avatar
Cyscom
Cybersecurity Student Community of VIT Chennai
  • CTF EVENTS
  • CATEGORIES
  • TAGS
  • ARCHIVES
  • POSTS
  • ABOUT
Home FinalTrace 2025 PARADOX GATE GAURDIAN
Writeup
Cancel

PARADOX GATE GAURDIAN

PARADOX GATE GAURDIAN

  • Category: [Crypto]
  • Author: [Anandhita Akhileshwaran(Ariza/anu akhil)]

Challenge Description

The “Paradox Gate Guardian” challenge combined steganography and RSA cryptography. Players had to extract a hidden Pastebin link from an image through multiple layers of encoding and then recover the flag from a weak RSA encryption setup. Solution:

Initial Analysis

The image contained a hidden string, which was not human-readable. Using an online steganography tool (Edchart) revealed the string inside the image. The string appeared to be multi-layer encoded (Base32 → Base58 → Base64), which indicated that several decoding steps were needed to get the actual Pastebin link.

Tools Used

  • Edchart – for extracting hidden string from image(Steganography)
  • Online Base32/Base58/Base64 converters – for decoding each layer
  • Python (online compiler) – for decrypting the RSA message

Step-by-Step Solution

Step 1: Extract hidden string from image

Used Edchart online tool to decode hidden string from gate_stego.png hidden_string = extract_from_image(“gate_stego.png”) # done online The extracted string was in Base32, revealing another encoded string after decoding.

Step 2: Decode successive layers to get Pastebin link

Base32 → Base58 → Base64, all using online converters hidden_base32 = decode_base32(hidden_string) # online tool hidden_base58 = decode_base58(hidden_base32) # online tool pastebin_link_bytes = decode_base64(hidden_base58) # online tool pastebin_link = pastebin_link_bytes.decode() print(pastebin_link) After decoding, the Pastebin link appeared: https://pastebin.com/WrmVZ5Dh

This Pastebin contained the public.txt file with the RSA parameters:

  1. challenge: Paradox gate gaurdian
  2. note: Two gates encrypt the same message. Recover the flag.
  3. n1 = 15033578721439194988387179123854233894267575851240227576895496309506779750811590181996000973958811554416086988499492871175810679952478996274497198120963437989391636776502564411733778651880050934455369891966390586105142302383763131276917257610586999218429760875606433602994834838769089475278168103214389863284197728391195033697151334759565568924671759303271692600650009783080454557955626253866173440609692903558021152495564623502947058911525245202105707967579681530057950438396498842868456213925367642445573908267262206078459611761317395331888167006784457049353131120218969698496710227657739733468945914312493706698413
  4. n2 = 16994203338805397319400272058724146051502286151707007457101473255345953782170696536631265860021364475381819700444652919177539962950188092468598324885891882673731931581635415757055762743880126185343173816349139258908988088539519778409328371684839124913307562496045782999069227820366923748378092435370991558505739627586598732619112281521624236544378255527298348829479184612892706572963496922151338558476196809568338515399774528241198625809347603007190842549728974057953253554368551262921187839455170370165407169059886861059987495953267026039920025021152304913810807950398619398857701291727584481688042625083522549008367
  5. e = 65537
  6. c1 = 13359592783646666829124790216940920600108500335065136879423044095415962773244362668029844057063039053334386493742236153067934817228155212597146941588684123958884529086497398545650534506756212950456793154677111988173725366510534477388750863477728159418089135584136696512663516920841636352796735706734976668573001643435302538446161441508036338843236636456593111870038926248726639580335090513080916216378021236432485331721569623895390309355945576242090957647984587151208534535113112782983715119031375384841320157827177252620161003120386128309678359212762486965447628253829072242579655033891210972578584241367112075733422
  7. c2 = 14894363247019487835828355276465975866394899053117215785498335536076946429595510278243964416072837958824125854177698119068383498399350861277724922394422808992575888021137547426446478873603858083070094375486944492274127707059533273947707574615998776561977754206041031600695914710691752488594429809822626171728562271904217925687390029259147146667052337759099154641812430003020041060691800682850742498055579821126286418498116970776515025226838153691877013893184632680088496097144260482894116776541453917344794158788235304567868269675115656351298895842895028198495523839679949384177266537019541693949055511457364024881337

Step 3: Analyze RSA encryption

from math import gcd

Step 3a: Find shared prime

p = gcd(n1, n2)

Step 3b: Compute corresponding q1

q1 = n1 // p

Step 3c: Compute private key

phi1 = (p - 1) * (q1 - 1) d1 = pow(e, -1, phi1)

Step 3d: Decrypt ciphertext c1

m = pow(c1, d1, n1)

Step 3e: Convert integer message to bytes

msg = m.to_bytes((m.bit_length() + 7) // 8, ‘big’) print(msg.decode())

Explanation: The RSA was vulnerable because n1 and n2 shared a common prime factor p. Using gcd(n1, n2) revealed p. Once p was known, we computed q1 = n1 // p and the private exponent d1. Decrypting c1 gave the flag. Note: c2 exists but was not needed to recover the flag. It could be decrypted using q2 = n2 // p as a verification step, but c1 alone suffices. ______________

Flag

CYS{4CC3556RAN73D} _______________

Flag

CYS{4CC355_6RAN73D}
Edit on GitHub
Trending Tags
authentication idor sql-injection ssti xss

© 2025 Cyscom. Some rights reserved.

Using the Jekyll theme Chirpy.

A new version of content is available.