PHD CTF 2013 Hackskell (500)

We’ve got a screenshot of some encryption, here’s the text transcribed.

Please say what’s there.

Summary: a couple of modular equations

Continue reading

PHD CTF 2013 from hell import crypto (100)

Decrypt the message: 7y9rr177sluqv1r4pw
$ at

Continue reading

PHD CTF 2013 ReStART (400)

We heard hellman encrypted the flag using his super secure keygen. Break it!

Summary: RSA with the lower half of the secret exponent bits leaked.

Continue reading

PlaidCTF 2013 Blech (Crypto 200)

You get arbitrary code execution…. as long as it’s code we approve of.
Source available at
Service running on port 1234

Summary: RSA cube root attack

Continue reading

Gits ctf 2013 Crypto 500

Crypto 500

Summary: breaking cipher

Continue reading

MSLC presents: Craptography Awards

Team More Smoked Leet Chicken proudly presents
Craptography Awards

«You suck at crypto — we have an award for you!»

Today’s Nominees

Continue reading

PoliCTF 2012 pwn/bin 200

Play with this amazing calculator:

Summary: Scheme eval

Continue reading

PoliCTF 2012 Crypto 500

Hensel and Gretel are looking for their new house, but the twisted seller who sold it to them decided to provide the coordinates to their new love nest only after ensuring that the couple is Smart enough to earn them.
Thus, the seller provides them with the following map and leaves Hensel and Gretel to their sorry fate.
Can you help Hensel and Gretel to reach their house providing them with the street number?
(submit the street number as a large decimal number,plain ASCII encoded so Hensel and Gretel won’t get mad trying to figure out where they should head to :) )


Summary: ECDLP on anomalous curve

Continue reading

PoliCTF 2012 Crypto 200

This is an OpenCL binary. Go!


Summary: xor and xor

Continue reading

PoliCTF 2012 Crypto 100

Since I needed to sign a document I thought about doing it with a Chinese paintbrush… Too bad my hand is not that steady, so just in case, I re-signed it with a common pen.

Sadly I keep being forgetful, so I actually forgot where I left the two halves of the sigil I used to sign the documents, can you help me and retrieve them from the two signatures?

Please, once you got them, write them as


replace _____ with actual numbers, in decimal.
sha1 hex-encoded with lowercase letters
smallest one is part1, biggest one is part2


Summary: RSA-CRT fault attack

Continue reading

Dobbertin Challenge 2012

The Dobbertin Challenge is issued every two years since 2006, in honor and memory of Prof. Hans Dobbertin.

A simple JSON Web Service is provided, which processes PIN codes of users. A user can send his encrypted PIN to the Web Service, which decrypts and stores the PIN. The Web Service allows to use cryptographically strong algorithms (RSA-OAEP and AES in GCM-mode) as well as algorithms with known weaknesses (RSA-PKCS#1 v1.5 and AES in CBC-mode). To create a ciphertext, a sender may choose among these algorithms.

In order to protect the confidentiality of PINs, encryption based on the JSON Web Encryption standard (link) is used. This standard allows to apply symmetric and asymmetric encryption algorithms.

You are the attacker who wants to learn the secret PIN of user Bob. You have already eavesdropped a ciphertext which contains Bob’s PIN:

Server Certificate

Summary: RSA-PKCS#1 v1.5 and AES-CBC padding oracles attacks

Continue reading 2012 CTF Challenge #12 (500)

The famous zombie researcher “Donn Beach” almost created an immunization against the dipsomanie virus. This severe disease leads to the inability to defend against Zombies, later causes a complete loss of memory and finally turns you into one of them.

Inexplicably Donn forgot where he put the license key for his centrifuge. Provide him a new one and humanity will owe you a debt of gratitude for fighting one of the most wicked illnesses today. tcp/2055

Summary: reverse engineering, VM, MiTM attack, AES

Continue reading 2012 CTF Challenge #25 (200)

Heading up the steeple gave you and your companion a nice view over the outbreak situation in your city. But it also attracted a lot of unwanted attention. Zombies are surrounding your spot and are looking for an entrance to the building. You obviously need some bait to lure them away so you can flee safely. Solve this challenge to find out which human bodypart zombies like the most.

Summary: reverse engineering, TEA crypto, anti -debuging

Continue reading 2012 CTF Challenge #3 (450)

3 – Zombies like PPTP

Our intel shows us that the Zombies use a MS-PPTP like protocol and luckily we could intercept a challenge-response transmission of one of the Zombie outposts. The important thing for Zombies in this war is mass! Not only brain mass but their mass. So they built their PPTP protocol compatible to all older Zombie soldiers. Luckily our science team could extract the algorithm of the challenge-response system out of a captured Zombie brain … I spare you the details, let’s just say it was not a pretty sight. And here comes your part soldier: we need the password of this intercepted transmission. With this password we were finally able to turn this war to our favor. So move your ass soldier and good luck!

Summary: bruteforce LM response

Continue reading 2012 CTF Challenge #17 (400)

17 – Zombieshop

A new company offers a lot of anti zombie equipment to protect yourself. Unfortunately not everyone can buy the good stuff. Only privileged users may do so. We managed to create an account, but it is not privileged. Your mission is to buy “Anti zombie Spray”.


Summary: bruteforce DES

Continue reading