# No Padding, No Problem

## Problem

> Oracles can be your best friend, they will decrypt anything, except the flag's ciphertext. How will you break it? Connect with `nc mercury.picoctf.net 30048`.

## Solution

1. We can use a [Chosen Plaintext Attack](https://en.wikipedia.org/wiki/Chosen-plaintext_attack) because there is no padding (indicated by the challenge name) and because we can obtain a pair of ciphertext and plain text.
2. This [Cryptography StackExchange answer](https://crypto.stackexchange.com/a/2331) explains the math behind this attack and [this other answer](https://crypto.stackexchange.com/a/1409) gives a general overview. [zweisamkeit/RSHack](https://github.com/zweisamkeit/RSHack) will automatically perform the attack.
3. Launch `RSHack` with `python3 ./rshack.py` and choose `6. Chosen Plaintext Attack`. Enter the requested information that is given by the challenge: `-n 153317174058272550456436172449379299806606217553583761819287564877942534965046227344186058376803093993732545195006086816891944498697633187352196326580153807193033946265606650305982496810158441324600306024841309110972476195656440282902135076530067225540978713347941494454052999812070106156529492911343680242741 -e 65537 -c 17856665799347463433430880568845899354644746464433920082258619214879000598153275923217743069208871536178972863528995615460756303433973894149616582539818582439239784720267559459321138287482158169482468765162201663023135450768895056898831857379733724122898661531574080743044725582803949198990258704657232380979`
4. Decrypt the output ciphertext (`37059408608775406653278875603018311139510307136504672307865761675985156589489798839559188163928817978347370339638124833262152743672090581147412234838596461554223512297538748918111802748123952874981734233962360860833781482145874839293757683607729488658056554357895645071803058704036888058288942471423522328962`) using the challenge to get `580550060391700078946913236734911770139931497702556153513487440893406629034802718534645538074938502890769425795379846471930`.
5. Paste the decrypted text into `RSHack` to get the interpreted plaintext, aka the flag.

### Flag

`picoCTF{m4yb3_Th0se_m3s54g3s_4r3_difurrent_5052620}`