Google CTF 2017 Quals – BLT (Bleichenbacher’s Lattice Task – Insanity Check)

A slow descent into the dark, into madness, futility, and despair.

BLT.jar (not necessary)

Summary: DSA with short secrets, lattice + meet-in-the-middle attack.

Read the rest of this entry »


Google CTF 2017 Quals – Crypto writeups

Scripts with short explanations for all crypto tasks (except RSA) from Google CTF Quals 2017:


0CTF 2017 Quals – Zer0llvm

Talent Yang loves to customize his own obfuscator. Unfortunately, he lost his seed when he was watching Arsenal’s UEFA game. What a sad day! His team and his seed were lost together. To save him, could you help him to get back his seed? We can not save the game, but we may be able to find out his seed.
Compile: ollvm.clang -Xclang -load -Xclang lib0opsPass.so -mllvm -oopsSeed=THIS_IS_A_FAKE_SEED source.c
Clang && LLVM Version: 3.9.1
flag format: flag{seed}

Summary: deobfuscating and attacking AES parts.

Read the rest of this entry »


0CTF 2017 Quals – OneTimePad 1 and 2

I swear that the safest cryptosystem is used to encrypt the secret!

Well, maybe the previous one is too simple. So I designed the ultimate one to protect the top secret!

Summary: breaking a linear and an LCG-style exponential PRNGs.

Read the rest of this entry »


33C3 CTF 2016 – beeblebrox (Crypto 350)

Make bad politicians resign!

nc 2048


Summary: factorization-based attack on a signature method

Read the rest of this entry »


hack you spb @ 17 Oct 2016

hack you spb

Remember hack you CTF? Yeah, that random event that we throw for our freshmen and everyone interested. We’re hosting a new one.

It’s fall already and that means the new CTF season is starting, and so is the new academic year in the universities.

This is the time when we want to attract more freshmen into our CTF tarpit. Specifically, to our SPbCTF meetups in our city.
So we are running — a CTF.

But it’s not just for the freshmen. Wouldn’t it be fun to allow the whole world to beat the shit out of our first-year students, right? So we are opening hack you spb to everyone interested, just separating the scoreboards: one for the world and other just for confirmed SPbCTF fresh blood (bonus: if you manage to soceng our padawans for a verification string, you can compete in that special chart too).

Registration open: October 15th, 2016 — October 21st, 2016
Game starts: October 17th, 2016 15:00 UTC
Game ends: October 21st, 2016 15:00 UTC

Sign up: http://hackyou.ctf.su/

Don’t expect it to be challenging, it will be more of a speed-hack contest.

So in just a few words: New hack you. School-level tasks. October 17th.


HITCON CTF QUALS 2016 – Reverse (Reverse + PPC 500)

At least our ETA is better than M$.


Summary: optimizing an algorithm using Treap data structure and CRC32 properties.

Read the rest of this entry »


HITCON CTF QUALS 2016 – PAKE / PAKE++ (Crypto 250 + 150)


Summary: attacking password-based key exchange schemes based on SPEKE with MITM.

Read the rest of this entry »


TUM CTF 2016 – Shaman (Crypto 500)

Oh great shaman!

Somehow the village idiot got his hands on this fancy control machine controlling things. Obviously, we also want to control things (who wouldn’t?), so we reverse-engineered the code. Unfortunately, the machine is cryptographically protected against misuse.

Could you please maybe spend a few seconds of your inestimably valuable time to break that utterly simple cryptosystem and enlighten us foolish mortals with your infinite wisdom?

nc 31031


NOTE: Since I am really bad at math, the share received from the server won’t be accepted when sent back. Don’t get confused by this — the challenge is solvable nevertheless.

Summary: hash length extension, manipulation of secret shares.

Read the rest of this entry »


TUM CTF 2016 – Tacos (Crypto 400)

All my fine arts and philosophy student friends claim discrete logarithms are hard. Prove them wrong.

nc 1729


Summary: bypassing Fermat primality test with Carmichael numbers and solving discrete logarithm using Pohlig-Hellman algorithm.

Read the rest of this entry »


TUM CTF 2016 – ndis (Crypto 300)

We have a HTTPS server and client talking to each other with you right in the middle! The client essentially executes

curl –cacert server.crt https://nsa.gov

with some magic to redirect the transmitted data to your socket, to which the server responds with a lovely German-language poem.

NOTE: There is nothing else hosted on the server; no need to brute-force filenames. Moreover, it may behave untypically due to hackiness.

Your task is to make the client receive a CTF-themed adaption of another German poem instead; to be precise, the HTTP response must consist of the following bytes:

5761 6c6c 6521 2057 616c 6c65 0a4d 616e  |Walle! Walle.Man|
6368 6520 5374 7265 636b 652c 0a44 6173  |che Strecke,.Das|
7320 7a75 6d20 5a77 6563 6b65 0a46 6c61  |s zum Zwecke.Fla|
6767 656e 2066 6c69 65c3 9f65 6e2c 0a55  |ggen flie..en,.U|
6e64 206d 6974 2072 6569 6368 656d 2c20  |nd mit reichem, |
766f 6c6c 656d 2053 6368 7761 6c6c 650a  |vollem Schwalle.|
5a75 2064 656e 2050 756e 6b74 656e 2073  |Zu den Punkten s|
6963 6820 6572 6769 65c3 9f65 6e2e 0a    |ich ergie..en..|

Upon receiving this response from the server, the client sends the flag to you through the same connection used to intercept the HTTPS traffic, so make sure not to overlook it!

Client: nc 9955

(If you just forward everything from one of those ports to the other, the connection succeeds and everything works fine. Then hack.)

NOTE: The setup for this challenge is not entirely trivial, so if you’re confused about unexpected things happening, please contact yyyyyyy on IRC. There is also a good chance something’s broken.

EPIC HINT published six hours before the end: The server’s ciphersuites have been carefully chosen to allow this attack. (Plus the server was patched a little bit.)

Summary: attacking nonce-repeating TLS server using AES-GCM cipher.

Read the rest of this entry »


CSAW Quals 2016 – Broken Box (Crypto 300 + 400)

I made a RSA signature box, but the hardware is too old that sometimes it returns me different answers… can you fix it for me?}

e = 0x10001

nc crypto.chal.csaw.io 8002

Summary: fault attack on RSA signatures, factoring using private exponent exposure.

Read the rest of this entry »


Tokyo Westerns/MMA CTF 2016 – Backdoored Crypto System (Reverse+Crypto 400)

Get the flag.


$ nc bcs.chal.ctf.westerns.tokyo 3971

Summary: recovering AES key from partial subkey leaks.

Read the rest of this entry »


Tokyo Westerns/MMA CTF 2016 – Pinhole Attack (Crypto 500)

Decrypt the cipher text with a pinhole.

$ nc cry1.chal.ctf.westerns.tokyo 23464

Summary: attacking RSA using decryption oracle leaking 2 consecutive bits in the middle.

Read the rest of this entry »



Final scoreboard as captured by l4w.io

Final Scoreboard as captured by manhluat (l4w)


CTF team LC↯BC has been banned and stripped of the first place at CODEGATE CTF 2016 Finals.

The fact has been announced after competition ended and even after they announced the winners. Disqualification decision was made in the most unprofessional and biased way possible, and the CTF organizers (Black Perl Security) and CODEGATE ignore our emails starting this week, so we are making it public to avoid gossip and speculation.

Also, there is a bit of technical details.
Read the rest of this entry »

Older posts «