Solved!! Thank you very much for this challenge.

I have this expectation that âvery easyâ challenges are all going to be solvable in 15 minutes. I have to get away from that mindset (especially for crypto which is apparently myâŚ cryptonite).

This took me all day, and I ended up with exposure to way more RSA than I expected. Which is a good thing. Tough challenge for me, loads of Google before I was on the right track thanks to nudges from others.

Should I be getting a syntax error on line 34? its not missing any quotes.?

In line 34 f-strings are used the frist time, see Formatted String Literals. The f-string are introduced in Python version 3.6, PEP498. May be you used an older Python version.

thanks!

Can anyone give me a hint? I have unciphered data from one tool for ctf, but that data is kind of chinese in utf-16

Hi, i think i need a hint, i been implementing a c****** r******** solution but Iâm not able to recover any usable flag

Anyone can give me a hint or tell me what Iâm missing?

maybe you are implementing it incorrectly? Have you tried one thatâs been implemented for you?

you can PM me and give me the details of what youâve tried and I can point you in the right direction

Iâm running in to the problem that my solution for the offline server.py file does not work for the actual server any tips maybe

i can get part of the flag but it cuts out the rest HTB{t3h the rest is missing. im using external libraries to calculate c****** and r*** to avoid big number problems. im using python.

Anyone had that problem? should i just use a different language?

I have the same problem. I tried to convert a large float to bytes, but I receive only the beginning of the flag, just as you. Did you solve it creepto?

I have got it. Information gets lost when the int value is too large and you are doing log computations and devisions.

Hint: use libnum.nroot

I have a quick question, is every time capsule solvable or is the expectation that we try to find a weak one? I can reliably solve for the redacted flag with a couple methods but the real capsules are just a little bit bigger and Iâm losing accuracy when trying to work with the larger numbers. For reference Iâve worked with numpy, gmpy2 and libnum.

Ok, I figured it out. Read through this thread carefully, specifically @Hilbertâs comment. It should get you started on the right track

I am stuck in 2 days . I know little bit about RSA but i dont understand how to get flag . Some guy previous tell he get flag

Without looking python code . How to get flag can anyone give me a hint .

should i brute force the value of m which is the int representation of the flag? because we canât factorize N, i donât have any idea this is my first time with crypto & RSA and i suck at math ):

edit:

After some math it turned out that i need at least 1E22 years to brute force that m, int representation of bâHTB{âREDACTEDâ}â which is 125 bit long, so the actual flag on the server would be much harder to brute force cuz i donât know itâs length. any hint? about that ch** r** thing ?

while bruteforcing it i noticed that the modulus N does not affect the encryption of the flag so the m value is just byte_to_long(flag) ** 5 , then i noticed that the server always generate the same âtime_capsuleâ even that the N is changing, so i reversed the flag by : flag = M ** (1/5), and it worked! Locally, but the actual server doesnât send the same time_capsule! i wonder why, any clarification?

Bruteforcing the key is a bad idea. Try to learn what each of the values corresponding to RSA does, and see if you can do anything with that.

what is that tecnic ch***** r****** ? Is this useful

I know that it is useless find d and factoring n and it is only way decrypt it ciper text ( i mean it always m^e<n ) use another way but how i try convert ciper msg to int and nroot (c**1/5) it

But is nt working then how to do it please give me hint