RSA multi-attack tool that decrypts data from weak public keys and recovers private keys.
This tool is an utility designed to decrypt data from weak public keys and attempt to recover the corresponding private key. It offers a comprehensive range of attack options for cracking RSA encryption.
RSA security relies on the complexity of integer factorization. This project combines multiple factorization algorithms to enhance decryption capabilities.
Note: This tool is primarily intended for educational purposes. Not every key can be broken in a reasonable timeframe. The tool only supports RSA textbook semiprime composite modulus (not multiprimes).
For advanced factorization, consider msieve, yafu, or cado-nfs.
RsaCtfTool --publickey key.pub --private # Recover private key
RsaCtfTool --publickey key.pub --decryptfile ciphertext # Decrypt file
RsaCtfTool --publickey key.pub --attack wiener # Use specific attackFor complete usage, run: RsaCtfTool --help
- Python 3.9+
- SageMath (optional but recommended)
python3 -m venv venv
source venv/bin/activate
pip install -e .docker build -t rsactftool/rsactftool .
docker run -it --rm -v $PWD:/data rsactftool/rsactftool <arguments>- Wiener's attack
- Hastad's attack (small public exponent)
- Boneh-Durfee (small private exponent d < n^0.292)
- Same n, huge e
- Small CRT exponent
- Partial q / Partial d
- Lattice reduction
| Method | Description |
|---|---|
| Fermat | Close p and q |
| Pollard Rho | General factorization |
| Elliptic Curve (ECM) | Smooth numbers |
| Pollard p-1 | Smooth numbers |
| Williams p+1 | Smooth numbers |
| ROCA | Vulnerable key generation |
| SQUFOF | Square forms |
| Quadratic Sieve | General factorization |
| Dixon | Random squares |
| Factordb | Online factorization database |
| Common factor attacks | Keys sharing factors |
| GCD attacks | Mersenne, Primorial, Fibonacci, etc. |
- Noveltyprimes
- Past CTF Primes
- Gimmicky Primes
- Non-RSA (b^x form)
- Z3 Theorem Prover
- Wolfram Alpha
RsaCtfTool --publickey key.pub --privateRsaCtfTool --publickey key.pub --decryptfile ciphertextRsaCtfTool --publickey "*.pub" --privateRsaCtfTool --createpub -n 7828374823761928712873... -e 65537RsaCtfTool --dumpkey --key key.pub
RsaCtfTool --dumpkey --ext --key key.pub # Include CRT parametersRsaCtfTool --publickey key.pub --ecmdigits 25 --privateRsaCtfTool --publickey key.pub --attack wiener --private
RsaCtfTool --publickey key.pub --attack factordb --privateRsaCtfTool --publickey "*.pub" --private --sendtofdbRsaCtfTool --isroca --publickey "examples/*.pub"RsaCtfTool --convert_idrsa_pub --publickey ~/.ssh/id_rsa.pubFor more examples, run pytest tests/ --collect-only to see available tests.
Tests use pytest and are located in tests/.
pytest tests/ # Run all tests
pytest tests/ -m "not slow" # Skip slow tests
pytest tests/ -v # Verbose mode
pytest tests/ -k "fermat" # Run tests matching "fermat"@pytest.mark.slow- Slow factorization tests@pytest.mark.network- Tests requiring network (Factordb)@pytest.mark.attack- Attack integration tests
| File | Description |
|---|---|
test_number_theory.py |
Number theory functions (gcd, is_prime, phi, etc.) |
test_algos.py |
Factorization algorithms (fermat, brent, pollard_rho, etc.) |
test_keys_wrapper.py |
PublicKey/PrivateKey classes |
test_utils.py |
Utility functions |
test_pubkey_decode.py |
RSA public key decoding |
test_attacks.py |
Attack integration tests |
test_regression.py |
Bug fix regression tests |
test_exceptions.py |
Custom exceptions |
conftest.py |
pytest configuration and fixtures |
Please read CONTRIBUTING.md for guidelines and CODE_OF_CONDUCT.md before contributing.
The original project was released under GPLv3. This code has been relicensed under the MIT License.
