Tags: crypto 


# keyexchange - Crypto (120 pts)

## Description

> Diffie-Hellman is secure right

remote endpoint: `nc keyexchange.wolvctf.io 1337`

### Provided files
`challenge.py` Python script for the remote endpoint \[[download](https://ctfnote.shinmai.wtf:31337/files/downloadFile?id=2kz0OlOFaPFXYPN)\]
`Dockerfile` Docker configuration for the remote endpont \[[download](https://ctfnote.shinmai.wtf:31337/files/downloadFile?id=gEuNR09Iii3kvBe)\]

## Ideas and observations
1. we get `pow(s, a, n)`
2. we are prompted for `b` and an XOR key is constructed with `pow(pow(s, a, n), b, n)`
3. the flag is padded with null bytes to the length of the key, XORed and we get the a hex digest

## Notes
1. If we pass 1 as `b`, the key becomes `pow(pow(s, a, n), 1, n)` or `pow(s, a, n) % n` or `pow(s, a, n)`.
2. We know `pow(s, a, n)`.

## Solution
1. receive `pow(s, a, n)` from server
2. provide 1 as the value for `b`
3. receive the hex digest of the cipher text from server
4. unhexlify ciphertext, XOR with `pow(s, a, n)`
5. get flag

### Solution script

from pwn import *
from Crypto.Util.strxor import strxor

r = remote('keyexchange.wolvctf.io', 1337)

pow_san = r.recvlineS()
r.recvuntil(b'> ')

enc_flag = bytes.fromhex(r.recvlineS())
key = (int(pow_san)).to_bytes(64, 'big')
flag = strxor(enc_flag, key)


This gets us the flag: `wctf{m4th_1s_h4rd_but_tru5t_th3_pr0c3ss}`

Original writeup (https://gist.github.com/shinmai/5720d1f0a214d0878cfb530eb975c469#keyexchange---crypto-120-pts).