Rating:

Starting the challenge gives us the following:

> n: 78145238987923367326796054225685882305418375816053266092490245191651441559054191245389761496384595816027825944344646967976024993623306987140394134614759804234479575321779808102921835565391297862078486024173234489136587139544958409391604015459951218802613437773233371108382922413848477269489767317569275302419

> e: 65537

>

> ciphertext: 18407295049612145928249366508479337924732667085119984558207243744244700880247827464504962895932297931889820921647028556421162621620131069040794660366718664578762816214890628962109761863140052684455042021338647291980115876440350242148400938198658782625933951236818023251785858908184173562795716986484485026846

We can add an input, that the program will decrypt for us.

Trying to ask the program to decrypt the ciphertext gives us the following:

> Will not decrypt the ciphertext. Try Again

Okay. So at this point I figured, that the program is probably written to check whether or not the input is equal to the ciphertext. So probably any other input, will be accepted by the program :D

The input is decrypted by the following formula:

> decrypted == c^d mod(n)

>

We don't know the private key d, but we know c and n. So how do we trick the program to accept c as an input? Well we realize that:

> c^d mod(n) == (c+n)^d mod(n)

So we just have to calculate c+n and give it as an input to the program and it will return the decrypted text.

Indeed, when the sum of c+n is entered as an input it returns the decrypted message

> Here you go: 290275030195850039473456618367455885069965748851278076756743720446703314517401359267322769037469251445384426639837648598397

This number (m_c) can be turned into plain text by the following Python code

```

from Crypto.Util.number import long_to_bytes

text = long_to_bytes(m_c)

print("Plain text: ", text)

```

> Plain text: b'picoCTF{m4yb3_Th0se_m3s54g3s_4r3_difurrent_1772735}'

Okay, I know, that I cheated. Maybe I should try to see if I can solve it the intended way.