pico2024 rsa oracle
Summary
TLDRThe script describes an RSA encryption attack where an attacker intercepts communication between a bank and a fintech company, obtaining an encrypted message and its password. They discover an oracle that can decrypt any message except the password itself. Using a chosen plaintext attack, they exploit RSA's properties by encrypting a known value, multiplying it by the encrypted message, and then using the oracle to decrypt the result. This allows them to retrieve the original message by dividing by the known value. The script also highlights the importance of padding and random bits in secure RSA implementations.
Takeaways
- 🔐 The attacker intercepted communications between a bank and a fintech company, obtaining a message and its encryption password.
- 🕵️♂️ The attacker discovered an RSA oracle used by the bank for encryption, which can be exploited.
- 💻 The attacker used a netcat command to interact with the oracle and attempted to decrypt the password.
- 🚫 The oracle could not decrypt the password but could decrypt other messages, indicating a chosen plaintext attack scenario.
- 🔑 RSA encryption involves raising a message to the power of 'E' modulo 'n', a mathematical operation used in the attack.
- 🤖 The attacker crafted a custom message to exploit the RSA algorithm's properties, multiplying '2' raised to 'E' mod 'n' by the encrypted message.
- 🔄 The attacker used the oracle to decrypt the crafted message and then divided the result by '2' to retrieve the original message.
- 💡 A Python script was used to automate the interaction with the oracle, handling the encryption and decryption processes.
- 🔒 The final step involved using OpenSSL to decrypt the message with the obtained key, revealing the flag.
- 📚 The importance of implementing chosen plaintext security in cryptographic systems was highlighted to prevent such attacks.
Q & A
What is an RSA Oracle and how can it be abused?
-An RSA Oracle is a service that can decrypt messages encrypted with RSA, but it has a limitation that it cannot decrypt the password itself. It can be abused by an attacker who intercepts a message and its password, then uses the oracle to decrypt the message by exploiting the properties of RSA encryption.
What is a chosen plaintext attack?
-A chosen plaintext attack is a type of cryptographic attack where the attacker can choose arbitrary plaintexts and obtain their corresponding ciphertexts. This can help the attacker gain information about the encryption scheme and potentially find weaknesses to exploit.
Why is it important to include random bits and padding in RSA encryption?
-Including random bits and padding in RSA encryption is crucial for security. It prevents attacks like the one described in the script by ensuring that the same plaintext does not always encrypt to the same ciphertext, which would otherwise allow an attacker to deduce patterns and potentially decrypt messages.
What is the significance of the 'netcat' tool mentioned in the script?
-Netcat is a utility used for reading from and writing to network connections using TCP or UDP. In the context of the script, it is used to interact with the RSA Oracle to encrypt and decrypt messages.
What does 'Titan Pico cf. net5 6192' refer to in the script?
-This appears to be a reference to a specific network address and port number ('Titan Pico' could be a hostname or an alias, 'cf' might be a typo or part of the address, and 'net5 6192' is likely the port number) where the RSA Oracle service is running and can be accessed via netcat.
How does the script describe the process of decrypting the intercepted message?
-The script describes a process where the attacker uses the RSA Oracle to decrypt the message by first encrypting the number '2' using the same public key, then multiplying the result by the intercepted ciphertext (which is the message encrypted with the same key). The oracle decrypts this combined value, and the attacker divides the result by two to obtain the original message.
What is the role of the Python program in the script?
-The Python program is used to automate the process of interacting with the RSA Oracle. It connects to the Oracle, sends the necessary commands to encrypt and decrypt messages, and performs the mathematical operations required to exploit the RSA encryption.
What does the script mean by '2m to the EOD n'?
-This is a shorthand way of describing the mathematical operation where the number '2' is raised to the power of 'E' modulo 'n', then multiplied by the message 'm' raised to the power of 'E' modulo 'n'. This operation is part of the attack to exploit the RSA Oracle.
Why is OpenSSL used at the end of the script?
-OpenSSL is used to decrypt the final message using the decrypted key obtained from the RSA Oracle. The script specifies using OpenSSL with a 256-bit Cipher Block Chaining (CBC) mode to decrypt the message with the key 'da99'.
What is the significance of the flag mentioned in the script?
-In the context of cybersecurity, a 'flag' often refers to a piece of data that serves as a proof of successful exploitation or completion of a challenge. In this script, the flag is the final piece of information that the attacker retrieves after decrypting the message.
Outlines
🔐 RSA Encryption and Decryption Process
The script describes an RSA encryption scenario where an attacker intercepts communications between a bank and a fintech company, obtaining an encrypted message and the password used for encryption. The attacker discovers an oracle that can encrypt messages but not decrypt the password. This leads to a chosen plaintext attack where the attacker uses the oracle's encryption capability to decrypt the intercepted message. The script explains the use of netcat to communicate with a server that can encrypt messages. It also touches on the importance of padding and random bits in RSA encryption for a secure cryptosystem. The attacker then demonstrates how to exploit RSA properties by encrypting a known value, multiplying it by the encrypted message, and using the oracle to decrypt the result, which is then divided by the known value to obtain the original message. The process involves using Python and connecting to a server to perform these operations.
🚩 Decrypting to Reveal the Flag
The second paragraph briefly mentions the process of decrypting the intercepted message using OpenSSL with a 256-bit CBC cipher block chaining mode. The key used for decryption is derived from the previous decryption process. The result of this decryption is the flag, which is presumably the objective of the attacker's efforts. This paragraph serves as a conclusion to the script, indicating the successful extraction of the flag after the decryption process.
Mindmap
Keywords
💡RSA Oracle
💡Chosen Plaintext Attack
💡Netcat
💡Padding
💡Modular Exponentiation
💡Hexadecimal
💡ASN.1
💡Crypto System
💡Flag
💡OpenSSL
💡CBC
Highlights
Attacker intercepted communications between a bank and a fintech company.
The attacker obtained a message and the password used to encrypt it.
The bank's oracle was identified as a potential vulnerability.
The oracle could decrypt anything except the password, indicating a chosen plaintext attack scenario.
The necessity for a real RSA implementation to include random bits and padding is emphasized.
The process of using netcat to connect to the oracle for encryption and decryption is described.
The attacker's inability to decrypt the password directly is highlighted.
A strategy to exploit RSA properties by encrypting '2' and multiplying it by the encrypted message is outlined.
The attacker's use of a Python program to automate the decryption process is mentioned.
The attacker connects to Titan Pico to encrypt a message using RSA.
The process of encrypting '2' and multiplying it by the encrypted message to exploit the oracle is detailed.
The attacker decrypts the manipulated message to obtain the original message.
The use of OpenSSL to decrypt the final message and reveal the flag is explained.
The importance of chosen plaintext security in a useful crypto system is reiterated.
The final flag is obtained after decrypting the message with OpenSSL.
The transcript concludes with additional points on the attack's success.
Transcripts
RSA Oracle can you abuse the Oracle an
attacker was able to intercept
Communications between a bank and a
fintech company they managed to get the
message and the password that was used
to encrypt the message after some
intensive reconnaissance they found out
the bank has an oracle that was used to
encrypt the password and can be found
here all right so that's a netcat thing
uh decrypt the password and use it to
decrypt the message the article can
decrypt anything except the password so
they call this a chosen plain text
attack uh here's the op SS cell command
that we will use to get uh the message
after we've gotten the
password we want to send a custom
message to the server using that RSA
algorithm and one of the minimal
requirements for useful crypto system is
chosen PL Tex security so uh yeah if you
actually do a real implementation of RSA
you need to include some random bits and
padding for lots of reasons as opposed
to just directly encrypting the message
that you have
okay so what we have here is we
have downloaded the message which is
secret so we have some sort of as
encrypted
blob and we have the password which is a
big decimal
number so we'll netcat to Titan
Pico cf. net5
6192 so we can encrypt
things so it it converts the clear text
to Hax and then it raises that to the E
power we can decrypt
things so if we decrypt for example
this we get back the text that we typed
in
um I guess what we could try to do which
they tell us we won't be able to do is
do this
password good try we can't decrypt that
for you now what we will be able to do
is we'll be able to exploit the
properties of RSA so what we know is
that when we encrypt something we're
taking a message we're raising it to the
E power mod n
so what we will also do is we will take
two and we will raise it to the E power
mod
n and then if we multiply that by m to
the E mod
n we will have basically
2m to the EOD n we will ask the program
to decrypt that for us because it will
because it's not actually the
message and then we'll divide it by two
so we're going to compute this value to
the EOD n we already know this it's the
secret we'll decrypt this and divide by
two so I have a Python
program that will take care of this this
again uses pone tools we're connecting
to Titan Pico
cf. we're waiting till we get that first
message and we're saying we want to
encrypt we're going to encrypt the
message to so we send the asky character
2 with a new line we receive that line
when we decode that number that is 2 to
the E and we multiply it by the
contents of secret so that's the M
raised to the E power so now we have 2 m
raised to the E power we are going to
decode
that so I send this
num ask it to be decrypted it's going to
give us
back a heximal string so we convert that
heximal string to a number we divide it
by two and then we convert that to
asky so when we convert that to asky we
are going to get the string da
a099 and that was the the hex string we
got back before for we divided it by two
and then converted it uh from hex to asy
so now what they're telling
us is to use this open
SSL so we can say open SSL
encrypt as
256 CBC cyer blockchaining we're
actually say- D which means
decrypt uh we'll take
secret. and our key is da99
and here is our
flag and now we have some more points
5.0 / 5 (0 votes)