0

So there's a server where you can send a number between [2, p-2], this algorithm is almost the same as Diffie Hellman but the public keys for users are not generated. And this is the code for the server:

phi_factors = [
    2737372343201,
    2,
    2,
    3,
405707853700405933210402823913813172324327000433194786440847921456541432249046461008629111448208685183232584119157466944012414375953684786060957902232206935442767311499095943748681517437793880606497656899401506156343747768396791630014475252
]
p = 133268814976671442564445217917527459343565864565339938554644878928653987034189547804292906322287069973687765059123889905891235610056525952624379445878719252073898955028730480263893137589156901205424078651115701429003917425552292819125992203733863993712286269817717645116410380360547787960120106748102919120629

@app.route('/submit', methods=['POST'])
def submiting():
    coding = request.form.get('code')
    try:
        pub = int(coding)
        if pub< 2 or pub> p - 2:
             return render_template('error.html')
        
        sec = random.getrandbits(512)
        shared = pow(pub,sec,p)
        print(f'shared {shared}')
        
        secret = long_to_bytes(shared)
        flag = open("flag.txt","rb").read().decode().strip()
        flag = f"CTF{{{flag}}}".encode()
        s_key = hashlib.sha256(secret).digest()
        print(f'key {s_key.hex()}')
        cipher = AES.new(s_key,AES.MODE_ECB)
        enc_flag = cipher.encrypt(pad(flag,16))
        enc_flag = enc_flag.hex()
        print(enc_flag)
        return render_template('index.html',enc_flag=enc_flag)

if __name__ == '__main__':
    app.run(debug=False, host='0.0.0.0', port=5001)

Now if we can add numbers between [2, p-2] to encrypt the flag we should generally use the easiest way for coding = 1 or p-1 so the secret will be 1. Now i need an idea how to get the flag decrypted. I did some math, doing phi(n) factors but i would need some good idea what to do next cause i tried generating the shared variable with my pub^random.getbits(512) mod p to be equal with 1 and i stood like some good minutes generating but no number appeard. Can you give me some good ideas how to decrypt it ?

-I did factorise the number phi(n)=(p-1) which factors you have in the code. -I found many primitive roots for p which from [2, p-2] would have output in [1, p-1] but I dont know what to do next

New contributor
Daniel Burcea is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
Related questions
4
Generating Diffie-hellman parameters (generator)
4
python Diffie-Hellman standard library
3
Diffie-Hellman Key Exchange - Clarification?
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.