Reading the link provided we can see tha the info_hash value in the bt-dht packets is going to be unique per torrent.

From that information you can pull each of these fields with tshark and output as json

tshark -r torrent.pcap -Y 'bt-dht.bencoded.string=="info_hash"' -Tjson -e 'bt-dht.bencoded.string' > output.json

We can then use some bash tools to clean up the output

cat output.json \
| jq '.[] | ._source.layers' \
| grep info_hash -A1 \
| awk '{print $1}' \
| sort \
| uniq \
| sed -E 's/"?(.{40})"?,?/\1/g' \
| grep -E '.{40}' \
| tr '\n' ' ')"

Following this we can manually search each hash in google to find reference to hash e2467cbf021192c241367b892230dc1e05c0580e on linuxtracker.org.

Note: the solve.py script in this folder can automate the discovery.

picoCTF{ubuntu-19.10-desktop-amd64.iso}

--

--

Description

We have so much faith in RSA we give you not just the product of the primes, but their sum as well!

gen.py output.txt

Solve

This problem can be solved as we have the product and sum of the 2 primes. This can be achieve by using a quadratic equation.

Here we can calculate the square root value as theta

theta = ((bb**2) - (4*nn)).sqrt()

Then solve for p and q

p = (bb+theta)//2
q = (bb-theta)//2

With p and q we can rebuild the private exponent and recover the plain text flag

phi = (int(p)-1)*(int(q)-1)
d = pow(e,-1,phi)
pt = pow(int(c,16),d,n)
print( long_to_bytes(pt))

Flag

picoCTF{674b189f}

--

--