 What's up, YouTube? This is John Hammond, just looking at PicoCTF 2017. This is the last challenge in the cryptography category of Level 2. It's called Weird RSA, and the prompt here is we recovered some data. It's labeled as RSA, but what in the world are DQ and DP? Can you decrypt the ciphertext for us? So no hints on this one. We just have this amount of data. So we've seen RSA before, right? We know that it's a method of cryptography, and we've got CSR ciphertext. We have P and Q as the factors that would normally make up our modulus N, but we don't know what DP and DQ are. So let's do some research and just try and figure that out. If you literally type in like RSA DQ or anything else, you may get some results on Google. And a couple of these, there's an example in C sharp that tries to get to the fact that, okay, these are used in applying the Chinese remainder theorem in RSA for decryption. So we can just check that out. I guess that sounds like an interesting lead. This links us back to the Wikipedia page that goes over RSA. So we've looked at this before, but this is a specific section on using the Chinese remainder theorem. So it explains, okay, we've got some numbers here, DP and DQ that are generated from some process in part of the Chinese remainder theorem algorithm. And we've got them right there. We don't, however, have Q inverse. So we need to figure out how we can calculate that. But they're just equations, like we can write these, we can work with these, right? So let's do that, let's create just a script here that we can work with, do some Python, get a shebang line going, and then we can paste in all of these. And let's just replace all the colons with an equal sign. So now we actually have variables being set up with the ciphertext factors, etc, etc. So we need to actually get the Q inverse here. And that looks like the modular inverse of the Q mod p. So how do we do that in Python? Well, we have a handy dandy function that exists in the crypto util number library that's part of PyCrypto. So if you don't have PyCrypto installed, you can sudo apt install that. There's a lot of documentation for it. And you can see a lot of really, really cool algorithms being implemented and operations that you can do and utility functions, etc. So definitely check out that documentation. I'm trying to see if there's anything more over to it. Yeah, okay, cool. This guy here. So the one that we want to see is actually util dot number. And it has a function called inverse that will return the inverse of u mod v. So if we were to run inverse, when I say inverse, I mean a modular inverse. And we can check this out too, if you'd need to learn a little bit more about it. But when you see something in the form of a number raised to the power of negative one, that is the modular inverse. So that's what this function will do for us. And it also has support for the modulus. So we can use that. Again, if you need to sudo pip install, I think it's PyCrypto, and you should just be able to do that. Just fine. If you're in a virtual environment, run through that if you need to. Okay, maybe that's not it, who knows. Regardless, let's jump back to our script. And we can go ahead and do from crypto dot util dot number interesting casing here, keep that in mind, import all or just import inverse if we want, that's all we really need from it here. And then we can check out that Wikipedia page that says I always lose the lose the spot here, q inverse can equal the inverse function that we've seen in that library up there of q mod p. Good. And then we can actually compute the plain text message if we go through some of these other equations that we have all of the variables for, we can say m one is equal to the POW function of C raised to DP mod p. So that's our third argument. Same thing happens with m two, except now we're using dq and q as our modulus. And then we can calculate this thing called h, which is simply q inverse multiplied by m one minus m two. And we have m as our final plain text that can equal m two plus h times q. Now if I try and run this, it will finish. So it looks like everything actually occurs correctly. Let's print out what m is equal to, and that is this number in decimal. But let's say we want this in hex. So we can get the actual hex representation of the string, and then we can decode it. If I slice this string up and cut out this zero x so two positions in up to all the way at the very end, this L here making it a long number, we can get to negative one. And now we have just that original string that we can decode from hex and get the flag. There's more than one way to RSA. Sweet. So we can move this in our script if we wanted to, to simply get flag dot pi, mark it as executable, and then run that to simply get the flag, which we can go ahead and submit based. And we've got it 90 points up. Cool. Let's mark this challenge as complete. And I want to give a special shout out to the people that support me on Patreon. You guys are fantastic, phenomenal, and I love you. It's happy. It makes me happy to see this list getting longer every every every couple days. I'm very grateful that you guys are willing to go on this journey with me. $1 a month on Patreon will give you a special shout out just like this at the end of every video. $5 a month on Patreon will give you early access to every of all of the content that I create and put on YouTube on a specific Google Drive folder that you guys can access. Hey, if you did like this video, please do press that like button. Maybe leave me a comment. Let me know what you think. Subscribe if you're willing to. And please check us out in the Discord server. I'll link in the description and it'd be awesome to see you on Patreon. Cool. See you in the next video.