RSA低指数加密

0x01 题目来源

https://github.com/pbiernat/BlackBox/tree/master/RSA_Cube

0x02 解题思路

1、查看源码

在题目的源码中看到，这里RSA使用的加密指数就用到了3，也就是对于前面就进行了3次方，在验证通过的时候，就说明了以“0001ff”开头并且铭明文中有“ffff00”+”ASN.1get_flag”。

那么就想到，直接构造签名将其开三次根，得到的就可以作为签名输入。这是典型的RSA的低指数攻击。

0x03 编写代码

import socketimport gmpyclient = socket.socket(socket.AF_INET, socket.SOCK_STREAM)client.connect(('127.0.0.1', 9007))x = "0001ff"y = "ffff00"z = "ASN.1"+"get_flag"z = z.encode('hex')s1 = x+y+zs2 = 2048 - len(s1)S = s1+"c"*s2print Sprint gmpy.root(int(S,16),3)client.send("get_flag:"+"32cbfd4205b0a3b1750fb328986f55c587faccd1946365f968de010660a20528340288c40447beb713a9678505113ddb6441fc1c083689081988e6e6e9dd24b9309c559741005739bfb20c00f36e6ef886d31cb0974a08561801c1cb2a3701ee1b7cf97c6c6e6585ab773bc91d33d03060d1b55059b5852191b14b71499800c8172f0e6b7d0a512f1a514fb12222129ff845ed6ed2476f5ed401cec354852cd2a0bc5fea65251507dcaa5ba99b14b71cdba2e34f5433fe3f314d5995dae50032ce6cf9b7094dbfc0065174c059e09423b75df990434da8c0ad1fc2bbab5e86b13fa04a9a42760df0f686fff65f6d58b51cf8ef81e703e399cd9aba109e7cba518b43b84e7b154a21b81df2fa3941d2ea96f9d15b7f4e77ccec5fae62c8980e42c4db99808e14408b5c6605f924fa06cb89140f80b2190c8bfd06be574dafef0aa85940a779ef0679473427f0af845188283f8bc50f")tmp = "32cbfd4205b0a3b1750fb328986f55c587faccd1946365f968de010660a20528340288c40447beb713a9678505113ddb6441fc1c083689081988e6e6e9dd24b9309c559741005739bfb20c00f36e6ef886d31cb0974a08561801c1cb2a3701ee1b7cf97c6c6e6585ab773bc91d33d03060d1b55059b5852191b14b71499800c8172f0e6b7d0a512f1a514fb12222129ff845ed6ed2476f5ed401cec354852cd2a0bc5fea65251507dcaa5ba99b14b71cdba2e34f5433fe3f314d5995dae50032ce6cf9b7094dbfc0065174c059e09423b75df990434da8c0ad1fc2bbab5e86b13fa04a9a42760df0f686fff65f6d58b51cf8ef81e703e399cd9aba109e7cba518b43b84e7b154a21b81df2fa3941d2ea96f9d15b7f4e77ccec5fae62c8980e42c4db99808e14408b5c6605f924fa06cb89140f80b2190c8bfd06be574dafef0aa85940a779ef0679473427f0af845188283f8bc50f"print hex(int(tmp,16))data = client.recv(1024)print dataclient.close()

0x04 得到flag

运行脚本，得到flag：