Automne's Shadow.

SECCONCTF 2017 Very Smooth WriteUp

2019/04/27 Share

Crypto

题目给了流量包:s.pcap

wireshark打开后发现以https流量为主,将ssl的证书导出为smooth.der

automne

导出后使用openssl查看其公钥(N,e)

openssl x509 -inform DER -in smooth.der -text

如下图所示:

automne

将Modulus,即N的值保存为modulus.txt,接着进行处理:

cat modulus.txt | sed -e s/://g | tr -d '\n'

处理后得到N:

00d546aa825cf61de97765f464fbfe4889ad8bf2f25a2175d02c8b6f2ac0c5c27b67035aec192b3741dd1f4d127531b07ab012eb86241c09c081499e69ef5aeac78dc6230d475da7ee17f02f63b6f09a2d381df9b6928e8d9e0747feba248bffdff89cdfaf4771658919b6981c9e1428e9a53425ca2a310aa6d760833118ee0d71

将其转换为整数:

149767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897

直接使用yafu去分解好像不可行,这里介绍了一个新工具:primefac

使用 pip install primefac 即可安装

直接分解:

1
2
3
python -m primefac 149767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897

149767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897: 11807485231629132025602991324007150366908229752508016230400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 12684117323636134264468162714319298445454220244413621344524758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897

分解成功之后,也就意味着私钥是可以求出来的,但是这里因为要生成一个私钥文件,所以使用
rsatool来做处理。

使用 git clone https://github.com/ius/rsatool.git进行安装

接下来使用rsatool生成私钥:

1
python rsatool.py -n 49767527975084886970446073530848114556615616489502613024958495602726912268566044330103850191720149622479290535294679429142532379851252608925587476670908668848275349192719279981470382501117310509432417895412013324758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897 -p 11807485231629132025602991324007150366908229752508016230400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001 -q 12684117323636134264468162714319298445454220244413621344524758865071052169170753552224766744798369054498758364258656141800253652826603727552918575175830897 -e 65537 -v DER -o privkey.cert

私钥内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDVRqqCXPYd6Xdl9GT7/kiJrYvy8lohddAsi28qwMXCe2cDWuwZKzdB3R9NEnUx
sHqwEuuGJBwJwIFJnmnvWurHjcYjDUddp+4X8C9jtvCaLTgd+baSjo2eB0f+uiSL/9/4nN+vR3Fl
iRm2mByeFCjppTQlyioxCqbXYIMxGO4NcQIDAQABAoGAPQ26uBD2n79636Pj2MOFbmxQ+N5p8NQy
IN5Vl46RzkfXSH2Zwua9LcyoLj8Pb4cOyCLSa5cgs6X5HOMNfmivdqUALjAm67P5h8aSDlpViYVR
R4drg+LcWgfYZyVjpjGFX2d3ebo7rpC//wAA//8AAP//AAD//wAA//8AAP//AAECQQDhcckcnndf
BoAtg8vyFkOhN7V2pYLh/uW74VZrpcUyQAcX36ohIiKcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
AkEA8i6si1r5GmXwNUQbk9ciJpsbgHkyvMdO/ahcHSuPNbeefWo4E/b3GxW2mByeFCjppTQlyiox
CqbXYIMxGO4NcQJBAIMVQBSN52avRvQv//OhEm25EKAOGI4DQdz+Zttspb5UEEvHVwqw6GLn/wAA
//8AAP//AAD//wAA//8AAP//AAECQQCLpbo8yQJm5Gz0agd04lKA7GOZW0mUbWDxB0nGUD3N/clY
DA22BWxLo+OcJrRIb6b6ae14e4e32qjKsBt5gpshAkBes+o6cqWQ+cjzIajq0+Buo0xj58wJk6Hl
mhlfXHqXiraaWHqSC6BFRNaEnOokajrgRxHAliX1/ONrPe+djahQ
-----END RSA PRIVATE KEY-----

私钥有了之后,打开wireshark,Edit >> Preference >> Protocol >> SSL里加载私钥文件,就能够还原SSL流量了

automne

automne

从还原的流量里读到了flag:

Answer: One of these primes is very smooth.
CATALOG