from Crypto.Util.number import inverse, getPrime, bytes_to_long, long_to_bytes from Crypto.PublicKey import RSA from wiener_attack import wiener_attack flag = "h4tum{...}" m = bytes_to_long(flag.encode()) p = getPrime(512) q = getPrime(512) n = p * q phi = (p - 1) * (q - 1) d = getPrime(30) e = inverse(d, phi) ciphertext = pow(m, e, n) pubkey = RSA.construct((n, e)) pub_pem = pubkey.export_key(format="PEM") print(pub_pem.decode()) print(f"\nHere is the encrypted flag:\n{ciphertext}") rec_d = wiener_attack(e, n) print(long_to_bytes(pow(ciphertext, d, n))) # -----BEGIN PUBLIC KEY----- # MIIBHjANBgkqhkiG9w0BAQEFAAOCAQsAMIIBBgKBgGUboAvXiM8ETI/20wMIDKp4 # Yvh0bh90Rv5ixgn0cwUru18hYZdHMmbVRbbzImcJUl+TiGO6ED71fZARh55vpA+p # IVwrXsFUnUzpF+5Xt04qo6ums1nSd3Kqx/A1gBerMCk8sO8PPJwKW/SgUu8SpOMn # XtNB3UCiF5iklNzpRJ9BAoGAWMfZ0dEudQf+xEwd4jq066R781PuIQ+FwsEpDAtC # oFuPpJgo2JEhw6QHdPbSBSAZiJTeKUBrh34s1Y1ALNQy2HgpDF+UGvfndeqxI+tx # ZnhnmOKyFWLRS7CElp0YunzaWSjM9B4UeyDqnO70f0wopGhSrHx326ourFJBKDak # g0k= # -----END PUBLIC KEY----- # Here is the encrypted flag: # 33875780076252799475072801857719625760580293404621927950834466845200175353837317794093362254089677034810036784377827562641344104659319423578279557002930036256051311423722214046538552333691207322585750166331224527229737296960110973126147103391345215399552776397918690683992071757399724992352071896156421861125