def GetED(p, q):
k = CalBit(q * p)
phi_n = (p - 1) * (q - 1)
r = random.randint(10, 99)
while True:
u = getPrime(k / 4 - r)
if gcd(u, phi_n) != 1:
continue
t = invmod(u, phi_n)
e = PiB(t)
if gcd(e, phi_n) == 1:
break
d = invmod(e, phi_n)
return (e, d)
def divide_pq(ed, n):
# ed = e*d
k = ed - 1
while True:
g = random.randint(3, n - 2)
t = k
while True:
if t % 2 != 0:
break
t /= 2
x = pow(g, t, n)
if x > 1 and gcd(x - 1, n) > 1:
p = gcd(x - 1, n)
return (p, n / p)
def get_ed(p, q): k = cal_bit(q*p) phi_n = (p-1)*(q-1) r = random.randint(10, 99) while True: u = getPrime(k/4 - r) if gcd(u, phi_n) != 1: continue t = invmod(u, phi_n) e = pi_b(t) if gcd(e, phi_n) == 1: break d = invmod(e, phi_n) return (e, d)
def divide_pq(ed, n): # ed = e*d k = ed - 1 while True: g = random.randint(3, n-2) t = k while True: if t % 2 != 0: break t /= 2 x = pow(g, t, n) if x > 1 and gcd(x-1, n) > 1: p = gcd(x-1, n) return (p, n/p)
def get_ed(p, q):
k = cal_bit(q * p)
phi_n = (p - 1) * (q - 1)
r = random.randint(10, 99)
while True:
u = getPrime(k / 4 - r)
if gcd(u, phi_n) != 1:
continue
t = invmod(u, phi_n)
e = pi_b(t)
if gcd(e, phi_n) == 1:
break
d = invmod(e, phi_n)
return (e, d)
def rsa(e, n, p, q, c):
from libnum import n2s, xgcd, gcd
assert p * q == n
phi = (p - 1) * (q - 1)
assert gcd(e, phi) == 1
d = xgcd(e, phi)[0] % phi
return n2s(pow(c, d, n))
def check_valid(key):
n = key[0] * key[1]
tn = (key[0] - 1) * (key[1] - 1)
return True
if libnum.gcd(3, tn) == 1:
return True
else:
return False
def Enc(m, p, g, y):
k = random.randint(1, p - 2)
while (not libnum.gcd(k, p - 1) == 1):
k = random.randint(0, p - 1)
u = fastPowMod(g, k, p)
v = pow(m * fastPowMod(y, k, p), 1, p)
c = str(u) + "," + str(v)
return c
def check_valid(key):
n = key[0] * key[1]
tn = (key[0]-1)*(key[1]-1)
return True
if libnum.gcd(3, tn) == 1:
return True
else:
return False
def comfact_cn(N, c):
log.debug('factor N: try Common factor between ciphertext and modulus attack')
# Try an attack where the public key has a common factor with the ciphertext - sourcekris
if c:
commonfactor = libnum.gcd(N, c)
if commonfactor > 1:
q = commonfactor
p = N / q
return p, q
def test_euclid(self):
for b in range(1, 1000, 13):
for a in range(1, 1000, 7):
g = libnum.gcd(a, b)
x, y, g2 = libnum.xgcd(a, b)
self.assertEqual(g, g2)
self.assertEqual(a * x + b * y, g)
self.assertEqual(libnum.xgcd(0, 10)[1:], (1, 10))
self.assertEqual(libnum.xgcd(10, 0)[0::2], (1, 10))
self.assertEqual(libnum.xgcd(0, 0)[2], 0)
self.assertRaises(TypeError, libnum.xgcd, "qwe", 10)
self.assertRaises(TypeError, libnum.xgcd, 10, "qwe")
def gen_key(): while True: p = getPrime(k/2) if gcd(e, p-1) == 1: break q_t = getPrime(k/2) n_t = p * q_t t = get_bit(n_t, k/16, 1) y = get_bit(n_t, 5*k/8, 0) p4 = get_bit(p, 5*k/16, 1) u = pi_b(p4, 1) n = bytes_to_long(long_to_bytes(t) + long_to_bytes(u) + long_to_bytes(y)) q = n / p if q % 2 == 0: q += 1 while True: if isPrime(q) and gcd(e, q-1) == 1: break m = getPrime(k/16) + 1 q ^= m return (p, q, e)
def gen_key(): while True: p = getPrime(k/2) if gcd(e, p-1) == 1: break q_t = getPrime(k/2) n_t = p * q_t t = get_bit(n_t, k/16, 1) y = get_bit(n_t, 5*k/8, 0) p4 = get_bit(p, 5*k/16, 1) u = pi_b(p4, 1) n = bytes_to_long(long_to_bytes(t) + long_to_bytes(u) + long_to_bytes(y)) q = n / p if q % 2 == 0: q += 1 while True: if isPrime(q) and gcd(e, q-1) == 1: break m = getPrime(k/16) + 1 q ^= m return (p, q, e)
def common_modulus(n, e1, e2, c1, c2):
"""
ref:
∵gcd(e1,e2)==1,∴由扩展欧几里得算法,存在e1*s1+e2*s2==1
∴m==m^1==m^(e1*s1+e2*s2)==((m^e1)^s1)*((m^e2)^s2)==(c1^s1)*(c2^s2)
"""
assert (libnum.gcd(e1, e2) == 1)
_, s1, s2 = gmpy2.gcdext(e1, e2)
# 若s1<0,则c1^s1==(c1^-1)^(-s1),其中c1^-1为c1模n的逆元。
m = pow(c1, s1, n) if s1 > 0 else pow(gmpy2.invert(c1, n), -s1, n)
m *= pow(c2, s2, n) if s2 > 0 else pow(gmpy2.invert(c2, n), -s2, n)
return m % n
def test_gcd_list():
assert gcd(100, 75, 150, -325) == 25
assert gcd(-10, -155, -50) == 5
assert gcd(-13) == 13
assert gcd(3, 0, 30) == 3
with pytest.raises(TypeError):
gcd("qwe")
def test_has_invmod(self):
for modulus in range(2, 1000, 31):
for a in range(2, modulus, 5):
if libnum.has_invmod(a, modulus):
x = libnum.invmod(a, modulus)
self.assertEqual((a * x) % modulus, 1)
else:
self.assertNotEqual(libnum.gcd(a, modulus), 1)
self.assertRaises(ValueError, libnum.has_invmod, 1, 1)
self.assertRaises(ValueError, libnum.has_invmod, 1, 0)
self.assertRaises(ValueError, libnum.has_invmod, 1, -100)
self.assertRaises(TypeError, libnum.has_invmod, "qwe", 10)
self.assertRaises(TypeError, libnum.has_invmod, 10, "qwe")
def sqrt_iter(n, s, t, a, b):
'''
take t*(sqrt(n)+a)/b
s = floor(sqrt(n))
return (v, next fraction params t, a, b)
'''
v = t * (s + a) / b
t2 = b
b2 = t * (n - (b * v - a)**2)
a2 = b * v - a
g = gcd(t2, b2)
t2 /= g
b2 /= g
return v, (t2, a2, b2)
def sqrt_iter(n, s, t, a, b):
'''
take t*(sqrt(n)+a)/b
s = floor(sqrt(n))
return (v, next fraction params t, a, b)
'''
v = t * (s + a) / b
t2 = b
b2 = t * (n - (b * v - a)**2)
a2 = b * v - a
g = gcd(t2, b2)
t2 /= g
b2 /= g
return v, (t2, a2, b2)
def test_gcd_pair(self):
self.assertEqual(libnum.gcd(100, 75), 25)
self.assertEqual(libnum.gcd(-10, 155), 5)
self.assertEqual(libnum.gcd(30, -77), 1)
self.assertEqual(libnum.gcd(0, -77), 77)
self.assertEqual(libnum.gcd(0, 0), 0)
self.assertEqual(libnum.gcd(13, 0), 13)
self.assertRaises(TypeError, libnum.gcd, "qwe", 10)
self.assertRaises(TypeError, libnum.gcd, 10, "qwe")
def main(): verify() usage = """ 01010111 01100101 01101100 01100011 01101111 01101101 01110100 01101111 00110010 00110000 00110001 00110110 01001000 01000011 01010100 01000110 01010010 01010011 01000001 01000100 01100101 01100011 01101111 01100100 01100101 01010011 01111001 01110011 01110100 01100101 01101101 """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 38 except: print "Token error!" m_exit(-1) spub, spriv = get_pkey() # Generation p, q p, q = GetPrimes(spub, spriv) n = p * q phi_n = (p-1)*(q-1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "In this Game, Your public key:" print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: s = raw_input() try: c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
def main():
verify()
usage = """
01010111 01100101 01101100 01100011 01101111 01101101
01110100 01101111 00110010 00110000 00110001 00110110
01001000 01000011 01010100 01000110 01010010 01010011 01000001
01000100 01100101 01100011 01101111 01100100 01100101
01010011 01111001 01110011 01110100 01100101 01101101
"""
print usage
print "This is a RSA Decryption System"
print "Please enter Your team token: "
try:
token = raw_input()
flag = get_flag(token)
assert len(flag) == 38
except:
print "Token error!"
m_exit(-1)
spub, spriv = get_pkey()
# Generation p, q
p, q = GetPrimes(spub, spriv)
n = p * q
phi_n = (p - 1) * (q - 1)
d = invmod(e, phi_n)
while True:
e2 = random.randint(0x1000, 0x10000)
if gcd(e2, phi_n) == 1:
break
print "In this Game, Your public key:"
print "n: ", hex(n)
print "e: ", hex(e)
print "e2: ", hex(e2)
flag = bytes_to_long(flag)
enc_flag = pow(flag, e2, n)
print "Your flag is: ", hex(enc_flag)
print "============Start Games============"
print "Please enter your cipher: "
while True:
s = raw_input()
try:
c = int(s)
except:
m_exit(-1)
m = pow(c, d, n)
print "Your Plaintext is: ", hex(m)
time.sleep(1)
def encrypt():
m = raw_input("请输入明文: ")
p = genPrime(1024)
q = genPrime(1024)
n = p * q
fi = (p - 1) * (q - 1)
i = (p - 1) * (q - 1) - 1
while True:
if gcd(i, (p - 1) * (q - 1)) == 1:
e = i
break
i -= 1
c = pow(s2n(m), e, n)
print "密文: ", c
return p, q, n, e, c
def Quary(i, n):
w = gen_w(n)
l = int(sqrt(n))
assert l**2 == n
p = getPrime(512)
q = getPrime(512)
N = p * q
g = N + 1
rk = (p-1) * (q-1)
u, v = w[i]
r = []
for _ in range(l):
temp_r = randint(1, N-1)
while gcd(temp_r, N) != 1:
temp_r = randint(1, N-1)
r.append(temp_r)
q = []
for i in range(l):
if i+1 == v:
temp_y = g * pow(r[i], N, N**2) % (N**2)
else:
temp_y = pow(r[i], N, N**2)
q.append(temp_y)
return q, rk, N
conn.sendline(str(num))
conn.recvuntil('e, n) = ')
return int(conn.recvuntil('\n').strip())
def enc(num):
return pow(num, 1238497123749102734917340134891703947129083741902, n)
print('********** find n **********')
num = []
for _ in range(10):
r = random.randint(2, 100)
num.append(enc(r)**2 - enc(r**2))
n = gcd(*num)
print(n)
ppqs = (n - phi + 1)**2
pmqs = ppqs - 4 * n
ppq = (n - phi + 1)
pmq = nroot(pmqs, 2)
q = (ppq - pmq) // 2
p = (ppq + pmq) // 2
assert n == p * q
assert phi == (p - 1) * (q - 1)
conn.interactive()
#!/usr/bin/env python
import libnum
res = open("result").readlines()
n = int(res[0].strip())
del res[0]
def common_modulus_attack(c1, c2, e1, e2, n):
s1, s2, _ = libnum.xgcd(e1, e2)
if s1 < 0:
s1 = s1 * -1
c1 = libnum.invmod(c1, n)
if s2 < 0:
s2 = s2 * -1
c2 = libnum.invmod(c2, n)
m = (pow(c1, s1, n) * pow(c2, s2, n)) % n
return m
for i in range(len(res)):
for j in range(len(res)):
if i == j:
continue
if libnum.gcd(int(res[i][:res[i].index("###")]),
int(res[j][:res[j].index("###")])) == 1:
e1 = int(res[i][:res[i].index("###")])
e2 = int(res[j][:res[j].index("###")])
c1 = int(res[i][res[i].index("###") + 3:].strip())
c2 = int(res[j][res[j].index("###") + 3:].strip())
print libnum.n2s(common_modulus_attack(c1, c2, e1, e2, n))
raw_input("#")
#!/usr/bin/python
import base64
import libnum
n1 = 123948613128507245097711825164030080528129311429181946930789480629270692835124562568997437300916285601268900901495788327838386854611883075845387070635813324417496512348003686061832004434518190158084956517800098929984855603216625922341285873495112316366384741709770903928077127611563285935366595098601100940173
n2 = 122890614849300155056519159433849880305439158904289542874766496514523043027349829509818565800562562195671251134947871996792136355514373160369135263766229423623131725044925870918859304353484491601318921285331340604341809979578202817714205469839224620893418109679223753141128229197377934231853172927071087589849
e = 65537
q = libnum.gcd(n1, n2) # calculate gcd to discover a prime factor in common
p = n1 / q
phi = (p - 1) * (q - 1)
c = libnum.s2n(base64.b64decode(open('ciphertext.txt', 'r').read()))
d = libnum.invmod(e, phi)
m = pow(c, d, n1)
print "[+] Flag: " + libnum.n2s(m)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
__Auther__ = 'M4x'
from libnum import gcd
n1=0xb4e9991d2fac12b098b01118d960eb5470261368e7b1ff2da2c66b4302835aa845dd50a4f749fea749c6d439156df6faf8d14ce2a57da3bac542f1843bfc80dfd632e7a2ef96496a660d8c5994aea9e1b665097503558bc2756ab06d362abe3777d8c1f388c8cd1d193955b70053382d330125bdc2cdc836453f1a26cec1021cbb787977336b2300f38c6ba881a93d2a2735f8f0d32ea2d0e9527eb15294dd0867c8030d1f646bd121c01706c247cd1bf4aa209d383ffb748b73ec1688dc71812675834b4b12d27a63b5b8fcc47394d16897ff96af49f39d8d5b247553fbf8fac7be08aab43d9ce5659cd5cfaf7d73edbcfe854d997ae4b28d879adf86641707
# e1=0x10001
# c1=0x3a10c58ed3e8f9eade48dad7d36518dabeeca3d169c848f3b4b2bb027220e13d8b071c55046b14213e966ad9c381e5cad9773d455aa0d36ddff9b9f24873d0979f1caff95d9569e4f312514c7e01979b39c466aa2d27ad521ae3c1ea2025ca2290185b3d79da4f6e4c7e77a70f206bd5c41eec65fd64f86c317b8207ca511b8297b597cb9c24afa652c1f1c7f2d8ca61cf4a63b17df165e4c02dc19578305f276cb81fdfadf0ffc8b86e13297f2692edf7e6324878bb8ca960a050af6b0ada8ba4accd72c7d2c74a41e98d801093e4cc5b1572b8e6be9f270c30759543986180bb4fc6863e14638ea74863dbdd1624cfdedaedb99dfd48901e7d4b486a7b13ea
n2=0xc31344c753e25135d5eed8febaa57dd7020b503a5569bdd4ae6747b5c36436dc1c4d7ead77bfc1034748bcc630636bae1c8f4ca5dee8246b3d6f3e8b14e16487733b14ec8e587e07a7a6de45859d32d241eaf7746c45ff404f1a767ab77e8493ae8141fee0bcf4e9b7c455415b6945fa60de928b01dfa90bbf0d09194f93db7a1663121d281c908f0e38237f63c2b856f99c6029d993f9afb5fbbb762044d97943ff34023486c4cf1db9ffdc439d9f5ff331b606374c7133d61e4614fac3ea7faaf54563338b736282658e7925b224577091831351a28679a8d6f8e7ba16685b2769bb49b79f8054b29c809d68aca0f2c5e3f1fd0e3ef6c21f756e3c44a40439
# e2=0x10001
# c2=0xbefa7d62f15cafc81d098fdd524411537e948d83266ef22848f44d2e43d1f1388a26bb21c8fb08b571c7cbd6630d6f2b409c85c68a6419e472941e4978f60b93e1ce850344dbe99f1918cb5b8c35075bbdca82fa233d1300f108e4b75ce10d7b0ffa145bceffbc7a5204bf9c119f77af191091f25140aedcdd333b631b240ddad3108c96084dffe6e49e04880908fa02c02edb58e2f27919d707151adb6787384ca28050f8d77418cc1733187d7695f57127be8d6174562723679ba39790d7f2306271b9d8f4d2bdde9ed798af00074ec7da3a7f1ffeb4fc6a61804e51c0f92d384dc62b80fd44492588af26ac0185a23f86c46a7ffdec9fcf31b02b08b63001
print "p -> {}".format(gcd(n1, n2))
print "q1 -> {}".format(n1 / gcd(n1, n2))
print "q2 -> {}".format(n2 / gcd(n1, n2))
unzip = subprocess.check_output([
'unzip', '-o', '-P', zippassword, 'almost_almost_almost_almost_there.zip'
])
# get next modulus
l2n = int(
subprocess.check_output([
'openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in',
'almost_almost_almost_there.pub'
]).split('=')[1], 16)
# load ciphertext
l2c = libnum.s2n(open('almost_almost_almost_there.encrypted', 'rb').read())
# layer 2 modulus has common factor with layer 1
l2q = libnum.gcd(l2n, n)
l2p = l2n / l2q
l2phi = (l2p - 1) * (l2q - 1)
l2d = libnum.invmod(e, l2phi)
l2m = pow(l2c, l2d, l2n)
l2zippass = libnum.n2s(l2m)
################### LAYER 3 ######################
print "[*] Solving layer 3: Small q "
unzip = subprocess.check_output(
['unzip', '-o', '-P', l2zippass, 'almost_almost_almost_there.zip'])
l3n = int(
subprocess.check_output([
'openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in',
'almost_almost_there.pub'
]).split('=')[1], 16)
def main(): verify() usage = """ ** ** ** ********** /** /** /** /////**/// /** * /** ***** /** ***** ****** ********** /** ****** /** *** /** **///** /** **///** **////**//**//**//** /** **////** /** **/**/**/******* /**/** // /** /** /** /** /** /** /** /** /**** //****/**//// /**/** **/** /** /** /** /** /** /** /** /**/ ///**//****** ***//***** //****** *** /** /** /** //****** // // ////// /// ///// ////// /// // // // ////// ** ** ****** ********** ******** ******* ******** ** /** /** **////**/////**/// /**///// /**////** **////// **** /** /** ** // /** /** /** /** /** **//** /**********/** /** /******* /******* /********* ** //** /**//////**/** /** /**//// /**///** ////////** ********** /** /**//** ** /** /** /** //** /**/**//////** /** /** //****** /** /** /** //** ******** /** /** // // ////// // // // // //////// // // ******** **//////** ** // ****** ********** ***** /** //////** //**//**//** **///** /** ***** ******* /** /** /**/******* //** ////** **////** /** /** /**/**//// //******** //******** *** /** /**//****** //////// //////// /// // // ////// """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 32 except: print "Token error!" m_exit(-1) p, q, e = gen_key() n = p * q phi_n = (p-1)*(q-1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: try: s = raw_input() c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
else:
p.recvuntil("Decrypted: ")
return int(p.recvuntil("\n", drop=True))
def recvflag():
p.recvuntil("Galf - ")
return int(p.recvuntil("\n", drop=True), 16)
context.log_level = "debug"
p = remote("199.247.6.180", 16001)
c = recvflag()
e = 65537
e_2 = encrypt("\x02")
e_4 = encrypt("\x04")
e_8 = encrypt("\x08")
k1n = (2**e) - e_2
k2n = (4**e) - e_4
k3n = (8**e) - e_8
#print k1n,k2n
n = libnum.gcd(k1n, k2n, k3n)
log.success("n:" + str(n))
res = 1
while not decrypt(c):
temp = pow(2, e, n)
c = (c * libnum.invmod(temp, n)) % n
res *= 2
m = (decrypt(c) * (res)) % n
print libnum.n2s(m)
c1_1 = "2639c28e3609a4a8c953cca9c326e8e062756305ae8aee6efcd346458aade3ee8c2106ab9dfe5f470804f366af738aa493fd2dc26cb249a922e121287f3eddec0ed8dea89747dc57aed7cd2089d75c23a69bf601f490a64f73f6a583081ae3a7ed52238c13a95d3322065adba9053ee5b12f1de1873dbad9fbf4a50a2f58088df0fddfe2ed8ca1118c81268c8c0fd5572494276f4e48b5eb424f116e6f5e9d66da1b6b3a8f102539b690c1636e82906a46f3c5434d5b04ed7938861f8d453908970eccef07bf13f723d6fdd26a61be8b9462d0ddfbedc91886df194ea022e56c1780aa6c76b9f1c7d5ea743dc75cec3c805324e90ea577fa396a1effdafa3090"
c1_2 = "42ff1157363d9cd10da64eb4382b6457ebb740dbef40ade9b24a174d0145adaa0115d86aa2fc2a41257f2b62486eaebb655925dac78dd8d13ab405aef5b8b8f9830094c712193500db49fb801e1368c73f88f6d8533c99c8e7259f8b9d1c926c47215ed327114f235ba8c873af7a0052aa2d32c52880db55c5615e5a1793b690c37efdd5e503f717bb8de716303e4d6c4116f62d81be852c5d36ef282a958d8c82cf3b458dcc8191dcc7b490f227d1562b1d57fbcf7bf4b78a5d90cd385fd79c8ca4688e7d62b3204aeaf9692ba4d4e44875eaa63642775846434f9ce51d138ca702d907849823b1e86896e4ea6223f93fae68b026cfe5fa5a665569a9e3948a"
#n1_1 = 0x11574caaea9fd80017ee2986de85b4939d2e43bd5edf5f84e280198004628303fc0c46030926d701194fd8b6b61fdad9fb996291742dcc181d7a21af22f9834caf7650637e458c616ec725a1396ea1920e78ea1ed70d9a35a2390744943a134c8a8101383386e94db4ff4e809d226cffc84bfa2847a3f4fe08ee9df4bf7a40ebf16a347fe90f09016b8b9d2dfb281b536da1fc4442c7b47f84204b3eed6186f4deab1f71ead8edd8c42fe3d93972c220d8c4eb9aab52600ed168ce51064c49b152e34c6fb83de63a635d421c9664fc78f7388de3d1dde7cd3180951c876f20dcede08280ec6ac284b120615e9e141dac68399035bb71eac8cd2bb866b3a6e007
#n1_2 = 0x0230d7a40a416d8c056c314b7d641bffb1dd007917ba0b215f58f6b68f8285067136aa0f0ce37db354cf61d22af84c8be4160963fcbfb9814f31875b458bfea9cb8aa064e5692894f2cde421b16ee2fba30d0b5d5acd8270af65c5bfdd656733b7170b48583a909560c5811cae775499b813efeb9bbb6a8e9da35bd54c0c6d047d6c28a6442cf69522b02c1609774fd4c19e1841989526f70896227138d0fc8bf3ad4ff92466aafc79dbc2b0b68cde3a810d805fba9db05267b33a39f26ccc06c34de1a6a90a5521f01a1e8e0e1387f6ed51b3970409b7562896dfdbf487337d787e6629d474a73e86dbb934446628dad06a8bc6bded821b9a2361f2f1055d12
n1_1 = bytes_to_num(c1_1.decode('hex'))
n1_2 = bytes_to_num(c1_2.decode('hex'))
e1 = 0x1001
e2 = 0x101
print libnum.xgcd(e1,e2)
xgcd = libnum.xgcd(e1,e2)
n1_1_inv = libnum.invmod(n1_1,n3)
assert (n1_1_inv*n1_1)%n3==1
m = (pow(n1_1_inv,xgcd[0]*-1,n3)*pow(n1_2,xgcd[1],n3))%n3
print m
print libnum.gcd(e1,e2)
assert pow(m,e1,n3)==n1_1
assert pow(m,e2,n3)==n1_2
#print hex(pow(m,e2,n3))
n1 = m
print n1
#n1 = 820928650845870620723398641418430560681156001138735096925030451902417919194443533997091546977591994803076546864089678354698681762386374331300311255855681398660128703679421620966541327377041709407909422433258969486458918135644782166730266421648609176380494526721089557340533459290986717438829332517062112510441791255031169683629746300741131885337863789133958194148147076564652001394063636006538871538841709581230856211101448471200607015180491156127670595948207742541369333765734985482522833859182877386338753929062754028024947469226250613374092460434598257428472528861445143456766204473851110780586998315353287
p1 = libnum.gcd(n1,n2)
p2 = n1/p1
p3 = n2/p1
e = 0x1001
phi_1 = (p1-1)*(p2-1)
phi_2 = (p1-1)*(p3-1)
c1 = "1240198b148089290e375b999569f0d53c32d356b2e95f5acee070f016b3bef243d0b5e46d9ad7aa7dfe2f21bda920d0ac7ce7b1e48f22b2de410c6f391ce7c4347c65ffc9704ecb3068005e9f35cbbb7b27e0f7a18f4f42ae572d77aaa3ee189418d6a07bab7d93beaa365c98349d8599eb68d21313795f380f05f5b3dfdc6272635ede1f83d308c0fdb2baf444b9ee138132d0d532c3c7e60efb25b9bf9cb62dba9833aa3706344229bd6045f0877661a073b6deef2763452d0ad7ab3404ba494b93fd6dfdf4c28e4fe83a72884a99ddf15ca030ace978f2da87b79b4f504f1d15b5b96c654f6cd5179b72ed5f84d3a16a8f0d5bf6774e7fd98d27bf3c9839"
c2 = "129d5d4ab3f9e8017d4e6761702467bbeb1b884b6c4f8ff397d078a8c41186a3d52977fa2307d5b6a0ad01fedfc3ba7b70f776ba3790a43444fb954e5afd64b1a3abeb6507cf70a5eb44678a886adf81cb4848a35afb4db7cd7818f566c7e6e2911f5ababdbdd2d4ff9825827e58d48d5466e021a64599b3e867840c07e29582961f81643df07f678a61a9f9027ebd34094e272dfbdc4619fa0ac60f0189af785df77e7ec784e086cf692a7bf7113a7fb8446a65efa8b431c6f72c14bcfa49c9b491fb1d87f2570059e0f13166a85bb555b40549f45f04bc5dbd09d8b858a5382be6497d88197ffb86381085756365bd757ec3cdfa8a77ba1728ec2de596c5ab"
c1 = int(c1,16)
def modinv(m, N):
from libnum import xgcd, gcd
assert gcd(m, N) == 1
return xgcd(m, N)[0] % N
def test_gcd_list(self):
self.assertEqual(libnum.gcd(100, 75, 150, -325), 25)
self.assertEqual(libnum.gcd(-10, -155, -50), 5)
self.assertEqual(libnum.gcd(-13), 13)
self.assertEqual(libnum.gcd(3, 0, 30), 3)
self.assertRaises(TypeError, libnum.gcd, "qwe")
import libnum from gmpy2 import invert n = 439417435349117077016120256032123563488725871672365713333908767527181506605456996440976092286396217208346517037614291515211713369259652005473745797829519302114014096228493909082933262475682668430515352570340710043923576011229072081864417565564654393154123852582998480004421967973561710348775401627090820082561624574163346724457146411153367379048103923362449689733143553766642049979073854600029473386414761438390648422125304276322690311616660623276480255307700013063370655168193935504657331359380550163431464495433486240621844201555038127878792512290031492000061093453237133536504895049948422086353955762857724850156781994280857003864815967035753799539807280430048953143544729135381005035199528144216366914915579663527988069893306590695520092972880563370537346145253637501387052646675680590628920510946254822851331399843224254394547586424880418687904378274789438020179680711159166212876147547185432499042312287158720759432838187034875075634972002003563189734179053491210369144349588268225221150448827154462668635876553832012979304656482844597655486269149398445556043107571028374638171990230273230291727628205524835210632998076958313384500314940986874085361468623893282047441961797621666131423867384258509862778976666657751356030040047 c1 = 433819607639705710266664415408118685227785023318043464408966216465750463198676135279124462845866999138470641247236684695283528622009068089829541464396249742683972501426375507332135478436883972126246738190884671529589181892330434244546786535414844856902492636515182671365787388411006038214430838590567927395551492633142070871452321831527948581202029688467726417572174472188386271189684284982295013247063416200521850944032308090353177893485184143318463398318577361595630480448599644526672515638448943705848237238461939459558481868533934465653842868295746942849704877815098484785420631917583407475464439928133116816321617482362200514347908334195726672522327873275250252173775348855923996735753997888790306174698268859546178310605295253579413970136784100418369048098185422669116871517314248162557324605258206897023003317229103825900820906732089865736093516945870857246635468811485690074609659343067906581718880877264676145808760888828074326238058402132938047145823469901418656764134606960128842365460977097771412397857915447875529501962743242047476426765640165615599688827221510744624693534704511630020440455848650684337784568409129227425062424172940268460078974079630610711505834513802309887469085674596008519618271929087233694510772818 c2 = 83724904566851840078496210336572116091662664664801892193076750684191998225275129586536713117349502209831236115674956540920283427420709449062398556850377530984192288977067791602406637606155391782165284888113514955317091966736966658674120747019017526067627612711855390757608944963618783096397518955644299711132723248517534675242871830833125295022486287399185142773955980037431762118034724219025729076159288632248470778028903018049578480296150295647871540660990968296530654468172254833706275919709136979831680701151936398827479942606831001019132247782804472010964563033607923846978012367622238945198907028578661031856834925861096025738647105214663386762206042812284486187733266176387464328664979255710768845266708038290907920541782501876537394650011441258953043237733077485175998097194872446432504451283270730627891392446498184459356925841883988220662027319615624668420530354856877871305567046686717349964404137643243402989864266839390618778918821026836359741410784881609846172633295386022298856060285799338958719259766938804531687502882100869752278294498533212528683279296420350233030112440595311501094440341925124189928998518952615978623564616420488870485553995291290375882581541245097342035134458581151189648006321755188856276514827 c3 = 223225973654193074185341934673670717548271466011006003162451988167244043646617334449350534865926222561727552347403026834759100491165146292996221746900332819346451539241588549807589084213078331353077823918346099557030508959267606219497209775761591248414191023956532987220553657104091483783079502280731137371091577523465152779610668691987310973882191252013925996652605143494742733402306280718269879894935172415045814067504146650884443628718911532969755853228638380957718520400103417333061763173036915630307027703685798400248545573356579830043253407873862583991237816020322151176755431917343630215007040682262485462372113845182965816894545203773241606400463786733213942593735748736024680254773008137013860537481718954741583314000838985523353610241733963686192070841191516141988160547714546661865554167966431810940485281843336774203244103912896400070237937057436344219706573370917411542837816436267530542911231332603234632456740573375693765100974080600386086853018631637388531999507606358686787772114128794589456684389087095737225861101713017614091616678955436188000947755813052995983953719044189065124976440553450612195674873717430433394890286761416666325585106227786956407949552740876109207732727933506229200877890487053948532237716454 e = 65537 p = libnum.gcd(c1, n) q = libnum.gcd(c2, n) print(p * q == n) phi = (p - 1) * (q - 1) d = invert(e, phi) m = pow(c3, d, n) print(libnum.n2s(int(m)))
def main(): verify() usage = """ ** ** ** ********** /** /** /** /////**/// /** * /** ***** /** ***** ****** ********** /** ****** /** *** /** **///** /** **///** **////**//**//**//** /** **////** /** **/**/**/******* /**/** // /** /** /** /** /** /** /** /** /**** //****/**//// /**/** **/** /** /** /** /** /** /** /** /**/ ///**//****** ***//***** //****** *** /** /** /** //****** // // ////// /// ///// ////// /// // // // ////// ** ** ****** ********** ******** ******* ******** ** /** /** **////**/////**/// /**///// /**////** **////// **** /** /** ** // /** /** /** /** /** **//** /**********/** /** /******* /******* /********* ** //** /**//////**/** /** /**//// /**///** ////////** ********** /** /**//** ** /** /** /** //** /**/**//////** /** /** //****** /** /** /** //** ******** /** /** // // ////// // // // // //////// // // ******** **//////** ** // ****** ********** ***** /** //////** //**//**//** **///** /** ***** ******* /** /** /**/******* //** ////** **////** /** /** /**/**//// //******** //******** *** /** /**//****** //////// //////// /// // // ////// """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 38 except: print "Token error!" m_exit(-1) p, q, e = gen_key() n = p * q phi_n = (p-1)*(q-1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: try: s = raw_input() c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
def test_gcd_pair():
assert gcd(100, 75) == 25
assert gcd(-10, 155) == 5
assert gcd(30, -77) == 1
assert gcd(0, -77) == 77
assert gcd(0, 0) == 0
assert gcd(13, 0) == 13
assert gcd(0, 13) == 13
with pytest.raises(TypeError):
gcd("qwe", 10)
with pytest.raises(TypeError):
gcd(10, "qwe")
m = pow(c,d,n)
zippassword = libnum.n2s(m)
################### LAYER 2 ######################
print "[*] Solving layer 2: Common factors!"
# unzip layer2
unzip = subprocess.check_output(['unzip','-o','-P',zippassword,'almost_almost_almost_almost_there.zip'])
# get next modulus
l2n = int(subprocess.check_output(['openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in', 'almost_almost_almost_there.pub']).split('=')[1],16)
# load ciphertext
l2c = libnum.s2n(open('almost_almost_almost_there.encrypted','rb').read())
# layer 2 modulus has common factor with layer 1
l2q = libnum.gcd(l2n, n)
l2p = l2n / l2q
l2phi = (l2p - 1 ) * (l2q - 1)
l2d = libnum.invmod(e, l2phi)
l2m = pow(l2c, l2d, l2n)
l2zippass = libnum.n2s(l2m)
################### LAYER 3 ######################
print "[*] Solving layer 3: Small q "
unzip = subprocess.check_output(['unzip','-o','-P',l2zippass,'almost_almost_almost_there.zip'])
l3n = int(subprocess.check_output(['openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in', 'almost_almost_there.pub']).split('=')[1],16)
l3c = libnum.s2n(open('almost_almost_there.encrypted','rb').read())
# small q, factored using ECM method or any simple method
l3q = 54311
#!/usr/bin/python
import base64
import libnum
n1 = 123948613128507245097711825164030080528129311429181946930789480629270692835124562568997437300916285601268900901495788327838386854611883075845387070635813324417496512348003686061832004434518190158084956517800098929984855603216625922341285873495112316366384741709770903928077127611563285935366595098601100940173
n2 = 122890614849300155056519159433849880305439158904289542874766496514523043027349829509818565800562562195671251134947871996792136355514373160369135263766229423623131725044925870918859304353484491601318921285331340604341809979578202817714205469839224620893418109679223753141128229197377934231853172927071087589849
e = 65537
q = libnum.gcd(n1,n2) # calculate gcd to discover a prime factor in common
p = n1 / q
phi = (p-1) * (q - 1)
c = libnum.s2n(base64.b64decode(open('ciphertext.txt','r').read()))
d = libnum.invmod(e,phi)
m = pow(c,d,n1)
print "[+] Flag: " + libnum.n2s(m)
def modinv(m, N):
from libnum import xgcd, gcd
assert gcd(m, N) == 1
return xgcd(m, N)[0] % N
def samod_attack((c1, c2), (e1, e2), N):
from libnum import xgcd, gcd
assert gcd(e1, e2) == 1
assert gcd(e1, N) == 1
assert gcd(e2, N) == 1
[r, s] = xgcd(e1, e2)[0:2]
cc1, cc2 = c1, c2
if r < 0:
r = -r
cc1 = modinv(cc1, N)
if s < 0:
s = -s
cc2 = modinv(cc2, N)
m = pow(cc1, r, N) * pow(cc2, s, N) % N
return m
