Aleksei Udovenko hellman
🍊
hellman
/ 1_solve.py
Last active
October 3, 2018 01:12
HXP CTF 2017 - flea (Crypto 150), CodeGate 2018 Quals - RsaBaby
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FLEA | |
| ''' | |
| n, l mod 2^t depend only on p,q mod 2^t. | |
| So we can recover p,q bit-by-bit from LSB. | |
| Given p mod 2^t, q mod 2^t = (n / p) mod 2^t is unique. | |
| Ideally, l would give 1/2^t filter, | |
| but here it gives a bit less and we get up to 2000 candidates in the end. | |
| ''' | |
| from libnum import * |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdbool.h> | |
| #include <unistd.h> | |
| #include <sys/fcntl.h> | |
| #include <mbedtls/aes.h> | |
| typedef unsigned char byte; | |
| typedef ssize_t (*ft)(int, byte *, size_t); | |
| static int o(char const *s) |
hellman
/ 1_collision_2nd_preimage.py
Last active
September 1, 2019 05:34
NSU CRYPTO 2017 - Problem 4 - FNV2 Hash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Explanation at | |
| https://drive.google.com/open?id=1gDRoulcbWfh-T6KBLwvV8g_xb7dT3Erx | |
| ''' | |
| from sage.all import * | |
| mod = 2**128 | |
| h0 = 144066263297769815596495629667062367629 | |
| g = 2**88 + 315 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| ''' | |
| In the challenge we have a "toy block cipher". It is an SPN cipher with: | |
| - 5 rounds | |
| - 8 8-bit S-Boxes (64-bit block) | |
| - bit permutations as linear layer | |
| We are given 8 random plaintext/ciphertext pairs. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| In the challenge we have a "toy block cipher". It is an SPN cipher with: | |
| - 4 rounds | |
| - 8 8-bit S-Boxes (64-bit block) | |
| - bit permutations as linear layer | |
| We are given 2^16 random plaintext/ciphertext pairs. | |
| On contrast with the zer0TC challenge, the bit permutation is strong and provides full diffusion. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| """ | |
| In this challenge we have a weakened version of RC4. | |
| It operations on permutation of values 0..31. | |
| Moreover, i is incremented in the beginning of the loop instead of the end. | |
| We are given access to a related-key oracle. | |
| We can send any key delta and the server will return us the generated sequence using the key xored with our delta. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| """ | |
| In this challenge we need to use blind printf in order to subtract to 32-bit integers. | |
| The two main format operators needed are (arguments given for example) | |
| (a) %5$*7$s - write string passed in the 5th argument padded to the length passed in the 7th argument. | |
| (b) %5$n - write number of previously written bytes to the pointer given in the 5th argument. | |
| 1. We use (a) with (b) to copy two secret integers. Then we use (b) to zero-out all-bytes except one. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| ''' | |
| Writeup: | |
| http://mslc.ctf.su/wp/midnight-ctf-2018-finals-snurre128/ | |
| ... | |
| Solution found: | |
| 130306609594991829769917756515894243368 | |
| midnight{620823e005ad9340e1dd7da6deb13028} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| from sock import Sock | |
| from libnum import invmod, n2s, s2n | |
| f = Sock("13.112.92.9 21701") | |
| f.read_until("flag!") | |
| f.read_line() | |
| ENC = int(f.read_line().strip(), 16) | |
| print "ENC = 0x%X" % ENC |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| from sock import Sock | |
| from libnum import invmod, n2s, s2n, gcd | |
| f = Sock("18.179.251.168 21700") | |
| f.read_until("flag!") | |
| f.read_line() | |
| ENC = int(f.read_line().strip(), 16) | |
| print "ENC = 0x%X" % ENC |