rants of a crypto geek

DEFCON quals Crypto 400 writeup: RSA, team: gn00bz

c0de@box:~/Desktop/c400$ cat pubkey.pem
c0de@box:~/Desktop/c400$ xxd blob.dat
0000000: 8d33 84e4 1159 8ef3 0d52 db86 eaf8 1af0 .3...Y...R......
0000010: 0028 a37d 9e6f 79b0 4ba3 feb6 64df 9441 .(.}.oy.K...d..A
0000020: 9bc0 bf3a af54 babd c3a7 2087 3d0a a428 ...:.T.... .=..(
0000030: bc28 3a5c 3ee7 228e b089 b6b4 7434 133f .(:\>.".....t4.?
0000040: b8f1 c870 889f 8f68 1ca1 c8e0 5de4 ee4f ...p...h....]..O
0000050: f915 6040 1cb3 2c77 619a c210 1ab7 da09 ..`@..,wa.......

Well, we have a public key and a file, i guess it's straight away known what we
need to do: decrypt the blob with the private key, which we need to obtain.
So the public key looks short, maybe it is trivial or already factored, lets
try to extract the n (modulus) and e (public key exponent) from the pem file.
There is a nice tool called pkcs1-conv that is a part of nettle-bin package, we
can use it to convert the pem file to a s-expression file where we can read out
the parameters:

c0de@box:~/Desktop/c400$ pkcs1-conv pubkey.pem | xxd
0000000: 2831 303a 7075 626c 6963 2d6b 6579 2839 (10:public-key(9
0000010: 3a72 7361 2d70 6b63 7331 2831 3a6e 3937 :rsa-pkcs1(1:n97
0000020: 3a00 cad9 8455 7c97 e039 431a 226a d727 :....U|..9C."j.'
0000030: f0c6 d43e f3d4 1846 9f1b 3750 49b2 2984 ...>...F..7PI.).
0000040: 3ee9 f83b 1f97 738a c274 f5f6 1f40 1f21 >..;..s..t...@.!
0000050: f191 3e4b 64bb 31b5 5a38 d398 c0df ed00 ..>Kd.1.Z8......
0000060: b139 2f08 8971 1c44 b359 e797 6c61 7fcc .9/..q.D.Y..la..
0000070: 734f 06e3 e95c 2647 6091 b52f 462e 7941 sO...\&G`../F.yA
0000080: 3db5 2928 313a 6533 3a01 0001 2929 29 =.)(1:e3:...)))

So, the n part is from offset: 0x21 to 0x81

n = 0xcad984557c97e039431a226ad727f0c6d43ef3d418469f1b375049b229843ee9f83b1f9773

e is from offset 0x89 to 0x8b
e = 0x010001

lets put those into integers so we can see if they are all ready factored:

btw, i use ipython and my shell prompt is a *, so you don't get confused.

* int("0xcad984557c97e039431a226ad727f0c6d43ef3d418469f1b375049b229843ee9f83b1f9

* int("0x010001",16)

open factordb and look up N:


you will find that it's all ready factored into:




so,that should be p and q, lets try to use that to decrypt the message.

Well, openssl can't work with p,q,n,e so i thought i needed to code an rsa imple
mentation, fortunately, i had an obsfucated RSA py script on my HDD, which takes p,q,n,e:

from sys import*;from string import*;a=argv;[s,p,q]=filter(lambda x:x[:1]!=
'-',a);d='-d'in a;e,n=atol(p,16),atol(q,16);l=(len(q)+1)/2;o,inb=l-d,l-1+d
while s:s=stdin.read(inb);s and map(stdout.write,map(lambda i,b=pow(reduce(
lambda x,y:(x<<8L)+y,map(ord,s)),e,n):chr(b>>8*i&255),range(o-1,-1,-1)))

(btw it's from: http://www.amk.ca/python/writing/crypto-curiosa)

For decryption the script takes arguments like: cat someting | ./rsa.py -d priva
te-exponent modulus

We need d, which is the private exponent, i opened up cryptool's RSA tools:

entered, p,q,n,e

Copied out d, and converted it to hex:

* hex(70381387210975121272896086889305548339683147827909544277947732339638648987

Ran the script:

c0de@box:~/Desktop/c400$ cat blob.dat | ./rsa.py -d 740de48760442835baad5e199045
f401 cad984557c97e039431a226ad727f0c6d43ef3d418469f1b375049b229843ee9f83b1f97738
c734f06e3e95c26476091b52f462e79413db5 | strings
how long until 1024 falls by the wayside?

And the key is: how long until 1024 falls by the wayside?
IMHO, that was one of the coolest challenges :)

Posted: 25.5.2010

Don't close firefox when closing last tab

Open about:config in firefox, set the value of "browser.tabs.closeWindowWithLastTab" to FALSE

Posted: 17.4.2010

Enable serial console on any linux box with a serial port:

For terminal access/login only:
Find and uncomment, or add at the end of /etc/inittab file this line:

T0:23:respawn:/sbin/getty -L ttyS0 115200 vt100

Reboot, connect a nullmodem cable to the server and your console, fire up minicom or use screen to connect to the server: the speed will be 115200, 8n1 config. If you have screen, just type:

screen /dev/ttyUSB0 115200 8N1

that should be it, you should be able to connect to the server. But, this doesn't work for the bootup proces and grub. So for more info, like how to enable grub output or how to use a modem as a console and other cool stuff:

Use screen for a serial (null-modem) connection

Minicom is really great, but sometimes just too much.

So, here is the snippet to open a serial connection to /dev/ttyUSB0 with speed 115200 and 8N1

screen /dev/ttyUSB0 115200 8N1

Tweak cpufreq for a more responsive system

Well, this should be useless to most people, but if you use a netbook with a low powered processor, you know that some distros lag the cpufreq scaling. Why? They "shift up" from a lower frequency to a higher one when a certain load is met.

For example:
tony@netbook:~$ cat /sys/devices/system/cpu/cpu0/cpufreq/ondemand/up_threshold

Well, you can simply change it to something more of your liking:

root@netbook:/etc# echo 40 > /sys/devices/system/cpu/cpu0/cpufreq/ondemand/up_threshold

I find the cpufreq shifting up better with the value 40, so the machine much more responsive on some occasions (youtube for example).

SSHFS mountscripts

This is a really lame script that mounts my sshfs. Run it once, a disk is mounted. Run it again, disk is unmounted. Put it somewhere where you have your scripts because it creates a status file.

I really think it doesn't need any explanation...


### test if sshmount.pid exists


if [ -e $file ]; then
fusermount -u /media/sshfs/
rm $file
touch $file

Install OpenVAS, ubuntu karmic

s instructions are for Ubuntu Karmic, should work on most debian like distros.

Get the OpenVAS 3.0 packages from OpenVAS site:
wget http://wald.intevation.org/frs/download.php/683/openvas-libraries-3.0.0.tar.gz http://wald.intevation.org/frs/download.php/684/openvas-scanner-3.0.0.tar.gz http://wald.intevation.org/frs/download.php/685/openvas-client-3.0.0.tar.gz

you need some extra stuff to successfully compile openvas*

sudo aptitude update
sudo aptitude install build-essential cmake libglib2.0-dev libgcrypt-dev libgpgme11-dev bison gnutls-dev libgtk2.0-dev

tar xvf openvas-libraries-3.0.0.tar.gz
cd openvas-libraries-3.0.0

sudo make install

 openvas-libraries has been successfully installed.
 Make sure that /usr/local/bin is in your PATH before you
 Be sure to add /usr/local/lib in /etc/ld.so.conf and type 'ldconfig'

/usr/local/bin should be in your path, just add a "include /usr/local/lib" line into /etc/ld.so.conf and do sudo ldconfig

untar the last 2 files (tar xvf openvas-scanner* openvas-client*)

cd to each folder and run:
sudo make install

add a user:
sudo openvas-adduser

make a cert:
sudo openvas-mkcert

update the nvt base:
sudo openvas-nvt-sync

run the daemon (i like the daemon in the foreground, so i add the -f flag):
openvassd -f

And, you're set... Thats the whole deal. Now, just run the client:


Misc PDF's:
iptables cheat sheet
nmap cheat sheet

Talk slides:
OpenSource Privacy - Cluc 2009 Talk

A big wordlist that i made

Other usefull stuff i found on the net:
iptables tut
tcpwrappers tut