rsactftool.py

Recover a private key from a public key file

$ RsaCtfTool.py --publickey [path/to/key.pub] --private

$ RsaCtfTool.py --publickey [path/to/key.pub] --decryptfile [path/to/ciphered_file]

$ RsaCtfTool.py --publickey [path/to/key.pub] --decrypt "[ciphertext]"

$ RsaCtfTool.py --dumpkey --key [path/to/key.pub]

$ RsaCtfTool.py --publickey [path/to/key.pub] --private --attack fermat

$ RsaCtfTool.py --createpub -n [modulus] -e [exponent]

$ RsaCtfTool.py --publickey [path/to/key.pub] --private --attack all

python rsactftool.py [-h] [-v] [-n N] [-e E] [-c C] [-p P] [-q Q] [-i FILE] [-o FILE] [--private] [--decrypt] [--attack ATTACK_TYPE]

-h, --help
    Show the help message and exit.

-v, --verbose
    Increase verbosity, showing more information during the attack process.

-n N, --modulus N
    Specify the RSA modulus N (as an integer).

-e E, --public-exponent E
    Specify the public exponent E (as an integer).

-c C, --ciphertext C
    Specify the ciphertext C (as an integer) to be decrypted.

-p P
    Specify one of the prime factors P of the modulus N (if known).

-q Q
    Specify one of the prime factors Q of the modulus N (if known).

-i FILE, --input-file FILE
    Read RSA parameters (N, e, c, p, q) from an input file (e.g., PEM key, text file).

-o FILE, --output-file FILE
    Write the results (e.g., private key, decrypted message) to an output file.

--private
    Attempt to recover and output the private key parameters (d, p, q) if successful.

--decrypt
    Attempt to decrypt the provided ciphertext using the recovered private key.

--attack ATTACK_TYPE
    Specify a particular attack method to attempt (e.g., 'fermat', 'wiener', 'boneh_durfee'). By default, it tries common attacks.

The rsactftool.py is a specialized Python script designed to assist in Capture The Flag (CTF) competitions by attacking weak or improperly implemented RSA cryptographic schemes. It automates various known RSA vulnerabilities and attack methods, allowing security enthusiasts and competitors to recover private keys or decrypt ciphertexts when specific conditions are met.

Common attacks it can perform include Wiener's attack (for small private exponents), Fermat's factorization (for prime factors that are close to each other), common factor attacks, and other methods leveraging properties of RSA parameters (N, e, p, q) that might be exposed or vulnerable. It's an invaluable tool for quickly analyzing RSA challenges in a CTF environment, helping to identify and exploit cryptographic flaws.

This tool is intended for educational and CTF purposes only. It is not designed for attacking strong, properly implemented RSA cryptography and should never be used in a production environment for real-world security assessments. Its effectiveness relies on specific weaknesses or misconfigurations in the RSA parameters. Performance can vary significantly depending on the size of the modulus and the complexity of the attack being performed. Requires Python 3 and its dependencies.

rsactftool.py emerged from the Capture The Flag (CTF) community as a response to recurring RSA-based challenges. It is an open-source project, primarily developed and maintained on GitHub, with contributions from various security researchers and CTF players. Its development focuses on consolidating and automating known mathematical and cryptographic attacks against RSA, making it a go-to utility for participants in cybersecurity competitions since its inception.

openssl(1), john(8), hashcat(1), factordb.com (online resource)