In this challenge we have a stream cipher based on LFSR and nonlinear filtering function. It has 128-bit LFSR secret state and we are also given 1600 keystream bits. Our goal is simply to recover the key which is the initial state. Here is the nonlinear filtering function: f(v) = v ^ v ^ v …
Scripts with short explanations: BabyPinhole (crypto 163) Liar’s Trap (crypto/ppc 281) Palindrome Pairs – Challenge Phase (ppc 63+337)
We implemented a random number generator. We’ve heard that rand()’s 32 bit seeds can be easily cracked, so we stayed on the safe side. nc lucky.chall.polictf.it 31337 chall.py Summary: breaking truncated-to-MSB LCG with top-down bit-by-bit search.
A slow descent into the dark, into madness, futility, and despair. BLT.jar (not necessary) STDOUT Flag.java Summary: DSA with short secrets, lattice + meet-in-the-middle attack.
Scripts with short explanations for all crypto tasks (except RSA) from Google CTF Quals 2017: Crypto Backdoor Introspective CRC Shake It RSA CTF Challenge (no writeup, but I think it’s similar to this old one) Rubik Bleichenbacher’s Lattice Task (full writeup here)
Talent Yang loves to customize his own obfuscator. Unfortunately, he lost his seed when he was watching Arsenal’s UEFA game. What a sad day! His team and his seed were lost together. To save him, could you help him to get back his seed? We can not save the game, but we may be able …
I swear that the safest cryptosystem is used to encrypt the secret! oneTimePad.zip Well, maybe the previous one is too simple. So I designed the ultimate one to protect the top secret! oneTimePad2.zip Summary: breaking a linear and an LCG-style exponential PRNGs.
At least our ETA is better than M$. http://xkcd.com/612/ reverse.bin Summary: optimizing an algorithm using Treap data structure and CRC32 properties.
pake1.rb pake2.rb Summary: attacking password-based key exchange schemes based on SPEKE with MITM.