1
from Crypto.Util.number import *
2
from pwn import *
3

4
def _encrypt(message):
5
    r.recvuntil("choice: ")
6
    r.sendline("1")
7
    r.recvuntil("encrypt (in hex): ")
8
    r.sendline(message.encode("hex"))
9
    ct = r.recvline().strip()[37:].decode("hex")
10
    r.recvline()
11
    r.recvline()
12
    return ct
13

14
def extractmod_eknown(_encrypt, e, limit=4):
15
    """
16
    Reference: https://crypto.stackexchange.com/questions/43583/deduce-modulus-n-from-public-exponent-and-encrypted-data
17

18
    Function to extract the value of modulus, given value of public key exponent
19

20
    :input parameters:
21
    _encrypt : <type 'function'>      : Function interacting with the server for encryption
22
    e        : <type 'int' or 'long'> : Public Key exponent
23
    limit    : <type 'int'>           : number of values to be sent for encryption
24
    """
25
    try:
26
        assert limit <= 4
27
    except AssertionError:
28
        print "[+] Limit too big!"
29
        return -1
30
    try:
31
        m_list = [2, 3, 5, 7]
32
        mod_list = [(bytes_to_long(_encrypt(long_to_bytes(m_list[i])))) - (m_list[i]**e) for i in range(limit)]
33
        _GCD = mod_list[0]
34
        for i in range(limit):
35
            _GCD = GCD(_GCD, mod_list[i])
36
        return _GCD
37
    except Exception as e:
38
        print "[+] Exception: ", e
39

40
r = process("./run.sh")
41
N = extractmod_eknown(_encrypt, 65537, 4)
42
print "N: ", N
43
assert N != -1
44
r.sendline("2")
45
r.recvuntil("modulus: ")
46
r.sendline(str(N))
47
print r.recvline().strip()
48

49