通过公钥解密密文思路(256bits RSA)
256bit RSA公钥安全系数极低,只需要几分钟即可破解密文,本文综合其他文章记录了一次解密256bits RSA加密的密文的过程,仅作为备忘。
1.分解公钥,分解出n与e:
1.1使用openssl(红色标记是e与n)
1 qi@zhuandshao:~/download/iscc-ctf/RSA$ openssl rsa -pubin -text -modulus -in public.pem 2 3 Public-Key: (256 bit) 4 5 Modulus: 6 7 00:a4:10:06:de:fd:37:8b:73:95:b4:e2:eb:1e:c9: 8 9 bf:56:a6:1c:d9:c3:b5:a0:a7:35:28:52:1e:eb:2f: 10 11 b8:17:a7 12 13 Exponent: 65537 (0x10001) #e 14 15 Modulus=A41006DEFD378B7395B4E2EB1EC9BF56A61CD9C3B5A0A73528521EEB2FB817A7 #n 16 17 writing RSA key 18 19 -----BEGIN PUBLIC KEY----- 20 21 MDwwDQYJKoZIhvcNAQEBBQADKwAwKAIhAKQQBt79N4tzlbTi6x7Jv1amHNnDtaCn 22 23 NShSHusvuBenAgMBAAE= 24 25 -----END PUBLIC KEY----- 26 27 qi@zhuandshao:~/download/iscc-ctf/RSA$
1.2使用脚本
1 from Crypto.PublicKey import RSA 2 3 pub = RSA.importKey(open('xxx\public.pem').read()) 4 5 n = long(pub.n) 6 7 e = long(pub.e) 8 9 print n 10 11 print e
2.使用msieve来对n来分解因式p、q:(红色标记部分)
1 qi@zhuandshao:~/download/iscc-ctf/RSA$ msieve 0XA41006DEFD378B7395B4E2EB1EC9BF56A61CD9C3B5A0A73528521EEB2FB817A7 -v 2 3 4 Msieve v. 1.54 (SVN 1009) 5 6 Wed May 31 17:02:38 2017 7 8 random seeds: 31130210 1225946d 9 10 factoring 74207624142945242263057035287110983967646020057307828709587969646701361764263 (77 digits) 11 12 no P-1/P+1/ECM available, skipping 13 14 commencing quadratic sieve (77-digit input) 15 16 using multiplier of 7 17 18 using generic 32kb sieve core 19 20 sieve interval: 12 blocks of size 32768 21 22 processing polynomials in batches of 17 23 24 using a sieve bound of 921409 (36471 primes) 25 26 using large prime bound of 92140900 (26 bits) 27 28 using trial factoring cutoff of 26 bits 29 30 polynomial 'A' values have 10 factors 31 32 restarting with 19759 full and 186503 partial relations 33 34 35 36750 relations (19759 full + 16991 combined from 186503 partial), need 36567 36 37 sieving complete, commencing postprocessing 38 39 begin with 206262 relations 40 41 reduce to 51619 relations in 2 passes 42 43 attempting to read 51619 relations 44 45 recovered 51619 relations 46 47 recovered 38442 polynomials 48 49 attempting to build 36750 cycles 50 51 found 36750 cycles in 1 passes 52 53 distribution of cycle lengths: 54 55 length 1 : 19759 56 57 length 2 : 16991 58 59 largest cycle: 2 relations 60 61 matrix is 36471 x 36750 (5.3 MB) with weight 1099597 (29.92/col) 62 63 sparse part has weight 1099597 (29.92/col) 64 65 filtering completed in 4 passes 66 67 matrix is 24901 x 24965 (4.0 MB) with weight 837672 (33.55/col) 68 69 sparse part has weight 837672 (33.55/col) 70 71 saving the first 48 matrix rows for later 72 73 matrix includes 64 packed rows 74 75 matrix is 24853 x 24965 (2.6 MB) with weight 610638 (24.46/col) 76 77 sparse part has weight 441218 (17.67/col) 78 79 commencing Lanczos iteration 80 81 memory use: 2.7 MB 82 83 lanczos halted after 394 iterations (dim = 24853) 84 85 recovered 18 nontrivial dependencies 86 87 p39 factor: 258631601377848992211685134376492365269------------------->p 88 89 p39 factor: 286924040788547268861394901519826758027------------------->q 90 91 elapsed time 00:00:10 92 93 qi@zhuandshao:~/download/iscc-ctf/RSA$
3.使用脚本来生成私钥文件(修改红色部分)
1 import math 2 3 import sys 4 5 from Crypto.PublicKey import RSA 6 7 8 keypair = RSA.generate(1024) 9 10 11 keypair.p = 258631601377848992211685134376492365269 #msieve求解的p 12 13 keypair.q = 286924040788547268861394901519826758027 #msieve求解的q 14 15 keypair.e = 65537 #分解出的e 16 17 18 keypair.n = keypair.p * keypair.q 19 20 Qn = long((keypair.p-1) * (keypair.q-1)) 21 22 23 i = 1 24 25 while (True): 26 27 x = (Qn * i ) + 1 28 29 if (x % keypair.e == 0): 30 31 keypair.d = x / keypair.e 32 33 break 34 35 i += 1 36 37 38 private = open('private.pem','w') 39 40 private.write(keypair.exportKey()) 41 42 private.close()
4.使用生成的privete.pem私钥文件对密文解密
1 openssl rsautl -decrypt -in flag.enc -inkey private.pem -out flag
附录:
1.linux下安装msieve
sourceforgot上下载软件源代码包:
https://sourceforge.net/projects/msieve/
解压后
1 $ cd msieve-code/ 2 3 $make 4 5 to build: 6 7 make all 8 9 add 'WIN=1 if building on windows 10 11 add 'WIN64=1 if building on 64-bit windows 12 13 add 'ECM=1' if GMP-ECM is available (enables ECM) 14 15 add 'CUDA=1' for Nvidia graphics card support 16 17 add 'MPI=1' for parallel processing using MPI 18 19 add 'BOINC=1' to add BOINC wrapper 20 21 add 'NO_ZLIB=1' if you don't have zlib 22 23 $ make all ECM=1 #根据自己的配置进行选择
应该会报错gmp.h不存在,安装高精度数学库就可以啦。
2.linux安装gmp(高精度数学库)
环境:ubuntu 17.04
下载gmp-5.0.1的源代码,解压至gmp-5.0.1目录。
#lzip -d gmp-6.1.2.tar.lz #tar -xvf gmp-6.1.2.tar
su切换至超级用户权限。
./configure
--prefix=/usr --enable-cxx
提示:
checking
for suitable m4… configure: error:
No
usable m4 in $PATH or /usr/5bin (see config.log for
reasons).
根据提示查看config.log日志文件,发现文件太大,何处找原因呢?
没有办法,直接google搜索上面的英文提示。
居然马上就找到了资料解决这个问题,原来是缺少m4软件包。
查了一下m4是一个通用的宏处理器,由Brian
Kernighan 和Dennis
Ritchie设计。
apt-get
install build-essential
m4
安装完毕,其中的build-essential是ubuntu下用来解决安装g++/gcc编译环境依赖关系的软件包。
开始编译,安装gmp数学库。
1 ./configure --prefix=/usr --enable-cxx 2 make 3 make check 4 make install
参考资料:
1.256-bitRSA破解-实验吧
2.[翻译]初学者向导―GGNFS和MSIEVE分解因数-『外文翻译』-看雪安全论坛:http://bbs.pediy.com/thread-156206.htm
3.ubuntu10.4下安装和使用GMP高精度数学库:http://blog.csdn.net/bingqingsuimeng/article/details/12748341
收获的是成长
欢迎转载,并提出指导意见。转载请附上文章出处!!!