Official Baby Time Capsule Discussion

Official discussion thread for Baby Time Capsule. Please do not post any spoilers or big hints.

1 Like

I can find a way do decode the hash…

1 Like

bro,give me a hint please

Im stuck too ■■■■. I suck at crypto

you can keep asking it for more messages

what’s different about them?

Google a bit about anything you don’t understand. Not sure what RSA is? Read a few things about it. Not sure what some of the terms like “modulus” mean? Google those too. You don’t need to aim to be an expert, start small, just work on getting a general understanding and some familiarity with what is happening. When you feel you understand an aspect of something, explain it to someone who doesn’t yet understand it (Doesn’t have to be a real person, I teach my dogs stuffed hedgehog).

Already have a general idea of what’s going and how things work, but still stuck? Googling things with the word “attack” or “exploit” in it is always good advice, something like “<what’s unique about this challenge> exploit RSA”. None of these challenges are novel concepts, so there is going to be lots of info on the internet about what’s happening and how to exploit it, you just have to search for the right things (which isn’t always easy, googling is a skill like anything else).

Think of the time you spend not time specific to any particular challenge, but an investment in knowledge and future challenges. Read a bunch of stuff that didn’t help you solve this challenge? It wasn’t a waste if you learned something and it will very well help you in a future challenge.

12 Likes

All the hints needed are in @Hilbert post. I suck real hard at crypto, but toked my time, did a lot of googling, learned the basics and after that learned about the possible attacks.

Trust me, after some learning, this challenge is a piece of cake.

2 Likes

Interesting challenge.
I’m new to Crypto, and after spending some time of my own investigating on my own in the challenge and doing some research on the web and with the tips from Hilbert. You quickly find the CVE-2017-15361 when reading the challenge text and also the hint “modules” this refers me to the Infineon Trusted Platform Module. I searched metasploit/searchsploit for exploit to use. Can I have a nudge please which one to use?

You have gone down a bit of a rabbit hole (but you learned some cool stuff I hope!). “Modules” was not a hint to point you into this direction, I was actually talking about “modulus” which is just a math term you will see used a lot when reading about RSA that will probably be unfamiliar to people new to crypto.

No attacks on the server or the infrastructure are required. The code is provided merely so you can see how the encryption is taking place so you can then figure out a way to decrypt it. If instead of a running server that gave you encrypted messages when you asked for them, you were provided with a file of some number of them, you would be able to recover the original message that way.

So basically what you need is just knowledge of what is taking place (you get this by looking at the source code), and then some number of those encrypted messages. From that you will be able to recover the original message via a little bit of math and knowledge of some of the ways in which implementing or using RSA can cause it to no longer be secure.

Is calculating p and q impossible?!
Because of the large size

what did google say when you asked it? :slight_smile:

If p and q are properly generated and are sufficiently large than you can’t figure out what they are just from knowing what N is. RSA wouldn’t be secure if you could factor N. Knowing what p and q are is the trapdoor that makes it easy for the person who created it to easily calculate the private key, but ‘impossible’ for everyone else to do so.

So that is always one avenue to investigate when doing a RSA challenge, as if you can figure out p and q, you can decode all the messages encrypted with that public key. You probably wouldn’t want to use 1024 bit RSA to send any secret messages if you were a spy…but you can consider it unfactorable for challenges (again, assuming p and q are properly generated…which picking random 512 bit primes using a cryptographically secure random number generator, would be considered properly generated)

Finally cracked it.It was great learning experience. Thanks @Hilbert for point me to the right direction.

1 Like

Solved. Without looking at challenge script. By just seeing output.

Thank you for the tips :slight_smile: but after two days of research I’m still stuck on your challenge (my first crypto box and my brain is exploding :p…). When you say ‘little bit of maths’ am I on the good way whith ch***** r****** technic?

yup, you are indeed on the path! You don’t have to implement that yourself btw (tho it’s a great way to learn it!!) there are packages that will do it for you.

excellent thank you. anyway no success with differents packages until now… I must miss something else…

Does anyone have a walkthrough for this challenge posted?
Really hitting a wall with what to do
I’ve tried using RsaCtfTool.py given n and e it should decypher the timecapsule given but it’s just giving me gibberish

Is it useful to find " d " for recover the message ?

No, u can do it without finding d.

1 Like

It would always be useful to find d, as tthat would let you recover the message. Same with it would always be useful to be able to factor N, as that would let you recover d, which would let you recover the message.

So the question really is “can I find d?” or “can I factor N?”

I’m not pointing that out to be pedantic or to be some kind of knob, but to show how thinking about it differently can give you direction, as now you have something to google. Even that exact question “can I find d in RSA?” will yield useful information. Same thing with searching on how to factor an RSA number.

now spoiler alert, you aren’t going to be able to recover d, or factor N in this challenge. So if this was the only crypto challenge you ever were going to do, the time you spent on that could be considered a waste. But if you want to do other crypto challenges, or learn more about RSA, the time you spent doing that is more valuable than the flag to this challenge. Because knowing when d can be recovered or what conditions might allow you to factor N allows you to start to build up a toolset to use for the future, because there are challenges where the way to get the flag is by recovering d, or by factoring N, and with more knowledge about how RSA works or about what kind of things are possible or what attacks exist, you’ll be able to better identify such paths.

Indeed it’s my first crypto challenge so
thanks for pointing me in an other direction than that i took during the last hours lol.
I’ll search another way to do this challenge :+1:.