code hacking, zen coding

## HackYou 2014 – Crypto 400 – CRYPTONET

We have intercepted communication in a private network. It is used a strange protocol based on RSA cryptosystem. Can you still prove that it is not secure enough and get the flag? We have a pcap files with multiples TCP sessions and a python script: #!/usr/bin/python import sys import struct […]

## HackYou 2014 – Crypto 300 – Do you like math? Write-up

Do you like math? We have an encrypted flag.wmv.out file and this python script: #!/usr/bin/python import random from struct import pack def Str2matrix(s):   #convert string to 4×4 matrix   return [map(lambda x : ord(x), list(s[i:i+4])) for i in xrange(0, len(s), 4)] def Matrix2str(m):   #convert matrix to string   […]

## ebCTF 2013 – Web400 (crypto/aes/cbc/hmac) Write-Up

This Web challenge was part of the ebCTF competition. It’s actually more crypto than web. We get a simple web site driving the famous cowsay binary: define(’MY_AES_IV’, CENSORED); define(’MY_AES_KEY’, CENSORED); define(’MY_HMAC_KEY’, CENSORED); define("FLAG","CENSORED"); function aes(\$data, \$encrypt) {   \$aes = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ”, MCRYPT_MODE_CBC, ”);   mcrypt_generic_init(\$aes, MY_AES_KEY, MY_AES_IV);   return […]

## HackYouToo CTF – Crypto 300 – Everybody Lies

Mr. Menhall has invented his own encryption algorithm and promised to give the flag to anyone who manages to decipher the message: vWsMajX21l6BdKwDxaRA3utqhpvFL0V= def hashcrypt(msg, key):     token = hashlib.sha1(key).digest()     res = ""     for c in msg:         n = ord(c) ^ […]

## HackYouToo CTF – Crypto 500 – AllahAkbar

We were able to intercept a suspicious file. This is an archive of correspondence between leading cryptographers of hostile organization. According to the agents’ data, during the conversation one of the respondents accidentally uses a file that is added as trusted to all computers of the organization. Their antivirus software […]

## HackYouToo CTF – Binary 300 – Shredder Write-up

Have you tried feeding critical documents to a shredder? We’ve accidentally done this very thing. Shredder: shredder.exe Document remains: broken_flag.jpg We need our document back! See: http://hackyou.ctf.su/tasks/shredder Shredder is a Win32 binary that encrypt source file “flag.jpg” to “broken_flag.jpg”. The encryption is only some translations and swaps and can be […]

## HackYou CTF – Epic Arc 300 – CTF.EXE Writeup

In this challenge we get a Win32 console binary which just display garbage when started. Reversing it with IDA, we see it connects to a TCP server. I had noticed previously that the file being transfered in the Epic Arc 200 challenge was an Erlang BEAM file (compiled erlang) This […]

## HackYou CTF – Crypto 300 – UDP Hardcore Writeup

In this challenge we need to guess the secret key used by an encryption service running over UDP. We get the source of the server-side. The encryption algorithm uses a Sbox that is initialized with sequential numbers from 1 to 128: SALTED_SBOX = list(range(128)) Then the secret key is mixed […]

## NDH2k12 Public Wargame – Break Me Like Your Sister – zomb_crypt

\$ ls -la total 64 -rw-r–r– 1 francois francois 38120 Jun 30 01:29 crypto-1.jpg -rw-r–r– 1 francois francois 3226 Jun 13 20:50 zomb_crypt.pyc \$ file * crypto-1.jpg: JPEG image data, JFIF standard 1.01 zomb_crypt.pyc: python 2.6 byte-compiled \$ python Python 2.6.6 (r266:84292, Dec 27 2010, 00:02:40) [GCC 4.4.5] on linux2 […]

## NDH2k12 Public Wargame – RSA Writeup

Simple RSA: \$ cat john.pub —– BEGIN PUBLIC KEY —– KG4gPSAxNTQ5Mzg4MzAyOTk5NTE5LCBlID0gMTAxKQ== —–  END PUBLIC KEY  —– francois@squeeze:~/ndh2012/public/rsa\$ echo -n "KG4gPSAxNTQ5Mzg4MzAyOTk5NTE5LCBlID0gMTAxKQ==" | base64 -d (n = 1549388302999519, e = 101) e = 101 n = 1549388302999519 Factorize n -> n = p * q -> 1549388302999519 = 31834349 * 48670331 \$ […]