Talent Yang loves to customize his own obfuscator. Unfortunately, he lost his seed when he was watching Arsenal’s UEFA game. What a sad day! His team and his seed were lost together. To save him, could you help him to get back his seed? We can not save the game, but we may be able… Continue reading »

Mar

20

## 0CTF 2017 Quals – OneTimePad 1 and 2

I swear that the safest cryptosystem is used to encrypt the secret! oneTimePad.zip Well, maybe the previous one is too simple. So I designed the ultimate one to protect the top secret! oneTimePad2.zip Summary: breaking a linear and an LCG-style exponential PRNGs.

Oct

03

## TUM CTF 2016 – Shaman (Crypto 500)

Oh great shaman! Somehow the village idiot got his hands on this fancy control machine controlling things. Obviously, we also want to control things (who wouldnâ€™t?), so we reverse-engineered the code. Unfortunately, the machine is cryptographically protected against misuse. Could you please maybe spend a few seconds of your inestimably valuable time to break that… Continue reading »

Oct

02

## TUM CTF 2016 – Tacos (Crypto 400)

All my fine arts and philosophy student friends claim discrete logarithms are hard. Prove them wrong. nc 104.198.63.175 1729 vuln_tacos.py Summary: bypassing Fermat primality test with Carmichael numbers and solving discrete logarithm using Pohlig-Hellman algorithm.

Sep

19

## CSAW Quals 2016 – Broken Box (Crypto 300 + 400)

I made a RSA signature box, but the hardware is too old that sometimes it returns me different answers… can you fix it for me?} e = 0x10001 nc crypto.chal.csaw.io 8002 Summary: fault attack on RSA signatures, factoring using private exponent exposure.

Apr

24

## PlaidCTF 2016 – sexec (Crypto 300)

If you need to securely grant execution privileges, what better way to do it than sexec? This is running on sexec.pwning.xxx:9999 sexec.tar.gz Summary: attacking a small instance of Ring-LWE based cryptosystem with Babai’s Nearest Vector algorithm.

Apr

18

## PlaidCTF 2016 – Radioactive (Crypto 275)

We just got this fancy new cryptographic device and it seems to work greatâ€¦ for the most part. But sometimes the values it gives me are wrong. Maybe you could take a look for me. radioactive.tar.bz2 Summary: fault attack on RSA signature (not RSA-CRT)

Mar

13

## 0CTF 2016 Quals – RSA? (Crypto 2 pts)

It seems easy, right? rsa.zip Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc Summary: factoring 300-bit modulus into 3 primes, extracting cube roots.

Mar

07

## Boston Key Party CTF 2016 – GCM (Crypto 9pts)

[8] : gsilvis counting magic – 9 – 4 solves : crypto: Here’s a verification/decryption server: gcm.ctf.bostonkey.party:32768 . Get the GCM MAC key (the thing the server prints out on startup). We’ve given you one valid ciphertext to get you started. It has iv: [102 97 110 116 97 115 116 105 99 32 105… Continue reading »

Mar

07

## Boston Key Party CTF 2016 – HMAC-CRC (Crypto 5pts)

[3] : hmac_crc – 5 – 36 solves : crypto: We’re trying a new mac here at BKP—HMAC-CRC. The hmac (with our key) of “zupe zecret” is ‘0xa57d43a032feb286’. What’s the hmac of “BKPCTF”? hmac-task.py Summary: breaking HMAC-CRC (again)

Sep

07

## MMA CTF 2015 – Motto Mijikai Address (Crypto/Web 100+300)

Login as admin and get the flag1. mmaddress.7z Summary: breaking HMAC-CRC512

May

27

## CONFidence CTF 2015 – RSA2 (Crypto 500)

Find the flag data Summary: cube attack + recover python’s MersenneTwister state + leak 320/520 LSBs of one of the primes

May

04

## VolgaCTF Quals 2015 – CPKC (Crypto 400) writeup

cpkc A home-brewed cryptosystem, should be easy to break. Its keyspace seems to be rather large though… challenge.tar Summary: LLL-based attack on NTRUEncrypt-like cryptosystem.

Jun

02

## PHD CTF 2013 Hackskell (500)

We’ve got a screenshot of some encryption, here’s the text transcribed. Please say what’s there. Summary: a couple of modular equations