1
from Crypto.Util.number import *
2
from pwn import *
3

4
def _encrypt(message):
5
    r.recvuntil("choice: ")
6
    r.sendline("1")
7
    r.recvuntil("encrypt (in hex): ")
8
    r.sendline(message.encode("hex"))
9
    ct = r.recvline().strip()[37:].decode("hex")
10
    r.recvline()
11
    r.recvline()
12
    return ct
13

14
def extractmod_eunknown(_encrypt, limit=4):
15
    """
16
    Reference: https://crypto.stackexchange.com/questions/43583/deduce-modulus-n-from-public-exponent-and-encrypted-data
17

18
    Function to extract the value of modulus without the value of public key exponent
19

20
    :input parameters:
21
    _encrypt : <type 'function'>      : Function interacting with the server for encryption
22
    limit    : <type 'int'>           : number of values to be sent for encryption
23
    """
24
    try:
25
        assert limit <= 4
26
    except AssertionError:
27
        print "[+] Limit too big!"
28
        return -1
29
    try:
30
        m_list = [2, 3, 5, 7]
31
        ct_list = [bytes_to_long(_encrypt(long_to_bytes(m_list[i]**2))) for i in range(limit)]
32
        ct_list2 = [bytes_to_long(_encrypt(long_to_bytes(m_list[i]))) for i in range(limit)]
33
        assert len(ct_list) == len(ct_list2)
34
        mod_list = [(ct_list2[i]**2 - ct_list[i]) for i in range(limit)]
35
        _gcd = mod_list[0]
36
        for i in mod_list:
37
            _gcd = GCD(_gcd, i)
38
        return _gcd
39
    except Exception as es:
40
        print "[+] Exception: ", es
41
        return -1
42

43
r = process("./run.sh")
44
N = extractmod_eunknown(_encrypt, 4)
45
print "N: ", N
46
assert N != -1
47
r.sendline("2")
48
r.recvuntil("modulus: ")
49
r.sendline(str(N))
50
print r.recvline().strip()
51

52