in Challenges

Hello!

I started the "Weak RSA" challenge today. It contains two files the "key.pub" which , as the name implies, is the public key and the "flag.enc" which is the file I need to decrypt.

I have tried to analyze the public key through OpenSSL but the modulo doesn't seem to be non-random i.e ( lots zeroes or any specific sequence).

Also what puzzled me was that the Exponent seemed way to big

Am I heading in the right track? Any help would be appreciated

Thanks in advance!

Sign In to comment.

- 3.6K All Categories
- 2.5K Discussion
- 1.3K Machines
- 478 Challenges
- 20 RastaLabs
- 129 Exploits
- 37 Programming
- 602 Off-topic
- 1K Tutorials
- 563 Writeups
- 94 Video Tutorials
- 166 Tools
- 197 Other
- 28 Links
- 28 News

## Comments

Hey Philip, yes you are on the right track! But pay attention on how you analyse the public key

Im stuck at the same place, i tried factorizing the modulus but to no avail

Remember that the

weak RSAit's a common CTF style problem. I'm sure you find tools to help you solve the challengeI used the only tool i could find, still no luck

if that tool fails, maybe see if others have suggested a fix to it

The tool does work. Be sure to install all dependencies. There is a requirements.txt in the folder. Do pip install -r requirements.txt to install them. And the extra one aswell.

Spoiler Removed - Arrexel@sender thx a lot for the link to the tool

Worked Great

Are you guys saying there's no way of solving this without the tool?

Hi, i did it with the tool from @sender (thank you very much sender) and everthing works finally. I would really like to know, how the tool did it. How did it proceed after i typed the command and pressed enter? What exactly happened with the key, and possibly what mathematical operations were involved?

It's not necessary to use the tool, you just have to "calculate"

`p`

and`q`

and then use the "non public key" to read the flag.(maybe this is a spoiler)

@MADHOLUB if you want you can PM me

If someone is still interested in the (mathematical) methods of factorizing n, I recommend this 29C3 talk: .

For the slides just search for "FactHacks: RSA factorization in the real world".

Since I did not solve the challenge yet, I can't say wether it is helpfull for the problem in "weak rsa". But it is a clear recommendation for anyone interested in this topic.

This helped a lot thanks for this!

I can't get that tool to work. I always get

"error: command 'x86_64-linux-gnu-gcc' failed with exit status 1"

The tool on offer is not working at all, it looks like you can no longer install gmpy2 and it's not supported for python3. I have tried to start solving this manually (not by hand), am I on the right lines trying to factor N or am I wasting my time?

Got it working in the end, solved, thanks.

Use python 2.7 and don't forgot to use pip for the requirements .txt for the next one.

This is good suggestion. Tool working now for me Thanks

Couldn't resist posting this. Hope it doesn't count as a spoiler.

Tool works fine as of this posting and will give you hint on method used to break the encryption. The flag itself should lead you to the right wiki page if you want to deep dive on how it works.

hi everyone

i git the exponent and modulus from the public key but after that i am stuck. I studies how RSA works and it seems there is no way to generate private key from public key. How to proceed further with this challenge?

there is a way to generate a private key from a public key the whole point of this challenge is to show you that with rsa if primes can be factored it will give you the other mathematical pieces you need to create a private key

Critical piece of information I became aware solving this challenge, if e is huge, so d is small.

Has anybody got p and q out of this with python?

Looks like my python script is going to run forever. It can solve factors of small numbers like 970295970782681553380331135367494949, but this challenge's n seems to be too big for it...

So I have just finished this and it was more challenging than expected just on the basis of how difficult the tool is. So in order to get this to work properly I went through the process of installing SageMath (if you start the tool without it installed you will get a bunch of messages saying some attacks can't be performed). You don't need those attacks so don't do not spend the time getting SageMath working.

When you run the tool it will get stuck on a particular attack so run each attack individually and you will get the flag.