├── .gitignore
├── README.md
├── RsaCtfTool.py
├── decript.py
├── decrypto.py
├── demos
    ├── sctf
    │   ├── rsa1
    │   │   ├── RSA_01_40684f9d8020d7ea2abb8ad313fee726.zip
    │   │   ├── decript.py
    │   │   ├── level0
    │   │   │   ├── level1.passwd
    │   │   │   ├── level1.passwd.enc
    │   │   │   ├── level1.zip
    │   │   │   ├── level1
    │   │   │   │   ├── level2.passwd
    │   │   │   │   ├── level2.passwd.enc
    │   │   │   │   ├── level2.zip
    │   │   │   │   ├── level2
    │   │   │   │   │   ├── level3.passwd
    │   │   │   │   │   ├── level3.passwd.enc
    │   │   │   │   │   ├── level3.zip
    │   │   │   │   │   ├── level3
    │   │   │   │   │   │   └── FLAG.txt
    │   │   │   │   │   ├── pri.key
    │   │   │   │   │   └── public.key
    │   │   │   │   ├── pri.key
    │   │   │   │   └── public.key
    │   │   │   ├── level1bin.passwd.enc
    │   │   │   └── public.key
    │   │   └── priv.key
    │   ├── rsa2
    │   │   ├── 1.json
    │   │   ├── de.py
    │   │   ├── level5.zip
    │   │   ├── level5
    │   │   │   └── FLAG.txt
    │   │   ├── sage.py
    │   │   ├── syc_security_system_traffic2.pcap
    │   │   └── text.txt
    │   └── rsa3
    │   │   ├── RSA_03_5602246960ad9119669d6276d250f6ec.zip
    │   │   ├── de.py
    │   │   ├── level3
    │   │       ├── level4.zip
    │   │       ├── level4
    │   │       │   ├── level6.zip
    │   │       │   ├── level6
    │   │       │   │   └── FLAG.txt
    │   │       │   └── syc_security_system_traffic3.pcap
    │   │       └── syc_security_system_traffic.pcap
    │   │   ├── mayday
    │   │       ├── README.md
    │   │       ├── crt_solver.py
    │   │       ├── flag.py
    │   │       ├── mayday.json
    │   │       ├── mayday.py
    │   │       └── my.json
    │   │   ├── myrsa.py
    │   │   ├── w.txt
    │   │   └── words.txt
    └── 安恒ctf
    │   ├── .gitignore
    │   └── rsa
    │       ├── data.txt
    │       ├── data.txt (2)
    │       └── rsa.zip
├── rsa.py
├── rsatool.py
├── test
    ├── crypto.txt
    └── pqne.txt
└── wiener_attack.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # CTF RSA 工具
 2 | 
 3 | - RSA大数分解网站http://www.factordb.com/index.php
 4 | - 大数分解平台https://cloud.sagemath.com/
 5 |   ```
 6 |   factor(0x123)
 7 |   factor(123)
 8 |   ```
 9 | - RSA tool2
10 | - yafu 如果两个素数相差很近，可采用费马分解
11 |   ```
12 |   factor(0x123)
13 |   factor(123)
14 |   ```
15 | 
16 | - rsatool.py 标准工具 用于已有p,q生成私钥
17 |   ```
18 |   ./rsatool.py -p num1 -q num2 -o priv.key
19 |   ```
20 | 
21 | - RsaCtfTool.py 提供公钥可输出n,e  
22 | - openssl
23 |   ```
24 |   输出公钥信息
25 |   openssl rsa -noout -text -inform PEM -in public.key -pubin
26 | 
27 |   openssl rsautl -decrypt -in level1bin.passwd.enc -inkey ../priv.key -out level1.passwd -oaep
28 |   ```
29 | 


--------------------------------------------------------------------------------
/RsaCtfTool.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | """
  5 | ----------------------------------------------------------------------------
  6 | "THE BEER-WARE LICENSE" (Revision 42):
  7 | ganapati (@G4N4P4T1) wrote this file. As long as you retain this notice you
  8 | can do whatever you want with this stuff. If we meet some day, and you think
  9 | this stuff is worth it, you can buy me a beer in return.
 10 | ----------------------------------------------------------------------------
 11 | """
 12 | 
 13 | from Crypto.PublicKey import RSA
 14 | from wiener_attack import WienerAttack
 15 | import gmpy
 16 | from libnum import *
 17 | import requests
 18 | import re
 19 | import argparse
 20 | from base64 import b64decode
 21 | 
 22 | 
 23 | class FactorizationError(Exception):
 24 |     pass
 25 | 
 26 | 
 27 | class PublicKey(object):
 28 |     def __init__(self, key):
 29 |         """Create RSA key from input content
 30 |            :param key: public key file content
 31 |            :type key: string
 32 |         """
 33 |         pub = RSA.importKey(key)
 34 |         self.n = pub.n
 35 |         self.e = pub.e
 36 |         self.key = key
 37 | 
 38 |     def prime_factors(self):
 39 |         """Factorize n using factordb.com
 40 |         """
 41 |         try:
 42 |             url_1 = 'http://www.factordb.com/index.php?query=%i'
 43 |             url_2 = 'http://www.factordb.com/index.php?id=%s'
 44 |             r = requests.get(url_1 % self.n)
 45 |             regex = re.compile("index\.php\?id\=([0-9]+)", re.IGNORECASE)
 46 |             ids = regex.findall(r.text)
 47 |             p_id = ids[1]
 48 |             q_id = ids[2]
 49 |             regex = re.compile("value=\"([0-9]+)\"", re.IGNORECASE)
 50 |             r_1 = requests.get(url_2 % p_id)
 51 |             r_2 = requests.get(url_2 % q_id)
 52 |             self.p = int(regex.findall(r_1.text)[0])
 53 |             self.q = int(regex.findall(r_2.text)[0])
 54 |             if self.p == self.q == self.n:
 55 |                 raise FactorizationError()
 56 |         except:
 57 |             raise FactorizationError()
 58 | 
 59 |     def __str__(self):
 60 |         """Print armored public key
 61 |         """
 62 |         return self.key
 63 | 
 64 | 
 65 | class PrivateKey(object):
 66 |     def __init__(self, p, q, e, n):
 67 |         """Create private key from base components
 68 |            :param p: extracted from n
 69 |            :type p: int
 70 |            :param q: extracted from n
 71 |            :type q: int
 72 |            :param e: exponent
 73 |            :type e: int
 74 |            :param n: n from public key
 75 |            :type n: int
 76 |         """
 77 |         t = (p-1)*(q-1)
 78 |         d = self.find_inverse(e, t)
 79 |         self.key = RSA.construct((n, e, d, p, q))
 80 | 
 81 |     def decrypt(self, cipher):
 82 |         """Uncipher data with private key
 83 |            :param cipher: input cipher
 84 |            :type cipher: string
 85 |         """
 86 |         return self.key.decrypt(cipher)
 87 | 
 88 |     def __str__(self):
 89 |         """Print armored private key
 90 |         """
 91 |         return self.key.exportKey()
 92 | 
 93 |     def eea(self, a, b):
 94 |         if b == 0:
 95 |             return (1, 0)
 96 |         (q, r) = (a//b, a % b)
 97 |         (s, t) = self.eea(b, r)
 98 |         return (t, s-(q * t))
 99 | 
100 |     def find_inverse(self, x, y):
101 |         inv = self.eea(x, y)[0]
102 |         if inv < 1:
103 |             inv += y
104 |         return inv
105 | 
106 | 
107 | if __name__ == "__main__":
108 |     """Main method (entrypoint)
109 |     """
110 |     parser = argparse.ArgumentParser(description='RSA CTF Tool')
111 |     parser.add_argument('--pkey',
112 |                         dest='public_key',
113 |                         help='public key file',
114 |                         default=None)
115 |     parser.add_argument('--pqne',
116 |                         dest='pqne',
117 |                         help='input: p,q,n,e',
118 |                         default=None)
119 |     parser.add_argument('--crypto',
120 |                         dest='uncipher',
121 |                         help='uncipher a file',
122 |                         default=None)
123 |     parser.add_argument('--format',
124 |                         dest='format',
125 |                         help='uncipher file format hex, base64 or num，default char',
126 |                         default='char')
127 |     parser.add_argument('--verbose',
128 |                         dest='verbose',
129 |                         help='verbose mode (display n, e, p and q)',
130 |                         action='store_true')
131 |     parser.add_argument('--pri',
132 |                         dest='private',
133 |                         help='Display private key if recovered',
134 |                         action='store_true')
135 | 
136 |     args = parser.parse_args()
137 | 
138 |     # Open cipher file
139 |     unciphered = None
140 |     if args.uncipher is not None:
141 |         cipher = open(args.uncipher, 'r').read().strip()
142 |         if args.format == 'num':
143 |             cipher = n2s(int(cipher))
144 |         elif args.format == 'hex':
145 |             cipher = int(cipher,16)
146 |         elif args.format == 'base64':
147 |             cipher = b64decode(cipher)
148 | 
149 |     priv_key = None
150 |     if args.pqne is None:
151 |         # Load public key
152 |         try:
153 |             key = open(args.public_key, 'r').read()
154 |             pub_key = PublicKey(key)
155 |         except Exception as e:
156 |             if args.verbose:
157 |                 print "publickey error",e
158 |                 print "Crack with p,q"
159 | 
160 |         print '"n" is:' + str(pub_key.n)
161 |         print "*"*60
162 |         print '"e" is:' + str(pub_key.e)
163 |         print "*"*60
164 | 
165 |         # Hastad's attack
166 |         if pub_key.e == 3 and args.uncipher is not None:
167 |             if args.verbose:
168 |                 print "Try Hastad's attack"
169 | 
170 |             orig = s2n(cipher)
171 |             c = orig
172 |             while True:
173 |                 m = gmpy.root(c, 3)[0]
174 |                 if pow(m, 3, pub_key.n) == orig:
175 |                     unciphered = n2s(m)
176 |                     break
177 |                 c += pub_key.n
178 |         else:
179 |             if args.verbose:
180 |                 print "Try weak key attack"
181 |             try:
182 |                 pub_key.prime_factors()
183 |                 priv_key = PrivateKey(long(pub_key.p),
184 |                                       long(pub_key.q),
185 |                                       long(pub_key.e),
186 |                                       long(pub_key.n))
187 | 
188 |                 if args.uncipher is not None:
189 |                     unciphered = priv_key.decrypt(cipher)
190 |             except FactorizationError:
191 |                 unciphered = None
192 | 
193 |         if unciphered is None and priv_key is None:
194 |             if args.verbose:
195 |                 print "Try Wiener's attack"
196 | 
197 |             # Wiener's attack
198 |             wiener = WienerAttack(pub_key.n,pub_key.e)
199 |             if wiener.p is not None and wiener.q is not None:
200 |                 pub_key.p = wiener.p
201 |                 pub_key.q = wiener.q
202 |                 priv_key = PrivateKey(long(pub_key.p),
203 |                                       long(pub_key.q),
204 |                                       long(pub_key.e),
205 |                                       long(pub_key.n))
206 | 
207 |                 if args.uncipher is not None:
208 |                     unciphered = priv_key.decrypt(cipher)
209 |     # user define p,q,e,n
210 |     elif unciphered is None and priv_key is None:
211 |         if args.verbose:
212 |             print "Crack with p,q"
213 | 
214 |         pqne_list = args.pqne.split(',')
215 |         nump = long(pqne_list[0])
216 |         numq = long(pqne_list[1])
217 |         nume = long(pqne_list[3])
218 |         numn = long(pqne_list[2])
219 |         if nume == 3 and args.uncipher is not None:
220 |             if args.verbose:
221 |                 print "Try Hastad's attack"
222 | 
223 |             orig = cipher
224 |             c = orig
225 |             while True:
226 |                 m = gmpy.root(c, 3)[0]
227 |                 if pow(m, 3, numn) == orig:
228 |                     unciphered = n2s(m)
229 |                     break
230 |                 c += numn
231 |         else:
232 |             priv_key = PrivateKey(nump,numq,nume,numn)
233 | 
234 |             if args.uncipher is not None:
235 |                 unciphered = priv_key.decrypt(cipher)
236 | 
237 |     if priv_key is not None and args.private:
238 |         print priv_key
239 | 
240 |     if unciphered is not None and args.uncipher is not None:
241 |         print "*"*60
242 |         print "Clear text : %s" % unciphered
243 |         print "*"*60
244 |         print "Clear text in number: %s" % s2n(unciphered)
245 |     else:
246 |         if args.uncipher is not None:
247 |             print "Sorry, cracking failed"
248 | 


--------------------------------------------------------------------------------
/decript.py:
--------------------------------------------------------------------------------
 1 | import base64
 2 | from Crypto.PublicKey import RSA
 3 | 
 4 | def decrypt_RSA(privkey, message):
 5 |     from Crypto.PublicKey import RSA
 6 |     from Crypto.Cipher import PKCS1_OAEP
 7 |     from base64 import b64decode
 8 |     key = open(privkey, "r").read()
 9 |     rsakey = RSA.importKey(key)
10 |     rsakey = PKCS1_OAEP.new(rsakey)
11 |     decrypted = rsakey.decrypt(message)
12 |     return decrypted
13 | 
14 | flag = "69607199517868483359165446696575782986798491333171634561480071976234143538345367234799415119124372101538680310768987381846307094253169982296466477407040424769616420040229453113227524357479071064913500684764256363281150779409814511"
15 | flag = int(flag)
16 | # print flag
17 | flag = hex(flag)#.decode('hex')
18 | print flag
19 | raw_input()
20 | print decrypt_RSA('../whctf/768.pri', flag)
21 | 


--------------------------------------------------------------------------------
/decrypto.py:
--------------------------------------------------------------------------------
 1 | # 250527704258269,74891071972884336452892671945839935839027130680745292701175368094445819328761543101567760612778187287503041052186054409602799660254304070752542327616415127619185118484301676127655806327719998855075907042722072624352495417865982621374198943186383488123852345021090112675763096388320624127451586578874243946255833495297552979177208715296225146999614483257176865867572412311362252398105201644557511678179053171328641678681062496129308882700731534684329411768904920421185529144505494827908706070460177001921614692189821267467546120600239688527687872217881231173729468019623441005792563703237475678063375349
 2 | import base64
 3 | import binascii
 4 | p,q = 250527704258269,74891071972884336452892671945839935839027130680745292701175368094445819328761543101567760612778187287503041052186054409602799660254304070752542327616415127619185118484301676127655806327719998855075907042722072624352495417865982621374198943186383488123852345021090112675763096388320624127451586578874243946255833495297552979177208715296225146999614483257176865867572412311362252398105201644557511678179053171328641678681062496129308882700731534684329411768904920421185529144505494827908706070460177001921614692189821267467546120600239688527687872217881231173729468019623441005792563703237475678063375349
 5 | 
 6 | d = 2500989530462696070479437264237439769815613208798986358248910749206176742853406594511395824636751386805541276930259360542832941809035762471752673584482154891476193051394186876981734912985975157985026323007180915365982833825191021587276140979318396814773779439102959655161084800055123768023038517763227514061775268893322946859551908566668208629419779208913783351428977917202249246359057312032892817529782474469500816887841034803531530212519606235043731289074018618387782735448369594296789089972390932182633090208863691349142319199245316803751876311678543706070895776094590750745139173634509085499863134564549539403265
 7 | n = 18762288330807505336471569952368628968038915032364773203018829070696227411217877868952724842039756288121734420378039301563905037169196320417706839549744629044465352679919380329435329653365900312498712121432190200717072138327379844913608851715404086200984072727408758802012147296753317519612628629535373054730645471938738605688629618951071483635716677866010394704066696480858977560809007683074249820225609075518509112704549293147063971302640066331096645041521401155565628466857211261242132897152403975836705170916276159246187173035660820037820087171748591660487636434105623595720788169970861783452500198572918584010881
 8 | 
 9 | def exeuclid(a,b):
10 |     if b == 0:
11 |         return 1,0,a
12 |     else:
13 |         x,y,q = exeuclid(b,a%b)
14 |         x,y = y,(x-a/b*y)
15 |         return x,y,q
16 | 
17 | def getprikey(e,n):
18 |     p,q = getpq(n)
19 |     d,x,y = exeuclid(e,(p-1)*(q-1))
20 |     if d < 0:
21 |         d = (p-1)*(q-1)+d
22 |     return d,n
23 | 
24 | 
25 | 
26 | if __name__ == '__main__':
27 |     fr = open('../sctf/rsa1/level0/level1.passwd.enc','r')
28 |     ciphertexts = fr.readlines()
29 |     fr.close()
30 |     rettext = ""
31 |     for c in ciphertexts:
32 |         rettext += c.strip()
33 |     plaintext = base64.b64decode(rettext)
34 | 
35 |     plaintext = plaintext.encode('hex')
36 |     retStr = pow(plaintext,d,n)
37 |     print (len(plaintext))
38 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/RSA_01_40684f9d8020d7ea2abb8ad313fee726.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/RSA_01_40684f9d8020d7ea2abb8ad313fee726.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa1/decript.py:
--------------------------------------------------------------------------------
 1 | import base64
 2 | from Crypto.PublicKey import RSA
 3 | 
 4 | def decrypt_RSA(privkey, message):
 5 |     from Crypto.PublicKey import RSA
 6 |     from Crypto.Cipher import PKCS1_OAEP
 7 |     from base64 import b64decode
 8 |     key = open(privkey, "r").read()
 9 |     rsakey = RSA.importKey(key)
10 |     rsakey = PKCS1_OAEP.new(rsakey)
11 |     decrypted = rsakey.decrypt(b64decode(message))
12 |     return decrypted
13 | 
14 | flag = "Zc2LYzlDHW6fEwMqqey8d6uCYWXEcUWt0LMvx3fMA/YMezn7jkXoUOkZD8pQyH5DBhJFCzSIoIUMaV+rJzyUooAIfxCG87Ej9CDDOb1CB+bxY2fH4Xr0D2iJMyKCgN9WwLggfJheJEcLsjhNx32lhJ81WGX/yQpk9HEDAaIBu1ds5BP0Cfy+aUOp9JDH9+b+9jjTgJpccBfh4uCG2XusQ7SDVMbejBIH/rGKNVlg8aSasOjDQ0PErHwzMVp4ewEk0va4NBJYhilxeTZyO+m2f/tw63LmTHmVxFzmzcCvAYv5M9wsACqi8BkCaSqwRHKXmN96eeLJE0qyEUvgSM+i9w=="
15 | print decrypt_RSA('priv.key', flag)
16 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1.passwd:
--------------------------------------------------------------------------------
1 | FaC5ori1ati0n_aTTA3k_p_tOO_sma11
2 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1.passwd.enc:
--------------------------------------------------------------------------------
1 | Zc2LYzlDHW6fEwMqqey8d6uCYWXEcUWt0LMvx3fMA/YMezn7jkXoUOkZD8pQyH5DBhJFCzSIoIUM
2 | aV+rJzyUooAIfxCG87Ej9CDDOb1CB+bxY2fH4Xr0D2iJMyKCgN9WwLggfJheJEcLsjhNx32lhJ81
3 | WGX/yQpk9HEDAaIBu1ds5BP0Cfy+aUOp9JDH9+b+9jjTgJpccBfh4uCG2XusQ7SDVMbejBIH/rGK
4 | NVlg8aSasOjDQ0PErHwzMVp4ewEk0va4NBJYhilxeTZyO+m2f/tw63LmTHmVxFzmzcCvAYv5M9ws
5 | ACqi8BkCaSqwRHKXmN96eeLJE0qyEUvgSM+i9w==
6 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/level0/level1.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2.passwd:
--------------------------------------------------------------------------------
1 | fA35ORI11TLoN_Att1Ck_cL0sE_PrI8e_4acTorS
2 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2.passwd.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/level0/level1/level2.passwd.enc


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/level0/level1/level2.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2/level3.passwd:
--------------------------------------------------------------------------------
1 | wIe6ER1s_1TtA3k_e_t00_larg3
2 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2/level3.passwd.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/level0/level1/level2/level3.passwd.enc


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2/level3.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/level0/level1/level2/level3.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2/level3/FLAG.txt:
--------------------------------------------------------------------------------
1 | SCTF{500_sI,pLE_tRE1S7Re_iN_rSa_AtTa3K_2_24CASF}


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2/pri.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIICOQIBAAKBgQG6DMJFtFzltfVs1cqlkMKNEj2KbX+2Rzf7fB9ahYweNROLV7Ih
 3 | T/SyQiRfM/csLA0hwkrUxfUJlMI5nXPlBKJmHZxLmdU4RKsT2c0SpNAWefCsdfmk
 4 | 6qh8MhaaF9d9gP1gKWTH6lAwY3ZZxzZemNLqW7M6RxcILdUkfU+nofDVcwKBgQEA
 5 | joHdoOMZKOjuUREIx1BfYTEF0uL/m4Nx5CnC3ZJwZdQJbVjDdjEH8dT8zy2zCm0C
 6 | fFZhfL5+C37ZIihmnvs9LywgWTwh7/8xAGr7p2jeSgpMGqcJ1UiYyB/P+933nK6u
 7 | CxX0ssfgvLoxT14Hg60Of7mCpNIB+mgpbWZ8z1e5SwIgQhmWt7pUKbyKmzdLdDmO
 8 | Y/nmj8XZXdPTwX7SN5C7IbMCQQFAGnwbwHqiXEijn8UoloBrQXlekqGs+BoJAy87
 9 | FBWejDvevbIjo5U16RZO5m47QdMbFOuz3pOu/I9d9uR+uFWPAkEBYYaMLMcjJf9I
10 | QnM5qcCX38EnGKe8sw9VFoao/ltniyuZN/muTdBCffvxqy//WJMKlmn0pHlcv93c
11 | TflHLJ733QIgQhmWt7pUKbyKmzdLdDmOY/nmj8XZXdPTwX7SN5C7IbMCIEIZlre6
12 | VCm8ips3S3Q5jmP55o/F2V3T08F+0jeQuyGzAkBTG0g6BonIZ9iwUMcuuSBDbRCo
13 | AbyUS0d1b8qyZbpS80g/zft+2eQCkbIIN6U49s1/JqeMjd9dufAcwG+2puNc
14 | -----END RSA PRIVATE KEY-----
15 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/level2/public.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PUBLIC KEY-----
2 | MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKBgQG6DMJFtFzltfVs1cqlkMKN
3 | Ej2KbX+2Rzf7fB9ahYweNROLV7IhT/SyQiRfM/csLA0hwkrUxfUJlMI5nXPlBKJm
4 | HZxLmdU4RKsT2c0SpNAWefCsdfmk6qh8MhaaF9d9gP1gKWTH6lAwY3ZZxzZemNLq
5 | W7M6RxcILdUkfU+nofDVcwKBgQEAjoHdoOMZKOjuUREIx1BfYTEF0uL/m4Nx5CnC
6 | 3ZJwZdQJbVjDdjEH8dT8zy2zCm0CfFZhfL5+C37ZIihmnvs9LywgWTwh7/8xAGr7
7 | p2jeSgpMGqcJ1UiYyB/P+933nK6uCxX0ssfgvLoxT14Hg60Of7mCpNIB+mgpbWZ8
8 | z1e5Sw==
9 | -----END PUBLIC KEY-----


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/pri.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEowIBAAKCAQEAwyZZaeHtdNLgtJrVanwvKp7Dcf8TSxA3wG9WGTTFyx9twONX
 3 | O0fEdj4ho7AREXjU7k/omSsVy8vXc+T5pigg/duM6hbtZ8JIEm5LAVNKZ8siIzs0
 4 | Lq8T75NFFisAn+BL0ZDJLCeaNMM/1+5A9YJQOaqM6cJ79DbjOJ0EUNuptz9LKtaK
 5 | KlyHKut0NZhqnORSy5N40to5g/MM0WUeZpxAVgYNWPxBZF4G2oPQOwZCcNo4U+BU
 6 | NVPO3nlKv/U75VN/bBgSZ6neN31EZV5oCng5PbsAIjUOo5TmlBUaPTnHUA6xZKUp
 7 | o2lBQGmUsA0a6poSJ1DuHjoZtylwtG0enWE+fQIDAQABAoIBADrSUl0x9ksiTQzj
 8 | JrTkHatxE2RHCF+10bg1VvReDch9/q0HWYHKzhL+A1G9fkeP7k6u02NnszgshxKt
 9 | z/ofWmJqTP06T/DYhLTZfc42dtT2S6Hm9IGl0BKEh2x5JcUK7I+MXrbqcPa6a4IA
10 | lJ/r2ZaoK7VCI+6mpLKp0WU18OAEszsTQq7kxuwt8ppx/OpV4HYd63NNlkmXtWhb
11 | EbzulkSr1mS2IL8cW36WR8dTbLAqDu0rHjiInkuOVMXBX0FpMNL01P7mchWJntY6
12 | 3AE8T4cVNmFZntnWbAkgv8+d17l26+S4tgw8n7WnnXYvplQUwdIU7ZCbzAKN2daD
13 | hXvR9VkCgYEA34N+NIG0y/ZdWGNkdZvfi/4mNECfkOEXGth0zqZOBvQuDq3c7eMc
14 | du2Eod1rkcnWvCpkNPdlTffZ0MMup8dteSIeIKkk1dZwkFCisiQGOL8T166CLTQN
15 | v9SSdp6kGVa0Szianh4stag4MQXAiuTcgnZJhtwLa+MB8H161HaH3v8CgYEA34N+
16 | NIG0y/ZdWGNkdZvfi/4mNECfkOEXGth0zqZOBvQuDq3c7eMcdu2Eod1rkcnWvCpk
17 | NPdlTffZ0MMup8dteSIeIKkk1dZwkFCisiQGOL8T166CLTQNv9SSdp6kGVa0Szia
18 | nh4stag4MQXAiuTcgnZJhtwLa+MB8H161HaH3oMCgYBBT5z7HsODrdOM1k4uh4OE
19 | 1pi3QALgRMWJlKJdF/9IzOUAaRFbebeBkNnmqlqaWQ4kIYbyay/w3nGJLN9fK0jz
20 | 0mJXTNV0npp5sPY5c4lV34+ewGFNcB5sZWL+wlBVDx7TtBCKD2slEaiJupKOg11j
21 | ycimXXoA5m5UpXXUy2XcZQKBgQCVTR+DcVTUnYey4Amd6fYEbEsWwkgUHdcyLn6v
22 | /zTFvlv5oDegjAFai8P5347YPov6+xIes1bvIu1TXt2OY0+EB786L+IUGP7t138m
23 | IZwqUbCudLot+cRpbFQ9ejDBYEJksLXPgvZ4jZqjXGVGIiQN3Xe15syWT3ffLeJb
24 | g6W0gwKBgD8WqdDii843FjfqgYRK9tb/ekRtFEO7Z43FWsa3Mu1RTxCHyK6AGp1w
25 | dfPhmCs25/cs/2GH5Noi3HKqtGUIzmIw2xWbGNlCuIvUsg0e0DUtrNOWau/bFGWh
26 | KVcopg9o/TZDlv8177dnOSacdljAmRROzo9bAzlKZbVtvYIptt3p
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1/public.key:
--------------------------------------------------------------------------------
1 | -----BEGIN PUBLIC KEY-----
2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyZZaeHtdNLgtJrVanwv
3 | Kp7Dcf8TSxA3wG9WGTTFyx9twONXO0fEdj4ho7AREXjU7k/omSsVy8vXc+T5pigg
4 | /duM6hbtZ8JIEm5LAVNKZ8siIzs0Lq8T75NFFisAn+BL0ZDJLCeaNMM/1+5A9YJQ
5 | OaqM6cJ79DbjOJ0EUNuptz9LKtaKKlyHKut0NZhqnORSy5N40to5g/MM0WUeZpxA
6 | VgYNWPxBZF4G2oPQOwZCcNo4U+BUNVPO3nlKv/U75VN/bBgSZ6neN31EZV5oCng5
7 | PbsAIjUOo5TmlBUaPTnHUA6xZKUpo2lBQGmUsA0a6poSJ1DuHjoZtylwtG0enWE+
8 | fQIDAQAB
9 | -----END PUBLIC KEY-----


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/level1bin.passwd.enc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa1/level0/level1bin.passwd.enc


--------------------------------------------------------------------------------
/demos/sctf/rsa1/level0/public.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN PUBLIC KEY-----
 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKA+bg7c8nQQUu8e6qiJ
 3 | 1vmNARFR216Qkkj9OQxwhyTYmDzzMxy6xWHCzixa8V5lsrJGkVa2GdXTsqa7o31W
 4 | k5lNfkwvqmB7Psj8kLIAYktTGFuiMBBgqCGrYVfX58xnG03NZkx98RoqHV5QgMFe
 5 | RRI6ukpTZNhyH4RKrlxVAuiOVk04cKUWNtO8FD4vri8xWLoAq6zAxbpEPClwVgFr
 6 | V/XXUtcxVgurCuaNrQgiqR/LbknMAUwS0qujpZflEEkZf2nZO8VTU3EAGGDMaRoG
 7 | ZDuGlHCp2oL8VGsGI0MtsCDrthuRNV5TpuXYmoS7MEa4n2O8cAYtWdhipf1cqwZo
 8 | gQIDAQAB
 9 | -----END PUBLIC KEY-----
10 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa1/priv.key:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEJwIBAAKCAQEAlKA+bg7c8nQQUu8e6qiJ1vmNARFR216Qkkj9OQxwhyTYmDzzMxy6xWHCzixa
 3 | 8V5lsrJGkVa2GdXTsqa7o31Wk5lNfkwvqmB7Psj8kLIAYktTGFuiMBBgqCGrYVfX58xnG03NZkx9
 4 | 8RoqHV5QgMFeRRI6ukpTZNhyH4RKrlxVAuiOVk04cKUWNtO8FD4vri8xWLoAq6zAxbpEPClwVgFr
 5 | V/XXUtcxVgurCuaNrQgiqR/LbknMAUwS0qujpZflEEkZf2nZO8VTU3EAGGDMaRoGZDuGlHCp2oL8
 6 | VGsGI0MtsCDrthuRNV5TpuXYmoS7MEa4n2O8cAYtWdhipf1cqwZogQIDAQABAoIBABPPyIKjOHpW
 7 | 3URh+atClM6/BRjSxn3VWoMz6ktMtXxQqvYXURIU9dRJeTGj8/li4amLpD7x8tt19x++qDPMlwgp
 8 | PnoKMZdaP5rN6kWv1U69qY4BSzqFCn6okHJXvSVvw+rt6oGtqMKDP9AuFHxhoC3U5209w64ujgKv
 9 | 6UGaFht4akx/rOtubJz68E7KN8Vv7wZZTqw7x3LdzfdTW3U2tesM+sxIVFLY8WLpn+WzLK4jqjzg
10 | B+gYV7MzE6fwX78xav7NvpDVoED6XeZkQ9rm1BJrmMJqzEGG5hqV9HuKofpzZMuGvdH8daa9g9ql
11 | BZtdI7nAJh8xTOrhbPlCJSekFgECBwDj2obRlt0CgfsApvxHygw/WWuVhb/EkbdRXsXwcBqlGW3w
12 | u3n3V3fRKn71k7Pi1NIrMlcKX8lQkpBULyT9QmxcYx1fWIOKWXjbOYChE0Dd+8TnG2ietZQYdtrH
13 | stNlMyeQuIictnG+4G7hzg3n54K/yUAP/D+OH2m2cXB4LpTSI3qVFTzIVRJWHzLqvpOUaMyHXkBo
14 | 9RVItp8MTJtMDiyjqO5WqXUzayFBazl+Jy29DQ8ZPq6Nhl5JbDDiqRg3BC+U5oXA4DZZvnYONZd6
15 | 6l2vXYktCUhTiCU3FucZWxj//6eWkI6oOf1JN2lbD1ygkdGeG5DUFW4OChAjJdmPz8rJHz8z9QIG
16 | EK9M1gYlAoH7AIE6L9x/Se9LwPU3CUqzkbdEe+Rl2mspl+meY/o+8ZJvmmFqDxsgYumcTpz+UOp7
17 | 44pwl8Z10bGqo4T+l2zSiOWhVAZwZtpW8XtWpaxkJeKlQXJ1ApZqAietIYpX0J4jcYBjZprVptJ6
18 | T2SpUrWgu95iab+y0EVAsmszFN4xSJDweJZv46SO1BvuwMsaY6FgyMXoUR2PEkDD4jFWUCqSG+x9
19 | G9H6JZobmy/VKhVYln2x/1dZNAp7QEJ+NFvP8/ffqPN0fV0uj25VoJLUdECifFWvFwJXAJa6/Vx1
20 | 6l6mU6kcUao7xs/SZwdyN482EotbHbhG/HKUvrz9zpkCBwCXnq0AlUo=
21 | -----END RSA PRIVATE KEY-----
22 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa2/1.json:
--------------------------------------------------------------------------------
 1 | [{"n": 20823369114556260762913588844471869725762985812215987993867783630051420241057912385055482788016327978468318067078233844052599750813155644341123314882762057524098732961382833215291266591824632392867716174967906544356144072051132659339140155889569810885013851467056048003672165059640408394953573072431523556848077958005971533618912219793914524077919058591586451716113637770245067687598931071827344740936982776112986104051191922613616045102859044234789636058568396611030966639561922036712001911238552391625658741659644888069244729729297927279384318252191421446283531524990762609975988147922688946591302181753813360518031 , "e": 65537 ,"m": 13234033997304316778037723755540295176566417167583125334748115313856272461873485975176769639900556672734617273359019596172713185648569617915834194490916133145561376709379255584763488139809318729158008319067490593780421525710686185901663150722039636401633248490072487272646046133397661255287252108975114971851002241382777431317966852965079811077483698260198592617912748266219396933149505994996564333804718657997117547829033756175025473552685392427706667895656765069586112413014731767350849696128714261203682658995901029178959682714751655404443133910225455212957949267552602258795410618075751493040967634013858197182151 }
 2 | {"n": 19083821613736429958432024980074405375408953269276839696319265596855426189256865650651460460079819368923576109723079906759410116999053050999183058013281152153221170931725172009360565530214701693693990313074253430870625982998637645030077199119183041314493288940590060575521928665131467548955951797198132001987298869492894105525970519287000775477095816742582753228905458466705932162641076343490086247969277673809512472546919489077884464190676638450684714880196854445469562733561723325588433285405495368807600668761929378526978417102735864613562148766250350460118131749533517869691858933617013731291337496943174343464943 , "e": 65537 ,"m": 11290673818799916824099087936031827970616675988901275293427837810560258554073816144561508939494596870486676605160867883659268337519981766172917652115484943274779552570033176568887017038968373662654406772362017167126569528258587269790913552082871933865730489132689974849863461978945772241289577822355455472480154402466189253113620694147180924242459151711025221566647687789553376163232400063576297123003994192249270988121120844024412758855657212185917733694159396118243450354222600525769113027753204779692749550715749220649597521844320884212092511495758929900155641428503318103448172198035846977076706940449005929163858 }
 3 | {"n": 17774939235727734476462395282231823316715379861046317817345624611911907593214308302214647896057564487337442044911965918475596520569772082614542928476071556136122390374261448355291326190588669749244551087519531171422368536623065559069186393880690491185428295587567383709105850768801137017410381198800859022683589227131366269010664135088590034257411578517032628301748630841116658016753790789190798967047606469455686364849168794826359747031854298139280066439746560927270642678048440102007159097509763029052171630962345071779359588256301900562323319841049233767020148050677313281878452455934508442202524705747194528406569 , "e": 65537 ,"m": 13483754671676151349875881870949346088618146158392512476986555409814532872486827681684339691928449639231390114905524380134044447206582065345759579154320295910704992412963748024772186688925422473297620061064582859980134783572169774461272537832610984136529980795885684592458960492162410670963443445247755904303771079723635189403917449169310840318590048160381766422578845790817189508127635418267826141965668479512597577267755410453229799773239036415979540449755806318547671736606512098412122111456922597257374337807967115216535345433271698356936620276623111997634868779122648099297563596830213659477025593304649569815504 }
 4 | {"n": 18230735608450218499760146484532016623358017237783892133303889946281353325028048660974643629059097581503124886121797578262726360732413999644447972840219185265497131565690735139036644114004801321401637568257277978213031552985047488709009900602464802789286407793237994581994502840723375856709497435080334051345432096317049479840164482095854479268586930369608254833112970622260404478799657281559442050103172983303242149447413914706845013704444612576387292604996783665745382378128210881511335824984214056196867716066969008817879486953643960351371651401651787086826236862037340753610288401584569654400614589702168410411777 , "e": 65537 ,"m": 12261332057668179157528877015211692245937331393259197358095375428147450829470955993527798242950378273139059516569835252956516807873856761953237431159191774973612690801735440859929256107161150271840207723694828986575484950700143032694012367407971172548134676154736395437320872038694744322653494984657389773252183193454105409515592828796108269536916168174712799995107398645022817475748669992497115451270342206743818589622979973959080809530083471353171292877439863447125683793885774107730901623092225288277530845789653810485971190848237593049079289517893385101702859676007497649445613825937574650164572175600702839050623 }
 5 | {"n": 18674375108313094928585156581138941368570022222190945461284402673204018075354069827186085851309806592398721628845336840532779579197302984987661547245423180760958022898546496524249201679543421158842103496452861932183144343315925106154322066796612415616342291023962127055311307613898583850177922930685155351380500587263611591893137588708003711296496548004793832636078992866149115453883484010146248683416979269684197112659302912316105354447631916609587360103908746719586185593386794532066034112164661723748874045470225129298518385683561122623859924435600673501186244422907402943929464694448652074412105888867178867357727 , "e": 65537 ,"m": 1759867310077021689595305982649927904709233128672037426081763358336593427946226092698272391571945836985003767083221265756597314392877399378253416560082359123451120246806512293124962638421707071853536842734889739675563942667313865800493661601638757020223165775583974781955345997019586608089490094545145433232382753067220828718489752856657235626450055864700245042893868872213304495599408158902381566573387790381031052763154112461064831040450793415431426554195190144638857754230148999636668113892157494666487917545475123212013660946845881957836787755031749084375911218534979739540468237662873315565961640034131163830789 }
 6 | {"n": 20071978783607427283823783012022286910630968751671103864055982304683197064862908267206049336732205051588820325894943126769930029619538705149178241710069113634567118672515743206769333625177879492557703359178528342489585156713623530654319500738508146831223487732824835005697932704427046675392714922683584376449203594641540794557871881581407228096642417744611261557101573050163285919971711214856243031354845945564837109657494523902296444463748723639109612438012590084771865377795409000586992732971594598355272609789079147061852664472115395344504822644651957496307894998467309347038349470471900776050769578152203349128951 , "e": 65537 ,"m": 3649067211754316224992666241694848208613281755393659349584447553113875233539357413675964019173573642426508695451827731852735238810345213207308504699849887175757118112533240090744424958822483029483492442389903585925291334292532493527229697197322353243453828675601275739308813590597422035414667611891451321955697437391819816346152355722721699467841392737397398419067675495910471658822280178883231119726898849827626403302518084768500242061163487254300830291249164149261529641250270747101675378013720924995268860049231128825302099664853429025238927364221167285950453819223147064775829107598595792999940328324200147377830 }
 7 | {"n": 21597405814979610996377443329018763876731454956985671856941454253699738920149670911576046593308343448286665993682909149218654376562968664705465609891657807742357205392596437740794305913042218176593478991135576006631116484591954079856017214091539384324090960020977320448098888942829956654576627734110390317713362482984844041244394082105522120606793411195778505674013052037333164184978668369370109463718408851863578899535952755043594925753035877967930701716263362137097630778793218984324306694183270960090264742489578593142651889318638733370042252001630074857161171854688708454385974727452741497933830446285670461243981 , "e": 65537 ,"m": 9526467698002967846407036707204295616807382074323485738143821162592477987009379274576848296627215297336415546354796476939969741938392203623909101648057470236454888839926653999915013494220907075032207170630359727005554242423879663011105467524342259545579104058062046441528567472596752619274410854554886955274443327191804715061857649853147464869739696091940861344763357777923679604560908691433901193146151672932049489395301428484376163022434346228625563697374210610753173413009788952699671112997524626687220387145030881420329953452499086073620529002520731656367085935250218099005195624409831118075016753659650064849624 }
 8 | {"n": 18206937904792799579430492780590391798139860280118654578611129661522456209549177056396052961264654635686594489004741308819734343428954271122893482174680418778233218684152358532112515178647101214424556426993550461667320213350817313050802144739882192812851228003673036076507720234656941173837828046817397486482564705950486530937237564383601427791437591594672070682609731473645333003421779180703508651036524995139699679512835394373990695986038217137334507062323023959948640514908793517343872566593266277390261261345752973476883326087020230874280850581558188057897066408501676947498586055565642569614791367511490781385239 , "e": 65537 ,"m": 6641450976600973461885028936708993277532113750635035713105116008637735317845965112713075664971040032964529592804442142914062127891060190862716142746968445787463386413745455041200654724949149418403553916052354556678959149752202799815510049836576564926997635158597665621300820409231383922976871548968649713728756140341988809082883445840298778319562466299377899370231961448157778645548135420578768135748096265049604398000261033697650919075626110466270310278120452706231687346225524599629719266816599680185538578826011018357180072206853839329796486117386657083941444588716109865094402379683170500203555817987880580792586 }
 9 | {"n": 16476089309507142504768040329337860372186380944066615347916209555791305487479537087585118223236464077954886310970355294896840860542169060919423086334837397649778416627795798293250572231686238892392154367785033999441025151440704284084483759072290867267533315596547341682278799152905373400938294140843409782387720413118828824584038738161634066425712778768592809659690170870251984988836299215317974245716649589466135291505959290354875133806645012951145544212350003396680228989089224965648594096922219946846033185547017211320590049225655238035025929470305912634741360385733905591899938558515001764352523758985291475640439 , "e": 65537 ,"m": 11616095938515577352119224534821347371121193570948108492263876408342363414684492284745481850711837928012786984576303383171650068676665742863816895269950504793488068963781226323293257231017098513323826453275416668962818219716566240397601813815965327268281037063975166553553150975323774201214439497815066528137564997219272582209190118646355006740753016037564742655938700205534564729686534836557345947819515151453371193776806586208857289780995042238542975078433273762781782412197282148869032401719277821401609416891628873700397210816167860247839296017224006884189856757859644484068818758503905079605190588906528239680771 }
10 | {"n": 21921975169383952114629876615782090228339271070346178684793372702370001793231846369993723757526366500643094666416865743239106211477849765189991320093047980816851973714005011388864057209904546184940274080898606385338970642800019239265759169222352816618045737729097263273700748859560345260749704401923202092767040767119796534610674624330435624007057181519788027935860571878107215925788159591188426316138774239741658121542776978505819963461339306238886823534981931749608202232635125344786787365146614140262545831186485809874489960893609957732188883282966702817765901552749288106259160710586888791541187055094706987440081 , "e": 65537 ,"m": 1959063468924085198871720175850812615942266138553199676927093986426045375706421030035699141474658536022568091587789631256450078092283640849544798852258485003640540192982485929018928703241200468583661308292700974009570592316293057700830255186701750486508989838305713032799934005397855665216501307863044393751285922361982619522918714420661709625180451700521694794321592161291113447699386537952688262575490773788697214289874022112570204958581311924971462146648827940115663594549970925244018889283457250362354708645794495922095563169154653548247238844084708793360514887083926697039044540483874839065603255137453162488215 }]
11 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa2/de.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | from scapy.all import *
 4 | 
 5 | PA = 24L
 6 | packets = rdpcap('./syc_security_system_traffic2.pcap')
 7 | client = '192.168.1.180'
 8 | size = 2 # size of e and n is packed into 2 bytes
 9 | list_n = []
10 | list_m = []
11 | list_id = []
12 | 
13 | for packet in packets:
14 |     if packet[TCP].flags == PA:
15 |            src = packet[IP].src
16 |            raw_data = packet[TCP].load
17 |            e = 19
18 |            head = raw_data.strip()[:7]
19 |            if head == "We have":
20 |                n = raw_data.strip().replace("We have got N is ","").split('\r\ne is ')
21 |                print "{\"n\":",n[0],",","\"e\":",n[1],","
22 |            if head == "encrypt":
23 |                m = raw_data.replace('encrypted messages is 0x','')[:-1]
24 |                print "\"m\":",int(m,16),"}"
25 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa2/level5.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa2/level5.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa2/level5/FLAG.txt:
--------------------------------------------------------------------------------
1 | SCTF{5o0_mAtI4E_TrE1SUre_ILn_rSA_a55aCk_3}


--------------------------------------------------------------------------------
/demos/sctf/rsa2/sage.py:
--------------------------------------------------------------------------------
 1 | def n2s(n):
 2 |     s=hex(n)[2:-1]
 3 |     if len(s)%2!=0:
 4 |         s='0'+s
 5 |     return s.decode('hex')
 6 | 
 7 | n4=18674375108313094928585156581138941368570022222190945461284402673204018075354069827186085851309806592398721628845336840532779579197302984987661547245423180760958022898546496524249201679543421158842103496452861932183144343315925106154322066796612415616342291023962127055311307613898583850177922930685155351380500587263611591893137588708003711296496548004793832636078992866149115453883484010146248683416979269684197112659302912316105354447631916609587360103908746719586185593386794532066034112164661723748874045470225129298518385683561122623859924435600673501186244422907402943929464694448652074412105888867178867357727
 8 | n5=20071978783607427283823783012022286910630968751671103864055982304683197064862908267206049336732205051588820325894943126769930029619538705149178241710069113634567118672515743206769333625177879492557703359178528342489585156713623530654319500738508146831223487732824835005697932704427046675392714922683584376449203594641540794557871881581407228096642417744611261557101573050163285919971711214856243031354845945564837109657494523902296444463748723639109612438012590084771865377795409000586992732971594598355272609789079147061852664472115395344504822644651957496307894998467309347038349470471900776050769578152203349128951
 9 | c4=0xdf0da86b1c4a1baabec9ff00e2bbc0c7999b9e72296fee73032d6d2827f1245c3019c7676f06ff2b242069356947f4b8afd5a302df0585e5285be25a61a4ccbfece4f005a68a4fa6b784cb72fb06edc6b1f0bb94f5046ac7f4f7a8a1f5cd93d0deefa812709644a37d8953bfe29ae5d37db634c174a97bc39e154ba5f3caca0fe804db465dfc5b2540bd39f2679bcdc665268b29ed997fdddecd73db50f2f8ec414feea8c6ac69c2c09a65e42c518151f0b8a7c82752282345f800dd260e1092e396654059ba43cf7927368a90edbeccafd72f04f07303f28e31681da798edac001f4a1cbf171d743e7d0828f1e5496df56d26d5430c8d30eb6811e30a95a05
10 | e=65537
11 | 
12 | p4=gcd(n4,n5)
13 | print "p4",p4
14 | q4=n4/p4
15 | phi=(p4-1)*(q4-1)
16 | d4=inverse_mod(e,phi)
17 | print "d4",d4
18 | m=pow(c4,d4,n4)
19 | print "m=%s"%m
20 | print "flag is",n2s(int(m))
21 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa2/syc_security_system_traffic2.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa2/syc_security_system_traffic2.pcap


--------------------------------------------------------------------------------
/demos/sctf/rsa2/text.txt:
--------------------------------------------------------------------------------
 1 | N is 20823369114556260762913588844471869725762985812215987993867783630051420241057912385055482788016327978468318067078233844052599750813155644341123314882762057524098732961382833215291266591824632392867716174967906544356144072051132659339140155889569810885013851467056048003672165059640408394953573072431523556848077958005971533618912219793914524077919058591586451716113637770245067687598931071827344740936982776112986104051191922613616045102859044234789636058568396611030966639561922036712001911238552391625658741659644888069244729729297927279384318252191421446283531524990762609975988147922688946591302181753813360518031
 2 | e is 65537
 3 | messages is 0x68d5702b70d18238f9d4a3ac355b2a8934328250efd4efda39a4d750d80818e6fe228ba3af471b27cc529a4b0bef70a2598b80dd251b15952e6a6849d366633ed7bb716ed63c6febd4cd0621b0c4ebfe5235de03d4ee016448de1afbbe61144845b580eed8be8127a8d92b37f9ef670b3cdd5af613c76f58ca1a9f6f03f1bc11addba30b61bb191efe0015e971b8f78375faa257a60b355050f6435d94b49eab07075f40cb20bb8723d02f5998d5538e8dafc80cc58643c91f6c0868a7a7bf3bf6a9b4b6e79e0a80e89d430f0c049e1db4883c50db066a709b89d74038c34764aac286c36907b392bc299ab8288f9d7e372868954a92cdbf634678f7294096c7
 4 | N is 19083821613736429958432024980074405375408953269276839696319265596855426189256865650651460460079819368923576109723079906759410116999053050999183058013281152153221170931725172009360565530214701693693990313074253430870625982998637645030077199119183041314493288940590060575521928665131467548955951797198132001987298869492894105525970519287000775477095816742582753228905458466705932162641076343490086247969277673809512472546919489077884464190676638450684714880196854445469562733561723325588433285405495368807600668761929378526978417102735864613562148766250350460118131749533517869691858933617013731291337496943174343464943
 5 | e is 65537
 6 | messages is 0x59707a3760423e57bff72ebe7ee1c884724d4dbe3091505c4910a98479c0e62927b71196c1aee559e54ad8be4141d5803dd3a242e69cfa8364d5f814204e582e0ec8846e582ccd29751537103d37ade89dc5830427f33b4ef1bd25e735f4f65342223b5c553eb0e8ce9d01739d5aa273cca7cb3b0b97826b030c85eab00ecc1a71e278e7dd53c917a42e0ca19356acaff37f9a2621713227e51d955a1f37548d65767def0142aa6218eacf7dbe638b1fd48701607f84cd5ed8d83f45e8dce1d8e78193b15cc452be60c6253b60f81d9f086473d15320dd01cf3b07eb63f2d6a334945f422427799f0fa931a6c9fe327259afd4097f01802ca81c2341fa0eec52
 7 | N is 17774939235727734476462395282231823316715379861046317817345624611911907593214308302214647896057564487337442044911965918475596520569772082614542928476071556136122390374261448355291326190588669749244551087519531171422368536623065559069186393880690491185428295587567383709105850768801137017410381198800859022683589227131366269010664135088590034257411578517032628301748630841116658016753790789190798967047606469455686364849168794826359747031854298139280066439746560927270642678048440102007159097509763029052171630962345071779359588256301900562323319841049233767020148050677313281878452455934508442202524705747194528406569
 8 | e is 65537
 9 | messages is 0x6acfd9706eedb2520a017c18c8b7d4c03465c7bc6f1134c5fbdc07f7c492ed70ed797cc07fdb775aadf43503ee8494501f2e87416a66121e218266e27aa186552664d20f490785dbd69beee20e7f6e402f8991da177d9ffb0097ccd0bfdb581bf98aadaf3d43986bc34941908df9eccb6c72b346cb192619b6f3d3d077a98f08cae5ca209fbe9443c21926a3f7b7e6582cc248f53af2ae2e94356bf356092e3bcdf997353ffd9cc06f084c7655a1212dfa5e15bdcea583474d4dd66a4def1114f970d2713f0dcb24ef89dacc1e201b55614473a197fff586cee989a82b1d2dd49d35eaf482a723b49905fb67c3318705a32014e11ba222dc86c85a8095164bd0
10 | N is 18230735608450218499760146484532016623358017237783892133303889946281353325028048660974643629059097581503124886121797578262726360732413999644447972840219185265497131565690735139036644114004801321401637568257277978213031552985047488709009900602464802789286407793237994581994502840723375856709497435080334051345432096317049479840164482095854479268586930369608254833112970622260404478799657281559442050103172983303242149447413914706845013704444612576387292604996783665745382378128210881511335824984214056196867716066969008817879486953643960351371651401651787086826236862037340753610288401584569654400614589702168410411777
11 | e is 65537
12 | messages is 0x6120e2b4510126934756d37dc1b4d55fbccd0bab7139f88a9736f97437327e3ca04223b133fc4902a77313b583925c297b4621baf8cea6149b8042d85e2a68c6c2ea584088b1b465a9104b2acac750963a4fe4cffa736768b33c68b093b1a96fdbe638caca582ab6d7cd9d6a6bac3ad4d9b87305a7e7c290b4a1aa83408f0a3fa2848c22b137fee8d05e9809308ac647b1f7808b3b7206cb269b791ed10e3ff58d7166dc3c5de899c020fa1649ab609a30160283e851f462c285a8609d7833e428ef2eded9e3e8704ffa1d2027d94a0cd761a25e70e3e92496227f2988882dc870d8e016910250717029aaa187b215759a9b1eda1f40830a2866576e86f7d17f
13 | N is 18674375108313094928585156581138941368570022222190945461284402673204018075354069827186085851309806592398721628845336840532779579197302984987661547245423180760958022898546496524249201679543421158842103496452861932183144343315925106154322066796612415616342291023962127055311307613898583850177922930685155351380500587263611591893137588708003711296496548004793832636078992866149115453883484010146248683416979269684197112659302912316105354447631916609587360103908746719586185593386794532066034112164661723748874045470225129298518385683561122623859924435600673501186244422907402943929464694448652074412105888867178867357727
14 | e is 65537
15 | messages is 0xdf0da86b1c4a1baabec9ff00e2bbc0c7999b9e72296fee73032d6d2827f1245c3019c7676f06ff2b242069356947f4b8afd5a302df0585e5285be25a61a4ccbfece4f005a68a4fa6b784cb72fb06edc6b1f0bb94f5046ac7f4f7a8a1f5cd93d0deefa812709644a37d8953bfe29ae5d37db634c174a97bc39e154ba5f3caca0fe804db465dfc5b2540bd39f2679bcdc665268b29ed997fdddecd73db50f2f8ec414feea8c6ac69c2c09a65e42c518151f0b8a7c82752282345f800dd260e1092e396654059ba43cf7927368a90edbeccafd72f04f07303f28e31681da798edac001f4a1cbf171d743e7d0828f1e5496df56d26d5430c8d30eb6811e30a95a05
16 | N is 20071978783607427283823783012022286910630968751671103864055982304683197064862908267206049336732205051588820325894943126769930029619538705149178241710069113634567118672515743206769333625177879492557703359178528342489585156713623530654319500738508146831223487732824835005697932704427046675392714922683584376449203594641540794557871881581407228096642417744611261557101573050163285919971711214856243031354845945564837109657494523902296444463748723639109612438012590084771865377795409000586992732971594598355272609789079147061852664472115395344504822644651957496307894998467309347038349470471900776050769578152203349128951
17 | e is 65537
18 | messages is 0x1ce7fb6fa4ae21dd766aa2470c10f24df0fb8cfff51b9e30ed9f6bb10c9a26547c78c537631b312c83beb11762a26d25e1ab4d48b770b1f6931be6c6816367617e0f90a254056bf524a4dd0141ae66fc23912bccc440a59035b663918b4c0028c9b7b9c8c959846ad2c5e59401fbcc124ed99cb6615fe087d4caf4456feeae9b1e58d2e0b390be8ccbe6197fa69b708e52d6135c88c2d9916acd4e58c6becfff4d95cd45eff76df80013017677ea7ea67cda8f6b94f1765810fc455fea722d02236bc7ce8f13cf64b40e798057f11f580b8229a505d4358f8378fd463e24aa3fe69d8af651a674ac91e32ac3b8db30c4af03ccc3087c65e110281b5a0e82dea6
19 | N is 21597405814979610996377443329018763876731454956985671856941454253699738920149670911576046593308343448286665993682909149218654376562968664705465609891657807742357205392596437740794305913042218176593478991135576006631116484591954079856017214091539384324090960020977320448098888942829956654576627734110390317713362482984844041244394082105522120606793411195778505674013052037333164184978668369370109463718408851863578899535952755043594925753035877967930701716263362137097630778793218984324306694183270960090264742489578593142651889318638733370042252001630074857161171854688708454385974727452741497933830446285670461243981
20 | e is 65537
21 | messages is 0x4b76d337be767b07e35973ff7c26bbf8f738800cf7d06f0294dcece9a977fbef5f8c8e97f08dc841c26ba8efba8bfc60e692533dc5624dfba68fccfe469899017630414b010f91add216521d3a8bb5f33b20d9949e2e58baabff39790bf0b856fab72b806f7d0dfc6d184278dd12040c244e1dfb0f31cdbabb68e21f9de71c073b3ca72c072f19f1d90ca501ffcd23751f53176c0ce11ae06f64debafb50d8eef669ce21c282ea85e70464ad46be922a22bc3d6d8362df1e1798c3b67f8299613005d6d0e6552638250a978ad0d36d5834bf4fb5a6f852b00e6199f0cb84d688e6517df88df6e6a17ebc6a1d53f08bdf940695a7034969dddf3de235a8c91ad8
22 | N is 18206937904792799579430492780590391798139860280118654578611129661522456209549177056396052961264654635686594489004741308819734343428954271122893482174680418778233218684152358532112515178647101214424556426993550461667320213350817313050802144739882192812851228003673036076507720234656941173837828046817397486482564705950486530937237564383601427791437591594672070682609731473645333003421779180703508651036524995139699679512835394373990695986038217137334507062323023959948640514908793517343872566593266277390261261345752973476883326087020230874280850581558188057897066408501676947498586055565642569614791367511490781385239
23 | e is 65537
24 | messages is 0x349c44dd81e494313155cb6f95b7f3261e8507e5f44417599d11f108c28efce86eff3a2537aea464ebcd6bf5fc96b0c241ec76f6e326d7083bb7ea2ae2ea0e8d707ebce99bdecdc896124df2d15c25e44781c0c30179e4e79415b7b3e0611bf95e84f597e7a8380b17ae5f9b71461ee9c323778f3a5d04ca8fc9f27de4410c4577476654cf9cc0520793b01c873907b245296ab0d6a07af9739dd1134e58dd0726dd7286b8945c5612d8e0f4d65c0c742167fbfd7fa764b54bb1a7ec0dca8a1bf18de0fc59dafe7c5cb6532500be53fa7c06640178ee36debc8ac92f03fb6b13bcd2da84c01ad5ad3c3de212be8fb3c19d48d36813bf306ac1a3f57f6f43c10a
25 | N is 16476089309507142504768040329337860372186380944066615347916209555791305487479537087585118223236464077954886310970355294896840860542169060919423086334837397649778416627795798293250572231686238892392154367785033999441025151440704284084483759072290867267533315596547341682278799152905373400938294140843409782387720413118828824584038738161634066425712778768592809659690170870251984988836299215317974245716649589466135291505959290354875133806645012951145544212350003396680228989089224965648594096922219946846033185547017211320590049225655238035025929470305912634741360385733905591899938558515001764352523758985291475640439
26 | e is 65537
27 | messages is 0x5c04678591abeaf72017e51c76314bdae41df5bfead8ce8d7f33928b6551eaa34464a006b023b6d6a6ccfddfa0366155e7bad11af086de73ec482062b29d718b29d139af590478fabb65551b51048b07cac557c109b21cd96da05f90374460fa97ea494bb6253fa79e4fbb2105da8510362e6fa2f1edb612db5967f828349322dbfa7bbe0251f8e397d0d1d1bfb7c77073493074c5abc9834aeebdbdc50e4772ded38f1c11e03dab81c5e8aca6a7ba9f76f171080ea620347ab972633e218900c3c45ab68b9e5b409520d2fb2aa8be4e8d223bc01be1ba09f644a79d22397c92dd4df94b41d091e543212b445c283fa10e40848d44e988b8337ae3f7f8fa7d03
28 | N is 21921975169383952114629876615782090228339271070346178684793372702370001793231846369993723757526366500643094666416865743239106211477849765189991320093047980816851973714005011388864057209904546184940274080898606385338970642800019239265759169222352816618045737729097263273700748859560345260749704401923202092767040767119796534610674624330435624007057181519788027935860571878107215925788159591188426316138774239741658121542776978505819963461339306238886823534981931749608202232635125344786787365146614140262545831186485809874489960893609957732188883282966702817765901552749288106259160710586888791541187055094706987440081
29 | e is 65537
30 | messages is 0xf84ce3d6ea38caa95adb7eb581bb9b9719d4e883f6579dce20f256646e1b896f0fa6579c27ab44b461d6542d90688a189f69de4329568f61331220b4aff6f8fcf1dbd054d179dcf9778a9933955bae43d0b3ecdc0a63206cba5d315077d4cbf76df55be945556bddf4f4d5ad9b470e9f10739d85c6d3767a587457b956b6efbad31eb4842082d70034463e66711d64eb4b4ca83d10c75b71ef75c179a595078e49e950d799c1ed95025e04b44f5b33af434a84b0c0bce539bab81565d1df06b0268e32bf3a3a6734981be87c96d940d63f7f000de57e69bc29cdea91a43117c73830da6fff542f6ad5aed382cd7b902772dda6de952cde8ed75479bb6d1e197
31 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/RSA_03_5602246960ad9119669d6276d250f6ec.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa3/RSA_03_5602246960ad9119669d6276d250f6ec.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa3/de.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | from scapy.all import *
 4 | # from sage.all import *
 5 | import zlib
 6 | import struct
 7 | 
 8 | PA = 24L
 9 | packets = rdpcap('./level3/level4/syc_security_system_traffic3.pcap')
10 | client = '192.168.1.180'
11 | size = 2 # size of e and n is packed into 2 bytes
12 | list_n = []
13 | list_m = []
14 | list_id = []
15 | 
16 | for packet in packets:
17 |     # TCP Flag PA 24 means carry data,
18 |     if packet[TCP].flags == PA or packet[TCP].flags == PA +1:
19 |         src = packet[IP].src
20 |         raw_data = packet[TCP].load
21 |         e = 19
22 |         head = raw_data.strip()[:7]
23 | 
24 |         if head == "We have":
25 |            n,d= raw_data.strip().replace("We have got N is ","").split('\ne is ')
26 |            print '{"n":'+n.strip()+',"e":'+d+","
27 | 
28 |         if head == "encrypt":
29 |            m = raw_data.replace('encrypted messages is 0x','').strip()
30 |            print '"c":'+str(int(m,16))+"}"
31 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/level3/level4.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa3/level3/level4.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa3/level3/level4/level6.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa3/level3/level4/level6.zip


--------------------------------------------------------------------------------
/demos/sctf/rsa3/level3/level4/level6/FLAG.txt:
--------------------------------------------------------------------------------
1 | SCTF{treEaX7re_IH_tIAnTAIs6AN_s0jE2HERe_T0o_YonG_ToO_SIm0lE}


--------------------------------------------------------------------------------
/demos/sctf/rsa3/level3/level4/syc_security_system_traffic3.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa3/level3/level4/syc_security_system_traffic3.pcap


--------------------------------------------------------------------------------
/demos/sctf/rsa3/level3/syc_security_system_traffic.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/sctf/rsa3/level3/syc_security_system_traffic.pcap


--------------------------------------------------------------------------------
/demos/sctf/rsa3/mayday/README.md:
--------------------------------------------------------------------------------
 1 | # mayday (crypto 150)
 2 | 
 3 | 這是先前跟著隊友作為亂入隊伍，去打 TW-edu CTF 2015 （台大、台科大、中央三校資安實務期末考）的小小紀錄XD
 4 | 
 5 | ~~表示還欠了很多題目的還沒寫~~
 6 | 
 7 | 雖然最後結束出來的成績不是很好，不過這次去亂入這個 CTF 感覺真的累積不少經驗值呢！<br>
 8 | 因為是配合課程進行的關係，所以大多數題目都是應用一些經典的漏洞或是攻擊技巧，或是簡單的搭配，<br>
 9 | 對我們這群弱弱來說，打起來也比較有成就感，大家比較有動力挑戰看看<br>
10 | 畢竟一般其他 CTF 的題目真的很難很難，需要很多背景知識才能玩下去XDDDD<br>
11 | 
12 | 先來說明一下，按照大部分在講 RSA 的文章的慣例，一般說 <img src="http://latex2png.com/output//latex_9137fac0125df890a70326ee7d009c1b.png" height=15/> 指的是明文 (cleartext)、<img src="http://latex2png.com/output//latex_73de1ac8af38ebfcf7fc627715aeda46.png" height=12 /> 指的是密文（ciphertext）、<img src="http://latex2png.com/output//latex_735f8af029197c52c5e525e478b29e95.png" height=12 /> 指的是模數（<img src="http://latex2png.com/output//latex_323ca6f1e3bbf948172ce6d3796dc298.png" height=12 /> 兩個大質數的積，可以說成是公鑰的一部分，有時會用 <img src="http://latex2png.com/output//latex_d5b89c297bbfc4f3b7b824eb83764922.png" height=12 /> 替代），而 <img src="http://latex2png.com/output//latex_5adf2318d23fdafcf4b8231ff28815f0.png" height=12 />、<img src="http://latex2png.com/output//latex_4ed1f7a6e493e01e42932e12ca94685c.png" height=12 /> 則分別是公用指數（通常是 3, 7, 17, 65537）跟私密指數，兩者對同餘 <img src="http://i.imgur.com/vkoE8Q7.png" height=12 /> 時呈模反元素關係。
13 | 
14 | Description:
15 | ```
16 | Here are some encrypted messages sent to Mayday.
17 | https://www.dropbox.com/s/lwjkboz8ee8wz6l/mayday.zip?dl=0
18 | ```
19 | 
20 | 題目給的 zip 解開後有 `mayday.py` 跟 `mayday.json` 兩個檔案，跟一般 crypto 題目一樣的，一個是進行加密的 code，另一個則是相關的數字/資料。
21 | 
22 | `mayday.json`:
23 | ```javascript
24 | [{"c": 6867940996691870031530411714485906844552818193325528906319305401428815108346680759433216763381096732182463314446219239703961679396462026276373332783945618, "e": 7, "n": 24810910852704603048663349011054669655631146433543459534796438815331335687309113943583212235150241971378068933151593149818684880078674098193758773603399061},
25 | {"c": 1117905220184329685115491669660129193823567641747584717324745389247133369892051586020708442213591696394252275224109800066498394464330197218398972106358012, "e": 7, "n": 47127839105299361033791208737798899776781255381503030381686909082155757361019104103280620540716894699133142173100175132195577832323495741588275138089635573},
26 | {"c": 40118076943735337559537379692982070943921515348000211097599356263330760075906748374129727526740438883695094503103029124366037118931371140019302082751801200, "e": 7, "n": 43134291711046821358455351358884087777021003839470296505990450581706219379356272391794220129036895199873385802547302584174011929423801149992868607229780347},
27 | {"c": 12649076592222649371192164869044025408231371717627780046219346377852024544337050152652676577122342534868958091714335614555475487488062150879916823763757293, "e": 7, "n": 19300838921149221007298944887478599082800229045219271606272038103970656559943914197281654158587468730541828306489197866130025079021184391333521894567512679},
28 | {"c": 28899089935435267588235897519846120393433214114341521238696384122507316899457327055029546972333281452563984838498862225380416594907544057513529315866966881, "e": 7, "n": 30754121488827635692971849599267749375077949182550303145729325375314926401905783830931628738658879320179944880074582359287457299694791345311565979620527051},
29 | {"c": 14086629413855672403639830676118042465846020320143823318815048070368505684208141652603596234960968703217788472960409410744177258293358579948872603962777501, "e": 7, "n": 30430477983470426195631142659668071772256641205525929891985872996115858010744648779370983539942187689192406517498678966428105726004485493523914299389645977},
30 | {"c": 20049299207588955907155276095787913402589652379134151403340360498371893119855957833576443856534037886298731701974026748277461327934437483689818240109850533, "e": 7, "n": 35489275126536805974281635942907480463916089663069129771420548612817920902692423639961709000309976531819984030335085090156962285880892504720123765878938153}]
31 | ```
32 | 
33 | `mayday.json` 給了我們七組 RSA 的數字，各自的  不同，不過它們的 e 都是 7<br>
34 | 而由於 <img src="http://latex2png.com/output//latex_735f8af029197c52c5e525e478b29e95.png" height=12 /> 的數字非常大，我們知道也不可能因數分解來暴力破解它。
35 | 
36 | `mayday.py`:
37 | ```python
38 | import json
39 | from sympy import randprime
40 | 
41 | e = 7
42 | m = int(open('flag').read().strip().encode('hex'), 16)
43 | 
44 | for i in range(7):
45 |     p = randprime(2 ** 256, 2 ** 257)
46 |     q = randprime(2 ** 256, 2 ** 257)
47 |     n = p * q
48 |     assert m < n
49 |     c = pow(m, e, n)
50 |     print json.dumps({'n': n, 'e': e, 'c': c})
51 | ```
52 | 
53 | 有趣的是，根據 `mayday.py`，所有的明文 <img src="http://latex2png.com/output//latex_9137fac0125df890a70326ee7d009c1b.png" height=12 /> 都是一樣的，而被用了不同的公鑰（這邊指 <img src="http://latex2png.com/output//latex_735f8af029197c52c5e525e478b29e95.png" height=12 />）加密，而正剛好有 7 個明文（大於 <img src="http://latex2png.com/output//latex_5adf2318d23fdafcf4b8231ff28815f0.png" height=12 />，這樣就構成了 [Hastad's Broadcast Attack](https://en.wikipedia.org/wiki/Coppersmith%27s_Attack#H.C3.A5stad.27s_Broadcast_Attack)（RSA 廣播攻擊）的要件。
54 | 
55 | Hastad's Broadcast Attack 基本上就是[中國餘數定理 （Chinese Remainder Theorem）](https://market.cloud.edu.tw/content/senior/math/tn_t2/math05/math_magic/1/1-6.htm)（也就是數學老師說的韓信點兵、鬼谷算命題）在 RSA 密碼學上的實作，<br>
56 | 
57 | 根據中國餘數定理（這裡以 <img src="http://latex2png.com/output//latex_4fe4b757e7be068210be64335367e2a3.png" height=12 /> 做舉例），只要，就可以求出 <img src="http://latex2png.com/output//latex_0b50ff01cf5051f1539b6acbd5c51b63.png" height=12 />，而因為 <img src="http://latex2png.com/output//latex_9137fac0125df890a70326ee7d009c1b.png" height=12 /> 小於每一個 <img src="http://latex2png.com/output//latex_86c4c77d50772b63f7a210c18f2ca0fd.png" height=12 />，<img src="http://latex2png.com/output//latex_fb99a39a38225c4d80e582e5048a2332.png" height=12 /> 會小於 <img src="http://latex2png.com/output//latex_b6a455b85da2e6e66bff2230f434d937.png" height=12 />，<br>
58 | 所以就可以不用管後面的模算法，直接就可以求出 ![t^3 = c'](http://latex2png.com/output//latex_0974e7ce8816396d23057025516341f5.png" height=12 />。
59 | 
60 | 這邊提供了七組的 <img src="http://latex2png.com/output//latex_bfd866dd6d681fbf9ab8eec5f7343d5b.png" height=12 /> ，化成同餘式則是七組 <img src="http://latex2png.com/output//latex_07401cdb4f2a419f8697ae10a7f05410.png" height=12 /> （<img src="http://latex2png.com/output//latex_6c8bc8685c4da46e52dc9d44c1507b78.png" height=12 />），透過上面的方式就可以推出原先的 <img src="http://latex2png.com/output//latex_01d7ca40c5423d96dd1a3b3aad783d3b.png" height=12 />，<br>
61 | 再來就只要 <img src="http://latex2png.com/output//latex_5adf2318d23fdafcf4b8231ff28815f0.png" height=12 /> 的值沒有太高（這裡是7），可以快速求出其次方根，就可以解出 <img src="http://latex2png.com/output//latex_9137fac0125df890a70326ee7d009c1b.png" height=12 />。
62 | 
63 | 所以我們來解這個同餘方程組吧！不重造輪子，我找了 [Rosetta Code 上的 CRT solver](http://rosettacode.org/wiki/Chinese_remainder_theorem#Python) （針對解中國餘式定理的同餘方程組的工具：
64 | 
65 | ```python
66 | import gmpy   # gmpy 是一個在 python 提供類似 GMP 的高等算術的 module，這裡用它算模反元素跟次方根
67 | import json, binascii   # json 是 python 下的 json parsing 工具，binascii 則是用來做 binary 跟 ascii 之間轉換的工具
68 | from functools import reduce
69 | 
70 | def chinese_remainder(n, a):   # Rosetta Code 上的 CRT Solver code，就只是把中國餘數定理 code 化而已
71 |     sum = 0
72 |     prod = reduce(lambda a, b: a*b, n)
73 |     for n_i, a_i in zip(n, a):
74 |         p = prod // n_i
75 |         sum += a_i * modinv(p, n_i) * p
76 |     return int(sum % prod)
77 | def modinv(a, m): return int(gmpy.invert(gmpy.mpz(a), gmpy.mpz(m)))   # 用 gmpy 算模反元素，回傳轉成 int 的結果
78 | 
79 | 
80 | with open("mayday.json") as dfile:
81 |     data = json.loads(dfile.read())   # 打開檔案，讀成 json
82 | data = {k:[d.get(k) for d in data] for k in {k for d in data for k in d}}   # 從 [{c1, e1, n1}, {c2, e2, n2}] 轉成 {"c": [c1, c2], "e": [e1, e2], "n": [n1, n2]}
83 | t_to_e = chinese_remainder(data['n'], data['c'])   # 用中國餘式定理解同餘方程組，推出原先的 t^e
84 | t = int(gmpy.mpz(t_to_e).root(7)[0])   # 算 t^e 的 7 次方根（因為 e=7），推回原本的 t
85 | print(binascii.unhexlify(hex(t)[2:]))   # 把結果從數字先轉成 hex 再轉成字串
86 | ...
87 | ```
88 | 
89 | Flag: `CTF{Hastad's Broadcast Attack & Chinese Remainder Theorem}`
90 | 
91 | 應該是因為配合資安課程的關係，這是一題非常經典，利用 textbook RSA （純理論 RSA）的漏洞進行的題目。<br>
92 | 實際上在進行 RSA 加密應用的時候，主要是因為 padding 的技巧讓每一次的 <img src="http://latex2png.com/output//latex_9137fac0125df890a70326ee7d009c1b.png" height=12 /> 都不一樣，這樣的攻擊型態就會失效，所以這種的攻擊在實務上是很難達到什麼影響的。<br>
93 | 不過有一點值得提到的是，在這種 textbook RSA 中，可以看到這樣的數學理論實際用在密碼學上也是挺有趣的XDD
94 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/mayday/crt_solver.py:
--------------------------------------------------------------------------------
 1 | from functools import reduce
 2 | def chinese_remainder(n, a):
 3 |     sum = 0
 4 |     prod = reduce(lambda a, b: a*b, n)
 5 | 
 6 |     for n_i, a_i in zip(n, a):
 7 |         p = prod / n_i
 8 |         sum += a_i * mul_inv(p, n_i) * p
 9 |     return sum % prod
10 | 
11 | 
12 | def mul_inv(a, b):
13 |     b0 = b
14 |     x0, x1 = 0, 1
15 |     if b == 1: return 1
16 |     while a > 1:
17 |         q = a / b
18 |         a, b = b, a%b
19 |         x0, x1 = x1 - q * x0, x0
20 |     if x1 < 0: x1 += b0
21 |     return x1
22 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/mayday/flag.py:
--------------------------------------------------------------------------------
 1 | from functools import reduce
 2 | import gmpy
 3 | from libnum import *
 4 | import json, binascii
 5 | def modinv(a, m):
 6 |     return int(gmpy.invert(gmpy.mpz(a), gmpy.mpz(m)))
 7 | 
 8 | def chinese_remainder(n, a):
 9 |     sum = 0
10 |     prod = reduce(lambda a, b: a*b, n)
11 |     for n_i, a_i in zip(n, a):
12 |         p = prod // n_i
13 |         sum += a_i * modinv(p, n_i) * p
14 |     return int(sum % prod)
15 | 
16 | with open("my.json") as dfile:
17 |     data = json.loads(dfile.read())
18 | 
19 | data = {k:[d.get(k) for d in data] for k in {k for d in data for k in d}}
20 | 
21 | t_to_e = chinese_remainder(data['n'], data['c'])
22 | ## modify e
23 | t = int(gmpy.mpz(t_to_e).root(19)[0])
24 | 
25 | print hex(t)[2:-1].decode('hex')
26 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/mayday/mayday.json:
--------------------------------------------------------------------------------
1 | [{"c": 6867940996691870031530411714485906844552818193325528906319305401428815108346680759433216763381096732182463314446219239703961679396462026276373332783945618, "e": 7, "n": 24810910852704603048663349011054669655631146433543459534796438815331335687309113943583212235150241971378068933151593149818684880078674098193758773603399061},
2 | {"c": 1117905220184329685115491669660129193823567641747584717324745389247133369892051586020708442213591696394252275224109800066498394464330197218398972106358012, "e": 7, "n": 47127839105299361033791208737798899776781255381503030381686909082155757361019104103280620540716894699133142173100175132195577832323495741588275138089635573},
3 | {"c": 40118076943735337559537379692982070943921515348000211097599356263330760075906748374129727526740438883695094503103029124366037118931371140019302082751801200, "e": 7, "n": 43134291711046821358455351358884087777021003839470296505990450581706219379356272391794220129036895199873385802547302584174011929423801149992868607229780347},
4 | {"c": 12649076592222649371192164869044025408231371717627780046219346377852024544337050152652676577122342534868958091714335614555475487488062150879916823763757293, "e": 7, "n": 19300838921149221007298944887478599082800229045219271606272038103970656559943914197281654158587468730541828306489197866130025079021184391333521894567512679},
5 | {"c": 28899089935435267588235897519846120393433214114341521238696384122507316899457327055029546972333281452563984838498862225380416594907544057513529315866966881, "e": 7, "n": 30754121488827635692971849599267749375077949182550303145729325375314926401905783830931628738658879320179944880074582359287457299694791345311565979620527051},
6 | {"c": 14086629413855672403639830676118042465846020320143823318815048070368505684208141652603596234960968703217788472960409410744177258293358579948872603962777501, "e": 7, "n": 30430477983470426195631142659668071772256641205525929891985872996115858010744648779370983539942187689192406517498678966428105726004485493523914299389645977},
7 | {"c": 20049299207588955907155276095787913402589652379134151403340360498371893119855957833576443856534037886298731701974026748277461327934437483689818240109850533, "e": 7, "n": 35489275126536805974281635942907480463916089663069129771420548612817920902692423639961709000309976531819984030335085090156962285880892504720123765878938153}]
8 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/mayday/mayday.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | from sympy import randprime
 3 | 
 4 | e = 7
 5 | m = int(open('flag').read().strip().encode('hex'), 16)
 6 | 
 7 | for i in range(7):
 8 |     p = randprime(2 ** 256, 2 ** 257)
 9 |     q = randprime(2 ** 256, 2 ** 257)
10 |     n = p * q
11 |     assert m < n
12 |     c = pow(m, e, n)
13 |     print json.dumps({'n': n, 'e': e, 'c': c})
14 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/mayday/my.json:
--------------------------------------------------------------------------------
 1 | [{"n":21778816622407043254249033744556437773178718344170907687035355752306254181495272254316323076827432323583279284697609943296234700945010885010381052459024155936090811012664924674758219163065019349740707282354505096608107707774970709715259835448587834080152409078047162951805940071358655938727249679105305351838950073539149057650448964397736279148746703675407495243942505041731104580156762842345374978325029947055323567120523592936170640156611551704828034384851988154353272897487218723570180022092379408219114849763765186588476489924721044926152006318666687949095907516827647042434514271847608156543261745856327152256691,"e":19,"c":6898921523352482316367518398442267634376251850374623680349467966853880304694886901649581738681452045723891540172999820599402445058544662323034765216711209250289878330726838115343609022406763393163140068036299286009515092983919449391495043168525824344854648006979702352215321913848527085843370332472775226427140204969848150525338752667783912712952218153738072859186124678429022054457700638764587316770132066288343288653735386030886970200086778155661564553591240364750111940536912403780751878915390969163712013858340542784964416635799577698531293507044826805530540120328708811859974537858304296139654641997971620581941},
 2 | {"n":16903196746534976770297193591563118819340996326353278926932894774572875445074235633598238073286562040907331827987129504332575088363961056320711957070361568300931751447818086187098450831958791194454471761207974960285694400991565796076896861484262801877894234189007108688232929103575715501208714450050820596757093532908538335247758665436735062990069823263343612343383280128868367115993204155509197451034689222789081909649433189803691801997724286399861059723879464142218791577045451380036235131262854852861711356480129365121825413631051962999057782796860262353799309363207995917585708071851074274505668412220771866627801,"e":19,"c":644917346958337353511368628230168709121184047618728491377463145010467190550283777148025911732268676193204746892957938209964091009001499393827852731486194468974232686515969800874573647244111142196026847609398947778020793312974827555577371143016931473280490663570998106844999564031322393565926664764356558877488845992749543497663501930213246984037538497917776416370966705204365508286338995278265185251504894458314847091439946240110992959271288258426621646846816640931166628086735078907446836790148200917845789886605709397229589171507361786224717118572955402542992097341344675408272470020806404190628206096453435062599},
 3 | {"n":28265280613183354342105753166996328090546389493099576671064332905506043149645894359529530572985221453256974871551423452437262179254048995385871426911106523040024082014701860288597240859367709958593683404815121262284405370456892785825244621855179713916387058136808290106777122592782679759913015048141455589449020109912456204732596642195119782747444413318147656712489309539304507463058220125712352312270109971524224764775787216566974066782153169186108327462634247269028163635556628016922590640886497451631819173964909716933392801888324681183442906718285722236884230908714776131247765432042336528688391266197013577846933,"e":19,"c":17922535082858613627977737742215131940092523605510219392464552171173547778785785258718665770452746217649406220264502064596122304044693490572463057765265192788378812238587120234863584689048975385894113116360278039772348405278524108871629961875628750068892181741138286885523596910739703331632335212949027589164972724198314766023022056997293021697312078829910692611851974971540109396034374828537545727303346905957931682646875835496892423870609851093161153405239209069568602749544991996550844917100686568329625008855318827589701181436597357755500084155805939091380869199902403397282792407816178315996255973863771199915011},
 4 | {"n":24987127899477465012251233743493253536476854495637178599192050225313102219411387898487200182441114487612034816488014846231399460666971909474486058085384163710434277132512228943824562960928753528438748273225337688628804876346934893738809200953670621279519453757412491449591854561780627642156687194962761756188282130022320565958645871385780190162615031780472674474233554299969022151520347624742464620679084328782555875295855846135397397113343536139827427341184253483944102522989539698394227074217940278304502858391155867844668912171244350562320306827896547118036618397962042775133094735525961981341552292221448084885029,"e":19,"c":24042204692717750375073519835035563466754959010859277779357682942800867860370603393939606712931010493862940889359569174187082623928147505736655137716540925618796432000183832702127239433484829026061488153155942490967890908805683239508093945407176693680101185606523248149020016600966677763210071952713771070230859779279173210101595059867770046632083679510463448373061777768019103094026734725170280424793388888530137690290182756620640534706377424449743265160826436686118730813950559275521321919731842129609202030577016013629214466064781269146917356753909889109910278040341184081970752123035773606535194672301533423340436},
 5 | 
 6 | {"n":16517102081052861630895919001217675526698277369300591711866049102573903641338088651465353677681314133196137354591046807286864279671925133798556675780456365747859903691818373002538419664235941077881320873723974912890141942864109366960284815031822877720076646042209075936969869701929261677727681050077163026469462157471618274966461347360748386423007148375581277546370022280825631242730771828201301160075215196139318450096889249372085484891067811333463883782678293168327177450855394281994969889305548254268708625415414795510941577246484314728636995608221724256782771789486658328851046459586540232884627529177340560416993,"e":19,"c":10452264611206380895502461195902725433656172118680546576063176352190498143280223991796803163701460661745134845187220614962921364449201367796955338471765037440220874042395114787982271581830776738390691144987486100141239111423372723973913618454824479871719410558793728692489161028990076055893134844059897955709872329576934483081010347855381370928228817449578316569155242146176370238823659613672081164821975593526831584135104392807903152603947384628823036073859290221667822231015474727554763929603850751964998772786601516069402589290834749031168817177708848092842956048636279041074911720643161822044900177343428606560715},
 7 | {"n":23846860290279092907572444079539617462214354239782236629759070773513973525414800313619141664302186747496495971163746242055682769265827639472645512416038516482082192479180022255538780293810541273933187169499865844979861261417193700451844441299094590593715164464011149534562230605044072398232865628048059788633187389023568417475139388654021193716658660041159730755563837795152394878078579534655463322616283839623641180779934135529522581271802799149690558550140547741565135720412155964520008772101738405928224251101453422360053273769367642925204442743550811319417756071808630071840203875705299338612909277917097442575231,"e":19,"c":15438573367980546899411469831262554321716625330473541928737354724764298049318171960158271569777673364866920849136573783206585666248260160754065019455326678340354406024017900626179763765010409693145541405692980988544169474943525240828494497282713662818934621304642089048429151421225432071488547417445294367233127459699981695687657415331820328220442387870876009783049627759453935015306450192243998661088428329553312614066422542767799677107630136457339196300283577052597311349488824243602521325223614379636505576657426573528636441051845280239445351931894671325651957634159913859496443826543994354133713665506727986908570},
 8 | 
 9 | {"n":16253121383768278209005558577055644569117707124854929186667128310606493315013449858902615940095488323028876191616816961215480161502334848550714559842262203333048521009972976254796089176241431933391814530903987798419098078087110325298127023185881308297696190844006356371502958261262318737874080358501446648868436314810687974775378172524379297271535579000788274835896943322448320754626535308836129262616406664292901764961851722791991015882750059327988224491748375219523130042075320130650865135318796823056748272833680628813950407501372466385030092017640922132792751107909729923267741621440199097930132480628796900772029,"e":19,"c":13848299090243105393769023620431119607281293241859534330398165884690680599940489251703001966380965437760250480654675951417035797292277289104310749112567702937207419147274538915929482667581044153580987253488834126403487037359201585075003644486768474663768966782093576206949406988705430890998013000643530464156810935974991471956372086991159943728621017385758022429378371761944717268461477739831712045989207822081408017688999813854876855444100019554143123575105414543233058419572336410450148695012711773255272241266524545690968949872835483511020846011863309353131143892382960011655677079795896125188075865350902728475829},
10 | {"n":20290309021976181378150079070647362877361051642116884020698310582404348426365349349830932277074553597811144356035164416874783743981763606447828375623172664133086570212409720630779251662198484608733581283249766121177416927096509366175689816558284636310339765253094030229680886254669960511903436585522016222678724597374152265027493130428700298457508264585197242398693292101535859643883683283228422929797265173483141156963526966092200813029155535719102888182314267564367377779201639949508213735381237773042753101422482552209042450075752883511314469026255991162957376905635040303277884398802599054812153590799774042488237,"e":19,"c":9087335584065643886677005905085431520610790621180029032261173085196586441340442833350933799954596990855629088480007383439883314860651516931486062803257624657331463712585091801767091119951558652391489397231442640048417105309146928731797656572957058431010421428630311710030035284716959029539775615138989235398482150532614129311348288175656759135123815170566468363269665294333672773019537444092595416765925327572876782043880176958395345189241662905356743333635551107596081872736630936229789451719854865254485848063728094286091104342929811927674096850634636056722245699665233189756701937605572188886106463485713932924350},
11 | 
12 | {"n":24318293739308347213079240931318897629475758007636953845697423973047760974896821730716872997882728166077874860101084256173936300391518418843018259609362471240020891953344922995571854332425076721361761155823416339736617753479873947815911700571886068424319666101274062537135986686198448291523526831919231309046418709526942081443652930546060758807699063472901121389294694164314428552216115807784803759664471770162896322173399815832732844819985897349926942832673618305532813094961669876922754219436080392413448963260311884490822861732752909321638280022645654810271403290958260903318384943003470764808099607444730775850977,"e":19,"c":6977010978468800539032179352330645481380190000505976473163040290259798762570818873222430105766116144611515378202984191845431768999282321489447582326626967348135236062276285258502170797322282129755671097410958230150840077561109777004430015106037111401492151302920769617496443535507175009873554296442006963879453677448883669681414559823010411706390070077001783242274684864066498662825768995121744661987684967504674312201912778742494955012012344659981123306804383390692700421500361367610669374953414507338808989882229827125843097194084613549337654560838718511831201646388468401703822841519542891786955818116384162533393},
13 | {"n":16767369591676471537411283105560692097106856689402131801972215792616408134559976771743130058361434086714770802148737506939664570683450741935689264391158401406372136118114570763009411773231927726730263665758441518136374811604790203589734839203990618958929058849509041656812300142186514602133644716549714328026432640542797308159792476463973843503510250484074033909180332466382455960693392142248674005373879029496304626751064305166382888538959190215229722452450797037929073904543004398559319989715734497042785049819377997233813308055108035958732985392827704742206908811830255998822273272225412690773092101546168169226819,"e":19,"c":16272128147231720399295289696425159746603277237717617848367325121974695917728961357965755794905396324109039206226332144105115072212464939371750968369619273412395796946131869853149657184051848882514611512545847463762347131470818732864104007827931228985815183032631387121671408181139087306312315404000868953028736412389331349210219631585196227065189641487006986882529223665691790799636630080422573696861026166952617338042401066867725195851781680542773299141811401542530052166857421707749824908046791503616171578107236730940511942044595581573452646205849945051653866150628101358362549704604937381904754798966408973424770},
14 | {"n":21648683502998984705866045484544947641100049872713930000863461784192971714383405382729380364813442059921949950269832215961206992010283135651557788608887439348339240389301966222474702327024746998115526572416766189380119518840255063173477318112489526882961355833769916730074219503525366167101177618366403515625636383142156974729031570176443105921652237316791996836488270564442297923460061659842496051191955963907318267799798504658035464886798097464290990706264173092815972652707781598809590103021822291959985975312561624827085690133099378114061849520500494476184201456743692991277561917289123442703987077003912051254473,"e":19,"c":6352160842609865040752884976997046876403808441071577518327479828316031714378112247847639729305001163651582387477773432665286778541300701186896712607751067654468996919000452984556675100887367091339352713860454796112616755335788377963122280755448415161302768755602098856531193042257061331896543289612138148840948053070457441937180141629799978377084680440774572719052324791072476869400829492048570665823919628995137981763291330614317009251414691068900220279523155831956043402503068169888140259439554727792596318840312754714949015779660375434708994583230699351635226185006801358382731858157835428746365063529522629219677},
15 | {"n":20724767138767480789498994298180270826474867340264049260163785892907430402804218092022338747569186731211486624552452459080681333244461257729270209985208605897018675854065012585533850704650069878363901187359565209404784010532316397910749437579359276642165787498762432075769088961395447855627224959523061844885375539902930820684607575955490491526386161219430904177417445996609987094669288549224732682905930495022194205987692082118583747810531893061045357968782689580940621512543149340026440955519419499409282989934863220231218154774655263793622174595342915351690552470553775562387235255548900912535073932090872225703057,"e":19,"c":9878930680291736218526811029092838153081047270094368957506805924946863313095047438879773539586693995892403934059480671047519594986939846580205503593021528962296612077680607793604801125216997944461507121366182232785845697572766233907236182655684855156364569966016385297667805389079682544805290351786557556491150927685546505277750281530917943606706119017086655184786890124267741120625644301514614692296860643701414084766786241298503975121380626017704913988337864679687358129485110864870287124750281572212275001854064511660163700669988760801653167396881878560439288279169454060003873463178501570388753263871037885011972},
16 | {"n":17212295439640377055688217979984966188585299016873359234729084493184304625628968472723004154564887269917061351983063776908774119426411714704687892967543301227423731385323880537283235940428456928620552423667793662090989179432831677965493935878867379869711402693579656408872825837818475666783698699885664597654744848985400925132991151305007305023587591892065687701737374884121128600523652409581330661535968924899805804262941682210140900815439466983734237563778235377066739355624114219934834825916708748496082834506423403378555482105722324867025910662705141921743047391704562848651183325027149054432694683572014622359313,"e":19,"c":5247320314536195494046884760963512252983054415505579235937243698295405600338834058823262755217841021255602701580701332762263305200525874770411030873174677848041193725721703571941620449937463309069293914144444453181455060189583904160452997878555033570135777543913778666363115353455433838348635594859013125163157328242894466256009054692601758554790024293546768567569938253085662662839337482575259350407407722310136048685727897052525115256238595620889532642168313924181484952029983087882108542319965871493560092271310275920029386702751228090950287392697149532943948404262457116028490277589309494963687377904578017168922},
17 | {"n":23472084745304537438905071529263024519722889277035896476683227577770819544818596032060798859721968043031781686415577272011705809230515019335765899132906313745385382557516479043323335745414952409295722882945395961430938606533533929117934551622303375595866433725626122966500728243718957556236260244044649471741774062107054178507503595912884900120045195140751307319039397273925472618110765991503036390880137235899571639920592610193895790603572008709664626744807262201364463031075469046249809975209872344454149481525610270451281388871236274366093215907300750793051152749369584542316120901131748833946863340674324510840113,"e":19,"c":21732782799066740456652966582449245266074922395158734336735732860690877093511433545585017156276117986247517056632131058394802092177221464201313978579202172865045796811260425185394345539812295761133908354787916154199065767158114003146208639629531085059921789536083310655425164606727548745882328641478934255132197599967700713772552085702263754490212068967690534320000103624107277269946917219668606371065571918052445288337467621286113922203481445690866052441379176687258225930174014675572655774559599077769186797788297925945245980369725914621951766627121658068983680513288008265222522811238742112134171793932444483260926},
18 | {"n":16966451712809405570019731700441708658117157522172037602215253538847704156034447243308997644993188593978969328060823028085625093394067251034019534730107585935365736610970376571337190453031629257247350588200661044866750469751891255339636079377813918834503866490352194434851419800977023620974886628642857558663003924383379088864349155389799474130189328454296627295593123465297469526418130015195915305128989852466829730138443688054686459477827471793857648148054429381404542122378207762553439877527124241535549595614223333073179859071395110332611349804722107130361840138060206231273618825678177660378229205324373334941671,"e":19,"c":3259238468008576194114836800268270362165980716432315992523001104470535942903355773278751403727146971279276487675537653339841102338041497579155299465288517212742390100894490118110609038535162840094564846390708212902311282171290891672706356411593267106406334992380743896942892800266063633458597186626651625892324082432909843580353288085679630689233590861929070805404100541503966877860032624721273826448522411695245374530120576182554453022076490323387131550695106228183361913917717951889293148119662495054990996956802015030883900644377598730339268015896453694895027664408661107218374964612950989511191784824418650845075},
19 | {"n":16371772865482869886487545751875918720227349410350898523261337902433007760724960134070658859447185756919127716802819962207343430388160650608047149901674641208010454873466609600454044683586479844130564525332317252829669954436437422430190710090213393780435449488077843816300027728531084047622538708365772411064244675667055162907660820768433907282749095458015341570802297559287990440496065051486970127291015435906143328670495764979798317390225405587270445353337087497780300666784521757559677764504161208852136474658460018703444718680426309315497887622354795698567555861658547811403340467546724028577910903558187895025517,"e":19,"c":7764514107962466620838247075450113160719198471588196512106619309007683963125023626515820450740487169848709144870450102300903661561142599999155659741290737861573436684884478084881804030921121230869059893553821459378208749568371583193435202550434659258095048943230685606813778516966610319104267347689422104777841581770869743630590768101900007732015428342686030138365685245727827044191643370607257388682124629816646448451900034799533754680094045946511390948280850728702665733288490033931387986379394406921007784351248207576352181194445919021032710103609625648357180079796640748666363634498275264293994668846878952201910},
20 | {"n":18739467511848988131315883128122206736146672097070557004405077164871943414492542793367542772456096079622940115684730643882776615896515435624865889149736726304993972099711596725868044429964505450412443901512587718466587820372856736565262541517131220786373375774076290256061254661574959523249922650103736767653244522761962914935575618046253094214681141427180945699326806416209977311843049385163987916124881945471029756498039400006754155122103796794625674692744195141047534340245381998599639342203042620610562621504363598354386979425884092857465615040878510573038208953817381038343917618507732344741511873852562526386559,"e":19,"c":9341514514299804745462859675542524194704978129033561040081906063328749393066000224960845239846687476384586674012123448587759478468074058765099868411320366788590005923409862142588804956974482485119913146590048119106451503637149894798683726688568488869856702509067975547318301275299238073238981821967283018805323633467255805534843271061392391317150034630587934113725014720688166600199870324132232823336291234728017932963421757221296339132560720730310767079362758142793940157423674470557199802000826383042843004608268453909807518659604835074301469948000245435332693123523346349540745609393224721014702018536068924360743},
21 | {"n":24144341786129954104766079581733537330837102620507111869913290242909722665909732313693428501073644480388840032874928561102010577421641440630875810610561194025475852397890128254251033410935030136931440682117891617143329677926862476615293629003934739648788231326944914357662125163281241165968692544703336639661017133788173441091047645030713078121901474517242196220495605264434833134024329711042776081925978969773964654993763988354885230878890003264935622882822509742717974763221877362961745927680965748429304078786377256344394424563202564595728201265334810076014722298402290831187834158701977930586972158865356896878873,"e":19,"c":13076596336972939302059367459486115973051694993522678899840237833286508229012221924705767106014136488717521621603913477486340126437319130079268309516834356527207411763999677202788605311521418786890586365430940152348972320796556754983174999481469496953094663524083104498731149962463438812974659147381452756784033183241365823620753524178309494573221268314127120823359387471827183445031730830437780076935243838570878410644804978587907627665665835524538228673250695675238159228012491918832501859071078927269717567459618188502544290817647384479609191839771228901139590445752193839416308747453760573226757286992956410172216},
22 | {"n":16247040679920031441664101450549224846915267128012038160169809988022529023260360238909951721143041506098750506786632479804873106717283201900098824130270193142897664876028831477060651707441899218915076467211315093002467718126490397764923781336660386278054000174333959286629952650900709358893976405952107976000248004574231569517524507462786518216405968877173286766785131219930156964443010273798741079176893106230378140885773941215693338280227658997239881139017743508178569400885510195501403324289981396077715264056372600615755225462706462512671715787636455440243582040421840201486300867068118821338810860117202506391973,"e":19,"c":2559049186979811047137206814067511585581975255536955114996770210589633010788166119047228844248146046113106898910231378898286390165127742754252420256148601769084535216468149172411466114014590127426902931574155939848262149978543312071490427394462989764338988446022487087108328611760433202975612913114585558424565978546737131956409420504496302224033127911437825054802201383665225253241006307669197154093142326795408971499101991572972514864834281636838195442827457560418186215599481533116920252806325883051149964236391093902655593374183033906158833669371242413986911699352655554500202419496740151521510818943466325995148},
23 | {"n":18551012655167926464387770233050992041279846989528863834161102801461525909041686843284937371832688980356271778071203519636639066373197007130811728890790984815578763892813131319090045053393183033738145698478609343317261312831760454700959756547277631900724095039747673433562196539586274971886808485264355019830197753253490072205982314028030552566563457089010319394999259879331693348838824426385184308020734644413336706840348430393355769529711286087755105943529953231252927515095975878110907343949357033111430713845084941976511518245681531713980631560482036988551039137934572569534019455625143056327345204129235038932281,"e":19,"c":13486955544343601108592897991975718043066455977630352010172318038507385424304313616591905547944570882248516862409520963386522530763301793854861394664179307663293318865782740233840669876199920076765009107221719739196217297743323426780879931443275487473678705609160154397463485342233471350528442162962031475908277312419080918189235086660094770679371665046109317358563317730555011428595466042789257808533987431158319946063953555121628584685062884214074372095581192511192043501929527164180738244818228867726897759314887170842097234524597246488869852497219526583077772979488516725771153884553470761604746694091538901115322},
24 | {"n":22970054162939118362445461906385901439221833049069290764726458403981881590911408985071089915137383136981861486559612240193323004875531479506532933874191827230244142365699779672563892554369800432687990439547057984097138200118421515362503979452326218214213321824595316092046539247639346347874744608465484205324020992798905568751701806473018818314668698663841670163178796042710128542711081575701259392887969466760429477196625304678039933447047554550092450130934454516569529246444043217414963440855561480781027930049264349001859267759734412856962206268528357858432389642710120143436757447094624387962152016825294720909759,"e":19,"c":21448211642603522844129042910113394149576066289760676710309383182112781511909068560989293354278121959297147183371620582439368021318402615790901113989495011801126562792525824719926561883003452148551950569056076910193996678744711048178649102033975558464196917310865353041227505182803879380986821259735645339454193193498470943782915659974668049950590578452370554715590373585732461681280956724565299906179366310006298657065104787055797590641881861647053169573535161966861721796315027679513037571308403189936165966447259579250581259802631990973094150871543766018205549231397431087906374681564435044744409799675570442093009},
25 | {"n":18385820490756498630845099637385884526289633356624061254787168690401969931484681461188238787710409651449815539895242285691598875337594287806106085813960118251848444451513534016769456481162672885262204482364949325534065459367850614143232825000032268406437960262370858480554819685829353555690184818798267265796210960337460388505948631071614525018398373865470392241959568220037734003523095913661855071969443595963888197246706817509173657520972643733504829106254413721980414281608033521754216197444688277826856307631715943618612743630197485621043314535237634316401434408628915092182191743880308408307741099934272875651987,"e":19,"c":5829822075577552223427590693600993372609671959659191495894299430123052332287890097275082133815186114356890856791785932832645402918595564410093839805826994953667553636599718386167634596195912164067105946267778173141220653088744196604090691662699072666951298465825649821268882176987991874424787245439616389516435204169889868325902106787340639575037257607181810992487037507123107351463441828552589843001168982366772726749933429463519171872003678333779790391369392758987590518292410516079206070606632240364834496840455617379366862148050513573058999158901266314061023265914031987565684676574164998044236678949384737104962},
26 | {"n":30281916388128671870608358127535508597253256848916166571387928324968934483079979882958925265663909078201971328202390856034300501395073515791314797688655243947502728491379898802971897808837840821945579155914942010654535449237742856997639563715044751146534481040770843626744868141893233703484246867149368376045028319062204568784859614394313935507160274207492688072260532253254402466876869799765679537186402458205153674746975112358763817203043791811771234907386018301357938440244542249616472383775389567763247682438890144872967598891063447307931793385215729678598734396687216166714065075625367843216251707716025103121803,"e":19,"c":3594303345238581522179126551185218723667555735494472552037188596602881972859224024706225184302420389718369254569880871082362090563106883298264650587196991572109215768560521708310624249958718860632037253832557780076140794633476592982267090417349399722063272721616101801810007448645178196325980902067402939365968878786183746392863588931127789735150827118282689495109117625180978492378294636496328590511435365068123134669891016953452848054905305742635777179077236015074049042048595222512399991149027913255110712273889015551375713082279825307281170248651381857110275515097443920394175699670860992095247347969824034955970},
27 | {"n":29302741920930971715958962931573693059214518175682972760430442992280718862916019621646166196030902557965543474818835511863275094220355276070528714707585419430062500161905041353445117189645307421983574773148466680558589247666101162735815101806414923256492116070184596267543276347976227842158566607582950518639772496229144254482533666634166391371264257444271707628266235679007052272896293396203478855075129665555759478152254177633460469433113536613000536250110508669033238938059179852830430676389056790930463587631527501924598301620386168595636653467177413553747002260512852330933153282102780023107271182594054817150327,"e":19,"c":28149821389032881160366073126479305619265828215455035536389334586057922876138070049771512006483183328334604827449091697179285788254144836181433153556855790920413359988280868772753281268613143856697003171231613849214730016298539412674467920383714160820136105435388420830451556918573164624856061329675909051987340815587412101340257730212594885199255863289623324324444100130347443622277031575424270389580931667663568208352782813206357887709393569070021447705500061724703543129044258333550506364718182669748746235780961087966524147661771794953744273748336792955257122595990994862776624120243058386681003644829452284769646},
28 | {"n":18002677742776908491528820233798698716107011799507861113124372495825515833214781580140089594386320512697247643983138319668973871589664314738547953119404190410130072605398757902275389560426168550823398009508361292638241394236790974970017004533432395617773751028770143238013974085907741503747507551735924429318248324672570812709561078983634491336294143952871625167165459876010915038650749052455741224355512827413964858171986208251886493588084872107655861761108227052067451000512173167165942523219966599268848053306963435861831476981263834887084378049610242488632853018135809263417506963270646733008282952382101704197623,"e":19,"c":12051317184064870446801783238040809733734296888328203005320059999514313433419480518304787591705136139007158956444250415047078348059774361129021064760123950225721234829185871076033218002570937137296304827763723537269924346678144035973388679712062229522628915839664747144886476394976153342916990931060787104131876359507522738439875761254489969299593002694734034361581795287841082841008405483290896856017334658425292542734432068907208071963533572768008871225176995184621525465597357741362475632574381809900967232923489247744781003006935988208660166784493631666839335440246042964199342989562738112419396555790231705264363},
29 | {"n":17385690967504874659081285807736946558802244288041517042108187672717379329178334496113160801574061465138366148713819592793313683421378505296788697744253648534794396605589753247977329400952848538474618734955207869156808235956879088972178608461737991738408266236322270202640427889796004224608622994615228680554574643862617952688587328074362507938630759071580461843753419996970640803730214623839290577017432774968863067141412380845128948858377887291614971097504289252403156844418437971684066442327908124339274521445039556499162318560060262216457443382532574565448625519147347488322047325049345604859921899415787930385223,"e":19,"c":16994384615646075930257688989268571289560193657854387498992631594051187772112394291404973779595834048472382353279360106627429375523337737971063201175870668194987262934383689165535523006912103157205252216325876609708293316777714450171762354148631543422857671055793512979719832442907150539742770067507266373274166319081127018260154027262349983117770604926119856183885121330058278601186031641208816688157641479102281923772003986328809692623362214737478029925992014375045303294733350537778643997418139947261096117095868105327504008729728000443459636245334571840734997451909878788492452838693575926171411288710927461824362},
30 | {"n":21446777415351130147205079896812556144760341131980328457479211003920073547260539842798513238830248313746258553352056758211664220853535491930627715523968038760195452541263513011957735222059270748393755128054967152518850258728721849032492840730694348268277142780367080820887091814886510650523980239380065481822201359742013768435513266872450487992120704903800015695988761833598968601324518342875868803367429998381053968159622275606753821391388526250039179762891270174739748949131134511023830818079526152879733526623540609875826812906910682843202162617139159412105885166373294774501512523937496573675355828762858800843247,"e":19,"c":4657243083653607614614230382640288872083838647095679028584665814081828988411503337052912554650349656422525870719287504203834544428225698091573684966399252453289152035025280503459674049609438591300205603205258456779961842337858854930144505132538988089574053659581682160606665823896609237578396799503571186414396102719652560704234959726272629739372508572974552587617805750704807802459994973719789716089355259958350957941913402243975635957063739378792128043953059474125784037490577755729983500038673087597754791037694222542266104037253065443522930375640856750690140913983540075235782272724242714376992376483103631857163}]
31 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/myrsa.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | """
  5 | ----------------------------------------------------------------------------
  6 | "THE BEER-WARE LICENSE" (Revision 42):
  7 | ganapati (@G4N4P4T1) wrote this file. As long as you retain this notice you
  8 | can do whatever you want with this stuff. If we meet some day, and you think
  9 | this stuff is worth it, you can buy me a beer in return.
 10 | ----------------------------------------------------------------------------
 11 | """
 12 | 
 13 | from Crypto.PublicKey import RSA
 14 | import gmpy
 15 | from libnum import *
 16 | import requests
 17 | import re
 18 | import argparse
 19 | 
 20 | 
 21 | class FactorizationError(Exception):
 22 |     pass
 23 | 
 24 | 
 25 | class PublicKey(object):
 26 |     def __init__(self, key):
 27 |         """Create RSA key from input content
 28 |            :param key: public key file content
 29 |            :type key: string
 30 |         """
 31 |         # pub = RSA.importKey(key)
 32 |         self.n = key[0]
 33 |         self.e = key[1]
 34 |         self.key = key
 35 | 
 36 |     def prime_factors(self):
 37 |         """Factorize n using factordb.com
 38 |         """
 39 |         try:
 40 |             url_1 = 'http://www.factordb.com/index.php?query=%i'
 41 |             url_2 = 'http://www.factordb.com/index.php?id=%s'
 42 |             r = requests.get(url_1 % self.n)
 43 |             regex = re.compile("index\.php\?id\=([0-9]+)", re.IGNORECASE)
 44 |             ids = regex.findall(r.text)
 45 |             p_id = ids[1]
 46 |             q_id = ids[2]
 47 |             regex = re.compile("value=\"([0-9]+)\"", re.IGNORECASE)
 48 |             r_1 = requests.get(url_2 % p_id)
 49 |             r_2 = requests.get(url_2 % q_id)
 50 |             self.p = int(regex.findall(r_1.text)[0])
 51 |             self.q = int(regex.findall(r_2.text)[0])
 52 |             if self.p == self.q == self.n:
 53 |                 raise FactorizationError()
 54 |         except:
 55 |             raise FactorizationError()
 56 | 
 57 |     def __str__(self):
 58 |         """Print armored public key
 59 |         """
 60 |         return self.key
 61 | 
 62 | 
 63 | class PrivateKey(object):
 64 |     def __init__(self, p, q, e, n):
 65 |         """Create private key from base components
 66 |            :param p: extracted from n
 67 |            :type p: int
 68 |            :param q: extracted from n
 69 |            :type q: int
 70 |            :param e: exponent
 71 |            :type e: int
 72 |            :param n: n from public key
 73 |            :type n: int
 74 |         """
 75 |         t = (p-1)*(q-1)
 76 |         d = self.find_inverse(e, t)
 77 |         self.key = RSA.construct((n, e, d, p, q))
 78 | 
 79 |     def decrypt(self, cipher):
 80 |         """Uncipher data with private key
 81 |            :param cipher: input cipher
 82 |            :type cipher: string
 83 |         """
 84 |         return self.key.decrypt(cipher)
 85 | 
 86 |     def __str__(self):
 87 |         """Print armored private key
 88 |         """
 89 |         return self.key.exportKey()
 90 | 
 91 |     def eea(self, a, b):
 92 |         if b == 0:
 93 |             return (1, 0)
 94 |         (q, r) = (a//b, a % b)
 95 |         (s, t) = self.eea(b, r)
 96 |         return (t, s-(q * t))
 97 | 
 98 |     def find_inverse(self, x, y):
 99 |         inv = self.eea(x, y)[0]
100 |         if inv < 1:
101 |             inv += y
102 |         return inv
103 | 
104 | 
105 | if __name__ == "__main__":
106 |     """Main method (entrypoint)
107 |     F4An8LIn_rElT3r_rELa53d_Me33Age_aTtaCk_e_I2_s7aLL
108 |     """
109 | 
110 |     words = open("../rsa3/w.txt", 'r')
111 |     lists = words.readlines()
112 |     for oneList in lists:
113 |         oneRec = oneList.strip().split(',')
114 | 
115 |         cipher = oneRec[2]
116 |         key = [int(oneRec[0]),19]
117 | 
118 |         pub_key = PublicKey(key)
119 | 
120 |         priv_key = None
121 | 
122 |         print "Try Hastad's attack"
123 |         orig = int(cipher,16)
124 | 
125 |         c = orig
126 |         while True:
127 |             m = gmpy.root(c, 3)[0]
128 |             if pow(m, 3, pub_key.n) == orig:
129 |                 unciphered = n2s(m)
130 |                 print m
131 |                 break
132 |             c += pub_key.n
133 |         print n2s(m-int(oneRec[1]))
134 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/w.txt:
--------------------------------------------------------------------------------
 1 | 25357901189172733149625332391537064578265003249917817682864120663898336510922113258397441378239342349767317285221295832462413300376704507936359046120943334215078540903962128719706077067557948218308700143138420408053500628616299338204718213283481833513373696170774425619886049408103217179262264003765695390547355624867951379789924247597370496546249898924648274419164899831191925127182066301237673243423539604219274397539786859420866329885285232179983055763704201023213087119895321260046617760702320473069743688778438854899409292527695993045482549594428191729963645157765855337481923730481041849389812984896044723939553,1002,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c5bb724d1cee07e221e028d9b8bc24360208840fbdfd4794733adcac45c38ad0225fde19a6a4c38e4207368f5902c871efdf1bdf4760b1a98ec1417893c8fce8389b6434c0fee73b13c284e8c9fb5c77e420a2b5b1a1c10b2a7a3545e95c1d47835c2718
 2 | 21521147462583685002245732767384194675439380938327268817403378344626876597859289319748426228689348891848963959955674753065902262501248553364588628120769463717793739843735874432061322178133360384068940391730096221902136090611359613516979017448842323376625529076625815792723009974913703923833949169651849453051930076074869660992984836028745907256447204065449815797713438745081153413255537826531881551929245256141830522537130931115375021032999420924716111836794914278424991423405613128907561973913634712902678839917429710731137038574834266739503746008299849273615402143067665955671711387315440103663208590413175355052653,3912,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c84bfbe877fbd2c41b248bd60d6dc64d8f5c49b1a602115e504977a375f01021105a8da1197241172bf841bfbe8c943c303b9a35a664c543cfd71bc23bc12a6d318d63f89b38c593e0d5998638013d8dbfe18f96cc8c76b638eba016953b1ce8d37c0740
 3 | 19345502898569879387743124078682985174600483243242609220115517451777016997259560451713025325906587396964608802325980151736221976199646736090289299189353447235912361463430717495855739444097502037269854611899548815038145332727625610293782360182200738853220188196148593292683058839448820822837445561464459195683437987679506781898389618569859356871170388861467274702633241752178299227814831804321058904629671823359741316381184577338204300570209156334558021425640115725513384465715608099663476329608783914252890187955603663760828918046998324633880557147808072727952602850359456451357744582556760199929103201543347829526033,6631,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787cab16de12bcebc9522ed6ae042861ceb925b1f4c2ed4bfd6389c59310b5f83049c31def178d669f00a13470365bc7be949e2fa7835249fa92fda4d06a9dacc72ee24cf387ea0d30d68f06ad53a925215be45c6f51b017010b06427fc07e45ece13c6082b
 4 | 18245694843661346063495089506797531891795142307934746370822666868968310305498813102288731223753706794170295359970724358543930609855952628773236316274619149920461579149509183212791629690112210123841540977378313096320483021277036102883005033623102292926081169381322628320665770076749257572399557823213705227500377621988407833656269824248805986530123352979712006110485560316565353012773660738005379735017971239595891782159093892297139526929259649561574735164179126250112428840374193818808517862375487638861667957966590640295882515074967560321828069192202012852811778092603160746583384816637282793838081996727922512096773,4078,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c8716f9cb38b7a3a092a07e4cc68f3cb4bf12a639d9a2e794fe08ebae2f4e3d491e07f028ed72e3634ea8f4676bfe5e2ef2f8ee99055242d0896735ddaa83c6445688455fd7522e7945316911990163b79813fae277731a9dc0859a488b154347af9ca28
 5 | 24349163766093140239020856564217358508834706901046062244595150275713307779456411949947815424390500002894082987676716961376838854148684034111774690524798954069893265708452592582163613126162243029568074936367675603619929370020166907618266828320093950052076042232497446551969603835731452349890449143636474554373829338073764586674678300455692668643267731350042309214779818650031314634417762909282195975851020851924171273424877659816146781064943200961823543135875327183952788625942907413839682616809764303383580252981365371985066961870454879610418187765046411547869488117284659203238523490227741667267779720882928174451719,8526,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787cc5cf7dfd9e7fe47f6135a66aaf0fdad7e39432f756d6bb59b4202b961ba15a7b79b7efe75bde113184d46d26b2840675964704950d9a2779c258c7b95b77d3750d633a5e7cd37846adf938230cdc82a2b83edbb9fe0f27086d9e6d0270daa28db7736a8
 6 | 19945593167099275798363412302820205018764557500143371081271617488116544161204356503933701655110225957248895943175789665203044405381671313005055618711822495454242513394865802265936597965230802952588549921475735369008187898348851528371916446047575083424634250886269629086239878007596288397185347350262269858175838919094195594796115419509202661127078303012345784728065701623098714494839667697056597602096727734275810635428926830060194815444797033025166061898094449078684137317396035722417681375464176146677523114258164632015365514464955464249411574660682616865274869575904711893901056621608014297932238226357200958598603,5021,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c94630b3af88a52fdda2a2138df291f9d00a77035217993626feb6eb249fbb754e314ace1eedf5dbb663b08c40087053e8df403d80b2ea50c93dfff36c4c028d57680db92e8d9915d1e84c6c72f1b80d05cb6081d54cbd53bc1dca89127990d5dca5f079
 7 | 20910312202015392614767746834084995692872749503096628127006114750055090503098171298474282641075875926887862285283195890819979336868126379521390155650231426461454861723053557098782405660280031625881565004389955357279655522739718335689921020760233377209675101144420603520999730664590627899646045191805935334599077261689702295020785996276051819532118708905909735032818293494882615187520803804617614112293407234627750283767966469799100715359644468484959172940108135835829364525573278956488369309121311089907052698863661123577184766280071526422814030434670630743756702909893548057572075162999152560899710036804614330476487,1231,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c5ef1cb6535621ca3756c306bd1cd075f84e2f3cc4e6417761b363da77ea962f175e0ab4251f079599efb0ee3530e759718a32bdff4768c09cb84ed6b9f762bd73ba5133d8a64b5c840866783033194214d5701704de582156ba2ec1e910fb1c2b5047e3
 8 | 21450088482017814457811766040034126276668994614208865491880616962848881844843635961954403673918875751294818612094459617437425927475097839931732982769460152701141003443596223965625632109983551758778934349415005448639175307058833419640910567534189988824905875034997159451320285922661927059724682098056025377057839610267666914408547255401089214710838709957689518966041164260159504493833416292297984708329917164399430539076377235566354652703677550443768677606863531491629840690407149302388585417804584189776006184726270551565160326697462353104654986654365802711617884397553172957804918285963421874145991037017611449255973,4190,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c88ab46caa619b04f9f320fe2b5646ebb280cb3e637f453214ff8ee35ddc633e42b63da0d7e0ac44fa2e6d387dd319e46728cb741211bcee6a91dcb620bd8a918163a81d519b24eaeb0671ae14adbb45a8a7b4bf99c1542f59fbc584510a1e2def0cc768
 9 | 17931003255021796939956614627890805625127586913057228228732307055343383336398624760155448661483221728442538891128939644386625224944712965851890902126946593137266559659886493080519643779025340422119070580645137411897376257305222913532725019378985421354994300928204174746339287703137665265053392296859687419320246321526363792524734370195308865676574145755721612927731428495527725156375271835823820281159957265344181469932853739129100819438889300545565966006865956631144477840561850550793632699967907790305880033424413238267754635864455469938906872163073786303398321245949213892547499140729991142729042306458874739951603,8945,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787ccbb8029dc323463bf7163ba27368dcd90329618c2e8be6d6a6a8ebe88f2fdbe8adfb38a0b8cd1ceec92076bdc7b853f517c7310e9dfe45ac4ff698d6ebce3d6eaee54389ad95b0f876f7a528861f5b9e8e311be19357edc21fce5c1a87433ea0e3daba5
10 | 25357901189172733149625332391537064578265003249917817682864120663898336510922113258397441378239342349767317285221295832462413300376704507936359046120943334215078540903962128719706077067557948218308700143138420408053500628616299338204718213283481833513373696170774425619886049408103217179262264003765695390547355624867951379789924247597370496546249898924648274419164899831191925127182066301237673243423539604219274397539786859420866329885285232179983055763704201023213087119895321260046617760702320473069743688778438854899409292527695993045482549594428191729963645157765855337481923730481041849389812984896044723939553,2614,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c72722fe4fe5a901e2531b3dbcb87e5aa19bbceecbf9f32eacefe81777d9bdca781b1ec8f8b68799b4aa4c6ad120506222c7f0c3e11b37dd0ce08381fabf9c14bc74929bf524645989ae2df77c8608d0512c1cc4150765ab8350843b57a2464f848d8e08
11 | 17481668649694293099472119551651202892997373277154563239548476790116941317942118198841733272089268420658233460857619965010906798812924913294370178334356858970195444061751309571621765190663497333465624742684913614489211279506972931634473076263326786603675049699874733442767226724032530774624921892940205178875837589554730974223471524873437402057425622210676726729547294811668224569860435298140068879965926636513204202934658191130498561845555706492200792564741210011680000291652291096424897198239362521226521157332818868373989536561204764355534115298036917338145385494837493949512998834454817095567878873014981815385191,2943,547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c7715d2134faa95605a1d4f84391a289cee1a571714ae5ed6ffaf88e60e1c410ef8efeb9ef4269e51821a861c5e8b9266801b8c426a24e09a579bcb3c78c6272f0a60f4cdd16ddab4cb461336b82c9a834a9846be9377666eeb066e035403f48e7998273
12 | 


--------------------------------------------------------------------------------
/demos/sctf/rsa3/words.txt:
--------------------------------------------------------------------------------
1 | 21778816622407043254249033744556437773178718344170907687035355752306254181495272254316323076827432323583279284697609943296234700945010885010381052459024155936090811012664924674758219163065019349740707282354505096608107707774970709715259835448587834080152409078047162951805940071358655938727249679105305351838950073539149057650448964397736279148746703675407495243942505041731104580156762842345374978325029947055323567120523592936170640156611551704828034384851988154353272897487218723570180022092379408219114849763765186588476489924721044926152006318666687949095907516827647042434514271847608156543261745856327152256691,1,36a66571751faf3bbf6ad760adbcd1be123d2ab526d2fbf6697ec38c7d4ee7d709d8ab3f154092410f46ae18ac75aa32ec9393a98385cd8d8df3b5a15eeccb2637b353f6808fd39e11faf2b742eb0597f8e7a977196171b031c076140cb05c771d8df2f81d8b904e8bf579da0e568fa67d0a94a7607a002c456824e7ea71df895f1967b12ac36eade287589fd556c71520d2dfdb1a8663dcae615cc40be1ff82ae42ae617db75bb1dd88235fd698b53921a42fa6390854eb1393d24341582ce83bd690ea12d2697bc929a77b51adb04131baee52050340be9a2be6eaf795b6877bcc22d5d8cce3829485340b641585ba3ad169850e780562467fbfb09f4f5235
2 | 


--------------------------------------------------------------------------------
/demos/安恒ctf/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | 


--------------------------------------------------------------------------------
/demos/安恒ctf/rsa/data.txt:
--------------------------------------------------------------------------------
 1 | 704796792
 2 | 752211152
 3 | 274704164
 4 | 18414022
 5 | 368270835
 6 | 483295235
 7 | 263072905
 8 | 459788476
 9 | 483295235
10 | 459788476
11 | 663551792
12 | 475206804
13 | 459788476
14 | 428313374
15 | 475206804
16 | 459788476
17 | 425392137
18 | 704796792
19 | 458265677
20 | 341524652
21 | 483295235
22 | 534149509
23 | 425392137
24 | 428313374
25 | 425392137
26 | 341524652
27 | 458265677
28 | 263072905
29 | 483295235
30 | 828509797
31 | 341524652
32 | 425392137
33 | 475206804
34 | 428313374
35 | 483295235
36 | 475206804
37 | 459788476
38 | 306220148
39 | 


--------------------------------------------------------------------------------
/demos/安恒ctf/rsa/data.txt (2):
--------------------------------------------------------------------------------
 1 | {920139713,19}
 2 | 
 3 | 704796792
 4 | 752211152
 5 | 274704164
 6 | 18414022
 7 | 368270835
 8 | 483295235
 9 | 263072905
10 | 459788476
11 | 483295235
12 | 459788476
13 | 663551792
14 | 475206804
15 | 459788476
16 | 428313374
17 | 475206804
18 | 459788476
19 | 425392137
20 | 704796792
21 | 458265677
22 | 341524652
23 | 483295235
24 | 534149509
25 | 425392137
26 | 428313374
27 | 425392137
28 | 341524652
29 | 458265677
30 | 263072905
31 | 483295235
32 | 828509797
33 | 341524652
34 | 425392137
35 | 475206804
36 | 428313374
37 | 483295235
38 | 475206804
39 | 459788476
40 | 306220148
41 | 


--------------------------------------------------------------------------------
/demos/安恒ctf/rsa/rsa.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ohroot/rsatools/5d6d19e98a0d1f5d5eca33aad4b959d525019a06/demos/安恒ctf/rsa/rsa.zip


--------------------------------------------------------------------------------
/rsa.py:
--------------------------------------------------------------------------------
 1 | import math
 2 | from string import *
 3 | 
 4 | e,n = (19,920139713)
 5 | 
 6 | def exeuclid(a,b):
 7 |     if b == 0:
 8 |         return 1,0,a
 9 |     else:
10 |         x,y,q = exeuclid(b,a%b)
11 |         x,y = y,(x-a/b*y)
12 |         return x,y,q
13 | 
14 | def getpq(x):
15 |     for i in xrange(2,int(math.sqrt(x)) + 1):
16 |         if x%i == 0:
17 |             return i,x/i
18 | 
19 | def encrypt(m,e,n):
20 |     c = pow(m,e,n)
21 |     return c
22 | 
23 | def getprikey(e,n):
24 |     p,q = getpq(n)
25 |     d,x,y = exeuclid(e,(p-1)*(q-1))
26 |     if d < 0:
27 |         d = (p-1)*(q-1)+d
28 |     return d,n
29 | 
30 | d,n = getprikey(e,n)
31 | 
32 | def decrypt(c,d,n):
33 |     m= pow(c,d,n)
34 |     return m
35 | 
36 | def decryptMSG(msg,n):
37 |     s1 = ''
38 |     msg = msg.split(',')
39 |     for x in msg:
40 |         s1 += chr(decrypt(int(x),d,n))
41 |         return s1
42 | 
43 | def encryptMSG(msg,n):
44 |     s1 = ''
45 |     for x in msg:
46 |         s1 += str(encrypt(ord(x),e,n))+','
47 |         return s1[:-1]
48 | 
49 | if __name__ == '__main__':
50 |     fr = open('data.txt','r')
51 |     ciphertexts = fr.readlines()
52 |     fr.close()          #'''
53 |     rettext = ""
54 |     for c in ciphertexts:
55 |         plaintext = decryptMSG(c,n)
56 |         rettext += plaintext
57 |     print rettext
58 | 


--------------------------------------------------------------------------------
/rsatool.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python2
  2 | import base64, fractions, optparse, random
  3 | import gmpy
  4 | 
  5 | from pyasn1.codec.der import encoder
  6 | from pyasn1.type.univ import *
  7 | 
  8 | PEM_TEMPLATE = '-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n'
  9 | DEFAULT_EXP = 65537
 10 | 
 11 | def factor_modulus(n, d, e):
 12 |     """
 13 |     Efficiently recover non-trivial factors of n
 14 | 
 15 |     See: Handbook of Applied Cryptography
 16 |     8.2.2 Security of RSA -> (i) Relation to factoring (p.287)
 17 | 
 18 |     http://www.cacr.math.uwaterloo.ca/hac/
 19 |     """
 20 |     t = (e * d - 1)
 21 |     s = 0
 22 | 
 23 |     while True:
 24 |         quotient, remainder = divmod(t, 2)
 25 | 
 26 |         if remainder != 0:
 27 |             break
 28 | 
 29 |         s += 1
 30 |         t = quotient
 31 | 
 32 |     found = False
 33 | 
 34 |     while not found:
 35 |         i = 1
 36 |         a = random.randint(1,n-1)
 37 | 
 38 |         while i <= s and not found:
 39 |             c1 = pow(a, pow(2, i-1, n) * t, n)
 40 |             c2 = pow(a, pow(2, i, n) * t, n)
 41 | 
 42 |             found = c1 != 1 and c1 != (-1 % n) and c2 == 1
 43 | 
 44 |             i += 1
 45 | 
 46 |     p = fractions.gcd(c1-1, n)
 47 |     q = (n / p)
 48 | 
 49 |     return p, q
 50 | 
 51 | class RSA:
 52 |     def __init__(self, p=None, q=None, n=None, d=None, e=DEFAULT_EXP):
 53 |         """
 54 |         Initialize RSA instance using primes (p, q)
 55 |         or modulus and private exponent (n, d)
 56 |         """
 57 | 
 58 |         self.e = e
 59 | 
 60 |         if p and q:
 61 |             assert gmpy.is_prime(p), 'p is not prime'
 62 |             assert gmpy.is_prime(q), 'q is not prime'
 63 | 
 64 |             self.p = p
 65 |             self.q = q
 66 |         elif n and d:
 67 |             self.p, self.q = factor_modulus(n, d, e)
 68 |         else:
 69 |             raise ArgumentError('Either (p, q) or (n, d) must be provided')
 70 | 
 71 |         self._calc_values()
 72 | 
 73 |     def _calc_values(self):
 74 |         self.n = self.p * self.q
 75 | 
 76 |         phi = (self.p - 1) * (self.q - 1)
 77 |         self.d = gmpy.invert(self.e, phi)
 78 | 
 79 |         # CRT-RSA precomputation
 80 |         self.dP = self.d % (self.p - 1)
 81 |         self.dQ = self.d % (self.q - 1)
 82 |         self.qInv = gmpy.invert(self.q, self.p)
 83 | 
 84 |     def to_pem(self):
 85 |         """
 86 |         Return OpenSSL-compatible PEM encoded key
 87 |         """
 88 |         return (PEM_TEMPLATE % base64.encodestring(self.to_der()).decode()).encode()
 89 | 
 90 |     def to_der(self):
 91 |         """
 92 |         Return parameters as OpenSSL compatible DER encoded key
 93 |         """
 94 |         seq = Sequence()
 95 | 
 96 |         for x in [0, self.n, self.e, self.d, self.p, self.q, self.dP, self.dQ, self.qInv]:
 97 |             seq.setComponentByPosition(len(seq), Integer(x))
 98 | 
 99 |         return encoder.encode(seq)
100 | 
101 |     def dump(self, verbose):
102 |         vars = ['n', 'e', 'd', 'p', 'q']
103 | 
104 |         if verbose:
105 |             vars += ['dP', 'dQ', 'qInv']
106 | 
107 |         for v in vars:
108 |             self._dumpvar(v)
109 | 
110 |     def _dumpvar(self, var):
111 |         val = getattr(self, var)
112 | 
113 |         parts = lambda s, l: '\n'.join([s[i:i+l] for i in range(0, len(s), l)])
114 | 
115 |         if len(str(val)) <= 40:
116 |             print('%s = %d (%#x)\n' % (var, val, val))
117 |         else:
118 |             print('%s =' % var)
119 |             print(parts('%x' % val, 80) + '\n')
120 | 
121 | 
122 | if __name__ == '__main__':
123 |     parser = optparse.OptionParser()
124 | 
125 |     parser.add_option('-p', dest='p', help='prime', type='int')
126 |     parser.add_option('-q', dest='q', help='prime', type='int')
127 |     parser.add_option('-n', dest='n', help='modulus', type='int')
128 |     parser.add_option('-d', dest='d', help='private exponent', type='int')
129 |     parser.add_option('-e', dest='e', help='public exponent (default: %d)' % DEFAULT_EXP, type='int', default=DEFAULT_EXP)
130 |     parser.add_option('-o', dest='filename', help='output filename')
131 |     parser.add_option('-f', dest='format', help='output format (DER, PEM) (default: PEM)', type='choice', choices=['DER', 'PEM'], default='PEM')
132 |     parser.add_option('-v', dest='verbose', help='also display CRT-RSA representation', action='store_true', default=False)
133 | 
134 |     try:
135 |         (options, args) = parser.parse_args()
136 | 
137 |         if options.p and options.q:
138 |             print('Using (p, q) to initialise RSA instance\n')
139 |             rsa = RSA(p=options.p, q=options.q, e=options.e)
140 |         elif options.n and options.d:
141 |             print('Using (n, d) to initialise RSA instance\n')
142 |             rsa = RSA(n=options.n, d=options.d, e=options.e)
143 |         else:
144 |             parser.print_help()
145 |             parser.error('Either (p, q) or (n, d) needs to be specified')
146 | 
147 |         rsa.dump(options.verbose)
148 | 
149 |         if options.filename:
150 |             print('Saving %s as %s' % (options.format, options.filename))
151 | 
152 | 
153 |             if options.format == 'PEM':
154 |                 data = rsa.to_pem()
155 |             elif options.format == 'DER':
156 |                 data = rsa.to_der()
157 | 
158 |             fp = open(options.filename, 'wb')
159 |             fp.write(data)
160 |             fp.close()
161 | 
162 |     except optparse.OptionValueError as e:
163 |         parser.print_help()
164 |         parser.error(e.msg)
165 | 


--------------------------------------------------------------------------------
/test/crypto.txt:
--------------------------------------------------------------------------------
1 | 547995f4e2f4c007e6bb2a6913a3d685974a72b05bec02e8c03ba64278c9347d8aaaff672ad8460a8cf5bffa5d787c5bb724d1cee07e221e028d9b8bc24360208840fbdfd4794733adcac45c38ad0225fde19a6a4c38e4207368f5902c871efdf1bdf4760b1a98ec1417893c8fce8389b6434c0fee73b13c284e8c9fb5c77e420a2b5b1a1c10b2a7a3545e95c1d47835c2718
2 | 


--------------------------------------------------------------------------------
/test/pqne.txt:
--------------------------------------------------------------------------------
1 | 156956618844706820397012891168512561016172926274406409351605204875848894134762425857160007206769208250966468865321072899370821460169563046304363342283383730448855887559714662438206600780443071125634394511976108979417302078289773847706397371335621757603520669919857006339473738564640521800108990424511408496383,156956618844706820397012891168512561016172926274406409351605204875848894134762425857160007206769208250966468865321072899370821460169563046304363342283383730448855887559714662438206600780443071125634394511976108979417302078289773847706397371335621757603520669919857006339473738564640521800108990424511408496259,24635380199162576175626733825654993088774186468424341251485528171539392839329146412615013362980283492199482296250229443925899183941601282092332843476617277156184507685928193519623765855782976047363883665283424473545877969718710272046261654326391840252190462805782777380937446430987284386172226304759726517529843564412091984328980979115111158624673855166379221415935217206920980564900414671064827167187417932475583509599802648238573603298428445177957392893928492353538844661418085667022331283805225000341955464473332333141637604132197773189903937879276873131228814365139541968760521539920817629563995110317306270531197,65537
2 | 


--------------------------------------------------------------------------------
/wiener_attack.py:
--------------------------------------------------------------------------------
 1 | # -*- coding: utf-8 -*-
 2 | 
 3 | from sympy.solvers import solve
 4 | from sympy import Symbol
 5 | 
 6 | 
 7 | class WienerAttack(object):
 8 |     def partial_quotiens(self, x, y):
 9 |         pq = []
10 |         while x != 1:
11 |                 pq.append(x / y)
12 |                 a = y
13 |                 b = x % y
14 |                 x = a
15 |                 y = b
16 |         return pq
17 | 
18 |     def rational(self, pq):
19 |         i = len(pq) - 1
20 |         num = pq[i]
21 |         denom = 1
22 |         while i > 0:
23 |                 i -= 1
24 |                 a = (pq[i] * num) + denom
25 |                 b = num
26 |                 num = a
27 |                 denom = b
28 |         return (num, denom)
29 | 
30 |     def convergents(self, pq):
31 |         c = []
32 |         for i in range(1, len(pq)):
33 |                 c.append(self.rational(pq[0:i]))
34 |         return c
35 | 
36 |     def phiN(self, e, d, k):
37 |         return ((e * d) - 1) / k
38 | 
39 |     def __init__(self, n, e):
40 |         self.p = None
41 |         self.q = None
42 |         pq = self.partial_quotiens(e, n)
43 |         c = self.convergents(pq)
44 |         x = Symbol('x')
45 |         for (k, d) in c:
46 |             if k != 0:
47 |                 y = n - self.phiN(e, d, k) + 1
48 |                 roots = solve(x**2 - y*x + n, x)
49 |                 if len(roots) == 2:
50 |                     p = roots[0]
51 |                     q = roots[1]
52 |                     if p * q == n:
53 |                         self.p = p
54 |                         self.q = q
55 |                         break
56 | 


--------------------------------------------------------------------------------