{"id":43705921,"url":"https://github.com/skyf0l/RsaCracker","last_synced_at":"2026-02-16T16:00:39.101Z","repository":{"id":134742865,"uuid":"281464593","full_name":"skyf0l/RsaCracker","owner":"skyf0l","description":"Powerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH, PKCS#12, PKCS#7, and CSR in PEM and DER formats.","archived":false,"fork":false,"pushed_at":"2026-02-03T20:52:45.000Z","size":973,"stargazers_count":146,"open_issues_count":11,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-04T09:37:08.216Z","etag":null,"topics":["crypto","cryptography","ctf","ctf-tools","rsa"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skyf0l.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-07-21T17:41:42.000Z","updated_at":"2026-02-03T20:51:53.000Z","dependencies_parsed_at":"2024-01-11T12:41:32.765Z","dependency_job_id":"63d2cd7c-ba9b-42e1-bdb8-7e1230f50ce3","html_url":"https://github.com/skyf0l/RsaCracker","commit_stats":null,"previous_names":["skyf0l/rsacracker"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/skyf0l/RsaCracker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyf0l%2FRsaCracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyf0l%2FRsaCracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyf0l%2FRsaCracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyf0l%2FRsaCracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skyf0l","download_url":"https://codeload.github.com/skyf0l/RsaCracker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyf0l%2FRsaCracker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29512225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-16T09:05:14.864Z","status":"ssl_error","status_checked_at":"2026-02-16T08:55:59.364Z","response_time":115,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crypto","cryptography","ctf","ctf-tools","rsa"],"created_at":"2026-02-05T06:00:17.292Z","updated_at":"2026-02-16T16:00:39.096Z","avatar_url":"https://github.com/skyf0l.png","language":"Rust","funding_links":[],"categories":["CTF相关"],"sub_categories":[],"readme":"# RSA Cracker\n\n[![Build](https://github.com/skyf0l/RsaCracker/actions/workflows/ci.yml/badge.svg)](https://github.com/skyf0l/RsaCracker/actions/workflows/ci.yml)\n[![Crate.io](https://img.shields.io/crates/v/rsacracker.svg)](https://crates.io/crates/rsacracker)\n[![Docker Image Version](https://img.shields.io/docker/v/skyf0l/rsacracker?logo=docker)](https://hub.docker.com/r/skyf0l/rsacracker)\n[![codecov](https://codecov.io/gh/skyf0l/rsacracker/branch/main/graph/badge.svg)](https://codecov.io/gh/skyf0l/rsacracker)\n\nPowerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH, PKCS#12, PKCS#7, and CSR in PEM and DER formats.\n\nRsaCracker provides a simple, extensible interface to analyze and recover RSA private keys and to uncipher messages using a large collection of targeted attacks and heuristics.\n\n## TLDR - Quick start\n- Install: `cargo install rsacracker`\n- Crack a public key: `rsacracker --key public.pem --dump`\n- Uncipher a ciphertext: `rsacracker --key public.pem -c 0xdeadbeef`\n- Uncipher a file: `rsacracker --key public.pem -f 0xdeadbeef -o result.bin`\n\nNOTE: To build on windows, you need to use [MSYS2](https://www.msys2.org/). This is required because of the [rug](https://crates.io/crates/rug) dependency. See [building-on-windows](https://gitlab.com/tspiteri/gmp-mpfr-sys#building-on-windows) for more information.\n\n## Usage\n\n```text\nPowerful RSA cracker for CTFs. Supports RSA, X509, OPENSSH, PKCS#12, PKCS#7, and CSR in PEM and DER formats.\n\nUsage: rsacracker [OPTIONS]\n\nOptions:\n  -r, --raw \u003cRAW\u003e                  Retrieve values from raw file\n  -c, --cipher \u003cCIPHER\u003e            Cipher: the message to uncipher. Can be specified multiple times for multi-key attacks\n  -f, --cipherfile \u003cCIPHERFILE\u003e    Cipher file: the file to uncipher. Can be specified multiple times for multi-key attacks\n  -o, --outfile \u003cOUTFILE\u003e          Write unciphered data to a file. If many unciphered data are found, they will be written to files suffixed with _1, _2, ...\n  -n \u003cN\u003e                           Modulus. Can be specified multiple times for multi-key attacks\n  -e \u003cE\u003e                           Public exponent. Default: 65537. Can be specified multiple times for multi-key attacks\n  -p \u003cP\u003e                           Prime number p (supports wildcards: 0xDEADBEEF????, 10737418??, 0x...C0FFEE, 0xDEADBEEF..., etc.)\n  -q \u003cQ\u003e                           Prime number q (supports wildcards: 0x????C0FFEE, ??741827, 0x...C0FFEE, 0xDEADBEEF..., etc.)\n  -d \u003cD\u003e                           Private exponent\n      --phi \u003cPHI\u003e                  Phi or Euler's totient function of n. (p-1)(q-1)\n      --dp \u003cDP\u003e                    dP or dmp1 CRT exponent. (d mod p-1)\n      --dq \u003cDQ\u003e                    dQ or dmq1 CRT exponent. (d mod q-1)\n      --qinv \u003cQINV\u003e                qInv or iqmp CRT coefficient. (q^-1 mod p)\n      --pinv \u003cPINV\u003e                pInv or ipmq CRT coefficient. (p^-1 mod q)\n      --sum-pq \u003cSUM_PQ\u003e            The sum of the two primes p and q\n      --diff-pq \u003cDIFF_PQ\u003e          The difference of the two primes p and q\n      --dlog                       Discrete logarithm attack. When c and e are swapped in the RSA encryption formula. (e^c mod n)\n  -k, --key \u003cKEY\u003e                  Public or private key file(s). (RSA, X509, OPENSSH, PKCS#12, PKCS#7, CSR in PEM and DER formats.) Can be specified multiple times for multi-key attacks\n      --password \u003cPASSWORD\u003e        Private key password/passphrase if encrypted\n      --public                     Print the public key in PEM format\n      --private                    Print the private key in PEM format\n      --addpassword \u003cADDPASSWORD\u003e  Add a password/passphrase to the private key\n      --showinputs                 Print all the input parameters\n      --dump                       Print the private RSA key variables n, e, p, q and d\n      --dumpext                    Print the extended RSA key variables n, e, p, q, d, dP, dQ, pInv and qInv\n      --factors                    Print all factors of n\n  -t, --threads \u003cTHREADS\u003e          Number of threads to use. Default: number of CPUs\n  -a, --attack \u003cATTACK\u003e            Specify attacks to run. Default: all. (e.g. --attacks ecm,wiener,sparse)\n      --exclude \u003cEXCLUDE\u003e          Specify attacks to exclude. Default: none. (e.g. --exclude ecm,wiener,sparse)\n      --list                       List all available attacks\n  -h, --help                       Print help\n  -V, --version                    Print version\n```\n\nYou can also use a dump as input:\n\n```console\n$ rsacracker [OPTIONS] \u003c challenge.txt\n[RESULTS]\n$ cat challenge.txt | rsacracker [OPTIONS]\n[RESULTS]\n$ cat challenge.txt\nc: 7839407718[...]0577093673\nn = 9359619564[...]3745124619\ne= 1595235523[...]6275096193\n```\n\n## Examples\n\n### Uncipher a message from a public key and write it to a file\n\n```console\nrsacracker --key public.pem -c 0xdeadbeef -o result.txt\n```\n\n### Uncipher a message from n and e\n\n```console\nrsacracker -c 0xdeadbeef -n 123...789 -e 65537\n```\n\n### Uncipher a message from n, e and other known values\n\n```console\nrsacracker -c 0xdeadbeef -n 123...789 -e 65537 --phi 123 --dp 123 --dq 123 --qinv 123 --pinv 123\n```\n\n### Uncipher a file from a public key\n\n```console\nrsacracker --key public.pem -f secret.txt.enc\n```\n\n### Recover private key from partial prime information\n\nWhen you know some bits/digits of a prime (MSB or LSB), you can use wildcards (`?`) in binary, octal, decimal, or hexadecimal notation:\n\n```console\n# Binary: MSB known (trailing wildcards)\nrsacracker -n 123...789 -p 0b1101010???\n\n# Octal: LSB known (leading wildcards)\nrsacracker -n 123...789 -p 0o???777\n\n# Decimal: MSB known (trailing wildcards)\nrsacracker -n 2305843027467304993 -p 10737418??\n\n# Decimal: LSB known (leading wildcards)\nrsacracker -n 123...789 -p ??741827\n\n# Hexadecimal: MSB known (trailing wildcards)\nrsacracker -n 123...789 -p 0xDEADBEEF????\n\n# Hexadecimal: LSB known (leading wildcards)  \nrsacracker -n 123...789 -p 0x????C0FFEE\n```\n\nEach `?` represents one digit in the specified radix.\n\nYou can also use ellipsis (`...`) when the unknown length should be inferred from the modulus size:\n\n```console\n# Hexadecimal: LSB known (MSB length inferred)\nrsacracker -n 123...789 -p 0x...C0FFEE\n\n# Hexadecimal: MSB known (LSB length inferred)\nrsacracker -n 123...789 -p 0xDEADBEEF...\n```\n\n### Run a specific attack with arguments\n\n```console\nrsacracker --attack known_phi -n 123...789 -e 65537 --phi 0xdeadbeef\n```\n\n### Generate a private key from a public key\n\n```console\nrsacracker --key public.pem --private\n```\n\n### Generate a public key from e and n\n\n```console\nrsacracker -e 65537 -n 0xdeadbeef --public\n```\n\n### Dump private key secrets\n\n```console\nrsacracker --key private.pem --dump\n$ rsacracker --key private.pem --dumpext\n```\n\n### Remove password from a private key\n\n```console\nrsacracker --key private.pem --password R54Cr4ck3R --private\n```\n\n### Add password to a private key\n\n```console\nrsacracker --key private.pem --addpassword R54Cr4ck3R --private\n```\n\n### Show all factors of n\n\n```console\nrsacracker -n 123...789 --factors\n```\n\n### Run discrete logarithm attack: when c and e are swapped in the RSA encryption formula (e^c mod n)\n\n```console\nrsacracker --key public.pem -c 0xdeadbeef --dlog\n```\n\n### Multi-key attacks\n\nRsaCracker supports attacks that require multiple RSA keys. You can provide multiple keys in several ways:\n\n**Method 1: Via raw file with indexed notation**\n\n```console\n# Create a file with multiple keys (multikeys.txt)\n# Common factor attack - when two keys share a common prime\nn1 = 166162630914502531310583922419891282066165820974633135604215723500594369488785155668770814942798477925368262423257419073645831352835527789101770856835355683177962166057699839663569971312562086050531058716298108813024798653596850452010850976880829077654912494652271256054564920903881745267063001869548202922099\ne1 = 65537\nc1 = 123\n\nn2 = 148455898656074447797752378503069279028991863906908832057033693077681993859745690328279867444062926638337203683279627319119630089306918893030699950731547426066997479055479829293964341682216330844958953722765260947532634616964944677851975839768164255655099799121904635086103339949975609477039895462111764318783\ne2 = 65537\n\n# Run the attack\nrsacracker --raw multikeys.txt\n```\n\n**Method 2: Via multiple --key parameters**\n\n```console\n# Provide multiple key files directly via CLI\nrsacracker --key key1.pem --key key2.pem --dump\n\n# Works with any combination of key files\nrsacracker --key public1.pem --key public2.pem --key public3.pem\n```\n\n**Method 3: Via multiple -n parameters**\n\n```console\n# Provide multiple moduli directly for common factor attacks\nrsacracker -n 166209509310787961... -n 137801924148643799... --dump\n\n# Can combine with other parameters\nrsacracker -n 123456... -n 789012... -e 65537\n```\n\n**Method 4: Via multiple -c and -e parameters**\n\n```console\n# Common modulus attack with multiple ciphertexts and exponents\nrsacracker -n 166270918338126577... -e 65537 -e 65539 -c 136917880321258914... -c 46689866063983112...\n\n# Hastad's broadcast attack with multiple n, e, and c\nrsacracker -n 123... -n 456... -n 789... -e 3 -c 100... -c 200... -c 300...\n```\n\n## Docker\n\nFrom dockerhub:\n\n```console\ndocker pull skyf0l/rsacracker\ndocker run -it --rm -v $PWD:/data skyf0l/rsacracker [args]\n```\n\nOr build it yourself:\n\n```console\nDOCKER_BUILDKIT=1 docker build . --file Dockerfile -t rsacracker\ndocker run -it --rm -v $PWD:/data rsacracker [args]\n```\n\n## License\n\nLicensed under either of\n\n- Apache License, Version 2.0\n  ([LICENSE-APACHE](LICENSE-APACHE) or \u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e)\n- MIT license\n  ([LICENSE-MIT](LICENSE-MIT) or \u003chttp://opensource.org/licenses/MIT\u003e)\n\nat your option.\n\n## Contribution\n\nUnless you explicitly state otherwise, any contribution intentionally submitted\nfor inclusion in the work by you, as defined in the Apache-2.0 license, shall be\ndual licensed as above, without any additional terms or conditions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskyf0l%2FRsaCracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskyf0l%2FRsaCracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskyf0l%2FRsaCracker/lists"}