HTB - ReMeeting the Wheel (Challenge)
by x1rx - Tuesday September 3, 2024 at 12:24 PM
#1
let's discuss the challenge
Reply
#2
(09-03-2024, 12:24 PM)x1rx Wrote: let's discuss the challenge

I have not solved it, but I think enumerating the e-th power mod n of the numbers between $2^{20}$ ~ $2^{21}$, and then finding the other (modular inverse element) by enumerating one of the numbers should give you the flag
Reply
#3
I havent checked it out but will look into it. always love testing my weakish skills
Reply
#4
(09-03-2024, 04:02 PM)macavitysworld Wrote:
(09-03-2024, 12:24 PM)x1rx Wrote: let's discuss the challenge

I have not solved it, but I think enumerating the e-th power mod n of the numbers between $2^{20}$ ~ $2^{21}$, and then finding the other (modular inverse element) by enumerating one of the numbers should give you the flag

abolutely yes , it is the way of solving it
Thanks bro

from tqdm import tqdm import gmpy2 from hashlib import sha256 from Crypto.Cipher import AES from Crypto.Util.Padding import unpad import binascii # Constants e = 65537 n = 72741423208033405403492275698762968936514657314823442485453559870105200118330405900858299998747406127848670334407387228444029070060538220448699667905891284937839901536444798774307744865631349770845980738192442639071823803272283670943732769371979418893953521892212745135191661138195973757608889180051128601323 c = int(     "4da0230d2b8b46e3a7065f32c46df019739cc002a208cc37767a82c3e94edfc3440fa4b24a32274e35d5ddceaa33505c4f2a57281c3a5d6d4db3a0dbdbb30dbf373241319ce4a7fdd1780b6bafc86e37d283c9f9787c567434e2fc29c988fb05fd411fe4453ea40eb45fc41a423839b485e238dd2530fba284e9b07a0bba6546",     16, ) encrypted_flag = binascii.unhexlify(     "ce8f36aa844ab00319bcd4f86460a10d77492c060b2c2a91615f4cd1f2d0702e76b68f1ec0f11d15704ba52c5dacc60018d5ed87368464acd030ce6230efdbff7b18cba72ccaa9455a6fe6021b908dd1" ) START = 2**20 END = 2**21 def decrypt_aes_flag(k1, k2, encrypted_flag):     """Decrypt the AES-encrypted flag given k1 and k2."""     k = k1 * k2     if not (40 <= k.bit_length() <= 42):         return None     aes_key = sha256(str(k).encode()).digest()     cipher = AES.new(aes_key, AES.MODE_ECB)     try:         decrypted_flag = unpad(cipher.decrypt(encrypted_flag), 16)         return decrypted_flag     except ValueError:         return None def precompute_k1_powers():     """Precompute k1^e % n for all k1 in the range [START, END)."""     k1_powers = {}     for k1 in tqdm(range(START, END), desc="Precomputing k1^e % n"):         k1_pow_e_mod_n = pow(k1, e, n)         k1_powers.setdefault(k1_pow_e_mod_n, []).append(k1)     return k1_powers def find_k2_for_k1(k1_pow_e_mod_n, k1, k1_powers):     """Find all possible k2 values given k1^e % n and k1."""     k1_pow_e_inv = gmpy2.invert(k1_pow_e_mod_n, n)     if k1_pow_e_inv is None:         return []     k2_pow_e_mod_n = (c * k1_pow_e_inv) % n     return k1_powers.get(k2_pow_e_mod_n, []) def brute_force_decryption():     """Brute force search for k1 and k2 to decrypt the flag."""     k1_powers = precompute_k1_powers()     for k1 in tqdm(range(START, END), desc="Searching for k1 and k2"):         k1_pow_e_mod_n = pow(k1, e, n)         k2_list = find_k2_for_k1(k1_pow_e_mod_n, k1, k1_powers)         for k2 in k2_list:             decrypted_flag = decrypt_aes_flag(k1, k2, encrypted_flag)             if decrypted_flag:                 return format_flag(decrypted_flag) def format_flag(decrypted_flag):     """Format the decrypted flag for output."""     try:         return decrypted_flag.decode('utf-8', errors='replace')     except UnicodeDecodeError:         return binascii.hexlify(decrypted_flag).decode() if __name__ == "__main__":     flag = brute_force_decryption()     if flag:         print(f"Decrypted flag: {flag}")     else:         print("Flag not found.")
Reply
#5
^ thx dude, nice work
Reply
#6
thanks bro for the sharing
Reply
#7
Thanks for sharing, dude!
Much appreciated!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 90,836 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HTB-ProLabs APTLABS Just Flags kewlsunny 23 4,303 03-28-2026, 03:30 AM
Last Post: lulaladrow
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 87 9,466 03-27-2026, 07:22 PM
Last Post: stn
  HTB Eloquia User and Root Flags - Insane Box 69646B 13 2,289 03-27-2026, 06:14 PM
Last Post: vlxw
  HTB - ALL Challenges you Stuck in osamy7593 2 2,587 03-27-2026, 04:24 PM
Last Post: catsweet



 Users browsing this thread: