  • 0CTF 2017 Quals – OneTimePad 1 and 2

    I swear that the safest cryptosystem is used to encrypt the secret! Well, maybe the previous one is too simple. So I designed the ultimate one to protect the top secret! Summary: breaking a linear and an LCG-style exponential PRNGs.

  • 33C3 CTF 2016 – beeblebrox (Crypto 350)

    Make bad politicians resign! nc 2048 files Summary: factorization-based attack on a signature method

  • hack you spb @ 17 Oct 2016

    Remember hack you CTF? Yeah, that random event that we throw for our freshmen and everyone interested. We’re hosting a new one. It’s fall already and that means the new CTF season is starting, and so is the new academic year in the universities. This is the time when we want to attract more freshmen… Continue reading »

  • HITCON CTF QUALS 2016 – Reverse (Reverse + PPC 500)

    At least our ETA is better than M$. reverse.bin Summary: optimizing an algorithm using Treap data structure and CRC32 properties.

  • HITCON CTF QUALS 2016 – PAKE / PAKE++ (Crypto 250 + 150)

    pake1.rb pake2.rb Summary: attacking password-based key exchange schemes based on SPEKE with MITM.

  • TUM CTF 2016 – Shaman (Crypto 500)

    Oh great shaman! Somehow the village idiot got his hands on this fancy control machine controlling things. Obviously, we also want to control things (who wouldn’t?), so we reverse-engineered the code. Unfortunately, the machine is cryptographically protected against misuse. Could you please maybe spend a few seconds of your inestimably valuable time to break that… Continue reading »

  • TUM CTF 2016 – Tacos (Crypto 400)

    All my fine arts and philosophy student friends claim discrete logarithms are hard. Prove them wrong. nc 1729 Summary: bypassing Fermat primality test with Carmichael numbers and solving discrete logarithm using Pohlig-Hellman algorithm.

  • TUM CTF 2016 – ndis (Crypto 300)

    We have a HTTPS server and client talking to each other with you right in the middle! The client essentially executes curl –cacert server.crt with some magic to redirect the transmitted data to your socket, to which the server responds with a lovely German-language poem. NOTE: There is nothing else hosted on the server;… Continue reading »

  • CSAW Quals 2016 – Broken Box (Crypto 300 + 400)

    I made a RSA signature box, but the hardware is too old that sometimes it returns me different answers… can you fix it for me?} e = 0x10001 nc 8002 Summary: fault attack on RSA signatures, factoring using private exponent exposure.

  • Tokyo Westerns/MMA CTF 2016 – Backdoored Crypto System (Reverse+Crypto 400)

    Get the flag. bcs.7z $ nc 3971 Summary: recovering AES key from partial subkey leaks.

  • Tokyo Westerns/MMA CTF 2016 – Pinhole Attack (Crypto 500)

    Decrypt the cipher text with a pinhole. $ nc 23464 pinhole.7z Summary: attacking RSA using decryption oracle leaking 2 consecutive bits in the middle.

  • CODEGATEgate

    Final Scoreboard as captured by manhluat (l4w) TL;DR CTF team LC↯BC has been banned and stripped of the first place at CODEGATE CTF 2016 Finals. The fact has been announced after competition ended and even after they announced the winners. Disqualification decision was made in the most unprofessional and biased way possible, and the CTF… Continue reading »

  • Google CTF – Woodman (Crypto 100)

    How honest are you? Running here Summary: breaking a weak PRNG

  • Google CTF – Spotted Wobbegong (Crypto 100)

    Are you able to defeat 1024-bit RSA? public.pem Summary: breaking RSA with PCKS v1.5 padding and exponent 3.

  • Google CTF – Jekyll (Crypto)

    Can you access the admin page? You can look at the crypto here. Summary: finding a preimage for a simple 64-bit ARX-based hash.

