# Rocket Ship Academy

## Description

Oracle: a person or thing regarded as an infallible authority on something.

Do we have one of those here?

`nc 20.198.209.142 55002`

*The flag is in the flag format: STC{...}*

**Author: zeyu2001**

## Solution

We are given an RSA decryption oracle. We can supply any ciphertext to be decrypted, except the original, given ciphertext.

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-ddb6e9ec4e468556e6e1974920828466693613bd%2FScreenshot%202021-07-24%20at%206.00.10%20PM.png?alt=media)

Textbook RSA is vulnerable to Chosen Ciphertext Attack (CCA), where a user is able to supply an arbitrary ciphertext to be decrypted.

Recall that

$$
ed\equiv1\pmod{(p-1)(q-1)}
$$

Therefore, suppose we supply a ciphertext

$$
c'=r^ec\pmod{n}
$$

then decrypting this gives

$$
m'=r^{ed}c^d\pmod{n}\newline m'=rm\pmod{n}
$$

Let $$r=2$$ . The solve script is as follows:

```python
from Crypto.Util.number import long_to_bytes
from pwn import *
from decimal import *
import re

getcontext().prec = 100000000

pattern = "n = (\d+)\ne = (\d+)\nc = (\d+)"

conn = remote('localhost', '12345')
received = conn.recv().decode()

matches = re.search(pattern, received)
n, e, c = int(matches[1]), int(matches[2]), int(matches[3])

print('n =', n)
print('e =', e)
print('c =', c)
print()

ciphertext = Decimal(c) * ((2 ** Decimal(e)) % Decimal(n)) % Decimal(n)
print('Ciphertext:', ciphertext)

conn.send(str(ciphertext) + '\r\n')

received = conn.recv().decode()
matches = re.search("Decrypted: (\d+)\n", received)

decrypted = int(matches[1])
print()

print(long_to_bytes(Decimal(decrypted) / 2))
```

The flag is `STC{ch0s3n_c1ph3rt3xt_d7b593cd54baba9e2ffa49215d33e4c657cf230a}`.

![](https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2Fgit-blob-5ebfb1222ab09c2d99c786e221ec8b3cf5d59d6d%2FScreenshot%202021-07-24%20at%206.59.38%20PM.png?alt=media)