def GetED(p, q): k = CalBit(q * p) phi_n = (p - 1) * (q - 1) r = random.randint(10, 99) while True: u = getPrime(k / 4 - r) if gcd(u, phi_n) != 1: continue t = invmod(u, phi_n) e = PiB(t) if gcd(e, phi_n) == 1: break d = invmod(e, phi_n) return (e, d)
def divide_pq(ed, n): # ed = e*d k = ed - 1 while True: g = random.randint(3, n - 2) t = k while True: if t % 2 != 0: break t /= 2 x = pow(g, t, n) if x > 1 and gcd(x - 1, n) > 1: p = gcd(x - 1, n) return (p, n / p)
def get_ed(p, q): k = cal_bit(q*p) phi_n = (p-1)*(q-1) r = random.randint(10, 99) while True: u = getPrime(k/4 - r) if gcd(u, phi_n) != 1: continue t = invmod(u, phi_n) e = pi_b(t) if gcd(e, phi_n) == 1: break d = invmod(e, phi_n) return (e, d)
def divide_pq(ed, n): # ed = e*d k = ed - 1 while True: g = random.randint(3, n-2) t = k while True: if t % 2 != 0: break t /= 2 x = pow(g, t, n) if x > 1 and gcd(x-1, n) > 1: p = gcd(x-1, n) return (p, n/p)
def get_ed(p, q): k = cal_bit(q * p) phi_n = (p - 1) * (q - 1) r = random.randint(10, 99) while True: u = getPrime(k / 4 - r) if gcd(u, phi_n) != 1: continue t = invmod(u, phi_n) e = pi_b(t) if gcd(e, phi_n) == 1: break d = invmod(e, phi_n) return (e, d)
def rsa(e, n, p, q, c): from libnum import n2s, xgcd, gcd assert p * q == n phi = (p - 1) * (q - 1) assert gcd(e, phi) == 1 d = xgcd(e, phi)[0] % phi return n2s(pow(c, d, n))
def check_valid(key): n = key[0] * key[1] tn = (key[0] - 1) * (key[1] - 1) return True if libnum.gcd(3, tn) == 1: return True else: return False
def Enc(m, p, g, y): k = random.randint(1, p - 2) while (not libnum.gcd(k, p - 1) == 1): k = random.randint(0, p - 1) u = fastPowMod(g, k, p) v = pow(m * fastPowMod(y, k, p), 1, p) c = str(u) + "," + str(v) return c
def check_valid(key): n = key[0] * key[1] tn = (key[0]-1)*(key[1]-1) return True if libnum.gcd(3, tn) == 1: return True else: return False
def comfact_cn(N, c): log.debug('factor N: try Common factor between ciphertext and modulus attack') # Try an attack where the public key has a common factor with the ciphertext - sourcekris if c: commonfactor = libnum.gcd(N, c) if commonfactor > 1: q = commonfactor p = N / q return p, q
def test_euclid(self): for b in range(1, 1000, 13): for a in range(1, 1000, 7): g = libnum.gcd(a, b) x, y, g2 = libnum.xgcd(a, b) self.assertEqual(g, g2) self.assertEqual(a * x + b * y, g) self.assertEqual(libnum.xgcd(0, 10)[1:], (1, 10)) self.assertEqual(libnum.xgcd(10, 0)[0::2], (1, 10)) self.assertEqual(libnum.xgcd(0, 0)[2], 0) self.assertRaises(TypeError, libnum.xgcd, "qwe", 10) self.assertRaises(TypeError, libnum.xgcd, 10, "qwe")
def gen_key(): while True: p = getPrime(k/2) if gcd(e, p-1) == 1: break q_t = getPrime(k/2) n_t = p * q_t t = get_bit(n_t, k/16, 1) y = get_bit(n_t, 5*k/8, 0) p4 = get_bit(p, 5*k/16, 1) u = pi_b(p4, 1) n = bytes_to_long(long_to_bytes(t) + long_to_bytes(u) + long_to_bytes(y)) q = n / p if q % 2 == 0: q += 1 while True: if isPrime(q) and gcd(e, q-1) == 1: break m = getPrime(k/16) + 1 q ^= m return (p, q, e)
def common_modulus(n, e1, e2, c1, c2): """ ref: ∵gcd(e1,e2)==1,∴由扩展欧几里得算法,存在e1*s1+e2*s2==1 ∴m==m^1==m^(e1*s1+e2*s2)==((m^e1)^s1)*((m^e2)^s2)==(c1^s1)*(c2^s2) """ assert (libnum.gcd(e1, e2) == 1) _, s1, s2 = gmpy2.gcdext(e1, e2) # 若s1<0,则c1^s1==(c1^-1)^(-s1),其中c1^-1为c1模n的逆元。 m = pow(c1, s1, n) if s1 > 0 else pow(gmpy2.invert(c1, n), -s1, n) m *= pow(c2, s2, n) if s2 > 0 else pow(gmpy2.invert(c2, n), -s2, n) return m % n
def test_gcd_list(): assert gcd(100, 75, 150, -325) == 25 assert gcd(-10, -155, -50) == 5 assert gcd(-13) == 13 assert gcd(3, 0, 30) == 3 with pytest.raises(TypeError): gcd("qwe")
def test_has_invmod(self): for modulus in range(2, 1000, 31): for a in range(2, modulus, 5): if libnum.has_invmod(a, modulus): x = libnum.invmod(a, modulus) self.assertEqual((a * x) % modulus, 1) else: self.assertNotEqual(libnum.gcd(a, modulus), 1) self.assertRaises(ValueError, libnum.has_invmod, 1, 1) self.assertRaises(ValueError, libnum.has_invmod, 1, 0) self.assertRaises(ValueError, libnum.has_invmod, 1, -100) self.assertRaises(TypeError, libnum.has_invmod, "qwe", 10) self.assertRaises(TypeError, libnum.has_invmod, 10, "qwe")
def sqrt_iter(n, s, t, a, b): ''' take t*(sqrt(n)+a)/b s = floor(sqrt(n)) return (v, next fraction params t, a, b) ''' v = t * (s + a) / b t2 = b b2 = t * (n - (b * v - a)**2) a2 = b * v - a g = gcd(t2, b2) t2 /= g b2 /= g return v, (t2, a2, b2)
def test_gcd_pair(self): self.assertEqual(libnum.gcd(100, 75), 25) self.assertEqual(libnum.gcd(-10, 155), 5) self.assertEqual(libnum.gcd(30, -77), 1) self.assertEqual(libnum.gcd(0, -77), 77) self.assertEqual(libnum.gcd(0, 0), 0) self.assertEqual(libnum.gcd(13, 0), 13) self.assertRaises(TypeError, libnum.gcd, "qwe", 10) self.assertRaises(TypeError, libnum.gcd, 10, "qwe")
def main(): verify() usage = """ 01010111 01100101 01101100 01100011 01101111 01101101 01110100 01101111 00110010 00110000 00110001 00110110 01001000 01000011 01010100 01000110 01010010 01010011 01000001 01000100 01100101 01100011 01101111 01100100 01100101 01010011 01111001 01110011 01110100 01100101 01101101 """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 38 except: print "Token error!" m_exit(-1) spub, spriv = get_pkey() # Generation p, q p, q = GetPrimes(spub, spriv) n = p * q phi_n = (p-1)*(q-1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "In this Game, Your public key:" print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: s = raw_input() try: c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
def main(): verify() usage = """ 01010111 01100101 01101100 01100011 01101111 01101101 01110100 01101111 00110010 00110000 00110001 00110110 01001000 01000011 01010100 01000110 01010010 01010011 01000001 01000100 01100101 01100011 01101111 01100100 01100101 01010011 01111001 01110011 01110100 01100101 01101101 """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 38 except: print "Token error!" m_exit(-1) spub, spriv = get_pkey() # Generation p, q p, q = GetPrimes(spub, spriv) n = p * q phi_n = (p - 1) * (q - 1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "In this Game, Your public key:" print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: s = raw_input() try: c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
def encrypt(): m = raw_input("请输入明文: ") p = genPrime(1024) q = genPrime(1024) n = p * q fi = (p - 1) * (q - 1) i = (p - 1) * (q - 1) - 1 while True: if gcd(i, (p - 1) * (q - 1)) == 1: e = i break i -= 1 c = pow(s2n(m), e, n) print "密文: ", c return p, q, n, e, c
def Quary(i, n): w = gen_w(n) l = int(sqrt(n)) assert l**2 == n p = getPrime(512) q = getPrime(512) N = p * q g = N + 1 rk = (p-1) * (q-1) u, v = w[i] r = [] for _ in range(l): temp_r = randint(1, N-1) while gcd(temp_r, N) != 1: temp_r = randint(1, N-1) r.append(temp_r) q = [] for i in range(l): if i+1 == v: temp_y = g * pow(r[i], N, N**2) % (N**2) else: temp_y = pow(r[i], N, N**2) q.append(temp_y) return q, rk, N
conn.sendline(str(num)) conn.recvuntil('e, n) = ') return int(conn.recvuntil('\n').strip()) def enc(num): return pow(num, 1238497123749102734917340134891703947129083741902, n) print('********** find n **********') num = [] for _ in range(10): r = random.randint(2, 100) num.append(enc(r)**2 - enc(r**2)) n = gcd(*num) print(n) ppqs = (n - phi + 1)**2 pmqs = ppqs - 4 * n ppq = (n - phi + 1) pmq = nroot(pmqs, 2) q = (ppq - pmq) // 2 p = (ppq + pmq) // 2 assert n == p * q assert phi == (p - 1) * (q - 1) conn.interactive()
#!/usr/bin/env python import libnum res = open("result").readlines() n = int(res[0].strip()) del res[0] def common_modulus_attack(c1, c2, e1, e2, n): s1, s2, _ = libnum.xgcd(e1, e2) if s1 < 0: s1 = s1 * -1 c1 = libnum.invmod(c1, n) if s2 < 0: s2 = s2 * -1 c2 = libnum.invmod(c2, n) m = (pow(c1, s1, n) * pow(c2, s2, n)) % n return m for i in range(len(res)): for j in range(len(res)): if i == j: continue if libnum.gcd(int(res[i][:res[i].index("###")]), int(res[j][:res[j].index("###")])) == 1: e1 = int(res[i][:res[i].index("###")]) e2 = int(res[j][:res[j].index("###")]) c1 = int(res[i][res[i].index("###") + 3:].strip()) c2 = int(res[j][res[j].index("###") + 3:].strip()) print libnum.n2s(common_modulus_attack(c1, c2, e1, e2, n)) raw_input("#")
#!/usr/bin/python import base64 import libnum n1 = 123948613128507245097711825164030080528129311429181946930789480629270692835124562568997437300916285601268900901495788327838386854611883075845387070635813324417496512348003686061832004434518190158084956517800098929984855603216625922341285873495112316366384741709770903928077127611563285935366595098601100940173 n2 = 122890614849300155056519159433849880305439158904289542874766496514523043027349829509818565800562562195671251134947871996792136355514373160369135263766229423623131725044925870918859304353484491601318921285331340604341809979578202817714205469839224620893418109679223753141128229197377934231853172927071087589849 e = 65537 q = libnum.gcd(n1, n2) # calculate gcd to discover a prime factor in common p = n1 / q phi = (p - 1) * (q - 1) c = libnum.s2n(base64.b64decode(open('ciphertext.txt', 'r').read())) d = libnum.invmod(e, phi) m = pow(c, d, n1) print "[+] Flag: " + libnum.n2s(m)
#!/usr/bin/env python # -*- coding: utf-8 -*- __Auther__ = 'M4x' from libnum import gcd n1=0xb4e9991d2fac12b098b01118d960eb5470261368e7b1ff2da2c66b4302835aa845dd50a4f749fea749c6d439156df6faf8d14ce2a57da3bac542f1843bfc80dfd632e7a2ef96496a660d8c5994aea9e1b665097503558bc2756ab06d362abe3777d8c1f388c8cd1d193955b70053382d330125bdc2cdc836453f1a26cec1021cbb787977336b2300f38c6ba881a93d2a2735f8f0d32ea2d0e9527eb15294dd0867c8030d1f646bd121c01706c247cd1bf4aa209d383ffb748b73ec1688dc71812675834b4b12d27a63b5b8fcc47394d16897ff96af49f39d8d5b247553fbf8fac7be08aab43d9ce5659cd5cfaf7d73edbcfe854d997ae4b28d879adf86641707 # e1=0x10001 # c1=0x3a10c58ed3e8f9eade48dad7d36518dabeeca3d169c848f3b4b2bb027220e13d8b071c55046b14213e966ad9c381e5cad9773d455aa0d36ddff9b9f24873d0979f1caff95d9569e4f312514c7e01979b39c466aa2d27ad521ae3c1ea2025ca2290185b3d79da4f6e4c7e77a70f206bd5c41eec65fd64f86c317b8207ca511b8297b597cb9c24afa652c1f1c7f2d8ca61cf4a63b17df165e4c02dc19578305f276cb81fdfadf0ffc8b86e13297f2692edf7e6324878bb8ca960a050af6b0ada8ba4accd72c7d2c74a41e98d801093e4cc5b1572b8e6be9f270c30759543986180bb4fc6863e14638ea74863dbdd1624cfdedaedb99dfd48901e7d4b486a7b13ea n2=0xc31344c753e25135d5eed8febaa57dd7020b503a5569bdd4ae6747b5c36436dc1c4d7ead77bfc1034748bcc630636bae1c8f4ca5dee8246b3d6f3e8b14e16487733b14ec8e587e07a7a6de45859d32d241eaf7746c45ff404f1a767ab77e8493ae8141fee0bcf4e9b7c455415b6945fa60de928b01dfa90bbf0d09194f93db7a1663121d281c908f0e38237f63c2b856f99c6029d993f9afb5fbbb762044d97943ff34023486c4cf1db9ffdc439d9f5ff331b606374c7133d61e4614fac3ea7faaf54563338b736282658e7925b224577091831351a28679a8d6f8e7ba16685b2769bb49b79f8054b29c809d68aca0f2c5e3f1fd0e3ef6c21f756e3c44a40439 # e2=0x10001 # c2=0xbefa7d62f15cafc81d098fdd524411537e948d83266ef22848f44d2e43d1f1388a26bb21c8fb08b571c7cbd6630d6f2b409c85c68a6419e472941e4978f60b93e1ce850344dbe99f1918cb5b8c35075bbdca82fa233d1300f108e4b75ce10d7b0ffa145bceffbc7a5204bf9c119f77af191091f25140aedcdd333b631b240ddad3108c96084dffe6e49e04880908fa02c02edb58e2f27919d707151adb6787384ca28050f8d77418cc1733187d7695f57127be8d6174562723679ba39790d7f2306271b9d8f4d2bdde9ed798af00074ec7da3a7f1ffeb4fc6a61804e51c0f92d384dc62b80fd44492588af26ac0185a23f86c46a7ffdec9fcf31b02b08b63001 print "p -> {}".format(gcd(n1, n2)) print "q1 -> {}".format(n1 / gcd(n1, n2)) print "q2 -> {}".format(n2 / gcd(n1, n2))
unzip = subprocess.check_output([ 'unzip', '-o', '-P', zippassword, 'almost_almost_almost_almost_there.zip' ]) # get next modulus l2n = int( subprocess.check_output([ 'openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in', 'almost_almost_almost_there.pub' ]).split('=')[1], 16) # load ciphertext l2c = libnum.s2n(open('almost_almost_almost_there.encrypted', 'rb').read()) # layer 2 modulus has common factor with layer 1 l2q = libnum.gcd(l2n, n) l2p = l2n / l2q l2phi = (l2p - 1) * (l2q - 1) l2d = libnum.invmod(e, l2phi) l2m = pow(l2c, l2d, l2n) l2zippass = libnum.n2s(l2m) ################### LAYER 3 ###################### print "[*] Solving layer 3: Small q " unzip = subprocess.check_output( ['unzip', '-o', '-P', l2zippass, 'almost_almost_almost_there.zip']) l3n = int( subprocess.check_output([ 'openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in', 'almost_almost_there.pub' ]).split('=')[1], 16)
def main(): verify() usage = """ ** ** ** ********** /** /** /** /////**/// /** * /** ***** /** ***** ****** ********** /** ****** /** *** /** **///** /** **///** **////**//**//**//** /** **////** /** **/**/**/******* /**/** // /** /** /** /** /** /** /** /** /**** //****/**//// /**/** **/** /** /** /** /** /** /** /** /**/ ///**//****** ***//***** //****** *** /** /** /** //****** // // ////// /// ///// ////// /// // // // ////// ** ** ****** ********** ******** ******* ******** ** /** /** **////**/////**/// /**///// /**////** **////// **** /** /** ** // /** /** /** /** /** **//** /**********/** /** /******* /******* /********* ** //** /**//////**/** /** /**//// /**///** ////////** ********** /** /**//** ** /** /** /** //** /**/**//////** /** /** //****** /** /** /** //** ******** /** /** // // ////// // // // // //////// // // ******** **//////** ** // ****** ********** ***** /** //////** //**//**//** **///** /** ***** ******* /** /** /**/******* //** ////** **////** /** /** /**/**//// //******** //******** *** /** /**//****** //////// //////// /// // // ////// """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 32 except: print "Token error!" m_exit(-1) p, q, e = gen_key() n = p * q phi_n = (p-1)*(q-1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: try: s = raw_input() c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
else: p.recvuntil("Decrypted: ") return int(p.recvuntil("\n", drop=True)) def recvflag(): p.recvuntil("Galf - ") return int(p.recvuntil("\n", drop=True), 16) context.log_level = "debug" p = remote("199.247.6.180", 16001) c = recvflag() e = 65537 e_2 = encrypt("\x02") e_4 = encrypt("\x04") e_8 = encrypt("\x08") k1n = (2**e) - e_2 k2n = (4**e) - e_4 k3n = (8**e) - e_8 #print k1n,k2n n = libnum.gcd(k1n, k2n, k3n) log.success("n:" + str(n)) res = 1 while not decrypt(c): temp = pow(2, e, n) c = (c * libnum.invmod(temp, n)) % n res *= 2 m = (decrypt(c) * (res)) % n print libnum.n2s(m)
c1_1 = "2639c28e3609a4a8c953cca9c326e8e062756305ae8aee6efcd346458aade3ee8c2106ab9dfe5f470804f366af738aa493fd2dc26cb249a922e121287f3eddec0ed8dea89747dc57aed7cd2089d75c23a69bf601f490a64f73f6a583081ae3a7ed52238c13a95d3322065adba9053ee5b12f1de1873dbad9fbf4a50a2f58088df0fddfe2ed8ca1118c81268c8c0fd5572494276f4e48b5eb424f116e6f5e9d66da1b6b3a8f102539b690c1636e82906a46f3c5434d5b04ed7938861f8d453908970eccef07bf13f723d6fdd26a61be8b9462d0ddfbedc91886df194ea022e56c1780aa6c76b9f1c7d5ea743dc75cec3c805324e90ea577fa396a1effdafa3090" c1_2 = "42ff1157363d9cd10da64eb4382b6457ebb740dbef40ade9b24a174d0145adaa0115d86aa2fc2a41257f2b62486eaebb655925dac78dd8d13ab405aef5b8b8f9830094c712193500db49fb801e1368c73f88f6d8533c99c8e7259f8b9d1c926c47215ed327114f235ba8c873af7a0052aa2d32c52880db55c5615e5a1793b690c37efdd5e503f717bb8de716303e4d6c4116f62d81be852c5d36ef282a958d8c82cf3b458dcc8191dcc7b490f227d1562b1d57fbcf7bf4b78a5d90cd385fd79c8ca4688e7d62b3204aeaf9692ba4d4e44875eaa63642775846434f9ce51d138ca702d907849823b1e86896e4ea6223f93fae68b026cfe5fa5a665569a9e3948a" #n1_1 = 0x11574caaea9fd80017ee2986de85b4939d2e43bd5edf5f84e280198004628303fc0c46030926d701194fd8b6b61fdad9fb996291742dcc181d7a21af22f9834caf7650637e458c616ec725a1396ea1920e78ea1ed70d9a35a2390744943a134c8a8101383386e94db4ff4e809d226cffc84bfa2847a3f4fe08ee9df4bf7a40ebf16a347fe90f09016b8b9d2dfb281b536da1fc4442c7b47f84204b3eed6186f4deab1f71ead8edd8c42fe3d93972c220d8c4eb9aab52600ed168ce51064c49b152e34c6fb83de63a635d421c9664fc78f7388de3d1dde7cd3180951c876f20dcede08280ec6ac284b120615e9e141dac68399035bb71eac8cd2bb866b3a6e007 #n1_2 = 0x0230d7a40a416d8c056c314b7d641bffb1dd007917ba0b215f58f6b68f8285067136aa0f0ce37db354cf61d22af84c8be4160963fcbfb9814f31875b458bfea9cb8aa064e5692894f2cde421b16ee2fba30d0b5d5acd8270af65c5bfdd656733b7170b48583a909560c5811cae775499b813efeb9bbb6a8e9da35bd54c0c6d047d6c28a6442cf69522b02c1609774fd4c19e1841989526f70896227138d0fc8bf3ad4ff92466aafc79dbc2b0b68cde3a810d805fba9db05267b33a39f26ccc06c34de1a6a90a5521f01a1e8e0e1387f6ed51b3970409b7562896dfdbf487337d787e6629d474a73e86dbb934446628dad06a8bc6bded821b9a2361f2f1055d12 n1_1 = bytes_to_num(c1_1.decode('hex')) n1_2 = bytes_to_num(c1_2.decode('hex')) e1 = 0x1001 e2 = 0x101 print libnum.xgcd(e1,e2) xgcd = libnum.xgcd(e1,e2) n1_1_inv = libnum.invmod(n1_1,n3) assert (n1_1_inv*n1_1)%n3==1 m = (pow(n1_1_inv,xgcd[0]*-1,n3)*pow(n1_2,xgcd[1],n3))%n3 print m print libnum.gcd(e1,e2) assert pow(m,e1,n3)==n1_1 assert pow(m,e2,n3)==n1_2 #print hex(pow(m,e2,n3)) n1 = m print n1 #n1 = 820928650845870620723398641418430560681156001138735096925030451902417919194443533997091546977591994803076546864089678354698681762386374331300311255855681398660128703679421620966541327377041709407909422433258969486458918135644782166730266421648609176380494526721089557340533459290986717438829332517062112510441791255031169683629746300741131885337863789133958194148147076564652001394063636006538871538841709581230856211101448471200607015180491156127670595948207742541369333765734985482522833859182877386338753929062754028024947469226250613374092460434598257428472528861445143456766204473851110780586998315353287 p1 = libnum.gcd(n1,n2) p2 = n1/p1 p3 = n2/p1 e = 0x1001 phi_1 = (p1-1)*(p2-1) phi_2 = (p1-1)*(p3-1) c1 = "1240198b148089290e375b999569f0d53c32d356b2e95f5acee070f016b3bef243d0b5e46d9ad7aa7dfe2f21bda920d0ac7ce7b1e48f22b2de410c6f391ce7c4347c65ffc9704ecb3068005e9f35cbbb7b27e0f7a18f4f42ae572d77aaa3ee189418d6a07bab7d93beaa365c98349d8599eb68d21313795f380f05f5b3dfdc6272635ede1f83d308c0fdb2baf444b9ee138132d0d532c3c7e60efb25b9bf9cb62dba9833aa3706344229bd6045f0877661a073b6deef2763452d0ad7ab3404ba494b93fd6dfdf4c28e4fe83a72884a99ddf15ca030ace978f2da87b79b4f504f1d15b5b96c654f6cd5179b72ed5f84d3a16a8f0d5bf6774e7fd98d27bf3c9839" c2 = "129d5d4ab3f9e8017d4e6761702467bbeb1b884b6c4f8ff397d078a8c41186a3d52977fa2307d5b6a0ad01fedfc3ba7b70f776ba3790a43444fb954e5afd64b1a3abeb6507cf70a5eb44678a886adf81cb4848a35afb4db7cd7818f566c7e6e2911f5ababdbdd2d4ff9825827e58d48d5466e021a64599b3e867840c07e29582961f81643df07f678a61a9f9027ebd34094e272dfbdc4619fa0ac60f0189af785df77e7ec784e086cf692a7bf7113a7fb8446a65efa8b431c6f72c14bcfa49c9b491fb1d87f2570059e0f13166a85bb555b40549f45f04bc5dbd09d8b858a5382be6497d88197ffb86381085756365bd757ec3cdfa8a77ba1728ec2de596c5ab" c1 = int(c1,16)
def modinv(m, N): from libnum import xgcd, gcd assert gcd(m, N) == 1 return xgcd(m, N)[0] % N
def test_gcd_list(self): self.assertEqual(libnum.gcd(100, 75, 150, -325), 25) self.assertEqual(libnum.gcd(-10, -155, -50), 5) self.assertEqual(libnum.gcd(-13), 13) self.assertEqual(libnum.gcd(3, 0, 30), 3) self.assertRaises(TypeError, libnum.gcd, "qwe")
import libnum from gmpy2 import invert n = 439417435349117077016120256032123563488725871672365713333908767527181506605456996440976092286396217208346517037614291515211713369259652005473745797829519302114014096228493909082933262475682668430515352570340710043923576011229072081864417565564654393154123852582998480004421967973561710348775401627090820082561624574163346724457146411153367379048103923362449689733143553766642049979073854600029473386414761438390648422125304276322690311616660623276480255307700013063370655168193935504657331359380550163431464495433486240621844201555038127878792512290031492000061093453237133536504895049948422086353955762857724850156781994280857003864815967035753799539807280430048953143544729135381005035199528144216366914915579663527988069893306590695520092972880563370537346145253637501387052646675680590628920510946254822851331399843224254394547586424880418687904378274789438020179680711159166212876147547185432499042312287158720759432838187034875075634972002003563189734179053491210369144349588268225221150448827154462668635876553832012979304656482844597655486269149398445556043107571028374638171990230273230291727628205524835210632998076958313384500314940986874085361468623893282047441961797621666131423867384258509862778976666657751356030040047 c1 = 433819607639705710266664415408118685227785023318043464408966216465750463198676135279124462845866999138470641247236684695283528622009068089829541464396249742683972501426375507332135478436883972126246738190884671529589181892330434244546786535414844856902492636515182671365787388411006038214430838590567927395551492633142070871452321831527948581202029688467726417572174472188386271189684284982295013247063416200521850944032308090353177893485184143318463398318577361595630480448599644526672515638448943705848237238461939459558481868533934465653842868295746942849704877815098484785420631917583407475464439928133116816321617482362200514347908334195726672522327873275250252173775348855923996735753997888790306174698268859546178310605295253579413970136784100418369048098185422669116871517314248162557324605258206897023003317229103825900820906732089865736093516945870857246635468811485690074609659343067906581718880877264676145808760888828074326238058402132938047145823469901418656764134606960128842365460977097771412397857915447875529501962743242047476426765640165615599688827221510744624693534704511630020440455848650684337784568409129227425062424172940268460078974079630610711505834513802309887469085674596008519618271929087233694510772818 c2 = 83724904566851840078496210336572116091662664664801892193076750684191998225275129586536713117349502209831236115674956540920283427420709449062398556850377530984192288977067791602406637606155391782165284888113514955317091966736966658674120747019017526067627612711855390757608944963618783096397518955644299711132723248517534675242871830833125295022486287399185142773955980037431762118034724219025729076159288632248470778028903018049578480296150295647871540660990968296530654468172254833706275919709136979831680701151936398827479942606831001019132247782804472010964563033607923846978012367622238945198907028578661031856834925861096025738647105214663386762206042812284486187733266176387464328664979255710768845266708038290907920541782501876537394650011441258953043237733077485175998097194872446432504451283270730627891392446498184459356925841883988220662027319615624668420530354856877871305567046686717349964404137643243402989864266839390618778918821026836359741410784881609846172633295386022298856060285799338958719259766938804531687502882100869752278294498533212528683279296420350233030112440595311501094440341925124189928998518952615978623564616420488870485553995291290375882581541245097342035134458581151189648006321755188856276514827 c3 = 223225973654193074185341934673670717548271466011006003162451988167244043646617334449350534865926222561727552347403026834759100491165146292996221746900332819346451539241588549807589084213078331353077823918346099557030508959267606219497209775761591248414191023956532987220553657104091483783079502280731137371091577523465152779610668691987310973882191252013925996652605143494742733402306280718269879894935172415045814067504146650884443628718911532969755853228638380957718520400103417333061763173036915630307027703685798400248545573356579830043253407873862583991237816020322151176755431917343630215007040682262485462372113845182965816894545203773241606400463786733213942593735748736024680254773008137013860537481718954741583314000838985523353610241733963686192070841191516141988160547714546661865554167966431810940485281843336774203244103912896400070237937057436344219706573370917411542837816436267530542911231332603234632456740573375693765100974080600386086853018631637388531999507606358686787772114128794589456684389087095737225861101713017614091616678955436188000947755813052995983953719044189065124976440553450612195674873717430433394890286761416666325585106227786956407949552740876109207732727933506229200877890487053948532237716454 e = 65537 p = libnum.gcd(c1, n) q = libnum.gcd(c2, n) print(p * q == n) phi = (p - 1) * (q - 1) d = invert(e, phi) m = pow(c3, d, n) print(libnum.n2s(int(m)))
def main(): verify() usage = """ ** ** ** ********** /** /** /** /////**/// /** * /** ***** /** ***** ****** ********** /** ****** /** *** /** **///** /** **///** **////**//**//**//** /** **////** /** **/**/**/******* /**/** // /** /** /** /** /** /** /** /** /**** //****/**//// /**/** **/** /** /** /** /** /** /** /** /**/ ///**//****** ***//***** //****** *** /** /** /** //****** // // ////// /// ///// ////// /// // // // ////// ** ** ****** ********** ******** ******* ******** ** /** /** **////**/////**/// /**///// /**////** **////// **** /** /** ** // /** /** /** /** /** **//** /**********/** /** /******* /******* /********* ** //** /**//////**/** /** /**//// /**///** ////////** ********** /** /**//** ** /** /** /** //** /**/**//////** /** /** //****** /** /** /** //** ******** /** /** // // ////// // // // // //////// // // ******** **//////** ** // ****** ********** ***** /** //////** //**//**//** **///** /** ***** ******* /** /** /**/******* //** ////** **////** /** /** /**/**//// //******** //******** *** /** /**//****** //////// //////// /// // // ////// """ print usage print "This is a RSA Decryption System" print "Please enter Your team token: " try: token = raw_input() flag = get_flag(token) assert len(flag) == 38 except: print "Token error!" m_exit(-1) p, q, e = gen_key() n = p * q phi_n = (p-1)*(q-1) d = invmod(e, phi_n) while True: e2 = random.randint(0x1000, 0x10000) if gcd(e2, phi_n) == 1: break print "n: ", hex(n) print "e: ", hex(e) print "e2: ", hex(e2) flag = bytes_to_long(flag) enc_flag = pow(flag, e2, n) print "Your flag is: ", hex(enc_flag) print "============Start Games============" print "Please enter your cipher: " while True: try: s = raw_input() c = int(s) except: m_exit(-1) m = pow(c, d, n) print "Your Plaintext is: ", hex(m) time.sleep(1)
def test_gcd_pair(): assert gcd(100, 75) == 25 assert gcd(-10, 155) == 5 assert gcd(30, -77) == 1 assert gcd(0, -77) == 77 assert gcd(0, 0) == 0 assert gcd(13, 0) == 13 assert gcd(0, 13) == 13 with pytest.raises(TypeError): gcd("qwe", 10) with pytest.raises(TypeError): gcd(10, "qwe")
m = pow(c,d,n) zippassword = libnum.n2s(m) ################### LAYER 2 ###################### print "[*] Solving layer 2: Common factors!" # unzip layer2 unzip = subprocess.check_output(['unzip','-o','-P',zippassword,'almost_almost_almost_almost_there.zip']) # get next modulus l2n = int(subprocess.check_output(['openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in', 'almost_almost_almost_there.pub']).split('=')[1],16) # load ciphertext l2c = libnum.s2n(open('almost_almost_almost_there.encrypted','rb').read()) # layer 2 modulus has common factor with layer 1 l2q = libnum.gcd(l2n, n) l2p = l2n / l2q l2phi = (l2p - 1 ) * (l2q - 1) l2d = libnum.invmod(e, l2phi) l2m = pow(l2c, l2d, l2n) l2zippass = libnum.n2s(l2m) ################### LAYER 3 ###################### print "[*] Solving layer 3: Small q " unzip = subprocess.check_output(['unzip','-o','-P',l2zippass,'almost_almost_almost_there.zip']) l3n = int(subprocess.check_output(['openssl', 'rsa', '-noout', '-modulus', '-pubin', '-in', 'almost_almost_there.pub']).split('=')[1],16) l3c = libnum.s2n(open('almost_almost_there.encrypted','rb').read()) # small q, factored using ECM method or any simple method l3q = 54311
#!/usr/bin/python import base64 import libnum n1 = 123948613128507245097711825164030080528129311429181946930789480629270692835124562568997437300916285601268900901495788327838386854611883075845387070635813324417496512348003686061832004434518190158084956517800098929984855603216625922341285873495112316366384741709770903928077127611563285935366595098601100940173 n2 = 122890614849300155056519159433849880305439158904289542874766496514523043027349829509818565800562562195671251134947871996792136355514373160369135263766229423623131725044925870918859304353484491601318921285331340604341809979578202817714205469839224620893418109679223753141128229197377934231853172927071087589849 e = 65537 q = libnum.gcd(n1,n2) # calculate gcd to discover a prime factor in common p = n1 / q phi = (p-1) * (q - 1) c = libnum.s2n(base64.b64decode(open('ciphertext.txt','r').read())) d = libnum.invmod(e,phi) m = pow(c,d,n1) print "[+] Flag: " + libnum.n2s(m)
def modinv(m, N): from libnum import xgcd, gcd assert gcd(m, N) == 1 return xgcd(m, N)[0] % N def samod_attack((c1, c2), (e1, e2), N): from libnum import xgcd, gcd assert gcd(e1, e2) == 1 assert gcd(e1, N) == 1 assert gcd(e2, N) == 1 [r, s] = xgcd(e1, e2)[0:2] cc1, cc2 = c1, c2 if r < 0: r = -r cc1 = modinv(cc1, N) if s < 0: s = -s cc2 = modinv(cc2, N) m = pow(cc1, r, N) * pow(cc2, s, N) % N return m