We have intercepted communication in a private network. It is used a strange protocol based on RSA cryptosystem. Can you still prove that it is not secure enough and get the flag? We have a pcap files with multiples TCP sessions and a python script: #!/usr/bin/python import sys import struct […]
Do you like math? We have an encrypted flag.wmv.out file and this python script: #!/usr/bin/python import random from struct import pack def Str2matrix(s): #convert string to 4×4 matrix return [map(lambda x : ord(x), list(s[i:i+4])) for i in xrange(0, len(s), 4)] def Matrix2str(m): #convert matrix to string […]
This Web challenge was part of the ebCTF competition. It’s actually more crypto than web. We get a simple web site driving the famous cowsay binary: define(’MY_AES_IV’, CENSORED); define(’MY_AES_KEY’, CENSORED); define(’MY_HMAC_KEY’, CENSORED); define("FLAG","CENSORED"); function aes($data, $encrypt) { $aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ”, MCRYPT_MODE_CBC, ”); mcrypt_generic_init($aes, MY_AES_KEY, MY_AES_IV); return […]
Mr. Menhall has invented his own encryption algorithm and promised to give the flag to anyone who manages to decipher the message: vWsMajX21l6BdKwDxaRA3utqhpvFL0V= def hashcrypt(msg, key): token = hashlib.sha1(key).digest() res = "" for c in msg: n = ord(c) ^ […]
We were able to intercept a suspicious file. This is an archive of correspondence between leading cryptographers of hostile organization. According to the agents’ data, during the conversation one of the respondents accidentally uses a file that is added as trusted to all computers of the organization. Their antivirus software […]
Have you tried feeding critical documents to a shredder? We’ve accidentally done this very thing. Shredder: shredder.exe Document remains: broken_flag.jpg We need our document back! See: http://hackyou.ctf.su/tasks/shredder Shredder is a Win32 binary that encrypt source file “flag.jpg” to “broken_flag.jpg”. The encryption is only some translations and swaps and can be […]
In this challenge we get a Win32 console binary which just display garbage when started. Reversing it with IDA, we see it connects to a TCP server. I had noticed previously that the file being transfered in the Epic Arc 200 challenge was an Erlang BEAM file (compiled erlang) This […]
In this challenge we need to guess the secret key used by an encryption service running over UDP. We get the source of the server-side. The encryption algorithm uses a Sbox that is initialized with sequential numbers from 1 to 128: SALTED_SBOX = list(range(128)) Then the secret key is mixed […]
$ ls -la total 64 -rw-r–r– 1 francois francois 38120 Jun 30 01:29 crypto-1.jpg -rw-r–r– 1 francois francois 3226 Jun 13 20:50 zomb_crypt.pyc $ file * crypto-1.jpg: JPEG image data, JFIF standard 1.01 zomb_crypt.pyc: python 2.6 byte-compiled $ python Python 2.6.6 (r266:84292, Dec 27 2010, 00:02:40) [GCC 4.4.5] on linux2 […]
Simple RSA: $ cat john.pub —– BEGIN PUBLIC KEY —– KG4gPSAxNTQ5Mzg4MzAyOTk5NTE5LCBlID0gMTAxKQ== —– END PUBLIC KEY —– francois@squeeze:~/ndh2012/public/rsa$ echo -n "KG4gPSAxNTQ5Mzg4MzAyOTk5NTE5LCBlID0gMTAxKQ==" | base64 -d (n = 1549388302999519, e = 101) e = 101 n = 1549388302999519 Factorize n -> n = p * q -> 1549388302999519 = 31834349 * 48670331 $ […]