# X-CTF Quals 2016 - Fact0r!z3 and Fact0r!z3_aga!n (Crypto)

X-CTF is a capture the flag competition in Singapore organized by NUS Greyhats. The online qualifiers took place over the weekend of 9 - 10 April 2016. Halfway through the competition, we realize that the challenges were solved pretty quickly by the participants, and thus I wrote some new challenges. The following two challenges were by me.

# Fact0r!z3

Category: Crypto
Description Can you decrypt this?
Encrypted.zip.

# Solution

This is a simple challenge, I made this as a prequel to the next challenge. The solution is to factorize the modulus value of the RSA public key, allowing you to calculate the decryption key.

It’s quite obvious that we’re suppose to decrypt flag.enc in order to obtain the flag.

Using OpenSSL, we can obtain the content of the public key.

Using some python kungfu, we can obtain the Integer value of the Modulus to give : 207006830488235668671955689390815624796833363161842587562758966652474780634716637447867252305688653008916026906416134119860202636965181

Throw this into factordb.com, and we can see that this modulus value is easily factorized.

Using RSAtool.py, we can reconstruct the private key file, allowing us to decrypt flag.enc.

And we got the flag for the first part! XCTF{S33MZ_L!K3_Y0U_fact0r!zed_!T}

# Fact0r!z3_aga!n

Category: Crypto
Description Can you decrypt it this time? A litle bird told me that if the d value is small, it would be possible.
Encrypted.zip.

This is the sequel to the previous challenge and as the sequel, it is considered more difficult. Likewise like the previous challenge, the objective of this challenge is to factorize the modulus value of the public key in order to reconstruct the private key.

There’s an additional hint provided here as well. A litle bird told me that if the d value is small, it would be possible.
This was hinting that the d value is small, and that certain RSA attack would work as the d value is smaller. In this case Wiener’s attack was possible as $% $.

Following the same steps as the previous challenge, we first obtain the modulus and e values of the public key.

Googling around leads to a python script for the Wiener’s attack on a popular CTF team’s blog BalalaikaCr3w.

Running the script with the n and e value quickly provides us with the corresponding p and q values needed to reconstruct the private key.

The following parts are done similar to the previous challenge.

And we got the flag for the second part! XCTF{I_LIKE_SAUSAG3S_D0_Y0U}

Hope you enjoyed the challenge, I’ll be writing the write up for b0verfl0w soon.