def sqrt_chained_fractions(n, limit=None):
'''
E.g. sqrt_chained_fractions(13) = [3,(1,1,1,1,6)]
'''
s = nroot(n, 2)
if s**2 == n:
return [s]
res = []
ps = 1, 0, 1
seen = {ps: 0}
while limit != 0:
v, ps = sqrt_iter(n, s, *ps)
res.append(v)
if ps in seen:
pos = seen[ps]
period = tuple(res[pos:])
res = res[:pos]
res.append(period)
return res
else:
seen[ps] = len(res)
if limit is not None:
limit -= 1
return res
def sqrt_chained_fractions(n, limit=None):
'''
E.g. sqrt_chained_fractions(13) = [3,(1,1,1,1,6)]
'''
s = nroot(n, 2)
if s**2 == n:
return [s]
res = []
ps = 1, 0, 1
seen = {ps: 0}
while limit != 0:
v, ps = sqrt_iter(n, s, *ps)
res.append(v)
if ps in seen:
pos = seen[ps]
period = tuple(res[pos:])
res = res[:pos]
res.append(period)
return res
else:
seen[ps] = len(res)
if limit is not None:
limit -= 1
return res
def test_nroot(self):
for x in range(0, 100):
for p in range(1, 3):
n = x ** p
self.assertEqual(libnum.nroot(n, p), x)
self.assertEqual(libnum.nroot(-64, 3), -4)
self.assertEqual(libnum.nroot(100, 2), 10)
self.assertEqual(libnum.nroot(999, 3), 9)
self.assertEqual(libnum.nroot(1000, 3), 10)
self.assertEqual(libnum.nroot(1001, 3), 10)
self.assertRaises(ValueError, libnum.nroot, 100, -1)
self.assertRaises(ValueError, libnum.nroot, -100, 4)
self.assertRaises(ValueError, libnum.nroot, 1, 0)
self.assertRaises(TypeError, libnum.nroot, "qwe")
#!/usr/bin/env python import libnum e = 3 c1 = 261345950255088824199206969589297492768083568554363001807292202086148198540785875067889853750126065910869378059825972054500409296763768604135988881188967875126819737816598484392562403375391722914907856816865871091726511596620751615512183772327351299941365151995536802718357319233050365556244882929796558270337 n1 = 1001191535967882284769094654562963158339094991366537360172618359025855097846977704928598237040115495676223744383629803332394884046043603063054821999994629411352862317941517957323746992871914047324555019615398720677218748535278252779545622933662625193622517947605928420931496443792865516592262228294965047903627 c2 = 147535246350781145803699087910221608128508531245679654307942476916759248311896958780799558399204686458919290159543753966699893006016413718139713809296129796521671806205375133127498854375392596658549807278970596547851946732056260825231169253750741639904613590541946015782167836188510987545893121474698400398826 n2 = 405864605704280029572517043538873770190562953923346989456102827133294619540434679181357855400199671537151039095796094162418263148474324455458511633891792967156338297585653540910958574924436510557629146762715107527852413979916669819333765187674010542434580990241759130158992365304284892615408513239024879592309 c3 = 633230627388596886579908367739501184580838393691617645602928172655297372145912724695988151441728614868603479196153916968285656992175356066846340327304330216410957123875304589208458268694616526607064173015876523386638026821701609498528415875970074497028482884675279736968611005756588082906398954547838170886958 n3 = 1204664380009414697639782865058772653140636684336678901863196025928054706723976869222235722439176825580211657044153004521482757717615318907205106770256270292154250168657084197056536811063984234635803887040926920542363612936352393496049379544437329226857538524494283148837536712608224655107228808472106636903723 key = libnum.solve_crt((c1, c2, c3), (n1, n2, n3)) m = libnum.nroot(int(key), 3) print libnum.n2s(m)
import libnum N = 247157208312655169175097941364280738161257111976460225724719907081110265510517450181419502794457206227461600647913804553439171851865273449559295717229024951735351965745325255241561391509015823198303928588939850683031392486366218841593013566932215141428061199015117025898704736991786081007198271335363347647516874679013119543722851148642512142186199102168074461255284546705588056994149297326331376082141145137980534967406372164077378650248545875219877244489040506317293082270408705203779841533080244655519849164084793887915122847280359452339072498784918027724621588636245527176960457003310429876627882173282069366037431766179722648353575718417895929519296072344510519198593252963273537190447967056699273665756186541135880261688073100218736960343554003491651502334045257343825793705434779809139021362473746587814528428007114308414633338220797896397738142172067161950968365434368211510967904096253326804711795198906393597153228365711080786247894858858419136771806150038968465644512536135428099037524022644906606239281576512245480765249280626544900781649017542649977530381598608436485399917576052247750573936190833224008929770080605906041913084656134359260509037195783858871830359437278131656343708211575987756873026171223324073191307367943843353573378426157170935012284820053625264544030714057464690450568057598110227083895395913850243271935830358181622027323185508807486853971929523201869477689585619024238113916052252320578711256593537267591407960305853736136636628575478996733430026632486500743561965770413140633948002705696925426367918545515713035754606128166993229587155817506068035187995926746472892280477401942441831391756895131543049750847590716935278314226902082626392655666615086297442052602217416486188297831289978272258543231414975069191549588547253936829655332588805672513945883351937495650167502066292697223592894483418517613405613285519159 c = 152721025887735064764471379084548069204525956728140596238274397757947415316727016281416993518884790524343567541799262176820909148208728616947040227306302164641933331109468512979068186962047716308015535717796123080303496277784765187481185086876434873226524784636408104495312136956587251145463229424950634548624036265557622592089071331292811066840281494102799063634204855779210798330603868025111521826209601342683209160845433746624786171189961029265101816540639855230011618388675527443511618729301028631422873421421991470450059414988968787693753741941765791793672069240992955177930884210118700416564364129283739917229225845073750451244070534919112957275948312337882004219145847493047815403283126471638320784008475284616178697542301935170768573588093196019976675846311280356987370969400610196847990069257614148181804915868273001764028563852238142447411811579695265293746037324400494199877368049162903819737962946786971556872009326814914717430484711885484790156341127433550909206551293806568904858726942820132521566970376839336895645431303013575622422180179687172859250687080526393904583834607514619581478966664406178290247731116920836372943133394640322159512633671870473674514938423231596849301615200001553851411828993918474534316510609878376462094608058640335426907349648369552864820322464995077358198844334320833893207364879282292959161203675080110629771237503657412087961891443054530286088807186134851425688726147108076040204500951624929585070273336203814962656253259257806100191430918121713005141607192112560560371475173081441671613602480052062955279287813475764285469835557663176529059039540417149792518941598550609678298901186032272305421028365295602810159191055078633881059737011784127699357480578433240110432805495328517379885306237631225477566136721077348329866885731002878563684349453668924250445128775992616650275173644658245397235667490402628 e = 65537 print libnum.nroot(27, 2) """ for k in range(100000000): diet = k*k + 40 * N temp = libnum.nroot(diet,2) if temp * temp == diet: print "find" print k break""" k = 1171 diet = k * k + 40 * N p = (-k + libnum.nroot(diet, 2)) / (2 * 10) q = N / p assert p * q == N phi = (p - 1) * (q - 1) d = libnum.invmod(e, phi) print libnum.n2s(pow(c, d, N))
import libnum
from IPython import embed
import pickle
print('[*] Loading data')
with open('pair.pkl', 'rb') as f:
data = pickle.load(f)
Cs, Ns = zip(*data)
print('[*] Solving CRT')
s = libnum.solve_crt(Cs, Ns)
print('[*] Solving Root')
k = libnum.nroot(s, 217)
print('[+] Flag (hex):')
print('[>] ' + hex(k))
print('[+] Flag:')
k = libnum.n2s(k)
print('[>] ' + k)
def is_root(x):
if pow(nroot(x, 3), 3) == x:
return True
return False
# exploit = binascii.b2a_hex(sig)
# print exploit
# mmmm = "0001367927199750dbc1feaea40f044d426322390e3a8ae88957ceb94bdd8602fcfec8a3d0a7c248e1ea6e9f".decode('hex')
# print len(mmmm)
# print verify1(mmmm, message)
# print rVerify(sig, message)
message = "0YMrY4ZuMYU2YhoTZTSZROgC0HTQNI6M".encode("ASCII")
message_hash = hashlib.sha512(message).digest()
ASN1_blob = rsa.pkcs1.HASH_ASN1['SHA-512']
suffix = b'\x00' + ASN1_blob + message_hash
sig_suffix = 1
for b in range(len(suffix) * 8):
if get_bit(sig_suffix**3, b) != get_bit(from_bytes(suffix), b):
sig_suffix = set_bit(sig_suffix, b, 1)
while True:
prefix = b'\x00\x01' + os.urandom(1024 / 8 - 2)
sig_prefix = to_bytes(nroot(from_bytes(prefix),
3))[:-len(suffix)] + b'\x00' * len(suffix)
sig = sig_prefix[:-len(suffix)] + to_bytes(sig_suffix)
if b'\x00' not in to_bytes(from_bytes(sig)**3)[:-len(suffix)]: break
exploit = binascii.b2a_hex(sig)
print "message : 0YMrY4ZuMYU2YhoTZTSZROgC0HTQNI6M"
print "hash: %s" % message_hash.encode('hex')
print "exploit : ", exploit
print rVerify(message, sig)
def attackRSA():
# lecture de la cle publique du destinataire 1
print("[+] Lecture de la cle publique 1")
f1 = open("pubkey1.pem", "r")
s1 = f1.read()
pkey1 = RSA.importKey(s1)
e1 = pkey1.e
n1 = pkey1.n
# lecture de la cle publique du destinataire 2
print("[+] Lecture de la cle publique 2")
f2 = open("pubkey2.pem", "r")
s2 = f2.read()
pkey2 = RSA.importKey(s2)
e2 = pkey2.e
n2 = pkey2.n
# lecture de la cle publique du destinataire 3
print("[+] Lecture de la cle publique 3")
f3 = open("pubkey3.pem", "r")
s3 = f3.read()
pkey3 = RSA.importKey(s3)
e3 = pkey3.e
n3 = pkey3.n
# Lecture des enveloppes
print("[+] Lecture de l'enveloppe chiffree 1")
enveloppe1bin = open("enveloppe1.bin", "rb")
dataenveloppe1bin = enveloppe1bin.read()
print("[+] Conversion du binaire en entier du fichier chiffre 1")
c1 = convertBytesToInt(dataenveloppe1bin)
print("[+] Lecture de l'enveloppe chiffree 2")
enveloppe2bin = open("enveloppe2.bin", "rb")
dataenveloppe2bin = enveloppe2bin.read()
print("[+] Conversion du binaire en entier du fichier chiffre 2")
c2 = convertBytesToInt(dataenveloppe2bin)
print("[+] Lecture de l'enveloppe chiffree 3")
enveloppe3bin = open("enveloppe3.bin", "rb")
dataenveloppe3bin = enveloppe3bin.read()
print("[+] Conversion du binaire en entier du fichier chiffre 3")
c3 = convertBytesToInt(dataenveloppe3bin)
# application du theoreme des restes chinois pour trouver result = m^3
#crt = libnum.solve_crt([c1,c2,c3], [n1,n2,n3])
N = n1 * n2 * n3
m1 = n2 * n3
m2 = n1 * n3
m3 = n1 * n2
result = ((c1 * m1 * libnum.invmod(m1, n1)) +
(c2 * m2 * libnum.invmod(m2, n2)) +
(c3 * m3 * libnum.invmod(m3, n3))) % N
# calcul de la racine cubique de m^3 pour obtenir m
m = libnum.nroot(result, 3)
# Calcul et ecriture du message
print("[+] Conversion de l'entier en binaire du fichier clair")
decoded = convertIntToBytes(m)
print("[+] Ecriture du fichier clair dans message.txt\n")
message = open("symmetric_key.txt", "wb")
message.write(decoded)
from Crypto.Util import Counter
from Crypto.PublicKey import RSA
import libnum
from pwn import *
import base64
with open('pubkey.pem') as f:
key = f.read()
rsakey = RSA.importKey(key)
n = rsakey.n
e = rsakey.e
with open('key.enc') as f:
key = f.read()
enc_key = int(key)
#print enc_key
print libnum.nroot(27, 3)
for i in range(1000000):
temp = enc_key + i * n
n_root = libnum.nroot(temp, e)
if pow(n_root, e, n) == enc_key:
print "find"
print n_root
res = n_root
break
assert pow(res, e, n) == enc_key
key = libnum.n2s(res)
print key, len(key)
with open('file.enc') as f:
file = f.read()
enc_file = base64.b64decode(file)
print enc_file, len(enc_file)
#!/usr/bin/env python import libnum n1 = 95118357989037539883272168746004652872958890562445814301889866663072352421703264985997800660075311645555799745426868343365321502734736006248007902409628540578635925559742217480797487130202747020211452620743021097565113059392504472785227154824117231077844444672393221838192941390309312484066647007469668558141 n2 = 98364165919251246243846667323542318022804234833677924161175733253689581393607346667895298253718184273532268982060905629399628154981918712070241451494491161470827737146176316011843738943427121602324208773653180782732999422869439588198318422451697920640563880777385577064913983202033744281727004289781821019463 n3 = 68827940939353189613090392226898155021742772897822438483545021944215812146809318686510375724064888705296373853398955093076663323001380047857809774866390083434272781362447147441422207967577323769812896038816586757242130224524828935043187315579523412439309138816335569845470021720847405857361000537204746060031 c1 = 64830446708169012766414587327568812421130434817526089146190136796461298592071238930384707543318390292451118980302805512151790248989622269362958718228298427212630272525186478627299999847489018400624400671876697708952447638990802345587381905407236935494271436960764899006430941507608152322588169896193268212007 c2 = 96907490717344346588432491603722312694208660334282964234487687654593984714144825656198180777872327279250667961465169799267405734431675111035362089729249995027326863099262522421206459400405230377631141132882997336829218810171728925087535674907455584557956801831447125486753515868079342148815961792481779375529 c3 = 43683874913011746530056103145445250281307732634045437486524605104639785469050499171640521477036470750903341523336599602288176611160637522568868391237689241446392699321910723235061180826945464649780373301028139049288881578234840739545000338202917678008269794179100732341269448362920924719338148857398181962112 m = libnum.n2s(libnum.nroot(int(libnum.solve_crt((c1,c2,c3),(n1,n2,n3))),3)) print m
from sympy import *
from libnum import nroot, invmod
from gmpy2 import next_prime
e = 65537
n = 22001778874542774315484392481115711539281104740723517828461360611903057304469869336789715900703500619163822273767393143914615001907123143200486464636351989898613180095341102875678204218769723325121832871221496816486100959384589443689594053640486953989205859492780929786509801664036223045197702752965199575588498118481259145703054094713019549136875163271600746675338534685099132138833920166786918380439074398183268612427028138632848870032333985485970488955991639327
c = 1067382668222320523824132555613324239857438151855225316282176402453660987952614935478188752664288189856467574123997124118639803436040589761488611318906877644244524931837804614243835412551576647161461088877884786181205274671088951504353502973964810690277238868854693198170257109413583371510824777614377906808757366142801309478368968340750993831416162099183649651151826983793949933939474873893278527484810417812120138131555544749220438456366110721231219155629863865
# p * q1 * q2 = 12p**3
upper = nroot(n, 3)
lower = 0
while True:
mid = (upper + lower) // 2
print(mid)
p = mid
q1 = next_prime(2 * p)
q2 = next_prime(3 * q1)
tn = p * q1 * q2
print(tn, n)
if tn > n:
upper = mid
if tn < n:
lower = mid
if tn == n:
print(f"find p : {p}")
phi = (p - 1) * (q1 - 1) * (q2 - 1)
d = invmod(e, phi)
m = pow(c, d, n)
print(f"m = {m}")
def test_nroot():
for x in range(0, 100):
for p in range(1, 3):
n = x**p
assert nroot(n, p) == x
assert nroot(-64, 3) == -4
assert nroot(100, 2) == 10
assert nroot(999, 3) == 9
assert nroot(1000, 3) == 10
assert nroot(1001, 3) == 10
with pytest.raises(ValueError):
nroot(100, -1)
with pytest.raises(ValueError):
nroot(-100, 4)
with pytest.raises(ValueError):
nroot(1, 0)
with pytest.raises(TypeError):
nroot("qwe")
print('********** find n **********')
num = []
for _ in range(10):
r = random.randint(2, 100)
num.append(enc(r)**2 - enc(r**2))
n = gcd(*num)
print(n)
ppqs = (n - phi + 1)**2
pmqs = ppqs - 4 * n
ppq = (n - phi + 1)
pmq = nroot(pmqs, 2)
q = (ppq - pmq) // 2
p = (ppq + pmq) // 2
assert n == p * q
assert phi == (p - 1) * (q - 1)
conn.interactive()
factors = factordb()
cs = []
ns = []
for k, v in factors:
ns.append(pow(k, v))
cs.append(1)
#!/usr/bin/env python
import libnum
print libnum.n2s(
libnum.nroot(
libnum.solve_crt((c1, c2, c3, c4, c5, c6, c7),
(n1, n2, n3, n4, n5, n6, n7)), 7))
