[TWCTF 2019] real-baby-rsa

Really baby problem XD

 

problem.py

flag = 'TWCTF{CENSORED}'

# Public Parameters
N = 36239973541558932215768154398027510542999295460598793991863043974317503405132258743580804101986195705838099875086956063357178601077684772324064096356684008573295186622116931603804539480260180369510754948354952843990891989516977978839158915835381010468654190434058825525303974958222956513586121683284362090515808508044283236502801777575604829177236616682941566165356433922623572630453807517714014758581695760621278985339321003215237271785789328502527807304614754314937458797885837846005142762002103727753034387997014140695908371141458803486809615038309524628617159265412467046813293232560959236865127539835290549091
e = 65537

# Encrypt the flag!
for char in flag:
    print(pow(ord(char), e, N))

This RSA implementation encrypts every character. Since ord(char) has only 256 candidates, you can recover the plaintext by generates cipher table of $[0^e, 1^e, 2^e, 3^e, …, 255^e]$

 

table = [0]*256
N = 36239973541558932215768154398027510542999295460598793991863043974317503405132258743580804101986195705838099875086956063357178601077684772324064096356684008573295186622116931603804539480260180369510754948354952843990891989516977978839158915835381010468654190434058825525303974958222956513586121683284362090515808508044283236502801777575604829177236616682941566165356433922623572630453807517714014758581695760621278985339321003215237271785789328502527807304614754314937458797885837846005142762002103727753034387997014140695908371141458803486809615038309524628617159265412467046813293232560959236865127539835290549091
e = 65537
for i in range(256):
  table[i] = pow(i,e,N)

flag = ''
f = open('output')

lines = f.readlines()

for line in lines:
  xx = int(line.strip())
  for i in range(256):
    if xx == table[i]: flag += chr(i)

print(flag)