 # PicoCTF 2022 — Forensics: Torrent Analyze

Reading the link provided we can see tha the `info_hash` value in the `bt-dht` packets is going to be unique per torrent.

From that information you can pull each of these fields with tshark and output as json

`tshark -r torrent.pcap -Y 'bt-dht.bencoded.string=="info_hash"' -Tjson -e 'bt-dht.bencoded.string' > output.json`

We can then use some bash tools to clean up the output

`cat output.json \    | jq '.[] | ._source.layers' \    | grep info_hash -A1 \    | awk '{print \$1}' \    | sort \    | uniq \    | sed -E 's/"?(.{40})"?,?/\1/g' \    | grep -E '.{40}' \    | tr '\n' ' ')"`

Following this we can manually search each hash in google to find reference to hash `e2467cbf021192c241367b892230dc1e05c0580e` on linuxtracker.org.

Note: the `solve.py` script in this folder can automate the discovery.

`picoCTF{ubuntu-19.10-desktop-amd64.iso}`

--

--

# Description

We have so much faith in RSA we give you not just the product of the primes, but their sum as well!

gen.py output.txt

# Solve

This problem can be solved as we have the product and sum of the 2 primes. This can be achieve by using a quadratic equation.

Here we can calculate the square root value as `theta`

`theta = ((bb**2) - (4*nn)).sqrt()`

Then solve for `p` and `q`

`p = (bb+theta)//2q = (bb-theta)//2`

With `p` and `q` we can rebuild the private exponent and recover the plain text flag

`phi = (int(p)-1)*(int(q)-1)d = pow(e,-1,phi)pt = pow(int(c,16),d,n)print( long_to_bytes(pt))`

# Flag

`picoCTF{674b189f}`

--

--