Aleksei Udovenko hellman
🍊
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| CRC is applied before CTR so CTR is not protected and we can bitflip. | |
| We can fix MAC randomly and save the difference between admin=0 and admin=1. | |
| Since CRC is linear, the same difference will work for any other MAC. | |
| ''' | |
| from sock import Sock | |
| def xor(a, b): return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdbool.h> | |
| #include <unistd.h> | |
| #include <sys/fcntl.h> | |
| #include <mbedtls/aes.h> | |
| typedef unsigned char byte; | |
| typedef ssize_t (*ft)(int, byte *, size_t); | |
| static int o(char const *s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| """ | |
| In this challenge we need to use blind printf in order to subtract to 32-bit integers. | |
| The two main format operators needed are (arguments given for example) | |
| (a) %5$*7$s - write string passed in the 5th argument padded to the length passed in the 7th argument. | |
| (b) %5$n - write number of previously written bytes to the pointer given in the 5th argument. | |
| 1. We use (a) with (b) to copy two secret integers. Then we use (b) to zero-out all-bytes except one. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| ''' | |
| Writeup: | |
| http://mslc.ctf.su/wp/midnight-ctf-2018-finals-snurre128/ | |
| ... | |
| Solution found: | |
| 130306609594991829769917756515894243368 | |
| midnight{620823e005ad9340e1dd7da6deb13028} |
hellman
/ 1_solve.py
Last active
October 3, 2018 01:12
HXP CTF 2017 - flea (Crypto 150), CodeGate 2018 Quals - RsaBaby
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FLEA | |
| ''' | |
| n, l mod 2^t depend only on p,q mod 2^t. | |
| So we can recover p,q bit-by-bit from LSB. | |
| Given p mod 2^t, q mod 2^t = (n / p) mod 2^t is unique. | |
| Ideally, l would give 1/2^t filter, | |
| but here it gives a bit less and we get up to 2000 candidates in the end. | |
| ''' | |
| from libnum import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| from sock import Sock | |
| from libnum import invmod, n2s, s2n, gcd | |
| f = Sock("18.179.251.168 21700") | |
| f.read_until("flag!") | |
| f.read_line() | |
| ENC = int(f.read_line().strip(), 16) | |
| print "ENC = 0x%X" % ENC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #-*- coding:utf-8 -*- | |
| from sock import Sock | |
| from libnum import invmod, n2s, s2n | |
| f = Sock("13.112.92.9 21701") | |
| f.read_until("flag!") | |
| f.read_line() | |
| ENC = int(f.read_line().strip(), 16) | |
| print "ENC = 0x%X" % ENC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <stdlib.h> | |
| using namespace std; | |
| #define REP(i,x) for(int i = 0; i < (int)x; i++) | |
| #define M 8 | |
| int N; | |
| string s[1000]; | |
| long q[M], p[M], hs[M][1000], hr[M][1000]; |
hellman
/ 1_generate_pairs.py
Last active
March 26, 2019 18:27
0CTF 2019 Quals - zer0mi (Crypto 611 pts)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sage | |
| ''' | |
| Multivariate Public Key Cryptosystems by Jintai Ding et al., Chapter 2 | |
| Explains attack by Jacques Patarin. | |
| The idea is to find a relation of plaintext-ciphertext bytes such that | |
| when ciphertext is fixed, the relation is linear in plaintext. | |
| Patarin showed that a sufficient amount of such relations exists. | |
| ''' | |
| from sage.all import * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sage | |
| ''' | |
| The third LFSR has low period: 378. | |
| If the value in positions 0,378,2*378,... is equal to 0, | |
| then the combine functions become AND of the first two LFSRs. | |
| If the value in positions 0,378,2*378,... is equal to 1, | |
| then the combine functions become OR of the first two LFSRs. | |
| We can distinguish both cases easily by number of 0s/1s | |
| (should be 25% in the first case and 75% in the second case) |