def main():
Kelly = RSA_Oracle_40()
c = Kelly.challenge()
print(c, end='\n\n')
c_0 = c[0][0]
c_1 = c[1][0]
c_2 = c[2][0]
n_0 = c[0][1]
n_1 = c[1][1]
n_2 = c[2][1]
m_s_0 = c[1][1] * c[2][1]
m_s_1 = c[0][1] * c[2][1]
m_s_2 = c[0][1] * c[1][1]
result = (( (c_0 * m_s_0 * invmod(m_s_0, n_0)) ) + \
( (c_1 * m_s_1 * invmod(m_s_1, n_1)) ) + \
( (c_2 * m_s_2 * invmod(m_s_2, n_2)) )) % (n_0 * n_1 * n_2)
m_recovered = round(nthroot(3, result, 1000))
m_rec_dec = m_recovered.to_bytes(128, 'big')
print('recovered', m_rec_dec)
Kelly.validate_response(m_rec_dec[-48:])
def __init__(self, m=b"I'm killing your brain like a poisonous mushroom"):
if type(m) is int:
self.m = m
self.m_len = None
elif type(m) is bytes:
self.m = int.from_bytes(m, 'big')
self.m_len = len(m)
self.message = m
self.npqs = [] # 'Ns, Ps, and Qs'
while len(self.npqs) < 3:
print('try')
p = getPrime(512)
while True:
q = getPrime(512)
if q != p:
break
et = (p - 1) * (q - 1)
g, s, t = eea(et, 3)
if g != 1:
continue
if [p * q, p, q] not in self.npqs:
print('append success')
self.npqs.append([p * q, p, q])
self.ds = [] # 'private decryption key Ds'
for npq in self.npqs:
et = (npq[1] - 1) * (npq[2] - 1)
self.ds.append(invmod(3, et))
self.cs = [] # 'ciphertexts'
self.cs.append(pow(self.m, 3, self.npqs[0][0]))
self.cs.append(pow(self.m, 3, self.npqs[1][0]))
self.cs.append(pow(self.m, 3, self.npqs[2][0]))
def verify(x, r, s):
w = invmod(s, q)
u1 = (w * int.from_bytes(SHA1.new(x.encode()).digest(), 'big')) % q
u2 = (w * r) % q
v = ((pow(g, u1, p) * pow(B, u2, p)) % p) % q
if v == (r % q):
return True
else:
return False
def sign(self, x):
while True:
print('try')
k_ephemeral = randint(2, self.k_pub.q - 1)
remainder, _, _ = eea(k_ephemeral, self.k_pub.p - 1)
if remainder == 1:
break
r = pow(self.k_pub.g, k_ephemeral, self.k_pub.p) % self.k_pub.q
mhash_intified = int.from_bytes(SHA1.new(x).digest(), 'big')
s = ((mhash_intified + (self.b * r)) * invmod(k_ephemeral, self.k_pub.q)) % self.k_pub.q
return r, s
def verify(x, r, s, kpub):
w = invmod(s, kpub.q)
u1 = (w * int.from_bytes(SHA1.new(x.encode()).digest(), 'big')) % kpub.q
u2 = (w * r) % kpub.q
v = ((pow(kpub.g, u1, kpub.p) * pow(kpub.B, u2, kpub.p)) % kpub.p) % kpub.q
# if kpub.g % kpub.p == 1:
# print('term1', pow(kpub.g, u1, kpub.p), 'term2', pow(kpub.B, u2, kpub.p))
# print('v is', v)
if v == (r % kpub.q):
return True
else:
return False
def verify(x, r, s, k):
print('in verify', k.p, '\n', k.g, '\n', k.q, '\n', k.B, '\n')
w = invmod(s, k.q)
mhash_intified = int.from_bytes(SHA1.new(x).digest(), 'big')
u_1 = (w * mhash_intified) % k.q
u_2 = (w * r) % k.q
v = ((pow(k.g, u_1, k.p) * pow(k.B, u_2, k.p)) % k.p) % k.q
print('term1', pow(k.g, u_1, k.p), end='\n\n')
print('term2', pow(k.B, u_2, k.p), end='\n\n')
print('v', v)
print('r', r)
if v == r % k.q:
return True
else:
return False
def __init__(self):
self.m = b'kick it, CC'
# self.m = e64(b'hello\n')
# self.x = int.from_bytes(d64(b'aGVsbG8K'), 'big')
# self.x = 105
print('keypair generation...init')
while True:
try:
print(' try')
self.p = getPrime(128)
self.q = getPrime(128)
if self.q == self.p:
continue
self.n = self.p * self.q
self.et = (self.p - 1) * (self.q - 1)
self.e = 3
# self.e = 65537
g, s, t = eea(self.et,
self.e) # will raise ValueError if gcd != 1
self.d = invmod(self.e, self.et)
# print('n', self.n)
break
except ValueError:
continue
print('keypair gen...OK\n')
print('n', self.n)
print('p', self.p)
print('q', self.q)
print('d', self.d, end='\n\n')
PS_len = 32 - 2 - 1 - len(self.m)
PS = b''
while len(PS) < PS_len:
byte_add = getrandbits(8)
if byte_add == 0:
continue
PS += byte_add.to_bytes(1, 'big')
self.m = b'\x00' + b'\x02' + PS + b'\00' + self.m
assert len(self.m) == 32
self.x = int.from_bytes(self.m, 'big')
self.QUERYCOUNT = 0
def __init__(self):
self.m = b'VGhhdCdzIHdoeSBJIGZvdW5kIHlvdSBkb24ndCBwbGF5IGFyb3VuZCB3aXRoIHRoZSBGdW5reSBDb2xkIE1lZGluYQ=='
# self.m = e64(b'hello\n')
self.x = int.from_bytes(d64(self.m), 'big')
# self.x = int.from_bytes(d64(b'aGVsbG8K'), 'big')
# self.x = 105
while True:
try:
print('try')
self.p = getPrime(512)
self.q = getPrime(512)
if self.q == self.p:
continue
self.n = self.p * self.q
self.et = (self.p - 1) * (self.q - 1)
self.e = 3
# self.e = 65537
g, s, t = eea(self.et,
self.e) # will raise ValueError if gcd != 1
self.d = invmod(self.e, self.et)
break
except ValueError:
continue
print('False')
print('Problem solving...\n\n')
p = 0x800000000000000089e1855218a0e7dac38136ffafa72eda7859f2171e25e65eac698c1702578b07dc2a1076da241c76c62d374d8389ea5aeffd3226a0530cc565f3bf6b50929139ebeac04f48c3c84afb796d61e5a4f9a8fda812ab59494232c7d2b4deb50aa18ee9e132bfa85ac4374d7f9091abc3d015efc871a584471bb1
q = 0xf4f47f05794b256174bba6e9b396a7707e563c5b
g = 0x5958c9d3898b224b12672c0b98e06c60df923cb8bc999d119458fef538b8fa4046c8db53039db620c094c9fa077ef389b5322a559946a71903f990f1f7e0e025e2d7f7cf494aff1a0470f5b64c36b625a097f1651fe775323556fe00b3608c887892878480e99041be601a62166ca6894bdd41a7054ec89f756ba9fc95302291
r = 548099063082341131477253921760299949438196259240
s = 857042759984254168557880549501802188789837994940
try:
for k_ephemeral in range(2**16 - 1):
r_bruteforce = pow(g, k_ephemeral, p) % q
if r_bruteforce == r:
k_e = k_ephemeral
break
print('Ephemeral key: ' + str(k_e))
except:
print('kaboom')
x = b'For those that envy a MC it can be hazardous to your health\nSo be friendly, a matter of life and death, just like a etch-a-sketch\n'
d = (((s * k_e) - int.from_bytes(SHA1.new(x).digest(), 'big')) * invmod(r, q)) % q
print('Private key: ' + str(d))
if SHA1.new(hex(d)[2:].encode()).hexdigest() == challenge:
print('huzzah')
else:
print('kaboom')
def sign(self, x, k_ephemeral):
r = pow(g, k_ephemeral, p) % q
mhash_intified = int.from_bytes(SHA1.new(x.encode()).digest(), 'big')
s = ((mhash_intified + ((self.d * r))) * invmod(k_ephemeral, q)) % q
return r, s
# if pow(g, 16575, p) % q == r43:
# print('eph ok')
# else:
# print('eph panic')
# exit()
# if verify(m43, r43, s43):
# print('okay!')
# else:
# print('panic!')
# exit()
for i in range(len(data) - 1):
for j in range(i + 1, len(data)):
m1 = int.from_bytes(unhexlify(data[i].m.encode()), 'big')
m2 = int.from_bytes(unhexlify(data[j].m.encode()), 'big')
s_inv = invmod(((data[i].s - data[j].s) % q), q)
k_ephemeral_candidate = (((m1 - m2) % q) * s_inv) % q
d_candy = (((data[i].s * k_ephemeral_candidate) -
int.from_bytes(unhexlify(data[i].m.encode()), 'big')) *
invmod(data[i].r, q)) % q
gal = Entity_44(d_candy)
try:
r_, s_ = gal.sign(data[i].msg, k_ephemeral_candidate)
if s_ == data[i].s:
print('probable key ' + str(d_candy) + ' from i=' +
str(i) + ' and j=' + str(j))
if SHA1.new(hex(d_candy)
[2:].encode()).hexdigest() == challenge:
print('huzzah')
# g = 0, cont'd.
# Arbitrary m, regardless of (r, s)
if verify('Hello, world', r, s, kpub=my.keypub):
print('uh-oh.')
if verify('Goodbye, world', r, s, kpub=my.keypub):
print('uh-oh.')
# g = p + 1
print('\n\n')
my = DSA_45(d=None, pk=K_PUB(None, None, g2, None))
r, s = my.sign(m1, 16575)
print('r, s', r, s)
if verify(m1, r, s, kpub=my.keypub):
print('g = p + 1 sign and verify. sanity check PASS')
else:
print('wtf mate')
print('\n\n')
z = randint(2, my.keypub.q - 1)
r = pow(g2, z, my.keypub.p) % my.keypub.q
s = (r * invmod(z, my.keypub.q)) % my.keypub.q
if verify('Hello, world', r, s, my.keypub):
print('uh-oh2.')
else:
print('not yet2')
if verify('Goodbye, world', r, s, my.keypub):
print('uh-oh2.')
else:
print('not yet2')