Skip to content

Instantly share code, notes, and snippets.

View hellman's full-sized avatar
🍊

Aleksei Udovenko hellman

🍊
618 followers · 24 following
View GitHub Profile
@hellman
hellman / crypto_backdoor.py
Last active June 15, 2019 07:00
Google CTF 2017 Quals - Crypto Backdoor
def I(s):
val = 0
for i in range(len(s)):
digit = ord(s[len(s) - i - 1])
val <<= 8
val |= digit
return val
def Sn(i, length):
s = ''
@hellman
hellman / decrypt_flag.rs
Created June 18, 2017 22:04
Google CTF 2017 Quals - Shake It
#[macro_use]
extern crate arrayref;
extern crate crypto;
use crypto::aead::AeadDecryptor;
use crypto::chacha20poly1305::ChaCha20Poly1305;
use std::env;
use std::fs::File;
use std::io::{Read, Write};
@hellman
hellman / 0handshake.rs
Last active September 3, 2017 16:21
Google CTF 2017 Quals - Rubik
use permutation::Permutation;
use cube::Cube;
use crypto::blake2b::Blake2b;
#[derive(Copy, Clone, Eq, PartialEq, Hash)]
pub struct SecretKey {
pub a: u64,
pub b: u64,
}
@hellman
hellman / chall.py
Last active July 9, 2017 09:08
Polictf 2017 – Lucky Consecutive Guessing (Crypto)
#!/usr/bin/env python
import signal, random
import sys
class LinearCongruentialGenerator:
def __init__(self, a, b, nbits):
self.a = a
self.b = b
@hellman
hellman / code.cpp
Last active February 25, 2019 16:59
TWCTF 2017 - Palindrome Pairs - Challenge Phase
#include <iostream>
#include <stdlib.h>
using namespace std;
#define REP(i,x) for(int i = 0; i < (int)x; i++)
#define M 8
int N;
string s[1000];
long q[M], p[M], hs[M][1000], hr[M][1000];
@hellman
hellman / 0server.rb
Last active September 4, 2017 08:33
TWCTF 2017 - Liar's Trap
#!/usr/bin/env ruby
require 'securerandom'
## Parameters
P = 115792089237316195423570985008687907853269984665640564039457584007913129639747
N = 100
K = 25
L = 38 # The number of liars
def apply_polynomial(coeffs, x)
r = 0
@hellman
hellman / 0_solve.py
Last active September 4, 2017 08:29
TWCTF 2017 - BabyPinhole
#-*- coding:utf-8 -*-
"""
In this challenge we have a Paillier cryptosystem.
We are given a decryption oracle, which leaks only one bit in the middle of the plaintext.
Due to homomorphic properties of the Paillier cryptosystem, we can recover the full decryption using such an oracle.
1. First, we recover the lower half of the message bit-by-bit.
This can be done by manipulating and observing the carry bit going through the pinhole,
@hellman
hellman / 0_solve.py
Created September 10, 2017 18:42
ASIS CTF 2017 Finals - Marijuana (Crypto 394)
#-*- coding:utf-8 -*-
'''
In the challenge we are given a recently proposed cryptosystem
based on Mersenne primes ( https://eprint.iacr.org/2017/481 ).
The cryptosystem was broken quickly in https://eprint.iacr.org/2017/522.pdf
using random partitioning and LLL. Here this attack is implemented.
'''
@hellman
hellman / 0_mceliece_grs.py
Last active October 19, 2017 20:35
Hack.lu CTF 2017 - McEliece
'''
Attacking McEliece with Generalized Reed-Solomon codes (GRS), method by Sidelnikov & Shestakov.
The task is almost the same as The Russian Attack from Sharif CTF:
http://ctf.sharif.edu/blog/Write-Ups/SharifCTF-6/Crypto/08.%20The%20Russian%20Attack%20(500%20+%20300%20pts)/
The only change is the field changed from GF(p) to GF(2^8).
Here is Sage analogue of the GAP script, because finally Sage supports GRS decoding.
'''
@hellman
hellman / 1_solve.py
Last active November 20, 2017 13:47
HXP CTF 2017 - ouchenticated (Crypto 200)
'''
CRC is applied before CTR so CTR is not protected and we can bitflip.
We can fix MAC randomly and save the difference between admin=0 and admin=1.
Since CRC is linear, the same difference will work for any other MAC.
'''
from sock import Sock
def xor(a, b): return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))])