Skip to content

Instantly share code, notes, and snippets.

Avatar
🍊
Something

Aleksei hellman

🍊
Something
View GitHub Profile
@hellman
hellman / FibHash.ipynb
Last active Mar 25, 2021
CONFidence 2020 CTF Finals - FibHash (Crypto 421)
View FibHash.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@hellman
hellman / write.ipynb
Last active Feb 28, 2021
AeroCTF 2021 - Horcrux (Crypto)
View write.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@hellman
hellman / 1_attack.py
Last active Jan 21, 2021
0CTF 2018 Quals - zer0SPN (Crypto 550)
View 1_attack.py
'''
In the challenge we have a "toy block cipher". It is an SPN cipher with:
- 4 rounds
- 8 8-bit S-Boxes (64-bit block)
- bit permutations as linear layer
We are given 2^16 random plaintext/ciphertext pairs.
On contrast with the zer0TC challenge, the bit permutation is strong and provides full diffusion.
@hellman
hellman / coll.py
Last active Jan 14, 2021
HXP CTF 2020 - Octothorpe (Crypto Hard)
View coll.py
'''
The idea is to reach a state consisting of 00 and FF bytes.
Because of the independence of shifts values, if the message block is the same 32-byte part repeated 2 times,
the state is preserved. We then can change the 32 byte part arbitrarily and keep the hash value unchanged.
To do this we first craft a 32x2 message block that lands on such state after 2nd round (1st round does nothing).
We have 32 bytes of freedom (-charset constraints), so this is reasonable and can be done with 1 byte guess and propagation.
One caveat is that the initial state is rather symmetric and and it's not always easy to land on a desired state,
so we prepend random block first to randomize the state.
@hellman
hellman / rsa_collect.py
Last active Jan 9, 2021
HITCON QUALS 2016 - RSA (Crypto 400)
View rsa_collect.py
'''
http://www.chesworkshop.org/ches2011/presentations/Session%204/CHES2011_Session4_3.pdf
First part - collecting CRT values.
'''
import subprocess
from sock import Sock
from libnum import gcd, solve_crt
def getHashes(p):
return subprocess.check_output(["./sha1", p]).split()[0]
@hellman
hellman / Makefile
Last active Dec 13, 2020
ASIS CTF 2020 Finals - Trio Color (3DES)
View Makefile
prepare:
mkfifo p1 p2
precomp:
./stage1_precomp
du -hs dump*
# 17G dump0
# 17G dump1
# 17G dump2
# 17G dump3
@hellman
hellman / 0writeup.ipynb
Last active Oct 24, 2020
RCTF 2020 - infantECC
View 0writeup.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@hellman
hellman / 0_solve.py
Created Sep 10, 2017
ASIS CTF 2017 Finals - Marijuana (Crypto 394)
View 0_solve.py
#-*- coding:utf-8 -*-
'''
In the challenge we are given a recently proposed cryptosystem
based on Mersenne primes ( https://eprint.iacr.org/2017/481 ).
The cryptosystem was broken quickly in https://eprint.iacr.org/2017/522.pdf
using random partitioning and LLL. Here this attack is implemented.
'''
@hellman
hellman / TwinPeaks2_slide_attack.py
Created Oct 22, 2018
NSUCRYPTO 2018 - Problem 4 - TwinPeaks2 - Slide attack
View TwinPeaks2_slide_attack.py
"""
Slide attack on the TwinPeaks2 cipher from NSUCRYPTO.
Disclaimer: this is not an optimal solution, just a proof-of-concept!
An actual solution is to note that Reverse(Encrypt(Reverse(x)) = Decrypt(x), where Reverse(a,b,c,d) = (d,c,b,a).
"""
from random import shuffle, randint
@hellman
hellman / rsa_timing_attack_d_Montgomery.py
Created May 1, 2017
DEF CON 2017 Quals - Godzilla (Reverse/Crypto)
View rsa_timing_attack_d_Montgomery.py
#-*- coding:utf-8 -*-
'''
DEF CON 2017 Quals - Godzilla (Reverse)
Timing attack on RSA decryption.
Based on http://www.cs.jhu.edu/~fabian/courses/CS600.624/Timing-full.pdf
Another solutions:
https://gist.github.com/nneonneo/367240ae2d8e705bb9173a49a7c8b0cd by b2xiao
https://gist.github.com/Riatre/caac24840b176cf843b3f66ad9a5eeaf by riatre