## Boombox

I have no clue of rust and no clue of crypto, but then with no challenge I stood crying in the rain and rusted. Category: Crypto Solver: SchizophrenicFish2nds, Greenscreen23 Flag: GPNCTF{backp4ck_r4p_crap,_yap-yap,_yack1ty-yack} Writeup Context We are given a file with Rust source code and an output file. To get around my limited Rust knowledge, I asked ChatGPT to translate the challenge source doe into Python [4]. Here we can more easily see that the output consists of a subset sum problem, more precisely it closely resembles a Merkle-Hellman scheme....

June 14, 2024 · 5 min · Greenscreen23, SchizophrenicFish2nds

## Hackerman Hash

You know when they say the preimages of a hashfunction should be hard to compute and than they choose some weak primitive recursive function. I present to you a revolutionary solution that builds upon (quite literally) one of the largest problems of computer science. Try bruteforcing this. Category: Crypto Solver: SchizophrenicFish2nds, Greenscreen23 Flag: GPNCTF{I_H0pe_y0u_d1d_N0T_BrUT3F0RC3_Th15?_D1d_Y0U!!_3s2l1j} Writeup Context In this challenge, we are given the source code to generate “hashes” of the secret flag, and the outputs of several execution of this code....

June 13, 2024 · 3 min · Greenscreen23, SchizophrenicFish2nds

## Never gonna let you crypto

You read the title and thought Blockchain? You were successfully baited. Like the people before you, you now have to solve this challenge. Category: Crypto Solver: SchizophrenicFish2nds Flag: GPNCTF{One_T1me_p4ds_m4y_n3v3r_b3_r3u53d!!!} Writeup We are given a ciphertext that was produced as \$ C = P \oplus K \$ for some random, repeating 5 byte key \$K\$. Since we know several letters of the plaintext, we can compute the key as \$ K = P \oplus C \$ for the first 5 bytes, then perform the encryption operation to get \$ C \oplus K = P \oplus K \oplus K = P \oplus 0 = P\$...

June 13, 2024 · 1 min · SchizophrenicFish2nds

## Count me out

I have developed a new, revolutionary cipher that is not constrained to one block cipher. It is safe and secure. If you are not convinced, I will provide a flag to anyone who manages to win the ‘In No Desirable Case Attacks Possible’ (IND-CPA) mode. Category: Crypto Solver: Greenscreen23, SchizophrenicFish2nds Flag: GPNCTF{stop_breaking_it_It_is_even_called_safe} Writeup Context We are presented with an IND-CPA game for an AES cipher with a custom block mode....

June 6, 2024 · 4 min · Greenscreen23, SchizophrenicFish2nds

## Back to the roots

Somewhere under a big pile of paper I found some notes about this really cool encryption algorithm. I updated it to the digital age in the hope that it is much safer now. Category: Crypto Solver: Greenscreen23 Flag: GPNCTF{itturnsoutthatbitsdonotmakecolumnartransposedifficultenoughatleastifyouencodeitwithasciigjnogoandbreakdoppelwuerfeltheflagendshereenjoyreadingsomemoretextihopeyoulikedthechallenge} Writeup Context We are given a rust file that encrypts the bits of the flag using a transposition cipher with a random key. The flag bits are split into blocks of an unknown key length, which are arranged as rows in a table, without any padding in the last row....

June 6, 2024 · 7 min · Greenscreen23

## Trapdoor

Okay honestly I don’t know how I can possibly justify this. Either this is hard or I fucked up spectacular. No this challenges has not been playtested. But a solve script exists. Note from the infra team: No authors were hurt in the making of this CTF. They were insane already… Category: Crypto Solver: Greenscreen23, SchizophrenicFish2nds, 3mb0 Flag: GPNCTF{F1eLd_Th30ry_is_fun!11_05ba} Writeup Disclaimer: We are not mathematicians and many of these terms were new to us....

June 6, 2024 · 9 min · Greenscreen23, SchizophrenicFish2nds, 3mb0

## Buzzword Soup

“Random nonces? Where we’re going, we don’t need random nonces!” - D. Brown Category: crypto Solver: 3mb0, nh1729 Flag: HTB{buzzw0rd_s0up_h45_n3v3r_t45t3d_s0_g00d} Writeup For this challenge, we were given a python script that processes the flag and some other file alongside its output and additional files used . import random from Crypto.Util.number import bytes_to_long from functools import reduce def buzzor(b1, b2): return bytes([_b1 ^ _b2 for _b1, _b2 in zip(b1, b2)]) def buzzrandom(): return bytes([random....

August 9, 2022 · 3 min · 3mb0, nh1729

## Somewhat Correlated

Sometimes, you can find patterns in seemingly random things… Category: crypto Solver: 3mb0, nh1729 Flag: HTB{n01sy_LF5R-1s_n0t_l0ud_3n0ugh} Writeup For this challenge, we were given a python script that processes the flag alongside its output. import random from hashlib import sha512 class LFSR: def __init__(self, state, taps): self.state = list(map(int, list("{:0128b}".format(state)))) self.taps = taps def clock(self): outbit = self.state[0] newbit = sum([self.state[t] for t in self.taps]) & 1 self.state = self.state[1:] + [newbit] return outbit key = random....

August 9, 2022 · 5 min · 3mb0, nh1729

## Oracle Leaks

Steam Technologies is a service provider which uses strictly steam-powered computers. They have recently developed a new type of oracle taking advantage of the steam-power architecture. They offer a huge price in case someone decrypts the message from their service. Are you up for the challenge? Category: crypto Solver: n1k0, nh1729 Flag: HTB{m4ng3r5_4tt4ck_15_c001_4nd_und3rv4lu3d} Writeup We need to decrypt an RSA ciphertext and for that we are provided with the ciphertext, the public key, and an oracle....

December 2, 2021 · 3 min · n1k0, nh1729

## Space Pirates

Jones and his crew have started a long journey to discover the legendary treasure left by the guardians of time in the early beginnings of the universe. Mr Jones, though, is wanted by the government for his crimes as a pirate. Our agents entered his base and discovered digital evidence about the way captain Jones contacts with his closest friends back home. We managed to get his last message, sent to his best friend....

December 2, 2021 · 4 min · n1k0

## Waiting List

Your mechanical arm needs to be replaced. Unfortunately, Steamshake Inc which is the top mechanical arm transplants has a long waiting list. You have found a SQL injection vulnerability and recovered two tables from their database. Could you take advantage of the information in there to speed things up? Don’t forget, you have a date on Monday! Category: crypto Solver: n1k0 Flag: HTB{t3ll_m3_y0ur_s3cr37_w17h0u7_t3ll1n9_m3_y0ur_s3cr37_15bf7w} Writeup In the provided source code we see that we need to provide a signed message (ECDSA) for a specific appointment to get the flag....

December 2, 2021 · 2 min · n1k0

## Double Agents

After a long investigation we have revealed the enemy’s service, which provides their agents with any needed documents. Recent events indicate that there are double agents among us. We need to read the double_agents.txt file in order to identify their names and treat them accordingly. Can you do it? Category: crypto Solver: kh1 Flag: HTB{1v_sh01d_b3_r4nd0m} Writeup When connecting to the server, it sends Welcome, agent! Request a document: When sending something after this, the server interprets it as hexadecimal data and decodes it....

March 24, 2021 · 2 min · kh1

## Locked Out

Our domain has been attacked. An APT group has taken over our server and they have locked us out. Our incident response team was able to find some files added on the upload directory but havent been able to extract any information from them. Could you help us login back? Category: crypto Solver: Miroka, HTTP418, kh1 Flag: HTB{15b_4tt4ck5_4r3_c001} Writeup What we got encryption.py - the script used to encrypt the new password leaks - the script’s variables n, rp, and rq new_password - the encrypted new password encryption....

March 24, 2021 · 4 min · miroka, HTTP418, kh1

## Missing Pieces

There is serious suspicion that John is a double agent. We found the cipher in his trash can. It looks like he extracted the message and forgot to get rid of the evidence. Can you decrypt the secret message? Category: crypto Solver: kh1 Flag: HTB{m1551ng_v4lu35_m4k3_m3_s1ck} Writeup flag.txt contains a list of 32 lists containing 32 numbers from 0 to 255 each. This is a One-Time-Pad with 32 parts, xoring the lists and interpreting the result as ascii code gives the flag....

March 24, 2021 · 39 min · kh1

## Baby Rebellion

The earth has been taken over by cyborgs for a long time. We are a group of humans, called ‘The Rebellion’, fighting for our freedom. Lately, cyborgs have set up a lab where they insert microchips inside humans to track them down. Our team of IT experts has hacked one of the cyborgs’ mail servers. There is a suspicious encrypted mail which possibly contains information related to the location of the lab....

2 min · lmarschk

## Buggy Time Machine

I am the Doctor and I am in huge trouble. Rumors have it, you are the best time machine engineer in the galaxy. I recently bought a new randomiser for Tardis on Yquantine, but it must be counterfeit. Now every time I want to time travel, I will end up in a random year. Could you help me fix this? I need to find Amy and Rory! Daleks are after us....

4 min · miroka

## Cargo Delivery

Chasa, world’s most dangerous gangster, is planning to equip his team with new tools. There is a cargo ship arriving tomorrow morning and the coast guard needs your help to seize the cargo. Our investigators have found the crypto service used by Chasa and his team to communicate for these kind of jobs. Can you decrypt the broadcasted message and identify the container to be seized? Category: Crypto Solvers: 3mb0, mp455, lmarschk...

5 min · 3mb0, mp455, lmarschk

## Weak RSA

A rogue employe managed to steal a file from his work computer, he encrypted the file with RSA before he got apprehended. We only managed to recover the public key, can you help us decrypt this ciphertext? Category: Crypto Solvers: 3mb0, lmarschk, HTTP418, miroka For this challenge, we had a public RSA key with 1026 Bit and a file that was encrypted with the corresponding private key. First approach: manual generate private key We analyzed the given public key with openssl rsa -noout -text -inform PEM -in pubkey....

3 min · 3mb0, lmarschk, HTTP418, miroka