The challenge contains two modules:
# File: securePickle.py
import pickle, io
whitelist = []
Aleksei Udovenko hellman
🍊
hellman
/ crazy_repetition_of_code.ipynb
Last active
October 20, 2019 13:47
SECCON 2019 CTF Quals - Crazy Repetition of Codes (crypto)
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellman
/ randomly_select_cat.ipynb
Created
October 15, 2019 09:43
HITCON CTF 2019 Quals - Randomly Select a Cat
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellman
/ very_simple_haskell.ipynb
Created
October 14, 2019 14:55
HITCON CTF 2019 Quals - Very Simple Haskell (crypto)
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellman
/ not_so_hard_rsa.ipynb
Last active
October 14, 2019 13:53
HITCON CTF 2019 Quals - Not So Hard RSA (crypto)
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellman
/ lost_key_again.ipynb
Last active
October 14, 2019 13:52
HITCON CTF 2019 Quals - Lost Key Again (crypto)
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellman
/ lost_modulus_again.ipynb
Last active
October 14, 2019 13:56
Hitcon CTF 2019 Quals - Lost Modulus Again
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellman
/ 0_challenge_sol.md
Last active
October 7, 2019 19:41
Balsn CTF 2019 - listcomp ppm (programming)
In this challenge we see a password-verification program. The password is quite long:
assert 16 < len(passwd) < 70
The first few checks verify md5, sha1 and sha3_224 digests. Due to long password, it is unlikely to use them to recover the password. Then, three transformations applied aiming to "destroy" the password: exponentiation modulo a prime, iterated encryption with DES and AES. Though, it is easy to see that they are trivially invertible. For the final "destroyed" value, the omnihash tool is used, which checks the password using 72 different hash functions, including many CRC variants. We are given the digests of these functions in the hash.json file.
CRC functions are totally not cryptographically secure: they are affine functions. Therefore, we can efficiently use them to deduce information about the hashed value. One may try to use the definition of CRC functions as modular reductions in the ring of polynomials over GF(2) and use the Chinese Remainder Theorem to reconstruct the va
hellman
/ solve_with_angr.py
Last active
October 4, 2019 08:37
PwnThyBytes 2019 CTF - Primitive Obsession
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| ''' | |
| time python3 solve.py | |
| 35 minutes | |
| ''' | |
| import angr | |
| import claripy | |
| import hashlib | |
| # checking functions |