Tags: hash lsb-oracle crypto rsa
Rating:
* RSA and the mysterious hash function is implemented
* We can encrypt any data and get its hash
* We can get hash of the result of the decryption of any data
* $N,e$ is known. $N$: 1024bit, $e=65537$
* The hash function is as follows:
```python
def _hash(self, m):
""" DIY Hash Function """
H = 0xcafebabe
M = m
# Stage 1
while M > 0:
H = (((H << 5) + H) + (M & 0xFFFFFFFF)) & 0xFFFFFFFF
M >>= 32
# Stage 2
M = H
while M > 0:
H = ((M & 0xFF) + (H << 6) + (H << 16) - H) & 0xFFFFFFFF
M >>= 8
# Stage 3
H = H | 1 if m & 1 else H & 0xfffffffe
return H
```
### Solution
* The hash funciton is somewhat tricky, but the awful thing is that they repaint the LSB of the hash value with the one of the input $m$.
* So we can know the LSB of the result of decryption of any data.
* **LSB Decryption Oracle Attack** can be applied
`zer0pts{n3v3r_r3v34l_7h3_LSB}`
{%gist hakatashi/0c30ac59b88927a452903f94d5a6f490 %}
I connect on the server 1024 times and worried if I may be banned :)
