CoCalc -- exploit.py

GitHub Repository: ashutosh1206/crypton
Path: blob/master/RSA-encryption/Attack-Retrieve-Modulus/Challenges/Lost-Key/exploit.py
¹⁴⁰² views

1
from pwn import *
2
from Crypto.Util.number import *
3
from Crypto.PublicKey import *
4
import math
5

6
def encrypt(m):
7
    m=long_to_bytes(m)
8
    r.recvuntil("cmd: ")
9
    r.sendline("A")
10
    r.recvuntil("input: ")
11
    r.sendline(m.encode("hex"))
12
    return int(r.recvline().strip(),16)
13

14
def decrypt(m):
15
    m=long_to_bytes(m)
16
    r.recvuntil("cmd: ")
17
    r.sendline("B")
18
    r.recvuntil("input: ")
19
    r.sendline(m.encode("hex"))
20
    return int(r.recvline().strip(),16)
21

22
r = process("./run.sh")
23
r.recvline().strip()
24
flag_enc = bytes_to_long(r.recvline().strip().decode("hex"))
25

26
# Finding the modulus
27
c1 = encrypt(2)
28
c2 = encrypt(3)
29
c3 = encrypt(5)
30
c4 = encrypt(2**2)
31
c5 = encrypt(3**2)
32
c6 = encrypt(5**2)
33
N = GCD(GCD(c1**2 - c4, c2**2 - c5), c3**2 - c6)
34
print "Modulus: ", N
35

36
for j in range(2, 1000000):
37
    assert N % j != 0
38

39
# LS Byte Oracle Attack
40
flag = "\n"
41
for i in range(1,60):
42
    inv = inverse(256**i, N)
43
    _multiplier = encrypt(inv)
44
    chosen_ct = flag_enc*_multiplier
45
    output = decrypt(chosen_ct)
46
    flag_char = (output - (bytes_to_long(flag)*inv) % N) % 256
47
    flag = chr(flag_char) + flag
48
    print flag
49

50

Product

Resources

Company