RSA multi-attack tool that decrypts data from weak public keys and recovers private keys.
This tool is a utility designed to decrypt data from weak public keys and attempt to recover the corresponding private key. It offers a comprehensive range of attack options for cracking RSA encryption.
RSA security relies on the complexity of integer factorization. This project combines multiple factorization algorithms to enhance decryption capabilities.
Note: This tool is primarily intended for educational purposes. Not every key can be broken in a reasonable timeframe. The tool only supports RSA textbook semiprime composite modulus (not multiprimes).
For advanced factorization, consider msieve, yafu, or cado-nfs.
RsaCtfTool --publickey key.pub --private # Recover private key
RsaCtfTool --publickey key.pub --decryptfile ciphertext # Decrypt file
RsaCtfTool --publickey key.pub --attack wiener # Use specific attackFor complete usage, run: RsaCtfTool --help
- Python 3.9+
- SageMath (optional but recommended)
python3 -m venv venv
source venv/bin/activate
pip install -e .docker build -t rsactftool/rsactftool .
docker run -it --rm -v $PWD:/data rsactftool/rsactftool <arguments>- Wiener's attack
- Hastad's attack (small public exponent)
- Boneh-Durfee (small private exponent d < n^0.292)
- Same n, huge e
- Small CRT exponent
- Partial q / Partial d
- Lattice reduction
| Method | Description |
|---|---|
| Fermat | Close p and q |
| Pollard Rho | General factorization |
| Elliptic Curve (ECM) | Smooth numbers |
| Pollard p-1 | Smooth numbers |
| Williams p+1 | Smooth numbers |
| ROCA | Vulnerable key generation |
| SQUFOF | Square forms |
| Quadratic Sieve | General factorization |
| Dixon | Random squares |
| Factordb | Online factorization database |
| Common factor attacks | Keys sharing factors |
| GCD attacks | Mersenne, Primorial, Fibonacci, etc. |
- Noveltyprimes
- Past CTF Primes
- Gimmicky Primes
- Non-RSA (b^x form)
- Z3 Theorem Prover
- Wolfram Alpha
RsaCtfTool --publickey key.pub --privateRsaCtfTool --publickey key.pub --decryptfile ciphertextRsaCtfTool --publickey "*.pub" --privateRsaCtfTool --createpub -n 7828374823761928712873... -e 65537RsaCtfTool --dumpkey --key key.pub
RsaCtfTool --dumpkey --ext --key key.pub # Include CRT parametersRsaCtfTool --publickey key.pub --ecmdigits 25 --privateRsaCtfTool --publickey key.pub --attack wiener --private
RsaCtfTool --publickey key.pub --attack factordb --privateRsaCtfTool --publickey "*.pub" --private --sendtofdbRsaCtfTool --isroca --publickey "examples/*.pub"RsaCtfTool --convert_idrsa_pub --publickey ~/.ssh/id_rsa.pubFor more examples, run pytest tests/ --collect-only to see available tests.
Tests use pytest and are located in tests/.
pytest tests/ # Run all tests
pytest tests/ -m "not slow" # Skip slow tests
pytest tests/ -v # Verbose mode
pytest tests/ -k "fermat" # Run tests matching "fermat"@pytest.mark.slow- Slow factorization tests@pytest.mark.network- Tests requiring network (Factordb)@pytest.mark.attack- Attack integration tests
| File | Description |
|---|---|
test_number_theory.py |
Number theory functions (gcd, is_prime, phi, etc.) |
test_algos.py |
Factorization algorithms (fermat, brent, pollard_rho, etc.) |
test_keys_wrapper.py |
PublicKey/PrivateKey classes |
test_utils.py |
Utility functions |
test_pubkey_decode.py |
RSA public key decoding |
test_attacks.py |
Attack integration tests |
test_regression.py |
Bug fix regression tests |
test_exceptions.py |
Custom exceptions |
conftest.py |
pytest configuration and fixtures |
Please read CONTRIBUTING.md for guidelines and CODE_OF_CONDUCT.md before contributing.
The original project was released under GPLv3. This code has been relicensed under the MIT License.