This was my favorite crypto challenge from this year's CSAW Quals (and probably my favorite crypto challenge that I've done in a while). On the surface, it's relatively standard: we have a flag encrypted with some cryptosystem (along with a Python implementation of this cryptosystem) and we have to decrypt it. The cryptosystem itself is… Continue reading CSAW Quals 2018 – holywater
Tokyo Westerns CTF 2018 – load
load was a warmup pwn, though it ended up being on the hard side for a warmup: it had 49 solves compared to 134 for the next easiest warmup (scs7). We spent quite a long time on this challenge (I think ~8 hours in total?), but despite the unexpected difficulty I still had a lot… Continue reading Tokyo Westerns CTF 2018 – load
Google CTF 2018 – Tape
The description of this challenge is: “We’ve found this priceless, old magnetic tape in our archives. We dumped the contents, but the data is corrupted and we can’t read it. We only have this old tape reader tool, but source code was lost long ago. The program has only 944 bytes, so reversing it should… Continue reading Google CTF 2018 – Tape
Google CTF 2018 – Better Zip
The legacy ZIP crypto is long broken, so we’ve fixed it In this challenge, we are provided with a Python script (better_zip.py) that generates an encrypted zip file from an input file and key, and want to decrypt flag.zip, which was generated with this script. The script has two main parts: a BetterZipCreator class that… Continue reading Google CTF 2018 – Better Zip
Google CTF 2018 – Feel It
We are given a pcap file, so let’s open it up in Wireshark: As can be seen, the entire pcap consists of USB packets. The overall structure of the file is something like: At the beginning, the host asks a USB device for its descriptors (i.e. configuration information). Then, the host repeatedly sends SET_REPORT requests… Continue reading Google CTF 2018 – Feel It
Tokyo Westerns CTF 2017 – Palindromes Pairs (Challenge Phase)
This challenge was a follow-up to an earlier challenge, titled "Palindromes Pairs - Coding Phase". In that earlier warmup ppc challenge, the goal was to write an algorithm to solve the following problem: given up to 1000 strings $latex s_i$, each of length at most 1000, count the number of pairs $latex (i, j)$ such… Continue reading Tokyo Westerns CTF 2017 – Palindromes Pairs (Challenge Phase)
Tokyo Westerns CTF 2017 – Liar’s Trap
On the surface, this challenge appears to be about secret sharing. The setup is simple: the flag is divided into $latex N=100$ pieces using Shamir's secret sharing scheme so that it can be recovered given any $latex K=25$ of these pieces (but is impossible to recover with any fewer). The server provides you with all… Continue reading Tokyo Westerns CTF 2017 – Liar’s Trap
33C3 CTF – shjail
The goal of this challenge is to successfully run (in a shell on a provided server) a setuid binary flag which asks you to repeat a number, and then (if you repeat it successfully) outputs the flag: This would be trivial but for one interesting restriction of the provided shell: the only characters you are… Continue reading 33C3 CTF – shjail
33C3 CTF – babyfengshui
In this challenge, we are provided with a 32-bit ELF ('babyfengshui') and a libc file ('libc-2.19.so'). The program maintains a list of users, which consist of names and descriptions. Here is some example usage, where we add a user and then display it: As you can see, there are 4 relevant actions, so let's go… Continue reading 33C3 CTF – babyfengshui
33C3 CTF – Beeblebrox
This crypto challenge is a classic "fake-the-signature" crypto challenge, but with a somewhat unusual signature scheme that depends on the hardness of computing $latex n$th roots modulo a semiprime: There is a publicly known semiprime $latex N = PQ$, whose two prime factors $latex P$ and $latex Q$ are known only to the signer. There… Continue reading 33C3 CTF – Beeblebrox