Skip to main content

Crypto

FCSC 2024 - Write-Ups for the crypto challenges
·72 mins
Crypto Write-Up Ctf

In this post, I’ll present my write-ups for all the challenges listed in the crypto category, ordered by difficulty rating.

The challenges are:

  1. AdveRSArial Crypto (Baby)
  2. El Gamal Fait 1/2
  3. El Gamal Fait 2/2
  4. The pake is a lie
  5. AdveRSArial Crypto (Kiddo)
  6. Broadcastopol
  7. Salade de fruits
  8. Share a Saucisse
  9. Winternitz is coming
  10. Appellation d’Origine Protégée
  11. Secret SHenanigans
  12. Tight Schedule
Breaking Python's PRNG with a few values and no bruteforce
·8 mins
Crypto
In this project, our focus will be on Python’s random implementation. We’ll demonstrate that even with a small number of outputs (as few as 6 for a 32-bit seed), it’s feasible to deduce Python’s original seed.
KalmarCTF 2024 - One key to rule them all
·16 mins
Web Crypto Write-Up Ctf
Encryption is easy, but key management is hard - I got the solution! Just use one key everywhere, i.e. nothing to manage (just don’t lose it)
FCSC 2022 - Write-Ups for some of the crypto challenges
·37 mins
Crypto Write-Up Ctf

In this post, I’ll present my write-ups for some of the challenges listed in the crypto category, in no particular order.

The challenges are:

  1. Shuffled
  2. My Tailor is Rich
  3. T-Rex
  4. Gaston La Paffe
  5. Surface
  6. Hash-ish
  7. Kahl Hash
  8. Share It
  9. IZNOGOOD
  10. Millenium

I didn’t manage to solve two of them, but I will briefly give my thoughts on them.

FCSC 2021 - Write-Ups for the crypto challenges
·41 mins
Crypto Write-Up Ctf

In this post, I’ll present my write-ups for all the challenges listed in the Crypto category, in the order I solved them during the competition.

The challenges are:

  1. Macaque
  2. RSA Destroyer
  3. Lost curve
  4. Hashy Parmentier
  5. Revaulting
  6. SmeaLog
  7. Trappy Skippy
Analysis of the ROCA vulnerability
·31 mins
Crypto Rsa
In this post we will see how the key generation process is done, why it is bad and how other people have been able to rediscover the attack before it was publicly disclosed. We will also see how the detection methods work and most importantly how to perform the whole attack. Hopefully at the end you will understand all the steps required to factor vulnerable keys and how the necessary optimizations of the attack where found. As a bonus, I’ll provide a fully functional multiprocess attack script in Sage.
Solving RE tasks the crypto way
·14 mins
Crypto Reverse Ctf

In this post I want to share with you my way of solving reverse engineering (RE) tasks in CTFs involving simple cryptography without reading a single bit of assembly, purely by cryptanalysis.

Of course this can’t be applied on all RE tasks you’ll encounter that make use of cryptography, but sometimes it might save you a lot of pain trying to solve a difficult RE task. You might also have to do it simply because you don’t have access to the cryptographic code (Black Box), like in one of the parts of the Black Badge challenge for Le Hack 2019, which will serve as an example throughout this post.

Attacking RSA for fun and CTF points - part 4
·7 mins
Crypto Ctf Rsa

It’s been a long time since part 3 of this series. So to quietly resume our journey in the beautiful world of mathematics I propose you 4 rather simple topics :

  • Multi-prime RSA
  • Brute force attack on small secret CRT-Exponents
  • Fault attack on signatures
  • Twin primes
Analysing the worst ransomware - part 2
·5 mins
Crypto Reverse
In the last part we have seen that Tupper encrypts “.txt” files using RSA and “.pdf” files using a xor and custom key schedule. In this part we will write decryption scripts to recover encrypted files because Tupper doesn’t provide any decryption function.
Attacking RSA for fun and CTF points - part 3
·10 mins
Crypto Ctf Rsa

Today the focus is on oracles ! You already encountered the decipher oracle in part 1 but now you’ll meet :

  1. The LSB oracle
  2. The padding oracle