Ctfs

Intended solution of waRSAw challenge from InCTF Internationals 2019 tl;dr variant of LSB Oracle Attack on unpadded RSA ...

Challenge Points: 182 Challenge Description: In the halloween party, we want to half a delicious but small cake! tl;dr Find Elliptic Curve parameters from given points on the curve Find x-coordinate of 2*P, given y-coordinate of 2*P Invert 2 over mod (P.order()) and multiply the result with 2*P to get P Submit ASIS{P.x} as the flag In case you are new to Elliptic Curves, you can read about them in my library here...

Challenge Points: 223 Challenge Description: Someone told me not to use DSA, so I came up with this. In this challenge, we are given a script that signs any message given as an input: class PrivateSigningKey: def __init__(self): self.gen = 0x44120dc98545c6d3d81bfc7898983e7b7f6ac8e08d3943af0be7f5d52264abb3775a905e003151ed0631376165b65c8ef72d0b6880da7e4b5e7b833377bb50fde65846426a5bfdc182673b6b2504ebfe0d6bca36338b3a3be334689c1afb17869baeb2b0380351b61555df31f0cda3445bba4023be72a494588d640a9da7bd16L self.q = 0x926c99d24bd4d5b47adb75bd9933de8be5932f4bL self.p = 0x80000000000001cda6f403d8a752a4e7976173ebfcd2acf69a29f4bada1ca3178b56131c2c1f00cf7875a2e7c497b10fea66b26436e40b7b73952081319e26603810a558f871d6d256fddbec5933b77fa7d1d0d75267dcae1f24ea7cc57b3a30f8ea09310772440f016c13e08b56b1196a687d6a5e5de864068f3fd936a361c5L self.key = int(FLAG.encode("hex"), 16) def sign(self, m): def bytes_to_long(b): return long(b.encode("hex"), 16) h = bytes_to_long(sha1(m).digest()) u = bytes_to_long(Random.new().read(20)) assert(bytes_to_long(m) % (self.q - 1) !...

Challenge Points: 200 Challenge Description: Pull the flag…if you can. tl;dr solving RSA Digital Signature using it’s homomorphic property: Calculate the signature of factors of message M to be signed, separately Combine them by multiplication over modulus to get the signature of M Based on Unpadded RSA Digital Signature about which you can read here- https://github.com/ashutosh1206/Crypton/tree/master/Digital-Signatures/Unpadded-RSA-Digital-Signatures There are various bash commands the program allows us to execute on the server:...

tl;dr Coppersmith’s Attack to recover RSA primes Challenge Points: 99 Challenge Description: You can’t break my public key if you don’t know it, amirite? The challenge is based on RSA and we are given the following script: def bytes_to_long(data): return int(data.encode("hex"),16) def rsa(msg,e,n): return pow(bytes_to_long(msg),e,n) flag = open('flag.txt','r').read() tmp = randint(2**1023, 2**1024) e = 65537 p = next_prime(0xDEAD*tmp+randint(2, 2**500)) q = next_prime(0xBEEF*tmp+randint(2, 2**500)) N = p*q print('msg1 = '+str(rsa("You can't factor the modulus",e,N))) print('msg2 = '+str(rsa("If you don't know the modulus!...