Rating:

Similar to `twin`, we get two public keys with similar modulus, and large `e`s that are now coprime. However, the plaintexts that are being encrypted are different. Trying `weiner` attack on the first public key we get `d`, `p` and `q` ([https://www.dcode.fr/rsa-cipher](https://www.dcode.fr/rsa-cipher)).

Using these, we can easily decrypt the ciphertexts using the following:

```python
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from Crypto.Util.number import inverse
from binascii import hexlify, unhexlify

key1 = RSA.import_key(open('key1.pem','rb').read())
key2 = RSA.import_key(open('key2.pem','rb').read())

reader = open('ciphers','rb')
c1, c2, _ = list(map(unhexlify, reader.read().split(b'\n')))
reader.close()

d1 = 3142948387612230061712223313218058768177264054157930977501720905159512174225
d2 = 1092307060387726789399821928756365597728744731491110152860300248100056

pkey1 = RSA.construct((key1.n, key1.e, d1))
phi = (pkey1.p - 1) * (pkey1.q - 1)
pkey2 = RSA.construct((key2.n, key2.e, inverse(key2.e, phi)))

decryptor1 = PKCS1_OAEP.new(pkey1)
decryptor2 = PKCS1_OAEP.new(pkey2)
m1 = decryptor1.decrypt(c1)
m2 = decryptor2.decrypt(c2)
print(m1+m2)
```

And we get the flag: `ENO{n3ver_reus3_your_pr1mes_4_a_new_k3y_you_have_2_p4y_th3_pr1ce}`