Tags: bruteforce cryptography-rsa crypto 

Rating: 4.0

Only numbers are given which look like modulus ans chipertexts.

Firstly, we tried find N in factordb (http://www.factordb.com/) (I have no information for any attack I know, so I started with factoring)

Fortunately, there is factoring in the db. So we can calulate phi(n) = (p-1)(q-1)

After we need to find private exponent. Because there is no information about public, we can just guess it (or use brute-force attack)

One of possible ways: (brute-force e until we get readable text)

```
from gmpy2 import invert
from Crypto.Util.number import long_to_bytes
import string

printset = set(string.printable)

n = 208644129891836890527171768061301730329

# from http://www.factordb.com/
p = 13037609104445998727
q = 16003250919732396127
phi = (p-1)*(q-1)

c1 = 173743301171240370198046699578309731314
c2 = 18997024455485040483743919351219518166
c3 = 49337945995780286416188917529635194536

enc = [c1, c2, c3]
true_e = -1
for e in range(100000):
try:
d = invert(e,phi)
c = long_to_bytes(pow(c1,d,n))
try:
a = c.decode('ascii')
a_set = set(a)
if a_set.issubset(string.printable):
true_e = e
break
except:
pass
except:
pass

d = invert(true_e,phi)
dec = []
for c in enc:
dec.append(long_to_bytes(pow(c,d,n)))

print(b''.join(dec))
```

Original writeup (https://github.com/4p3ls1n/write-ups/tree/master/kksctf_open_2019/kacker%20Bob%20and%20kacker%20Alice).