1
from Crypto.Util.number import *
2
from Crypto.PublicKey import RSA
3
from pwn import *
4

5
def _encrypt(message):
6
    r.recvuntil("choice: ")
7
    r.sendline("1")
8
    r.recvuntil("to encrypt (in hex): ")
9
    r.sendline(message.encode("hex"))
10
    ct = r.recvline("ciphertext (in hex): ").strip()[37:]
11
    r.recvline()
12
    r.recvline()
13
    return ct.decode("hex")
14

15
def _decrypt(ciphertext):
16
    r.recvuntil("choice: ")
17
    r.sendline("2")
18
    r.recvuntil("to decrypt (in hex): ")
19
    r.sendline(ciphertext.encode("hex"))
20
    pt = r.recvline("plaintext (in hex): ").strip()[36:]
21
    r.recvline()
22
    r.recvline()
23
    return pt.decode("hex")
24

25
r = process("./encrypt.py")
26
r.recvline()
27
flag_enc = r.recvline().strip()[31:].decode("hex")
28
N = int(r.recvline().strip()[20:])
29
print "flag_enc: ", flag_enc
30
print "N: ", N
31
print "\n\n"
32

33
e = 65537
34
upper_limit = N
35
lower_limit = 0
36

37
flag = ""
38
i = 1
39
while i <= 1034:
40
    chosen_ct = long_to_bytes((bytes_to_long(flag_enc)*pow(2**i, e, N)) % N)
41
    output = _decrypt(chosen_ct)
42
    if ord(output[-1]) == 0:
43
        upper_limit = (upper_limit + lower_limit)/2
44
    elif ord(output[-1]) == 1:
45
        lower_limit = (lower_limit + upper_limit)/2
46
    else:
47
        break
48
        print "Unsuccessfull"
49
    i += 1
50

51
print "Flag : ", long_to_bytes(lower_limit)
52

53