Rating:

# Crypto

## Rivest Shamir Adleman
```
These 3 guys encrypted my flag, but they didn't tell me how to decrypt it.

File: enc.txt
```

`enc.txt` content:
```
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
e = 65537
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
```

With http://www.factordb.com we can see the factors p and q of N:
```
p = 15485863
q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137
```

``` python
$ python2
>>> p = 15485863
>>> q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137
>>> N = p * q
>>> e = 65537
>>> phi = (q - 1) * (p - 1)
>>> from Crypto.Util.number import inverse
>>> d = inverse(e, phi)
>>> cipher = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
>>> plaintext = pow(cipher, d, N)
>>> print plaintext
49459207073075609387052389022856465595244842985649235071628181272612221410724680024945533
>>> print hex(plaintext)[2:-1].decode('hex')
csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}
```

The flag is: `csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}`

## little RSA
```
The flag.zip contains the flag I am looking for but it is password protected.
The password is the encrypted message which has to be correctly decrypted so I can useit to open the zip file.
I tried using RSA but the zip doesn't open by it. Can you help me get the flag please?

Files: a.txt flag.zip
```

`a.txt` content:
```
c=32949
n=64741
e=42667
```

We will crack the rsa cipher:
``` python
$ python2
>>> p = 101
>>> q = 641
>>> N = p * q
>>> e = 42667
>>> phi = (q - 1) * (p - 1)
>>> from Crypto.Util.number import inverse
>>> d = inverse(e, phi)
>>> cipher = 32949
>>> plaintext = pow(cipher, d, N)
>>> print plaintext
18429
```

We extract the encrypted file `flag.txt` from the archive `flag.zip` with the password `18429` and we get the flag

The flag is: `csictf{gr34t_m1nds_th1nk_4l1ke}`

## Quick Math
```
Ben has encrypted a message with the same value of 'e' for 3 public moduli and got the cipher texts.
n1 = 86812553978993 n2 = 81744303091421 n3 = 83695120256591
c1 = 8875674977048 c2 = 70744354709710 c3 = 29146719498409
Find the original message. (Wrap it with csictf{})
```

I was inspired by the explanation https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/

``` python
$ python2
>>> N = [86812553978993, 81744303091421, 83695120256591]
>>> c = [8875674977048, 70744354709710, 29146719498409]
>>> from sympy.ntheory.modular import crt
>>> x = crt(N, c)[0]
>>> print x
319222184729548122617007524482681344
```

Thanks to https://www.calculator.net/root-calculator.html, we get the cube root of `319222184729548122617007524482681344`: it's `683435743464`

And `683435743464` is `h45t4d` in hexadecimal

The flag is: `csictf{h45t4d}`

Original writeup (https://github.com/skyf0l/CTF/blob/master/CSICTF_2020/Crypto.md#rivest-shamir-adleman).