crypto

Byte Bandits CTF 2019 writeup RivestShamirAdleman

RivestShamirAdleman

50

eの値が小さい場合は暗号文のe乗根をとれば平文を得られる。こちらのサイトを参考にします。
import gmpy

def root_e(c, e, n):
    bound = gmpy.root(n, e)[0]
    m = gmpy.root(c, e)[0]
    return m, bound

n = 22272129080562722886614022632205442705494455272860112814093083500097723366897651161029102178806468364810560145326674298943748926312059319333104024877629414355081997511170571841726554870330438449136414942769879449909945280622679982416961505259605748700527626064176345428348075666618966413358066674766244602120334405919054045097465042177827566762056612497539403392371174259602854649957161582616110665358774209954483243807893225011511670025850800717182535575577848500527430246259134071980979951803599863210705004134764027126983838884518704239682964897619030091789047630556807645411417077149617559860988186649846538955623
e = 3
c = 56274920108122478990888092521371739605513959053322262229138771723654033167756128122086229722406180593128664696512912311575327724724695863345048713415525599333
m, bound = root_e(c, e, n)
h = hex(m)[2:]
flag = ''
for i in range(0, len(h), 2):
    flag += chr(int(h[i:i+2], 16))
print(flag)
実行するとフラグが出力されます。
フラグは、
flag{nO_paDDing00_rsa}

VolgaCTF 2019 Qualifier writeup Shadow Cat

Shadow Cat

We only know that one used /etc/shadow file to encrypt important message for us. shadow.txt encrypted.txt

shadowファイルをJohn the ripperで復号します。まずshadow.txtファイルから対応するpasswdファイルを次のように作成します。
jr:x:17792:0:99999:7:::
z:x:17930:0:99999:7:::
a:x:17930:0:99999:7:::
x:x:17930:0:99999:7:::
q:x:17930:0:99999:7:::
l:x:17930:0:99999:7:::
v:x:17930:0:99999:7:::
e:x:17930:0:99999:7:::
f:x:17930:0:99999:7:::
b:x:17930:0:99999:7:::
r:x:17930:0:99999:7:::
g:x:17930:0:99999:7:::
n:x:17930:0:99999:7:::
o:x:17930:0:99999:7:::
p:x:17930:0:99999:7:::
s:x:17930:0:99999:7:::
c:x:17930:0:99999:7:::
w:x:17930:0:99999:7:::
d:x:17930:0:99999:7:::
t:x:17930:0:99999:7:::
h:x:17930:0:99999:7:::
m:x:17930:0:99999:7:::
k:x:17930:0:99999:7:::
i:x:17930:0:99999:7:::
y:x:17930:0:99999:7:::
j:x:17930:0:99999:7:::
u:x:17930:0:99999:7:::
underscore:x:17930:0:99999:7:::
unshadowコマンドでJohn the ripperで扱える形式に変換します。
$ unshadow passwd.txt shadow.txt > johnpasswd
johnコマンドで解析します。
$ john -wordlist=/usr/share/dict/words johnpasswd 
次のようにパスワードが復号できます。
$ john --show johnpasswd 
jr:1:17792:0:99999:7:::
a:a:17930:0:99999:7:::
x:b:17930:0:99999:7:::
q:c:17930:0:99999:7:::
l:w:17930:0:99999:7:::
v:h:17930:0:99999:7:::
e:i:17930:0:99999:7:::
f:j:17930:0:99999:7:::
b:k:17930:0:99999:7:::
r:l:17930:0:99999:7:::
g:m:17930:0:99999:7:::
n:n:17930:0:99999:7:::
o:x:17930:0:99999:7:::
p:y:17930:0:99999:7:::
s:d:17930:0:99999:7:::
c:e:17930:0:99999:7:::
w:f:17930:0:99999:7:::
d:g:17930:0:99999:7:::
t:o:17930:0:99999:7:::
h:p:17930:0:99999:7:::
m:q:17930:0:99999:7:::
k:u:17930:0:99999:7:::
i:v:17930:0:99999:7:::
y:r:17930:0:99999:7:::
j:s:17930:0:99999:7:::
u:t:17930:0:99999:7:::
underscore:z:17930:0:99999:7:::
暗号文字列のzを_(underscore)に置換して、上記の左側の文字(ユーザ)を右側の文字(パスワード)に置換します。
hajjzvajvzqyaqbendzvajvqauzarlapjzrkybjzenzuvczjvastlj
pass_hash_cracking_hashcat_always_lurks_in_the_shadows
フラグは、
VolgaCTF{pass_hash_cracking_hashcat_always_lurks_in_the_shadows}
です。



b00t2root '19 writeup cuz_rsa_is_lub

cuz_rsa_is_lub

161

rsa.txt

Author: Akir4

nをfactordbで調べると因数分解できます。復号するpythonプログラムを書きます。
def exgcd(m, n):
  if n>0:
    y,x,d = exgcd(n, m%n)
    return x, y-m/n*x, d
  else:
    return 1, 0, m

n = 71641831546926719303369645296528546480083425905458247405279061196214424558100678947996271179659761521775290973790597533683668081173314940392098256721488468660504161994357
e = 65537
c = 63127079832500412362950100242549738176318170072331491750802716138621322974529994914407846448954487685068331564008936808539420562251661435790855422130443584773306161128156

p = 8464149782874043593254414191179506861158311266932799636000173971661904149225893113311
q = 8464149782874043593254414191179506861158311266932799636000173971661904149225893113387
d = exgcd(e, (p-1)*(q-1))[0] % ((p-1)*(q-1))
s = pow(c, d, n)
h = format(s, 'x')
f = ''
for i in range(0, len(h), 2):
f += chr(int(h[i:i+2], 16))
print(f)
実行するとフラグが出力されます。
フラグは、
b00t2root{RSA_c4n_b3_vuln3r4bl3}
です。




Teaser CONFidence CTF 2019 writeup Count me in!

crypto

Count me in!

Points: 500
Solves: 1

I've been lately using this cool AES-CTR, but it was super slow, so I made a parallel version. Now it's blazing fast, but for some reason I have trouble decrypting the data...

ファイルを解凍すると、Pythonのプログラムソースcount.pyと暗号化データoutput.txtができます。count.pyは次のようなプログラムになっています。固定の文章の後ろにフラグ文字列を付加したテキストデータを16文字ずつに区切って、worker_functionの中でcounter変数(0から1ずつインクリメントされる)をAES.MODE_ECBで暗号化した値key_streamとXORを取っています。multiprocessingで並列処理をしているので同じkey_streamで暗号化されるものがありそうです。また並列処理のタイミングによってはkey_streamが前後したり実行の都度暗号化された結果が変わります。
import multiprocessing

from Crypto.Cipher import AES

from secret import key, flag

counter = 0
aes = AES.new(key, AES.MODE_ECB)


def chunk(input_data, size):
    return [input_data[i:i + size] for i in range(0, len(input_data), size)]


def xor(*t):
    from functools import reduce
    from operator import xor
    return [reduce(xor, x, 0) for x in zip(*t)]


def xor_string(t1, t2):
    t1 = map(ord, t1)
    t2 = map(ord, t2)
    return "".join(map(chr, xor(t1, t2)))


def pad(data):
    pad_byte = 16 - len(data) % 16
    return data + (chr(pad_byte) * pad_byte)


def worker_function(block):
    global counter
    key_stream = aes.encrypt(pad(str(counter)))
    result = xor_string(block, key_stream)
    counter += 1
    return result


def distribute_work(worker, data_list, processes=8):
    pool = multiprocessing.Pool(processes=processes)
    result = pool.map(worker, data_list)
    pool.close()
    return result


def encrypt_parallel(plaintext, workers_number):
    chunks = chunk(pad(plaintext), 16)
    results = distribute_work(worker_function, chunks, workers_number)
    return "".join(results)


def main():
    plaintext = """The Song of the Count

You know that I am called the Count
Because I really love to count
I could sit and count all day
Sometimes I get carried away
I count slowly, slowly, slowly getting faster
Once I've started counting it's really hard to stop
Faster, faster. It is so exciting!
I could count forever, count until I drop
1! 2! 3! 4!
1-2-3-4, 1-2-3-4,
1-2, i love couning whatever the ammount haha!
1-2-3-4, heyyayayay heyayayay that's the sound of the count
I count the spiders on the wall...
I count the cobwebs in the hall...
I count the candles on the shelf...
When I'm alone, I count myself!
I count slowly, slowly, slowly getting faster
Once I've started counting it's really hard to stop
Faster, faster. It is so exciting!
I could count forever, count until I drop
1! 2! 3! 4!
1-2-3-4, 1-2-3-4, 1,
2 I love counting whatever the
ammount! 1-2-3-4 heyayayay heayayay 1-2-3-4
That's the song of the Count!
""" + flag
    encrypted = encrypt_parallel(plaintext, 32)
    print(encrypted.encode("hex"))


if __name__ == '__main__':
    multiprocessing.freeze_support()
    main()
フラグの部分を復号するにはkey_streamが必要となります。これは暗号化データと固定の文字列部分のXORを取ることで暗号化に使われたkey_streamが分かりますので、それを使ってフラグ部分を復号化しフラグ形式となる文字列に復号できるかどうか確認します。
最初の16文字の暗号処理について、output.txtの先頭32文字
9d5c66e65fae92af9c8a55d9d3bf640e
と、平文の先頭16文字
’The Song of the '
を16進文字で表した
54686520536f6e67206f662074686520
とでXORを取ります。これが変数counterが0のときのkey_streamとなります。
c93403c60cc1fcc8bce533f9a7d7012e
以上を行うPythonプログラムを書きます。
import binascii

def xor(*t):
    from functools import reduce
    from operator import xor
    return [reduce(xor, x, 0) for x in zip(*t)]

def xor_string(t1, t2):
    t1 = map(ord, t1)
    t2 = map(ord, t2)
    return "".join(map(chr, xor(t1, t2)))

def decrypt(no):
encry = s[no*32:no*32+32]
plain = plaintext[no*16:no*16+16]
key_stream = xor_string(binascii.unhexlify(encry), plain)
for enc in l:
plain = xor_string(binascii.unhexlify(enc), key_stream)
print([plain])

plaintext = """The Song of the Count

You know that I am called the Count
Because I really love to count
I could sit and count all day
Sometimes I get carried away
I count slowly, slowly, slowly getting faster
Once I've started counting it's really hard to stop
Faster, faster. It is so exciting!
I could count forever, count until I drop
1! 2! 3! 4!
1-2-3-4, 1-2-3-4,
1-2, i love couning whatever the ammount haha!
1-2-3-4, heyyayayay heyayayay that's the sound of the count
I count the spiders on the wall...
I count the cobwebs in the hall...
I count the candles on the shelf...
When I'm alone, I count myself!
I count slowly, slowly, slowly getting faster
Once I've started counting it's really hard to stop
Faster, faster. It is so exciting!
I could count forever, count until I drop
1! 2! 3! 4!
1-2-3-4, 1-2-3-4, 1,
2 I love counting whatever the
ammount! 1-2-3-4 heyayayay heayayay 1-2-3-4
That's the song of the Count!
"""

f = open('output.txt')
s = f.read()
f.close()
l = [s[i: i+32] for i in range(0, len(s), 32)]

decrypt(0)
decrypt(10)
decrypt(20)
decrypt(30)
decrypt(39)
decrypt(49)
decrypt(54)
decrypt(55)
実行すると次のとおりフラグを復号することができます。
$ python bbb.py
['The Song of the ']
['Count\n\nYou know ']
['that I am called']
[' the Count\nBecau']
['se I really love']
[' to count\nI coul']
['d sit and count ']
['all day\nSometime']
['s I get carried ']
['away\nI count slo']
(略)
['wly, slowly, slo']
['wly getting fast']
["er\nOnce I've sta"]
['rted counting it']
["'s really hard t"]
['o stop\nFaster, f']
['aster. It is so ']
['exciting!\nI coul']
['d count forever,']
[' count until I d']
(略)
['rop\n1! 2! 3! 4!\n']
['1-2-3-4, 1-2-3-4']
[',\n1-2, i love co']
['uning whatever t']
['he ammount haha!']
['\n1-2-3-4, heyyay']
['ayay heyayayay t']
["hat's the sound "]
['of the count\nI c']
['ount the spiders']
(略)
[' on the wall...\n']
['I count the cobw']
['ebs in the hall.']
['..\nI count the c']
['andles on the sh']
["elf...\nWhen I'm "]
['alone, I count m']
['yself!\nI count s']
['lowly, slowly, s']
['\n\xa4\x17\x84\x1aDc\xd5\xbbN\x84\x05=q3_']
["ster\nOnce I've s"]
(略)
['lowly getting fa']
['\x15\xbf\x05\x9ai+j\xd3\xaa\x1a\xa4L,4uM']
['tarted counting ']
["it's really hard"]
[' to stop\nFaster,']
[' faster. It is s']
['o exciting!\nI co']
['uld count foreve']
['r, count until I']
[' drop\n1! 2! 3! 4']
['\x7f\xc8\xf6\xda\xdb\x8c4\x9f\xed\xf5\x12\x07\xb1\xb9\xac\xf2']
['-4, 1,\n2 I love ']
(略)
['!\n1-2-3-4, 1-2-3']
['s\xf6\xeb\xd7\xd8\x8d\r\x80\xf9\x90\x12Z\xf3\xfd\xe4\xe1']
['counting whateve']
['r the\nammount! 1']
['-2-3-4 heyayayay']
['^l\xebK\x13\x91\x97\xff\x94F\x80\xc0\xf7d\x16U']
['\xb2\xecR\xf0\x05*\x8ez\xe0{,|.\xf5\xde\xf6']
['g of the Count!\n']
(略)
[' heayayay 1-2-3-']
['\xcc\xe8\xdc\xdao\xda`\xe4\r\x1d\x9d\x91\xeb\xbc\xfb\x8e']
['\x19$\xe1LJ\x84\x86\xfb\xcd%\xde\x98\xab=\x04r']
['p4{at_the_end_of']
['_the_day_you_can']
(略)
["4\nThat's the son"]
['\xe1\xc6i\xfeD*\xc1l\xe0L+l`\xf2\x90\x92']
['\x88\xd6\xf3\xd3z\xf13\xffH6\x90\x9a\xaf\x90\xfb\x86']
['\xa7\x96\xe0\xd7Q\xca&\xeer\x10\x9a\x81\x94\xac\xf5\x8e']
['_only_count_on_y']
['ourself}\x08\x08\x08\x08\x08\x08\x08\x08']
フラグは、
p4{at_the_end_of_the_day_you_can_only_count_on_yourself}
です。



34C3 CTF writeup chaingang

  • Solves: 57
  • send 1505 szabo 457282 babbage 649604 wei 0x949a6ac29b9347b3eb9a420272a9dd7890b787a3

send szabo babbage wei でググると暗号通貨Ethereumに関係することが分かります。szabo、babbage、weiはそれぞれ以下の単位を表すようです。
szabo: 1.000.000.000.000
babbage: 1.000.000
wei: 1
Etherscanでアドレス0x949a6ac29b9347b3eb9a420272a9dd7890b787a3を検索してみます。
https://etherscan.io/address/0x949a6ac29b9347b3eb9a420272a9dd7890b787a3

no title

最後のTransactionを見てみます。
https://etherscan.io/tx/0x70e9f6de87a7db0fe5eb5c93c8b51413c017cdb51d4a8d82f91a0aaca6eb8939

1

[Tools & Utilities]-[Parity Trace]を選択します。
https://etherscan.io/vmtrace?txhash=0x70e9f6de87a7db0fe5eb5c93c8b51413c017cdb51d4a8d82f91a0aaca6eb8939&type=parity

2

outputの値がASCIIコードになっているように見えます。Pythonプログラムで文字列に変換します。
import binascii
a = b'333443335f6772616e646d615f626f756768745f736f6d655f626974636f696e'
print binascii.unhexlify(a)
実行すると次の文字列が出力されます。
フラグは、
34C3_grandma_bought_some_bitcoin
です。



記事検索
ギャラリー
  • TetCTF 2023 NewYearBot
  • UUT CTF writeup Find The Password
  • UUT CTF writeup The Puzzle
  • Hack Zone Tunisia 2019 writeup Microscope
  • Hack Zone Tunisia 2019 writeup Welcome
  • SwampCTF 2019 writeup Brokerboard
  • SwampCTF 2019 writeup Leap of Faith
  • SwampCTF 2019 writeup Last Transmission
  • CBM CTF 2019 writeup Long road
カテゴリー