Looking at the ct file, it starts with "gAAAAAB"
This reminded me of the HTB challenge Decode Me!!!, which used fernet decryption as the first step.
Key1 and Key3 were useless, but applying ROT47 to key2 with key 47 gave us:
key: iQZijGdoX0hepv2wnFZOUsTWU-v6xyGWyqSan_p75CE=
Here's another key for the encryption.
if you are a good cryptographer you can identify the common symmetric encryption.
giving us our key for fernet.
Then, I just plugged the CT and key into a fernet decoder (https://asecuritysite.com/encryption/ferdecode) to get the flag.
Connect to the server. Besides exiting, there's two options - get the public key, and encrypt data.
Let's get the publickey and parse it.
the output is e = 3 and n = 19180711545893176513037550390323379574821852830665661812056678865741809891967598330424432450065638550340708416772232861627803383996685973692319978144111094705678356718069839745329804369923049623077146724976343425793942969144731442443607177966505595110345695314223998207352543996470777991272166737723490287258351016452097039979125039319504321174407700539531877444075872453220474913463319033875264101011295681676774076367210997858399851393634010112304767318681335454946488666538950765836709367621997962434256967765320251658524109362889423421160554230180542246491892887129152380892721807921025298941063392821275387956851
Then, there's encrypt. Our message is appended to the flag, then encrypted using the publickey. This makes it vulnerable to franklin-reiter's related message attack, in which RSA with low exponents can be attacked if you have two messages, C1 and C2, such that dec(C1) = f(dec(C2)) where f is a function of form f(x) = ax + b, and b and a are non-zero. If we ask the server to encrypt an empty message(thus getting the encryption of the flag), and then 'A', we now have an encryption of the flag(lets call this C2) and an encryption of the flag + 'A', which is 256*flag + 0x41. So.. We now have the encryption of the flag, and the encryption of f(flag), where f(x) = 256x + 65
Using this, we can execute franklin reiter's related message attack. I copied some sage code and included variables. You can run the sage code on the sage cell server, . The output will be the hex encoding of the message, which decodes to "RSA is secure and all but the only thing I want to say is
From listening to the audio, I realised that it was DTMF tones immediately. (The website I usually use: http://www.dialabc.com/sound/detect/index.html was broken, so I had to do it another way, using a weird tool or somethin and then manually correct stuff with audacity, but lets pretend it worked to make things simple) Once we decoded the tones, we got a string of characters, which was 'A288439640A3A140997B8A9945987B8844838B85847B419298407B447B978186437B99454192877B5870655AA5' From the title, we can guess that this is base12, and since there was a gap between each 2 tones, I guessed that it was just each 2 tones was the base12 of a character. I wrote a short python script to convert it to the flag.