From dde493c3363403c81c022282b9198d2178cf6262 Mon Sep 17 00:00:00 2001 From: rishitsaiya Date: Fri, 31 Jul 2020 18:20:47 +0530 Subject: [PATCH] Added Crypto Challenges --- Crypto/Login Error/README.md | 9 ++ Crypto/Mein Kampf/README.md | 54 ++++++++ Crypto/Mein Kampf/exploit.py | 24 ++++ Crypto/Modern Clueless Child/README.md | 53 ++++++++ Crypto/Modern Clueless Child/exploit.py | 3 + Crypto/Modern Clueless Child/sub.py | 3 + Crypto/Modern Clueless Child/xor1.py | 3 + Crypto/Quick Math/Flag.png | Bin 0 -> 21670 bytes Crypto/Quick Math/README.md | 39 ++++++ Crypto/Quick Math/exploit.py | 7 ++ Crypto/Rivest Shamir Adleman/README.md | 52 ++++++++ Crypto/Rivest Shamir Adleman/enc.txt | 3 + Crypto/Rivest Shamir Adleman/flag.py | 19 +++ Crypto/The Climb/Main.java | 29 +++++ Crypto/The Climb/README.md | 161 ++++++++++++++++++++++++ Crypto/The Climb/theclimb.java | 100 +++++++++++++++ Crypto/The Climb/theclimb.txt | 1 + Crypto/little RSA/README.md | 48 +++++++ Crypto/little RSA/a.txt | 3 + Crypto/little RSA/flag.py | 18 +++ Crypto/little RSA/flag.txt | 1 + Crypto/little RSA/flag.zip | Bin 0 -> 226 bytes 22 files changed, 630 insertions(+) create mode 100644 Crypto/Login Error/README.md create mode 100644 Crypto/Mein Kampf/README.md create mode 100644 Crypto/Mein Kampf/exploit.py create mode 100644 Crypto/Modern Clueless Child/README.md create mode 100644 Crypto/Modern Clueless Child/exploit.py create mode 100644 Crypto/Modern Clueless Child/sub.py create mode 100644 Crypto/Modern Clueless Child/xor1.py create mode 100644 Crypto/Quick Math/Flag.png create mode 100644 Crypto/Quick Math/README.md create mode 100644 Crypto/Quick Math/exploit.py create mode 100644 Crypto/Rivest Shamir Adleman/README.md create mode 100644 Crypto/Rivest Shamir Adleman/enc.txt create mode 100644 Crypto/Rivest Shamir Adleman/flag.py create mode 100644 Crypto/The Climb/Main.java create mode 100644 Crypto/The Climb/README.md create mode 100644 Crypto/The Climb/theclimb.java create mode 100644 Crypto/The Climb/theclimb.txt create mode 100644 Crypto/little RSA/README.md create mode 100644 Crypto/little RSA/a.txt create mode 100644 Crypto/little RSA/flag.py create mode 100644 Crypto/little RSA/flag.txt create mode 100644 Crypto/little RSA/flag.zip diff --git a/Crypto/Login Error/README.md b/Crypto/Login Error/README.md new file mode 100644 index 0000000..04c47d9 --- /dev/null +++ b/Crypto/Login Error/README.md @@ -0,0 +1,9 @@ +## Login Error +The main idea finding the flag is decryption of AES CBC encryption. + +#### Step-1: +I am not that good at AES encryption, so looked up [here](https://dunsp4rce.github.io/csictf-2020/crypto/2020/07/21/Login-Error.html). + +#### Step-2: +Finally the flag becomes: +`csictf{Sh4u!d_hav3_n0t_u5ed_CBC}` \ No newline at end of file diff --git a/Crypto/Mein Kampf/README.md b/Crypto/Mein Kampf/README.md new file mode 100644 index 0000000..7a3f889 --- /dev/null +++ b/Crypto/Mein Kampf/README.md @@ -0,0 +1,54 @@ +## Mein Kampf +The main idea finding the flag is knowing Enigma Machine library. + +#### Step-1: +After reading the given message: + +``` +M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm +``` +Google searches gave some sense of Enigma Machine. + +#### Step-2: +So, I quickly searched for such libraries in python at got it at: https://pypi.org/project/py-enigma/ + +#### Step-3: +So, I wrote a `exploit.py` script with help from [official documentation](https://pypi.org/project/py-enigma/). + +```python +from enigma.machine import EnigmaMachine + +ROTORS = ['I', 'II', 'III', 'IV', 'V', 'VI', 'VII', 'VIII', 'Beta', 'Gamma'] +REFLECTORS = ['B', 'C', 'B-Thin', 'C-Thin'] + +state = 'M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm' +enc = 'zkrtwvvvnrkulxhoywoj' + +rings = '4 9 3 20' +plug = 'fv cd hu ik es op yl wq jm'.upper() +pos = '2 5 14 5' +pos = ''.join(chr(int(x) - 1 + ord('A')) for x in pos.split()) + +for rf in REFLECTORS: + for r2 in ROTORS: + for r3 in ROTORS: + for r4 in ROTORS: + rotors = ['Gamma', r2, r3, r4] + e = EnigmaMachine.from_key_sheet(rotors=rotors, ring_settings=rings, + reflector=rf, plugboard_settings=plug) + e.set_display(pos) + txt = e.process_text(enc).lower() + if 'csictf' in txt: + print(txt) +``` + +#### Step-4: +When I ran the script as `python3 exploit.py`, I got the flag: + +```bash +csictfnoshitsherlock +``` + +#### Step-5: +Finally the flag becomes: +`csictf{no_shit_sherlock}` \ No newline at end of file diff --git a/Crypto/Mein Kampf/exploit.py b/Crypto/Mein Kampf/exploit.py new file mode 100644 index 0000000..094d2f4 --- /dev/null +++ b/Crypto/Mein Kampf/exploit.py @@ -0,0 +1,24 @@ +from enigma.machine import EnigmaMachine + +ROTORS = ['I', 'II', 'III', 'IV', 'V', 'VI', 'VII', 'VIII', 'Beta', 'Gamma'] +REFLECTORS = ['B', 'C', 'B-Thin', 'C-Thin'] + +state = 'M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm' +enc = 'zkrtwvvvnrkulxhoywoj' + +rings = '4 9 3 20' +plug = 'fv cd hu ik es op yl wq jm'.upper() +pos = '2 5 14 5' +pos = ''.join(chr(int(x) - 1 + ord('A')) for x in pos.split()) + +for rf in REFLECTORS: + for r2 in ROTORS: + for r3 in ROTORS: + for r4 in ROTORS: + rotors = ['Gamma', r2, r3, r4] + e = EnigmaMachine.from_key_sheet(rotors=rotors, ring_settings=rings, + reflector=rf, plugboard_settings=plug) + e.set_display(pos) + txt = e.process_text(enc).lower() + if 'csictf' in txt: + print(txt) \ No newline at end of file diff --git a/Crypto/Modern Clueless Child/README.md b/Crypto/Modern Clueless Child/README.md new file mode 100644 index 0000000..d9ab34c --- /dev/null +++ b/Crypto/Modern Clueless Child/README.md @@ -0,0 +1,53 @@ +## MODERN CLUELESS CHILD +The main idea finding the flag is decryption using XOR keys. + +#### Step-1: +After reading the given message: + +```bash +I was surfing the crimson wave and oh my gosh I was totally bugging. I also tried out the lilac hair trend but it didn't work out. That's not to say you are any better, you are a snob and a half. But let's get back to the main question here- Who am I? (You don't know my name) + +Ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e" (hex) Key = "12123" +``` + +#### Step-2: +I quickly removed the `f` from cipher text as looked like it was used for space. So I wrote a script `sub.py` to replace `f` with `''`. + +```python +ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e" +sub = ciphertext.replace('f','') +print(sub) +``` + +On running `python3 sub.py` this, it gave me `52415851475749485d466e5343576c506d53534058516e425643415e5c4e`. + +#### Step-3: +I had to check if I am not missing any cipher text so I cross check the flag by XOR checks. So, I wrote this `xor1.py` script get the `csictf{` code: + +```python +from pwn import xor +flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e') +print(xor(flag, 'csictf{'.encode())) +``` +Output: +```bash +b"1212312+./\r'%,\x0f#\x040'\x1d+57'%?=" +``` + +#### Step-4: +Since we got the key `1212312` means we are right path as key has cyclic property key (12123). Now it was just replacement on the key with ASCII. + +`exlpoit.py` to get flag: +```python +from pwn import xor +flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e') +print(xor(flag, '12123'.encode())) +``` +On running `python3 exploit.py`, Voila! I got the flag. +```bash +b'csictf{you_are_a_basic_person}' +``` + +#### Step-5: +Finally the flag becomes: +`csictf{you_are_a_basic_person}` \ No newline at end of file diff --git a/Crypto/Modern Clueless Child/exploit.py b/Crypto/Modern Clueless Child/exploit.py new file mode 100644 index 0000000..fede405 --- /dev/null +++ b/Crypto/Modern Clueless Child/exploit.py @@ -0,0 +1,3 @@ +from pwn import xor +flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e') +print(xor(flag, '12123'.encode())) \ No newline at end of file diff --git a/Crypto/Modern Clueless Child/sub.py b/Crypto/Modern Clueless Child/sub.py new file mode 100644 index 0000000..01e68b3 --- /dev/null +++ b/Crypto/Modern Clueless Child/sub.py @@ -0,0 +1,3 @@ +ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e" +sub = ciphertext.replace('f','') +print(sub) \ No newline at end of file diff --git a/Crypto/Modern Clueless Child/xor1.py b/Crypto/Modern Clueless Child/xor1.py new file mode 100644 index 0000000..ff15802 --- /dev/null +++ b/Crypto/Modern Clueless Child/xor1.py @@ -0,0 +1,3 @@ +from pwn import xor +flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e') +print(xor(flag, 'csictf{'.encode())) \ No newline at end of file diff --git a/Crypto/Quick Math/Flag.png b/Crypto/Quick Math/Flag.png new file mode 100644 index 0000000000000000000000000000000000000000..ba0b942b19c7daa4db433efbfdc475ef3f261cfc GIT binary patch literal 21670 zcmeEu2UJtr)-E0kM-;FC3J8dTNS7{MKzc7pAe4X*N~qEaO+i6Xij*KF^qSCnM@4!s z3DSG-p$7sloO8#${~7PT|9^M<;~(R_F>b~n+3Yp<+-uFb_FD7%)?E9emWCoZ866o3 z2?@Ef(n}o@lFJ4pB)@6?evNo0?3nQq@#iC4Pv2F?%;TYxv!kVr9rU5AmlO0M)YHb2 zgv4_c5T;G>^WpC=&qbRV&8}P#?a9hjcI=zug^6TsU4C+R_g&A)>K-lCGn;)&v!Iu9 zfsM3uG`~?P(26h3j_C036exRM{j}Ie&`Lhjq_)KxPvno9k!B+`zlci8H-)@buu~58 zlJh&+ET7BFW>P5TGP&vGwM9ZgcFl%ZDSdS{F>^?HpXhJS89fp;wG}d~urh(ZfGPTx}&E>8oo!lyh{3J{05;x|loLIJw$5Iy}74Y4*y|%~kTzBVzf(zbU_Pz~8kyxctos zM04<7l<@NLJmdY3;;uH9{|E7ll7EO_Tr8$#;|aCXe`#Y6b#Nh8LGsaaA(20n{iD?2 zKa>iI^8HbIp-D{H-pmRLvaxWr{>NqiC{TjhSXmQW@|R0Aoo%2*8(g$j@)6%7-V00e z{>_v`&+z`;H5c~zpa1;(CjXL+|81^+o9kb)z`rE?@80!qbNx#e_?LwL-Mjw(G8frD zf;*@KF{1MzhHkFeqyfaR?~048vfl5+kI(NGA4o_Zk|@8F(eoT#pYYbwvkEvr@3rIi zJxEY5P3Y@FkSAom2KF)3eP-eK7^3{n=$rC8meDY6=i9;`YrntFPM^c z6PFS<;Zg*NB~j@rpJN>KB8Vob`8m~p<>KH)+iw>?vNRXpw@NO)N#1c?d_T1KLz4N% z#Xm3F@KW0jgR0V@dgm?vhlE-4IR7>KS-9pLVbo%|u1TbrKMPgSkiixtk3OG15t2Ij zT34y1o7Cf1RLyX5zIQvnV3wPdgv5#4p>grdr@3{s+AZNA>3JqBR?#HcqFUgkyW%@M zg^${GWy&=_#arBDg5tUAYm_!jl z!6u$B7BCK8zEa9k$2=HR&FKgC#a?V@J0%QU989wjEw7--{z z`$b&B%`Ek4udmlbD^*NDnHsTn!`MJb8@;%~V>>}>tE!MnbROqPDoy*5p`)JaAsq+* zgK*o`)7I*WMi)kgajy*esmsF?YedsEAR_?#ZxQ#fcsCOU6|Xh9?vFe4`626tUvH=H z8z~@-CU2E{qd%TxxYN{SBUvFiKNb+fR$qjk>&^7b33Z4nr@xXNy>@v^xL(kwLWPyx z^Rx3|FQ{y-sA93c5ShsaaO>xsu!)kyNrkE)3tktSbwd+-{Iq&$1TkZ%ca>6@0sVCQ zH$J;E^;*jgrz2U~j=pJE&&H}XSJO`q^^8XK9StnV!?awx=HRf|E1^zhJf#W=EfN_E zORTxcmNdROuibSE1`f;M1X2!k4xl~=)_!Ir`6{q%tox@5jVqd_uo2sLTd#yAOioH!UG^+*Z$DFf}cE$-__;OPySS_NGl1Awu8 zEmA@zgY|gMCo{^DG0&9T)Axn?ow-{DsrAIvlMn{6qtY|M20Ux9}v7g2r)hazGdL z9Ks%3S=@s~9M0(SF&poGd}Xp!?kkym7xcU`p#(Cx+6(3h!2htqG!{XlzILT|Fi;O1 z)Ghj^4B$#ps6&;K4w^~B{$lezqt&^Pz1sWrq}eMUS84%Md!M$g_RkiFF~jGNEtYP; z`Ab=q4AKP37V57%8(Cd+;lqa(fc4Qlvc}{Mc2z-vtiY8w3QFeLB>+gaYm$lI#$~`2 zwU0aPhLB8LBu7lFPl~#->fXU=D|9R8(SB>0hiwJ0&`WXQY{AGGjsNM8FZ%jr=Ag9R zX4UV?I#U^~R3_VDDEb;%jtMU{%k?54Ls`_Q;jF_k-;r4;o%I#$$vvjBEAO)45Q*#o z<0U=t>01Shd02Z6g;=>5x&$XCf3Gnwb~p)kT!Gg>=K)s+hm-m`PioG@?a)0o$M0gx z%SVS%$O_xzkKu05=HwQ#UY7YMiMiAr6oa2ZE0fyrY0RBR8tiP|33srehmPN%CE{x3*FXIq>a=C^q`Qb4jF$d86abmQFQ?A-kUCRQk;J)D_Gba#U=IXQ% zwRU>jzC$8QQ}gqeCXVBJ&$-sIuJjTiUTg4KF7WZK(BVBR0LOWrPQ_PZ51p)bS>im` zZx*k#aa(-*2Ialho9hZfsHkef+JpEwlFtH!kCP$EhM0xg7!ksUjx7J2&^a&?vRh=r zaFP}>R;D<8;;1%<6sZ;5W_!iRbHbPkF+xgACq9b!MAMDtWq=Iy9+mfc|PsK2PxB9t``1f+wjQgRKnl z=!o&!>Pc_Hn*D3*@gU8zxq74e`c1hF9`I7-6nMj^QGGM4rVg`2cVKoMpmuscG~p;s z2Pp@Qr4pDE87;QYR5)gmJGzoTRsj;P*uaF@H}<#C1{SQn1OG@K3dnLFt*ZivGYn4N zO?tEIN@%4|eH|A?JuzGFPN+_L*pBZaNBdiVV?%PT)V#1&-5eJU^5&I$89 z%XRnPrnf(yzRNIDL39uYfXaWpk{_8{5n71@QvRcVYJG7Nw5B`t$CiPdlVsLi!V=B+gf^%E@^Gg`7$rs3!QVl7b{ z<`QhMt<^p5^g{7$%Z6bjG542g<1mkJ>Hw~SkA>guBf_E~o%=*%?Gqu{x|OuCA7P&i zI}B+B2Nb~EoQ6l}&t9yImrv{`-_>!HJnV5SGjG0f+-pLvp+8=A9wf$f|MrlNi3=8w z9A*r+0raztR`Gxw8xKFaJKj%sQdRBi9$CGIw-2}N`JBovvp#SSj3g8rWe>x?oa?P^ zUk68EYj;#p8rX{-5iW~Zi5Wh>;euAL=Edb1qr>hyV^4Iy! zAk<6#pwOVkIMc654SRG97FsY9wUa3s{Xs>$Ta*-EtfFh~nBp>S{+XuB-{_059RCm3 z^Z9nV*V*USfT3TDb>?3Eu!v!{o!9SnCHB`8qfPe~cphQDEys*}0bkrKRnTzuIJjVR z>%a_ad?woOwfJ%4(&Oa*T-r-Fj`Yp5IDJi3$vITQj*P=2ef6@kj_OSyxcC-L|H9Wb z&Q0FVMvL>px+a&1)2U(bp~Zxj6&nBP&57}PF(qdS=1Ik`;31Hr9(Ipy!D<1xbs(p7 zq%|>xN_QX+k5uPoU`*~UY^i9C;eVzI4Lv;dq}&7=v=jv`lxm&>GyRw!K3OP6Xd^;& zFYODjhA)F`!EUQ4f{`z_`~fIu zp|EEjQteV3GM3=ye!11q*bnPS)tUC|UFzzp6&Y!(R9?d+(z~fjwR+=aPC;x!LrIw(j*$M*DT-$Z{j>$n7 zXj*uGKPVogV{?^F*x;j!Gz zpl-Ow3#A*I{Ti`tG^5+5*eng8Z)Tm&2{N1Uw!Ncgr4j=#mLcOrH>d+|FjrQt%7i|8 zmwRGPj-2#JSxB(%d>9&XV+ZYF{OvWovy!v$R7G)B*H^K!ZG1$t*tc=6bi_fNmZ3s7 z_CaAkWF^jAPh#it)dTf(L5DMza*+>EU|n`Bqzh(%+y;A1TzZ^G<83{r&H4DHFgiok z*t>2Letx^`*2sqO)a#1(!4=hQmk*q+asmul#ha{umv5kGV0^vdqdZsWS~#pew2*vv zI8|!84zE|dg?w|>e-t=scXBn_Jb)&{elW_mw;V1V)}Po;@X8~?H~&DfDmKoS?&p*E zOcg+tn6BNh6uRxz6}Os~w(IvBy}j%3Wk+Atka|1c!HxDwcKddPJU&I?xA%}91!7Yg z#x8aHOPpiXBKbfJ#%;sSI9Gl5x626Mwol+~ER8*{M9PG`p&%<>VJvkmeE5{6aBFd` zzp8`U{64ZaYkX`^0pb6xgk4Nj7mf3<_U^y5!PBL;uI`(se+bVS*+=Wjdx?8kVUsuJ zm!6Q295pPP)|kF~m6qRucEC@bN4qoT4ON9@`IT?pxF#YYfX;Ope)gU#4?tQZ?4-x? zyv#NmLL0cJ7ogr8+WP~=E17~D1p1Cj0QykBGJ-E3*jyR=P2p-Od}kJ%<%`$I>!UZc zEvWS)LUM2F5|+pAkuCeUwM)i$*-o}owLz@iV0LydDs47TBbEU>nLh&F`;@)^^Xoc- zBGN4!rd zIvg8o{Q_Ipc#^UglFMI`uSMMC)-QSPR9^18Teh4sHDw_8o5CZXrSP1E9W^(xugJ`L zhRGL0hL2A{cXoVJ7fMBPx}Ylj3;9R+G~FjJFjGHvz~)S3`X3AZrX4ZSbxR4XQ1TEViXc8k&m7j0Kg zZ?axFxr!5t3+?S)^|`=k`6~xukdVHrW&u|xSzu@28(zSQ>6slvm!s7#BjHr+i3}Yd zt6XtrDFChv^ZdGOCs}LjUh7@L23@XhbDZ0T+v@2=C9u+pqYatW>WR7``Kp1{u4dZaCy%mNKQa?qFv< zf7wak2S=~?e&U3DQVACj-}chiHSsqRR@Q{7VX?)Wbf7R7^m9(t^jC;wKQzmUZ^(5} zr!`>z1kSwk;n7CWD!QlLt-1Nx&1SX4l(t#wZuEecW?tWokDLvJx$;mTd_WwYdVH+t z5VO#jX9aG&2bUPLpB%?72UFRI4xAbl<9&Hoi*Zli8>&~M&|)TK3qi(f%-4yk$h^pmJ%6(rSyeRNQ`@rpPu*B&6o*?m^uf{un2e6 ztQHJ+Q*wZ+z5}@2ZTz;kDL(2BGwtnoF|QmI0eVGoUWR_0NF}@b#4ks^5u2LHaW~H-OpdfVzz|9>0+yS zqED7LDoyl0pO*w}|H2Pc+yLyVWr=boJo88zSV1v-f^m6~lv3nc$t0b~aq*knoCZ7*i;G;#BSw?$hP)g&vVCLzxdw`Yd!HU5KgEoq z(czVR)7|>nahL5Yduqp|z`D8*E~Ohxep=G=YhX4t2)3{`ZtA70;#$jmlFmcoQ&rlny%-U`dO-sOx^E{2 zh)J%3+5-F~k~dohZILX*_$q(&;G?quWGIJOyM)w`UK~neuz3^Uxu+HCY-x?@P=?jN zsxIGRSvYeKMyUDd@YTyE+!HLi63ijy@Y%AVTyYE(hL{_xll*@6H3^0p`=kNSo5*ZV zSYr^7s~$VB#_aLY-QLjJMj{q_l8Btw7r7)oSj!1Gg35XB(o%i13hfmA zou3snR#~4ujHF~28^@L$g*2y4Girx?^al!n>hhN!L|Uxw5s^8(IP=}~(M@&oul^5G zqgTwSChwHGKJ!kZs42|87{!6Rft|6ukSy8@#y7?GltKOC;GfgM|5vQ>@5Jm4;^#k- z%WopCUYz<1x%{Wt-Iq1KM{mDeXXm!ZG{wATYpg^O%yd1xn;Anl5gyfCGdO_`` zjl>*y%KGp)=NoV|uaLX(pfnzse~uFVFt;sgm^R45ba#h5RzF|M91@y=>{+ zv^3e&)KoG`N=FZIg_1W3%WH*=SP;ZF(|fBPMDywWH6r!B+~RlC#MEI~+72sUJ=&Qg zBO@D_@R*vgtTjAO;wsf23|7;6`zb2Suy@P<+?#OJD*eQic-gq@%_gnhBuRj-?%?Ly zMlcuX?US2c^397LMux=0ZmFlcz$sFvP#)u&jM~kbPeDX$R5g$L9!}sqC6K=xhwkvjFwMC0mKYpe3oLFu-1jF%fUx_B)BD9M#O^%NrIf><1PI74_p3>F;f4AoI68X#r`xWU?j za^GvSY;~~Ljd3xYepT{h$vLNoIt$hS>QY#23IDL|)G^#3AU)=ps0MB;9o`uoTMm?G zLoJ{V+ebMyqDuK==AX^4nlc@P^ZN$SaAZ!GT6S8#k;H|g#g^g~OS*c6 zpF-~L1I@mK9Bd5CF7I}L>r^+h$bB#zMv#K4JXva*jlqKQ>os2`4LCar>|Z5G+PoK5 z+hkQWLL4xNWyoz@;fjNT`9uwu(gpPNad8I=nmXae#~eFMaV1wc`Ta^tZXB+Z-mQ(M z_BAp1blC3u-uFJ%sad@P_`RWbZ=``*#kCNG#c~u-T-0gGq-_BCI)3>xuxUChbvZ+S z1l0+ch;$g@^h#3@q|l|M$bQ16%v!7AIzrG~{AkQ^&}@UB*B>EoFKT}3=3ECqa^)-W;%pI^iOMTbmv%=5k76L2==`j(ev1_ODf8Gx1zM)z*wq8Q-CvC_Q zCv{BuXk_Eyjr8^Kvd&rzYavVe4GzOC6oOYmdFJf>NIG=^4v{5_pNnl>1`-;2zlYOub54kd_a*m88H%Px_0i(zZV&AQKLarZqzx08XGBc>B-;iU*NT>=N>uo?$kvOOOWYky_| zU!CWJcZ#|c=#U1N)rM1a!X$zO-glPO73pNDdBIjKg7!f85+Rk%k;!U~2!YoH4G)UI zt++c0V~iI|TMli_yFBd7C895oyoCtX@kxnhEwTs4IFq`kg?Ymf8FW{I$Dp}Vg|J-c z&dpdflq03qXraJ~Ropy5aiWeVcGdTQ;?NA}ljUrfm?d(Jt9__>6<%<2+{aB`#iIb> zrty|+PL9q$rr>8?DK3Z4A}-n1Y*lY#>m0(-@d@;SWmh&y=PoiH`T(f$N)B``+Yj3i zp+V(1dCpB4Yb6P2udFb0aHs&*x~7kP;udMVGThUC2*pBg4s@xz2y&%-c=-P6shxFS zSAM)em$V8d*BYybWDw2S_}$a^%OcNt9f7^gimVK8@eW7kBKXbPlh?ocnKpZFDV6JU z&30zwQ`M{?~_Yk$9+M5V%pI7o9Vd?;ia9^V@cn zA}ZUBQT}T6cGprW)lfA0>oucBz%Is35wgdn!bA|&lO0%*H-L$!jQ$tA12>28JC#B;Vvft$^KG@66 zdMdWtf0#{3(aR;c^5v8C>}%v?UkVpLuMRyivl&TK5w!}nJLYfdEsv$nD7xf3lpTKF zSoG!>&5*P~d(*Wm4tMo(&E1*=`HIy!bo$31u=}E}m5Go@nWD&?vxKkZ1(ArD>iZk` z3f1&2J}lG$s=r-aj8jR98ogD-(tbZ>4Dj^Ix&#fvtg4KY|o`Y+}DxGQ(9)Y^WmxG^*qSap03Q*Zr z|By->j9wAcd(N(LIhcjh9KzfEm7&nIfP8%D^L{niVJ*h$R|?QvnR!*JnR9-{Ul7P2y-_zx8+{+!PR_pn2 zfOg-28XLEnW=9%cjS{$e6{V_%*#(z^I#j24!^EN=4cZ*$gKdEGh0YGm0N`QOzS6Om4x|mspcEh8aYQ-qEyXV`K7-2Z$*`t_}G%a>ePSNeSjN>g< zn}%~<-AFJ>>XF=5=p>0JYQO7w>eyq+P_W-N z_eGXeeP}3mXLTg;CcGmK^iUm%nm6-WrG2&9H3Gg$t}?iqYaa|)J?PfP#}mX{zV}V% zdUdF7-Mz&x5ljQ~%GVX`Y_jn2Ti`Is=gL)(cNqZauYIwJ*I9ljIye~fYl%$zr$k1b ztXxmPrF`8liv<xwSbe@JfM@` zZL#x)PTMoD5QL4&jDeSWcvs4#idq8463O}PiW?mXhB+TZ-_t#q*JcF~$px)@n)j~s z$xFE5+Ons33?B=4#o=&ddS6B4nS--AMC-ML{E(*sLwfnbx&SB7MzT*7Yrh&WDhybN z*~ZQOcRzV`%=-C|Lv!2 zvNTSdMHC5XLzhAyOUncb*>*U^1-s}uW${t08x}xY1EM7cM|`%lw0ggUJQr1M7dUJm zl&MzGuUqV)W$$%dg6+rZ3<}Crx}+wWA<^bzB`oYpO-lvZ@LiN&5M0cPqueT!3`lf_peY^fOtPMGBhR#3=2k7WssvCbcMu?2E;_tCIp2@7{5|4A#?q zoExsEYw);Gc1VEh8S^{&EA2>7MsK%gGd%+|LW2%2!iy557eOg~#;+zvD$EKiK?;go!^lF+!nD0I{mY%OaQCK1U@8^nU_FZsE!YS4%C zK?R-aq>C90wbHQA?tuNCOBGQh_YS4JZjG+0Y1^z7tEb>J8eF(NrmE9nbHa&8^t5ZHa!AN?tPFI@RI7qK#A} zE4kXf{L;Wzfg-}qP+hJzsC=lgK%?Z{yQeR8wBTjp=gji^TNk{3ta zE!5ACkFRSHF+hl)(=id>2wrw_iH?qb%EMETE|`8p{zm!Jr3?ufnaI}1>Het2E)`%h zP&J3wFgm@-El4&%4TGUw73EiV$!Zaq)U;Ur(IBy4$1`A{84++(H%Tn~^JIHGKc{h1 z(`Zo6`yP3*#oYc872S#tNn|&ahY|x^$*Zu$=IH4~WCsvp$eV1k6y3-M+sZ`a>6oyK zj9Kw@7OehpSp?hJ!ds>iqathoTMcaPqFuh4q2vC|8&NI>VTqEgy|M2*+Bt`2RCHxz zg48sTT`6bIJ&72Y{5NzgCW1^F)bnG31EtsWnnUfQ?&4El&#?q7j4az4W|FzelL*Ma zjhZxLUPUIQFML#^xk57SSj?-~_FIkpMdH%8{9m!=H4iVsU{~gU0yF=_k0gKQF#T6B z^KY2+FJgb{{0kcW3v~UzOrQFffbc)V%l~f3Uo+MI+aCERj{84T6aO!JjS$(Zn;qO6~mwB3iwR-H|X;-Rby9r{m%scE|_n8f(W8yDiGhS3jC8RG`?MQwlQ_K z5#lfRN3!Z0+nf4kW~ty>_x$lqxGYT{!-V^oJ?_{?keJc>jr&fKv&$65r8lz!Rj zYTo|%Vc*?Zb}|*Xz*HoKUw(|iVpo&AH*G3EGZ{7b9P_JRAD6htW7NlVwoNLpps>nx zzQg2pvQatslz6#_vM+%tfl2UmN&39ni(00#*5v#sT&BizC(ZBtWNMA5h}q)Ogn_X! z5(a}22}#1o7UE^gEdhan)O2*H+O3A#Ci_2q)%U)N?T-}P|LD3mTapOA%QbHc8w+&R zyZt-ocKYrU6-?-BX+`{KVyHRUtQ8v%de8eNVZAF(;DRyTE1aR2c-_jte=|^l$Wm5a zUu`&RqK2G*r}Rr1bEs8^`0kSu2Bis6@Pp6ReXu207?!**g z!hWGYhQZ^M$(OLtT|4$_jBJ|G z0zfl28J`z*uYvTBeng`MHFuw|a{9HsAb;@uWz$_YYq&{V-9(j4UGw062T%lb&EdL9 zAxK6>=1;dS&NhF-!N)WeDm|!*P-Mh-YZTtB0hi~rR73@vt-jjd(lZ-{ZZsGJV`8E^ zMIwmAENQwv(I}Nk=f}zCE8FD_p;4@sf zBwnE9KI^0|{VU@4`h~0UlEMwCr$3cDaGZ@2;s#L_z#Iw3n#f?v{)iQE*Qd5={D+ve zpCK0HOj1VeBMXVX#0rv3<+{ru&>8wmO|38;yH<1HW*}{R9X7M7`8|iIc3O8S>FVjM zGFW?2!~)o;Nl(@!B-yAXFMp!`%clm3hZ8?~ZwXq;0IF zCNFS%-X|vUskWJA83#X`t=#)~Ig|ZGHE1$Z+Q@Nj8RxDxd2ieBXJ#7mM3Wr3V2WHP z1wkSaM0}3ADGe~xn38vj9sM)O)q0T-6ysfi`Og*Y5zO9dD9iA2)bqxSg(Pm(qS*nR zd26FDqjU)=Z(FF>z5kcULHh}aq8u> z2z_SW*Yb2SZ4Xk5lTzjve8#TP&}Ga4DoX6j!%HJ=dALTpOxNg za`k<@%l6wDLp;+M?l9=Rz=y_5Sz$bJInhVoLl~tXt>?gm8NC7>`E!QO<#W-&mBi;@3fkuUv!%ntIOUYTG*J2m$h8VYy>!`JAJFV| z{NpjTUw3UdP$w~Uz!%EF$@674lFD50UFo(Hk$zmLNs2NhLMu1oiA{;}g!n zsZ%#PIuo+KZvOgxQWw9xVdSebrrvo&3#~b6oDE4nz+rzQnXbKQ5R#ZPq8#L|o}A-l zs0x^I?%Z(CMb+tD&~C!4pF;^#hqEV_+QJv9h0~fmo-Zhzk zGzhDO0e#J~p0Kh#Wo91VDkXx#Qoz^B=0d){xvPabMrxz3%@`|AQTGp#py<~@ zJCf!dz7n7nra!KGw%q$F{@Q^`p)lsr9sG zF#E#(1kB@EtFPWx&)1yj46_gh;!>+~qt*)n&z_a0VK$CtQDAPadCY8L9zfA{OfpF` zYze0F#|;}rG+OtThgxV=)EUu3LmyS#!T|WSY6i^-@p7G9U1ztRC2W#tdQ7AQc#h_Q zbwT)vbwSp1MO&lQm!YbR`9s5%%i}SYtHzmiqv@RDPYZ$GmY;#+n&-y-(hOPA0Ep6} zHn%!s?yqDDT^(3~hF2Ku?XKI#>l3}0gskZKewEie{jVD$ej`ayCH%Rhc5Qm`DLZ?= zZ{Rh^V8tf)U7=St`LB}v)E(8lmD~>HbcP!fxOG1A}#1bjg?p%8@$%xYCmZb z#=p+BFmDOFQawZo^><0eN{s6Bxm0G|jLYS39R!#8B{7yMFILCEd#bhJkyAm&9(%ttkn5PGC`G`ZF{5p!OOnYGe#=TTXA{OaZ7uqCaIHE!+p5`8$9nxLWkFr zGWKR0o70yJOpuKHIXSPp#3wp?b4^+)GUU^z7z6^lxWB(PytXu#4Dg#QWKs6T?`azu z86|9-g=JlFU`@r3+@NeXQ&L!#gX2xmM$}93TgDQVJN67if$+2bte#Tl*4`u_WQ(zW zOi%^7H>m2^z;%+#8Xx2Rf*vxJ(+7gozWN69KM$`M@wbvE*wt;8)AHLLuB?#CE}$bf z{m(AFrwa=im&?DvAt-PUF5)=y#ZMpzqQ?t=Gjnvs#b={Y(+vMTo@;N34{%d3!2t~fBzpp8@2 z+hv0CWM~XfT`kQf5@H?&DmZxAH&HP6nk#<3{95NKDu&KH`1XDPLQ^~?I#YN4*z0Y@ zfk2JvIa2a|!g^}ZR5;KeFSUfUJlgS!a#o?+3eCudaAPw02!rrSlnTI$WvrS5g9ds- znDR9V75w$zOXwUhs<6@btiO1IA=)w(4_DsC?k5wT*cfz}`u;k+Bzd%a7eA6t$m&z?Ba$Q@y z#89Kt?eq<*%P)k##`=6?+wFcC_}&zNk~(~#ci0Y#v1%$Wm42);w@b0s@1nThp2UDx z-@HkH$H+-Tk_$mw_GVGi)~3jrMeogftfJC-^QZvzYaP}?riM7$3IJAaacRJ-wIhr^e zK9fT;zjo)+ym2#IY$t=0PXP+t&d977Veu(Mrw9g^A(MF2+i%o8;=GBMo6@r>lb64+rSsWm9*-Wy_bm{3Yd7!#%z?+1P7`lwj6|`d!FRL^#Vm zdPR?Gj-I2XjIuSy)mtkywisjZVN8X7k)OR=*D}3*@$(zpD1JlP1>V@r2-Y93F(vic zF6G-B>6gB@v3+`=eGqouM#qA#!@%hA_zkY^~8J#Vv@d>N9DLL zWMG%_{xE2=+Nj=pXz)PR`p;GENt}&@~pIj zm;+UAqRhCVM4u~4`hl3n;mQiUcf}#i*4TJ^2=x(MwG_=^6!han3T0!P)sAzIM=(Cm zhdCDgNKfjczuMSWAKBG$8NV>#CblX}ToF&cotbUotFHNyR%e5vJF!F~85mb0jgNPp zT+f~p7$|dfj9JZh-}iNj2R0t-CwO~`mHHp{$HZ5g1{-027k%KnzjxVz`)jG9f<-i= z4>#o8tYE;OYa-tTU}C_ajUS;uhHvY|(>O?Ek`)4Gv?*6GiB@_-0&=oBW(av zOG_)#Ok^?rc+W=+A#}<43z~wTx#D7K_d6keIdcx}FeRyQMXWajJ8nbCUe;tZ-@gN} zi7#!9?&dIH^i)S@3k|jU3W9D-PIAZIW@(!H!n#UJSVH&aOi^1gn&j6pIJZBM%i=mv z+)s9tK>NuI>;TNmOEiFaP(Ap8sGa zDnFkSrp_~O6D1w^h#1aalgO|>Mq@a_Tjk`4C&ypG_m)#@Hydgvh8?oK-XttRHmeoy zolTwV5)r3E?S?QN@h;O(PVj4DgoDb)`dML*@z=qdHETSC&c@Rl7ZBW!>dvFWR`gU% zGFI}O?gHP-1)23dBWf36H)W7MlMgPW4@#XjO(3>IT1TlZ-1X4dqr7&4k_Xa2ToAwF zP#}G_bFK>jWY(GRh7yrNU#LMoQ1rp=zoFf~kp&;#^Ac75l@mIeG4^KAQs`^f3Tmn7=r|I(u`|M4K9|NVE+G9y9#BrsQ^NVigr?n)+mF_rUMU!x zfd}l}f$7+-4A|w7i5EjD54gOa8fC>=)jjL|?oK%x$VK|o;(GV1XATJI;897vl3v{; zi)47;i0a9MH%)1zl`n5TVY#D5_Oq1_tbcsa&=O&TN5EK&1)aP0xW-F;5;0L} zT!HMp?C98-fT*Zfb8F#k0~b-D8j)T{j?CS5#ogs7B)jD9*v&IHvHb*}yDp@ai^n2X z{zu6UaF*V)gF+F4pK0;Y>29yfIpI*82(2pPSXB`jK=g!~Mfbw5$)vrTeqR@2kfK_W zUjs3OkxAn&ad8poZd+V}a^3@R=SREel+wS}y%n8dlh+pyENO0#OdsezrNV_1Nt!2* z*18goeT8ywQY^mTY{i+X>c)e`N;X$EM$S+6-3&fbno_%#JPFxi2P(qR z2a7KkaXp-pBVNlslVczaD=VuGZ%vlCo;HDnI)1#R-=Ur8!a$JSQ^}~Q(4=ZXPGZm- zwbGxz;oD==pe7^pv-7@BuNwMRHDUl9Oh)G}Dr}wfT+VT!?_dQm;m~*)h(@ zYvB;#%B9(ZM4lz_PDChnNFHOF@3Bkhw=Ztaw=H{5&C#JrclXYUPdyxi1&ACG7jau7 zh&abrub<(<5M4-QPvS0-iX2z|Qts-dy4Z{Cjv2n3*fZkNe!0`IfNwptTOQL`{y?GL zk6`r;S(sGm4$y(a+(w5t+m6Vk3lTdEnwj;4+;#l4Atl4qm-3Abn{(_&u5l|bk#6gA z3Tlz6T67%kN^QuqchvOq#Kmt}mf#bjYq6G4Z_(iqYLe-m@I2DtLevO$2}EtArINh-0yE}T*`QN0O=pmKaQ{u384ZbP=R z&eZNSg&Oa|yf5FGSYbjNyLDCgGqo)*FGDM58UV2yLa#j^UdBX$!t>&a_qJ#oQ>8u1 zVj${n9_-ybU#^h61V)m25%&OaLk3M8L zftkz6VfS5^)=f2qC8~KAklDDlgYR|(`I(?r?gD?|1aYaZp3v~DQY(KA*0_X(&ZXpp ziCGQp-t{9bcrDOsp#$TEDiNQXipxVSHA+Bh&9e!q$a$gcXU`f^V1EDqYyLBtOso@rFQ zbhN#%OI$uiSCyHw7Cr!4Q8Q##9@QDuRewFUy4UT{-sU74dLvmv0CDy<$c~;pQ`8*v zz~9nN6@J1tun!5=-LTVuwU*Wv@(S$QYp{@Pr{f$cE^%4fvme?kc{8(@xj_d(A z-hhyhNQ-%hUn%p@)+Wn&}FwuJEqgo-_jE8{yAfdBTD&w zMTOv!lZGZHN(f{~V*bRDDM`t97PE&isjtdMv>#_k4aMq|M^tnW^SBe)iG$Yz1Mb|q zv&ti*Yg5^c!WO+_^gL6-4cxZpbJi-C%~u-B#JnZv%3XoI z1!zikvs2b1anOX;fl9clB|b=J!@ia(&~`NH94Us3lXz_-j23ni6TqfkBJs2EF}}6w zxv$2+(EhE@lZRVPKe??99jt3Ok}%2EFj87v%$JMNQRNpkQXUSQ6FH)@XWw_vTv>Ly zHd*7@tiRzI6x2#!6DOHgTw)_m_*K)-zU9B3Z~Kx5X*?4j3*Rcp@L%`T(4a1P<;Ff1 zWTIx4BErk$C!KApZcvO$G{)R>$qiqf8v%HUD%wVgdetOlQE%AT@<3aaAXt{T2TVQN zZ;R`sb(K=JH0`sJS}-woYlRlwKcH9GP%CTnZ72CRnnKZSb@onj!Zo(9s=d53|Gw5)ur|;lag#6 z^*TSgK{LZk+*nn)WhDx^i1m&xeY|*o#}{Ir^}~zzdAz(J=N=KKhZh$w^!RX5c5&*> zMLc-xB0>A2>^~L1Q1zdQ|55f2?f-4@KUDp_?*BylA7y{9`#%x?qwJ5S{@o1!E%AS1 zwZCfrFOB>!ivQau|D_B6?UTQD{BIi>V1jB-^10r{bM6E2KifUeC@&XMjpez0@t9AE z6fwe=QzdqOj@oXrU5pG4&x-txJ0bIw{=bmC4M(znTsQTN?!l?Kn7H`vVDi}?s!ngc z-QRAagzSo5^vdaLm(lt8LVvh!B8cLbmfm_nj5MFT-6t+)TKN&yCaFG2 zcN%+4u$Gt>S07G#@2+Ggi(TLZZBxwJZd`o4O0hnbLD4TR!wRmuckdqKI(ZpxlDv^m z0TVhip`-Uq0?VHjO?u9Ss;R3(M@pce2XlXp)mlID1^D>BG@cW-R+g9Bi2EjDiOZ#9 zGM7lIn8<3_uoBhPglmF}+5!spx7gC?6l-KVb?AF#84nnFTDmQnNL{;m6?V>gTe~DWM4f D(ltwE literal 0 HcmV?d00001 diff --git a/Crypto/Quick Math/README.md b/Crypto/Quick Math/README.md new file mode 100644 index 0000000..a3b8a92 --- /dev/null +++ b/Crypto/Quick Math/README.md @@ -0,0 +1,39 @@ +## Quick Math +The main idea finding the flag is decrypting the RSA exponentiation. + +#### Step-1: +Given statement + +``` +Ben has encrypted a message with the same value of 'e' for 3 public moduli - +n1 = 86812553978993 n2 = 81744303091421 n3 = 83695120256591 and got the cipher texts - +c1 = 8875674977048 c2 = 70744354709710 c3 = 29146719498409. Find the original message. +``` + + +#### Step-2: +This article is quite renowned: [https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/](https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/) + + +#### Step-3: +So, I wrote `exploit.py` script to get the flag. + +```python +from sympy.ntheory.modular import crt + +N = [86812553978993, 81744303091421, 83695120256591] +c = [8875674977048, 70744354709710, 29146719498409] +x = crt(N, c)[0] +print("Hex String:") +print(round(x ** (1. /3))) +``` +After running the script by `python3 exploit.py`, I got a hex string. + +#### Step-4: +I converted it online to ASCII [here](http://www.unit-conversion.info/texttools/hexadecimal/). + + + +#### Step-5: +Finally the flag becomes: +`csictf{h45t4d}` \ No newline at end of file diff --git a/Crypto/Quick Math/exploit.py b/Crypto/Quick Math/exploit.py new file mode 100644 index 0000000..1956415 --- /dev/null +++ b/Crypto/Quick Math/exploit.py @@ -0,0 +1,7 @@ +from sympy.ntheory.modular import crt + +N = [86812553978993, 81744303091421, 83695120256591] +c = [8875674977048, 70744354709710, 29146719498409] +x = crt(N, c)[0] +print("Hex String:") +print(round(x ** (1. /3))) diff --git a/Crypto/Rivest Shamir Adleman/README.md b/Crypto/Rivest Shamir Adleman/README.md new file mode 100644 index 0000000..7367291 --- /dev/null +++ b/Crypto/Rivest Shamir Adleman/README.md @@ -0,0 +1,52 @@ +## Rivest Shamir Adleman +The main idea finding the flag is just decoding the RSA encryption. + +#### Step-1: +After I downloaded the `enc.txt`, the contents of which are as follows: + +``` +n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231 +e = 65537 +c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909 +``` + +#### Step-2: +So, I wanted to use the [RsaCtf Tool](https://github.com/Ganapati/RsaCtfTool), I factorized the `n` online at http://factordb.com/ to give us `p` & `q`. + +#### Step-3: +A simple `flag.py` script gives the flag to us: + +```python +from Crypto.Util.number import inverse +import binascii + +e = 65537 +c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909 +n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231 + +# From factordb + +p = 15485863 +q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137 + +phi = (p-1) * (q-1) + +d = inverse(e,phi) +m = pow(c,d,n) + +hex_str = hex(m)[2:] # Removing '0x' +print(binascii.unhexlify(hex_str)) +``` + +#### Step-4: +When I run this by `python3 flag.py`, it game following output: + +```bash + +b"csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}" +``` +Voila! There we have our flag. + +#### Step-5: +Finally the flag becomes: +`csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}` diff --git a/Crypto/Rivest Shamir Adleman/enc.txt b/Crypto/Rivest Shamir Adleman/enc.txt new file mode 100644 index 0000000..79328a9 --- /dev/null +++ b/Crypto/Rivest Shamir Adleman/enc.txt @@ -0,0 +1,3 @@ +n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231 +e = 65537 +c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909 diff --git a/Crypto/Rivest Shamir Adleman/flag.py b/Crypto/Rivest Shamir Adleman/flag.py new file mode 100644 index 0000000..0b3b50f --- /dev/null +++ b/Crypto/Rivest Shamir Adleman/flag.py @@ -0,0 +1,19 @@ +from Crypto.Util.number import inverse +import binascii + +e = 65537 +c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909 +n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231 + +# From factordb + +p = 15485863 +q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137 + +phi = (p-1) * (q-1) + +d = inverse(e,phi) +m = pow(c,d,n) + +hex_str = hex(m)[2:] # Removing '0x' +print(binascii.unhexlify(hex_str)) diff --git a/Crypto/The Climb/Main.java b/Crypto/The Climb/Main.java new file mode 100644 index 0000000..5b79ecc --- /dev/null +++ b/Crypto/The Climb/Main.java @@ -0,0 +1,29 @@ +public class ClimbSolver { + static String encrypted = "lrzlhhombgichae"; + static String key = "gybnqkurp"; + + public static void brute(int startPos) { + int size = (int) Math.sqrt(key.length()); + String encChunk = encrypted.substring(startPos, startPos + size); + Main obj = new Main(); + obj.keyconv(key, size); + for (char a = 'a'; a <= 'z'; a++) + for (char b = 'a'; b <= 'z'; b++) + for (char c = 'a'; c <= 'z'; c++) { + String text = "" + a + b + c; + obj.textconv(text); + obj.multiply(text.length()); + String res = obj.res(text.length()); + if (res.equals(encChunk)) { + System.out.print(text); + } + } + } + + public static void main(String[] args) { + for (int i = 0; i < encrypted.length(); i += 3) { + brute(i); + } + System.out.println(); + } +} diff --git a/Crypto/The Climb/README.md b/Crypto/The Climb/README.md new file mode 100644 index 0000000..33218ed --- /dev/null +++ b/Crypto/The Climb/README.md @@ -0,0 +1,161 @@ +## The Climb +The main idea finding the flag is decrypting the Hill Cipher. + +#### Step-1: +After I downloaded `theclimb.java` & `theclimb.txt`, I checked out the contents in them. + + - `theclimb.txt` had this: + +``` +Encrypted text = lrzlhhombgichae +``` + +- `theclimb.java` had this: + +```java +public class Main +{ + int kmatrix[][]; + int tmatrix[]; + int rmatrix[]; + + public void div(String temp, int size) + { + while (temp.length() > size) + { + String substr = temp.substring(0, size); + temp = temp.substring(size, temp.length()); + perf(substr); + } + if (temp.length() == size) + perf(temp); + else if (temp.length() < size) + { + for (int i = temp.length(); i < size; i++) + temp = temp + 'x'; + perf(temp); + } + } + + public void perf(String text) + { + textconv(text); + multiply(text.length()); + res(text.length()); + } + + public void keyconv(String key, int len) + { + kmatrix = new int[len][len]; + int c = 0; + for (int i = 0; i < len; i++) + { + for (int j = 0; j < len; j++) + { + kmatrix[i][j] = ((int) key.charAt(c)) - 97; + c++; + } + } + } + + public void textconv(String text) + { + tmatrix = new int[text.length()]; + for (int i = 0; i < text.length(); i++) + { + tmatrix[i] = ((int) text.charAt(i)) - 97; + } + } + + public void multiply(int len) + { + rmatrix = new int[len]; + for (int i = 0; i < len; i++) + { + for (int j = 0; j < len; j++) + { + rmatrix[i] += kmatrix[i][j] * tmatrix[j]; + } + rmatrix[i] %= 26; + } + } + + public void res(int len) + { + String res = ""; + for (int i = 0; i < len; i++) + { + res += (char) (rmatrix[i] + 97); + } + System.out.print(res); + } + + + public static void main(String[] args) + { + Main obj = new Main(); + System.out.println("Enter the plain text: "); + String text = "fakeflag"; + System.out.println(text); + System.out.println("Enter the key: "); + String key = "gybnqkurp"; + System.out.println(key); + double root = Math.sqrt(key.length()); + if (root != (long) root) + System.out.println("Invalid key length."); + else + { + int size = (int) root; + + System.out.println("Encrypted text = "); + obj.keyconv(key, size); + obj.div(text, size); + } + } +} +``` + +#### Step-2: +The flag is encrypted using [Hill cipher](https://en.wikipedia.org/wiki/Hill_cipher), in which every block of 3 is multiplied by a 3x3 matrix. + +The official way to solve it is by solving a system of equations using [Gaussian elimination](https://en.wikipedia.org/wiki/Gaussian_elimination) but I prefer Bruteforcing all triagram combinations. + +#### Step-3: +So, I wrote `Main.java` to get the flag. + +```java +public class ClimbSolver { + static String encrypted = "lrzlhhombgichae"; + static String key = "gybnqkurp"; + + public static void brute(int startPos) { + int size = (int) Math.sqrt(key.length()); + String encChunk = encrypted.substring(startPos, startPos + size); + Main obj = new Main(); + obj.keyconv(key, size); + for (char a = 'a'; a <= 'z'; a++) + for (char b = 'a'; b <= 'z'; b++) + for (char c = 'a'; c <= 'z'; c++) { + String text = "" + a + b + c; + obj.textconv(text); + obj.multiply(text.length()); + String res = obj.res(text.length()); + if (res.equals(encChunk)) { + System.out.print(text); + } + } + } + + public static void main(String[] args) { + for (int i = 0; i < encrypted.length(); i += 3) { + brute(i); + } + System.out.println(); + } +} +``` +After running the script, I got the flag. + +#### Step-4: +Finally the flag becomes: +`csictf{hillshaveeyes}` \ No newline at end of file diff --git a/Crypto/The Climb/theclimb.java b/Crypto/The Climb/theclimb.java new file mode 100644 index 0000000..0b208c7 --- /dev/null +++ b/Crypto/The Climb/theclimb.java @@ -0,0 +1,100 @@ +public class Main +{ + int kmatrix[][]; + int tmatrix[]; + int rmatrix[]; + + public void div(String temp, int size) + { + while (temp.length() > size) + { + String substr = temp.substring(0, size); + temp = temp.substring(size, temp.length()); + perf(substr); + } + if (temp.length() == size) + perf(temp); + else if (temp.length() < size) + { + for (int i = temp.length(); i < size; i++) + temp = temp + 'x'; + perf(temp); + } + } + + public void perf(String text) + { + textconv(text); + multiply(text.length()); + res(text.length()); + } + + public void keyconv(String key, int len) + { + kmatrix = new int[len][len]; + int c = 0; + for (int i = 0; i < len; i++) + { + for (int j = 0; j < len; j++) + { + kmatrix[i][j] = ((int) key.charAt(c)) - 97; + c++; + } + } + } + + public void textconv(String text) + { + tmatrix = new int[text.length()]; + for (int i = 0; i < text.length(); i++) + { + tmatrix[i] = ((int) text.charAt(i)) - 97; + } + } + + public void multiply(int len) + { + rmatrix = new int[len]; + for (int i = 0; i < len; i++) + { + for (int j = 0; j < len; j++) + { + rmatrix[i] += kmatrix[i][j] * tmatrix[j]; + } + rmatrix[i] %= 26; + } + } + + public void res(int len) + { + String res = ""; + for (int i = 0; i < len; i++) + { + res += (char) (rmatrix[i] + 97); + } + System.out.print(res); + } + + + public static void main(String[] args) + { + Main obj = new Main(); + System.out.println("Enter the plain text: "); + String text = "fakeflag"; + System.out.println(text); + System.out.println("Enter the key: "); + String key = "gybnqkurp"; + System.out.println(key); + double root = Math.sqrt(key.length()); + if (root != (long) root) + System.out.println("Invalid key length."); + else + { + int size = (int) root; + + System.out.println("Encrypted text = "); + obj.keyconv(key, size); + obj.div(text, size); + } + } +} \ No newline at end of file diff --git a/Crypto/The Climb/theclimb.txt b/Crypto/The Climb/theclimb.txt new file mode 100644 index 0000000..1baf328 --- /dev/null +++ b/Crypto/The Climb/theclimb.txt @@ -0,0 +1 @@ +Encrypted text = lrzlhhombgichae \ No newline at end of file diff --git a/Crypto/little RSA/README.md b/Crypto/little RSA/README.md new file mode 100644 index 0000000..a26d363 --- /dev/null +++ b/Crypto/little RSA/README.md @@ -0,0 +1,48 @@ +## little RSA +The main idea finding the flag is getting the cipher text from RSA algorithm. + +#### Step-1: +After I downloaded `a.txt` & `flag.zip`, I checked out the contents in them. + +`a.txt` gave `c`, `n`, `e` as follows: + +``` +c=32949 +n=64741 +e=42667 +``` +`flag.zip` contains `flag.txt` which is encrypted by a pin which is key from RSA implementation. + +#### Step-2: +So, I used again the [RsaCtf Tool](https://github.com/Ganapati/RsaCtfTool) and implemented by a `flag.py`: + +`n` was factorized online at http://factordb.com/index.php?query=64741 to get `p` & `q`. +```python +from Crypto.Util.number import inverse +import binascii + +e = 42667 +c = 32949 +n = 64741 + +# From factordb + +p = 101 +q = 641 + +phi = (p-1) * (q-1) + +d = inverse(e,phi) +m = pow(c,d,n) + +print (m) +``` + +#### Step-3: +After running above script as `python3 flag.py`, I got this output as `18429`. I used this key to unlock the zip to get access to `flag.txt`. + +Voila! I got the flag! + +#### Step-4: +Finally the flag becomes: +`csictf{gr34t_m1nds_th1nk_4l1ke}` \ No newline at end of file diff --git a/Crypto/little RSA/a.txt b/Crypto/little RSA/a.txt new file mode 100644 index 0000000..e25c9e6 --- /dev/null +++ b/Crypto/little RSA/a.txt @@ -0,0 +1,3 @@ +c=32949 +n=64741 +e=42667 diff --git a/Crypto/little RSA/flag.py b/Crypto/little RSA/flag.py new file mode 100644 index 0000000..d757b17 --- /dev/null +++ b/Crypto/little RSA/flag.py @@ -0,0 +1,18 @@ +from Crypto.Util.number import inverse +import binascii + +e = 42667 +c = 32949 +n = 64741 + +# From factordb + +p = 101 +q = 641 + +phi = (p-1) * (q-1) + +d = inverse(e,phi) +m = pow(c,d,n) + +print (m) diff --git a/Crypto/little RSA/flag.txt b/Crypto/little RSA/flag.txt new file mode 100644 index 0000000..43c603d --- /dev/null +++ b/Crypto/little RSA/flag.txt @@ -0,0 +1 @@ +csictf{gr34t_m1nds_th1nk_4l1ke} diff --git a/Crypto/little RSA/flag.zip b/Crypto/little RSA/flag.zip new file mode 100644 index 0000000000000000000000000000000000000000..349d827caba7c54d84b0b9f80338b47d7921b2d5 GIT binary patch literal 226 zcmWIWW@h1H;ACK6n6CCN;Iz$cJsluh0f;#mWEj$N64UicDoR2_I2oAbta#%=xU_