Skip to content

Instantly share code, notes, and snippets.

View elliptic-shiho's full-sized avatar

Shiho Midorikawa elliptic-shiho

View GitHub Profile
@elliptic-shiho
elliptic-shiho / solve.sage
Last active July 10, 2023 06:29
Crypto CTF 2023: Byeween
from socket import create_connection
def wait(sock) -> str:
buf = ""
while True:
buf += sock.recv(1024).decode()
if "[Q]uit" in buf:
break
return buf
@elliptic-shiho
elliptic-shiho / solve.py
Created July 9, 2023 06:47
Crypto CTF 2023: Barak
"""
References:
[1]: Marc Joye and Jean-Jacques Quisquater. 2001. "Hessian Elliptic Curves and Side-Channel Attacks".
"""
from scryptos import * # https://github.com/scryptos/scryptoslib
from ast import literal_eval
from scryptos.wrapper.parigp import set_gp_memalloc_size
import string
import math
@elliptic-shiho
elliptic-shiho / shevid.sage
Created July 9, 2023 06:00
Crypto CTF 2023: Shevid
# 1. git clone https://github.com/GiacomoPope/Castryck-Decru-SageMath
# 2. cd Castryck Decru-SageMath
# 3. place this file
# 4. run
import public_values_aux
from public_values_aux import *
set_verbose(-1)
load("castryck_decru_attack.sage")
@elliptic-shiho
elliptic-shiho / solve.sage
Created July 9, 2023 05:51
Crypto CTF 2023: Insights solver
from sage.all import *
from Crypto.Util.number import long_to_bytes
n = 12765231982257032754070342601068819788671760506321816381988340379929052646067454855779362773785313297204165444163623633335057895252608396010414744222572161530653104640020689896882490979790275711854268113058363186249545193245142912930804650114934761299016468156185416083682476142929968501395899099376750415294540156026131156551291971922076435528869024742993840057342092865203064721826362149723366381892539617642364692012936270150691803063945919154346756726869466855557344213050973081755499746750276623648407677639812809665472258655462846021403503851719008687214848550916999977775070011121527941755954255781343103086789
e = 45965045468694670661537184573752791653920565666784478063438604926880061578296492094422908450275216739544615829085404769600603475021075834174484176247919117301777303464773934692739058084899812183002913454288071340930609296728267512269958650368494340753506721673855640316940362210476251629387999438732437083571805625170615055782010
@elliptic-shiho
elliptic-shiho / solve.py
Created July 9, 2023 05:32
Crypto CTF 2023: Bertrand solver
#!/usr/bin/env python3
import functools
from PIL import Image
import itertools
def sox(n, d):
x, y, t = 0, 0, d
for s in range(n - 1):
@elliptic-shiho
elliptic-shiho / solve.sage
Last active May 14, 2023 13:59
m0lecon ctf 2023 teaser: MIKE
from sage.all import *
from ast import literal_eval
import binascii
import hashlib
d = open("output.txt").read().split("\n")[:-1]
Q_vec = literal_eval(d[0])
M1_vec = literal_eval(d[1])
M2_vec = literal_eval(d[2])
encrypted_flag = binascii.unhexlify(d[3])
@elliptic-shiho
elliptic-shiho / solve.rb
Last active September 2, 2019 06:13
TokyoWesterns CTF 2019 - happy! Solver & simple writeup
require_relative './happy' # rename happy -> happy.rb
q = 180754955592872777770305021165949447837520820408608437544593001477325680227199967219036800612237524673886247520794601572290402702594122131782305474875236404413820478308317235725623037177247985490515533618988964977186476558003216903
p = 166878663790065040663149504970052368124427462024107500159158464138407657299730521908976684364578086644682045134207945137293534705688910696520830729908263578233018529387676221035298300775812585471932551347478303730822844748034186479
k = 2
e = 65537
d1 = e.pow((p - 1) / 2 - 2, (p - 1))
d2 = e.pow(((q - 1) / 2 - 1) * (q - 1) * (k > 1 ? q ** (k - 2) : 1) - 1, q ** (k - 1) * (q - 1))
cf = p.pow(q ** (k - 1) * (q - 1) - 1, q ** k)
key = Key.new({
@elliptic-shiho
elliptic-shiho / solve.py
Created June 24, 2019 01:53
Solver of Google CTF 2019 Quals "reality" (solved after the competition)
from Crypto.Util.number import long_to_bytes
from Crypto.Cipher import AES
import base64
E = 226611012014558802453288800032037813546
key = long_to_bytes(E)
IV = b'\x00' * 16
ciphertext = base64.b32decode("YQLAC5DCJR57PYVUBQ4PXMH47IO5IETPUI7EDFUR7JWTNIHNTEAA====")
print([AES.new(key, AES.MODE_CBC, IV=IV).decrypt(ciphertext)])
@elliptic-shiho
elliptic-shiho / solve.py
Created September 4, 2018 01:32
TokyoWesterns CTF 2018: Revolutional Secure Angou
from scryptos import *
# test parameters
# p, q = 14056259838232570373, 3909938154797744143
# p, q = 110641318332500553225796279828587613489797458859835222045512182391168598134167, 41341297333205266450910162205203983690711509110268167866251160754916102829081
# p, q = 10228796114311354522393980901045139447044341433203094817361313657771454169784897994605194490320353121541462445378267256058403046516520932633258044274994937, 9674880045377912387417155013106887773980875486540327472093521385140255139488018323841292644856768684836232571892336095160722768016023003373215125021261061
rsa = RSA.import_pem(open('publickey.pem').read())
e = rsa.e
n = rsa.n
from scryptos import *
import hashlib
'''
DEFCON Quals 2018 Official: Crypto part
Partial random-value Exposure Attack for DSA (<=> biased-k DSA)
References: https://crypto.stackexchange.com/questions/44644/how-does-the-biased-k-attack-on-ecdsa-work
Thanks: @Bono_iPad and binja members
'''