Skip to content

Instantly share code, notes, and snippets.

Crypto Newbie :(

Hyunsik Jeong jhs7jhs

Crypto Newbie :(
View GitHub Profile
jhs7jhs /
Created Oct 19, 2020
simple write-up (oflo, fixed camera, n1vault)


There are several anit-reversing logic, so I just patched with \x90 (nop instruction) to avoid them. After this process, it was able to figure out the logic of the program.

  1. Use /bin/cat to something to get a string
  2. XOR the prologue of a function by the first 5 bytes of the given input.
  3. XOR the given input and the string from 1., then check the result is right.

The part 2. is easy to patch, because the first 5 bytes of the given input is always n1ctf.

val = 0xB77C7C
ans = []
while val > 0:
val >>= 2
val -= 1
ans.append(val % 4)
ans = ans[::-1]
from Crypto.Util.number import *
from pwn import *
r = remote("", 13003)
r.recvuntil("your query: ")
l = r.recvuntil('\n')
c = [int(x) for x in l.split('[')[1].split(']')[0].split(",")]
from Crypto.Util.number import *
from binascii import unhexlify, hexlify
import gmpy2
from pwn import *
def get_cube():
sock = remote('', 13001)
n = int(sock.recvuntil('\n')[3:-1].decode())
jhs7jhs / scheme.json
Created Jul 19, 2020
XTerm-like color scheme on Windows Terminal
View scheme.json
"name": "XTerm-like",
"cursorColor": "#ebebeb",
"selectionBackground": "#ffffff",
"background" : "#000000",
"foreground" : "#ebebeb",
"black" : "#000000",

Keybase proof

I hereby claim:

  • I am jhs7jhs on github.
  • I am rbtree ( on keybase.
  • I have a public key whose fingerprint is 3A77 4E51 675A E05C 40A8 AC1F A3C7 8ADB E4F0 C0DC

To claim this, I am signing this object:

jhs7jhs /
Created May 18, 2020
solver of coooppersmith from DEFCON CTF 2020 Quals
from pwn import *
from ctypes import *
from Crypto.PublicKey import RSA
from Crypto.Util.number import long_to_bytes as l2b, inverse, GCD as gcd
import gmpy2
s = remote("", 5000)
s.sendline("1" + "0" * 119)
jhs7jhs / readme.txt
Created Apr 23, 2020
A PLUS Puzzle (PuzzleScript Script)
View readme.txt
Play this game by pasting the script in
jhs7jhs / solver.sage
Created Nov 6, 2019
Multivariate Coppersmith method
View solver.sage
class IIter:
def __init__(self, m, n):
self.m = m
self.n = n
self.arr = [0 for _ in range(n)]
self.sum = 0
self.stop = False
def __iter__(self):
return self
jhs7jhs / solver.sage
Created Sep 11, 2019
Sneaky_RSA Solver
View solver.sage
#!/usr/bin/env sage
from Crypto.Util.number import long_to_bytes
n = 502836922512486610504545362770164087747314568872499828554488035958487618069922372009938568627862332381791785204353412309048442266790788127586913418481611102032369784610186635918107975841710391423008666409824129040501563972923707425783141884753202039153453753743392862691624406109086024607836030202826295630221116437441121382375260821932448574939909495800160786027658225717271401949960794363690329988511853563276529456313673706170640973867577950303263264174744662074209624615772736887075860916876858014327808943244020378093080950653168444374777563212489171657106506007764866226182751595372496526204915222217458440333
c = 4542992230817920623622662202729093420190888652559243976860639953697825392586021006533342245836972027501745167799861363850426811090986182459017530104829121267723198005247073842044128647351222273325585614699334258919290475742633426495057070305887556653427791160755958392266834460356390652210993123440272512962788160444355984837855192511
You can’t perform that action at this time.