Home

Awesome

<div id="top"></div> <div align="center">

RsaCtfTool

</div> <div align=center>

Test lint_python CodeQL GitHub issues

</div> <div align=center>

GitHub forks GitHub stars GitHub license GitHub contributors

</div>

This tool is an utility designed to decrypt data from weak public keys and attempt to recover the corresponding private key. Also this tool offers a comprehensive range of attack options, enabling users to apply various strategies to crack the encryption. The RSA security, at its core, relies on the complexity of the integer factorization problem. This project serves as a valuable resource by combining multiple integer factorization algorithms, effectively enhancing the overall decryption capabilities. Please note that this tool is primarily intended for educational purposes. It is essential to manage your expectations, as not every key can be broken within a reasonable timeframe. The complexity of the encryption algorithm may present significant challenges. It is essential to highlight that the tool, exclusively supports the RSA textbook semiprime composite modulus rather than composite multiprimes. This constraint is embedded upstream in the pycrypto library (see TODO). While this limitation exists, the tool still offers a powerful set of features for attacking RSA keys with semiprime composite modulus.

For an advanced integer factorization tool please use msieve, yafu, or cado-nfs.

This tool is meant for educational purposes. For those participating in CTFs, please do the following first:

We hope this tool enhances your understanding of RSA encryption and serves as a valuable resource for exploring the intricacies of integer factorization. Use it responsibly and within the bounds of applicable laws and regulations.

Attacks provided:

Usage

usage: RsaCtfTool.py [-h] [--publickey PUBLICKEY] [--output OUTPUT] [--timeout TIMEOUT] [--createpub] [--dumpkey] [--ext] [--decryptfile DECRYPTFILE] [--decrypt DECRYPT]
                     [--verbosity {CRITICAL,ERROR,WARNING,DEBUG,INFO}] [--private] [--tests] [--ecmdigits ECMDIGITS] [-n N] [-p P] [-q Q] [-e E] [--key KEY]
                     [--password PASSWORD] [--show-factors SHOW_FACTORS]
                     [--attack {SQUFOF,XYXZ,binary_polinomial_factoring,brent,comfact_cn,cube_root,ecm,ecm2,factordb,fermat_numbers_gcd,fibonacci_gcd,highandlowbitsequal,mersenne_pm1_gcd,mersenne_primes,neca,nonRSA,noveltyprimes,pastctfprimes,pisano_period,pollard_p_1,primorial_pm1_gcd,qicheng,roca,siqs,small_crt_exp,smallfraction,smallq,system_primes_gcd,wolframalpha,wiener,boneh_durfee,euler,pollard_rho,williams_pp1,partial_q,partial_d,londahl,z3_solver,dixon,lehmer,fermat,hart,common_factors,common_modulus,same_n_huge_e,hastads,lattice,lehman,carmichael,qs,classical_shor,all} [{SQUFOF,XYXZ,binary_polinomial_factoring,brent,comfact_cn,cube_root,ecm,ecm2,factordb,fermat_numbers_gcd,fibonacci_gcd,highandlowbitsequal,mersenne_pm1_gcd,mersenne_primes,neca,nonRSA,noveltyprimes,pastctfprimes,pisano_period,pollard_p_1,primorial_pm1_gcd,qicheng,roca,siqs,small_crt_exp,smallfraction,smallq,system_primes_gcd,wolframalpha,wiener,boneh_durfee,euler,pollard_rho,williams_pp1,partial_q,partial_d,londahl,z3_solver,dixon,lehmer,fermat,hart,common_factors,common_modulus,same_n_huge_e,hastads,lattice,lehman,carmichael,qs,classical_shor,factorial_pm1_gcd,lucas_gcd,all} ...]]
                     [--sendtofdb] [--isconspicuous] [--isroca] [--convert_idrsa_pub] [--check_publickey] [--partial]

Mode 1 : Attack RSA (specify --publickey or n and e)

Mode 2 : Create a Public Key File Given n and e (specify --createpub)

Mode 3 : Dump the public and/or private numbers (optionally including CRT parameters in extended mode) from a PEM/DER format public or private key (specify --dumpkey)

Decrypt file

./RsaCtfTool.py --publickey ./key.pub --decryptfile ./ciphered\_file

Print private key

./RsaCtfTool.py --publickey ./key.pub --private

Attempt to break multiple public keys with common factor attacks or individually- use quotes around wildcards to stop bash expansion

./RsaCtfTool.py --publickey "*.pub" --private

Optionally send the results back to factordb

./RsaCtfTool.py --publickey "*.pub" --private --sendtofdb

Generate a public key

./RsaCtfTool.py --createpub -n 7828374823761928712873129873981723...12837182 -e 65537

Dump the parameters from a key

./RsaCtfTool.py --dumpkey --key ./key.pub

Check a given private key for conspicuousness

./RsaCtfTool.py --key examples/conspicuous.priv --isconspicuous

Factor with ECM when you know the approximate length in digits of a prime

./RsaCtfTool.py --publickey key.pub --ecmdigits 25 --verbose --private

For more examples, look at the test.sh file

Attack private keys with partial bits of Q known

./RsaCtfTool.py --attack partial_q --key examples/masked.pem

Attack private keys with partial bits of D known

./RsaCtfTool.py --attack partial_d --key examples/partial_d.pem

Convert idrsa.pub to pem format

./RsaCtfTool.py --convert_idrsa_pub --publickey $HOME/.ssh/id_rsa.pub

Check if a given key or keys are roca

./RsaCtfTool.py --isroca --publickey "examples/*.pub"

Docker run

docker build -t rsactftool/rsactftool .
docker run -it --rm -v $PWD:/data rsactftool/rsactftool <arguments>

Virtual environment run

Setup the venv

virtualenv venv
source venv/bin/activate
pip3 install -r requirements.txt

Run

source venv/bin/activate
./RsaCtfTool.py <arguments>

Requirements

Ubuntu 18.04 and Kali specific Instructions

git clone https://github.com/RsaCtfTool/RsaCtfTool.git
sudo apt-get install libgmp3-dev libmpc-dev
cd RsaCtfTool
pip3 install -r "requirements.txt"
./RsaCtfTool.py

Fedora (33 and above) specific Instructions

git clone https://github.com/RsaCtfTool/RsaCtfTool.git
sudo dnf install gcc python3-devel python3-pip python3-wheel gmp-devel mpfr-devel libmpc-devel
cd RsaCtfTool
pip3 install -r "requirements.txt"
./RsaCtfTool.py

If you also want the optional SageMath , you need to do

sudo dnf install sagemath
pip3 install -r "optional-requirements.txt"

MacOS-specific Instructions

If pip3 install -r "requirements.txt" fails to install requirements accessible within the environment, the following command may work.

easy_install `cat requirements.txt`

If you installed gmpy2 with homebrew(brew install gmp), you might have to point clang towards the header files with this command: CFLAGS=-I/opt/homebrew/include LDFLAGS=-L/opt/homebrew/lib pip3 install -r requirements.txt

Optional to factor roca keys upto 512 bits, Install neca:

You can follow the instructions at : https://www.mersenneforum.org/showthread.php?t=23087

TODO (aka. Help wanted !)

Contributing

Thanks to all our Contributors

<a href="https://github.com/RsaCtfTool/RsaCtfTool/graphs/contributors"> <img src="https://contrib.rocks/image?repo=RsaCtfTool/RsaCtfTool" /> </a> <p align="right"><a href="#top">🔼 Back to top</a></p>