A Fine OTP Server
- Cryptography, RSA
- 79 points
- Description: Connect to OTP generator server, and try to find one OTP.
nc 66.172.27.77 35156
So in the OTP server, they give us a RSA modulus, an encrypted message, and the function used to encrypt the message. The One Time Pads are encrypted with:
def gen_otps():
template_phrase = 'Welcome, dear customer, the secret passphrase for today is: '
OTP_1 = template_phrase + gen_passphrase(18)
OTP_2 = template_phrase + gen_passphrase(18)
otp_1 = bytes_to_long(OTP_1)
otp_2 = bytes_to_long(OTP_2)
nbit, e = 2048, 3
privkey = RSA.generate(nbit, e = e)
pubkey = privkey.publickey().exportKey()
n = getattr(privkey.key, 'n')
r = otp_2 - otp_1
if r < 0:
r = -r
IMP = n - r**(e**2)
if IMP > 0:
c_1 = pow(otp_1, e, n)
c_2 = pow(otp_2, e, n)
return pubkey, OTP_1[-18:], OTP_2[-18:], c_1, c_2
The template phrase is 60 bytes long, and OTP_1, which includes
the passphrase, is 78 bytes, or 624 bits long. is on the order of 624*3 bits long. , so this doesn't wrap around the modulus! We just need to take the cubed root of one of the given messages, and provide that to the server to get the flag.
valar@valardev-Vostro-3460-mint ~ $ nc 66.172.27.77 35156
|-------------------------------------|
| Welcome to the S3cure OTP Generator |
|-------------------------------------|
| Guess the OTP and get the nice flag!|
| Options:
[F]irst encrypted OTP
[S]econd encrypted OTP
[G]uess the OTP
[P]ublic key
[E]ncryption function
[Q]uit
P
the public key is:
-----BEGIN PUBLIC KEY-----
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAvdBapg5SXCJHVikgokU0
c0LA67ftF9ZhIrqSETuq3N9ENeyJ8JJ2k4Yhd/6KSAmpeeKBBtCsdGRNTp9Fr0C3
UHHoilQNcY90nemQM9rXvqbHxv1jxqwzXzaa+PMIpYS1L4SuZCS6pg0EHyKyh8yA
hn0bYs++29n3JC3qMZTuUk9qaqmESXYN4h3E+7iagPQSlBOOf7j9oDRr+1xWLy6p
YhdGP5T9D0OLRK1YxtKxfKf2CNcbpmSQbWZsDNNf6XLE/bY/W2cqzLYM/kqelMUW
zCEkDkAB8rbqNMew3vXKPkzAutjOAgHHXyMki7drh69Iqh/PwUdEkFGVJM6qDTlV
nQIBAw==
-----END PUBLIC KEY-----
S
13424849164527521403756445050870196571038349263738328860728317613249912394547060932323343839684520029298203039106900245311207700034998334716959147080496357763457295947526957049778372756495200446608399891341545104439044387558803483395758936347236422777032750389168685961215888900831895812978537767135180444146730600624258885143451110857613987242815230302366387575914921806179951025936110822860493612676495094084562385780429368251618285138710394367778529362284103719513422256240065550184346443798331957264278917052649310159470104960346812700994655607599455558277625
Now if we just take the cubed root in python, with the following:
>>> import gmpy
>>> S =
13424849164527521403756445050870196571038349263738328860728317613249912394547060932323343839684520029298203039106900245311207700034998334716959147080496357763457295947526957049778372756495200446608399891341545104439044387558803483395758936347236422777032750389168685961215888900831895812978537767135180444146730600624258885143451110857613987242815230302366387575914921806179951025936110822860493612676495094084562385780429368251618285138710394367778529362284103719513422256240065550184346443798331957264278917052649310159470104960346812700994655607599455558277625
>>> gmpy.root(S,3)
(mpz(23766750386011171096524965335062551726344030679891013787685943574919990535673615479694411579744947646169980809461874073987449785044052175643595830657866834651236910043569261364887415705705L),
1)
>>> a =
23766750386011171096524965335062551726344030679891013787685943574919990535673615479694411579744947646169980809461874073987449785044052175643595830657866834651236910043569261364887415705705L
>>> import binascii
>>> binascii.unhexlify(hex(a)[2:-1])
'Welcome, dear customer, the secret passphrase for today is:
UEcAoQ9pGZ16DCWPPi'
If we enter UEcAoQ9pGZ16DCWPPi into our netcat session, we get
our flag:
ASIS{0fae19fefbb44b37f9012b561698d19}