by: Hacking

RSA is an asymmetric cryptosystem that used public and private key pairs.

  • Key Terms
  • Encrypt / Decrypt
  • Popular Tools
  • Known Vulnerabilities
    • Common Modulus

Key terms for crypto:

  • Ciphertext – the encrypted data.
  • Cipher – method of encrypting or decrypting data.
  • Plaintext – the data before encryption.
  • Encoding – a form of data representation, not encryption.
  • Key – a piece of information needed to decrypt.
  • Passphrase/password – used to protect a key.
  • Cryptanalysis – attacking cryptography with math.
  • Elliptic Curve Cryptography (ECC) – a more efficient encryption method than RSA.

Encrypt:Decrypt:

Note:

  • n is the modulus, and it is common on public and private keys.
  • The public key is e and n.
    • e is the public exponent or encryption exponent.
  • The private key is d and n.
    • d is the private exponent or decryption exponent.

Where:

  • n = p * q
    • p and q are large prime numbers.
    • n is a number.
  • m is the message.
    • Not encrypted data.
  • c is the cyphertext.
    • Encrypted data.

The inverse is also true: the public key can decrypt if the data was encrypted with the private key.

Additionally: in a mod b = c, the value c is the reminder of the division of a by b.

Popular tools for solving RSA crypto challenges in CTFs.

  • RsaCtfTools [Link].
  • RSATools [Link].
  • Pem2John [Link] from JohnTheRipper [Link].
  • Ssh2John [Link] from JohnTheRipper.

Cracking the password/passphrase of an SSH private key with RSA encryption:

wget https://raw.githubusercontent.com/openwall/john/bleeding-jumbo/run/ssh2john.py
python3 ssh2john.py id_rsa > id_rsa.hash
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa.hash

COMMONLY KNOWN WEAKINESS AND VULNERABILITIES

  • Common Modulus – It is a rare case in the real-world but popular in CTF and great for understanding the concepts of RSA [Link].

It requires knowing:

  • n
  • c1 and e1
  • c2 and e2
git clone https://github.com/Ganapati/RsaCtfTool.git
python3 RsaCtfTool/RsaCtfTool.py --createpub -n MODULUS -e E1 > key1.pub
python3 RsaCtfTool/RsaCtfTool.py --createpub -n MODULUS -e E2 > key2.pub
sed -i '1d' key1.pub
sed -i '1d' key2.pub

# From Hex to Base64
echo C1 | xxd -r -p | base64 > ct1.b64
echo C2 | xxd -r -p | base64 > ct2.b64

wget "https://raw.githubusercontent.com/HexPandaa/RSA-Common-Modulus-Attack/master/rsa-cm.py"
python3 rsa-cm.py -h
python3 rsa-cm.py -c1 ct1.b64 -c2 ct2.b64 -k1 key1.pub -k2 key2.pub