CTFtime.org / BsidesBOS CTF / Alice and Bob / Writeup

# Alice and Bob
```
Alice and Bob are back to sending and receiving encrypted messages again, and this time you can be part of the conversation!

Download the file below and open the Deployment tab to start this challenge.
```
[server.py](server.py)

Also another RSA challenge

Basically it encrypt the flag and print the cipher text

Then **we can encrypt anything and decrypt anthing except the flag using the same key.**

## Server function
Initialize the flag:
```py
def __init__(self):
self.key = RSA.import_key(key.read())
key.close()

flag = open("./flag.txt").read()
flag = binascii.hexlify(flag.encode('utf-8'))
flag = int(b"0x%s" % flag, 16)

c = self.key._encrypt(flag)
m = hashlib.sha256()
m.update(str(c).encode('utf-8'))
# Add the flag hash in a list
self.seen_hashes = [m.hexdigest()]

print("Ciphertext: %s" % c)
```
Decrypt function:
```py
def recv_message(self, msg):

msg = str(int(msg))

m = hashlib.sha256()
m.update(msg.encode('utf-8'))
h = m.hexdigest()

# This prevent us to decrypt the flag
# Cause seen hash will not decrypt
if h in self.seen_hashes:
return False

self.seen_hashes.append(h)

try:
p = self.key._decrypt(int(msg))
except:
print("Invalid Ciphertext")
return False

print(p)
```
Send `KEY:` to get the public key, `RECV:ciphertext` to decrypt the ciphertext in decimal

## Testing
```bash
nc challenge.ctf.games 31029
Ciphertext: 15592437133981202269541032392104721762567968507265215460175867831778169992646368424696645503734982677596741929877490054654167203224412984878712266545569342155920242854393833322733011652449223890263053082592294087059777899128495034685853287439234781815601027828156302742017459635040747490333544374247339285141179594716949221586568582938472273769350947255615298244506332907305700005190093026423084586436648812379129141204575031169905038734725428774583432304293222022104460037990307931298254216112416743024082551208047782671516076138749116226488336654826178134685013454904472248706485984406163875872484120012072302411517
KEY:
N:25731230666969714678742709822906857643182953294318637715279924877135973526525329394086786215919632231591232627827318259655595846938846578523320336897042185209221085492463582835874594388048142193443461443069777754165578705365515179654161434989884904694750406175168414907813720504165651049056839904539466298026072999963728843595610866147631362818671559173632008484641003104012485406896618153192212040445556962648070681677972635087537728956426202327950035197070607426092169365550385898554130903938977543053270297116818102810102826147882406131179979695011992859082480826759440109269421115917806600858227857451301402482393
E:65537
RECV:9685695106769313843339015385045721456643326482384075169197581526160032153289061120350172491309622025086560845425149783873812647252970472314960170842739262995340808200795346281478498133909497089836816124331839998327372398202549319905313546733302108465549465500391186601789524483214174478223283565631589273168632927584420879543388506385824058975822824129248622498080484534353129122176666123552729680991530223018493783726690476547834370410504445053846373601230115321936131013815051860448279014862109074665119345301381693745487416938828402748519998002959877805541273722625404210310477535403461398476273062043499354182562
34666278047469597460087108343549838333477620117323709369836665563112110659078659238022814353666381349180750670569972756426057466
```
## Solution
We cannot decrypt the flag straight away, but we can decrypt something related to the flag!

According to the solution below:
[Xmas CTF santa list solution](https://github.com/pberba/ctf-solutions/tree/master/20181223_xmasctf/crypto-328-santas_list_(2.0))

Wikipedia also mention that in example:
https://en.wikipedia.org/wiki/Malleability_(cryptography)

Calculate something related to the flag:

![image1](image1.gif)

Then we send to the server to decrypt it:

![image2](image2.gif)

Lastly, we simply decide the received number by 2 to get the flag!

[python script](solve.py)

```py
n = 257312...
e = 65537
c1 = 15592...
c2 = pow(2,e,n)
p = remote("challenge.ctf.games", 31029)
p.sendlineafter("\n","RECV:"+str(c1*c2 % n))
flag = int(p.recvuntil("\n")[:-1])//2
print long_to_bytes(flag)
```
Interesting RSA challenge!

## Flag
```
flag{schoolhouse_crypto_with_our_favorite_characters}
```

Original writeup (https://github.com/Hong5489/BsidesBOSCTF2020/blob/master/alice_and_bob/README.md).

Alice and Bob

Comments

Sign in with