Maojui

Volga 2019 - blind (Crypto, 200)

2019-05-14

Challenge

File : server.py

This is a challenge related to digital signature.

we can :

  1. sign some command
  2. call ls or cat after authentication

cat is black-listed command that forbid us to sign. However the way it check the black list is Base64Decode(input) == 'cat', and it is easy to bypass.

Solution

  1. First use ls command and we can see that flag is stored in flag.

Then we can simply convert cat flag into integer and factor it into a * b.

Since RSA is malleable, sign(a * b) == (sign(a) * sign(b)) % n, we can then get flag.

solve.py

Tags: RSA
Volga 2019 - shifter (Crypto, 150) SecurityFest 2019 - Cactus (Crypto, 1065)