RsaCtfTool

May 15, 2026 ยท View on GitHub

Test Ruff CodeQL
GitHub issues GitHub forks GitHub stars GitHub license GitHub contributors

RSA multi-attack tool that decrypts data from weak public keys and recovers private keys.

Overview

This tool is a utility designed to decrypt data from weak public keys and attempt to recover the corresponding private key. It offers a comprehensive range of attack options for cracking RSA encryption.

RSA security relies on the complexity of integer factorization. This project combines multiple factorization algorithms to enhance decryption capabilities.

Note: This tool is primarily intended for educational purposes. Not every key can be broken in a reasonable timeframe. The tool only supports RSA textbook semiprime composite modulus (not multiprimes).

For advanced factorization, consider msieve, yafu, or cado-nfs.

Usage

RsaCtfTool --publickey key.pub --private                   # Recover private key
RsaCtfTool --publickey key.pub --decryptfile ciphertext    # Decrypt file
RsaCtfTool --publickey key.pub --attack wiener             # Use specific attack

For complete usage, run: RsaCtfTool --help

Installation

Prerequisites

  • Python 3.9+
  • SageMath (optional but recommended)
python3 -m venv venv
source venv/bin/activate
pip install -e .

Docker

docker build -t rsactftool/rsactftool .
docker run -it --rm -v $PWD:/data rsactftool/rsactftool <arguments>

Attacks

Non-Factorization Attacks

Integer Factorization Methods

MethodDescription
FermatClose p and q
Pollard RhoGeneral factorization
Elliptic Curve (ECM)Smooth numbers
Pollard p-1Smooth numbers
Williams p+1Smooth numbers
ROCAVulnerable key generation
SQUFOFSquare forms
Quadratic SieveGeneral factorization
DixonRandom squares
FactordbOnline factorization database
Common factor attacksKeys sharing factors
GCD attacksMersenne, Primorial, Fibonacci, etc.

CTF-Specific Methods

Examples

Recover Private Key

RsaCtfTool --publickey key.pub --private

Decrypt a File

RsaCtfTool --publickey key.pub --decryptfile ciphertext

Attack Multiple Keys

RsaCtfTool --publickey "*.pub" --private

Create Public Key from n and e

RsaCtfTool --createpub -n 7828374823761928712873... -e 65537

Dump Key Parameters

RsaCtfTool --dumpkey --key key.pub
RsaCtfTool --dumpkey --ext --key key.pub  # Include CRT parameters

Factor with ECM

RsaCtfTool --publickey key.pub --ecmdigits 25 --private

Use Specific Attack

RsaCtfTool --publickey key.pub --attack wiener --private
RsaCtfTool --publickey key.pub --attack factordb --private

Send Results to Factordb

RsaCtfTool --publickey "*.pub" --private --sendtofdb

Check for ROCA Vulnerability

RsaCtfTool --isroca --publickey "examples/*.pub"

Convert SSH Key to PEM

RsaCtfTool --convert_idrsa_pub --publickey ~/.ssh/id_rsa.pub

For more examples, run pytest tests/ --collect-only to see available tests.

Testing

Tests use pytest and are located in tests/.

Running Tests

pytest tests/                 # Run all tests
pytest tests/ -m "not slow"   # Skip slow tests
pytest tests/ -v              # Verbose mode
pytest tests/ -k "fermat"     # Run tests matching "fermat"

Test Markers

  • @pytest.mark.slow - Slow factorization tests
  • @pytest.mark.network - Tests requiring network (Factordb)
  • @pytest.mark.attack - Attack integration tests

Test Files

FileDescription
test_number_theory.pyNumber theory functions (gcd, is_prime, phi, etc.)
test_algos.pyFactorization algorithms (fermat, brent, pollard_rho, etc.)
test_keys_wrapper.pyPublicKey/PrivateKey classes
test_utils.pyUtility functions
test_pubkey_decode.pyRSA public key decoding
test_attacks.pyAttack integration tests
test_regression.pyBug fix regression tests
test_exceptions.pyCustom exceptions
conftest.pypytest configuration and fixtures

Contributing

Please read CONTRIBUTING.md for guidelines and CODE_OF_CONDUCT.md before contributing.

License

The original project was released under GPLv3. This code has been relicensed under the MIT License.

Thanks