BYUCTF 2024 | Are S A-writeup

crypto/Are S A? [353 Solves]

Challenge Description

Found these keys… wonder what they do…

Challenge Author

Author: overllama

Challenge Files

we are provided with a text file

n =  128393532851463575343089974408848099857979358442919384244000744053339479654557691794114605827105884545240515605112453686433508264824840575897640756564360373615937755743038201363814617682765101064651503434978938431452409293245855062934837618374997956788830791719002612108253528457601645424542240025303582528541
e =  65537
c =  93825584976187667358623690800406736193433562907249950376378278056949067505651948206582798483662803340120930066298960547657544217987827103350739742039606274017391266985269135268995550801742990600381727708443998391878164259416326775952210229572031793998878110937636005712923166229535455282012242471666332812788

Solution

we are provided with a text file that contains three parameters n, e, c without context. guessing from the challenge name, we could assume these to be the parameters of the RSA cryptosystem. therefore, we could conclude the goal of this challenge to retrieve the plaintext m.

the very first intuition i had was perhaps n is a prime? we could quickly test this using the following script

from Crypto.Util.number import *

n =  128393532851463575343089974408848099857979358442919384244000744053339479654557691794114605827105884545240515605112453686433508264824840575897640756564360373615937755743038201363814617682765101064651503434978938431452409293245855062934837618374997956788830791719002612108253528457601645424542240025303582528541

print(isPrime(n))

and the result is

fooker@fooker:~/byuctf-2024/crypto/Are_SA?$ python3 solve.py
True

the result is positive which implies we can compute the reverse of the encryption function

Decryption

the encryption scheme could be mathematically represented as $$ c \equiv m^e \pmod{n} $$ since we can know compute d such that $ed = 1 \pmod{n - 1}$ $$ \implies c^d \equiv (m^e)^d \equiv m^{ed} \equiv m \pmod{n} $$ which computes the plaintext that we require!

Solve Script 

from Crypto.Util.number import *

n =  128393532851463575343089974408848099857979358442919384244000744053339479654557691794114605827105884545240515605112453686433508264824840575897640756564360373615937755743038201363814617682765101064651503434978938431452409293245855062934837618374997956788830791719002612108253528457601645424542240025303582528541
e =  65537
c =  93825584976187667358623690800406736193433562907249950376378278056949067505651948206582798483662803340120930066298960547657544217987827103350739742039606274017391266985269135268995550801742990600381727708443998391878164259416326775952210229572031793998878110937636005712923166229535455282012242471666332812788

print(long_to_bytes(pow(c, pow(e, -1, n - 1), n)))

and that gives us the flag

fooker@fooker:~/byuctf-2024/crypto/Are_SA?$ python3 solve.py
b'byuctf{d1d_s0m3_rs4_stuff...m1ght_d3l3t3_l4t3r}'