ASIS Quals 2017 – F-4 Phantom – 176 points

Description:

With F-4 Phantom II, we want to break the encryption! Please help us!!

‍‍‍nc 66.172.27.77 54979

Untitled

Here is the [K]ey generating fuction

As we can see, a prime p is chosen random, another number is created by change 2 bit of p, then find the prime next to that number as q. The modulus n=p*q.

Let len is the length of p in bits minus, k is a natural number smaller than len and l=len-k, we have:

$q=(p\pm2^{k}\pm2^{l}+x)$

with x is a small number.

n can be represented as:

$n=p*(p\pm2^{k}\pm2^{l}+x)$

Let $a=\pm2^{k-1}\pm2^{l-1}+\frac{x}{2}$ and $b=p\pm2^{k-1}\pm2^{l-1}+\frac{x}{2}$ , now we have:

$n=(b-a)(b+a)$

We have p and q is odd primes so their difference is an even number, it means x is even and a, b is integers. Morever the integer a is closely with $\pm2^{k-1}\pm2^{l-1}$ . So, if we know the random number k, we can factor n efficiently by travial method (similar to the Fermat’s factorization). Luckily, len is appropriate 540 so we have about 270 available value of k. Then we can brute force the value of k.

Now, extract the key by openssl:

By brute-forcing, we get k=117 and n be factored. Here is my script.

I got the elements, but i couldn’t find the modular inverse of e because e is a divisor of (p-1). So i used dq to compute m:

$dq\equiv e^{-1}\; mod\; (q-1)$

$m \equiv c^{dq}\;mod\;q$

but that result still isn’t the flag, after add some times of q, finally i got the flag:

ASIS{Still____We_Can_Solve_Bad_F4!}

	Hi trong ASIS Quals 2017 – unsecu…
	bomotodo trong ASIS Quals 2017 – unsecu…
	Hi trong ASIS Quals 2017 – unsecu…
	ASIS Quals 2017… trong ASIS Quals 2017 – A fine…
	bomotodo trong SVATTT vòng loại – OTP c…

Chia sẻ:

Bình luận về bài viết này Hủy trả lời