RSA
Very Smooth - picoCTF 2022
vulnerability: factorisation with Pollard’s p-1 algorithm
Lorge - Imaginary CTF 2022
vulnerability: factorisation with Pollard’s p-1 algorithm, but largest prime factor of p-1 and q-1 is the same
One Step Closer - HTB Cyber Apocalypse CTF 2022
vulnerability: affine padding (allowing Franklin-Reiter attack)
DeLorean - HTB
vulnerability: gcd(e, phi) != 1
easyRSA - DASCTF 2022
vulnerability: non-prime e and gcd(e, p-1) = 1
baby RSA DICECTF 2022
vulnerability: e | (p-1) and e | (q-1)
Information Paradox - Space Heroes CTF 2022
vulnerability: partial PEM private key
Key Recovery - UMD CTF 2024
vulnerability: partial PEM private key
Key Recovery - San Diego CTF 2022
vulnerability: partial OpenSSH private key
PSYDUCK - squeamishossifrage
vulnerability: upper bits of p given
DELIBIRD - squeamishossifrage
vulnerability: common modulus attack
MAGIKARP - squeamishossifrage
vulnerability: e=1
VULPIX - squeamishossifrage
vulnerability: low Hamming weight
LUDICOLO - squeamishossifrage
vulnerability: ROCA attack
Can’t Login - Incognito CTF 2022
vulnerability: common ssh-key password
Cookie Lover - HackIM CTF 2022
vulnerability: signature oracle
rsa_leak - ACTF 2022
vulnerability: LSB attack
Refactor - ASIS quals 2023
vulnerability: multiple of phi known
Too Little Information - nbctf 2023
vulnerability: MSB (p+q) known
easy-rsa - pingCTF 2023
vulnerability: bit-by-bit bruteforce
pprintable - Fall GoN Open Qual CTF 2022
vulnerability: byte-by-byte bruteforce
Various Scattered Bits Challs
vulnerability: random known bits
L4ugh - 0xl4ughCTF 2024
vulnerability: common d
ReallyComplexProblems - SDCTF 2024
vulnerability: complex Coppersmith?!
BLAHAJ - angstrom CTF 2024
vulnerability: hint given
quick maffs - HTB
vulnerability: hint given
Sqursa_xx - hspace CTF 2024
vulnerability: strange prime structure
Prime Rotation - Compfest CTF 16 (2024)
vulnerability: strange prime structure