ctf-writeup/BxMCTF 2023/RAID Safety Assays, But Fixed/README.md

76 lines
1.9 KiB
Markdown

# RAID Safety Assays, But Fixed
> The flag to this challenge is all lowercase, with no underscores.
> e = 65537
> n = 4629059450272139917534568159172903078573041591191268130667
> c = 6743459147531103219359362407406880068975344190794689965016
## About the Challenge
We have been given a python code and here is the content of the file
```python
from Crypto.Util.number import *
import random
p = getPrime(96)
q = getPrime(96)
n = p*q
e = 65537
flag = b'ctf{0000000000000000}'
flag = str(pow(bytes_to_long(flag), e, n))
perm = list(range(10))
random.shuffle(perm)
perm = list(map(str, perm))
c = ''.join([perm[int(x)] for x in flag])
print(f'e = {e}')
print(f'n = {n}')
print(f'c = {c}')
```
The aboce code generates two prime numbers `p` and `q`, calculates the modulus `n` for RSA encryption, encrypts a flag using the RSA encryption algorithm with the public exponent `e`, and applies a permutation cipher to the encrypted flag. The resulting encrypted flag `c` is then printed along with the values of `e` and `n`.
## How to Solve?
I created a python code to performs a brute-force search over all possible permutations of digits from 0 to 9 and I got the value of `p` and `q` using FactorDB
```python
import itertools
c = '6743459147531103219359362407406880068975344190794689965016'
e = 65537
p = 62682123970325402653307817299
q = 73849754237166590568543300233
permutations = list(itertools.permutations(range(10)))
for perm in permutations:
perm = list(map(str, perm))
c_list = [int(x) for x in c]
inv_perm = [perm.index(str(i)) for i in range(10)]
plaintext_permuted = [inv_perm[x] for x in c_list]
c_rev = ''.join(map(str, plaintext_permuted))
n = p*q
phi = (p-1)*(q-1)
d = inverse(e,phi)
m = pow(int(c_rev),d,n)
print(long_to_bytes(m))
```
And then run this program like this
```shell
python3 solve.py | grep "ctf"
```
![flag](images/flag.png)
```
ctf{cryptpainfulflag}
```