Ctfs

Challenge Points: Challenge Description: Eve is an Apple Employee who has access to the iMessage KeyStore (because there is nothing stopping them). They know Alice and Bob use iMessage instead of Signal, therefore they decrypted their messages and see that Alice has sent Bob a meme. Eve suspects more is going on. Can you confirm their suspicions? tl;dr Extract data from given images using binwalk Tranform given diophantine equation into a cubic curve and retrieve EC parameters Solve ECDLP given in extracted data using Pohlig Hellman Algorithm Preliminary Analysis We are given three images: meme.png, screenshot.jpg and bobresponse.jpg ...

Challenge Points: 300 Challenge Description: [None] tl;dr CTR Bit Flipping Break GHASH to get authentication key H (unintended approach) Bypass authentication The way we solved it (unintended approach) was pretty interesting! Challenge Internals We are given a service that allows us to encrypt/decrypt data using AES-CTR mode. Code for this is as follows: def main(): global sessionid username = input('Enter username: ') sessionid = sha256(username.encode()).digest()[:10] while True: print("Menu") print("[1] Encrypt") print("[2] Decrypt") print("[3] Exit") choice = input("> ") if choice == '1': msg = input('Enter message to be encrypted: ') if 'flag' in msg: print("You cant encrypt flag :(") continue c = encrypt(msg.encode()) nonce = hexlify(c[0]).decode() ciphertext = hexlify(c[1]).decode() tag = hexlify(c[2]).decode() print(nonce + ':' + ciphertext + ':' + tag) continue if choice == '2': nonce, ciphertext, tag = input( 'Enter message to be decrypted: ').split(':') nonce = long_to_bytes(int(nonce, 16)) ciphertext = long_to_bytes(int(ciphertext, 16)) tag = long_to_bytes(int(tag, 16)) pt = decrypt(nonce, ciphertext, tag).decode() if pt == 'may i please have the flag': print("Congrats %s" % username) print("Here is your flag: %s" % flag) print(pt) continue if choice == '3': break As you can see, the service does not allow encrypting messages that contain “flag” as a substring. Also, when we choose to decrypt data, the service checks if the decrypted data is equal to “may i please have the flag” and gives the flag only if it is true. ...

Challenge Points: Challenge Description: We encrypted our flag, but we lost the keys. Can you help? This was a simple yet a very tricky challenge aimed at testing Number Theory basics. In this challenge we are given a small script: #!/usr/bin/env python3 import os from Crypto.Cipher import AES from Crypto.Hash import SHA256 from Crypto.Util import Counter from Crypto.PublicKey import RSA flag = open('flag.txt', 'rb').read().strip() key = RSA.generate(1024, e=3) open('pubkey.txt', 'w').write(key.publickey().exportKey('PEM').decode() + '\n') open('rsa.enc', 'wb').write(pow(int.from_bytes(flag.ljust(128, b'\0'), 'big'), key.e, key.n).to_bytes(128, 'big')) key = SHA256.new(key.exportKey('DER')).digest() open('aes.enc', 'wb').write(AES.new(key, AES.MODE_CTR, counter=Counter.new(128)).encrypt(flag)) If we analyse the script carefully, we would notice that the same flag is encrypted in two different, independent ways: ...

Hack.lu CTF is over and we (@teambi0s) finished 13th globally and since we were registered as a local team (thanks to @GeethnaTk) and stood first among the teams registered locally, hence we are eligible for prizes! Yay! This blog post covers detailed solutions to two of the crypto challenges from Hack.lu CTF 2018- Relations and Multiplayer Part-1. While the former was just about guessing (or detecting the pattern, whatever you want to say) of a black box encryption service, the latter was a more interesting challenge involving Elliptic Curves. ...

This blog post covers intended solutions of two crypto challenges from InCTF-2018: Request-Auth and EC-Auth. Request-Auth Challenge Description This was a medium level crypto challenge that I created for InCTF International-2018. In the challenge you are given multiple files: iv.txt, key.enc, publickey.pem, ServerSide.py, session.enc and also have a service running these files. Contents of ServerSide.py: #!/usr/bin/env python2.7 from Crypto.Cipher import AES from Crypto.PublicKey import RSA from Crypto.Util.number import * from os import urandom import sys BLOCKSIZE = 16 class Unbuffered(object): def __init__(self, stream): self.stream = stream def write(self, data): self.stream.write(data) self.stream.flush() def writelines(self, datas): self.stream.writelines(datas) self.stream.flush() def __getattr__(self, attr): return getattr(self.stream, attr) sys.stdout = Unbuffered(sys.stdout) class colors: reset='\033[0m' red='\033[31m' green='\033[32m' orange='\033[33m' blue='\033[34m' def unpad(s): s = s[:-ord(s[len(s) - 1])] return s def check_valid_request(s): try: s = s.split(":") except: return False if len(s) != 3: return False if s[0] != "bi0s": return False if s[1][:7] != "userid=": return False if s[2][:5] != "user=": return False return True class ServerSide: def __init__(self, key, iv): self.key = key[-16:] self.iv = iv[-16:] def process_request(self, req_enc): try: obj2 = AES.new(self.key, AES.MODE_CBC, self.iv) request = obj2.decrypt(req_enc) return check_valid_request(request) except: return False def get_AES_key(): try: key_enc = raw_input("Enter encrypted key value in hex: ") key_enc = int(key_enc, 16) except: print colors.red + "Enter valid input!" + colors.reset sys.exit() priv_key = RSA.importKey(open("privatekey.pem").read()) n, d = priv_key.n, priv_key.d key_AES = pow(key_enc, d, n) key_AES = long_to_bytes(key_AES) return key_AES string1 = colors.blue + """ $$\ $$\ $$$$$$\\ $$ | \__|$$$ __$$\\ $$$$$$$\ $$\ $$$$\ $$ | $$$$$$$\\ $$ __$$\ $$ |$$\$$\$$ |$$ _____| $$ | $$ |$$ |$$ \$$$$ |\$$$$$$\\ $$ | $$ |$$ |$$ |\$$$ | \____$$\\ $$$$$$$ |$$ |\$$$$$$ /$$$$$$$ | \_______/ \__| \______/ \_______/ """ + colors.reset if __name__ == '__main__': print colors.orange + "Welcome to bi0s Request Validation Service" + colors.reset print string1 key = get_AES_key() iv = open("iv.txt").read() obj1 = ServerSide(key, iv) try: ct = raw_input("\nEnter value of encrypted session request in hex: ") ct = ct.decode("hex") except TypeError: print colors.red + "Enter a valid hex string!" + colors.reset sys.exit() if obj1.process_request(ct) == True: print colors.green + "\nValid request!" + colors.reset else: print colors.red + "\nInvalid request!" + colors.reset Okay, so the service is basically implementing a hybrid cipher- a combination of RSA and AES to authenticate session requests coming from a user and is internally using a public and a private key in this process. ...