Rating:
## Problem
The server offers the decrypt any ciphertext given to you but will not send it back if it is equal to the flag.
```
$ nc chal.noxale.com 4242
Please insert your ciphertext to decrypt in hex form:
>>> 0x7b1a62cb17160448d544ff674f978876d2a4418ff9cfc32e9eda41ed566617a034c34091f19dbe650fdb11e7aa5744a48709b61a44a499c213dc19eb092fd8282e5ec69051d3adba84129571143e14e14be7f63bd8cdb42a4eedfb62570ed7eaef8002c3f6f3267079833effe836d8e10e0f01bcbd2470b2c0c10b59d1aa260a
Not gonna happen.
```
## Solution
This problem used [text book RSA](https://crypto.stackexchange.com/questions/1448/definition-of-textbook-rsa), which implements the standard RSA without any padding.
Textbook RSA is _malleable_, which means we can easily manipulate the _ciphertext_ in a way that makes the changes to the corresponding _plaintext_ predictable.
So in this problem shifted the flag the the left
```
c^d = m mod n
(c * 2^e) ^d = m * 2 mod n # the flag 1 bit the the left
(c * 2^16e) ^d = m * 2^16 mod n # the flag 16 bits the the left
```
This simple shift will allow us to decrypt the flag without tripping the check done by the server.
```
Please insert your ciphertext to decrypt in hex form:
>>> 546aa1c93858114cb4302e8b7e4c2a91c878a010982e6283a5e665915466dcd2af6219ddcb3a0d4698680709b1613fd309da5f341c4413687e61bd857060a4754f425e8e8f20e6463bfbdd03f0fbe5688bcac8755f9e4c8309f5adb6677aea6c86afba638eeecac9a8fe405e81507054c3b5700e3d4acfd81853a3bcd56783d4
6e6f784354467b307537736d34723733647d0000
```
Which is `noxCTF{0u7sm4r73d}\x00\x00`
__See URL for complete implementation__
