Description:
nc challs.m0lecon.it 11000
CryptoGolf was the first challenge of a series of very fun and interesting cryptography challenges that my teammates and I solved in m0leconCTF World Quals where we placed 5th globally in the Open Division, qualifying for the Grand Finals in Turin, Italy.
This was a writeup for a crypto challenge in RACTF 2020, where we placed 6th.
Challenge instance ready at 95.216.233.106:57735
We found a strange service, it looks like you can generate an access token for the network service, but you shouldn't be able to read the flag... We think.
We are given access.py. Lets take a look the server file to see what the program does.
From the top, we see that get_flag:
Man, oracles are weird.
nc challenges1.hexionteam.com 5000
Really Smart Acronym, of course, is RSA. Looking at the code, it uses PyCrypto to generate a RSA key to encrypt the flag. You also get one encryption and 1024 decrypts, but you only get the last bit of the decrypts. At first I thought it could be Franklin-Reiter related-message attack, but there is not enough information for that.
This is a writeup for HexionCTF 2020, where RGBsec placed third.
Math is so beautiful and can always be used for cryptographic
encryption!
nc challenges1.hexionteam.com 5001
We are given an sss.py. See here for source.
We found that SSS stands for Shamir’s Secret Sharing by copy-pasting the loop from eval_at, which brought me to this Wikipedia page. Shamir Secret Sharing is based on polynomials and lagrange interpolation.