Talent Yang loves to customize his own obfuscator. Unfortunately, he lost his seed when he was watching Arsenal’s UEFA game. What a sad day! His team and his seed were lost together. To save him, could you help him to get back his seed? We can not save the game, but we may be able… Continue reading »

Mar

20

## 0CTF 2017 Quals – OneTimePad 1 and 2

I swear that the safest cryptosystem is used to encrypt the secret! oneTimePad.zip Well, maybe the previous one is too simple. So I designed the ultimate one to protect the top secret! oneTimePad2.zip Summary: breaking a linear and an LCG-style exponential PRNGs.

Mar

20

## 33C3 CTF 2016 – beeblebrox (Crypto 350)

Make bad politicians resign! nc 78.46.224.72 2048 files Summary: factorization-based attack on a signature method

Oct

11

## HITCON CTF QUALS 2016 – Reverse (Reverse + PPC 500)

At least our ETA is better than M$. http://xkcd.com/612/ reverse.bin Summary: optimizing an algorithm using Treap data structure and CRC32 properties.

Sep

19

## CSAW Quals 2016 – Broken Box (Crypto 300 + 400)

I made a RSA signature box, but the hardware is too old that sometimes it returns me different answers… can you fix it for me?} e = 0x10001 nc crypto.chal.csaw.io 8002 Summary: fault attack on RSA signatures, factoring using private exponent exposure.

Sep

05

## Tokyo Westerns/MMA CTF 2016 – Pinhole Attack (Crypto 500)

Decrypt the cipher text with a pinhole. $ nc cry1.chal.ctf.westerns.tokyo 23464 pinhole.7z Summary: attacking RSA using decryption oracle leaking 2 consecutive bits in the middle.

May

01

## Google CTF – Spotted Wobbegong (Crypto 100)

Are you able to defeat 1024-bit RSA? public.pem Summary: breaking RSA with PCKS v1.5 padding and exponent 3.

May

01

## Google CTF – Jekyll (Crypto)

Can you access the admin page? You can look at the crypto here. source.py Summary: finding a preimage for a simple 64-bit ARX-based hash.

May

01

## Google CTF – Wolf Spider (Crypto 125)

Continuing on from Eucalypt Forest – can you break Message Authentication in Wolf Spider wolf.py Summary: forging signatures by exploiting CBC padding oracle and hash length extenstion

Apr

24

## PlaidCTF 2016 – sexec (Crypto 300)

If you need to securely grant execution privileges, what better way to do it than sexec? This is running on sexec.pwning.xxx:9999 sexec.tar.gz Summary: attacking a small instance of Ring-LWE based cryptosystem with Babai’s Nearest Vector algorithm.

Mar

14

## 0CTF 2016 Quals – Equation (Crypto 2 pts)

Here is a RSA private key with its upper part masked. Can your recover the private key and decrypt the file? equation.zip Summary: recovering RSA key from part of the private key.

Mar

13

## 0CTF 2016 Quals – RSA? (Crypto 2 pts)

It seems easy, right? rsa.zip Tip: openssl rsautl -encrypt -in FLAG -inkey public.pem -pubin -out flag.enc Summary: factoring 300-bit modulus into 3 primes, extracting cube roots.

Mar

07

## Boston Key Party CTF 2016 – GCM (Crypto 9pts)

[8] : gsilvis counting magic – 9 – 4 solves : crypto: Here’s a verification/decryption server: gcm.ctf.bostonkey.party:32768 . Get the GCM MAC key (the thing the server prints out on startup). We’ve given you one valid ciphertext to get you started. It has iv: [102 97 110 116 97 115 116 105 99 32 105… Continue reading »

Mar

07

## Boston Key Party CTF 2016 – HMAC-CRC (Crypto 5pts)

[3] : hmac_crc – 5 – 36 solves : crypto: We’re trying a new mac here at BKP—HMAC-CRC. The hmac (with our key) of “zupe zecret” is ‘0xa57d43a032feb286’. What’s the hmac of “BKPCTF”? hmac-task.py Summary: breaking HMAC-CRC (again)