 What's up YouTube? This is John Hammond with more Pico CTF 2018. This challenge is called RSA MadLibs in the cryptography category It says we ran into some weird puzzles. We think may mean something. Can you help me solve one? Connect with this netcat command, which we can copy and paste and I'll go ahead and start to work with in our terminal here So looks like it gives us some information a strange hexadecimal number Hello, welcome to RSA MadLibs keeping young children entertained since well never Tell us how to fill in the blanks or it's even possible to do so everything input and output is decimal not hex So we're given a madlib with Q and P and we're gonna need the following and is this possible? Yes or no So I've done a lot of RSA stuff before but let's just kind of get the RSA Wikipedia page up and with us So if you wanted to follow along you kind of could if you haven't seen this before So it is a method of cryptography, but it's really just a lot of math and equations So for key generation it actually ends up using with keys P and Q and those are distinct prime numbers N is in fact P times Q. So in this case we can just simply multiply them What I'm gonna do is actually go ahead and create a script for this Let's do ape.py and I'll put it down here. So let's go ahead and user bin environment Python Let's get Pone because I'm gonna use that to go ahead and connect to this stuff We can go ahead and connect or at least just copy and paste this stuff here So I'll have the host that I'm trying to connect to and the port visible here Save these as variables so I can go ahead and connect to them. Let's do s equals Pone dot remote Host and port and then let's do s.close just to be good and stuff Python Ape Cool little connect to it or not. Let's do our testing in the terminal and then let's just use The script and the Python stuff to actually keep track of our answers Because if you notice if I keep connecting back to this the numbers that were given do not change. They stay static another interesting thing is that this hex that they give us is actually Very very strange, right? I go I want to copy this what I'm gonna do is I'm gonna decode this from hex And it is in fact the flag just at the very very start of the service, which is strange Maybe that's intended. Maybe that's not intended. I would assume the latter But for the sake of learning for the sake of education and stuff I'm gonna go through the rest of this challenge anyway, but if you just wanted to be Cheapskate go ahead and submit the flag you get points with that. So anyway, let's move on We can go ahead and connect to this. We know that our notes. Let's just take note of these down here P given this and That should have been Q given that and P given that is there's that Wow, I suck at typing So let's go ahead and just send line that I'm not gonna receive in here because there's a lot of data that we would have to deal with again, just gonna go ahead and Send information with this rather than receive so we can do all the testing in our command line interaction And I do want to know what that value is actually so let's Python that This So we can keep track of these and go ahead and submit them as we move through the service. Yes. Oh, we need to actually tell it Yes, it is feasible. So some line string. Yes, and Then fill it in there's that okay a new mad lib We're gonna need the following Q that should be possible as well because knowing this equation N equals P times Q We can just go ahead and divide it So s dot sun line Yes, that's totally plausible and let's just keep a Python shell available to us that I'll just calculate answers in We'll take N and divide that by P To determine our Q s dot sun line string Paste it in there with this math Nope, I killed the connection. That's fine. That's why we're keeping track of these answers Great. So let's do that again. Yes Paste in the answers that we already have. Yes Paste the new answer that we have cool now we have E and N that's just fine. Okay given E and given N Maybe we can factor this Let's find out. Let's just bring it to factor DB calm paste it in there Looks like it is composite. It is prime. So I'm sorry. It is not prime So we can say no, that is not possible and that's correct. So let's send that as well Sunline N. Great. Okay. Next one. We need to know the totient of N Okay, so the totient of N is just P minus one that quantity times Q minus one that quantity and you can find that over here as You're reading more about RSA. So let's go ahead and determine that information. Let's do Because that only happens because these are prime, right? Oh, I should paste these in Multiply by this minus one. We have an answer S dot send line. Yes, because we know it is going to be feasible and then S dot send line String of that input will keep track of the answer Just as comment as we've been doing with everything else and we'll just grab what we've tested with over here in our Python shell. Okay. Yes, and then we want to know that information Oh, I totally failed. My bad. Okay. Yes Information that we already know. Wow. I keep hitting Control C or control shift C when I'm trying to work with my command line not knowing that I'm not in my command line because I'm a fool Let's turn this down as well Hit it again Okay, great. Now we have plain text E and N and now we're gonna need the following cipher text Okay, we can totally calculate that as well because we know all about encryption. It's c equals M so plain text raised to e the exponent mod n the modulus so we can say that yes, that is possible And let's do a POW function wrapped in string, right because we need to send strings We'll use plain text M. Oh Boy raised to e which is three and Then N being our modulus is the mod the third argument to POW Let's actually determine what that is Thanks to some handy dandy Python down here and we have all of this Which I'm just going to paste in here so I can remove the L and then let's go ahead and send it with yes and Cipher text great. Okay Now we have neither plain text decrypting from the cipher text. Okay. That's not hard either We know that decryption is just C raised to the D which is M. E and we don't actually have D Can we determine D when we factor N? Let's try and factor N with factor DB again Nope, we cannot okay This is not feasible in our case and that tells us great. We can move on s dot send line No And now we have P and Q and E. We're gonna need the following D Okay, now that we know D Sorry, now that we know P and Q we can in fact calculate D because D is determined to be The totion of all those right? The modular inverse in fact, let's go ahead and Grab that We will need from crypto Util dot number that's built in I believe maybe it's not you convert You might have to install like pi crypto or Python cryptography or cryptography just with PIP and let's import inverse So we're given Q Let's just create variables for this Looks like we are going to go ahead and time out my bed So P and Q are given Now to determine D We actually need to figure out what that totion is or what that five variable is and we did that just previously with Q minus one times P minus one those quantities and then the D is in fact the inverse of Phi mod E. I'm sorry raised to E inverse Actually, I don't know about that Determined D is actually E Okay, so it's E inverse mod the totion. I Was using the wrong variable name anyway, I was using Phi so totion just like filled out like that So now that we've calculated D we can s dot sun line. Yes, that is feasible and Let's actually print out D maybe I could just copy all this and put it in Python great Now we have an answer s dot sun line string of D And we know that that is that so which we can paste that in earlier or later and Let's go ahead and submit all of these just to move along so we need to know and copy and paste that Yes Copy and paste this Q No, we know that answer The next one we know we do have an answer for oh Okay, great. Oh, we did not calculate this crap Let's throw that in Python Get an answer for that hit enter. Yes remove that L at the very end Yes, that's feasible fill in the cipher text great next. We're gonna need the plain text That is not possible as we determined and then D as the final one Which we have determined is possible and then let's paste it in here. Oh, we got it wrong. What? Did I have the wrong Q? Okay, how about P? Oh I see the issue I copy and pasted P my bad. I didn't even copy the correct D fail oh We need to import inverse in our Python shell that we're working with so import from crypto util number import inverse now we can run that code and D is not defined. Oh because he is not to find E should be this guy oh Gosh, I pasted all that So he can equal that That's the most common hex one that we end up working with Okay, now Let's copy paste all this code. Let Python run it and now I have a D that I can actually submit and should be the correct answer Great, let's try this again. I know this is a very painful video. I'm sorry Yes submit Yes submit No, not feasible Yes Submit this one is Yes submit Next one is not feasible and now we need D which we can calculate. Yes Paste that in and now we need to figure out the plain text all those given all this information. Okay, let's do that We know we can actually do the full decryption of RSA because we're given NNP okay, we can figure out What Q is then given N? Given P Now let's go ahead and figure out Q can equal N divided by P. Let's take E to be the variable that we know Submit that C being our ciphertext see we can paste in So I had a value there and now we can figure out the exact same thing D based off the totion because we know P and Q and now we can decrypt it where M can equal C Raise the power of D all mod N being the modulus. Okay, let's figure out what this is paste See what M is we have this Which I will paste here and remove the L now. Let's say. Yes, that is feasible. Let's submit it And I did not remove the L gosh darn it Let's send yes, and then let's send the string of M In our Python script that should be the last one that should be the last question since we are like doing a full Decryption of RSA there. So let's do s.receival and let's just print this out Let's see if we can actually get the flag at the very end. So let's run Python Ape and Yes, that is the last one if you convert the last plain text to a hex number then ask you you'll find what you're searching for Okay, great. So let's print M dot Actually, we want to convert it to hex first, right? So we don't need to receive any of this. Let's let's just roll through it That's hex now I'm printing something else up here that I don't care to see Okay, cool Let's slice off the two first two characters that 0x gets removed and there's no L to represent a long number at the very end So we don't need to worry about that Now we can decode it from hex and we're given the flag. Awesome Do you know the way to artist RSA? That is again the flag that we have already seen just from Ripping it from the top of the service. So kind of peculiar At least I believe that is yeah Let's go ahead and find out one last time in Python Dot decode hex Yes, that is in fact the same flag. So Gives us a flag right away just in hex But if you want to roll through all those RSA mad libs Using the procedure that I had done you certainly can but hey Flags a flag whatever right if you wanted to since all that service is really just giving you the RSA decryption stuff You don't even need to communicate with the service once you have all that numbers You can just make a get flag script where you just calculate that But that's kind of handy to have this information if you want to just save it as a service This can be our get flag dot pie file and we can mark that as executable. I believe we can do Pwn dot context level Equals critical and then that should okay. It's not I'm maybe I'm always forgetting that syntax but Context not right me Pwn dot context log level. That's what it is. I think Pwn dot context log level can be critical Yeah, okay cool. So that removes those opening connection and close connection information So if you just want to run get flag that should do it for you. Let's redirect that to flag dot text Let's save it to our clipboard so we can submit it. Let's move this challenge to be complete And let's go ahead and submit it For some 250 points. I dig it. All right, cool. Correct sweet Hey before I end the video, I just want to give a quick shout out to the people that support me on patreon Thank you guys so much cannot say it enough. You are the reason this chill this channel. Wow. I was gonna say challenge I don't even know what I was doing You're the reason this challenge still has a breath and it's still up and alive and functioning and I'm grateful for you Thank you $1 a month on patreon will give you a special shout out just like this at the end of every video You can have your name up in lights at the very end of every video Added to this list whatever reason I actually might just make something that will like display all these things and like a Scrolling montage with flashing colors and random cases and crap like that That might be fine if you guys want that I don't know leave a comment if you made it this far in the video $5 a month on patreon will give you early access all the videos that I record before they get released on YouTube because I like to do some kind of gradual release schedule or maybe every day every couple days YouTube will schedule something to be uploaded And that's normally only if I have a backlog of videos prepared and I'm not this lately I have not been very good about getting some stuff pre-recorded because life gets in the way, but When that is the case if you do want that extra love I am grateful for your support $5 a month on patreon, and I'm just super duper grateful So all right if you liked this video, please do like comment and subscribe Please do join our discord server link in the description It's a cool community full of cti players programmers and hackers you can hang out with me talk to other cool people That are way smarter than me. It's just a great time all around so thanks again I'll see you in the next video. I'll see you on patreon. Maybe please hopefully fingers crossed All right. See you later