Official discussion thread for Baby Time Capsule. Please do not post any spoilers or big hints.

I can find a way do decode the hashâŚ

bro,give me a hint please

Im stuck too â â â â . I suck at crypto

you can keep asking it for more messages

whatâs different about them?

Google a bit about anything you donât understand. Not sure what RSA is? Read a few things about it. Not sure what some of the terms like âmodulusâ mean? Google those too. You donât need to aim to be an expert, start small, just work on getting a general understanding and some familiarity with what is happening. When you feel you understand an aspect of something, explain it to someone who doesnât yet understand it (Doesnât have to be a real person, I teach my dogs stuffed hedgehog).

Already have a general idea of whatâs going and how things work, but still stuck? Googling things with the word âattackâ or âexploitâ in it is always good advice, something like â<whatâs unique about this challenge> exploit RSAâ. None of these challenges are novel concepts, so there is going to be lots of info on the internet about whatâs happening and how to exploit it, you just have to search for the right things (which isnât always easy, googling is a skill like anything else).

Think of the time you spend not time specific to any particular challenge, but an investment in knowledge and future challenges. Read a bunch of stuff that didnât help you solve this challenge? It wasnât a waste if you learned something and it will very well help you in a future challenge.

All the hints needed are in @Hilbert post. I suck real hard at crypto, but toked my time, did a lot of googling, learned the basics and after that learned about the possible attacks.

Trust me, after some learning, this challenge is a piece of cake.

Interesting challenge.

Iâm new to Crypto, and after spending some time of my own investigating on my own in the challenge and doing some research on the web and with the tips from Hilbert. You quickly find the CVE-2017-15361 when reading the challenge text and also the hint âmodulesâ this refers me to the Infineon Trusted Platform Module. I searched metasploit/searchsploit for exploit to use. Can I have a nudge please which one to use?

You have gone down a bit of a rabbit hole (but you learned some cool stuff I hope!). âModulesâ was not a hint to point you into this direction, I was actually talking about âmodulusâ which is just a math term you will see used a lot when reading about RSA that will probably be unfamiliar to people new to crypto.

No attacks on the server or the infrastructure are required. The code is provided merely so you can see how the encryption is taking place so you can then figure out a way to decrypt it. If instead of a running server that gave you encrypted messages when you asked for them, you were provided with a file of some number of them, you would be able to recover the original message that way.

So basically what you need is just knowledge of what is taking place (you get this by looking at the source code), and then some number of those encrypted messages. From that you will be able to recover the original message via a little bit of math and knowledge of some of the ways in which implementing or using RSA can cause it to no longer be secure.

Is calculating p and q impossible?!

Because of the large size

what did google say when you asked it?

If p and q are properly generated and are sufficiently large than you canât figure out what they are just from knowing what N is. RSA wouldnât be secure if you could factor N. Knowing what p and q are is the trapdoor that makes it easy for the person who created it to easily calculate the private key, but âimpossibleâ for everyone else to do so.

So that is always one avenue to investigate when doing a RSA challenge, as if you can figure out p and q, you can decode all the messages encrypted with that public key. You probably wouldnât want to use 1024 bit RSA to send any secret messages if you were a spyâŚbut you can consider it unfactorable for challenges (again, assuming p and q are properly generatedâŚwhich picking random 512 bit primes using a cryptographically secure random number generator, would be considered properly generated)

Finally cracked it.It was great learning experience. Thanks @Hilbert for point me to the right direction.

Solved. Without looking at challenge script. By just seeing output.

Thank you for the tips but after two days of research Iâm still stuck on your challenge (my first crypto box and my brain is exploding :pâŚ). When you say âlittle bit of mathsâ am I on the good way whith ch***** r****** technic?

yup, you are indeed on the path! You donât have to implement that yourself btw (tho itâs a great way to learn it!!) there are packages that will do it for you.

excellent thank you. anyway no success with differents packages until nowâŚ I must miss something elseâŚ

Does anyone have a walkthrough for this challenge posted?

Really hitting a wall with what to do

Iâve tried using RsaCtfTool.py given n and e it should decypher the timecapsule given but itâs just giving me gibberish

Is it useful to find " d " for recover the message ?

No, u can do it without finding d.

It would always be useful to find d, as tthat would let you recover the message. Same with it would always be useful to be able to factor N, as that would let you recover d, which would let you recover the message.

So the question really is âcan I find d?â or âcan I factor N?â

Iâm not pointing that out to be pedantic or to be some kind of knob, but to show how thinking about it differently can give you direction, as now you have something to google. Even that exact question âcan I find d in RSA?â will yield useful information. Same thing with searching on how to factor an RSA number.

now spoiler alert, you arenât going to be able to recover d, or factor N in this challenge. So if this was the only crypto challenge you ever were going to do, the time you spent on that could be considered a waste. But if you want to do other crypto challenges, or learn more about RSA, the time you spent doing that is more valuable than the flag to this challenge. Because knowing when d can be recovered or what conditions might allow you to factor N allows you to start to build up a toolset to use for the future, because there are challenges where the way to get the flag is by recovering d, or by factoring N, and with more knowledge about how RSA works or about what kind of things are possible or what attacks exist, youâll be able to better identify such paths.

Indeed itâs my first crypto challenge so

thanks for pointing me in an other direction than that i took during the last hours lol.

Iâll search another way to do this challenge .