Tags: rsa-like crypto
Rating:
There is a python server.py that has a hard-coded target message which is known to you. The goal of the challenge is to provide a valid signature to the message, given
* One of the prime factors ? but not ? or the modulus ?=?? .
* A funky signature oracle that will sign anything but the target message in a weird way, and provide two strange intermediate values.
The solution was to find some exploitable properties of the two strange intermediate values to obtain the other factor `q` and hence the private key.
