def same_n_sttack(n,e1,e2,c1,c2): def egcd(a, b): x, lastX = 0, 1 y, lastY = 1, 0 while (b != 0): q = a // b a, b = b, a % b x, lastX = lastX - q * x, x y, lastY = lastY - q * y, y return (lastX, lastY) s = egcd(e1, e2) s1 = s[0] s2 = s[1] if s1<0: s1 = - s1 c1 = primefac.modinv(c1, n) if c1<0: c1+=n elif s2<0: s2 = - s2 c2 = primefac.modinv(c2, n) if c2<0: c2+=n m=(pow(c1,s1,n)*pow(c2,s2,n)) % n return m
def gcd(public_key1, public_key2): public1 = public_key1.public_numbers().e public2 = public_key2.public_numbers().e n1 = public_key1.public_numbers().n n2 = public_key2.public_numbers().n p = primefac.gcd(n1, n2) q1 = n1 / p q2 = n2 / p private1 = primefac.modinv(public1, (p - 1) * (q1 - 1)) private2 = primefac.modinv(public2, (p - 1) * (q2 - 1)) return (build_rsa_private(n1, public1, private1, p, q1), build_rsa_private(n2, public2, private2, p, q2))
def rsa_gen(): p = genprime(1024) q = genprime(1024) n = p * q e = 65537 d = primefac.modinv(e, (p - 1) * (q - 1)) % ((p - 1) * (q - 1)) return (p, q, n, e, d)
def gen_args(): p=getPrime(1024) q=getPrime(1024) n=p*q e=0x10001 d=primefac.modinv(e,(p-1)*(q-1))%((p-1)*(q-1)) return (p,q,e,n,d)
def get_key(p, q, e): d = 0 e = 0x10001 p = 961756321 q = 961760441 # your code starts here d = primefac.modinv(e, (p - 1) * (q - 1)) % ((p - 1) * (q - 1)) # your code ends here return d
def affine_guessab(m1,c1,m2,c2,origin="abcdefghijklmnopqrstuvwxyz"): x1=origin.index(m1) x2=origin.index(m2) y1=origin.index(c1) y2=origin.index(c2) n=len(origin) dxi=primefac.modinv(x1-x2,n)%n a=dxi*(y1-y2) % n b=(y1-a*x1)%n return (a,b)
def affine_decode(c,a,b,origin="abcdefghijklmnopqrstuvwxyz"): r="" n=len(origin) ai=primefac.modinv(a,n)%n for i in c: if origin.find(i)!=-1: r+=origin[(ai*(origin.index(i)-b))%len(origin)] else: r+=i return r
def factor(public_key): public = public_key.public_numbers().e n = public_key.public_numbers().n p = primefac.multifactor( n, verbose=False, methods=(primefac.pollardRho_brent, primefac.pollard_pm1, primefac.williams_pp1, primefac.ecm, primefac.mpqs)) q = n / p private = primefac.modinv(public, (p - 1) * (q - 1)) return build_rsa_private(n, public, private, p, q)
def main(): pub = """-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVRqqCXPYd6Xdl9GT7/kiJrYvy 8lohddAsi28qwMXCe2cDWuwZKzdB3R9NEnUxsHqwEuuGJBwJwIFJnmnvWurHjcYj DUddp+4X8C9jtvCaLTgd+baSjo2eB0f+uiSL/9/4nN+vR3FliRm2mByeFCjppTQl yioxCqbXYIMxGO4NcQIDAQAB -----END PUBLIC KEY----- """ pub = RSA.importKey(pub) print(pub.e, pub.n) p = long(williams_pp1(pub.n)) q = pub.n / p print(p, q) assert pub.n == p * q priv = RSA.construct((pub.n, pub.e, modinv(pub.e, (p - 1) * (q - 1)))) print(priv.exportKey('PEM'))
def problem_yafu_cheat_check(conn, address, teamtoken): (ip, port) = address conn.send("=next-rsa=\n") q = 0xab724df05ca87067ce1573550a6a05f41f93e910b0380c71cdc5de940ef790a475f5c3d512354bc57b3410e7f5158fb287f79397353acb169ef583260eec76f4c46d21e4cb43426e3c66ba9b75d3c1b009ff1f9a0fea9c7d9815eadc5f7ac776d6dcae3c1fa3de865253623b4121e6b4f51deea0b7ae9ca84aad5fe83ba56451L seed = int(hashlib.sha256(ip).hexdigest()[0:8], 16) p = primefac.nextprime(seed) n = p * q e = 0x10001 conn.send("# n=" + hex(n).replace("L", "") + "\n") conn.send("# e=" + hex(e).replace("L", "") + "\n") m = random.randint(0x100000000000, 0xffffffffffff) c = pow(m, e, n) conn.send("# c=" + hex(c).replace("L", "") + "\n") conn.send("@ m=") rec_m = conn.recv(1024).strip() if rec_m == hex(m).replace("L", ""): d = primefac.modinv(e, (p - 1) * (q - 1)) if d < 0: d += (p - 1) * (q - 1) successdn.append((d, n)) f = open("success/" + ip, "a") f.write("teamtoken:" + teamtoken + "\n" + "time:" + time.strftime('%Y%m%d%H%M%S') + "\nm:" + hex(m).replace("L", "") + "\nd:" + hex(d).replace("L", "") + "\nn:" + hex(n).replace("L", "") + "\n\n") f.close() ok(conn) return 0 else: for (cheat_d, cheat_n) in successdn: print "cheat!" rec_m_int = int(rec_m[0:], 16) if rec_m_int == pow(c, cheat_d, cheat_n): f = open("cheat/" + ip, "a") f.write("teamtoken:" + teamtoken + "\n" + "time:" + time.strftime('%Y%m%d%H%M%S') + "\nm:" + hex(rec_m_int).replace("L", "") + "\nd:" + hex(cheat_d).replace("L", "") + "\nn:" + hex(cheat_n).replace("L", "") + "\n\n") f.close() ok(conn) return 1 error(conn) return 0
def modinv(a,n): return primefac.modinv(a,n) % n
from Crypto.Util.number import getPrime, isPrime import binascii import primefac import itertools ''' This Python code tries to illustrate how RSA is done at a basic level. ''' e = 65537 n = 128299637852747781491257187842028484364103855748297296704808405762229741626342194440837748106022068295635777844830831811978557490708404900063082674039252789841829590381008343327258960595508204744589399243877556198799438322881052857422197506822302290812621883700357890208069551876513290323124813780520689585503 c = 43160414063424128744492209010823042660025171642991046645158489731385945722740307002278661617111192557638773493117905684302084789590107080892369738949935010170735247383608959796206619491522997896941432858113478736544386518678449541064813172833593755715667806740002726487780692635238838746604939551393627585159 p = 11326943005628119672694629821649856331564947811949928186125208046290130000912120768861173564277210907403841603312764378561200102283658817695884193223692869 q = 11326943005628119672694629821649856331564947811949928186125208046290130000912216246378177299696220728414241927034282796937320547048361486068608744598351187 phi = (q - 1) * (p - 1) # Now, we can kind of unravel that modular arithmetic that was done during the # ENCRYPTION formula. We can find the private key, d, with the MODULAR INVERSE, # of e and phi. # I use a module to do this that is reworked to use Trey's function # https://github.com/JohnHammond/primefac_fork d = primefac.modinv(e, phi) # Now, we can do a similar thing like before, but this time for DECRYPTION. # m = ( c ^ d ) % n # This time we raise to our private key as an exponent, but still take the modulus. # And we have successfully decrypted RSA! m = pow(c, d, n) print repr(binascii.unhexlify(hex(m)[2:-1]))
from cryptography.hazmat.primitives import serialization from smashcipher.asymmetric.util import rsa as rsa_utils import primefac p = 111785135995915694872879065655450100824399060915246858692368272101498809780789 q = 95426003088967587203385239828634342249572881536732227152898005772259369509063 r = 115610435786510485451946829452875827768560089514770425913213861099648595711893 public = 65537 private1 = primefac.modinv(public, (p - 1) * (q - 1)) private2 = primefac.modinv(public, (q - 1) * (r - 1)) private_key1 = rsa_utils.build_rsa_private(p * q, public, private1, p, q) private_key2 = rsa_utils.build_rsa_private(q * r, public, private2, q, r) private_file1 = private_key1.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) file1 = open("test_keys/lowent/private-lowent1.key", "w") file1.write(private_file1) file1.close() private_file2 = private_key2.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption()) file2 = open("test_keys/lowent/private-lowent2.key", "w") file2.write(private_file2) file2.close()
from Crypto.Util.number import getPrime, bytes_to_long import primefac p = getPrime(512) q = getPrime(512) n = p * q d = getPrime(10) e = primefac.modinv(d, (p - 1) * (q - 1)) % ((p - 1) * (q - 1)) flag = "flag{wnwnwnwnweifnjiowenfoiwenf}" m = bytes_to_long(flag) print "c=", pow(m, e, n) print "e=", e print "n=", n
n = 2344088051 p = 46099 q = 50849 e = 65537 import primefac d = primefac.modinv(e, (p - 1) * (q - 1)) % ((p - 1) * (q - 1)) v = [1] * 100 v[15] = 622838535 v[16] = 0x1E53E463 v[17] = 0x217153B7 v[18] = 0xED044EB v[19] = 0x26EC91AF v[20] = 0x4F8C7090 v[21] = 0x45E4F9BB v[22] = 0x26EC91AF v[23] = 0x6D04B642 v[24] = 0x26EC91AF v[25] = 0xFF559EE v[26] = 0x1E53E463 v[27] = 0x55C81190 v[28] = 0x55C81190 v[29] = 0x58006440 v[30] = 0x217153B7 v[31] = 0x26EC91AF v[32] = 0x35F1D9B2 v[33] = 0x4D3D8957 v[34] = 0x35F1D9B2 v[35] = 0x26EC91AF v[36] = 0x7172720E