Skip to main content

Lost Modulus

I encrypted a secret message with RSA but I lost the modulus. Can you help me recover it?

challenge.py
#!/usr/bin/python3
from Crypto.Util.number import getPrime, long_to_bytes, inverse
flag = open('flag.txt', 'r').read().strip().encode()

class RSA:
def __init__(self):
self.p = getPrime(512)
self.q = getPrime(512)
self.e = 3
self.n = self.p * self.q
self.d = inverse(self.e, (self.p-1)*(self.q-1))
def encrypt(self, data: bytes) -> bytes:
pt = int(data.hex(), 16)
ct = pow(pt, self.e, self.n)
return long_to_bytes(ct)
def decrypt(self, data: bytes) -> bytes:
ct = int(data.hex(), 16)
pt = pow(ct, self.d, self.n)
return long_to_bytes(pt)

def main():
crypto = RSA()
print ('Flag:', crypto.encrypt(flag).hex())

if __name__ == '__main__':
main()
output.txt
Flag: 05c61636499a82088bf4388203a93e67bf046f8c49f62857681ec9aaaa40b4772933e0abc83e938c84ff8e67e5ad85bd6eca167585b0cc03eb1333b1b1462d9d7c25f44e53bcb568f0f05219c0147f7dc3cbad45dec2f34f03bcadcbba866dd0c566035c8122d68255ada7d18954ad604965

solution

This WriteUp Solution is password protected by the flag of the challenge.

since we do not know any RSA key parameter except the public exponent(e), So we can not recover any parameter of RSA key.One of the possible solution comes to mind is that if the given ciphertext is cube of some number then we can recover the cube root of the ciphertext and then we can recover the plaintext. So we can use the following python script to recover the plaintext.

solve.py
from Crypto.Util.number import long_to_bytes
from gmpy2 import iroot

c = 0x05c61636499a82088bf4388203a93e67bf046f8c49f62857681ec9aaaa40b4772933e0abc83e938c84ff8e67e5ad85bd6eca167585b0cc03eb1333b1b1462d9d7c25f44e53bcb568f0f05219c0147f7dc3cbad45dec2f34f03bcadcbba866dd0c566035c8122d68255ada7d18954ad604965
m, _ = iroot(c, 3)
print(long_to_bytes(m).decode())

After running code you will get flag HTB{n3v3r_us3_sm4ll_3xp0n3n7s_f0r_rs4}