 What's going on, everybody? My name is John Hammond. Welcome back to another YouTube video. We're looking at the cryptography section of HSCTF 2019. This challenge, which was the first in the category, is called Reverse Search Algorithm. Its point value got knocked down pretty low, so it's not a difficult challenge. In fact, you can probably already guess by the challenge title. It's a reference to RSA. So we have these variables that are given to us, N, E, and C. We can assume that this is our ciphertext and our public key and as our modulus and E as the exponent. So let's go ahead and create a file for this. I'll just call it like RSA, prompt.text, and I'm gonna throw these in here because I will use them later in the video. And then I'll go ahead and create a new file that will just be subl RSA or ap.py, whatever we want. Yeah, let's just do RSA.py. That's fine. And we'll have our Shebang line, because it's going to be a Python script to solve this, and we'll paste those numbers in there, and then we'll start to work. So with RSA, I've covered this in way too many videos already. We need to factor N. So I want to show you a couple ways to do this, right? Normally you do this just by factor db, factordb.com. You can paste it in here. And you have number 29. Looks like that is one of our P's. And our other factor Q is going to be this other value. So we can copy that guy in here. And then we would be able to calculate phi, and then we can calculate d, and then we can calculate the message, the plaintext, and that works just fine for us. Let's go ahead and do that. Just whip it out real quick. So from crypto.util.number, we can import inverse. And I also want to import long to bytes, because I was remembered. Thank you to that fellow viewer and thankful. I'm very grateful for you and sharing that long to bytes can totally be able to print out an integer representation straight to ASCII and give us the flag. So let's calculate phi, right? Phi is inverse of E and phi. I'm sorry, that's d. We need to actually calculate phi. So given that these are both prime, we can calculate that Euler's totient by P minus one times Q minus one, and then D will be the modular inverse. And m can equal the power of C raised to D all mod n. So we have m calculated just fine here. And then we can go ahead and display it as long to bytes, which will simply give us the flag, right? That's easy RSA decryption HSTF. Yes, RSA is solved. That's it. I want to sprinkle in some other cool niceties here. I'd like to show you the prime fact module or library in Python. In fact, this is a fork of the library that originally has prime fact itself that will go ahead and attempt to factor integers and offer other cool mathematics and stuff that's built off of GMPY or GIMP. I don't know however you'd like to say that or pronounce it, but GIMPY 2. This fork actually adds support if it's not able to determine a factor by its mathematical means, it will just go ahead and ask factor DB and try and pull it off from the internet. So that's an option here. You can install it using the GitHub repository. So pip install git and then list location. You could just tack on a git plus if you're using the URL. And I know that works just fine for me. I have had to stumble a little bit because I got it working in Python 3, but I needed to install a couple other modules here because it needs GIMPY. What I needed to do when pip was trying to install was actually install this library libmpcdev. So I wanted to make that noted for you. If you needed to install that, you can. And then you should be able to sudo pip install GIMPY 2. Again, I had the most success with Python 3. You saw a lot of red because I was in pip 2, right? If I specify pip 3, I've got to install it and it worked just fine. Note you don't need to sudo if you set up a virtual environment and that is a recommended way to do it. Again, we're just kind of blazing through stuff because it's the CTF realm, right? We just kind of want to roll through the answer. Be very, very careful if you sudo install pip packages because maybe it could be malicious, right? You want to create a virtual environment. Now that we have GIMPY installed, we can go ahead and actually grab this URL from the git repository. And then we can just use git plus and then plop in that URL. That should go ahead and install it for us. Now in my code, I can import prime fact. We have PNQ that no longer be no longer have to be manually inserted. But prime fact will be able to print it out for us. Remember, if I try and run this sublime is kind of tuned to use Python 2 right now, and I don't have installed for Python 2, you've got to be cognizant of what Python version you're using. So in my command line, I can totally use Python 3 and P is not defined anymore. So let's just exit. But now you know, okay, there aren't any errors that would pop up, because we were able to import prime fact just fine. Sublime text is the one that's in the wrong right now, because it's using Python 2. Because I have prime fact installed for Python 3, we're okay. Okay, so now prime fact has this nice handy any function called factor int, and you just pass in the number or variable in this case that you want to factor. So let's display those and we'll print it out here. 29 is one factor, and this other value is another factors and that's the number of occurrences that is in the prime factorization. So we can pull these out, right? We can say items, or I'm sorry, it is keys, isn't it? Dicts? Yes, dict keys. So then we can say p and q will equal those that are not printed, and actually just print out p and q to make sure we got these a okay, and we do. So now we don't need to like hard code those values in prime fact, we'll be able to calculate them and figure them out for us. And fee will be able to calculate this d will calculate m will calculate it all works perfectly fine now. Now we have a bytes representation of the flag. So yes, we have solved RSA. Awesome. So that's it. I want to showcase one last thing, because I want to show off Katana. Katana will be able to do this and just crank it out. So let's get into get up Katana. I will activate the virtual environment. As I said, again, that's the better practice. Let's remove results. Let's run Katana. We'll use all here and then we'll offer so tack a for auto not all right, it'll use all units that it can find applicable. HS is now RSA prompt dot text and our flag format is HS CTF curly braces. Paste that in here. And it should crank through it. Because all that prompt has are ne and see those values included in there. It's found those and detected. Okay, that's going to be likely RSA factored it with that prime fact module I just told you about knew how to calculate fee and how to calculate d and spat it out for us. So all you need to do is give it the prompts and Katana will solve it. Cool. Alrighty, thank you guys for watching. I hope you enjoyed this. If you did like this video, I know I've done RSA like way too many times. But in the nature of CTF write up, I wanted to give it to you. And I wanted to sprinkle in those other nice cities between prime fact, pulling down a GitHub, library and pip and showcasing how Katana can just rip through this. So soon will be in the hands of you, the people. Alrighty, if you liked this video, please do like comment and subscribe. Love to see you in the discord server link in the description. Join the party. Love to see you on Patreon. Love to see you on PayPal. Thank you for your support, whatever you're willing to help the channel. See the next video.