Volga 2019 - blind (Crypto, 200)



File :

This is a challenge related to digital signature.

we can :

  1. sign some command
  2. call ls or cat after authentication

cat is black-listed command that forbid us to sign. However the way it check the black list is Base64Decode(input) == 'cat', and it is easy to bypass.


  1. First use ls command and we can see that flag is stored in flag.

Then we can simply convert cat flag into integer and factor it into a * b.

Since RSA is malleable, sign(a * b) == (sign(a) * sign(b)) % n, we can then get flag.

Tags: RSA