{"id":98,"date":"2020-05-05T10:00:00","date_gmt":"2020-05-05T08:00:00","guid":{"rendered":"https:\/\/blog.caturday-lovers.fr.nf\/?p=98"},"modified":"2020-05-04T20:15:43","modified_gmt":"2020-05-04T18:15:43","slug":"les-chatons-ont-la-reponse-fcsc-2020-smic1","status":"publish","type":"post","link":"https:\/\/blog.caturday-lovers.fr.nf\/?p=98","title":{"rendered":"Les chatons ont la r\u00e9ponse &#8211; FCSC 2020 \/\/ SMIC1"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"499\" height=\"835\" src=\"https:\/\/blog.caturday-lovers.fr.nf\/wp-content\/uploads\/2020\/05\/2020-05-04_17h26_15.png\" alt=\"\" class=\"wp-image-99\" srcset=\"https:\/\/blog.caturday-lovers.fr.nf\/wp-content\/uploads\/2020\/05\/2020-05-04_17h26_15.png 499w, https:\/\/blog.caturday-lovers.fr.nf\/wp-content\/uploads\/2020\/05\/2020-05-04_17h26_15-179x300.png 179w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><figcaption><em>c&rsquo;est le SMIC&nbsp;ou le RSA&nbsp;???<\/em><\/figcaption><\/figure><\/div>\n\n\n\n<!--more-->\n\n\n\n<p>Pour commencer, on va quand m\u00eame saluer le petit calembour entre le SMIC et le RSA, c&rsquo;est le premier jeu de mots que vous verrez sur l&rsquo;ensemble du challenge. Nous pouvons saluer l&rsquo;imagination du cr\u00e9ateur.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Th\u00e9orie<\/h2>\n\n\n\n<p>Parfait pour se mettre en jambe, le RSA est un grand classique des CTF de part sa facilit\u00e9 de compr\u00e9hension et sa complexit\u00e9 technique.  Tout repose sur des propri\u00e9t\u00e9s math\u00e9matique \u00e0 la fois simples et complexes, cet oxymore d\u00e9finie \u00e0 lui seul pourquoi cet algorithme de chiffrement est toujours dans l&rsquo;air du temps. Tout se joue sur la factorisation du modulus n, car s&rsquo;il n&rsquo;est pas assez grand, l&rsquo;ensemble s&rsquo;effondre.<br>Pour plus d&rsquo;informations, je vous conseil la lecture de cet article <a rel=\"noreferrer noopener\" href=\"https:\/\/fr.wikipedia.org\/wiki\/Chiffrement_RSA\" target=\"_blank\">Wikipedia <\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">C&rsquo;est parti !<\/h2>\n\n\n\n<p>Lisons ce qui nous est demand\u00e9, nous devons produire le message chiffr\u00e9 \u00ab\u00a0c\u00a0\u00bb qui correspond aux informations donn\u00e9es, d&rsquo;ailleurs, quelles sont ces informations ?<br>nous avons en notre possession:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>le \u00ab\u00a0message\u00a0\u00bb \u00e0 chiffrer (m):  <em>29092715682136811148741896992216382887663205723233009270907036164616385404410946789697601633832261873953783070225717396137755866976801871184236363551686364362312702985660271388900637527644505521559662128091418418029535347788018938016105431888876506254626085450904980887492319714444847439547681555866496873380<\/em><\/li><li>la clef publique (n): <em>115835143529011985466946897371659768942707075251385995517214050122410566973563965811168663559614636580713282451012293945169200873869218782362296940822448735543079113463384249819134147369806470560382457164633045830912243978622870542174381898756721599280783431283777436949655777218920351233463535926738440504017<\/em><\/li><li>l&rsquo;exposant (e) : <em>65537<\/em> (ou <em>0x10001<\/em> en hexadecimal, je me souviens mieux de cette notation)<\/li><\/ul>\n\n\n\n<p>Si vous avez bien lu la page Wikipedia, vous avez trouv\u00e9 que pour produire le message chiffr\u00e9 (c), il faut faire le calcul suivant:<br>c = m^e.mod(n)<br>Je suis d\u00e9sol\u00e9, je n&rsquo;ai pas trouv\u00e9 comment formater le texte pour produire de belles \u00e9quations math\u00e9matique.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Exploit.py<\/h2>\n\n\n\n<p>Allons y, dans notre \u00e9diteur de texte pr\u00e9f\u00e9r\u00e9 (<a rel=\"noreferrer noopener\" href=\"https:\/\/www.vim.org\/download.php\" target=\"_blank\">gVim<\/a> par exemple si vous \u00eates sous windows, ou encore l&rsquo;excellent <a rel=\"noreferrer noopener\" href=\"https:\/\/code.visualstudio.com\/download\" target=\"_blank\">Visual Studio Code<\/a>) nous allons cr\u00e9er l&rsquo;exploit suivant:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>m = 29092715682136811148741896992216382887663205723233009270907036164616385404410946789697601633832261873953783070225717396137755866976801871184236363551686364362312702985660271388900637527644505521559662128091418418029535347788018938016105431888876506254626085450904980887492319714444847439547681555866496873380\n\nn = 115835143529011985466946897371659768942707075251385995517214050122410566973563965811168663559614636580713282451012293945169200873869218782362296940822448735543079113463384249819134147369806470560382457164633045830912243978622870542174381898756721599280783431283777436949655777218920351233463535926738440504017\n\ne = 0x10001\n\ntry:\n    c = pow(m,e,n)\n    print(\"&#91;*] Flag is : FCSC{%s}\" % c)\nexcept:\n    print(\"&#91;*] Sorry, better luck next time\")\n\n\n\ninput()\n<\/code><\/pre>\n\n\n\n<p>En python, si vous passez trois arguments dans la m\u00e9thode pow(), il va faire exactement ce dont nous avons besoin, pourquoi faire compliqu\u00e9 quand on peut faire simple ?<br>Nous avons ensuite un formatage de sortie de texte FCSC{%s} qui va r\u00e9cup\u00e9rer la sortie contenue dans (c) et l&rsquo;afficher sur notre \u00e9cran.<br>Le code pour moi \u00e9tait le suivant:<\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>FCSC{43038584369552603099759673610132404954603129182365447300530480398332322363741719021427218282885888340427764617212360258625034642827465292074914623418386094167402748099928035759712951543068670333972608099203444196434250100760907677561414593941829935308834430903916897564884969367373487895789351212840634163159}<\/p><cite>la sortie de Exploit.py<\/cite><\/blockquote><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Rien de particulier sur cet exercice, nous restons sur des propri\u00e9t\u00e9s math\u00e9matique de base, mais ayez confiance, le suivant sera plus ardu, mais parole de chaton, il restera r\u00e9alisable !<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":13,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[59,61,71,68,69],"class_list":["post-98","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kitensgotanswer","tag-challenge","tag-fcsc","tag-python","tag-rsa","tag-smic1"],"_links":{"self":[{"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/posts\/98","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=98"}],"version-history":[{"count":6,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/posts\/98\/revisions"}],"predecessor-version":[{"id":112,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/posts\/98\/revisions\/112"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=\/wp\/v2\/media\/13"}],"wp:attachment":[{"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=98"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=98"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.caturday-lovers.fr.nf\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=98"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}