Official discussion thread for TwoForOne. Please do not post any spoilers or big hints.

Sign In to comment.

- 4.3K All Categories
- 3.1K Discussion
- 1.5K Machines
- 559 Challenges
- 28 RastaLabs
- 164 Exploits
- 53 Programming
- 754 Off-topic
- 1.3K Tutorials
- 658 Writeups
- 106 Video Tutorials
- 195 Tools
- 294 Other
- 36 Links
- 36 News

## Comments

Do I need a supercalculator to do this ? I implemented basic solutions related to that type of attack but they seem to only work for low exponents and my computer might have lost two years of life expectancy. What's the mathematical trick I'm missing ?

Edit : Solved. I'm not sure how but... solved. Also, you probably shouldn't try to implement your own mathematical functions, they're probably a lot worse than what the 1337 M4th can do

Edit2 : Oh, yeah, naming your variables msg1 and msg2 and then using 1 when you need 2, good job ! So, I can say it now : SOLVED and UNDERSTOOD !

This challenge can be solved using different calculators and scripts..

but Is there anybody tried to solve this challenge with CrypTool 2?

It would be great if it is possible to repeat solution using CrypTool!

Guys im kinda new to HTB.

is there any data inside the zip file...cuz i dont see any

Type your comment> @BurnDem said:

Yes. And a password, indicated on the page of the challenge.

If you entered the password and nothing comes out of the archive, you should try to download it again.

For people asking, this challenge doesn't require any super calculator or anything of the sort just basic math. I do recommend though that you not use functions you created yourself

If what I said helped you you can always send some respects ^^

Haha, yeah I tried to implement my own functions and it didn't work -- but now that I have a working example I can fix them!

I dont wanna give too much away but did you know SymPy has a really cool function called mod_inverse? It works well for really large numbers in case you aren't a number theory guru.

I liked this challenge, made me feel stupid but like, in a good way?

King of feeling stupid

I notice what the keys have in common, I just have no idea where to go from there. Any sort of nudge would be appreciated.

Spoiler RemovedSpoiler RemovedTry and think of what the public and private keys are actually doing. There is a mathematical theorem that does the same thing

If what I said helped you you can always send some respects ^^

Nice Challenge, need more reading to figure out the attack. anyway solved with full understanding.

Hint:

compare both keys there is something common between them.

Try!ng Hard3r, N3v3r G!v3Up.

I think I understand what needs to be done but I feel stupid cause I can't find a way to get the message1 and 2 into an integer to perform the mathematical functions required. You guys have any hint on how to do that?

@splintercelian I would recommend you check

`pycrtodome`

documentation. They might have something ^^If what I said helped you you can always send some respects ^^

I think I know the theory behind the attack but actually implementing it is causing me problems. Assuming I have "u" (some value that I will use as "e" or "d" in RSA), how do I compute m**u?

Hi there, I'm having some problems to solve this challenge. I've tried working with the phi(n) function (from sympy) to calculate the private exponent (d). However until this moment it haven't worked because it seems a complicate calculation for large numbers (or I don't know if I'm using the incorrect function since @Fukurou mentioned that It only need basic math). I would thank if someone could advice me or told me If I've forgotten a step to find the solution.

@rdanilu your idea is technically correct. However, this amounts to factoring n which at the point is impossible unless you want to wait a while. You need to think more basic number theory. Google can be a great help too

If what I said helped you you can always send some respects ^^

Hi, can I pm someone for a hint on how to start this challenge ?

@lel1q I would appreciate some help. Thank you

Hey , I think I got the original message but its in the format of large integer (got this after some calculations ). Can someone please help me to get string from this large int?

@Fukurou, computing

`Pow(message[as a big int], relative big number[~100K])`

takes forever, is there a trick to avoid this computation?EDIT: was long but worked at the end! Nice challenge

Hello, I have studied how RSA and generic public key cryptographic algorithms work, but I don't understand how to obtain all the elements that are needed to perform the necessary computation. Also, the fact that here someone is talking about basic math gets me confused, but in general I think I am not converting the public key/the messages in the correct way. If someone could give me some help I'd be very grateful

EDIT: I finally managed to retrieve the correct information from the .pem files (before I was using simple string-to-hex encoding), but now retrieving a private key seems unfeasible due to the huge numbers, even though many of you said only basic math is needed

EDIT: finally got it, it was a really hard challenge, despite what others may say, if you are not really into the topic. Still I am now really satisfied with what I learned. For anyone having trouble, feel free to dm me, I can give some hints without spoiling anything

(Plaintext^public_key)%N = cipher text. Since plain text is same can we try to compare two equation to find N

Don't know if I am correct

when I run:

$ openssl x509 -in key1.pem -text -noout

I get:

unable to load certificate. 1397297262113920909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

Also, some common python modules fail to load these PEM files too. I was able to parse them with some other tools and get the necessary information, but I am wondering why the most common methods fail? Am I overlooking something silly? Can anyone kindly explain? I feel frustrated.

~Thanks!

@JumpingLlama said:

The file isn't an x.509 certificate, but "only" a public key. In those cases, you need to use

GREM | OSCE | GASF | eJPT

Feel free to PM me your questions, but please explain what you tried, so far.

Currently busy with AWAE

Type your comment> @HomeSen said:

forehead slapThank you!! That's exactly the help I neededEdit: ...and, solved now. Nice challenge. If you google using the correct name of the attack, there is quite a "common" amount of info out there.

Hello I've been at this for a long time now. I've tried small public exponent attack, factorizing n, but no luck. Can I DM somebody for a hint?

edit: I found the attack but when i use it, python reports OverflowError: int too large to convert to float.

edit: I completed the challenge. Apply modulus every time possible, don't wait for the final calculation to finish and then apply modulus. Don't use python's ** operator or pow function DIRECTLY for negative powers while dealing with modulo arithmetic.

Not too easy. But it made sense after. If you are stuck, this may help

https://github.com/Ganapati/RsaCtfTool