Added Crypto Challenges
This commit is contained in:
commit
dde493c336
|
@ -0,0 +1,9 @@
|
||||||
|
## Login Error
|
||||||
|
The main idea finding the flag is decryption of AES CBC encryption.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
I am not that good at AES encryption, so looked up [here](https://dunsp4rce.github.io/csictf-2020/crypto/2020/07/21/Login-Error.html).
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{Sh4u!d_hav3_n0t_u5ed_CBC}`
|
|
@ -0,0 +1,54 @@
|
||||||
|
## Mein Kampf
|
||||||
|
The main idea finding the flag is knowing Enigma Machine library.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After reading the given message:
|
||||||
|
|
||||||
|
```
|
||||||
|
M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm
|
||||||
|
```
|
||||||
|
Google searches gave some sense of Enigma Machine.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
So, I quickly searched for such libraries in python at got it at: https://pypi.org/project/py-enigma/
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
So, I wrote a `exploit.py` script with help from [official documentation](https://pypi.org/project/py-enigma/).
|
||||||
|
|
||||||
|
```python
|
||||||
|
from enigma.machine import EnigmaMachine
|
||||||
|
|
||||||
|
ROTORS = ['I', 'II', 'III', 'IV', 'V', 'VI', 'VII', 'VIII', 'Beta', 'Gamma']
|
||||||
|
REFLECTORS = ['B', 'C', 'B-Thin', 'C-Thin']
|
||||||
|
|
||||||
|
state = 'M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm'
|
||||||
|
enc = 'zkrtwvvvnrkulxhoywoj'
|
||||||
|
|
||||||
|
rings = '4 9 3 20'
|
||||||
|
plug = 'fv cd hu ik es op yl wq jm'.upper()
|
||||||
|
pos = '2 5 14 5'
|
||||||
|
pos = ''.join(chr(int(x) - 1 + ord('A')) for x in pos.split())
|
||||||
|
|
||||||
|
for rf in REFLECTORS:
|
||||||
|
for r2 in ROTORS:
|
||||||
|
for r3 in ROTORS:
|
||||||
|
for r4 in ROTORS:
|
||||||
|
rotors = ['Gamma', r2, r3, r4]
|
||||||
|
e = EnigmaMachine.from_key_sheet(rotors=rotors, ring_settings=rings,
|
||||||
|
reflector=rf, plugboard_settings=plug)
|
||||||
|
e.set_display(pos)
|
||||||
|
txt = e.process_text(enc).lower()
|
||||||
|
if 'csictf' in txt:
|
||||||
|
print(txt)
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
When I ran the script as `python3 exploit.py`, I got the flag:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
csictfnoshitsherlock
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{no_shit_sherlock}`
|
|
@ -0,0 +1,24 @@
|
||||||
|
from enigma.machine import EnigmaMachine
|
||||||
|
|
||||||
|
ROTORS = ['I', 'II', 'III', 'IV', 'V', 'VI', 'VII', 'VIII', 'Beta', 'Gamma']
|
||||||
|
REFLECTORS = ['B', 'C', 'B-Thin', 'C-Thin']
|
||||||
|
|
||||||
|
state = 'M4 UKW $ Gamma 2 4 $ 5 9 $ 14 3 $ 5 20 fv cd hu ik es op yl wq jm'
|
||||||
|
enc = 'zkrtwvvvnrkulxhoywoj'
|
||||||
|
|
||||||
|
rings = '4 9 3 20'
|
||||||
|
plug = 'fv cd hu ik es op yl wq jm'.upper()
|
||||||
|
pos = '2 5 14 5'
|
||||||
|
pos = ''.join(chr(int(x) - 1 + ord('A')) for x in pos.split())
|
||||||
|
|
||||||
|
for rf in REFLECTORS:
|
||||||
|
for r2 in ROTORS:
|
||||||
|
for r3 in ROTORS:
|
||||||
|
for r4 in ROTORS:
|
||||||
|
rotors = ['Gamma', r2, r3, r4]
|
||||||
|
e = EnigmaMachine.from_key_sheet(rotors=rotors, ring_settings=rings,
|
||||||
|
reflector=rf, plugboard_settings=plug)
|
||||||
|
e.set_display(pos)
|
||||||
|
txt = e.process_text(enc).lower()
|
||||||
|
if 'csictf' in txt:
|
||||||
|
print(txt)
|
|
@ -0,0 +1,53 @@
|
||||||
|
## MODERN CLUELESS CHILD
|
||||||
|
The main idea finding the flag is decryption using XOR keys.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After reading the given message:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
I was surfing the crimson wave and oh my gosh I was totally bugging. I also tried out the lilac hair trend but it didn't work out. That's not to say you are any better, you are a snob and a half. But let's get back to the main question here- Who am I? (You don't know my name)
|
||||||
|
|
||||||
|
Ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e" (hex) Key = "12123"
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
I quickly removed the `f` from cipher text as looked like it was used for space. So I wrote a script `sub.py` to replace `f` with `''`.
|
||||||
|
|
||||||
|
```python
|
||||||
|
ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e"
|
||||||
|
sub = ciphertext.replace('f','')
|
||||||
|
print(sub)
|
||||||
|
```
|
||||||
|
|
||||||
|
On running `python3 sub.py` this, it gave me `52415851475749485d466e5343576c506d53534058516e425643415e5c4e`.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
I had to check if I am not missing any cipher text so I cross check the flag by XOR checks. So, I wrote this `xor1.py` script get the `csictf{` code:
|
||||||
|
|
||||||
|
```python
|
||||||
|
from pwn import xor
|
||||||
|
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
|
||||||
|
print(xor(flag, 'csictf{'.encode()))
|
||||||
|
```
|
||||||
|
Output:
|
||||||
|
```bash
|
||||||
|
b"1212312+./\r'%,\x0f#\x040'\x1d+57'%?="
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Since we got the key `1212312` means we are right path as key has cyclic property key (12123). Now it was just replacement on the key with ASCII.
|
||||||
|
|
||||||
|
`exlpoit.py` to get flag:
|
||||||
|
```python
|
||||||
|
from pwn import xor
|
||||||
|
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
|
||||||
|
print(xor(flag, '12123'.encode()))
|
||||||
|
```
|
||||||
|
On running `python3 exploit.py`, Voila! I got the flag.
|
||||||
|
```bash
|
||||||
|
b'csictf{you_are_a_basic_person}'
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{you_are_a_basic_person}`
|
|
@ -0,0 +1,3 @@
|
||||||
|
from pwn import xor
|
||||||
|
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
|
||||||
|
print(xor(flag, '12123'.encode()))
|
|
@ -0,0 +1,3 @@
|
||||||
|
ciphertext = "52f41f58f51f47f57f49f48f5df46f6ef53f43f57f6cf50f6df53f53f40f58f51f6ef42f56f43f41f5ef5cf4e"
|
||||||
|
sub = ciphertext.replace('f','')
|
||||||
|
print(sub)
|
|
@ -0,0 +1,3 @@
|
||||||
|
from pwn import xor
|
||||||
|
flag = bytes.fromhex('52415851475749485d466e5343576c506d53534058516e425643415e5c4e')
|
||||||
|
print(xor(flag, 'csictf{'.encode()))
|
Binary file not shown.
After Width: | Height: | Size: 21 KiB |
|
@ -0,0 +1,39 @@
|
||||||
|
## Quick Math
|
||||||
|
The main idea finding the flag is decrypting the RSA exponentiation.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
Given statement
|
||||||
|
|
||||||
|
```
|
||||||
|
Ben has encrypted a message with the same value of 'e' for 3 public moduli -
|
||||||
|
n1 = 86812553978993 n2 = 81744303091421 n3 = 83695120256591 and got the cipher texts -
|
||||||
|
c1 = 8875674977048 c2 = 70744354709710 c3 = 29146719498409. Find the original message.
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
This article is quite renowned: [https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/](https://www.johndcook.com/blog/2019/03/06/rsa-exponent-3/)
|
||||||
|
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
So, I wrote `exploit.py` script to get the flag.
|
||||||
|
|
||||||
|
```python
|
||||||
|
from sympy.ntheory.modular import crt
|
||||||
|
|
||||||
|
N = [86812553978993, 81744303091421, 83695120256591]
|
||||||
|
c = [8875674977048, 70744354709710, 29146719498409]
|
||||||
|
x = crt(N, c)[0]
|
||||||
|
print("Hex String:")
|
||||||
|
print(round(x ** (1. /3)))
|
||||||
|
```
|
||||||
|
After running the script by `python3 exploit.py`, I got a hex string.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
I converted it online to ASCII [here](http://www.unit-conversion.info/texttools/hexadecimal/).
|
||||||
|
|
||||||
|
<img src="Flag.png">
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{h45t4d}`
|
|
@ -0,0 +1,7 @@
|
||||||
|
from sympy.ntheory.modular import crt
|
||||||
|
|
||||||
|
N = [86812553978993, 81744303091421, 83695120256591]
|
||||||
|
c = [8875674977048, 70744354709710, 29146719498409]
|
||||||
|
x = crt(N, c)[0]
|
||||||
|
print("Hex String:")
|
||||||
|
print(round(x ** (1. /3)))
|
|
@ -0,0 +1,52 @@
|
||||||
|
## Rivest Shamir Adleman
|
||||||
|
The main idea finding the flag is just decoding the RSA encryption.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After I downloaded the `enc.txt`, the contents of which are as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
|
||||||
|
e = 65537
|
||||||
|
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
So, I wanted to use the [RsaCtf Tool](https://github.com/Ganapati/RsaCtfTool), I factorized the `n` online at http://factordb.com/ to give us `p` & `q`.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
A simple `flag.py` script gives the flag to us:
|
||||||
|
|
||||||
|
```python
|
||||||
|
from Crypto.Util.number import inverse
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
e = 65537
|
||||||
|
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
|
||||||
|
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
|
||||||
|
|
||||||
|
# From factordb
|
||||||
|
|
||||||
|
p = 15485863
|
||||||
|
q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137
|
||||||
|
|
||||||
|
phi = (p-1) * (q-1)
|
||||||
|
|
||||||
|
d = inverse(e,phi)
|
||||||
|
m = pow(c,d,n)
|
||||||
|
|
||||||
|
hex_str = hex(m)[2:] # Removing '0x'
|
||||||
|
print(binascii.unhexlify(hex_str))
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
When I run this by `python3 flag.py`, it game following output:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
|
||||||
|
b"csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}"
|
||||||
|
```
|
||||||
|
Voila! There we have our flag.
|
||||||
|
|
||||||
|
#### Step-5:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{sh0uld'v3_t4k3n_b1gg3r_pr1m3s}`
|
|
@ -0,0 +1,3 @@
|
||||||
|
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
|
||||||
|
e = 65537
|
||||||
|
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
|
|
@ -0,0 +1,19 @@
|
||||||
|
from Crypto.Util.number import inverse
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
e = 65537
|
||||||
|
c = 226582271940094442087193050781730854272200420106419489092394544365159707306164351084355362938310978502945875712496307487367548451311593283589317511213656234433015906518135430048027246548193062845961541375898496150123721180020417232872212026782286711541777491477220762823620612241593367070405349675337889270277102235298455763273194540359004938828819546420083966793260159983751717798236019327334525608143172073795095665271013295322241504491351162010517033995871502259721412160906176911277416194406909
|
||||||
|
n = 408579146706567976063586763758203051093687666875502812646277701560732347095463873824829467529879836457478436098685606552992513164224712398195503564207485938278827523972139196070431397049700119503436522251010430918143933255323117421712000644324381094600257291929523792609421325002527067471808992410166917641057703562860663026873111322556414272297111644069436801401012920448661637616392792337964865050210799542881102709109912849797010633838067759525247734892916438373776477679080154595973530904808231
|
||||||
|
|
||||||
|
# From factordb
|
||||||
|
|
||||||
|
p = 15485863
|
||||||
|
q = 26384008867091745294633354547835212741691416673097444594871961708606898246191631284922865941012124184327243247514562575750057530808887589809848089461174100421708982184082294675500577336225957797988818721372546749131380876566137607036301473435764031659085276159909447255824316991731559776281695919056426990285120277950325598700770588152330565774546219611360167747900967511378709576366056727866239359744484343099322440674434020874200594041033926202578941508969596229398159965581521326643115137
|
||||||
|
|
||||||
|
phi = (p-1) * (q-1)
|
||||||
|
|
||||||
|
d = inverse(e,phi)
|
||||||
|
m = pow(c,d,n)
|
||||||
|
|
||||||
|
hex_str = hex(m)[2:] # Removing '0x'
|
||||||
|
print(binascii.unhexlify(hex_str))
|
|
@ -0,0 +1,29 @@
|
||||||
|
public class ClimbSolver {
|
||||||
|
static String encrypted = "lrzlhhombgichae";
|
||||||
|
static String key = "gybnqkurp";
|
||||||
|
|
||||||
|
public static void brute(int startPos) {
|
||||||
|
int size = (int) Math.sqrt(key.length());
|
||||||
|
String encChunk = encrypted.substring(startPos, startPos + size);
|
||||||
|
Main obj = new Main();
|
||||||
|
obj.keyconv(key, size);
|
||||||
|
for (char a = 'a'; a <= 'z'; a++)
|
||||||
|
for (char b = 'a'; b <= 'z'; b++)
|
||||||
|
for (char c = 'a'; c <= 'z'; c++) {
|
||||||
|
String text = "" + a + b + c;
|
||||||
|
obj.textconv(text);
|
||||||
|
obj.multiply(text.length());
|
||||||
|
String res = obj.res(text.length());
|
||||||
|
if (res.equals(encChunk)) {
|
||||||
|
System.out.print(text);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
for (int i = 0; i < encrypted.length(); i += 3) {
|
||||||
|
brute(i);
|
||||||
|
}
|
||||||
|
System.out.println();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,161 @@
|
||||||
|
## The Climb
|
||||||
|
The main idea finding the flag is decrypting the Hill Cipher.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After I downloaded `theclimb.java` & `theclimb.txt`, I checked out the contents in them.
|
||||||
|
|
||||||
|
- `theclimb.txt` had this:
|
||||||
|
|
||||||
|
```
|
||||||
|
Encrypted text = lrzlhhombgichae
|
||||||
|
```
|
||||||
|
|
||||||
|
- `theclimb.java` had this:
|
||||||
|
|
||||||
|
```java
|
||||||
|
public class Main
|
||||||
|
{
|
||||||
|
int kmatrix[][];
|
||||||
|
int tmatrix[];
|
||||||
|
int rmatrix[];
|
||||||
|
|
||||||
|
public void div(String temp, int size)
|
||||||
|
{
|
||||||
|
while (temp.length() > size)
|
||||||
|
{
|
||||||
|
String substr = temp.substring(0, size);
|
||||||
|
temp = temp.substring(size, temp.length());
|
||||||
|
perf(substr);
|
||||||
|
}
|
||||||
|
if (temp.length() == size)
|
||||||
|
perf(temp);
|
||||||
|
else if (temp.length() < size)
|
||||||
|
{
|
||||||
|
for (int i = temp.length(); i < size; i++)
|
||||||
|
temp = temp + 'x';
|
||||||
|
perf(temp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void perf(String text)
|
||||||
|
{
|
||||||
|
textconv(text);
|
||||||
|
multiply(text.length());
|
||||||
|
res(text.length());
|
||||||
|
}
|
||||||
|
|
||||||
|
public void keyconv(String key, int len)
|
||||||
|
{
|
||||||
|
kmatrix = new int[len][len];
|
||||||
|
int c = 0;
|
||||||
|
for (int i = 0; i < len; i++)
|
||||||
|
{
|
||||||
|
for (int j = 0; j < len; j++)
|
||||||
|
{
|
||||||
|
kmatrix[i][j] = ((int) key.charAt(c)) - 97;
|
||||||
|
c++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void textconv(String text)
|
||||||
|
{
|
||||||
|
tmatrix = new int[text.length()];
|
||||||
|
for (int i = 0; i < text.length(); i++)
|
||||||
|
{
|
||||||
|
tmatrix[i] = ((int) text.charAt(i)) - 97;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void multiply(int len)
|
||||||
|
{
|
||||||
|
rmatrix = new int[len];
|
||||||
|
for (int i = 0; i < len; i++)
|
||||||
|
{
|
||||||
|
for (int j = 0; j < len; j++)
|
||||||
|
{
|
||||||
|
rmatrix[i] += kmatrix[i][j] * tmatrix[j];
|
||||||
|
}
|
||||||
|
rmatrix[i] %= 26;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void res(int len)
|
||||||
|
{
|
||||||
|
String res = "";
|
||||||
|
for (int i = 0; i < len; i++)
|
||||||
|
{
|
||||||
|
res += (char) (rmatrix[i] + 97);
|
||||||
|
}
|
||||||
|
System.out.print(res);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static void main(String[] args)
|
||||||
|
{
|
||||||
|
Main obj = new Main();
|
||||||
|
System.out.println("Enter the plain text: ");
|
||||||
|
String text = "fakeflag";
|
||||||
|
System.out.println(text);
|
||||||
|
System.out.println("Enter the key: ");
|
||||||
|
String key = "gybnqkurp";
|
||||||
|
System.out.println(key);
|
||||||
|
double root = Math.sqrt(key.length());
|
||||||
|
if (root != (long) root)
|
||||||
|
System.out.println("Invalid key length.");
|
||||||
|
else
|
||||||
|
{
|
||||||
|
int size = (int) root;
|
||||||
|
|
||||||
|
System.out.println("Encrypted text = ");
|
||||||
|
obj.keyconv(key, size);
|
||||||
|
obj.div(text, size);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
The flag is encrypted using [Hill cipher](https://en.wikipedia.org/wiki/Hill_cipher), in which every block of 3 is multiplied by a 3x3 matrix.
|
||||||
|
|
||||||
|
The official way to solve it is by solving a system of equations using [Gaussian elimination](https://en.wikipedia.org/wiki/Gaussian_elimination) but I prefer Bruteforcing all triagram combinations.
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
So, I wrote `Main.java` to get the flag.
|
||||||
|
|
||||||
|
```java
|
||||||
|
public class ClimbSolver {
|
||||||
|
static String encrypted = "lrzlhhombgichae";
|
||||||
|
static String key = "gybnqkurp";
|
||||||
|
|
||||||
|
public static void brute(int startPos) {
|
||||||
|
int size = (int) Math.sqrt(key.length());
|
||||||
|
String encChunk = encrypted.substring(startPos, startPos + size);
|
||||||
|
Main obj = new Main();
|
||||||
|
obj.keyconv(key, size);
|
||||||
|
for (char a = 'a'; a <= 'z'; a++)
|
||||||
|
for (char b = 'a'; b <= 'z'; b++)
|
||||||
|
for (char c = 'a'; c <= 'z'; c++) {
|
||||||
|
String text = "" + a + b + c;
|
||||||
|
obj.textconv(text);
|
||||||
|
obj.multiply(text.length());
|
||||||
|
String res = obj.res(text.length());
|
||||||
|
if (res.equals(encChunk)) {
|
||||||
|
System.out.print(text);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
for (int i = 0; i < encrypted.length(); i += 3) {
|
||||||
|
brute(i);
|
||||||
|
}
|
||||||
|
System.out.println();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
After running the script, I got the flag.
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{hillshaveeyes}`
|
|
@ -0,0 +1,100 @@
|
||||||
|
public class Main
|
||||||
|
{
|
||||||
|
int kmatrix[][];
|
||||||
|
int tmatrix[];
|
||||||
|
int rmatrix[];
|
||||||
|
|
||||||
|
public void div(String temp, int size)
|
||||||
|
{
|
||||||
|
while (temp.length() > size)
|
||||||
|
{
|
||||||
|
String substr = temp.substring(0, size);
|
||||||
|
temp = temp.substring(size, temp.length());
|
||||||
|
perf(substr);
|
||||||
|
}
|
||||||
|
if (temp.length() == size)
|
||||||
|
perf(temp);
|
||||||
|
else if (temp.length() < size)
|
||||||
|
{
|
||||||
|
for (int i = temp.length(); i < size; i++)
|
||||||
|
temp = temp + 'x';
|
||||||
|
perf(temp);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void perf(String text)
|
||||||
|
{
|
||||||
|
textconv(text);
|
||||||
|
multiply(text.length());
|
||||||
|
res(text.length());
|
||||||
|
}
|
||||||
|
|
||||||
|
public void keyconv(String key, int len)
|
||||||
|
{
|
||||||
|
kmatrix = new int[len][len];
|
||||||
|
int c = 0;
|
||||||
|
for (int i = 0; i < len; i++)
|
||||||
|
{
|
||||||
|
for (int j = 0; j < len; j++)
|
||||||
|
{
|
||||||
|
kmatrix[i][j] = ((int) key.charAt(c)) - 97;
|
||||||
|
c++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void textconv(String text)
|
||||||
|
{
|
||||||
|
tmatrix = new int[text.length()];
|
||||||
|
for (int i = 0; i < text.length(); i++)
|
||||||
|
{
|
||||||
|
tmatrix[i] = ((int) text.charAt(i)) - 97;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void multiply(int len)
|
||||||
|
{
|
||||||
|
rmatrix = new int[len];
|
||||||
|
for (int i = 0; i < len; i++)
|
||||||
|
{
|
||||||
|
for (int j = 0; j < len; j++)
|
||||||
|
{
|
||||||
|
rmatrix[i] += kmatrix[i][j] * tmatrix[j];
|
||||||
|
}
|
||||||
|
rmatrix[i] %= 26;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public void res(int len)
|
||||||
|
{
|
||||||
|
String res = "";
|
||||||
|
for (int i = 0; i < len; i++)
|
||||||
|
{
|
||||||
|
res += (char) (rmatrix[i] + 97);
|
||||||
|
}
|
||||||
|
System.out.print(res);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static void main(String[] args)
|
||||||
|
{
|
||||||
|
Main obj = new Main();
|
||||||
|
System.out.println("Enter the plain text: ");
|
||||||
|
String text = "fakeflag";
|
||||||
|
System.out.println(text);
|
||||||
|
System.out.println("Enter the key: ");
|
||||||
|
String key = "gybnqkurp";
|
||||||
|
System.out.println(key);
|
||||||
|
double root = Math.sqrt(key.length());
|
||||||
|
if (root != (long) root)
|
||||||
|
System.out.println("Invalid key length.");
|
||||||
|
else
|
||||||
|
{
|
||||||
|
int size = (int) root;
|
||||||
|
|
||||||
|
System.out.println("Encrypted text = ");
|
||||||
|
obj.keyconv(key, size);
|
||||||
|
obj.div(text, size);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
Encrypted text = lrzlhhombgichae
|
|
@ -0,0 +1,48 @@
|
||||||
|
## little RSA
|
||||||
|
The main idea finding the flag is getting the cipher text from RSA algorithm.
|
||||||
|
|
||||||
|
#### Step-1:
|
||||||
|
After I downloaded `a.txt` & `flag.zip`, I checked out the contents in them.
|
||||||
|
|
||||||
|
`a.txt` gave `c`, `n`, `e` as follows:
|
||||||
|
|
||||||
|
```
|
||||||
|
c=32949
|
||||||
|
n=64741
|
||||||
|
e=42667
|
||||||
|
```
|
||||||
|
`flag.zip` contains `flag.txt` which is encrypted by a pin which is key from RSA implementation.
|
||||||
|
|
||||||
|
#### Step-2:
|
||||||
|
So, I used again the [RsaCtf Tool](https://github.com/Ganapati/RsaCtfTool) and implemented by a `flag.py`:
|
||||||
|
|
||||||
|
`n` was factorized online at http://factordb.com/index.php?query=64741 to get `p` & `q`.
|
||||||
|
```python
|
||||||
|
from Crypto.Util.number import inverse
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
e = 42667
|
||||||
|
c = 32949
|
||||||
|
n = 64741
|
||||||
|
|
||||||
|
# From factordb
|
||||||
|
|
||||||
|
p = 101
|
||||||
|
q = 641
|
||||||
|
|
||||||
|
phi = (p-1) * (q-1)
|
||||||
|
|
||||||
|
d = inverse(e,phi)
|
||||||
|
m = pow(c,d,n)
|
||||||
|
|
||||||
|
print (m)
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Step-3:
|
||||||
|
After running above script as `python3 flag.py`, I got this output as `18429`. I used this key to unlock the zip to get access to `flag.txt`.
|
||||||
|
|
||||||
|
Voila! I got the flag!
|
||||||
|
|
||||||
|
#### Step-4:
|
||||||
|
Finally the flag becomes:
|
||||||
|
`csictf{gr34t_m1nds_th1nk_4l1ke}`
|
|
@ -0,0 +1,3 @@
|
||||||
|
c=32949
|
||||||
|
n=64741
|
||||||
|
e=42667
|
|
@ -0,0 +1,18 @@
|
||||||
|
from Crypto.Util.number import inverse
|
||||||
|
import binascii
|
||||||
|
|
||||||
|
e = 42667
|
||||||
|
c = 32949
|
||||||
|
n = 64741
|
||||||
|
|
||||||
|
# From factordb
|
||||||
|
|
||||||
|
p = 101
|
||||||
|
q = 641
|
||||||
|
|
||||||
|
phi = (p-1) * (q-1)
|
||||||
|
|
||||||
|
d = inverse(e,phi)
|
||||||
|
m = pow(c,d,n)
|
||||||
|
|
||||||
|
print (m)
|
|
@ -0,0 +1 @@
|
||||||
|
csictf{gr34t_m1nds_th1nk_4l1ke}
|
Binary file not shown.
Loading…
Reference in New Issue