LoginSignup
0
0

More than 5 years have passed since last update.

@chihiro1000(Chihiro Hasegawa)

BKPCTF 2016 bob's hat (2/4)

Last updated at Posted at 2017-10-10

問題概要

前回の続き.展開して得られた公開鍵の中身を見てみる.

$ openssl rsa -text -pubin < almost_almost_almost_there.pub
Public-Key: (1024 bit)
Modulus:
    00:ab:e6:33:ce:c2:e7:ec:10:a8:51:92:79:05:a6:
    57:df:4e:10:41:60:23:c0:c3:4f:c6:4d:64:bd:8b:
    82:57:b7:bf:20:7a:dd:04:7b:0a:df:21:c5:25:b0:
    52:06:8c:70:29:5c:74:6c:3b:1b:e1:43:6f:39:ed:
    8b:f7:a8:13:e4:b8:45:ce:0c:a8:9c:a8:28:b4:57:
    63:d4:6b:18:98:c7:a2:fa:5f:8f:e7:84:28:ca:b6:
    cd:f7:0e:f8:71:db:97:1b:32:32:84:1a:1c:e2:45:
    9c:e6:50:a1:54:36:2f:80:cf:b6:41:63:c3:ca:63:
    ad:72:bc:fb:db:f0:15:4f:f7
Exponent: 65537 (0x10001)
writing RSA key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCr5jPOwufsEKhRknkFplffThBB
YCPAw0/GTWS9i4JXt78get0EewrfIcUlsFIGjHApXHRsOxvhQ2857Yv3qBPkuEXO
DKicqCi0V2PUaxiYx6L6X4/nhCjKts33Dvhx25cbMjKEGhziRZzmUKFUNi+Az7ZB
Y8PKY61yvPvb8BVP9wIDAQAB
-----END PUBLIC KEY-----

特に怪しいところはない.fermat法をしてみても素因素分解できない.そこで試しに前の問題で使った公開鍵のgcdをとってみる.そうすると1ではない値がでてきた.つまり素数の使い回しをしていることがわかる.

解き方

gcdをとって,出てきた値を$p$として,$N$を割って,$q$を作る.あとは前回と同じ手順.以下にプログラムを示す.

#!/usr/bin/env ruby
#coding: ascii-8bit

require '~/ctf/tools/ctf/crypto.rb'
require '~/ctf/tools/ctf/misc.rb'

e = 0x10001

# from almost_almost_almost_almost_there.pub
n1 = "00:86:e9:96:01:3e:77:c4:16:99:00:0e:09:41:d4:80:c0:46:b2:f7:1a:4f:95:b3:50:ac:1a:4d:42:63:72:92:3d:8a:45:61:d9:6f:bf:b0:24:05:95:90:72:01:ad:32:25:cf:6e:de:d7:de:02:d9:1c:38:6f:fa:c2:80:b7:2d:0f:95:ca:e7:1f:42:eb:e0:d3:ed:ae:ac:e7:ce:a3:19:5f:a3:2c:1c:60:80:d9:0e:f8:53:d0:6d:d4:57:2c:92:b9:f8:31:0b:bc:0c:63:5a:5e:26:95:25:11:75:10:30:a6:59:08:16:55:4e:76:30:31:bc:bb:31:e3:f1:19:c6:5f".gsub(/:/, "").hex

p1,q1 = fermat(n1)

n2 = "00:ab:e6:33:ce:c2:e7:ec:10:a8:51:92:79:05:a6:57:df:4e:10:41:60:23:c0:c3:4f:c6:4d:64:bd:8b:82:57:b7:bf:20:7a:dd:04:7b:0a:df:21:c5:25:b0:52:06:8c:70:29:5c:74:6c:3b:1b:e1:43:6f:39:ed:8b:f7:a8:13:e4:b8:45:ce:0c:a8:9c:a8:28:b4:57:63:d4:6b:18:98:c7:a2:fa:5f:8f:e7:84:28:ca:b6:cd:f7:0e:f8:71:db:97:1b:32:32:84:1a:1c:e2:45:9c:e6:50:a1:54:36:2f:80:cf:b6:41:63:c3:ca:63:ad:72:bc:fb:db:f0:15:4f:f7".gsub(/:/, "").hex

p2 = n1.gcd(n2)
q2 = n2 / p2

puts p2
puts q2
raise "Failed factorization" unless p1 * q2 == n2

c = File.read('./almost_almost_almost_there.encrypted').to_hex

rsa = RSA.new(e, n2, p1, q2)
puts rsa.decrypt(c).to_ascii

以下が実行結果である.

9733382803370256893136109840971590971460094779242334919432347801491641617443615856221168611138933576118196795282443503609663168324106758595642231987246769
12401828372292379853813876769631673931562555174641979554254424458038243058638417065284301266881242433017828663818811606556559256084249679274024474025282343
rlSpJ6HbP+cZXaOuSPOe4pgfevGnXtLt

得られたパスワードを使って展開してみると,また同じように3つのファイルが得られた.次回に続く.

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0