rants of a crypto geek


DEFCON quals Crypto 400 writeup: RSA, team: gn00bz

c0de@box:~/Desktop/c400$ cat pubkey.pem
-----BEGIN RSA PUBLIC KEY-----
MGgCYQDK2YRVfJfgOUMaImrXJ/DG1D7z1BhGnxs3UEmyKYQ+6fg7H5dzisJ09fYf
QB8h8ZE+S2S7MbVaONOYwN/tALE5LwiJcRxEs1nnl2xhf8xzTwbj6VwmR2CRtS9G
LnlBPbUCAwEAAQ==
-----END RSA PUBLIC KEY-----
c0de@box:~/Desktop/c400$ xxd blob.dat
0000000: 8d33 84e4 1159 8ef3 0d52 db86 eaf8 1af0 .3...Y...R......
0000010: 0028 a37d 9e6f 79b0 4ba3 feb6 64df 9441 .(.}.oy.K...d..A
0000020: 9bc0 bf3a af54 babd c3a7 2087 3d0a a428 ...:.T.... .=..(
0000030: bc28 3a5c 3ee7 228e b089 b6b4 7434 133f .(:\>.".....t4.?
0000040: b8f1 c870 889f 8f68 1ca1 c8e0 5de4 ee4f ...p...h....]..O
0000050: f915 6040 1cb3 2c77 619a c210 1ab7 da09 ..`@..,wa.......
c0de@box:~/Desktop/c400$

Well, we have a public key and a file, i guess it's straight away known what we
need to do: decrypt the blob with the private key, which we need to obtain.
So the public key looks short, maybe it is trivial or already factored, lets
try to extract the n (modulus) and e (public key exponent) from the pem file.
There is a nice tool called pkcs1-conv that is a part of nettle-bin package, we
can use it to convert the pem file to a s-expression file where we can read out
the parameters:

c0de@box:~/Desktop/c400$ pkcs1-conv pubkey.pem | xxd
0000000: 2831 303a 7075 626c 6963 2d6b 6579 2839 (10:public-key(9
0000010: 3a72 7361 2d70 6b63 7331 2831 3a6e 3937 :rsa-pkcs1(1:n97
0000020: 3a00 cad9 8455 7c97 e039 431a 226a d727 :....U|..9C."j.'
0000030: f0c6 d43e f3d4 1846 9f1b 3750 49b2 2984 ...>...F..7PI.).
0000040: 3ee9 f83b 1f97 738a c274 f5f6 1f40 1f21 >..;..s..t...@.!
0000050: f191 3e4b 64bb 31b5 5a38 d398 c0df ed00 ..>Kd.1.Z8......
0000060: b139 2f08 8971 1c44 b359 e797 6c61 7fcc .9/..q.D.Y..la..
0000070: 734f 06e3 e95c 2647 6091 b52f 462e 7941 sO...\&G`../F.yA
0000080: 3db5 2928 313a 6533 3a01 0001 2929 29 =.)(1:e3:...)))

So, the n part is from offset: 0x21 to 0x81

n = 0xcad984557c97e039431a226ad727f0c6d43ef3d418469f1b375049b229843ee9f83b1f9773
8ac274f5f61f401f21f1913e4b64bb31b55a38d398c0dfed00b1392f0889711c44b359e7976c617f
cc734f06e3e95c26476091b52f462e79413db5L

e is from offset 0x89 to 0x8b
e = 0x010001

lets put those into integers so we can see if they are all ready factored:

btw, i use ipython and my shell prompt is a *, so you don't get confused.

* int("0xcad984557c97e039431a226ad727f0c6d43ef3d418469f1b375049b229843ee9f83b1f9
7738ac274f5f61f401f21f1913e4b64bb31b55a38d398c0dfed00b1392f0889711c44b359e7976c6
17fcc734f06e3e95c26476091b52f462e79413db5",16)
123018668453011775513049495838496272077285356959533479219732245215172640050726
36575187452021997864693899564749427740638459251925573263034537315482685079170261
22142913461670429214311602221240479274737794080665351419597459856902143413L

* int("0x010001",16)
65537


open factordb and look up N:

http://www.factordb.com/search.php?query=123018668453011775513049495838496272077
28535695953347921973224521517264005072636575187452021997864693899564749427740638
45925192557326303453731548268507917026122142913461670429214311602221240479274737
794080665351419597459856902143413


you will find that it's all ready factored into:

33478071698956898786044169848212690817704794983713768568912431388982883793878002
287614711652531743087737814467999489

and

36746043666799590428244633799627952632279158164343087642676032283815739666511279
233373417143396810270092798736308917


so,that should be p and q, lets try to use that to decrypt the message.

Well, openssl can't work with p,q,n,e so i thought i needed to code an rsa imple
mentation, fortunately, i had an obsfucated RSA py script on my HDD, which takes p,q,n,e:

#!/usr/bin/python
from sys import*;from string import*;a=argv;[s,p,q]=filter(lambda x:x[:1]!=
'-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=l-d,l-1+d
while s:s=stdin.read(inb);s and map(stdout.write,map(lambda i,b=pow(reduce(
lambda x,y:(x<<8L)+y,map(ord,s)),e,n):chr(b>>8*i&255),range(o-1,-1,-1)))

(btw it's from: http://www.amk.ca/python/writing/crypto-curiosa)

For decryption the script takes arguments like: cat someting | ./rsa.py -d priva
te-exponent modulus

We need d, which is the private exponent, i opened up cryptool's RSA tools:
(http://www.cryptool.de/):

entered, p,q,n,e

Copied out d, and converted it to hex:

* hex(70381387210975121272896086889305548339683147827909544277947732339638648987
62508329442200795959685928525324324882022504974252629186167608868115969077433845
27001944888359578241816763079495533278518938372814827410628647251148091159553)


Ran the script:

c0de@box:~/Desktop/c400$ cat blob.dat | ./rsa.py -d 740de48760442835baad5e199045
3a9d16db7976d3f8bb98bf99c0c01cbe9b9c12b808c80683d1e346c16c79ac162874f28ca610c1b9
7e5e1ffae95725ce0c6b031c3e188b17187a793b322cc4004c568e76c9b258542ea2a2d6ecd462ff
f401 cad984557c97e039431a226ad727f0c6d43ef3d418469f1b375049b229843ee9f83b1f97738
ac274f5f61f401f21f1913e4b64bb31b55a38d398c0dfed00b1392f0889711c44b359e7976c617fc
c734f06e3e95c26476091b52f462e79413db5 | strings
u@HJ
how long until 1024 falls by the wayside?


And the key is: how long until 1024 falls by the wayside?
IMHO, that was one of the coolest challenges :)

Posted: 25.5.2010

Don't close firefox when closing last tab

Open about:config in firefox, set the value of "browser.tabs.closeWindowWithLastTab" to FALSE

Posted: 17.4.2010

Enable serial console on any linux box with a serial port:

For terminal access/login only:
Find and uncomment, or add at the end of /etc/inittab file this line:

T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100

Reboot, connect a nullmodem cable to the server and your console, fire up minicom or use screen to connect to the server: the speed will be 115200, 8n1 config. If you have screen, just type:

screen /dev/ttyUSB0 115200 8N1

that should be it, you should be able to connect to the server. But, this doesn't work for the bootup proces and grub. So for more info, like how to enable grub output or how to use a modem as a console and other cool stuff:
http://tldp.org/HOWTO/Remote-Serial-Console-HOWTO/

Use screen for a serial (null-modem) connection

Minicom is really great, but sometimes just too much.

So, here is the snippet to open a serial connection to /dev/ttyUSB0 with speed 115200 and 8N1

screen /dev/ttyUSB0 115200 8N1

Tweak cpufreq for a more responsive system

Well, this should be useless to most people, but if you use a netbook with a low powered processor, you know that some distros lag the cpufreq scaling. Why? They "shift up" from a lower frequency to a higher one when a certain load is met.

For example:
tony@netbook:~$ cat /sys/devices/system/cpu/cpu0/cpufreq/ondemand/up_threshold
95

Well, you can simply change it to something more of your liking:

root@netbook:/etc# echo 40 > /sys/devices/system/cpu/cpu0/cpufreq/ondemand/up_threshold

I find the cpufreq shifting up better with the value 40, so the machine much more responsive on some occasions (youtube for example).

SSHFS mountscripts

This is a really lame script that mounts my sshfs. Run it once, a disk is mounted. Run it again, disk is unmounted. Put it somewhere where you have your scripts because it creates a status file.

I really think it doesn't need any explanation...

#!/bin/bash

### test if sshmount.pid exists

file="./sshmount.pid"

if [ -e $file ]; then
fusermount -u /media/sshfs/
rm $file
else
sshfs -p PORT USERNAME@HOSTNAME:/REMOTEPATH /media/sshfs
touch $file
fi

Install OpenVAS, ubuntu karmic

s instructions are for Ubuntu Karmic, should work on most debian like distros.

Get the OpenVAS 3.0 packages from OpenVAS site:
wget http://wald.intevation.org/frs/download.php/683/openvas-libraries-3.0.0.tar.gz http://wald.intevation.org/frs/download.php/684/openvas-scanner-3.0.0.tar.gz http://wald.intevation.org/frs/download.php/685/openvas-client-3.0.0.tar.gz


you need some extra stuff to successfully compile openvas*

sudo aptitude update
sudo aptitude install build-essential cmake libglib2.0-dev libgcrypt-dev libgpgme11-dev bison gnutls-dev libgtk2.0-dev


tar xvf openvas-libraries-3.0.0.tar.gz
cd openvas-libraries-3.0.0

./configure
make
sudo make install

 --------------------------------------------------------------
 openvas-libraries has been successfully installed.
 Make sure that /usr/local/bin is in your PATH before you
 continue
 Be sure to add /usr/local/lib in /etc/ld.so.conf and type 'ldconfig'
 --------------------------------------------------------------

/usr/local/bin should be in your path, just add a "include /usr/local/lib" line into /etc/ld.so.conf and do sudo ldconfig

untar the last 2 files (tar xvf openvas-scanner* openvas-client*)

cd to each folder and run:
./configure
make
sudo make install

add a user:
sudo openvas-adduser

make a cert:
sudo openvas-mkcert

update the nvt base:
sudo openvas-nvt-sync


run the daemon (i like the daemon in the foreground, so i add the -f flag):
openvassd -f


And, you're set... Thats the whole deal. Now, just run the client:
OpenVAS-Client

Downloads:


Misc PDF's:
iptables cheat sheet
nmap cheat sheet


Talk slides:
OpenSource Privacy - Cluc 2009 Talk

Misc:
A big wordlist that i made

Other usefull stuff i found on the net:
iptables tut
tcpwrappers tut
: