In this post, I’ll present my write-ups for some of the challenges listed in the “Crypto” category, in no particular order. Three of them are not directly written in this post and only contain a link to the actual write-up.
The challenges are:
I didn’t manage to solve two of them, but I will briefly give my thoughts on them.
Continue readingIn this post, I’ll present my write-ups for all the challenges listed in the “Crypto” category, in the order I solved them during the competition.
The challenges are:
This vulnerability exploits a weakness in the construction of the public key that allows the private key to be recovered by factorizing the modulus.
ROCA is the acronym of “Return of Coppersmith’s Attack”. This vulnerability was discovered in February 2017 by a team of Czech researchers and was given the identifier CVE 2017-15361.
Continue readingIn this post I want to share with you my way of solving reverse engineering (RE) tasks in CTFs involving simple cryptography without reading a single bit of assembly, purely by cryptanalysis.
Of course this can’t be applied on all RE tasks you’ll encounter that make use of cryptography, but sometimes it might save you a lot of pain trying to solve a difficult RE task, like I did here. You might also have to do it simply because you don’t have access to the cryptographic code (Black Box), like in one of the parts of the Black Badge challenge for Le Hack 2019, which will serve as an example throughout this post.
If you’re new in the field of cryptanalysis this might also be of interest to you to see the methodology you can apply. You might even learn something new. 😉
Continue readingIt’s been a long time for both of us since part 3 of this series. So to quietly resume our journey in the beautiful world of mathematics I propose you 4 rather simple topics :
In the last part we’ve found heap buffer overflows in the structure holding victim information and a stack buffer overflow when receiving the name of the file that’s been encrypted. Now we’re going to find what possibilities they can offer us and use them to craft an exploit.
Continue readingIn this part we’re going to suppose that we’ve managed to obtain a copy of the Tupper C&C server binary. Our goal is to reverse engineer it and summarize the overall operating process of Tupper.
Continue readingIn the last part we have seen that Tupper encrypts “.txt” files using RSA and “.pdf” files using a xor and custom key schedule. In this part we will write decryption scripts to recover encrypted files because Tupper doesn’t provide any decryption function.
Continue readingToday we will reverse-engineer a simple “ransomware” made specifically for this purpose. Let’s give it the name Tupper. Tupper is not really a ransomware because it doesn’t ask for a ransom, it only attacks a specific location on the filesystem and I unintentionally forgot another important feature of ransomwares, try to find it. 🙂
Continue readingToday the focus is on oracles ! You already encountered the decipher oracle in part 1 but now you’ll meet :
