PicoCTF-2021 Writeup
  • README
  • Binary Exploitation
    • Binary Gauntlet 0
    • Binary Gauntlet 1
    • Stonks
    • What's your input?
  • Cryptography
    • Compress and Attack
    • Dachshund Attacks
    • Double DES
    • Easy Peasy
    • It is my Birthday 2
    • It's Not My Fault 1
    • Mini RSA
    • New Caesar
    • New Vignere
    • No Padding, No Problem
    • Pixelated
    • Play Nice
    • Scrambled: RSA
  • Forensics
    • Disk, disk, sleuth!
    • Disk, disk, sleuth! II
    • information
    • MacroHard WeakEdge
    • Matryoshka doll
    • Milkslap
    • Surfing the Waves
    • Trivial Flag Transfer Protocol
    • tunn3l v1s10n
    • Very very very Hidden
    • Weird File
    • Wireshark doo dooo do doo...
    • Wireshark twoo twooo two twoo...
  • Reverse Engineering
    • ARMssembly 0
    • ARMssembly 2
    • ARMssembly 3
    • ARMssembly 4
    • gogo
    • Hurry up! Wait!
    • keygenme-py
    • Let's get dynamic
    • Rolling My Own
    • Shop
    • speeds and feeds
    • Transformation
  • Web Exploitation
    • Ancient History
    • Bithug
    • GET aHEAD
    • It is my Birthday
    • More Cookies
    • Most Cookies
    • Scavenger Hunt
    • Some Assembly Required 1
    • Some Assembly Required 2
    • Some Assembly Required 3
    • Some Assembly Required 4
    • Super Serial
    • Web Gauntlet 2
    • Web Gauntlet 3
    • Who are you?
    • X marks the spot
Powered by GitBook
On this page
  • Problem
  • Solution
  • Flag

Was this helpful?

Edit on GitHub
  1. Cryptography

No Padding, No Problem

PreviousNew VignereNextPixelated

Last updated 2 years ago

Was this helpful?

Problem

Oracles can be your best friend, they will decrypt anything, except the flag's ciphertext. How will you break it? Connect with nc mercury.picoctf.net 30048.

Solution

  1. We can use a because there is no padding (indicated by the challenge name) and because we can obtain a pair of ciphertext and plain text.

  2. This explains the math behind this attack and gives a general overview. will automatically perform the attack.

  3. Launch RSHack with python3 ./rshack.py and choose 6. Chosen Plaintext Attack. Enter the requested information that is given by the challenge: -n 153317174058272550456436172449379299806606217553583761819287564877942534965046227344186058376803093993732545195006086816891944498697633187352196326580153807193033946265606650305982496810158441324600306024841309110972476195656440282902135076530067225540978713347941494454052999812070106156529492911343680242741 -e 65537 -c 17856665799347463433430880568845899354644746464433920082258619214879000598153275923217743069208871536178972863528995615460756303433973894149616582539818582439239784720267559459321138287482158169482468765162201663023135450768895056898831857379733724122898661531574080743044725582803949198990258704657232380979

  4. Decrypt the output ciphertext (37059408608775406653278875603018311139510307136504672307865761675985156589489798839559188163928817978347370339638124833262152743672090581147412234838596461554223512297538748918111802748123952874981734233962360860833781482145874839293757683607729488658056554357895645071803058704036888058288942471423522328962) using the challenge to get 580550060391700078946913236734911770139931497702556153513487440893406629034802718534645538074938502890769425795379846471930.

  5. Paste the decrypted text into RSHack to get the interpreted plaintext, aka the flag.

Flag

picoCTF{m4yb3_Th0se_m3s54g3s_4r3_difurrent_5052620}

Chosen Plaintext Attack
Cryptography StackExchange answer
this other answer
zweisamkeit/RSHack