picoCTF
B00tl3grsa2 [400 pts]
Challenge Description:
In RSA d is a lot bigger than e, why don’t we use d to encrypt instead of e? Connect with nc jupiter.challenges.picoctf.org 18243
.
Connect to the service. It should give you some n, e, and c (will not be the same as the ones in this writeup).
c = 1059029782574816420891862426161484446622095050479209214698220028982338114861062529922402955047107715333123926430711862071722700486317101847247143554446599232949360556800236112483076268882718509537548565630538571584725621579656843334371095088385854513340199097770020114096296181934562093689944612126459909213
n = 104187082383132006903737696230983562309844499153411415480782282130898023449271511621805144790422964546235232541326218517403277252882849828976617475636147943508793352888723949320340831951544953034931054092754562907952022727900217084283336443348537327738397969807734672106385259218632176453621029313370365459981
e = 26237142494334660450421699781743941778868022857742984895476307799996047713608755783851444369152396461099322182309960944370717118293155829187025570561651972386037394656277981491366101192980390356464683743815327612857717035063119219436904652080127763691356830908142820193748985212423997238647899356694706276097
In this problem, the message was apparently encrypted with the d value, i.e. the e value listed above. The key idea here is that the e value is often specially selected to be one of 3, 17, or 65537. Thus, we can test out each value of e as the private key exponent to decrypt this. Eventually, you should find that e is 65537.
c = 1059029782574816420891862426161484446622095050479209214698220028982338114861062529922402955047107715333123926430711862071722700486317101847247143554446599232949360556800236112483076268882718509537548565630538571584725621579656843334371095088385854513340199097770020114096296181934562093689944612126459909213
n = 104187082383132006903737696230983562309844499153411415480782282130898023449271511621805144790422964546235232541326218517403277252882849828976617475636147943508793352888723949320340831951544953034931054092754562907952022727900217084283336443348537327738397969807734672106385259218632176453621029313370365459981
e = 26237142494334660450421699781743941778868022857742984895476307799996047713608755783851444369152396461099322182309960944370717118293155829187025570561651972386037394656277981491366101192980390356464683743815327612857717035063119219436904652080127763691356830908142820193748985212423997238647899356694706276097
m = pow(c, 65537, n)
m = format(m, 'x')
print(m)
ascii_str = bytes.fromhex(m).decode("ASCII") # convert to ascii
print(ascii_str)
picoCTF{bad_1d3a5_4783252}