Skip to content

Instantly share code, notes, and snippets.

View hyunsikjeong's full-sized avatar
💭
Working hard

Hyunsik Jeong hyunsikjeong

💭
Working hard
134 followers · 23 following
View GitHub Profile
@hyunsikjeong
hyunsikjeong / solve.py
Created May 29, 2023 01:54
Solver for ziggypop from DEFCON CTF 2023 Quals
from typing import Any, Union
from pwn import *
exe = ELF("./main")
context.binary = exe
# curve25519 is from https://gist.github.com/nickovs/cc3c22d15f239a2640c185035c06f8a3
from curve25519 import *
from curve25519 import _fix_secret, _unpack_number, _point_add, _point_double, _pack_number, _raw_curve25519, P
@hyunsikjeong
hyunsikjeong / leak.sage
Last active May 30, 2022 01:56
solution for Crypto Chall in DEFCON CTF 2022 Quals
from tqdm import tqdm
p = 0x00000001748a30b311afb13858f1dccf
q = 0x0000000120c02771bb5f8edae9364f45
N = p * q
# enc = 0x012a0a1ed3553e95527dedcf481b59d0fcad2c0ab5c3e8ac23
# enc = 0x017e72989e281ebe960631cd5d913e1b5d88ca5f50ca27904a
enc = int(sys.argv[1], 16)
@hyunsikjeong
hyunsikjeong / solver.sage
Created October 11, 2021 00:06
GoodHash sol
from Crypto.Cipher import AES
from Crypto.Util.number import *
from pwn import *
import sys
F.<x> = GF(2^128, name='x', modulus=x^128+x^7+x^2+x+1)
def bytes_to_element(b):
v = bytes_to_long(b)
e = 0
@hyunsikjeong
hyunsikjeong / solver.py
Created December 7, 2020 04:19
Solver for RGNN
#!/usr/bin/env python3
from z3 import *
import random
import string
def print_board(board):
height, width = len(board), len(board[0])
@hyunsikjeong
hyunsikjeong / n1ctf.md
Created October 19, 2020 03:20
simple write-up (oflo, fixed camera, n1vault)

oflo

There are several anit-reversing logic, so I just patched with \x90 (nop instruction) to avoid them. After this process, it was able to figure out the logic of the program.

  1. Use /bin/cat to something to get a string
  2. XOR the prologue of a function by the first 5 bytes of the given input.
  3. XOR the given input and the string from 1., then check the result is right.

The part 2. is easy to patch, because the first 5 bytes of the given input is always n1ctf.

@hyunsikjeong
hyunsikjeong / solver.py
Created September 6, 2020 16:10
harmagedon
val = 0xB77C7C
ans = []
while val > 0:
print(val)
val >>= 2
val -= 1
ans.append(val % 4)
ans = ans[::-1]
@hyunsikjeong
hyunsikjeong / solver.py
Created September 6, 2020 15:16
bitcrypto
from Crypto.Util.number import *
from pwn import *
r = remote("crypto.kosenctf.com", 13003)
r.recvuntil("your query: ")
r.sendline('b')
l = r.recvuntil('\n')
c = [int(x) for x in l.split('[')[1].split(']')[0].split(",")]
@hyunsikjeong
hyunsikjeong / solver.py
Created September 6, 2020 15:05
padrsa solver
from Crypto.Util.number import *
from binascii import unhexlify, hexlify
import gmpy2
from pwn import *
def get_cube():
sock = remote('crypto.kosenctf.com', 13001)
n = int(sock.recvuntil('\n')[3:-1].decode())
@hyunsikjeong
hyunsikjeong / scheme.json
Created July 19, 2020 07:46
XTerm-like color scheme on Windows Terminal
{
"name": "XTerm-like",
"cursorColor": "#ebebeb",
"selectionBackground": "#ffffff",
"background" : "#000000",
"foreground" : "#ebebeb",
"black" : "#000000",
@hyunsikjeong
hyunsikjeong / keybase.md
Created June 12, 2020 13:33

Keybase proof

I hereby claim:

  • I am jhs7jhs on github.
  • I am rbtree (https://keybase.io/rbtree) on keybase.
  • I have a public key whose fingerprint is 3A77 4E51 675A E05C 40A8 AC1F A3C7 8ADB E4F0 C0DC

To claim this, I am signing this object: