rsa
#zer0ptsCTF2021 from Crypto.Util.number import getStrongPrime, GCD from random import randint from flag import flag import os def pad(m: int, n: int): # PKCS#1 v1.5 maybe ms = m.to_bytes((m.bit_length() + 7) // 8, "big") ns = n.to_bytes((n…
#wani_ctf_2023 import os from Crypto.Util.number import bytes_to_long, getPrime flag = os.environb.get(b"FLAG", b"FAKE{THIS_IS_FAKE_FLAG}") p = getPrime(1024) q = getPrime(1024) n = p * q e = 0x10001 d = pow(e, -1, (p - 1) * (q - 1)) m = b…
from Crypto.Util.number import getPrime, bytes_to_long from random import randint p = getPrime(2048) q = getPrime(2048) N = p * q e = 65537 with open('flag.txt', 'rb') as f: flag = bytes_to_long(f.read()) c = [] for x in range(3): m = 0 fo…
#Securinets_Quals_2022 from Crypto.Util.number import getStrongPrime, getPrime, isPrime, bytes_to_long FLAG = b"Securinets{REDACTED}" def genPrime(prime): while True: a = getPrime(256) p = 2*prime*a + 1 if isPrime(p): break while True: b =…
#MidnightSunCTF_2022_Quals #!/usr/bin/python3 from sys import stdin, stdout, exit from flag import FLAG from secrets import randbelow from gmpy import next_prime p = int(next_prime(randbelow(2**512))) q = int(next_prime(randbelow(2**512)))…
#midnightsun2021finals ELFが渡される。 RSAでがもらえるオラクルがある。は32bitポインタの範囲内。 目的はを求めること。 LLLらしいがわかってない hpmv — Today at 7:03 PM Didn't even open some challenges Tabula was the best though, my favorite h…
#grocid #midnightsun2021finals sage: p1 = random_prime(2^2048) ....: p2 = next_prime(0xcafebabe * p1 + randint(0, 2^1024)) ....: ....: q1 = random_prime(2^512) ....: q2 = random_prime(2^512) ....: ....: n1 = ZZ(p1 * q1) ....: n2 = ZZ(p2 * …
#RSA import random from my_math import next_prime from flag import flag def egcd(a, b): x, y, u, v = 0, 1, 1, 0 while a != 0: q, r = b//a, b % a m, n = x-u*q, y-v*q b, a, x, y, u, v = a, r, u, v, m, n gcd = b return gcd, x, y def gen_keys(…
#HackTM_CTF_Quals_2023 #good_challenges_2023 from math import gcd from Crypto.Util.number import bytes_to_long, isPrime from secret import p, q, x1, y1, x2, y2, e, flag # properties of secret variables assert isPrime(p) and p.bit_length() …
from Crypto.Util.number import * class Key: def __init__(self, bits): assert bits >= 512 self.p = getPrime(bits) self.q = getPrime(bits) self.n = self.p * self.q self.e = 0x100007 self.d = inverse(self.e, (self.p-1)*(self.q-1)) self.dmp1 =…
#CrewCTF_2022 from Crypto.Util.number import bytes_to_long, getRandomNBitInteger from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from Crypto.Hash import SHA256 from flag import FLAG key = RSA.generate(1024) p = key.p …
#CakeCTF2022 from Crypto.Util.number import getPrime import os flag = os.getenv("FLAG", "FakeCTF{warmup_a_frozen_cake}") m = int(flag.encode().hex(), 16) p = getPrime(512) q = getPrime(512) n = p*q print("n =", n) print("a =", pow(m, p, n)…
#ACTF_2022 from Crypto.Util.number import * from Crypto.PublicKey import RSA e = 65537 flag = b'ACTF{...}' while True: p = getPrime(1024) q = inverse(e, p) if not isPrime(q): continue n = p * q; public = RSA.construct((n, e)) with open("pu…
RSA で が近いときの話 をの中央の値として すると である が小さければ十分探索できる 探索ではとおいて よりが平方数かどうかを調べれば良い import gmpy2 def fermat(n): x = gmpy2.isqrt(n) a = x*x - n while not gmpy2.is_square(a): x += 1 a = x*x -…
#angstromCTF2019 https://ctftime.org/task/8337 I found this flag somewhere when I was taking a walk, but it seems to have been encrypted with this Really Secure Algorithm! p = 833798983855161463343002937180389207715616249401247485668417438…
RSA Common Private Exponent Attack Lattice Based Attack on Common Private Exponent RSA from Crypto.Util.number import * from random import randint flag = int('SCTF{*******************}'.encode('hex'), 16) d = getPrime(randint(380, 385)) fo…
#UnionCTF from Crypto.Util.number import bytes_to_long from secrets import k, FLAG assert k < 2^128 assert FLAG.startswith(b'union{') E = EllipticCurve(QQ,[0,1,0,78,-16]) P = E(1,8) Q = k*P R = (k+1)*P p = Q[0].numerator() q = R[0].numerat…
#tsglivectf6 class key: def __init__(self, p, q): self.N = p * q self.phi = (p - 1) * (q - 1) self.e = 65537 self.d = pow(self.e, -1, self.phi) def gen_private_key(self): return (self.N, self.d) def gen_public_key(self): return (self.N, se…
#tsg_live_ctf_10 #!/usr/bin/python3 from Crypto.Util.number import getPrime, bytes_to_long import flag import secrets assert(len(flag.flag) == 33) p = getPrime(512) q = getPrime(512) N = p * q phi = (p - 1) * (q - 1) e = 3 assert(phi%e!=0)…
#ricerca_ctf_2023 #RSA #Suspicious_Prime #素因数分解 https://furutsuki.hatenablog.com/entry/2023/04/23/143704#Rotated-Secret-Analysis
n = 1581688906457476363395126526567273673701408932950303338239208333630259409060558913573169944824614765761181142076812143239126525279272150531288099279324952069798370347137241407454006529222527499949838916908947248778974534402378297195202…
#PlaidCTF2021 from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_OAEP from secret import p,q x = 16158503035655503426113161923582139215996816729841729510388257123879913978158886398099119284865182008994209960822918533986492024…
#n1ctf2021 このほか n1ogin.pub の他、adminがログインしたときのpcapファイルが渡されている import os import json import time from Crypto.PublicKey.RSA import import_key from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, m…
#midnight_sun_ctf_qualifiers_2023 p = random_prime(2**1024) q = random_prime(2**1024) a = randint(0, 2**1024) b = randint(0, 2**1024) def read_flag(file='flag.txt'): with open(file, 'rb') as fin: flag = fin.read() return flag def pad_flag(…
#HackTM_CTF_Quals_2023 from Crypto.Util.number import bytes_to_long, getStrongPrime from secret import flag assert len(flag) == 255 e = 3 p = getStrongPrime(1024, e=e) q = getStrongPrime(1024, e=e) n = p * q phi = (p - 1) * (q - 1) d = pow…
#hsctf8 from Crypto.Util.number import * import random import sympy flag = open('flag.txt','rb').read() p,q = getPrime(1024),getPrime(1024) e = 0x10001 n = p*q m = random.randrange(0,n) c = pow(m,e,n) d = sympy.mod_inverse(e,(p-1)*(q-1)) d…
#hsctf8 import time from Crypto.Util.number import * flag = open('flag.txt','r').read() p = getPrime(1024) q = getPrime(1024) e = 2**16+1 n=p*q ct=[] for ch in flag: ct.append((ord(ch)^e)%n) print(n) print(e) print(ct) RSA import ast with …
AESパート省略 RSAなんだけど、に何かしらのパターンがある。つまり素因数が次のように表される ここで みたいなやつ 同様に って感じ このとき、次のような行列を考える [[x, 0, u * d0 % w], [0, x, v * d0 % w], [0, 0, w]] で、それぞれ patternのサイズ…
RSA flag = open('flag', 'rb').read() pt = int.from_bytes(flag, 'big') def case1(x): N = 0x9cca93a0eff966a6cc3426dc79f66c0526944c5a51681a3be685daee7506352dfb7bdd76e59995d2ba980158212f4797c3fc1ae81fdd3500e93634e7e5a47944d14b2de0922d0fcbe2ada…
#cakectf2021 from Crypto.Util.number import getStrongPrime, bytes_to_long p = getStrongPrime(512) q = getStrongPrime(512) r = getStrongPrime(512) n = p*q*r x = pow(p + q, r, n) y = pow(p + q*r, r, n) m = bytes_to_long(open("./flag.txt", "r…