-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsolve.py
45 lines (38 loc) · 1.89 KB
/
solve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# adapted from https://infosecwriteups.com/rsa-attacks-common-modulus-7bdb34f331a5
from math import gcd
n = 158307578375429142391814474806884486236362186916188452580137711655290101749246194796158132723192108831610021920979976831387798531310286521988621973910776725756124498277292094830880179737057636826926718870947402385998304759357604096043571760391265436342427330673679572532727716853811470803394787706010603830747
e1 = 65537
c1 = 147465654815005020063943150787541676244006907179548061733683379407115931956604160894199596187128857070739585522099795520030109295201146791378167977530770154086872347421667566213107792455663772279848013855378166127142983660396920011133029349489200452580907847840266595584254579298524777000061248118561875608240
e2 = 65521
c2 = 142713643080475406732653557020038566547302005567266455940547551173573770529850069157484999432568532977025654715928532390305041525635025949965799289602536953914794718670859158768092964083443092374251987427058692219234329521939404919423432910655508395090232621076454399975588453154238832799760275047924852124717
def egcd(a, b):
if a == 0:
return (b, 0, 1)
else:
g, y, x = egcd(b % a, a)
return (g, x - (b // a) * y, y)
def modinv(a, m):
g, x, y = egcd(a, m)
if g != 1:
raise ValueError('Modular inverse does not exist.')
else:
return x % m
def attack(c1, c2, e1, e2, N):
if gcd(e1, e2) != 1:
raise ValueError("Exponents e1 and e2 must be coprime")
s1 = modinv(e1,e2)
s2 = (gcd(e1,e2) - e1 * s1) // e2
temp = modinv(c2, N)
m1 = pow(c1,s1,N)
m2 = pow(temp,-s2,N)
return (m1 * m2) % N
def main():
print('[+] Started attack...')
try:
message = attack(c1, c2, e1, e2, n)
print('[+] Attack finished!')
print('\nPlaintext message:\n%s' % format(message, 'x'))
except Exception as e:
print('[+] Attack failed!')
print(e)
main()