Guys, guys, don’t fight. I’m sure we’ll be able to come up with something roughly equal.
source
eulernt.pwni.ng:5555
NOTE: We originally uploaded the wrong version. It is still available here if you really want it: wrong version.
How to solve We need to get a divisor of that is close to .
Just factorize with factorDB. There are some s of which is odd. Let’s define a product of those s as ....
They say 3 rounds is provably secure, right? Download
How to solve Permutations can be handled as matrices.
For given key and plaintext , the result of one-round encryption is:
Let’s do this for three rounds!
If we define , we can say that
...
I heard bulldozer is on this channel, be careful!
nc crypto.chal.ctf.westerns.tokyo 5643
Download the chal: here. How to solve To decrypt the flag, we need two things: the AES key and the IV when the flag is generated.
IV IV is generated by random.getrandbits(). Python random uses Mersenne Twister, and it is able to recover the state of the Python random generator with 624 32-bit integers. See this link for detail....
Download the problem file from http://research.samsung.com/sctf2018 or https://www.dropbox.com/s/n45bss3bgr4sjcg/MQ.py?dl=0 Define Function M: . ( is for quad, is for uni. Notice that )
The code gives and . Let’s think about .
...
Download the problem file from http://research.samsung.com/sctf2018 or https://www.dropbox.com/s/xx6tnhzrgpdxvd8/LCG.py?dl=0 It is quite simple PRNG with the equation (t = 0xdeadbeef):
We can define as , then . So, it’s just same as the normal LCG.
I used the method to break LCG described in this link, and the solver is here....