OOO logo

OOO archive --- DEF CON CTF [ login ]

dc2019q - ASRybaB crypto hinted reversing

by anton00b

This was a jeopardy challenge, part of dc2019q. (CTFtime)

Points: 201
Was solved by: 14 teams

You may spawn the server:

On your laptop
  • Install docker
  • docker pull archiveooo/pub:ASRybaB (docker-saved download)
  • docker run -d --name asrybab archiveooo/pub:ASRybaB
  • Local IP: docker inspect asrybab -f '{{ .NetworkSettings.Networks.bridge.IPAddress }}'
  • Connect to that IP:1280 — Remember to docker rm -f when done.
Hosted by OOO Right now we're asking players to login first.

Description

Just RSA

This challenge requires very minor bruteforcing, which if properly parallelized shouldn't take more than 15 minutes.


That's less than $1 on Amazon (for instance) -- in general, an amount we considered fair.


If it looks like you have to bruteforce for many hours... you're missing some step :)

line_weight challenge.py

Hints

Hint 1Could you decompile the python code? What's stopping you?
Hint 2Try adding the correct header and using a decompiler like uncompyle6 -- there's some opcode stopping it, can you remove it?
Hint 3All STOP_CODE occurrences are in dead code. Just remove them and decompile.
Hint 4What properties does the key have? Is it close to a known attack?
Hint 5Read up on the Boneh-Durfee attack (https://github.com/mimoo/RSA-and-LLL-attacks/raw/master/survey_final.pdf) -- it's not immediately applicable but it's close
Hint 6Try rewriting the paper equations' using what you know of the key's factors.
Hint 7It's a different modulus than the plain paper...
Hint 8If you've done things right, "375 computations" will make sense to you.

If you wish, you can contribute more.

There's an author-recommended writeup.

Source

Source code is available at http://antoniobianchi.me/posts/ctf-defconquals2019-asrybab/media/ASRybaB.tgz