Skip to content

Instantly share code, notes, and snippets.

🍊
Something

Aleksei hellman

🍊
Something
Block or report user

Report or block hellman

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@hellman
hellman / rsa_privleak_halflsb.py
Created May 13, 2019
RSA with half least significant bits of d leaked (optimized for larger e)
View rsa_privleak_halflsb.py
#-*- coding:utf-8 -*-
from sage.all import *
BITS = 2048
NLEAK = 1024-22
# E = 0x10001
E = next_prime(2**22)
print "E", E
@hellman
hellman / 0_sol.ipynb
Last active Apr 10, 2019
Midnight Sun CTF 2019 Quals - open-gyckel-krypto
View 0_sol.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@hellman
hellman / 1_multicollision.py
Created Apr 7, 2019
Spam and Flags CTF 2019 Teaser - QuadHash
View 1_multicollision.py
#-*- coding:utf-8 -*-
from common import *
def extend(alg, prefhashes):
if alg == 0:
prefhash = prefhashes[alg]
table = {}
seen = set()
@hellman
hellman / 0_writeup.md
Last active Apr 10, 2019
Midnight Sun CTF 2019 Quals - Tulpan
View 0_writeup.md

In this challenge the flag is treated as a polynomial over GF(257), it is blinded by a random known polynomial, and then it is evaluated at 107 first integers. However, each result is corrupted with probability 43/108. The polynomial has degree 25, so we need 26 correct points to interpolate it. Observe that by choosing random 26 points from those given, we have a feasible probability of having an error-less set:

sage: math.log(binomial(108-43, 26) / binomial(108, 26), 2)
-22.716429556377932

That is, we need to try around 7 000 000 random subsets. This can be done in 10 minutes on 8 cores by a simple Sage code.

@hellman
hellman / 1_generate_pairs.py
Last active Mar 26, 2019
0CTF 2019 Quals - zer0mi (Crypto 611 pts)
View 1_generate_pairs.py
#!/usr/bin/env sage
'''
Multivariate Public Key Cryptosystems by Jintai Ding et al., Chapter 2
Explains attack by Jacques Patarin.
The idea is to find a relation of plaintext-ciphertext bytes such that
when ciphertext is fixed, the relation is linear in plaintext.
Patarin showed that a sufficient amount of such relations exists.
'''
from sage.all import *
@hellman
hellman / 1_solve.py
Last active Mar 26, 2019
0CTF 2019 Quals - zer0lfsr (Crypto 207 pts)
View 1_solve.py
#!/usr/bin/env sage
'''
The third LFSR has low period: 378.
If the value in positions 0,378,2*378,... is equal to 0,
then the combine functions become AND of the first two LFSRs.
If the value in positions 0,378,2*378,... is equal to 1,
then the combine functions become OR of the first two LFSRs.
We can distinguish both cases easily by number of 0s/1s
(should be 25% in the first case and 75% in the second case)
@hellman
hellman / TwinPeaks2_slide_attack.py
Created Oct 22, 2018
NSUCRYPTO 2018 - Problem 4 - TwinPeaks2 - Slide attack
View TwinPeaks2_slide_attack.py
"""
Slide attack on the TwinPeaks2 cipher from NSUCRYPTO.
Disclaimer: this is not an optimal solution, just a proof-of-concept!
An actual solution is to note that Reverse(Encrypt(Reverse(x)) = Decrypt(x), where Reverse(a,b,c,d) = (d,c,b,a).
"""
from random import shuffle, randint
@hellman
hellman / lostkey.py
Created Oct 20, 2018
HITCON 2018 - Lost Key (Crypto)
View lostkey.py
#-*- coding:utf-8 -*-
from sock import Sock
from libnum import invmod, n2s, s2n, gcd
f = Sock("18.179.251.168 21700")
f.read_until("flag!")
f.read_line()
ENC = int(f.read_line().strip(), 16)
print "ENC = 0x%X" % ENC
@hellman
hellman / lostmodulus.py
Last active Oct 22, 2018
HITCON 2018 - Lost Modulus (Crypto)
View lostmodulus.py
#-*- coding:utf-8 -*-
from sock import Sock
from libnum import invmod, n2s, s2n
f = Sock("13.112.92.9 21701")
f.read_until("flag!")
f.read_line()
ENC = int(f.read_line().strip(), 16)
print "ENC = 0x%X" % ENC
@hellman
hellman / 1_solve.py
Last active Jun 27, 2018
Midnight CTF 2018 Finals - Snurre128
View 1_solve.py
#-*- coding:utf-8 -*-
'''
Writeup:
http://mslc.ctf.su/wp/midnight-ctf-2018-finals-snurre128/
...
Solution found:
130306609594991829769917756515894243368
midnight{620823e005ad9340e1dd7da6deb13028}
You can’t perform that action at this time.