0CTF 2018 Quals – zer0C5 (Crypto 785)

0ops Cipher 4, hope you enjoy it:)
nc 1234

Summary: related-key attack on weakened variant of RC4

Read the rest of this entry »


0CTF 2018 Quals – zer0SPN (Crypto 550)

0ops SPN, hope you enjoy it:)

Summary: linear cryptanalysis on toy block cipher

Read the rest of this entry »


0CTF 2018 Quals – zer0TC (Crypto 916)

0ops Toy Cipher, hope you enjoy it:)

Summary: meet-in-the-middle and key-schedule constraints

Read the rest of this entry »


hack you ’17 :: easy CTF on Oct 8—14

hack you '17

As a tradition, every fall we host a fun lightweight Jeopardy CTF for our freshmen to attract them into all the CTFey goodness. This one will be our fifth year (holy shit!)

We invite everyone to check out hack you ’17 this year. Just as always, two separate scoreboards: one for SPbCTF meetups, one for everyone on the world. And yeah, we have some prizes this year!

28 challenges ranging from easy pen-and-paper to interesting. Noobies will have a taste of what CTFs are, skilled will have fun and check if they can pwn everything the fastest.

Registration open: now (sign up individually — no teams)
Game is live: October 8th, 2017 18:00 UTC
Game ends: October 14th, 2017 18:00 UTC

Sign up: https://hackyou.ctf.su/

Top-3 in the Overall board get a free ZeroNights 2017 entry each. Matrish Matrish Matrish
Top-50 in the Overall scoreboard qualify to the Final event in Saint Petersburg on October 29th.

So in just a few words: Fifth hack you. 28 good old speedhack tasks. October 8th.


TWCTF 2017 – Solutions for BabyPinhole, Liar’s Trap, Palindrome Pairs Challenge

Scripts with short explanations:


Polictf 2017 – Lucky Consecutive Guessing (Crypto)

We implemented a random number generator. We’ve heard that rand()’s 32 bit seeds can be easily cracked, so we stayed on the safe side.

nc lucky.chall.polictf.it 31337


Summary: breaking truncated-to-MSB LCG with top-down bit-by-bit search.

Read the rest of this entry »


Google CTF 2017 Quals – BLT (Bleichenbacher’s Lattice Task – Insanity Check)

A slow descent into the dark, into madness, futility, and despair.

BLT.jar (not necessary)

Summary: DSA with short secrets, lattice + meet-in-the-middle attack.

Read the rest of this entry »


Google CTF 2017 Quals – Crypto writeups

Scripts with short explanations for all crypto tasks (except RSA) from Google CTF Quals 2017:


0CTF 2017 Quals – Zer0llvm

Talent Yang loves to customize his own obfuscator. Unfortunately, he lost his seed when he was watching Arsenal’s UEFA game. What a sad day! His team and his seed were lost together. To save him, could you help him to get back his seed? We can not save the game, but we may be able to find out his seed.
Compile: ollvm.clang -Xclang -load -Xclang lib0opsPass.so -mllvm -oopsSeed=THIS_IS_A_FAKE_SEED source.c
Clang && LLVM Version: 3.9.1
flag format: flag{seed}

Summary: deobfuscating and attacking AES parts.

Read the rest of this entry »


0CTF 2017 Quals – OneTimePad 1 and 2

I swear that the safest cryptosystem is used to encrypt the secret!

Well, maybe the previous one is too simple. So I designed the ultimate one to protect the top secret!

Summary: breaking a linear and an LCG-style exponential PRNGs.

Read the rest of this entry »


33C3 CTF 2016 – beeblebrox (Crypto 350)

Make bad politicians resign!

nc 2048


Summary: factorization-based attack on a signature method

Read the rest of this entry »


hack you spb @ 17 Oct 2016

hack you spb

Remember hack you CTF? Yeah, that random event that we throw for our freshmen and everyone interested. We’re hosting a new one.

It’s fall already and that means the new CTF season is starting, and so is the new academic year in the universities.

This is the time when we want to attract more freshmen into our CTF tarpit. Specifically, to our SPbCTF meetups in our city.
So we are running — a CTF.

But it’s not just for the freshmen. Wouldn’t it be fun to allow the whole world to beat the shit out of our first-year students, right? So we are opening hack you spb to everyone interested, just separating the scoreboards: one for the world and other just for confirmed SPbCTF fresh blood (bonus: if you manage to soceng our padawans for a verification string, you can compete in that special chart too).

Registration open: October 15th, 2016 — October 21st, 2016
Game starts: October 17th, 2016 15:00 UTC
Game ends: October 21st, 2016 15:00 UTC

Sign up: http://hackyou.ctf.su/

Don’t expect it to be challenging, it will be more of a speed-hack contest.

So in just a few words: New hack you. School-level tasks. October 17th.


HITCON CTF QUALS 2016 – Reverse (Reverse + PPC 500)

At least our ETA is better than M$.


Summary: optimizing an algorithm using Treap data structure and CRC32 properties.

Read the rest of this entry »


HITCON CTF QUALS 2016 – PAKE / PAKE++ (Crypto 250 + 150)


Summary: attacking password-based key exchange schemes based on SPEKE with MITM.

Read the rest of this entry »


TUM CTF 2016 – Shaman (Crypto 500)

Oh great shaman!

Somehow the village idiot got his hands on this fancy control machine controlling things. Obviously, we also want to control things (who wouldn’t?), so we reverse-engineered the code. Unfortunately, the machine is cryptographically protected against misuse.

Could you please maybe spend a few seconds of your inestimably valuable time to break that utterly simple cryptosystem and enlighten us foolish mortals with your infinite wisdom?

nc 31031


NOTE: Since I am really bad at math, the share received from the server won’t be accepted when sent back. Don’t get confused by this — the challenge is solvable nevertheless.

Summary: hash length extension, manipulation of secret shares.

Read the rest of this entry »

Older posts «