RsaCtftool的环境配置稍微有些复杂,如果依赖没有弄全可能老是出一些奇怪的问题,如果按照报错来安装的话,安装一个RsaCtftool让人掉一层皮。。各种报错,而且不是简单的安装包就可以完成的,摸索了很久终于解决了。现在在kali上成功安装。(Ubuntu适用)。
首先需要安装依赖库,如果不安装会出现很多错误,几乎不可能能一步步手动安装解决。不信可以先下一步直接进入安装。
#安装MPFR 解决GMPY2、SymPY时可能产生的报错
v=4.0.1
wget http://www.mpfr.org/mpfr-current/mpfr-${v}.tar.bz2
tar -jxvf mpfr-${v}.tar.bz2 && cd mpfr-${v}
./configure
make && make check && make install
v=1.1.0
wget ftp://ftp.gnu.org/gnu/mpc/mpc-${v}.tar.gz
tar -zxvf mpc-${v}.tar.gz && cd mpc-${v}
./configure
make && make check && make install
安装RsaCtfTool:
git clone https://github.com/Ganapati/RsaCtfTool.git
cd RsaCtfTool
pip install -r requirements.txt
这就算安装完成了。
但是仍然有很多特殊情况:
1.有时候可能会出现需要安装requests库,安装补上就行了
2.运行报错如下:
root@kali:~/桌面/tools/RsaCtfTool# python RsaCtfTool.py --
Traceback (most recent call last):
File "RsaCtfTool.py", line 21, in
from lib.rsa_attack import RSAAttack
File "/root/桌面/tools/RsaCtfTool/lib/rsa_attack.py", line 9, in
from lib.utils import sageworks, print_results
File "/root/桌面/tools/RsaCtfTool/lib/utils.py", line 122
logger.info(f"HEX : 0x{c.hex()}")
这个地方需要手动修改utils.py文件,把f"HEX : 0x{c.hex()}"都改成"HEX : 0x{c.hex()}"就行。(暂不清楚修改为3.7版本是否能解决,笔者当时顺序就是按照此片顺序依次解决的)
3.在2修改完后运行不会报错了,但是进行私钥破解的时候可能产生如下错误
Traceback (most recent call last):
File "RsaCtfTool.py", line 262, in
attackobj.attack_single_key(publickey, attacks_list)
File "/root/桌面/tools/RsaCtfTool/lib/rsa_attack.py", line 174, in attack_single_key
self.load_attacks(attacks_list)
File "/root/桌面/tools/RsaCtfTool/lib/rsa_attack.py", line 123, in load_attacks
except ModuleNotFoundError:
NameError: global name 'ModuleNotFoundError' is not defined
问题在于我们系统使用的python2.7的环境
FileNotFoundError为python3使用的文本不存在异常处理方法
在python2.7中使用IOError
修改即可,或者修改python3.7版本运行,之后无任何异常。
环境好了,我们实操一次测试一下:
root@kali:~/桌面/tools/RsaCtfTool# python RsaCtfTool.py --createpub -n 460657813884289609896372056585544172485318117026246263899744329237492701820627219556007788200590119136173895989001382151536006853823326382892363143604314518686388786002989248800814861248595075326277099645338694977097459168530898776007293695728101976069423971696524237755227187061418202849911479124793990722597 -e 354611102441307572056572181827925899198345350228753730931089393275463916544456626894245415096107834465778409532373187125318554614722599301791528916212839368121066035541008808261534500586023652767712271625785204280964688004680328300124849680477105302519377370092578107827116821391826210972320377614967547827619 > test.pem
private argument is not set, the private key will not be displayed, even if recovered.
root@kali:~/桌面/tools/RsaCtfTool# python RsaCtfTool.py --publickey test.pem --private > test.key
[*] Testing key test.pem.
Can't load smallfraction because sage is not installed
Can't load roca because sage is not installed
Can't load ecm because sage is not installed
Can't load qicheng because sage is not installed
Can't load ecm2 because sage is not installed
Can't load boneh_durfee because sage is not installed
[*] Performing londahl attack on test.pem.
[*] Performing siqs attack on test.pem.
[!] Warning: Modulus too large for SIQS attack module
[*] Performing pastctfprimes attack on test.pem.
[*] Performing fermat attack on test.pem.
[*] Performing pollard_p_1 attack on test.pem.
[*] Performing smallq attack on test.pem.
[*] Performing wiener attack on test.pem.
Results for test.pem:
Private key :
-----BEGIN RSA PRIVATE KEY-----
MIICOQIBAAKBgQKP/53T5v6XgWSet/5ekwPPaWNHxBELxLo5afCxFmmEDFHYGmhC
tt8rCQ8hzXbUNxqMDkcEjJZeyltGkTr7uNoFIHKgVm1wOcYYq6kGV1mwWeKeSF3F
BhoWrGMSlDjZNU5l31dHVGuF2z1pmBnEt3Mt+SfHCEpdUtbm1qrBRGI0JQKBgQH4
+6QQBS337aNGLxqs1p5AdgQzyjNXZ81zBaPQkIBaX9QF3W7qcOmPDKHhzyVHSGcb
8MmABsIO7h1ieQQ1Cf56mCOLQ5FgpWEtpx6QRRToEoBhfjB8PNMxP6TG/KMxWdBE
H7sY2DyvS9Rva5KXqAoULdab8aNXzLXkwgC22Q8VowIgEkWi5MMhraVZBcJJt+CW
QPiKQcq9Y8kytE4BDTeIyXcCQQExVoUNBVlVGTb0Jeg+wkvwkFWR8T5KB4V/iEnz
a0+QRDG1CqRQm68TaVg+Mv/yslrxDjnehozqdwbv7ow2+2Y/AkECJf/G98bYlZaW
Zj5M25DUolCpmiEiv2s9mkQxoajS5s14SK9OOWuX7BEJ6pzzDPZ68iFcwsvTp1T/
CqZAffm0mwIgEkWi5MMhraVZBcJJt+CWQPiKQcq9Y8kytE4BDTeIyXcCIBJFouTD
Ia2lWQXCSbfglkD4ikHKvWPJMrROAQ03iMl3AkBV0D6QJvGtKdXF9dPONK4B7k/P
NGuglv2itym5OL5Kve/WX6wnzEyaz8mJD64NwY2Y8punAUFUif8TTsCQ2XQG
-----END RSA PRIVATE KEY-----
其中sage可以看作是一个数据库,有点大可以起到加速等作用。可以暂时不安装。
测试效果如上,成功破出私钥,可以正常进行下一步解密RSA。