rsactftool.py

Recover RSA private keys from partial information

TLDR

Recover a private key from a public key file

$ RsaCtfTool.py --publickey [path/to/key.pub] --private

Decrypt a file using a public key

$ RsaCtfTool.py --publickey [path/to/key.pub] --decryptfile [path/to/ciphered_file]

Decrypt a specific ciphertext string

$ RsaCtfTool.py --publickey [path/to/key.pub] --decrypt "[ciphertext]"

Dump RSA key components (e.g., modulus, exponent) from a key file

$ RsaCtfTool.py --dumpkey --key [path/to/key.pub]

Run a specific attack (e.g., Fermat factorization) to recover the private key

$ RsaCtfTool.py --publickey [path/to/key.pub] --private --attack fermat

Generate a public key from modulus (n) and exponent (e)

$ RsaCtfTool.py --createpub -n [modulus] -e [exponent]

Attempt all available attacks to recover the private key

$ RsaCtfTool.py --publickey [path/to/key.pub] --private --attack all

--publickey
    Load a public key from a PEM file.

--privatekey
    Load a private key from a PEM file.

--key
    Load a key (public or private) from a file.

--n
    Provide the modulus n.

--e
    Provide the public exponent e.

--d
    Provide the private exponent d.

--p
    Provide the first prime factor p.

--q
    Provide the second prime factor q.

--phi
    Provide Euler's totient function phi(n).

--uncipher
    File containing the ciphertext to decipher (requires a private key or factorization).

--verbose
    Enable verbose output.

--wiener
    Attempt Wiener's attack to recover the private key.

--attack
    Specify the attack type to use (e.g., "factordb", "pastr" ).

--createpub
    Create public key from n and e, save in file

DESCRIPTION

rsactftool.py is a command-line tool designed to recover private keys from improperly configured RSA encryption schemes. It is primarily used in Capture The Flag (CTF) competitions and security assessments to exploit common RSA vulnerabilities.
The tool can perform various attacks, including factorizing the modulus n when given related parameters, using known plaintext to recover the key, or exploiting Wiener's attack on small d values.
It supports different input formats such as PEM, and provides functionalities to analyze key parameters. It streamlines the process of finding weaknesses in RSA implementations by automating complex mathematical operations. It's important to note that using rsactftool.py against systems without explicit permission is illegal and unethical.

CAVEATS

The success of rsactftool.py depends on the specific vulnerabilities present in the RSA implementation. It is not a universal RSA cracker.
It's efficacy is reduced in systems with proper cryptographic implementations. Also the tool often requires precise input parameters to function correctly.

ATTACK METHODS

rsactftool.py employs various attack techniques. Common ones include factoring the modulus using online databases or mathematical algorithms, exploiting Wiener's attack when the private exponent is small, and using known plaintext attacks. The specific attacks available may vary depending on the version of the tool.

EXAMPLE USAGE

1. Factorize using known primes:
python rsactftool.py --n --p --q --uncipher ciphertext.txt

2. Wiener's Attack:
python rsactftool.py --publickey public.pem --wiener --uncipher ciphertext.txt

3. FactorDB Attack:
python rsactftool.py --n --attack factordb --uncipher ciphertext.txt