Primary Knowledge

Personal Rating: Medium

We have an encryption script:

import math
from Crypto.Util.number import getPrime, bytes_to_long
from secret import FLAG

m = bytes_to_long(FLAG)

n = math.prod([getPrime(1024) for _ in range(2**0)])
e = 0x10001
c = pow(m, e, n)

with open('output.txt', 'w') as f:
    f.write(f'{n = }\n')
    f.write(f'{e = }\n')
    f.write(f'{c = }\n')

The following parts were given:

n = 144595784022187052238125262458232959109987136704231245881870735843030914418780422519197073054193003090872912033596512666042758783502695953159051463566278382720140120749528617388336646147072604310690631290350467553484062369903150007357049541933018919332888376075574412714397536728967816658337874664379646535347
e = 65537
c = 15114190905253542247495696649766224943647565245575793033722173362381895081574269185793855569028304967185492350704248662115269163914175084627211079781200695659317523835901228170250632843476020488370822347715086086989906717932813405479321939826364601353394090531331666739056025477042690259429336665430591623215

If you were to test an actual RSA implementation, you could extract n and e from the public key using openssl.

All values are in integer format.

Trying to use RsaCtfTool to try some attacks against it, it notes that the modulus n is a prime number and the attacks are not necessary. Researching about this I find out that you can calculate the private element d from n and e, if n is a prime number. https://ctftime.org/writeup/9333

d, in the special case of n as prime, is the multiplicative inverse of e and n:

m is then c^d % n

This is the decryptor I wrote:

import gmpy2
import binascii

e = 65537
n = 144595784022187052238125262458232959109987136704231245881870735843030914418780422519197073054193003090872912033596512666042758783502695953159051463566278382720140120749528617388336646147072604310690631290350467553484062369903150007357049541933018919332888376075574412714397536728967816658337874664379646535347
c = 15114190905253542247495696649766224943647565245575793033722173362381895081574269185793855569028304967185492350704248662115269163914175084627211079781200695659317523835901228170250632843476020488370822347715086086989906717932813405479321939826364601353394090531331666739056025477042690259429336665430591623215

p = n
phi_p = p - 1
d = gmpy2.invert(e, phi_p)
m = pow(c,d,n)

m_hex = hex(int(m))[2:]
flag = binascii.unhexlify(m_hex).decode('utf-8')

print(flag)

HTB{0h_d4mn_4ny7h1ng_r41s3d_t0_0_1s_1!!!}