Primary Knowledge
Surrounded by an untamed forest and the serene waters of the Primus river, your sole objective is surviving for 24 hours. Yet, survival is far from guaranteed as the area is full of Rattlesnakes, Spiders and Alligators and the weather fluctuates unpredictably, shifting from scorching heat to torrential downpours with each passing hour. Threat is compounded by the existence of a virtual circle which shrinks every minute that passes. Anything caught beyond its bounds, is consumed by flames, leaving only ashes in its wake. As the time sleeps away, you need to prioritise your actions secure your surviving tools. Every decision becomes a matter of life and death. Will you focus on securing a shelter to sleep, protect yourself against the dangers of the wilderness, or seek out means of navigating the Primus’ waters?
Files: output.txt | source.py
Writeup by: Stig Rune Grønnestad
Recon
We are given two files.
output.txt
n = 144595784022187052238125262458232959109987136704231245881870735843030914418780422519197073054193003090872912033596512666042758783502695953159051463566278382720140120749528617388336646147072604310690631290350467553484062369903150007357049541933018919332888376075574412714397536728967816658337874664379646535347
e = 65537
c = 15114190905253542247495696649766224943647565245575793033722173362381895081574269185793855569028304967185492350704248662115269163914175084627211079781200695659317523835901228170250632843476020488370822347715086086989906717932813405479321939826364601353394090531331666739056025477042690259429336665430591623215
source.py
import math
from Crypto.Util.number import getPrime, bytes_to_long
from secret import FLAG
m = bytes_to_long(FLAG)
n = math.prod([getPrime(1024) for _ in range(2**0)])
e = 0x10001
c = pow(m, e, n)
with open('output.txt', 'w') as f:
f.write(f'{n = }\n')
f.write(f'{e = }\n')
f.write(f'{c = }\n')
The python scripts uses the FLAG from a file called secret.py to generate a n, e and c value. The n value is generated by multiplying 1024 bit primes together. The e value is 65537 and the c value is the result of m^e mod n. We are given the n, e and c values in the output.txt file. So we have to reverse the m value from the c value.
Exploit
Running RsaCtfTool in a docker container to get the ‘m’ value.
https://github.com/RsaCtfTool/RsaCtfTool
└─$ docker run --rm -it -v $PWD:/data notepid/rsactftool -n 144595784022187052238125262458232959109987136704231245881870735843030914418780422519197073054193003090872912033596512666042758783502695953159051463566278382720140120749528617388336646147072604310690631290350467553484062369903150007357049541933018919332888376075574412714397536728967816658337874664379646535347 -e 65537 --uncipher 15114190905253542247495696649766224943647565245575793033722173362381895081574269185793855569028304967185492350704248662115269163914175084627211079781200695659317523835901228170250632843476020488370822347715086086989906717932813405479321939826364601353394090531331666739056025477042690259429336665430591623215
private argument is not set, the private key will not be displayed, even if recovered.
[*] Testing key /tmp/tmpnjsj8ofx.
[*] Performing fibonacci_gcd attack on /tmp/tmpnjsj8ofx.
100%|█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 9999/9999 [00:00<00:00, 123281.38it/s]
[*] Performing nonRSA attack on /tmp/tmpnjsj8ofx.
[*] Attack success with nonRSA method !
Results for /tmp/tmpnjsj8ofx:
Unciphered data :
HEX : 0x4854427b30685f64346d6e5f346e793768316e675f7234317333645f74305f305f31735f312121217d
INT (big endian) : 154494104126246428636989946273736411011334723383700225366857664731705373903436582850185452949938557
INT (little endian) : 267274801349899412188868063532143570829996278787448868450360864366938573170691131108957681933767752
utf-8 : HTB{0h_d4mn_4ny7h1ng_r41s3d_t0_0_1s_1!!!}
STR : b'HTB{0h_d4mn_4ny7h1ng_r41s3d_t0_0_1s_1!!!}'
Flag
HTB{0h_d4mn_4ny7h1ng_r41s3d_t0_0_1s_1!!!}
Notes-to-self
https://en.wikipedia.org/wiki/RSA_(cryptosystem)