals)
# append si to self.s
self.s.append(si)
# IF the length of new intervals is 1 AND this single Interval's
# a == b, return True, otherwise False
if len(new_intervals) == 1:
(a, b) = new_intervals[0]
if a == b:
return True
# For explanations on why to use c_div vs f_div, look up these
# functions in gmpy2 and then see if you can figure out why one is
# used over the other
return False
def _step2a_start_the_searching(self):
# this function should return a found s where s starts
# at n/3B. Because these are big numbers, you should use
# gmpy2.c_div to divide n and 3B.
# return the si found.
start_s = gmpy2.c_div(self.n, self.B * 3)
si = self._find_s(start_s)
print("Found si: ", si)
return si
def _step3_narrowing_set_of_solutions(self, si):
new_intervals = set()
for a,b in self.M[-1]:
r_min = gmpy2.c_div((a*si - 3*self.B + 1),self.n)
r_max = gmpy2.f_div((b*si - 2*self.B),self.n)
for r in range(r_min, r_max+1):
a_candidate = gmpy2.c_div((2*self.B+r*self.n),si)
b_candidate = gmpy2.f_div((3*self.B-1+r*self.n),si)
new_interval = Interval(max(a, a_candidate), min(b,b_candidate))
new_intervals.add(new_interval)
new_intervals = list(new_intervals)
self.M.append(new_intervals)
self.s.append(si)
if len(new_intervals) == 1 and new_intervals[0].a == new_intervals[0].b:
return True
return False
def main():
guessnum = 512 - 16
# first make a dummy request to find the public modulus for our team
initial_request = {"team": TEAM, "ciphertext": "00" * (n // 8)}
r = requests.post(SERVER_URL + "/decrypt",
data=json.dumps(initial_request))
try:
N = int(r.json()["modulus"], 16)
except:
print(r.text)
sys.exit(1)
# compute R^{-1}_N
Rinv = gmpy2.invert(R, N)
# Start with a "guess" of 0, and analyze the zero-one gap, updating our
# guess each time. Repeat this for the (512-16) most significant bits of q
g = gmpy2.mpz(0)
for i in range(guessnum): # used to be range(512 - 16)
print(i)
gap = compute_gap(g, i, Rinv, 50, N)
# TODO: based on gap, decide whether bit (512 - i) is 0 or 1, and
# update g accordingly
if gap < 600: # bit is 1
g = g + 2**(512 - i)
# Off-by-one error somewhere, and this line saves our ass somehow
g = gmpy2.c_div(g, 2)
# print("bin(g): ", str(bin(g)))
# HARDCODED SOLUTION (used for testing purposes)
# hs = int("0b11111000110110011111100101100001110010001001010010111010011100010110001010000001001001001010011111101110010111000011101011011111110010011111100100111011101001011100011110001111011011000011011111001111001011010100111110010110011010111001100110001100110110010110011111110010011111101001100100100001100000111111100010010001110111000000010000001001100010010000100100011100100100100100110111101011100101000000001011101111110101001100100001000110010101111101101011011100001001110010010010110001011010001000011000001001", 2)
# hs_16_zeros = int("0b11111000110110011111100101100001110010001001010010111010011100010110001010000001001001001010011111101110010111000011101011011111110010011111100100111011101001011100011110001111011011000011011111001111001011010100111110010110011010111001100110001100110110010110011111110010011111101001100100100001100000111111100010010001110111000000010000001001100010010000100100011100100100100100110111101011100101000000001011101111110101001100100001000110010101111101101011011100001001110010010010110001011010000000000000000000", 2)
# h = gmpy2.mpz(hs)
# g = gmpy2.mpz(hs_16_zeros)
# submit_guess(h)
# brute-force last 16 bits
print("Starting brute-force...")
for i in range(2**16):
q = g + i
if N % q == 0: # check if this is a valid q
print("GOT EM")
print(str(bin(q)))
submit_guess(q)
def main():
guessnum = 512-16
# first make a dummy request to find the public modulus for our team
initial_request = {"team": TEAM, "ciphertext": "00"*(n//8)}
r = requests.post(SERVER_URL + "/decrypt", data=json.dumps(initial_request))
try:
N = int(r.json()["modulus"], 16)
except:
print(r.text)
sys.exit(1)
# compute R^{-1}_N
Rinv = gmpy2.invert(R, N)
# Start with a "guess" of 0, and analyze the zero-one gap, updating our
# guess each time. Repeat this for the (512-16) most significant bits of q
g = gmpy2.mpz(0)
for i in range(guessnum): # used to be range(512 - 16)
print(i)
gap = compute_gap(g, i, Rinv, 50, N)
# TODO: based on gap, decide whether bit (512 - i) is 0 or 1, and
# update g accordingly
if gap<600: # bit is 1
g = g+2**(512-i)
# Off-by-one error somewhere, and this line saves our ass somehow
g = gmpy2.c_div(g, 2)
# print("bin(g): ", str(bin(g)))
# HARDCODED SOLUTION (used for testing purposes)
# hs = int("0b11111000110110011111100101100001110010001001010010111010011100010110001010000001001001001010011111101110010111000011101011011111110010011111100100111011101001011100011110001111011011000011011111001111001011010100111110010110011010111001100110001100110110010110011111110010011111101001100100100001100000111111100010010001110111000000010000001001100010010000100100011100100100100100110111101011100101000000001011101111110101001100100001000110010101111101101011011100001001110010010010110001011010001000011000001001", 2)
# hs_16_zeros = int("0b11111000110110011111100101100001110010001001010010111010011100010110001010000001001001001010011111101110010111000011101011011111110010011111100100111011101001011100011110001111011011000011011111001111001011010100111110010110011010111001100110001100110110010110011111110010011111101001100100100001100000111111100010010001110111000000010000001001100010010000100100011100100100100100110111101011100101000000001011101111110101001100100001000110010101111101101011011100001001110010010010110001011010000000000000000000", 2)
# h = gmpy2.mpz(hs)
# g = gmpy2.mpz(hs_16_zeros)
# submit_guess(h)
# brute-force last 16 bits
print("Starting brute-force...")
for i in range(2**16):
q = g + i
if N%q==0: # check if this is a valid q
print("GOT EM")
print(str(bin(q)))
submit_guess(q)
def safe_prime(exponent):
for k in range(0,10000000):
p = 10**exponent + k
# checks to see if p is prime
a = gmpy2.powmod(2, p-1, p)
if (a == 1):
# since p is prime, check to see if
# p is a safe prime
safe_p = gmpy2.c_div(gmpy2.sub(p,1),2)
if (gmpy2.is_prime(int(safe_p))):
print "k = %i \nsafe prime = %i\n" % (k, safe_p)
return
def safe_prime(exponent):
for k in range(0, 10000000):
p = 10**exponent + k
# checks to see if p is prime
a = gmpy2.powmod(2, p - 1, p)
if (a == 1):
# since p is prime, check to see if
# p is a safe prime
safe_p = gmpy2.c_div(gmpy2.sub(p, 1), 2)
if (gmpy2.is_prime(int(safe_p))):
print "k = %i \nsafe prime = %i\n" % (k, safe_p)
return
def prim_root():
# calls safe_prime func
# and uses safe prime
# for primitive root
p = safe_prime(100)
base = (2,3,5,7,11,13)
for k in base:
# checks to see if p is prime
a = gmpy2.powmod(k, gmpy2.c_div(gmpy2.sub(p,1), 2), p)
if (a != 1):
print "%i is a primitive root modulo %i\n" % (k, p)
else:
print "%i is not a primitive root modulo %i\n" % (k, p)
return
def findAVulnerablePrime(bitSize):
generator = 65537
m = nt.primorial(prime_default(bitSize), False)
max_order = nt.totient(m)
max_order_factors = nt.factorint(max_order)
order = element_order_general(generator, m, max_order, max_order_factors)
order_factors = nt.factorint(order)
power_range = [0, order - 1]
min_prime = g.bit_set(
g.bit_set(g.mpz(0), bitSize // 2 - 1), bitSize // 2 - 2
) # g.add(pow(g.mpz(2), (length / 2 - 1)), pow(g.mpz(2), (length / 2 - 2)))
max_prime = g.bit_set(
min_prime, bitSize // 2 - 4
) # g.sub(g.add(min_prime, pow(g.mpz(2), (length / 2 - 4))), g.mpz(1))
multiple_range = [g.f_div(min_prime, m), g.c_div(max_prime, m)]
random_state = g.random_state(random.SystemRandom().randint(0, 2**256))
return random_prime(random_state,
nt.primorial(prime_default(bitSize), False), generator,
power_range, multiple_range)
def create_dangerouse_keys(n_bits):
while True:
p = gen_prime(n_bits // 2)
q = gen_prime(n_bits // 2)
if q < p < 2 * q:
break
N = p * q
euler = (p - 1) * (q - 1)
# подбираем подходящую дешифрующую экспоненту d < (1/3) N^(1/4)
d_max_possible_val = c_div(isqrt(isqrt(N)), 3)
len_d_max_possible_val = d_max_possible_val.bit_length() - 1
while True:
d = random.getrandbits(len_d_max_possible_val)
try:
e = int(gmpy2.invert(d, euler))
except ZeroDivisionError:
continue
if (e * d) % euler == 1:
break
return N, e, d, p, q
def _step2a_start_the_searching(self):
si = self._find_s(start_s=gmpy2.c_div(self.n, 3*self.B))
return si
def size(self, bytes=True):
bits = number.size(self._key.n)
if bytes:
return gmpy2.c_div(bits, 8)
return bits
print "p_max= "
print p_max.digits(10)
# calculate p_min
p_min = proot(1, dist, -(n - 1))
print "p_min= "
print p_min.digits(10)
# start finding prime
if gmpy2.is_prime(p_min):
p = p_min
else:
p = gmpy2.next_prime(p_min)
# loop through prime numbers from p_min to p_max
while p < p_max:
# get remainder of div(n, p)
rem = gmpy2.t_mod(n, p)
if rem == 0:
print "\nresult= "
print "p= "
print p.digits(10)
print "q= "
print gmpy2.c_div(n, p)
sys.exit()
p = gmpy2.next_prime(p)
def round3(z):
return c_div(z, mpz(2))
print "p_max= " print p_max.digits(10) # calculate p_min p_min = proot(1, dist, -(n - 1)) print "p_min= " print p_min.digits(10) # start finding prime if gmpy2.is_prime(p_min): p = p_min else: p = gmpy2.next_prime(p_min) # loop through prime numbers from p_min to p_max while p < p_max: # get remainder of div(n, p) rem = gmpy2.t_mod(n, p) if rem == 0: print "\nresult= " print "p= " print p.digits(10) print "q= " print gmpy2.c_div(n, p) sys.exit() p = gmpy2.next_prime(p)
elif i == 1:
basel = g
left = basel
else:
left = gmpy2.t_mod(gmpy2.mul(left, basel), p)
# Write result to file
if right == left:
ansEx = gmpy2.mul(m, j) + i
answer = gmpy2.powmod(g, ansEx, p)
f.write("p = " + p.digits(10))
f.write("\ng = " + g.digits(10))
f.write("\ny = " + y.digits(10))
f.write("\nm = " + m.digits(10))
f.write("\nt = " + str(j))
f.write("\ns = " + str(i))
f.write("\nanswer = " + ansEx.digits(10))
f.write("\ncheck g = " + answer.digits(10))
f.close()
sys.exit()
i += 1
# pi = gmpy2.c_div((i * 100), m)
# print "\r" + pj.digits(10) + " " + pi.digits(10) + " %",
j += 1
# print progress
pj = gmpy2.c_div((j * 100), m)
print "\r" + pj.digits(10) + " %",
# n = mpz('2129754913199')
# get p value
fi = open('pCurr2.txt', 'r')
p = mpz(fi.readline())
fi.close()
print p.digits(10)
# loop for prime
while p < 15000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:
# get remainder of div(n, p)
rem = gmpy2.t_mod(n, p)
if rem == 0:
q = gmpy2.c_div(n, p)
f = open('pResult.txt', 'a')
f.write("p = " + p.digits(10) + "\n")
f.write("q = " + q.digits(10) + "\n")
f.write("n = " + n.digits(10) + "\n")
f.close()
fi = open('pCurr2.txt', 'w')
fi.write(p.digits(10))
fi.close()
fv = open('pValue2.txt', 'a')
fv.write(p.digits(10) + "\n")
fv.close()
sys.exit()
import gmpy2
from gmpy2 import mpz, c_div, mul, c_divmod, c_mod
n = mpz(
837849563862443268467145186974119695264713699736869090645354954749227901572347301978135797019317859500555501198030540582269024532041297110543579716921121054608494680063992435808708593796476251796064060074170458193997424535149535571009862661106986816844991748325991752241516736019840401840150280563780565210071876568736454876944081872530701199426927496904961840225828224638335830986649773182889291953429581550269688392460126500500241969200245489815778699333733762961281550873031692933566002822719129034336264975002130651771127313980758562909726233111335221426610990708111420561543408517386750898610535272480495075060087676747037430993946235792405851007090987857400336566798760095401096997696558611588264303087788673650321049503980655866936279251406742641888332665054505305697841899685165810087938256696223326430000379461379116517951965921710056451210314300437093481577578273495492184643002539393573651797054497188546381723478952017972346925020598375000908655964982541016719356586602781209943943317644547996232516630476025321795055805235006790200867328602560320883328523659710885314500874028671969578391146701739515500370268679301080577468316159102141953941314919039404470348112690214065442074200255579004452618002777227561755664967507
)
f = open("../myI1", "r")
c = f.read()
p = mpz(c)
q = c_div(n, p)
mod = n % p
print(mod)
print(n % q)
print(p * q)
sha256_1 = SHA256.new(jks1_input.encode('ascii'))
padded1 = PKCS1_v1_5.EMSA_PKCS1_V1_5_ENCODE(sha256_1, len(jwt0_sig_bytes))
m0 = bytes2mpz(padded0)
m1 = bytes2mpz(padded1)
pkcs1 = asn1tools.compile_files('data/pkcs1.asn', codec='der')
x509 = asn1tools.compile_files('data/x509.asn', codec='der')
for e in [mpz(3), mpz(65537)]:
gcd_res = gcd(pow(jwt0_sig, e) - m0, pow(jwt1_sig, e) - m1)
#To speed things up switch comments on prev/next lines!
#gcd_res = mpz(0x143f02c15c5c79368cb9d1a5acac4c66c5724fb7c53c3e048eff82c4b9921426dc717b2692f8b6dd4c7baee23ccf8e853f2ad61f7151e1135b896d3127982667ea7dba03370ef084a5fd9229fc90aeed2b297d48501a6581eab7ec5289e26072d78dd37bedd7ba57b46cf1dd9418cd1ee03671b7ff671906859c5fcda4ff5bc94b490e92f3ba9739f35bd898eb60b0a58581ebdf14b82ea0725f289d1dac982218d6c8ec13548f075d738d935aeaa6260a0c71706ccb8dedef505472ce0543ec83705a7d7e4724432923f6d0d0e58ae2dea15f06b1b35173a2f8680e51eff0fb13431b1f956cf5b08b2185d9eeb26726c780e069adec0df3c43c0a8ad95cbd342)
print("[*] GCD: ", hex(gcd_res))
for my_gcd in range(1, 100):
my_n = c_div(gcd_res, mpz(my_gcd))
if pow(jwt0_sig, e, my_n) == m0:
print("[+] Found n with multiplier", my_gcd, " :\n", hex(my_n))
pkcs1_pubkey = pkcs1.encode("RSAPublicKey", {
"modulus": int(my_n),
"publicExponent": int(e)
})
x509_der = x509.encode(
"PublicKeyInfo", {
"publicKeyAlgorithm": {
"algorithm": "1.2.840.113549.1.1.1",
"parameters": None
},
"publicKey": (pkcs1_pubkey, len(pkcs1_pubkey) * 8)
})
pem_name = "%s_%d_x509.pem" % (hex(my_n)[2:18], e)
import gmpy2
from gmpy2 import mpz
import random
#bit_count = 64
#rand_state = gmpy2.random_state()
c1=int(input("Enter c1:"))
c2=int(input("Enter c2:"))
e1=int(input("Enter e:"))
d1=int(input("Enter d:"))
n1=int(input("Enter n:"))
k2=gmpy2.powmod(c1,d1,n1)
jk=k2-1
k3=gmpy2.c_div(c2,gmpy2.powmod(jk,e1,n1))
print(int(k3))
print(jk)
# try A as ceil(sqrt(6N)) and x = sqrt(A^2 - 6N) # first find A = ceil(sqrt(6N)) A = mul(6, N) A = add(A, 1) A = isqrt(A) print 'A = ' + str(A) # then get x = sqrt(A^2 - 6N) x = mul(A, A) x = sub(x, mul(6, N)) x = isqrt(x) print 'x = ' + str(x) # then get p = (A - x)/3 (smaller factor) p = c_div(sub(A, x),3) q = c_div(add(A, x),2) N3 = mul(p, q) print str(p) + '\n' print str(q) + '\n' print str(N3) + '\n' print str(N) + '\n' print 'three? \n' # # Challenge 4 c = 22096451867410381776306561134883418017410069787892831071731839143676135600120538004282329650473509424343946219751512256465839967942889460764542040581564748988013734864120452325229320176487916666402997509188729971690526083222067771600019329260870009579993724077458967773697817571267229951148662959627934791540 e = 65537 phi = mul(sub(p4, 1), sub(q4, 1))
# n = mpz('2129754913199')
# get p value
fi = open('pCurr2.txt', 'r')
p = mpz(fi.readline())
fi.close()
print p.digits(10)
# loop for prime
while p < 15000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000:
# get remainder of div(n, p)
rem = gmpy2.t_mod(n, p)
if rem == 0:
q = gmpy2.c_div(n, p)
f = open('pResult.txt', 'a')
f.write("p = " + p.digits(10) + "\n")
f.write("q = " + q.digits(10) + "\n")
f.write("n = " + n.digits(10) + "\n")
f.close()
fi = open('pCurr2.txt', 'w')
fi.write(p.digits(10))
fi.close()
fv = open('pValue2.txt', 'a')
fv.write(p.digits(10) + "\n")
fv.close()
sys.exit()
for left in leftArray:
if right == left:
ansEx = gmpy2.mul(m, j) + i
answer = gmpy2.powmod(g, ansEx, p)
f.write("p = " + p.digits(10))
f.write("\ng = " + g.digits(10))
f.write("\ny = " + y.digits(10))
f.write("\nm = " + m.digits(10))
f.write("\nt = " + str(j))
f.write("\ns = " + str(i))
f.write("\nanswer = " + ansEx.digits(10))
f.write("\ncheck g = " + answer.digits(10))
f.close()
sys.exit()
i += 1
j += 1
# print progress
pj = gmpy2.c_div((j * 100), m)
print "\r" + pj.digits(10) + " %",
fi = open('iCurr.txt', 'w')
fi.write((iCurr + maxList).digits(10))
fi.close()
fv = open('iValue.txt', 'a')
fv.write((iCurr + maxList).digits(10) + "\n")
fv.close()