Skip to main content

Day 3: Missing Reindeer

challenge description
Not only elves took control of Santa's Christmas factory but they kidnapped Rudolf as well. 
Our cyber spies managed to capture an email related to Santa's favorite reindeer.
Can you help them decrypt the message?

Exploration

Exploring the downloadable files, we see an email containing some messages.

message.eml
From [email protected] Tue Nov 30 19:07:09 2021
Date: Tue, 30 Nov 2021 14:09:11 -0500
From: Pep Sparkles <[email protected]>
To: Tiny Jingles <[email protected]>
Subject: Rudolf's Location
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_Part_5028_7368284.1115579351471"

------=_Part_5028_7368284.1115579351471
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
From: Pep Sparkles <[email protected]>
Date: Nov 30, 2021 1:17 PM
Subject: Rudolf's Location
To: [email protected]


Hello Mr Jingles,

We got the reindeer as you requested. There is a problem though. Its nose is so red and bright and makes it very hard to hide him anywhere near north pole. We have moved to a secret location far away. I have encrypted this information with your public key in case you know who is watching.


------=_Part_5028_7368284.1115579351471
Content-Type: application/text/plain; name*=secret.enc
Content-Transfer-Encoding: base64
Content-Disposition: attachment
Ci95oTkIL85VWrJLVhns1O2vyBeCd0weKp9o3dSY7hQl7CyiIB/D3HaXQ619k0+4FxkVEksPL6j3wLp8HMJAPxeA321RZexR9qwswQv2S6xQ3QFJi6sgvxkN0YnXtLKRYHQ3te1Nzo53gDnbvuR6zWV8fdlOcBoHtKXlVlsqODku2GvkTQ/06x8zOAWgQCKj78V2mkPiSSXf2/qfDp+FEalbOJlILsZMe3NdgjvohpJHN3O5hLfBPdod2v6iSeNxl7eVcpNtwjkhjzUx35SScJDzKuvAv+6DupMrVSLUfcWyvYUyd/l4v01w+8wvPH9l
------=_Part_5028_7368284.1115579351471
Content-Type: application/octet-stream; name*=pubkey.der
Content-Transfer-Encoding: base64
Content-Disposition: attachment
-----BEGIN PUBLIC KEY-----
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEA5iOXKISx9NcivdXuW+uE
y4R2DC7Q/6/ZPNYDD7INeTCQO9FzHcdMlUojB1MD39cbiFzWbphb91ntF6mF9+fY
N8hXvTGhR9dNomFJKFj6X8+4kjCHjvT//P+S/CkpiTJkVK+1G7erJT/v1bNXv4Om
OfFTIEr8Vijz4CAixpSdwjyxnS/WObbVmHrDMqAd0jtDemd3u5Z/gOUi6UHl+XIW
Cu1Vbbc5ORmAZCKuGn3JsZmW/beykUFHLWgD3/QqcT21esB4/KSNGmhhQj3joS7Z
z6+4MeXWm5LXGWPQIyKMJhLqM0plLEYSH1BdG1pVEiTGn8gjnP4Qk95oCV9xUxWW
ZwIBAw==
-----END PUBLIC KEY-----
------=_Part_5028_7368284.1115579351471--

We are in luck. It has the public key and the encoded message. Using OpenSSL, we see that this public key is indeed just a RSA public key with a strong modulus and a small exponent of 3.

~/Desktop/CTF/CyberSantaCTF2021/crypto/missingReindeer ❯ openssl rsa -pubin -inform PEM -text -noout < pubkey.pem                                    ctf-tools 14:13:05  86%
RSA Public-Key: (2048 bit)
Modulus:
00:e6:23:97:28:84:b1:f4:d7:22:bd:d5:ee:5b:eb:
84:cb:84:76:0c:2e:d0:ff:af:d9:3c:d6:03:0f:b2:
0d:79:30:90:3b:d1:73:1d:c7:4c:95:4a:23:07:53:
03:df:d7:1b:88:5c:d6:6e:98:5b:f7:59:ed:17:a9:
85:f7:e7:d8:37:c8:57:bd:31:a1:47:d7:4d:a2:61:
49:28:58:fa:5f:cf:b8:92:30:87:8e:f4:ff:fc:ff:
92:fc:29:29:89:32:64:54:af:b5:1b:b7:ab:25:3f:
ef:d5:b3:57:bf:83:a6:39:f1:53:20:4a:fc:56:28:
f3:e0:20:22:c6:94:9d:c2:3c:b1:9d:2f:d6:39:b6:
d5:98:7a:c3:32:a0:1d:d2:3b:43:7a:67:77:bb:96:
7f:80:e5:22:e9:41:e5:f9:72:16:0a:ed:55:6d:b7:
39:39:19:80:64:22:ae:1a:7d:c9:b1:99:96:fd:b7:
b2:91:41:47:2d:68:03:df:f4:2a:71:3d:b5:7a:c0:
78:fc:a4:8d:1a:68:61:42:3d:e3:a1:2e:d9:cf:af:
b8:31:e5:d6:9b:92:d7:19:63:d0:23:22:8c:26:12:
ea:33:4a:65:2c:46:12:1f:50:5d:1b:5a:55:12:24:
c6:9f:c8:23:9c:fe:10:93:de:68:09:5f:71:53:15:
96:67
Exponent: 3 (0x3)

Moving on

Cracking the modulus is unlikely. However, the ciphertext is pretty short! Did they not pad the message before encrypting? Well, only one way to find out.

solve.py
from Crypto.Util.number import bytes_to_long, long_to_bytes
import gmpy2
import base64

raw = open('secret.enc', 'r').read()
enc = base64.b64decode(raw)

flag = ""
text = int.from_bytes(enc, 'big')
c0 = gmpy2.mpz(text)
m, isAccurate = gmpy2.iroot(c0, 3)
print(long_to_bytes(m))

Flag

HTB{w34k_3xp0n3n7_ffc896}