README.md (646B)
1# POSTIT 2 3Service for BambiCTF #6 4 5## Idea 6 7RSA signatures, checked with strcmp in C 8 9* terminal-based "Post-Its" 10* register with name and public key 11* get all user names 12* to add a note, sign the challenge with your private key 13* request posts for a user: 14 * get the public key and a token to sign 15 * if signature correct, get all messages from that user 16 17Checker only uses keys with e = 3, then can forge signatures for 18short messages (but not 512 bits). 19 20signature = ceil((m + \x00 * foo) ^ (1/e)) 21When checking: signature^e = m + \x00 + ..., and strcmp accepts 22 23## Exploits 24 25Check out the exploit implementation in `checker/src/checker.py`. 26