본문 바로가기

CTFs/Plaid 2014

[Plaid 2014] forensic : rsa

rsa

1
2
3
Forensic : rsa
Our archaeologists recovered a dusty and corrupted old hard drive used by The Plague in his trips into the past. 
It contains a private key, but this has long since been lost to bitrot. Can you recover the full key from the little information we have recovered?
cs

First, we need to recover corrupted private key. I just found a recovery tool.
For using this tool, we need to extract corrupted private key, public key and C(0x3 or 0x01001) value.

Following Codes could extract public key in public.pub. // i just got simple command line code extracting public key and 'C' in file

1
2
3
4
5
6
7
8
zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ cat public.pub | grep --- ----- | tr -'\n' | base64 -| openssl asn1parse -inform DER --strparse 18
    0:d=0  hl=3 l= 137 cons: SEQUENCE          
    3:d=1  hl=3 l= 129 prim:  INTEGER           
:DBFABDB1495D3276E7626B84796E9FC20FA13C1744F10C8C3F3E3C2C6040C2E7F313DFA3D1FE10
D1AE577CFEAB7452AA53102EEF7BE0099C022560E57A5C30D50940642D1B097DD2109AE02F2DCF
F8198CD5A395FCAC4266107848B9DD63C387D2538E50415343042033EA09C084155E652B0F06234
0D5D4717A402A9D806A6B
  135:d=1  hl=2 l=   3 prim:  INTEGER           :010001
cs

Corrupted private key -> extract from corrupted.pem

Making the file what 'rsabits' required. like below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
1024
1544748279767639201653289492575714864340542510401232355629195485569717320700361228
8686276621165483893892884678715426296308237869076494977579853150681231212484011918
3803533318584572089721609968673990239446902280820375462104365472096034361037571656
667701094669603984656457986138035424322928756694319644654201451
65537
19641192771366141232732842795884361672766957337046370010419092595661493546992953243
36792299908219810992318547099107661042360714520545076511016708422860811731998266633
52248034985631721809754738274283050527215852057574626382757858930643257729145018363
15559218393163814170991215800379374966890952093796574837761053335863236945149234630
69661593773125249167657014746520020775988347939040478501746322011701556423769684057
64924483329232710576273224640998480737356885866173281678875466037851939081292692819
32602738300724477360570725283865038045758788042093559698963189612844777981322566992
99799722416089041214256241556848645139263236240564099121196452404826044027636233858
43079897731446137824856033208798479614381363584292393471314391777446646912387426544
55772469905351145472183988641832381888462757837948095721110436673924217220974440811
08626521898428279243652743174473656091457027772014771301144068202471132223521204310
62812160
cs

Result of rsabits is printing 'p' and 'q' values.

1
2
3
4
= 126437406373951106528942622095020638990475202184362477358781881803359857898776013
96069401620713231058940443043891453952791936466967524033214476598572706213
= 122174942057803188748651980067594469696799211374748552984857168179259259118904152
86181103665676748660959871257808447814451048738105000263500773868071134927
cs

With these values, get corrected private key by using rsatool.py.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ rsatool.py -1264374063739511065289426220950
2063899047520218436247735878188180335985789877601396069401620713231058940443043891453
952791936466967524033214476598572706213 
-1221749420578031887486519800675944696967992113747485529848571681792592591189041528
6181103665676748660959871257808447814451048738105000263500773868071134927 -o private.key
Using (p, q) to initialise RSA instance
 
=
dbfabdb1495d3276e7626b84796e9fc20fa13c1744f10c8c3f3e3c2c6040c2e7f313dfa3d1fe10d1
ae577cfeab7452aa53102eef7be0099c022560e57a5c30d50940642d1b097dd2109ae02f2dcff819
8cd5a395fcac4266107848b9dd63c387d2538e50415343042033ea09c084155e652b0f062340d5d4
717a402a9d806a6b
 
= 65537 (0x10001)
 
=
fc253ca9a9de19aa112eceeeda01e33d1d8d42c3a952637f9e3e47dad5b965af5900bea7985c100b
483b201b098c1bf4ffa0dd2bc461d8a1ea13ce2d3b43d0f33fbd515c5053e69e7a4984c26bb8fa4c
75d7caa30bc5f77e605815b2b7a15cc8408bdef231e3284e6a10f7518dfdca96f67fcc7e525d9b46
8ebf4b2448e0349
 
=
f169511e66be0622c2ab2ec15a17c0c7a0c72808aecdba28c7f520ecad2365b29ccc3531db1abcc0
3e6939685fe214afd141ba9f6cfd3a73a5fae85a38f369a5
 
=
e945de2261e7b73317461ec48599715f2be4630866f99eda58a149ae102d1a91c4f909687f56ce65
d7faab0f649d8e8ae9fc2f7e535e1d5aa76197b4d7e9a6cf
 
Saving PEM as private.key
cs

Finally, we can decrypt given 'encrypted' file using corrected private key!

1
2
3
zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ openssl rsautl -decrypt -in encrypted -out plaintext -inkey private.key
zero@ubuntu:~/Desktop/ctf/plaid2014/rsa$ cat plaintext
crypt0>>>f0rensics3~
cs

The flag is crypt0>>>f0rensics3~


'CTFs > Plaid 2014' 카테고리의 다른 글

[Plaid 2014] pwnable : ezhp  (0) 2016.08.27
[Plaid 2014] reversing : hudak  (0) 2016.08.27
[Plaid 2014] forensic : zfs  (0) 2016.08.27
[Plaid 2014] forensic : curlcore  (0) 2016.08.27
[Plaid 2014] forensic : bbos  (0) 2016.08.27