ctf-cryptolisted

# CTF crypto methodology Tool-first: use `suggest_for_ctf("crypto")` first, then this checklist for depth. ## 1. Identify what you have ```bash file <input> xxd <input> | head -50 strings <input> | head -50 ``` - `.pem`, `.pub` → public key crypto (RSA/ECC) - `BEGIN CERTIFICATE` → x509 — extract pubkey with `openssl x509 -in cert -pubkey -noout` - High entropy ~7.99 bits/byte → encrypted/compressed - Repeating block patterns → ECB - Base64/hex prefix → decode first ## 2. RSA — the decision tree Extract `n, e, c`: ```bash openssl rsa -in pubkey.pem -pubin -text -noout ``` Then route by what `n` and `e` look like: | Symptom | Attack | Tool | | --- | --- | --- | | Small `e` (3, 5), small message | Cube root attack | `RsaCtfTool`, `python3 -c "from gmpy2 import iroot..."` | | `n` factorable on FactorDB | Factor + decrypt | `RsaCtfTool --uncipher c -n n -e e` | | Two ciphertexts, same `n`, coprime `e` | Common modulus | `RsaCtfTool --attack commonmodulus` | | Multiple users, small `e=k`, k pubkeys | Håstad broadcast | `RsaCtfTool --attack hastads` | | Close `p` and `q` | Fermat factorization | `RsaCtfTool --attack fermat` | | Wiener-applicable (`d` small) | Wiener's | `RsaCtfTool --attack wiener` | | Partial `p` known | Coppersmith | sage / `RsaCtfTool --attack boneh_durfee` | | Same `m`, two keys | Common plaintext | manual gcd | Default first move: throw `n` at FactorDB (`run_tool("curl", "http://factordb.com/api?query=<n>")`) and at `RsaCtfTool` with all attacks enabl