def main(cert_path, data_path, offset): mod = get_modulus(cert_path) mod = gmpy.mpz(mod, 16) key_size = int(mod.bit_length() / 16) offset = int(offset, 16) print('Prime should be at offset: %x'%offset) print('Key size: %d\n'%key_size) with open(data_path, 'rb') as f: mm_data = mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ) print('Hexdump of surrounding data:') hexdump(mm_data, max(0, offset - 1024), 2048) p = gmpy.mpz(long(mm_data, offset, key_size)) if gmpy.is_prime(p) and p != mod and mod % p == 0: print('Prime factor found: %s\n'%p) hexbytes = binascii.hexlify(mm_data[offset:offset+key_size]).decode('ascii').upper() hexbytes = re.sub(r'(..)', r'\x\1', hexbytes) print('Prime in greppable ascii: %s\n'%hexbytes) p = gmpy.mpz(p) e = gmpy.mpz(65537) q = gmpy.divexact(mod, p) assert(gmpy.is_prime(q)) phi = (p-1) * (q-1) d = gmpy.invert(e, phi) dp = d % (p - 1) dq = d % (q - 1) qinv = gmpy.invert(q, p) seq = Sequence() for x in [0, mod, e, d, p, q, dp, dq, qinv]: seq.setComponentByPosition (len (seq), Integer (x)) print("\n\n-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n\n"%base64.encodestring(encoder.encode(seq)).decode('ascii')) else: print('Prime factor not found')
def main(cert_path, data_path, offset): mod = get_modulus(cert_path) mod = int(mod, 16) key_size = int(mod.bit_length() / 16) offset = int(offset, 16) print('Prime should be at offset: %x' % offset) print('Key size: %d\n' % key_size) with open(data_path, 'rb') as f: data = f.read() print('Hexdump of surrounding data:') hexdump(data, max(0, offset - 1024), 2048) p = long(data, offset, key_size) if gmpy.is_prime(p) and p != mod and mod % p == 0: print('Prime factor found: %s\n' % p) hexbytes = binascii.hexlify(data[offset:offset + key_size]).decode('ascii').upper() hexbytes = re.sub(r'(..)', r'\x\1', hexbytes) print('Prime in greppable ascii: %s\n' % hexbytes) p = gmpy.mpz(p) e = gmpy.mpz(65537) q = gmpy.divexact(mod, p) phi = (p - 1) * (q - 1) d = gmpy.invert(e, phi) dp = d % (p - 1) dq = d % (q - 1) qinv = gmpy.invert(q, p) seq = Sequence() for x in [0, mod, e, d, p, q, dp, dq, qinv]: seq.setComponentByPosition(len(seq), Integer(x)) print( "\n\n-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n\n" % base64.encodestring(encoder.encode(seq)).decode('ascii')) else: print('Prime factor not found')
def __init__(self, EFp, EFpk, E, P, Q, r, Qp=None, frob=None, gam=None, bet=None): self.E = E #Elliptic Curve (equation) over EFp self.EFp = EFp # Elliptic Curve Group self.Fp = EFp.F # Field of the ECG self.Fp1 = self.Fp.one() self.Fp0 = self.Fp.zero() self.EFpk = EFpk self.Fpk = EFpk.F self.Fpk1 = self.Fpk.one() self.Fpk0 = self.Fpk.zero() self.frobenius = frob self.gamma = gam #self.beta = bet self.P = P # Generator of G1 self.Q = Q # Generator of G2 #self.Qp = Qp self.r = r # This is the order of the subgroups G1, G2 def degext(M, L): '''Return the degree of the extension of M over L (provided M,L are Fields) Assuming M is an extension of L ''' assert isinstance(M, field.Field) and isinstance(L, field.Field) k = 1 while not M.F == M: k = k * (M.deg - 1) M = M.F if M == L: return k k = degext( self.Fpk, self.Fp) # This is the degree of the extension EFpk over EFp q = self.Fp.char - 1 self.e = gmpy.divexact(q**(k) - 1, self.r) self.to_fingerprint = ["E", "EFp", "EFpk", "r"] self.to_export = { "fingerprint": [], "value": ["E", "EFp", "EFpk", "r"] }
def main(cert_path, data_path): mod = get_modulus(cert_path) mod = int(mod, 16) key_size = int(mod.bit_length() / 16) print('Key size: %d' % key_size) with open(data_path, 'rb') as f: data = f.read() print('Data length: %d' % len(data)) length = len(data) - key_size for i in range(length): if i % 100000 == 0: sys.stdout.write(chr(27) + '[%dG' % (1) + chr(27) + '[0K') sys.stdout.write('Progress: %d%%' % (100.0 * i / length)) sys.stdout.flush() if data[i] % 2 == 0: continue p = long(data, i, key_size) mod if p != 0 and p != 1 and p != mod and mod % p == 0: sys.stdout.write(chr(27) + '[%dG' % (1) + chr(27) + '[0K') q = gmpy.divexact(mod, p) print('%s Offset 0x%x:\nq = %s\np = %d\n' % (data_path, i, p, q)) n = gmpy.mpz(mod) q2 = gmpy.mpz(p) e = gmpy.mpz(65537) p2 = gmpy.mpz(q) phi = (p2 - 1) * (q2 - 1) d = gmpy.invert(e, phi) dp = d % (p2 - 1) dq = d % (q2 - 1) qinv = gmpy.invert(q2, p2) seq = Sequence() for x in [0, mod, e, d, p2, q2, dp, dq, qinv]: seq.setComponentByPosition(len(seq), Integer(x)) print( "\n\n-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n\n" % base64.encodestring(encoder.encode(seq)).decode('ascii')) sys.exit(0) sys.stdout.write(chr(27) + '[%dG' % (1) + chr(27) + '[0K')
def __init__(self, EFp, EFpk, E, P, Q, r, Qp=None, frob=None, gam=None, bet = None): self.E = E #Elliptic Curve (equation) over EFp self.EFp = EFp # Elliptic Curve Group self.Fp = EFp.F # Field of the ECG self.Fp1 = self.Fp.one() self.Fp0 = self.Fp.zero() self.EFpk = EFpk self.Fpk = EFpk.F self.Fpk1 = self.Fpk.one() self.Fpk0 = self.Fpk.zero() self.frobenius = frob self.gamma = gam #self.beta = bet self.P = P # Generator of G1 self.Q = Q # Generator of G2 #self.Qp = Qp self.r = r # This is the order of the subgroups G1, G2 def degext(M,L): '''Return the degree of the extension of M over L (provided M,L are Fields) Assuming M is an extension of L ''' assert isinstance(M,field.Field) and isinstance(L,field.Field) k = 1 while not M.F == M: k = k*(M.deg-1) M = M.F if M == L : return k k = degext(self.Fpk,self.Fp) # This is the degree of the extension EFpk over EFp q = self.Fp.char-1 self.e = gmpy.divexact(q**(k)-1,self.r) self.to_fingerprint = ["E","EFp","EFpk","r"] self.to_export = {"fingerprint": [],"value": ["E","EFp","EFpk","r"]}
def main(cert_path, data_path): mod = get_modulus(cert_path) mod = int(mod, 16) key_size = int(mod.bit_length() / 16) print('Key size: %d'%key_size) with open(data_path, 'rb') as f: data = f.read() print('Data length: %d'%len(data)) length = len(data) - key_size for i in range(length): if i % 100000 == 0: sys.stdout.write(chr(27) + '[%dG'%(1) + chr(27) + '[0K') sys.stdout.write('Progress: %d%%'%(100.0*i/length)) sys.stdout.flush() if data[i] % 2 == 0: continue p = long(data, i, key_size) mod if p != 0 and p != 1 and p != mod and mod % p == 0: sys.stdout.write(chr(27) + '[%dG'%(1) + chr(27) + '[0K') q = gmpy.divexact(mod,p) print('%s Offset 0x%x:\nq = %s\np = %d\n'%(data_path, i, p, q)) n = gmpy.mpz(mod) q2 = gmpy.mpz(p) e = gmpy.mpz(65537) p2 = gmpy.mpz(q) phi = (p2-1) * (q2-1) d = gmpy.invert(e, phi) dp = d % (p2 - 1) dq = d % (q2 - 1) qinv = gmpy.invert(q2, p2) seq = Sequence() for x in [0, mod, e, d, p2, q2, dp, dq, qinv]: seq.setComponentByPosition (len (seq), Integer (x)) print("\n\n-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n\n"%base64.encodestring(encoder.encode(seq)).decode('ascii')) sys.exit(0) sys.stdout.write(chr(27) + '[%dG'%(1) + chr(27) + '[0K')
y = ((y * y) % N + c) % N q = q * (abs(x - y)) % N g = gcd(q, N) k = k + m r = r * 2 if g == N: while True: ys = ((ys * ys) % N + c) % N g = gcd(abs(x - ys), N) if g > 1: break return g p = (brent(num)) q = gmpy.divexact(num, p) print(p) print((q)) phin = (p - 1) * (q - 1) d = gmpy.invert(e, phin) print(d) y = pow(c, d, num) print() print() print(y) print()
ns.append(n) if line[:1] == "c": c = int(line[4:]) cs.append(c) if line[:1] == "e": e = int(line[4:]) es.append(e) for i in range(0, len(ns)): for j in range(i, len(ns)): g = gcd(ns[i], ns[j]) if g != ns[i] and g != ns[j]: n1 = ns[i] n2 = ns[j] p = gcd(ns[i], ns[j]) q1 = gmpy.divexact(n1, p) q2 = gmpy.divexact(n2, p) c1 = cs[i] c2 = cs[j] e1 = es[i] e2 = es[j] if p == 1: continue print( "p = {} \n q1 = {} \n q2 = {} \n n1 = {} \n n2 = {} \n c1 = {} \n c2 = {}, e1 = {}, e2 = {}" .format(p, q1, q2, n1, n2, c1, c2, e1, e2)) q = q1 e = e1 phin = (p - 1) * (q - 1) d = gmpy.invert(e, phin) print(d) c = c1