Skip to content

Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH in PEM and DER formats.

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

skyf0l/RsaCracker

Repository files navigation

RSA Cracker

Build Crate.io Docker Image Version codecov

Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH in PEM and DER formats.

RsaCracker provides a simple interface to crack RSA keys and ciphers. With a collection of thousands of attacks, no key can survive against RsaCracker!

Installation

From crates.io:

cargo install rsacracker

Note: To build on windows, you need to use MSYS2. This is required because of the rug dependency. See building-on-windows for more information.

Usage

Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH in PEM and DER formats.

Usage: rsacracker [OPTIONS]

Options:
  -r, --raw <RAW>                  Retrieve values from raw file
  -c, --cipher <CIPHER>            Cipher: the message to uncipher
  -f, --cipherfile <CIPHERFILE>    Cipher file: the file to uncipher
  -o, --outfile <OUTFILE>          Write unciphered data to a file. If many unciphered data are found, they will be written to files suffixed with _1, _2, ...
  -n <N>                           Modulus
  -e <E>                           Public exponent. Default: 65537 [default: 65537]
  -p <P>                           Prime number p
  -q <Q>                           Prime number q
  -d <D>                           Private exponent
      --phi <PHI>                  Phi or Euler's totient function of n. (p-1)(q-1)
      --dp <DP>                    dP or dmp1 CRT exponent. (d mod p-1)
      --dq <DQ>                    dQ or dmq1 CRT exponent. (d mod q-1)
      --qinv <QINV>                qInv or iqmp CRT coefficient. (q^-1 mod p)
      --pinv <PINV>                pInv or ipmq CRT coefficient. (p^-1 mod q)
      --sum-pq <SUM_PQ>            The sum of the two primes p and q
      --dlog                       Discrete logarithm attack. When c and e are swapped in the RSA encryption formula. (e^c mod n)
  -k, --key <KEY>                  Public or private key file. (RSA, X509, OPENSSH in PEM and DER formats.)
      --password <PASSWORD>        Private key password/passphrase if encrypted
      --public                     Print the public key in PEM format
      --private                    Print the private key in PEM format
      --addpassword <ADDPASSWORD>  Add a password/passphrase to the private key
      --showinputs                 Print all the input parameters
      --dump                       Print the private RSA key variables n, e, p, q and d
      --dumpext                    Print the extended RSA key variables n, e, p, q, d, dP, dQ, pInv and qInv
      --factors                    Print all factors of n
  -t, --threads <THREADS>          Number of threads to use. Default: number of CPUs [default: 12]
  -a, --attack <ATTACK>            Specify attacks to run. Default: all. (e.g. --attacks ecm,wiener,sparse)
      --exclude <EXCLUDE>          Specify attacks to exclude. Default: none. (e.g. --exclude ecm,wiener,sparse)
      --list                       List all available attacks
  -h, --help                       Print help
  -V, --version                    Print version

You can also use a dump as input:

$ rsacracker [OPTIONS] < challenge.txt
[RESULTS]
$ cat challenge.txt | rsacracker [OPTIONS]
[RESULTS]
$ cat challenge.txt
c: 7839407718[...]0577093673
n = 9359619564[...]3745124619
e= 1595235523[...]6275096193

Examples

Uncipher a message from a public key and write it to a file

rsacracker --key public.pem -c 0xdeadbeef -o result.txt

Uncipher a message from n and e

rsacracker -c 0xdeadbeef -n 123...789 -e 65537

Uncipher a message from n, e and other known values

rsacracker -c 0xdeadbeef -n 123...789 -e 65537 --phi 123 --dp 123 --dq 123 --qinv 123 --pinv 123

Uncipher a file from a public key

rsacracker --key public.pem -f secret.txt.enc

Run a specific attack with arguments

rsacracker --attack known_phi -n 123...789 -e 65537 --phi 0xdeadbeef

Generate a private key from a public key

rsacracker --key public.pem --private

Generate a public key from e and n

rsacracker -e 65537 -n 0xdeadbeef --public

Dump private key secrets

rsacracker --key private.pem --dump
$ rsacracker --key private.pem --dumpext

Remove password from a private key

rsacracker --key private.pem --password R54Cr4ck3R --private

Add password to a private key

rsacracker --key private.pem --addpassword R54Cr4ck3R --private

Show all factors of n

rsacracker -n 123...789 --factors

Run discrete logarithm attack: when c and e are swapped in the RSA encryption formula (e^c mod n)

rsacracker --key public.pem -c 0xdeadbeef --dlog

Docker

From dockerhub:

docker pull skyf0l/rsacracker
docker run -it --rm -v $PWD:/data skyf0l/rsacracker [args]

Or build it yourself:

DOCKER_BUILDKIT=1 docker build . --file Dockerfile -t rsacracker
docker run -it --rm -v $PWD:/data rsacracker [args]

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.