Browse Source

Added Crypto Challenges

master
rishitsaiya 4 years ago
commit
dde493c336
  1. 9
      Crypto/Login Error/README.md
  2. 54
      Crypto/Mein Kampf/README.md
  3. 24
      Crypto/Mein Kampf/exploit.py
  4. 53
      Crypto/Modern Clueless Child/README.md
  5. 3
      Crypto/Modern Clueless Child/exploit.py
  6. 3
      Crypto/Modern Clueless Child/sub.py
  7. 3
      Crypto/Modern Clueless Child/xor1.py
  8. BIN
      Crypto/Quick Math/Flag.png
  9. 39
      Crypto/Quick Math/README.md
  10. 7
      Crypto/Quick Math/exploit.py
  11. 52
      Crypto/Rivest Shamir Adleman/README.md
  12. 3
      Crypto/Rivest Shamir Adleman/enc.txt
  13. 19
      Crypto/Rivest Shamir Adleman/flag.py
  14. 29
      Crypto/The Climb/Main.java
  15. 161
      Crypto/The Climb/README.md
  16. 100
      Crypto/The Climb/theclimb.java
  17. 1
      Crypto/The Climb/theclimb.txt
  18. 48
      Crypto/little RSA/README.md
  19. 3
      Crypto/little RSA/a.txt
  20. 18
      Crypto/little RSA/flag.py
  21. 1
      Crypto/little RSA/flag.txt
  22. BIN
      Crypto/little RSA/flag.zip

9
Crypto/Login Error/README.md

@ -0,0 +1,9 @@
## Login Error
The main idea finding the flag is decryption of AES CBC encryption.
#### Step-1:
I am not that good at AES encryption, so looked up [here](https://dunsp4rce.github.io/csictf-2020/crypto/2020/07/21/Login-Error.html).
#### Step-2:
Finally the flag becomes:
`csictf{Sh4u!d_hav3_n0t_u5ed_CBC}`

54
Crypto/Mein Kampf/README.md

@ -0,0 +1,54 @@
## Mein Kampf
The main idea finding the flag is knowing Enigma Machine library.
#### Step-1:
After reading the given message:
```
M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm
```
Google searches gave some sense of Enigma Machine.
#### Step-2:
So, I quickly searched for such libraries in python at got it at: https://pypi.org/project/py-enigma/
#### Step-3:
So, I wrote a `exploit.py` script with help from [official documentation](https://pypi.org/project/py-enigma/).
```python
from enigma.machine import EnigmaMachine
ROTORS = ['I', 'II', 'III', 'IV', 'V', 'VI', 'VII', 'VIII', 'Beta', 'Gamma']
REFLECTORS = ['B', 'C', 'B-Thin', 'C-Thin']
state = 'M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm'
enc = 'zkrtwvvvnrkulxhoywoj'
rings = '4 9 3 20'
plug = 'fv cd hu ik es op yl wq jm'.upper()
pos = '2 5 14 5'
pos = ''.join(chr(int(x) - 1 + ord('A')) for x in pos.split())
for rf in REFLECTORS:
for r2 in ROTORS:
for r3 in ROTORS:
for r4 in ROTORS:
rotors = ['Gamma', r2, r3, r4]
e = EnigmaMachine.from_key_sheet(rotors=rotors, ring_settings=rings,
reflector=rf, plugboard_settings=plug)
e.set_display(pos)
txt = e.process_text(enc).lower()
if 'csictf' in txt:
print(txt)
```
#### Step-4:
When I ran the script as `python3 exploit.py`, I got the flag:
```bash
csictfnoshitsherlock
```
#### Step-5:
Finally the flag becomes:
`csictf{no_shit_sherlock}`

24
Crypto/Mein Kampf/exploit.py

@ -0,0 +1,24 @@
from enigma.machine import EnigmaMachine
ROTORS = ['I', 'II', 'III', 'IV', 'V', 'VI', 'VII', 'VIII', 'Beta', 'Gamma']
REFLECTORS = ['B', 'C', 'B-Thin', 'C-Thin']
state = 'M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm'
enc = 'zkrtwvvvnrkulxhoywoj'
rings = '4 9 3 20'
plug = 'fv cd hu ik es op yl wq jm'.upper()
pos = '2 5 14 5'
pos = ''.join(chr(int(x) - 1 + ord('A')) for x in pos.split())
for rf in REFLECTORS:
for r2 in ROTORS:
for r3 in ROTORS:
for r4 in ROTORS:
rotors = ['Gamma', r2, r3, r4]
e = EnigmaMachine.from_key_sheet(rotors=rotors, ring_settings=rings,
reflector=rf, plugboard_settings=plug)
e.set_display(pos)
txt = e.process_text(enc).lower()
if 'csictf' in txt:
print(txt)

53
Crypto/Modern Clueless Child/README.md

@ -0,0 +1,53 @@
## MODERN CLUELESS CHILD
The main idea finding the flag is decryption using XOR keys.
#### Step-1:
After reading the given message:
```bash
I was surfing the crimson wave and oh my gosh I was totally bugging. I also tried out the lilac hair trend but it didn't work out. That's not to say you are any better, you are a snob and a half. But let's get back to the main question here- Who am I? (You don't know my name)
Ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e" (hex) Key = "12123"
```
#### Step-2:
I quickly removed the `f` from cipher text as looked like it was used for space. So I wrote a script `sub.py` to replace `f` with `''`.
```python
ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e"
sub = ciphertext.replace('f','')
print(sub)
```
On running `python3 sub.py` this, it gave me `52415851475749485d466e5343576c506d53534058516e425643415e5c4e`.
#### Step-3:
I had to check if I am not missing any cipher text so I cross check the flag by XOR checks. So, I wrote this `xor1.py` script get the `csictf{` code:
```python
from pwn import xor
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
print(xor(flag, 'csictf{'.encode()))
```
Output:
```bash
b"1212312+./\r'%,\x0f#\x040'&#2\x1d+57'%?="
```
#### Step-4:
Since we got the key `1212312` means we are right path as key has cyclic property key (12123). Now it was just replacement on the key with ASCII.
`exlpoit.py` to get flag:
```python
from pwn import xor
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
print(xor(flag, '12123'.encode()))
```
On running `python3 exploit.py`, Voila! I got the flag.
```bash
b'csictf{you_are_a_basic_person}'
```
#### Step-5:
Finally the flag becomes:
`csictf{you_are_a_basic_person}`

3
Crypto/Modern Clueless Child/exploit.py

@ -0,0 +1,3 @@
from pwn import xor
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
print(xor(flag, '12123'.encode()))

3
Crypto/Modern Clueless Child/sub.py

@ -0,0 +1,3 @@
ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e"
sub = ciphertext.replace('f','')
print(sub)

3
Crypto/Modern Clueless Child/xor1.py

@ -0,0 +1,3 @@
from pwn import xor
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
print(xor(flag, 'csictf{'.encode()))

BIN
Crypto/Quick Math/Flag.png

Binary file not shown.

After

Width:  |  Height:  |  Size: 21 KiB

39
Crypto/Quick Math/README.md

@ -0,0 +1,39 @@
## Quick Math
The main idea finding the flag is decrypting the RSA exponentiation.
#### Step-1:
Given statement
```
Ben has encrypted a message with the same value of 'e' for 3 public moduli -
n1 = 86812553978993 n2 = 81744303091421 n3 = 83695120256591 and got the cipher texts -
c1 = 8875674977048 c2 = 70744354709710 c3 = 29146719498409. Find the original message.
```
#### Step-2:
This article is quite renowned: [https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/](https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/)
#### Step-3:
So, I wrote `exploit.py` script to get the flag.
```python
from sympy.ntheory.modular import crt
N = [86812553978993, 81744303091421, 83695120256591]
c = [8875674977048, 70744354709710, 29146719498409]
x = crt(N, c)[0]
print("Hex String:")
print(round(x ** (1. /3)))
```
After running the script by `python3 exploit.py`, I got a hex string.
#### Step-4:
I converted it online to ASCII [here](http://www.unit-conversion.info/texttools/hexadecimal/).
<img src="Flag.png">
#### Step-5:
Finally the flag becomes:
`csictf{h45t4d}`

7
Crypto/Quick Math/exploit.py

@ -0,0 +1,7 @@
from sympy.ntheory.modular import crt
N = [86812553978993, 81744303091421, 83695120256591]
c = [8875674977048, 70744354709710, 29146719498409]
x = crt(N, c)[0]
print("Hex String:")
print(round(x ** (1. /3)))

52
Crypto/Rivest Shamir Adleman/README.md

@ -0,0 +1,52 @@
## Rivest Shamir Adleman
The main idea finding the flag is just decoding the RSA encryption.
#### Step-1:
After I downloaded the `enc.txt`, the contents of which are as follows:
```
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
e = 65537
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
```
#### Step-2:
So, I wanted to use the [RsaCtf Tool](https://github.com/Ganapati/RsaCtfTool), I factorized the `n` online at http://factordb.com/ to give us `p` & `q`.
#### Step-3:
A simple `flag.py` script gives the flag to us:
```python
from Crypto.Util.number import inverse
import binascii
e = 65537
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
# From factordb
p = 15485863
q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137
phi = (p-1) * (q-1)
d = inverse(e,phi)
m = pow(c,d,n)
hex_str = hex(m)[2:] # Removing '0x'
print(binascii.unhexlify(hex_str))
```
#### Step-4:
When I run this by `python3 flag.py`, it game following output:
```bash
b"csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}"
```
Voila! There we have our flag.
#### Step-5:
Finally the flag becomes:
`csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}`

3
Crypto/Rivest Shamir Adleman/enc.txt

@ -0,0 +1,3 @@
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
e = 65537
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909

19
Crypto/Rivest Shamir Adleman/flag.py

@ -0,0 +1,19 @@
from Crypto.Util.number import inverse
import binascii
e = 65537
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
# From factordb
p = 15485863
q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137
phi = (p-1) * (q-1)
d = inverse(e,phi)
m = pow(c,d,n)
hex_str = hex(m)[2:] # Removing '0x'
print(binascii.unhexlify(hex_str))

29
Crypto/The Climb/Main.java

@ -0,0 +1,29 @@
public class ClimbSolver {
static String encrypted = "lrzlhhombgichae";
static String key = "gybnqkurp";
public static void brute(int startPos) {
int size = (int) Math.sqrt(key.length());
String encChunk = encrypted.substring(startPos, startPos + size);
Main obj = new Main();
obj.keyconv(key, size);
for (char a = 'a'; a <= 'z'; a++)
for (char b = 'a'; b <= 'z'; b++)
for (char c = 'a'; c <= 'z'; c++) {
String text = "" + a + b + c;
obj.textconv(text);
obj.multiply(text.length());
String res = obj.res(text.length());
if (res.equals(encChunk)) {
System.out.print(text);
}
}
}
public static void main(String[] args) {
for (int i = 0; i < encrypted.length(); i += 3) {
brute(i);
}
System.out.println();
}
}

161
Crypto/The Climb/README.md

@ -0,0 +1,161 @@
## The Climb
The main idea finding the flag is decrypting the Hill Cipher.
#### Step-1:
After I downloaded `theclimb.java` & `theclimb.txt`, I checked out the contents in them.
- `theclimb.txt` had this:
```
Encrypted text = lrzlhhombgichae
```
- `theclimb.java` had this:
```java
public class Main
{
int kmatrix[][];
int tmatrix[];
int rmatrix[];
public void div(String temp, int size)
{
while (temp.length() > size)
{
String substr = temp.substring(0, size);
temp = temp.substring(size, temp.length());
perf(substr);
}
if (temp.length() == size)
perf(temp);
else if (temp.length() < size)
{
for (int i = temp.length(); i < size; i++)
temp = temp + 'x';
perf(temp);
}
}
public void perf(String text)
{
textconv(text);
multiply(text.length());
res(text.length());
}
public void keyconv(String key, int len)
{
kmatrix = new int[len][len];
int c = 0;
for (int i = 0; i < len; i++)
{
for (int j = 0; j < len; j++)
{
kmatrix[i][j] = ((int) key.charAt(c)) - 97;
c++;
}
}
}
public void textconv(String text)
{
tmatrix = new int[text.length()];
for (int i = 0; i < text.length(); i++)
{
tmatrix[i] = ((int) text.charAt(i)) - 97;
}
}
public void multiply(int len)
{
rmatrix = new int[len];
for (int i = 0; i < len; i++)
{
for (int j = 0; j < len; j++)
{
rmatrix[i] += kmatrix[i][j] * tmatrix[j];
}
rmatrix[i] %= 26;
}
}
public void res(int len)
{
String res = "";
for (int i = 0; i < len; i++)
{
res += (char) (rmatrix[i] + 97);
}
System.out.print(res);
}
public static void main(String[] args)
{
Main obj = new Main();
System.out.println("Enter the plain text: ");
String text = "fakeflag";
System.out.println(text);
System.out.println("Enter the key: ");
String key = "gybnqkurp";
System.out.println(key);
double root = Math.sqrt(key.length());
if (root != (long) root)
System.out.println("Invalid key length.");
else
{
int size = (int) root;
System.out.println("Encrypted text = ");
obj.keyconv(key, size);
obj.div(text, size);
}
}
}
```
#### Step-2:
The flag is encrypted using [Hill cipher](https://en.wikipedia.org/wiki/Hill_cipher), in which every block of 3 is multiplied by a 3x3 matrix.
The official way to solve it is by solving a system of equations using [Gaussian elimination](https://en.wikipedia.org/wiki/Gaussian_elimination) but I prefer Bruteforcing all triagram combinations.
#### Step-3:
So, I wrote `Main.java` to get the flag.
```java
public class ClimbSolver {
static String encrypted = "lrzlhhombgichae";
static String key = "gybnqkurp";
public static void brute(int startPos) {
int size = (int) Math.sqrt(key.length());
String encChunk = encrypted.substring(startPos, startPos + size);
Main obj = new Main();
obj.keyconv(key, size);
for (char a = 'a'; a <= 'z'; a++)
for (char b = 'a'; b <= 'z'; b++)
for (char c = 'a'; c <= 'z'; c++) {
String text = "" + a + b + c;
obj.textconv(text);
obj.multiply(text.length());
String res = obj.res(text.length());
if (res.equals(encChunk)) {
System.out.print(text);
}
}
}
public static void main(String[] args) {
for (int i = 0; i < encrypted.length(); i += 3) {
brute(i);
}
System.out.println();
}
}
```
After running the script, I got the flag.
#### Step-4:
Finally the flag becomes:
`csictf{hillshaveeyes}`

100
Crypto/The Climb/theclimb.java

@ -0,0 +1,100 @@
public class Main
{
int kmatrix[][];
int tmatrix[];
int rmatrix[];
public void div(String temp, int size)
{
while (temp.length() > size)
{
String substr = temp.substring(0, size);
temp = temp.substring(size, temp.length());
perf(substr);
}
if (temp.length() == size)
perf(temp);
else if (temp.length() < size)
{
for (int i = temp.length(); i < size; i++)
temp = temp + 'x';
perf(temp);
}
}
public void perf(String text)
{
textconv(text);
multiply(text.length());
res(text.length());
}
public void keyconv(String key, int len)
{
kmatrix = new int[len][len];
int c = 0;
for (int i = 0; i < len; i++)
{
for (int j = 0; j < len; j++)
{
kmatrix[i][j] = ((int) key.charAt(c)) - 97;
c++;
}
}
}
public void textconv(String text)
{
tmatrix = new int[text.length()];
for (int i = 0; i < text.length(); i++)
{
tmatrix[i] = ((int) text.charAt(i)) - 97;
}
}
public void multiply(int len)
{
rmatrix = new int[len];
for (int i = 0; i < len; i++)
{
for (int j = 0; j < len; j++)
{
rmatrix[i] += kmatrix[i][j] * tmatrix[j];
}
rmatrix[i] %= 26;
}
}
public void res(int len)
{
String res = "";
for (int i = 0; i < len; i++)
{
res += (char) (rmatrix[i] + 97);
}
System.out.print(res);
}
public static void main(String[] args)
{
Main obj = new Main();
System.out.println("Enter the plain text: ");
String text = "fakeflag";
System.out.println(text);
System.out.println("Enter the key: ");
String key = "gybnqkurp";
System.out.println(key);
double root = Math.sqrt(key.length());
if (root != (long) root)
System.out.println("Invalid key length.");
else
{
int size = (int) root;
System.out.println("Encrypted text = ");
obj.keyconv(key, size);
obj.div(text, size);
}
}
}

1
Crypto/The Climb/theclimb.txt

@ -0,0 +1 @@
Encrypted text = lrzlhhombgichae

48
Crypto/little RSA/README.md

@ -0,0 +1,48 @@
## little RSA
The main idea finding the flag is getting the cipher text from RSA algorithm.
#### Step-1:
After I downloaded `a.txt` & `flag.zip`, I checked out the contents in them.
`a.txt` gave `c`, `n`, `e` as follows:
```
c=32949
n=64741
e=42667
```
`flag.zip` contains `flag.txt` which is encrypted by a pin which is key from RSA implementation.
#### Step-2:
So, I used again the [RsaCtf Tool](https://github.com/Ganapati/RsaCtfTool) and implemented by a `flag.py`:
`n` was factorized online at http://factordb.com/index.php?query=64741 to get `p` & `q`.
```python
from Crypto.Util.number import inverse
import binascii
e = 42667
c = 32949
n = 64741
# From factordb
p = 101
q = 641
phi = (p-1) * (q-1)
d = inverse(e,phi)
m = pow(c,d,n)
print (m)
```
#### Step-3:
After running above script as `python3 flag.py`, I got this output as `18429`. I used this key to unlock the zip to get access to `flag.txt`.
Voila! I got the flag!
#### Step-4:
Finally the flag becomes:
`csictf{gr34t_m1nds_th1nk_4l1ke}`

3
Crypto/little RSA/a.txt

@ -0,0 +1,3 @@
c=32949
n=64741
e=42667

18
Crypto/little RSA/flag.py

@ -0,0 +1,18 @@
from Crypto.Util.number import inverse
import binascii
e = 42667
c = 32949
n = 64741
# From factordb
p = 101
q = 641
phi = (p-1) * (q-1)
d = inverse(e,phi)
m = pow(c,d,n)
print (m)

1
Crypto/little RSA/flag.txt

@ -0,0 +1 @@
csictf{gr34t_m1nds_th1nk_4l1ke}

BIN
Crypto/little RSA/flag.zip

Binary file not shown.
Loading…
Cancel
Save