Rating:

# Crypto

## Broken Invitation

### [Description as pdf](files/broken_invitation.pdf)

We can attack the RSA cipher with the low exponent attack because `e = 3` and we the message is encrypted 3 times with different keys

We use for it my [rsa solver](https://github.com/skyf0l/RsaSolver):

```
$ ./rsasolver.py
Chose an attack:
1/ Primes known (p, q, e, c)
2/ Factorization (n, e, c)
3/ Low exponent (e = 3, n1, n2, n3, c1, c2, c3)
> 3
n1: 924506488821656685683910901697171383575761384058997452768161613244316449994435541406042874502024337501621283644549497446327156438552952982774526792356194523541927862677535193330297876054850415513120023262998063090052673978470859715791539316871
n2: 88950937117255391223977435698486265468789676087383749025900580476857958577458361251855358598960638495873663408330100969812759959637583297211068274793121379054729169786199319454344007481804946263873110263761707375758247409
n3: 46120424124283407631877739918717497745499448442081604908717069311339764302716539899549382470988469546914660420190473379187397425725302899111432304753418508501904277711772373006543099077921097373552317823052570252978144835744949941108416471431004677
c1: 388825822870813587493154615238012547494666151428446904627095554917874019374474234421038941934804209410745453928513883448152675699305596595130706561989245940306390625802518940063853046813376063232724848204735684760377804361178651844505881089386
c2: 4132099145786478580573701281040504422332184017792293421890701268012883566853254627860193724809808999005233349057847375798626123207766954266507411969802654226242300965967704040276250440511648395550180630597000941240639594
c3: 43690392479478733802175619151519523453201200942800536494806512990350504964044289998495399805335942227586694852363272883331080188161308470522306485983861114557449204887644890409995598852299488628159224012730372865280540944897915435604154376354144428

-> m(dec): 949557364767986162692541204888383714648410089749288993554212847615599100096583727459
```

Then, we have the message but it is encoded with the function:

``` python
def func(str):
sum = 0
for i in range(len(str)):
sum += ord(str[i]) * pow(2, 8 * i)
return sum
```

We decode the message with the function inverse and we get the flag:
``` python
>>> def func_reverse(sum):
... str = ''
... while sum > 0:
... str += chr(sum % pow(2, 8))
... sum //= pow(2, 8)
... return str
...
>>> m = 949557364767986162692541204888383714648410089749288993554212847615599100096583727459
>>> print func_reverse(m)
cybrics{h3y_guY5_c0m3_t0_my_p4rtY!}
```

The flag is: `cybrics{h3y_guY5_c0m3_t0_my_p4rtY!}`

Original writeup (https://github.com/skyf0l/CTF/blob/master/CyBRICS_2020/README.md#broken-invitation).