TLS1

from Crypto.PublicKey import RSA from Crypto.Hash.SHA256 import SHA256Hash import base64 import json user_key_d = input("user_key_d:") user_key_d = int(user_key_d,16) print('-'*100) root_certificate = input("root_certificate:") print('-'*100) root_certificate = base64.b64decode(root_certificate) root_certificate = json.loads(root_certificate.decode()) user_key_e = int(root_certificate['key']['e']) user_key_n = int(root_certificate['key']['n']) print("e:",user_key_e) print("d:",user_key_d) print("n:",user_key_n) print('-'*100) user_key = RSA.generate(1024) user_certificate = { "name": "hack", "key": { "e": user_key.e, "n": user_key.n, }, "signer": "root", } user_certificate_data = json.dumps(user_certificate).encode() print(base64.b64encode(user_certificate_data).decode()) print('-'*100) user_certificate_hash = SHA256Hash(user_certificate_data).digest() user_certificate_check = pow( int.from_bytes(user_certificate_hash, "little"), user_key_d, user_key_n ).to_bytes(256, "little") print(base64.b64encode(user_certificate_check).decode()) ciphertext = input("ct:") ciphertext = base64.b64decode(ciphertext) plaintext = pow(int.from_bytes(ciphertext, "little"), user_key.d, user_key.n).to_bytes(256, "little") print(plaintext.decode())

TLS2

#!/bin/python3 import subprocess import sys import string import random import pathlib import base64 import json import textwrap from Crypto.Cipher import AES from Crypto.Hash.SHA256 import SHA256Hash from Crypto.PublicKey import RSA from Crypto.Random import get_random_bytes from Crypto.Random.random import getrandbits, randrange from Crypto.Util.strxor import strxor from Crypto.Util.Padding import pad, unpad proc = subprocess.Popen( "/challenge/run", stdout = subprocess.PIPE, stdin = subprocess.PIPE, stderr = subprocess.PIPE, text=True ) def proc_in(proc,text): proc.stdin.write(text+"\n") proc.stdin.flush() def proc_out(proc): return proc.stdout.readline() ln = 1 # while True: # print(f"[{ln}]:",proc_out(proc)) # ln+=1 while ln < 12: proc_out(proc) ln+=1 p = int(proc_out(proc).strip().split(" ")[-1],16) g = int(proc_out(proc).strip().split(" ")[-1],16) root_key_d = int(proc_out(proc).strip().split(" ")[-1],16) root_certificate_b64 = proc_out(proc).strip().split(" ")[-1] root_certificate_signature_b64 = proc_out(proc).strip().split(" ")[-1] name = proc_out(proc).strip().split(" ")[-1] A = int(proc_out(proc).strip().split(" ")[-1],16) ln+=7 b = getrandbits(2048) B= pow(g, b, p) proc_in(proc,hex(B)) s = pow(A, b, p) key = SHA256Hash(s.to_bytes(256, "little")).digest()[:16] cipher = AES.new(key=key, mode=AES.MODE_CBC, iv=b"\0"*16) cipher_flag = AES.new(key=key, mode=AES.MODE_CBC, iv=b"\0"*16) def encrypt_input_b64(data): try: return base64.b64encode(cipher.encrypt(pad(data, cipher.block_size))).decode() except ValueError as e: print(f"{name}: {e}", file=sys.stderr) exit(1) user_key = RSA.generate(1024) user_certificate = { "name": name, "key": { "e": user_key.e, "n": user_key.n, }, "signer": "root", } # get root key n ,e root_certificate = base64.b64decode(root_certificate_b64) root_certificate = json.loads(root_certificate.decode()) root_key_e = int(root_certificate['key']['e']) root_key_n = int(root_certificate['key']['n']) user_certificate_data = json.dumps(user_certificate).encode() user_certificate_hash = SHA256Hash(user_certificate_data).digest() user_certificate_signature = pow( int.from_bytes(user_certificate_hash, "little"), root_key_d, root_key_n ).to_bytes(256, "little") user_signature_data = ( name.encode().ljust(256, b"\0") + A.to_bytes(256, "little") + B.to_bytes(256, "little") ) user_signature_hash = SHA256Hash(user_signature_data).digest() user_signature = pow( int.from_bytes(user_signature_hash, "little"), user_key.d, user_key.n ).to_bytes(256, "little") user_certificate_data = encrypt_input_b64(user_certificate_data) user_certificate_signature = encrypt_input_b64(user_certificate_signature) user_signature = encrypt_input_b64(user_signature) proc_in(proc,user_certificate_data) proc_in(proc,user_certificate_signature) proc_in(proc,user_signature ) flag = proc_out(proc).strip().split(" ")[-1] flag = base64.b64decode(flag) plaintext = cipher_flag.decrypt(flag) plaintext = unpad(plaintext,16) print("flag:",plaintext.decode()) print("=== STDERR ===", file=sys.stderr) print(proc.stderr.read(), file=sys.stderr)