## [zer0pts CTF 2020] dirty laundry

Do you wanna air my dirty laundry? How to solve Recovering PRNG The challenge uses 256-bit LFSR PRNG, of which seed is the lower 256-bit of 1024-bit prime number. Let’s see pailler_enc unction. def paillier_enc(m, p, noise): p = next_prime(p + noise) q = getStrongPrime(512) n = p * q g = (1 + prng.rand() * n) % n**2 c = pow(g, m, n**2) * pow(prng.rand(), n, n**2) % n**2 return n, g, c The value p is 1024-bit, so n should be 1536-bit....

2020-03-09 · 5 min · RBTree

## [zer0pts CTF 2020] nibelung

nc 18.179.178.246 3002 (This was all of the description) Overview From the organizer’s write-up(Link): FiniteGeneralLinearGroup is just a matrix class over a finite field. We can encrypt and decrypt arbitrary messages. Encryption is defined as: $Y = UXU^{-1}$. Decryption is defined as: $X = U^{-1}YU$. The size of matrix (from the server) is 6×6. How to solve You cannot decrypt the flag directly, because it only accepts the matrix with values in the range 0~255....

2020-03-09 · 2 min · RBTree

## [zer0pts CTF 2020] diysig

I made a cipher-signature system by myself. nc 18.179.178.246 3001 How to Solve In the challenge, you can (1) encrypt and sign, (2) verify encrypted message, and (3) get public key. The public key of the server is always fixed. If you see the verify function of server.py, you can find out that it will let you know the hash of the decrypted message. if h == H: sock.send(b"Signature OK!\n") else: sock....

2020-03-09 · 2 min · RBTree

## [PlaidCTF 2019] The .Wat ness

The .Wat ness is open for testing! http://watness.pwni.ng:7744/ When it came out in 2016, the Witness impressed with its ability to gradually teach new players the rules of the game by simply having them play it. With the .Wat ness, we take this just a small step further. How to solve First of all, this write-up has a lot of guesses. Also, teammate imnotkind helped in downloading resources and reversing typescript files!...

2019-04-22 · 5 min · RBTree

## [PlaidCTF 2019] Plaid Party Planning III

Plaid Party Planning III 1 Other teammates solved this one. You can get a flag easily by just jumping into the flag printing routine. Just use GDB to change RIP, or patch the binary to jump into the routine. The flag is PCTF{1 l1v3 1n th3 1nt3rs3ct1on of CSP and s3cur1ty and parti3s!}. Plaid Party Planning III 2 Basically, behaviors of binaries (III 1, III 2) are same. The problem is here:...

2019-04-22 · 9 min · RBTree