Historical CTF

Welcome to the first challenge. Your task is to hack into Bob Badguy's server.

---

Back in the day, before SSL, Badguy had to send his username and password over plaintext.

To guard against eavesdroppers, he would encrypt his password using the original implementation of RSA and his server's public key. So when he entered his password, it would get encrypted before being sent over the wire. The server could subsequently decrypt before checking for correctness.

Because of this scheme, we have obtained Badguy's unencrypted username (bbadguy) and his encrypted password (1038975768092424288571358000048546866166630400026574853380142467569378296392905531914873223934030479490038278456580668136595213360444112678645897499800522197036444040462313606048681906852033543309798277604304174463014647933428414137726440474724249167805138235731116268837306848824340747530035447424382643744300051125366945308607540256048798075380701892519593389688160396449776026491158099204463275419745315030615086137432351261687008827567669493102205516010255160591938496818198423232754956198400540188482156340343759508327101652193147380633437718169701312891139799113378740893172429818772434108102179595609447907017).

We have also obtained his RSA public key, which consists of a large modulus N (25978685295541844400758253137921219230470806928785102755155404976382403125097590011460962926690573389534445877819169626783574530821529032014933176428745176876336209206184298127833750711759959667396892010897855594310705116444549185413803848360220684792894004783797038725122863925219391515724194975771312329716640555734536726495212193666918666905452800257010993828980541847297861020484438933449245574172542537009025845959660619000930204034647812155656760276873622378342372743077800729256164551129593666691205730832337858976908570537099595930643528411250357329279155868408786007741848038545683400016615396779701783796589) and a public exponent e (65537).

Unfortunately, the FBI has ruled out brute-forcing the login by bombarding the server with guesses, since Badguy implemented a one guess per second rate-limiting scheme. The modulus is also far too large to factor, so they've ruled out that approach too.

Badguy used a home-brewed method to serialize messages into numbers to be encrypted with RSA. We've converted his code to Python. But the rest is up to you.

Can you crack the code?

Note: You can click the help icon on the right for a hint at any time.