[TokyoWesterns CTF 4th] mixed cipher

I heard bulldozer is on this channel, be careful! nc crypto.chal.ctf.westerns.tokyo 5643 Download the chal: here. How to solve To decrypt the flag, we need two things: the AES key and the IV when the flag is generated. IV IV is generated by random.getrandbits(). Python random uses Mersenne Twister, and it is able to recover the state of the Python random generator with 624 32-bit integers. See this link for detail....

2018-09-03 · 4 min · RBTree

[SCTF 2018 Finals] MQ

Download the problem file from http://research.samsung.com/sctf2018 or https://www.dropbox.com/s/n45bss3bgr4sjcg/MQ.py?dl=0 Define Function M: M(x0,,xn1)=i=0n1j=in1qi,jxixj+i=0n1uixi+c. (q is for quad, u is for uni. Notice that qi,j=qj,i) The code gives M(input) and M(input+flag). Let’s think about F(x,y)=M(x+y)M(x). F(x,y)=M(x+y)M(x)=i=0n1j=in1qi,j(xiyj+yixj+yiyj)+i=0n1uiyi...

2018-09-01 · 3 min · RBTree

[SCTF 2018 Finals] LCG

Download the problem file from http://research.samsung.com/sctf2018 or https://www.dropbox.com/s/xx6tnhzrgpdxvd8/LCG.py?dl=0 It is quite simple PRNG with the equation (t = 0xdeadbeef): xi=(k1t)xi1+k1txi2+k2(mod k3) We can define yi as yi=xi+txi1, then yi=k1yi1+k2(mod k3). So, it’s just same as the normal LCG. I used the method to break LCG described in this link, and the solver is here....

2018-08-31 · 2 min · RBTree

[PlaidCTF 2018] transducipher

At first, let’s define final_state(), which returns the last state of transduce(B, s) for input B. def transduce(b, s=0): if len(b) == 0: return b d, t = T[s] b0, bp = b[0], b[1:] return [b0 ^ t] + transduce(bp, s=d[b0]) def final_state(b, s=0): if len(b) == 0: return s d, _ = T[s] b0, bp = b[0], b[1:] return transduce_state(bp, s=d[b0]) The problem of breaking the cipher is that there’s swapping action of left 32 bits & right 32 bits in each stage....

2018-05-07 · 4 min · RBTree