An ssh access to a Lego Mindstorms platform: ev3dev is given to control three motors of a robot arm. The goal is to open the fridge door.

A sequence of command line escape codes is sent over the network and forms the flag if read with the tool more.

The same flag is encrypted 5 times with RSA small public exponent and linear padding. The generalization of Håstad’s broadcast attack and the Coppersmith method allow to recover the flag.

Part of the private RSA key is deleted. However, we can extract e,d,p,q which is sufficient to reconstruct the private key.

This is the solution of the challenge “Invest” given during the Nuit du Hack 2016 qualification CTF. We received a invest.pcapng file which contains a schematic, encrypted files and a binary chain. Once the binary chain was passed in the schematic we obtained a password to decrypt with OpenSSL the files. The resulting file is a Word document with the Flag inside.