GPN14: Espionage – The Hard Way


This year, the GPN included a CTF organized by squareroots. This post is about the service Espionage including an alternative solution.

The Service

We had a telnet decryption service and a screenshot indicating we would have to deal with RSA. The screenshot also included an encrypted version of a flag.txt, 31319528277563551791166984607206341790, so this was our target.

The Way It Was Meant To Be

Well, we had the decryption service, so why not try that one?

Looks like they installed a check for that special number preventing us from decrypting flag.txt. So how can we bypass that check? The easiest way would be by adding a leading zero:

So we’re done here.

The Hard Way

That was a bit too easy, right? Well, actually, I just didn’t had the idea to try it with the leading zero. So let’s use more math!

As one can read on Wikipedia, if we have a message m, its encrypted form c and a number r and we decrypt c*r^e, we get m*r. Using algorithms for fast exponentiation

and inverting (modulo N)

we can get m (I set r to 2). As above, the result is 3133734221.

A third way is to factorize N into p and q and using them to get the secret key. sage mathematics needs less than 2 seconds to find them.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">