Sep
19

CSAW Quals 2016 – Broken Box (Crypto 300 + 400)

I made a RSA signature box, but the hardware is too old that sometimes it returns me different answers… can you fix it for me?}

e = 0x10001

nc crypto.chal.csaw.io 8002

Summary: fault attack on RSA signatures, factoring using private exponent exposure.

Read the rest of this entry »

Sep
05

Tokyo Westerns/MMA CTF 2016 – Backdoored Crypto System (Reverse+Crypto 400)

Get the flag.

bcs.7z

$ nc bcs.chal.ctf.westerns.tokyo 3971

Summary: recovering AES key from partial subkey leaks.

Read the rest of this entry »

Sep
05

Tokyo Westerns/MMA CTF 2016 – Pinhole Attack (Crypto 500)

Decrypt the cipher text with a pinhole.

$ nc cry1.chal.ctf.westerns.tokyo 23464
pinhole.7z

Summary: attacking RSA using decryption oracle leaking 2 consecutive bits in the middle.

Read the rest of this entry »

May
07

CODEGATEgate

Final scoreboard as captured by l4w.io

Final Scoreboard as captured by manhluat (l4w)

TL;DR

CTF team LC↯BC has been banned and stripped of the first place at CODEGATE CTF 2016 Finals.

The fact has been announced after competition ended and even after they announced the winners. Disqualification decision was made in the most unprofessional and biased way possible, and the CTF organizers (Black Perl Security) and CODEGATE ignore our emails starting this week, so we are making it public to avoid gossip and speculation.

Also, there is a bit of technical details.
Read the rest of this entry »

May
03

Google CTF – Woodman (Crypto 100)

How honest are you?

Running here

Summary: breaking a weak PRNG

Read the rest of this entry »

May
01

Google CTF – Spotted Wobbegong (Crypto 100)

Are you able to defeat 1024-bit RSA?

public.pem

Summary: breaking RSA with PCKS v1.5 padding and exponent 3.

Read the rest of this entry »

May
01

Google CTF – Jekyll (Crypto)

Can you access the admin page? You can look at the crypto here.

source.py

Summary: finding a preimage for a simple 64-bit ARX-based hash.

Read the rest of this entry »

May
01

Google CTF – Wolf Spider (Crypto 125)

Continuing on from Eucalypt Forest – can you break Message Authentication in Wolf Spider

wolf.py

Summary: forging signatures by exploiting CBC padding oracle and hash length extenstion

Read the rest of this entry »

Apr
24

PlaidCTF 2016 – sexec (Crypto 300)

If you need to securely grant execution privileges, what better way to do it than sexec?

This is running on sexec.pwning.xxx:9999

sexec.tar.gz

Summary: attacking a small instance of Ring-LWE based cryptosystem with Babai’s Nearest Vector algorithm.

Read the rest of this entry »

Apr
18

PlaidCTF 2016 – Radioactive (Crypto 275)

We just got this fancy new cryptographic device and it seems to work great… for the most part. But sometimes the values it gives me are wrong. Maybe you could take a look for me.

radioactive.tar.bz2

Summary: fault attack on RSA signature (not RSA-CRT)

Read the rest of this entry »

Mar
14

0CTF 2016 Quals – Equation (Crypto 2 pts)

Here is a RSA private key with its upper part masked. Can your recover the private key and decrypt the file?

equation.zip

Summary: recovering RSA key from part of the private key.

mask

Read the rest of this entry »

Mar
13

0CTF 2016 Quals – RSA? (Crypto 2 pts)

It seems easy, right?
rsa.zip
Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc

Summary: factoring 300-bit modulus into 3 primes, extracting cube roots.

Read the rest of this entry »

Mar
07

Boston Key Party CTF 2016 – Feistel (Crypto 5pts)

feistel – 5 – 15 solves : crypto: I just made a brand new cipher! Can you recover the key?
52.86.232.163:32785
feistel.go

Summary: slide with a twist attack

Read the rest of this entry »

Mar
07

Boston Key Party CTF 2016 – GCM (Crypto 9pts)

[8] : gsilvis counting magic – 9 – 4 solves : crypto: Here’s a verification/decryption server: gcm.ctf.bostonkey.party:32768 . Get the GCM MAC key (the thing the server prints out on startup). We’ve given you one valid ciphertext to get you started. It has iv: [102 97 110 116 97 115 116 105 99 32 105 118] and tag: [119 179]
gcm-task.tar

Summary: breaking AES-GCM with 2-byte tag

Read the rest of this entry »

Mar
07

Boston Key Party CTF 2016 – HMAC-CRC (Crypto 5pts)

[3] : hmac_crc – 5 – 36 solves : crypto: We’re trying a new mac here at BKP—HMAC-CRC. The hmac (with our key) of “zupe zecret” is ‘0xa57d43a032feb286’. What’s the hmac of “BKPCTF”?

hmac-task.py

Summary: breaking HMAC-CRC (again)

Read the rest of this entry »

Older posts «