DRAFT

This page is still a draft. Thank you for your understanding.

Description

RSA tool for ctf - uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key

Attacks :

• Prime N detection
• Weak public key factorization
• Wiener's attack
• Hastad's attack (Small public exponent attack)
• Small q (q < 100,000)
• Common factor between ciphertext and modulus attack
• Fermat's factorisation for close p and q
• Gimmicky Primes method
• Past CTF Primes method
• Self-Initializing Quadratic Sieve (SIQS) using Yafu
• Common factor attacks across multiple keys
• Small fractions method when p/q is close to a small fraction
• Boneh Durfee Method when the private exponent d is too small compared to the modulus (i.e d < n^0.292)
• Elliptic Curve Method
• Pollards p-1 for relatively smooth numbers
• Mersenne primes factorization
• Londahl's factorisation for close p and q
• Qi Cheng's unsafe primes factorization

Installation

Note

Notice that we will install the python dependencies in a virtual environment (recommended).

$ git clone https://github.com/Ganapati/RsaCtfTool.git
$ cd RsaCtfTool
$ sudo apt install python3-venv libgmp3-dev libmpc-dev
$ python3 -m venv .
$ . bin/activate
$ pip3 install -r "requirements.txt"
$ ./RsaCtfTool.py

Usage

Syntax

$ . bin/activate
$ RsaCtfTool.py [-h] [--publickey PUBLICKEY] [--createpub] [--dumpkey] [--ext]
                   [--uncipherfile UNCIPHERFILE] [--uncipher UNCIPHER]
                   [--verbose] [--private] [--ecmdigits ECMDIGITS] [-n N]
                   [-p P] [-q Q] [-e E] [--key KEY]
                   [--attack {hastads,factordb,pastctfprimes,mersenne_primes,noveltyprimes,smallq,wiener,comfact_cn,primefac,fermat,siqs,Pollard_p_1,londahl,prime_n,all}]

Options

-h, --help

show this help message and exit

--publickey PUBLICKEY

public key file. You can use wildcards for multiple keys.

--createpub

Take n and e from cli and just print a public key then exit

--dumpkey

Just dump the RSA variables from a key - n,e,d,p,q

--ext

Extended dump of RSA private variables in --dumpkey mode - dp,dq,pinv,qinv).

--uncipherfile UNCIPHERFILE

uncipher a file

--uncipher UNCIPHER

uncipher a cipher

--verbose

verbose mode (display n, e, p and q)

--private

Display private key if recovered

--ecmdigits ECMDIGITS

Optionally an estimate as to how long one of the primes is for ECM method

-n N

Specify the modulus. format : int or 0xhex

-p P

Specify the first prime number. format : int or 0xhex

-q Q

Specify the second prime number. format : int or 0xhex

-e E

Specify the public exponent. format : int or 0xhex

--key KEY

Specify the input key file in --dumpkey mode.

--attack {hastads,prime_n,factordb,pastctfprimes,mersenne_primes,noveltyprimes,smallq,wiener,comfact_cn,primefac,fermat,siqs,Pollard_p_1,londahl,all}

Specify the attack mode.

Scenarios

Mode 1 - Attack RSA (specify --publickey)

• publickey : public rsa key to crack. You can import multiple public keys with wildcards.
• uncipher : cipher message to decrypt
• private : display private rsa key if recovered

Mode 2 - Create a Public Key File Given n and e (specify --createpub)

• n - modulus
• e - public exponent

Mode 3 - Dump the public and/or private numbers (optionally including CRT parameters in extended mode) from a PEM/DER format public or private key (specify --dumpkey)

• key - the public or private key in PEM or DER format

Examples

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.