-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchall.sage
53 lines (40 loc) · 1.14 KB
/
chall.sage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/env sage
from secret import P1, Q1, a, b
from Crypto.Util.Padding import pad
from Crypto.Cipher import AES
P0 = P1 & ord('?')
Q0 = Q1 & ord('?')
assert is_prime(P0) and is_prime(P1)
assert is_prime(Q0) and is_prime(Q1)
class Chall:
def __init__(self, p, q):
self.p = p
self.q = q
self.n = p * q
self.E = EllipticCurve(Zmod(self.n), [a, b])
self.E1 = EllipticCurve(Zmod(p), [a, b])
# Not Implemented, but you get the point :D
self.G = E.random_point()
self.d = randint(1, 1 << 128) & (p >> 1)
self.Q = self.d * self.G
def expose(self):
print(self.n)
print(self.E1.order())
print(self.G.xy())
print(self.Q.xy())
def getkey(self):
return self.d
if __name__ == '__main__':
s = Chall(P0, Q0)
s.expose()
sd = s.getkey()
l = Chall(P1, Q1)
l.expose()
ld = l.getkey()
size = 16
flag = pad(open('flag.txt', 'rb').read(), size)
key = int(sd + ld)
key = key.to_bytes(size, byteorder='big')
cipher = AES.new(key, AES.MODE_ECB)
enc_flag = cipher.encrypt(flag).hex()
print(enc_flag)