ASIS Quals 2017 – Secured OTP server – 268 points

Description:

Connect to OTP generator server, and try to find one OTP.
This is secure than first server 🙂

nc 66.172.33.77 12431

Untitled

Here is the [E]ncryption fuction

This challenge is similar to the a fine OTP server challenge. The otp is the concatenation of template_phrase and 18-bytes passphrase and the encrypted OTP are compute as:

c_1 \equiv otp_1^{3} \;mod\;n (1)

c_2 \equiv otp_2^{3} \;mod\;n

but now, the template_phrase  is longer. So, the otp cubed now larger than the modulus n and we can’t compute the otp as the cube root of the encrypted OTP. 

The server use 2048-bits key with the public exponent is 3. We can use openssl or python to extract the key.

Untitled

Let take a look at the equation:

(a+b)^{3}=a^{3}+3a^{2}b+3ab^{2}+b^{3} (2)

Let the otp0 is the otp with the 18-null-bytes-passphrase, otherwise, otp0 is the concatenation of template_phrase and 18-bytes “\x00”, then we have the difference between otp0 and otp1 is the passphrase.

otp_1=otp_0+passphrase_1 (3)

Combine equations (1), (2) and (3), let a = otp0, b = passphrase1, we have:

c_1\equiv otp_1^{3}\; mod\;n
c_1\equiv (otp_0+passphrase_0)^{3}\;mod\;n
c_1\equiv opt_0^{3}+3otp_0^{2}*passphrase_1+3otp_0*passphrase_1^{2}+passphrase_1^{3}\;mod\;n

We can easily compute the encrypted of otp0:

c_0\equiv otp_0^{3}\;mod\;n

then :

c_1\equiv c_0+3otp_0^{2}*passphrase_1+3otp_0*passphrase_1^{2}+passphrase_1^{3}\;mod\;n

c_1-c_0\equiv 3otp_0^{2}*passphrase_1+3otp_0*passphrase_1^{2}+passphrase_1^{3}\;mod\;n

Now, we have the right-side of the equation is smaller than the modulus then we can tranform that congruence equation into polynomial equation:

c_1-c_0 = 3otp_0^{2}*passphrase_1+3otp_0*passphrase_1^{2}+passphrase_1^{3}

Now, we can easily compute the passphrase1 by solving the cubic equation.

Untitled

Submit the OTP and get the flag 😀

Untitled

That ‘s all and the flag is “ASIS{gj____Finally_y0u_have_found_This_is_Franklin-Reiter’s_attack_CongratZ_ZZzZ!_!!!}”.

Bình luận về bài viết này