ASIS 2015 Finals: Bodu (crypto175)

Reading time ~1 minute

We got an RSA public key (pub.key) encoded in PEM format and the encrypted flag (flag.enc).

These are the converted parameters:

e = 2385330119331689083455211591182934261439999376616463648565178544704114285540523381214630503109888606012730471130911882799269407391377516911847608047728411508873523338260985637241587680601172666919944195740711767256695758337633401530723721692604012809476068197687643054238649174648923555374972384090471828019
N = 2562256018798982275495595589518163432372017502243601864658538274705537914483947807120783733766118553254101235396521540936164219440561532997119915510314638089613615679231310858594698461124636943528101265406967445593951653796041336078776455339658353436309933716631455967769429086442266084993673779546522240901
c = 1624768965978244122218384915440259949773623052619109265384960524204099241405509334298217012073574245240140975823312659160847045035132501536939096089619077929998251251236783590255562951129897302725067655285503493676186062693350470482247124598766533755027440418713398509566189239815613916662987881029294277207

The public exponent is too large thus we can suspect that the private exponent is possible too small.

I tried to attack it with Wiener’s attack: https://en.wikipedia.org/wiki/Wiener%27s_attack with the following implementation, but it did not worked: https://github.com/pablocelayes/rsa-wiener-attack

So I remembered other RSA attacks from previous CTFs and how much time this page helped me: https://github.com/mimoo/RSA-and-LLL-attacks

The last attack is the Boneh Durfee attack, which is you know BO-neh DU-rfee => BODU just like the challenge’s name, so I instantly know this will solve the challenge (also a lot of other teams are already solved it, so it should be not too hard challenge either).

Running budo.sage will give us the private exponent (d):

d = 89508186630638564513494386415865407147609702392949250864642625401059935751367507

The executing pow(c,d,N) in python give us the following plaintext:

7105857801457696083098669180371125182430908825274295869462261196993232333904846182088682459845909159924079587285438988882837378435398205428800773161869836747653246664819269651173622798039814934439562046448483899123585744167522783235535219103995347045452193429764349550389498609273176996913420550906739978

Converting this to ASCII (for example with my javascript based conversion tools, hosted on https://kt.pe/tools.html) will give us the flag (it is padded with PKCS v1.5 padding, but contrary to OAEP padding the flag is readable instantly):

ASIS{b472266d4dd916a23a7b0deb5bc5e63f}

HITCON CTF 2019 Quals: Reverse - EmojiVM

This challenge was a VM implemented where every instruction was an emoji. For the first part of the challenge we had to reverse a flag ch...… Continue reading

HITCON CTF 2019 Quals: Reverse - CoreDumb

Published on October 19, 2019

HITCON CTF 2019 Quals: Pwn - Crypto in the shell

Published on October 19, 2019