Access=0000

This was a writeup for a crypto challenge in RACTF 2020, where we placed 6th.

Challenge Description:

Challenge instance ready at 95.216.233.106:57735
    
    We found a strange service, it looks like you can generate an access token for the network service, but you shouldn't be able to read the flag... We think.
    

Solving :

We are given access.py. Lets take a look the server file to see what the program does.

From the top, we see that get_flag:

Continue Reading »

Really Smart Acronym

Challenge Description:

Man, oracles are weird.

nc challenges1.hexionteam.com 5000

Solving :

​ Really Smart Acronym, of course, is RSA. Looking at the code, it uses PyCrypto to generate a RSA key to encrypt the flag. You also get one encryption and 1024 decrypts, but you only get the last bit of the decrypts. At first I thought it could be Franklin-Reiter related-message attack, but there is not enough information for that.

Continue Reading »

S.S.S.

This is a writeup for HexionCTF 2020, where RGBsec placed third.

Challenge Description:

Math is so beautiful and can always be used for cryptographic
encryption!
nc challenges1.hexionteam.com 5001

Solving :

We are given an sss.py. See here for source.

We found that SSS stands for Shamir’s Secret Sharing by copy-pasting the loop from eval_at, which brought me to this Wikipedia page. Shamir Secret Sharing is based on polynomials and lagrange interpolation.

Continue Reading »