rsa
1 2 3 | Forensic : rsa Our archaeologists recovered a dusty and corrupted old hard drive used by The Plague in his trips into the past. It contains a private key, but this has long since been lost to bitrot. Can you recover the full key from the little information we have recovered? | cs |
First, we need to recover corrupted private key. I just found a recovery tool.
For using this tool, we need to extract corrupted private key, public key and C(0x3 or 0x01001) value.
Following Codes could extract public key in public.pub. // i just got simple command line code extracting public key and 'C' in file
1 2 3 4 5 6 7 8 | zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ cat public.pub | grep -v -- ----- | tr -d '\n' | base64 -d | openssl asn1parse -inform DER -i -strparse 18 0:d=0 hl=3 l= 137 cons: SEQUENCE 3:d=1 hl=3 l= 129 prim: INTEGER :DBFABDB1495D3276E7626B84796E9FC20FA13C1744F10C8C3F3E3C2C6040C2E7F313DFA3D1FE10 D1AE577CFEAB7452AA53102EEF7BE0099C022560E57A5C30D50940642D1B097DD2109AE02F2DCF F8198CD5A395FCAC4266107848B9DD63C387D2538E50415343042033EA09C084155E652B0F06234 0D5D4717A402A9D806A6B 135:d=1 hl=2 l= 3 prim: INTEGER :010001 | cs |
Corrupted private key -> extract from corrupted.pem
Making the file what 'rsabits' required. like below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | 1024 1544748279767639201653289492575714864340542510401232355629195485569717320700361228 8686276621165483893892884678715426296308237869076494977579853150681231212484011918 3803533318584572089721609968673990239446902280820375462104365472096034361037571656 667701094669603984656457986138035424322928756694319644654201451 65537 19641192771366141232732842795884361672766957337046370010419092595661493546992953243 36792299908219810992318547099107661042360714520545076511016708422860811731998266633 52248034985631721809754738274283050527215852057574626382757858930643257729145018363 15559218393163814170991215800379374966890952093796574837761053335863236945149234630 69661593773125249167657014746520020775988347939040478501746322011701556423769684057 64924483329232710576273224640998480737356885866173281678875466037851939081292692819 32602738300724477360570725283865038045758788042093559698963189612844777981322566992 99799722416089041214256241556848645139263236240564099121196452404826044027636233858 43079897731446137824856033208798479614381363584292393471314391777446646912387426544 55772469905351145472183988641832381888462757837948095721110436673924217220974440811 08626521898428279243652743174473656091457027772014771301144068202471132223521204310 62812160 | cs |
Result of rsabits is printing 'p' and 'q' values.
1 2 3 4 | p = 126437406373951106528942622095020638990475202184362477358781881803359857898776013 96069401620713231058940443043891453952791936466967524033214476598572706213 q = 122174942057803188748651980067594469696799211374748552984857168179259259118904152 86181103665676748660959871257808447814451048738105000263500773868071134927 | cs |
With these values, get corrected private key by using rsatool.py.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ rsatool.py -p 1264374063739511065289426220950 2063899047520218436247735878188180335985789877601396069401620713231058940443043891453 952791936466967524033214476598572706213 -q 1221749420578031887486519800675944696967992113747485529848571681792592591189041528 6181103665676748660959871257808447814451048738105000263500773868071134927 -o private.key Using (p, q) to initialise RSA instance n = dbfabdb1495d3276e7626b84796e9fc20fa13c1744f10c8c3f3e3c2c6040c2e7f313dfa3d1fe10d1 ae577cfeab7452aa53102eef7be0099c022560e57a5c30d50940642d1b097dd2109ae02f2dcff819 8cd5a395fcac4266107848b9dd63c387d2538e50415343042033ea09c084155e652b0f062340d5d4 717a402a9d806a6b e = 65537 (0x10001) d = fc253ca9a9de19aa112eceeeda01e33d1d8d42c3a952637f9e3e47dad5b965af5900bea7985c100b 483b201b098c1bf4ffa0dd2bc461d8a1ea13ce2d3b43d0f33fbd515c5053e69e7a4984c26bb8fa4c 75d7caa30bc5f77e605815b2b7a15cc8408bdef231e3284e6a10f7518dfdca96f67fcc7e525d9b46 8ebf4b2448e0349 p = f169511e66be0622c2ab2ec15a17c0c7a0c72808aecdba28c7f520ecad2365b29ccc3531db1abcc0 3e6939685fe214afd141ba9f6cfd3a73a5fae85a38f369a5 q = e945de2261e7b73317461ec48599715f2be4630866f99eda58a149ae102d1a91c4f909687f56ce65 d7faab0f649d8e8ae9fc2f7e535e1d5aa76197b4d7e9a6cf Saving PEM as private.key | cs |
Finally, we can decrypt given 'encrypted' file using corrected private key!
1 2 3 | zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ openssl rsautl -decrypt -in encrypted -out plaintext -inkey private.key zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ cat plaintext crypt0>>>f0rensics3~ | cs |
The flag is crypt0>>>f0rensics3~
'CTFs > Plaid 2014' 카테고리의 다른 글
| [Plaid 2014] pwnable : ezhp (0) | 2016.08.27 |
|---|---|
| [Plaid 2014] reversing : hudak (0) | 2016.08.27 |
| [Plaid 2014] forensic : zfs (0) | 2016.08.27 |
| [Plaid 2014] forensic : curlcore (0) | 2016.08.27 |
| [Plaid 2014] forensic : bbos (0) | 2016.08.27 |
