[NSSRound#16 Basic]break WP

Problem: [NSSRound#16 Basic]break

给了被砍头的私钥文件和密文c的值，一般来说，rsa的公钥存的是n,e两个参数，私钥则是n,e,d,p,q,dp,dq,u共8个参数，pem文件采用base64格式不便阅读，先用ToolsFx的编码转换工具转成16进制，c的长度是2046bit说明n应该是2048bit,p和q等参数的长度应该是1024bit,即256个16进制字符，我们将得到的私钥16进制串从后向前分析，发现取完256个字符后一般还有几个字节的引导头，可能标注了数据类型及长度，都是02818100或028180这类值，最后拆分后结果如下：

05cf2d493aef1899b6a18b82cc8cfe620e27c3
02818100 e26146b07b963eacf6c585538c541f190727cc6b82e37920dd676de3106bf29411d27b2bc5090ab7212504e349350f65e699e69930bddad67527e8e448586686da985cc2b58b911ea7b9b5666f54094b38339851c69cbe7a2870726710fdaba0cf07ea3a8065adf3fe9d741976348654ff56ed74f420a237c05d7245cd1f7645
02818100 bbaa507453b9b653815d1bd79e95277e59228d515965640b878e2ee3821ecec7a2daf713799a2199d72bcfe38c97db5f0e27d662d3ca3abc8acce848a5e392b34ed1a6e22b889fc08ca68c7ee5e52da31cafc5af6bb365aef8845937dcc2304fa9faa23cfd31b6edd2320f3b1d80da9c528f044a5b3bb96e7f14403b6d84c289
02818100 bbd4ac9b781fa4674ce57c8762f2d54ea5e23eb9a1c36dd877fbfe701d4b03de199f83b5406a0d2aff6440d6f901fe81b54152d51e5d18bb423fd7fbb98f279a92bb429407a002cbe5acafb78b7db5ac64b86294cf6f7497d4ffdfdc667ba3b0ecb68b80f8d1e4f082fd4fbc64989630e61fd12c6df6b9c1fa694e8c5df2d1e5
028180 3fec91f745c465b184793a535992dbb20cf6324d83dc4bcf99f1ce4a8f3e12e7fab760208b93b90b6ffbe7848c43fefbb655d74ae0e7229525dfdbc72f07d8837b690a3b9195ae9474d00d9305c203a19f4bba825262faa0bc6d6cd80c5390485ad8f57437bf028cb29aa6fbaf7bc4cf9d3145b42cc2faa1413d663122018ff9
​

可见n,e,d都没了，p只有尾部，但q是完整的(0xe26146...1f7645)，而一般e=0x10001,有这两个参数就足够解密了：

#!/bin/env sage
#[NSSRound#16 Basic]break

p=0xe26146b07b963eacf6c585538c541f190727cc6b82e37920dd676de3106bf29411d27b2bc5090ab7212504e349350f65e699e69930bddad67527e8e448586686da985cc2b58b911ea7b9b5666f54094b38339851c69cbe7a2870726710fdaba0cf07ea3a8065adf3fe9d741976348654ff56ed74f420a237c05d7245cd1f7645
c=6081370370545409218106271903400346695565292992689150366474451604281551878507114813906275593034729563149286993189430514737137534129570304832172520820901940874698337733991868650159489601159238582002010625666203730677577976307606665760650563172302688129824842780090723167480409842707790983962415315804311334507726664838464859751689906850572044873633896253285381878416855505301919877714965930289139921111644393144686543207867970807469735534838601255712764863973853116693691206791007433101433703535127367245739289103650669095061417223994665200039533840922696282929063608853551346533188464573323230476645532002621795338655
e=0x10001
m=pow(c,pow(e,-1,p-1),p)
flag=bytes(ZZ(m).digits(256)[::-1])
print(flag.decode())
#flag{oi!_you_find___what_i_Wa1t_talK_y0n!!!}
​