KalmarCTF 2024 – One key to rule them all

Categorie: Web
Points: 484
Solves: 11
Encryption is easy, but key management is hard – I got the solution! Just use one key everywhere, i.e. nothing to manage (just don’t lose it)
Attachments: official Github repo (not available yet)

Archive:  handout-onekey.zip
Length Date Time Name
--------- ---------- ----- ----
0 03-15-2024 19:44 handout-onekey/
1102 03-06-2024 23:04 handout-onekey/Dockerfile
6631 03-06-2024 23:04 handout-onekey/app.py
399 03-06-2024 23:04 handout-onekey/readflag.c
440 03-06-2024 23:04 handout-onekey/supervisord.conf
196 03-15-2024 19:44 handout-onekey/docker-compose.yml
16 03-06-2024 23:04 handout-onekey/flag
--------- -------
8784 7 files
Continue reading

FCSC 2022 – Write-Ups for some of the crypto challenges

In this post, I’ll present my write-ups for some of the challenges listed in the “Crypto” category, in no particular order. Three of them are not directly written in this post and only contain a link to the actual write-up.

The challenges are:

  1. Shuffled
  2. My Tailor is Rich
  3. T-Rex
  4. Gaston La Paffe
  5. Surface
  6. Hash-ish
  7. Kahl Hash
  8. Share It
  10. Millenium

I didn’t manage to solve two of them, but I will briefly give my thoughts on them.

Continue reading

EasyCTF IV – Not OTP


It seems we’ve intercepted 2 strings that were both encrypted with what looks like OTP! Is it possible to decrypt them?

c1 = 38445d4e5311544249005351535f005d5d0c575b5e4f481155504e495740145f4c505c5c0e196044454817564d4e12515a5f4f12465c4a45431245430050154b4d4d415c560c4f54144440415f595845494c125953575513454e11525e484550424941595b5a4b
c2 = 3343464b415550424b415551454b00405b4553135e5f00455f540c535750464954154a5852505a4b00455f5458004b5f430c575b58550c4e5444545e0056405d5f53101055404155145d5f0053565f59524c54574f46416c5854416e525e11506f485206554e51

Continue reading




Bob is extremely paranoid, so he decided that just one RSA encryption is not enough. Before sending his message to Alice, he forced her to create 5 public keys so he could encrypt his message 5 times! Show him that he still is not secure…

Here are the 5 public keys that Bob used, each in the format of (N, e):
(9247606623523847772698953161616455664821867183571218056970099751301682205123115716089486799837447397925308887976775994817175994945760278197527909621793469, 11)
(9247606623523847772698953161616455664821867183571218056970099751301682205123115716089486799837447397925308887976775994817175994945760278197527909621793469, 41)
(9247606623523847772698953161616455664821867183571218056970099751301682205123115716089486799837447397925308887976775994817175994945760278197527909621793469, 67623079903)
(9247606623523847772698953161616455664821867183571218056970099751301682205123115716089486799837447397925308887976775994817175994945760278197527909621793469, 5161910578063)
(9247606623523847772698953161616455664821867183571218056970099751301682205123115716089486799837447397925308887976775994817175994945760278197527909621793469, 175238643578591220695210061216092361657427152135258210375005373467710731238260448371371798471959129039441888531548193154205671)

Here is his encrypted message:

Continue reading


Hackim18 – Web1


The objective of this challenge is to find a way to get logged in as the user “administrator”..

This is the demo application for our new session management system based on military cryptography (namely CBC-MAC). You can log in as any user (except ‘administrator’) with the password ‘Password1’. We blocked access to ‘administrator’ account for security reasons. Continue reading