RSA is easy 2 [crypto]
HackTM 2020

RSA is easy 2

Provide the flag in this format: HackTM{words_you_found}.

Recon

Since we don't get p,q or n we simply gotta do freq analysis on the chars. First I map them to single-length symbols so it's somewhat doable and then comes the good ole freq analysis. ...

Code

import random
#from my_math import next_prime

#from flag import flag

def egcd(a, b):
    x, y, u, v = 0, 1, 1, 0
    while a != 0:
        q, r = b//a, b % a
        m, n = x-u*q, y-v*q
        b, a, x, y, u, v = a, r, u, v, m, n
        gcd = b
    return gcd, x, y

def gen_keys(p, q):
    e = 65537
    n = p * q
    phi = (p - 1) * (q - 1)
    gcd, d, b = egcd(e, phi)
    # Keys:((pub),  (priv))
    return ((e, n), (d, n))


def enc(key, p):
    e, n = key
    cipher = [pow(ord(char), e, n) for char in p]
    return cipher

def dec(pk, c):
    key, n = pk
    plain = [chr(pow(char, key, n)) for char in c]
    return ''.join(plain)


#p = next_prime(random.SystemRandom().getrandbits(512))
#q = next_prime(random.SystemRandom().getrandbits(512))

#flag_key=gen_keys(p, q)

#print("Public key:")
#print(flag_key[0])

#flag_c=(enc(flag_key[0], flag))

#print("Encrypted flag:")
#print(flag_c)
enc_msg = -1 #PASTE LIST FROM 'c' FILE HERE
print("enc msg length")
print(len(enc_msg))

def unique(it):
    s = set()
    for el in it:
        if el not in s:
            s.add(el)
            yield el

print("Unique entries: {}".format(len(list(unique(enc_msg)))))

mapping = {}
cur = "A"
for x in enc_msg:
    if x not in mapping:
        mapping[x] = cur
        cur = chr(ord(cur)+1)

mapped = []
for x in enc_msg:
    mapped.append(mapping[x])
print(''.join(mapped))

freqs = {}
for x in mapped:
    if x not in freqs:
        freqs[x] = 0
    freqs[x] += 1

freqs_sorted = {k: v for k, v in sorted(freqs.items(), key=lambda item: item[1])}
print(freqs_sorted)
dec = ''.join(mapped)
dec = dec.replace("E"," ")
dec = dec.replace("C","e")
dec = dec.replace("M","t")
dec = dec.replace("F","i")
dec = dec.replace("G","a")
dec = dec.replace("D","n")
dec = dec.replace("B","h")
dec = dec.replace("A","w")
dec = dec.replace("H","s")
dec = dec.replace("S","d")
dec = dec.replace("L","g")
dec = dec.replace("W","m")
dec = dec.replace("J","o")
dec = dec.replace("N","r")
dec = dec.replace("]","k")
dec = dec.replace("I","c")
dec = dec.replace("K","l")
dec = dec.replace("U","b")
dec = dec.replace("Y","u")
dec = dec.replace("T","v")
dec = dec.replace("O","y")
dec = dec.replace("V","p")
dec = dec.replace("Z","x")
dec = dec.replace("X",".")
dec = dec.replace("[","f")
dec = dec.replace("\\","q")
dec = dec.replace("R",",")
dec = dec.replace("^","'")
dec = dec.replace("_","z")
print(dec)

Output:

enc msg length
1111
Unique entries: 31
ABCDEFEAGHEFDEIJKKCLCEFDEMBCECGNKOEPQHREFESCTFHCSEABGMEFEUCKFCTCSEAGHEGEUNFKKFGDMECDINOVMFJDEHIBCWCXEGEHFWVKCEVHCYSJNGDSJWEDYWUCNEHMNCGWEAGHEGSSCSEMJEMBCEVKGFDMCZMEHMNCGWEMJEINCGMCEIFVBCNMCZMXEMBFHEAJYKSEHCCWFDLKOEMBAGNMEGDOE[NC\YCDIOEGDGKOHFHEJ[EMBCEIFVBCNMCZMREGDSEAJYKSEUCEYDINGI]GUKCECTCDEMJEMBCEWJHMENCHJYNIC[YKELJTCNDWCDMEFDMCKKFLCDICEGLCDIFCHXEFE[CKMEHJEHWYLEGUJYMEWOEGIBFCTCWCDMXEOCGNHEKGMCNREFESFHIJTCNCSEMBFHEHGWCEHIBCWCEFDEHCTCNGKEFDMNJSYIMJNOEINOVMJLNGVBOEMCZMHEGDSEMYMJNFGKEVGVCNHXEBJAEDFICXEJMBCNEINOVMJLNGVBCNHEBGSEMBJYLBMEJ[EMBCEHGWCEHIBCWCXEYD[JNMYDGMCKOREMBCEHIBCWCEAGHEVNCHCDMCSEGHEGEHFWVKCEBJWCAJN]EGHHFLDWCDMEJDEBJAEMJEYHCECKCWCDMGNOEINOVMGDGKOMFIEMCIBDF\YCHEMJEMNFTFGKKOEINGI]EFMXEHJEWYIBE[JNEWOEUNFKKFGDMEHIBCWCXE[NJWEMBFHEBYWUKFDLECZVCNFCDICEFEKCGNDCSEBJAECGHOEFMEFHEMJE[GKKEFDMJEGE[GKHCEHCDHCEJ[EHCIYNFMOEABCDESCTFHFDLEGDECDINOVMFJDEGKLJNFMBWXEWJHMEVCJVKCESJD^MENCGKF_CEBJAE[FCDSFHBKOESF[[FIYKMEFMEFHEMJESCTFHCEGDECDINOVMFJDEGKLJNFMBWEMBGMEIGDEAFMBHMGDSEGEVNJKJDLCSEGDSESCMCNWFDCSEGMMGI]EUOEGENCHJYNIC[YKEJVVJDCDMXEBCNCEFHEMBCE[KGLXEABCDEFMEIJWCHEMJEINOVMJEJNEIGNVCMEDCTCNENJKKEOJYNEJAD
{'P': 1, 'Q': 1, '^': 1, '_': 1, '\\': 2, 'R': 4, ']': 4, 'Z': 5, 'U': 9, 'T': 11, 'X': 12, 'L': 16, '[': 16, 'A': 18, 'Y': 24, 'V': 25, 'O': 26, 'S': 28, 'W': 31, 'I': 39, 'B': 43, 'K': 44, 'H': 57, 'N': 59, 'J': 60, 'D': 61, 'F': 64, 'G': 66, 'M': 83, 'C': 123, 'E': 177}
when i was in college in the early PQs, i devised what i believed was a brilliant encryption scheme. a simple pseudorandom number stream was added to the plaintext stream to create ciphertext. this would seemingly thwart any frequency analysis of the ciphertext, and would be uncrackable even to the most resourceful government intelligence agencies. i felt so smug about my achievement. years later, i discovered this same scheme in several introductory cryptography texts and tutorial papers. how nice. other cryptographers had thought of the same scheme. unfortunately, the scheme was presented as a simple homework assignment on how to use elementary cryptanalytic techniques to trivially crack it. so much for my brilliant scheme. from this humbling experience i learned how easy it is to fall into a false sense of security when devising an encryption algorithm. most people don't realize how fiendishly difficult it is to devise an encryption algorithm that can withstand a prolonged and determined attack by a resourceful opponent. here is the flag. when it comes to crypto or carpet never roll your own