pico2024 rsa oracle

Martin Carlisle

22 Jun 202405:13

Summary

TLDRThe script describes an RSA encryption attack where an attacker intercepts communication between a bank and a fintech company, obtaining an encrypted message and its password. They discover an oracle that can decrypt any message except the password itself. Using a chosen plaintext attack, they exploit RSA's properties by encrypting a known value, multiplying it by the encrypted message, and then using the oracle to decrypt the result. This allows them to retrieve the original message by dividing by the known value. The script also highlights the importance of padding and random bits in secure RSA implementations.

Takeaways

🔐 The attacker intercepted communications between a bank and a fintech company, obtaining a message and its encryption password.
🕵️‍♂️ The attacker discovered an RSA oracle used by the bank for encryption, which can be exploited.
💻 The attacker used a netcat command to interact with the oracle and attempted to decrypt the password.
🚫 The oracle could not decrypt the password but could decrypt other messages, indicating a chosen plaintext attack scenario.
🔑 RSA encryption involves raising a message to the power of 'E' modulo 'n', a mathematical operation used in the attack.
🤖 The attacker crafted a custom message to exploit the RSA algorithm's properties, multiplying '2' raised to 'E' mod 'n' by the encrypted message.
🔄 The attacker used the oracle to decrypt the crafted message and then divided the result by '2' to retrieve the original message.
💡 A Python script was used to automate the interaction with the oracle, handling the encryption and decryption processes.
🔒 The final step involved using OpenSSL to decrypt the message with the obtained key, revealing the flag.
📚 The importance of implementing chosen plaintext security in cryptographic systems was highlighted to prevent such attacks.

Q & A

What is an RSA Oracle and how can it be abused?
-An RSA Oracle is a service that can decrypt messages encrypted with RSA, but it has a limitation that it cannot decrypt the password itself. It can be abused by an attacker who intercepts a message and its password, then uses the oracle to decrypt the message by exploiting the properties of RSA encryption.
What is a chosen plaintext attack?
-A chosen plaintext attack is a type of cryptographic attack where the attacker can choose arbitrary plaintexts and obtain their corresponding ciphertexts. This can help the attacker gain information about the encryption scheme and potentially find weaknesses to exploit.
Why is it important to include random bits and padding in RSA encryption?
-Including random bits and padding in RSA encryption is crucial for security. It prevents attacks like the one described in the script by ensuring that the same plaintext does not always encrypt to the same ciphertext, which would otherwise allow an attacker to deduce patterns and potentially decrypt messages.
What is the significance of the 'netcat' tool mentioned in the script?
-Netcat is a utility used for reading from and writing to network connections using TCP or UDP. In the context of the script, it is used to interact with the RSA Oracle to encrypt and decrypt messages.
What does 'Titan Pico cf. net5 6192' refer to in the script?
-This appears to be a reference to a specific network address and port number ('Titan Pico' could be a hostname or an alias, 'cf' might be a typo or part of the address, and 'net5 6192' is likely the port number) where the RSA Oracle service is running and can be accessed via netcat.
How does the script describe the process of decrypting the intercepted message?
-The script describes a process where the attacker uses the RSA Oracle to decrypt the message by first encrypting the number '2' using the same public key, then multiplying the result by the intercepted ciphertext (which is the message encrypted with the same key). The oracle decrypts this combined value, and the attacker divides the result by two to obtain the original message.
What is the role of the Python program in the script?
-The Python program is used to automate the process of interacting with the RSA Oracle. It connects to the Oracle, sends the necessary commands to encrypt and decrypt messages, and performs the mathematical operations required to exploit the RSA encryption.
What does the script mean by '2m to the EOD n'?
-This is a shorthand way of describing the mathematical operation where the number '2' is raised to the power of 'E' modulo 'n', then multiplied by the message 'm' raised to the power of 'E' modulo 'n'. This operation is part of the attack to exploit the RSA Oracle.
Why is OpenSSL used at the end of the script?
-OpenSSL is used to decrypt the final message using the decrypted key obtained from the RSA Oracle. The script specifies using OpenSSL with a 256-bit Cipher Block Chaining (CBC) mode to decrypt the message with the key 'da99'.
What is the significance of the flag mentioned in the script?
-In the context of cybersecurity, a 'flag' often refers to a piece of data that serves as a proof of successful exploitation or completion of a challenge. In this script, the flag is the final piece of information that the attacker retrieves after decrypting the message.