**Cryptographie 200 - Poor RSA** Énoncé : This time Fady decided to go for modern cryptography implementations, He is fascinated with choosing his own prime numbers, so he picked up RSA once more. Yet he was unlucky again! A notre disposition nous avons : - Un message chiffré Ni45iH4UnXSttNuf0Oy80+G5J7tm8sBJuDNN7qfTIdEKJow4siF2cpSbP/qIWDjSi+w= - Une clé publique Résolution : Récupération des infos de la clé publique : openssl rsa -in key.pub -pubin -text -modulus > info_key Public-Key: (399 bit) Modulus: 52:a9:9e:24:9e:e7:cf:3c:0c:bf:96:3a:00:96:61: 77:2b:c9:cd:f6:e1:e3:fb:fc:6e:44:a0:7a:5e:0f: 89:44:57:a9:f8:1c:3a:e1:32:ac:56:83:d3:5b:28: ba:5c:32:42:43 Exponent: 65537 (0x10001) Modulus=52A99E249EE7CF3C0CBF963A009661772BC9CDF6E1E3FBFC6E44A07A5E0F894457A9F81C3AE132AC5683D35B28BA5C324243 writing RSA key -----BEGIN PUBLIC KEY----- ME0wDQYJKoZIhvcNAQEBBQADPAAwOQIyUqmeJJ7nzzwMv5Y6AJZhdyvJzfbh4/v8 bkSgel4PiURXqfgcOuEyrFaD01soulwyQkMCAwEAAQ== -----END PUBLIC KEY----- Il faut maintenant convertir le modulo de l'hexadécimal à l'int. On utilise le site : [[http://www.mobilefish.com/services/big_number/big_number.php]] On factorise sur factor-db : http://factordb.com/index.php?query=833810193564967701912362955539789451139872863794534923259743419423089229206473091408403560311191545764221310666338878019 On obtient les deux facteurs premiers. Du coup on a : modulo=833810193564967701912362955539789451139872863794534923259743419423089229206473091408403560311191545764221310666338878019 exponent=65537 p=863653476616376575308866344984576466644942572246900013156919 q=965445304326998194798282228842484732438457170595999523426901 On va recréer notre clé privé avec le code get_priv_key.c (voir article RSA) : On compile le code gcc -o get_priv_key get_priv_key.c -lssl -lcrypto On créer la clé privé : ./get_priv_key 863653476616376575308866344984576466644942572246900013156919 965445304326998194798282228842484732438457170595999523426901 65537 > priv.key On déchiffre le fichier : openssl rsautl -decrypt -inkey priv.key -in <(base64 -d flag.b64 ) ALEXCTF{SMALL_PRIMES_ARE_BAD}