From aldeid
Jump to navigation Jump to search
This page is still a draft. Thank you for your understanding.


RSA tool for ctf - uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key

Attacks :

  • Prime N detection
  • Weak public key factorization
  • Wiener's attack
  • Hastad's attack (Small public exponent attack)
  • Small q (q < 100,000)
  • Common factor between ciphertext and modulus attack
  • Fermat's factorisation for close p and q
  • Gimmicky Primes method
  • Past CTF Primes method
  • Self-Initializing Quadratic Sieve (SIQS) using Yafu
  • Common factor attacks across multiple keys
  • Small fractions method when p/q is close to a small fraction
  • Boneh Durfee Method when the private exponent d is too small compared to the modulus (i.e d < n^0.292)
  • Elliptic Curve Method
  • Pollards p-1 for relatively smooth numbers
  • Mersenne primes factorization
  • Londahl's factorisation for close p and q
  • Qi Cheng's unsafe primes factorization


Notice that we will install the python dependencies in a virtual environment (recommended).
$ git clone
$ cd RsaCtfTool
$ sudo apt install python3-venv libgmp3-dev libmpc-dev
$ python3 -m venv .
$ . bin/activate
$ pip3 install -r "requirements.txt"
$ ./



$ . bin/activate
$ [-h] [--publickey PUBLICKEY] [--createpub] [--dumpkey] [--ext]
                   [--uncipherfile UNCIPHERFILE] [--uncipher UNCIPHER]
                   [--verbose] [--private] [--ecmdigits ECMDIGITS] [-n N]
                   [-p P] [-q Q] [-e E] [--key KEY]
                   [--attack {hastads,factordb,pastctfprimes,mersenne_primes,noveltyprimes,smallq,wiener,comfact_cn,primefac,fermat,siqs,Pollard_p_1,londahl,prime_n,all}]


-h, --help
show this help message and exit
--publickey PUBLICKEY
public key file. You can use wildcards for multiple keys.
Take n and e from cli and just print a public key then exit
Just dump the RSA variables from a key - n,e,d,p,q
Extended dump of RSA private variables in --dumpkey mode - dp,dq,pinv,qinv).
--uncipherfile UNCIPHERFILE
uncipher a file
--uncipher UNCIPHER
uncipher a cipher
verbose mode (display n, e, p and q)
Display private key if recovered
--ecmdigits ECMDIGITS
Optionally an estimate as to how long one of the primes is for ECM method
-n N
Specify the modulus. format : int or 0xhex
-p P
Specify the first prime number. format : int or 0xhex
-q Q
Specify the second prime number. format : int or 0xhex
-e E
Specify the public exponent. format : int or 0xhex
--key KEY
Specify the input key file in --dumpkey mode.
--attack {hastads,prime_n,factordb,pastctfprimes,mersenne_primes,noveltyprimes,smallq,wiener,comfact_cn,primefac,fermat,siqs,Pollard_p_1,londahl,all}
Specify the attack mode.


Mode 1 - Attack RSA (specify --publickey)
  • publickey : public rsa key to crack. You can import multiple public keys with wildcards.
  • uncipher : cipher message to decrypt
  • private : display private rsa key if recovered
Mode 2 - Create a Public Key File Given n and e (specify --createpub)
  • n - modulus
  • e - public exponent
Mode 3 - Dump the public and/or private numbers (optionally including CRT parameters in extended mode) from a PEM/DER format public or private key (specify --dumpkey)
  • key - the public or private key in PEM or DER format


This section/article is being written and is therefore not complete.
Thank you for your comprehension.