Merge branch 'master' of https://github.com/rev112/stepctf-2015

Author: patrick-me

ASR/create/README.md

@@ -0,0 +1,30 @@
+1. Generate N E D using tool rsa-wiener-attack (https://github.com/pablocelayes/rsa-wiener-attack) and save selected in "Selected_n_e_d.txt" file.
+
+```bash
+   python RSAvulnerableKeyGenerator.py
+```
+
+2. Generate private.key PEM file using rsatool (https://github.com/ius/rsatool).
+
+```bash
+   python rsatool.py `cat Selected_n_e_d.txt` -o private.key
+```
+
+3. Generate public.key.
+
+```bash
+    openssl rsa -in private.key -out public.key -outform PEM -pubout
+```
+
+4. Encode message.
+
+```bash
+    openssl rsautl -encrypt -inkey public.key -pubin -in message -out secret
+```
+5. Test on decoding.
+
+```bash
+    openssl rsautl -decrypt -inkey private.key -in secret -out test && md5sum test message
+```
+
+6. Deploy "secret" and public.key files.

ASR/create/Selected_n_e_d.txt

@@ -0,0 +1,2 @@
+-n 505425768438331379583477586793149859779016357536173445727601368429083506892946939712080149243185374889149712883669777241472138976122128303833013626951967984174860289009798083861065343256637740820678289846106861235730545954153000328476846659202260440502052387534350213826713370874369664454639519512880131587979 -e 406337194415078969135388012199768851534892405717049052243569601877767720306971351962115455780742226903789914852797732475115620696182173145519244169134462893981827754911556903443954791096825007180380141420831124481112731502488517569927478504486615667200169344800534739661939136312208398465567840505121573367837 -d 5505607512671258899404366558275649879039721916551771524402852924475941011773
+

ASR/create/message

@@ -0,0 +1 @@
+STCTF#Dang3r0u51R5AMay83Vu1n3ra813#

ASR/create/private.key

@@ -0,0 +1,13 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICOQIBAAKBgQLPwAwnXFZ/EvKE1IZLFSokmZYuJVBtfhhPor4aDVDdyQXd6XncJ3U8kGC7Aez7
+tUBtHXjOjcjKKWsZwyBKoYzmlIWovJpXoXFQhRCaUBgbN+SM0mJ7jaOAoVLpcfJG5auJ4MtedvVR
+/ZklEF+IetObLYZ3Mxq2aAK15Kx0Zte/iwKBgQJCpLQKCrtWDlDkfOYZJvwq8hbHatbcUubpp46b
+QmCdV18w3W2sOsMjPoYlFNie7jicukMPYB+BpX8bfpFY3G86AHDe43kfnL2zS53hsSy7faRusOnm
+Bal1oJc7GCVSOaJ5iCWTEvFEaIY4i+Mg0ol+HPmEGJjZMXdsODEwYGLwHQIgDCwQPH4iUFihfz18
+b8epCYLzO2r9l8thz3zOdX47QT0CQQFeBr2+s8lKeGiG0FsWa55NDi0h6ShCTLBfUM8BkBNmMbqz
+5VybaKajeDTGwHpZYBTgVf8hmloh/geJcuBfwJu/AkECDmf/q3wc9yzgKUNtaWuGf+krVnmSCXeS
+7Lhrf2SbygyjjT7emWpgpzw/EoJ2wCg4JBZBmmZ82d8F8imYYTy/NQIgDCwQPH4iUFihfz18b8ep
+CYLzO2r9l8thz3zOdX47QT0CIAwsEDx+IlBYoX89fG/HqQmC8ztq/ZfLYc98znV+O0E9AkAoVQGA
+5pcRKjARucSUlUIq/+XiZZ7qh9Ip7nSm+XCz90UyHEHBTsQ15YgfEfELeZATXLC2BXma+XZU4IIk
+TMRw
+-----END RSA PRIVATE KEY-----

ASR/create/public.key

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKBgQLPwAwnXFZ/EvKE1IZLFSok
+mZYuJVBtfhhPor4aDVDdyQXd6XncJ3U8kGC7Aez7tUBtHXjOjcjKKWsZwyBKoYzm
+lIWovJpXoXFQhRCaUBgbN+SM0mJ7jaOAoVLpcfJG5auJ4MtedvVR/ZklEF+IetOb
+LYZ3Mxq2aAK15Kx0Zte/iwKBgQJCpLQKCrtWDlDkfOYZJvwq8hbHatbcUubpp46b
+QmCdV18w3W2sOsMjPoYlFNie7jicukMPYB+BpX8bfpFY3G86AHDe43kfnL2zS53h
+sSy7faRusOnmBal1oJc7GCVSOaJ5iCWTEvFEaIY4i+Mg0ol+HPmEGJjZMXdsODEw
+YGLwHQ==
+-----END PUBLIC KEY-----

ASR/create/secret

@@ -0,0 +1 @@
+-n 0x02cfc00c275c567f12f284d4864b152a2499962e25506d7e184fa2be1a0d50ddc905dde979dc27753c9060bb01ecfbb5406d1d78ce8dc8ca296b19c3204aa18ce69485a8bc9a57a1715085109a50181b37e48cd2627b8da380a152e971f246e5ab89e0cb5e76f551fd9925105f887ad39b2d8677331ab66802b5e4ac7466d7bf8b -e 0x0242a4b40a0abb560e50e47ce61926fc2af216c76ad6dc52e6e9a78e9b42609d575f30dd6dac3ac3233e862514d89eee389cba430f601f81a57f1b7e9158dc6f3a0070dee3791f9cbdb34b9de1b12cbb7da46eb0e9e605a975a0973b18255239a27988259312f1446886388be320d2897e1cf9841898d931776c3831306062f01d

ASR/solution/nepair

@@ -0,0 +1 @@
+-p 18332366563702812004827960767382231259638895239413282702812009894882946745998553209194850588719103121402937914114124705492672432051453957400966421943458751 -q 27570132131170104824343411575743642180767006452664381672813278738573428245458845155699724266932275812596878966520171881476555627563245277293094684982034229 -e 406337194415078969135388012199768851534892405717049052243569601877767720306971351962115455780742226903789914852797732475115620696182173145519244169134462893981827754911556903443954791096825007180380141420831124481112731502488517569927478504486615667200169344800534739661939136312208398465567840505121573367837

ASR/solution/pqetuple

@@ -0,0 +1,13 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICOQIBAAKBgQLPwAwnXFZ/EvKE1IZLFSokmZYuJVBtfhhPor4aDVDdyQXd6XncJ3U8kGC7Aez7
+tUBtHXjOjcjKKWsZwyBKoYzmlIWovJpXoXFQhRCaUBgbN+SM0mJ7jaOAoVLpcfJG5auJ4MtedvVR
+/ZklEF+IetObLYZ3Mxq2aAK15Kx0Zte/iwKBgQJCpLQKCrtWDlDkfOYZJvwq8hbHatbcUubpp46b
+QmCdV18w3W2sOsMjPoYlFNie7jicukMPYB+BpX8bfpFY3G86AHDe43kfnL2zS53hsSy7faRusOnm
+Bal1oJc7GCVSOaJ5iCWTEvFEaIY4i+Mg0ol+HPmEGJjZMXdsODEwYGLwHQIgDCwQPH4iUFihfz18
+b8epCYLzO2r9l8thz3zOdX47QT0CQQFeBr2+s8lKeGiG0FsWa55NDi0h6ShCTLBfUM8BkBNmMbqz
+5VybaKajeDTGwHpZYBTgVf8hmloh/geJcuBfwJu/AkECDmf/q3wc9yzgKUNtaWuGf+krVnmSCXeS
+7Lhrf2SbygyjjT7emWpgpzw/EoJ2wCg4JBZBmmZ82d8F8imYYTy/NQIgDCwQPH4iUFihfz18b8ep
+CYLzO2r9l8thz3zOdX47QT0CIAwsEDx+IlBYoX89fG/HqQmC8ztq/ZfLYc98znV+O0E9AkAoVQGA
+5pcRKjARucSUlUIq/+XiZZ7qh9Ip7nSm+XCz90UyHEHBTsQ15YgfEfELeZATXLC2BXma+XZU4IIk
+TMRw
+-----END RSA PRIVATE KEY-----

ASR/solution/private.key

@@ -0,0 +1,165 @@
+#!/usr/bin/python2
+import base64, fractions, optparse, random
+import gmpy
+
+from pyasn1.codec.der import encoder
+from pyasn1.type.univ import *
+
+PEM_TEMPLATE = '-----BEGIN RSA PRIVATE KEY-----\n%s-----END RSA PRIVATE KEY-----\n'
+DEFAULT_EXP = 65537
+
+def factor_modulus(n, d, e):
+    """
+    Efficiently recover non-trivial factors of n
+
+    See: Handbook of Applied Cryptography
+    8.2.2 Security of RSA -> (i) Relation to factoring (p.287)
+
+    http://www.cacr.math.uwaterloo.ca/hac/
+    """
+    t = (e * d - 1)
+    s = 0
+
+    while True:
+        quotient, remainder = divmod(t, 2)
+
+        if remainder != 0:
+            break
+
+        s += 1
+        t = quotient
+
+    found = False
+
+    while not found:
+        i = 1
+        a = random.randint(1,n-1)
+
+        while i <= s and not found:
+            c1 = pow(a, pow(2, i-1, n) * t, n)
+            c2 = pow(a, pow(2, i, n) * t, n)
+
+            found = c1 != 1 and c1 != (-1 % n) and c2 == 1
+
+            i += 1
+
+    p = fractions.gcd(c1-1, n)
+    q = (n / p)
+
+    return p, q
+
+class RSA:
+    def __init__(self, p=None, q=None, n=None, d=None, e=DEFAULT_EXP):
+        """
+        Initialize RSA instance using primes (p, q)
+        or modulus and private exponent (n, d)
+        """
+
+        self.e = e
+
+        if p and q:
+            assert gmpy.is_prime(p), 'p is not prime'
+            assert gmpy.is_prime(q), 'q is not prime'
+
+            self.p = p
+            self.q = q
+        elif n and d:   
+            self.p, self.q = factor_modulus(n, d, e)
+        else:
+            raise ArgumentError('Either (p, q) or (n, d) must be provided')
+
+        self._calc_values()
+
+    def _calc_values(self):
+        self.n = self.p * self.q
+
+        phi = (self.p - 1) * (self.q - 1)
+        self.d = gmpy.invert(self.e, phi)
+
+        # CRT-RSA precomputation
+        self.dP = self.d % (self.p - 1)
+        self.dQ = self.d % (self.q - 1)
+        self.qInv = gmpy.invert(self.q, self.p)
+
+    def to_pem(self):
+        """
+        Return OpenSSL-compatible PEM encoded key
+        """
+        return PEM_TEMPLATE % base64.encodestring(self.to_der())
+
+    def to_der(self):
+        """
+        Return parameters as OpenSSL compatible DER encoded key
+        """
+        seq = Sequence()
+
+        for x in [0, self.n, self.e, self.d, self.p, self.q, self.dP, self.dQ, self.qInv]:
+            seq.setComponentByPosition(len(seq), Integer(x))
+
+        return encoder.encode(seq)
+
+    def dump(self, verbose):
+        vars = ['n', 'e', 'd', 'p', 'q']
+
+        if verbose:
+            vars += ['dP', 'dQ', 'qInv']
+
+        for v in vars:
+            self._dumpvar(v)
+
+    def _dumpvar(self, var):
+        val = getattr(self, var)
+
+        parts = lambda s, l: '\n'.join([s[i:i+l] for i in xrange(0, len(s), l)])
+
+        if len(str(val)) <= 40:
+            print '%s = %d (%#x)\n' % (var, val, val)
+        else:
+            print '%s =' % var
+            print parts('%x' % val, 80) + '\n'
+
+
+if __name__ == '__main__':
+    parser = optparse.OptionParser()
+
+    parser.add_option('-p', dest='p', help='prime', type='int')
+    parser.add_option('-q', dest='q', help='prime', type='int')
+    parser.add_option('-n', dest='n', help='modulus', type='int')
+    parser.add_option('-d', dest='d', help='private exponent', type='int')
+    parser.add_option('-e', dest='e', help='public exponent (default: %d)' % DEFAULT_EXP, type='int', default=DEFAULT_EXP)
+    parser.add_option('-o', dest='filename', help='output filname')
+    parser.add_option('-f', dest='format', help='output format (DER, PEM) (default: PEM)', type='choice', choices=['DER', 'PEM'], default='PEM')
+    parser.add_option('-v', dest='verbose', help='also display CRT-RSA representation', action='store_true', default=False)
+
+    try:
+        (options, args) = parser.parse_args()
+
+        if options.p and options.q:
+            print 'Using (p, q) to initialise RSA instance\n'
+            rsa = RSA(p=options.p, q=options.q, e=options.e)
+        elif options.n and options.d:
+            print 'Using (n, d) to initialise RSA instance\n'
+            rsa = RSA(n=options.n, d=options.d, e=options.e)
+        else:
+            parser.print_help()
+            parser.error('Either (p, q) or (n, d) needs to be specified')
+
+        rsa.dump(options.verbose)
+
+        if options.filename:
+            print 'Saving %s as %s' % (options.format, options.filename)
+
+
+            if options.format == 'PEM':
+                data = rsa.to_pem()
+            elif options.format == 'DER':
+                data = rsa.to_der()
+
+            fp = open(options.filename, 'wb')
+            fp.write(data)
+            fp.close()
+
+    except optparse.OptionValueError, e:
+        parser.print_help()
+        parser.error(e.msg)
+