EasyCTF_2018: RSA Returns

Category: Cryptography Points: 400 Description:

It's the return of everyone's favorite cryptosystem! Crack it for another flag. Help me decipher file.


This challenge reeks of ROCA and even signature checks confirmed it. However, there were no PoCs for ROCA. Instead, I came across NECA. I love open source.

$ ./neca 8729581225262922855975327965201482091621603739716646047811615593091116970536029316597901441665882719811658068143200342813247447157083464709878924070575467
NECA - Not Even Coppersmith's Attack
ROCA weak RSA key attack by Jannis Harder ([email protected])

 *** Currently only 512-bit keys are supported ***

 *** OpenMP support enabled ***

N = 8729581225262922855975327965201482091621603739716646047811615593091116970536029316597901441665882719811658068143200342813247447157083464709878924070575467

 [=                       ]  5.40% elapsed: 92s left: 1610.35s total: 1702.36s

Factorization found:
N = 98156620780003086692513114529458599425385116396074158691207247964958060681783 * 88935225722861812850195157838313383408060631426601900565225384215559424240749

Now that we have our factors, just simply decrypt c

$ ./solve.py 

Therefore, the flag is easyctf{kmwmv8wnhnap5old1p}.