daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/2023/UIUCTF 2023/At Home
History
daffainfo e6c48e50f1 feat: grouped the challs 2024-01-09 16:59:32 +07:00
..
images feat: grouped the challs 2024-01-09 16:59:32 +07:00
README.md feat: grouped the challs 2024-01-09 16:59:32 +07:00
chal.py feat: grouped the challs 2024-01-09 16:59:32 +07:00
chal.txt feat: grouped the challs 2024-01-09 16:59:32 +07:00

README.md

At Home

Mom said we had food at home

About the Challenge

We got 2 files, output.txt and chal.py. Here is the content of chal.py

from Crypto.Util.number import getRandomNBitInteger

flag = int.from_bytes(b"uiuctf{******************}", "big")

a = getRandomNBitInteger(256)
b = getRandomNBitInteger(256)
a_ = getRandomNBitInteger(256)
b_ = getRandomNBitInteger(256)

M = a * b - 1
e = a_ * M + a
d = b_ * M + b

n = (e * d - 1) // M

c = (flag * e) % n

print(f"{e = }")
print(f"{n = }")
print(f"{c = }")

And inside chal.txt there is information about the value of n, e, and c

e = 359050389152821553416139581503505347057925208560451864426634100333116560422313639260283981496824920089789497818520105189684311823250795520058111763310428202654439351922361722731557743640799254622423104811120692862884666323623693713
n = 26866112476805004406608209986673337296216833710860089901238432952384811714684404001885354052039112340209557226256650661186843726925958125334974412111471244462419577294051744141817411512295364953687829707132828973068538495834511391553765427956458757286710053986810998890293154443240352924460801124219510584689
c = 67743374462448582107440168513687520434594529331821740737396116407928111043815084665002104196754020530469360539253323738935708414363005373458782041955450278954348306401542374309788938720659206881893349940765268153223129964864641817170395527170138553388816095842842667443210645457879043383345869

How to Solve?

I created a python code to solve this problem

from Crypto.Util.number import inverse

# Given values
e = 359050389152821553416139581503505347057925208560451864426634100333116560422313639260283981496824920089789497818520105189684311823250795520058111763310428202654439351922361722731557743640799254622423104811120692862884666323623693713
n = 26866112476805004406608209986673337296216833710860089901238432952384811714684404001885354052039112340209557226256650661186843726925958125334974412111471244462419577294051744141817411512295364953687829707132828973068538495834511391553765427956458757286710053986810998890293154443240352924460801124219510584689
c = 67743374462448582107440168513687520434594529331821740737396116407928111043815084665002104196754020530469360539253323738935708414363005373458782041955450278954348306401542374309788938720659206881893349940765268153223129964864641817170395527170138553388816095842842667443210645457879043383345869

# Step 1: Calculate M
M = (e * inverse(e - 1, n) - 1) // n

# Step 2: Factorize M as a * b - 1
for a in range(2, M + 1):
    if M % a == 0:
        b = M // a
        break

# Step 3: Solve for a and b
a = (M + 1) // b

# Step 4: Calculate a_ and b_
a_ = (e - a) // M
b_ = (inverse(e, a) - b) // M

# Step 5: Decrypt the ciphertext to obtain the flag
d = inverse(e, (a_ * M + a) * (b_ * M + b))
flag = (pow(c, d, n) // e).to_bytes((n.bit_length() + 7) // 8, 'big').decode()

print("Decrypted Flag:", flag)

And then run the code and voilà you get the flag

flag

uiuctf{W3_hav3_R5A_@_h0m3}