Ctfs

Challenge Points: Challenge Description: Eve is an Apple Employee who has access to the iMessage KeyStore (because there is nothing stopping them). They know Alice and Bob use iMessage instead of Signal, therefore they decrypted their messages and see that Alice has sent Bob a meme. Eve suspects more is going on. Can you confirm their suspicions? tl;dr Extract data from given images using binwalk Tranform given diophantine equation into a cubic curve and retrieve EC parameters Solve ECDLP given in extracted data using Pohlig Hellman Algorithm Preliminary Analysis We are given three images: meme....

Challenge Points: 300 Challenge Description: [None] tl;dr CTR Bit Flipping Break GHASH to get authentication key H (unintended approach) Bypass authentication The way we solved it (unintended approach) was pretty interesting! Challenge Internals We are given a service that allows us to encrypt/decrypt data using AES-CTR mode. Code for this is as follows: def main(): global sessionid username = input('Enter username: ') sessionid = sha256(username.encode()).digest()[:10] while True: print("Menu") print("[1] Encrypt") print("[2] Decrypt") print("[3] Exit") choice = input("> ") if choice == '1': msg = input('Enter message to be encrypted: ') if 'flag' in msg: print("You cant encrypt flag :(") continue c = encrypt(msg....

Challenge Points: Challenge Description: We encrypted our flag, but we lost the keys. Can you help? This was a simple yet a very tricky challenge aimed at testing Number Theory basics. In this challenge we are given a small script: #!/usr/bin/env python3 import os from Crypto.Cipher import AES from Crypto.Hash import SHA256 from Crypto.Util import Counter from Crypto.PublicKey import RSA flag = open('flag.txt', 'rb').read().strip() key = RSA.generate(1024, e=3) open('pubkey.txt', 'w').write(key.publickey().exportKey('PEM').decode() + '\n') open('rsa....

Hack.lu CTF is over and we (@teambi0s) finished 13th globally and since we were registered as a local team (thanks to @GeethnaTk) and stood first among the teams registered locally, hence we are eligible for prizes! Yay! This blog post covers detailed solutions to two of the crypto challenges from Hack.lu CTF 2018- Relations and Multiplayer Part-1. While the former was just about guessing (or detecting the pattern, whatever you want to say) of a black box encryption service, the latter was a more interesting challenge involving Elliptic Curves....

This blog post covers intended solutions of two crypto challenges from InCTF-2018: Request-Auth and EC-Auth. Request-Auth Challenge Description This was a medium level crypto challenge that I created for InCTF International-2018. In the challenge you are given multiple files: iv.txt, key.enc, publickey.pem, ServerSide.py, session.enc and also have a service running these files. Contents of ServerSide.py: #!/usr/bin/env python2.7 from Crypto.Cipher import AES from Crypto.PublicKey import RSA from Crypto.Util.number import * from os import urandom import sys BLOCKSIZE = 16 class Unbuffered(object): def __init__(self, stream): self....