├── Block-Cipher ├── Attack-ECB-Byte-at-a-Time │ └── Challenges │ │ ├── Baby-Crypt │ │ ├── .svn │ │ │ ├── entries │ │ │ ├── format │ │ │ ├── wc.db-journal │ │ │ ├── wc.db │ │ │ └── pristine │ │ │ │ ├── 66 │ │ │ │ └── 6675cec2f7feffd7eeb51d994f7747ef99edbbc0.svn-base │ │ │ │ ├── 1a │ │ │ │ └── 1a4b4f8bd24c89aa0ee7e7c697f21d714e35efc0.svn-base │ │ │ │ ├── 9f │ │ │ │ └── 9f481da4832613295516aa52febcc399e4e51f55.svn-base │ │ │ │ └── b7 │ │ │ │ └── b75d2c87ea0c9c2edc7481c17e76aa6d8ef45574.svn-base │ │ ├── Dockerfile │ │ ├── README.md │ │ └── baby_crypt.py │ │ ├── Locked_Dungeon │ │ ├── Locked-Dungeons-1.zip │ │ ├── README.md │ │ └── enter_the_dungeon1.py │ │ └── README.md ├── Attack-CBC-Byte-at-a-Time │ ├── secret.py │ ├── README.md │ └── exploit.py ├── Attack-CBC-Bit-Flipping │ ├── README.md │ └── Challenges │ │ ├── Secret-Server │ │ └── README.md │ │ ├── CNVService │ │ └── README.md │ │ └── README.md ├── Attack-CBC-Padding-Oracle │ ├── Challenges │ │ ├── Secret-Server │ │ │ └── README.md │ │ └── README.md │ └── README.md ├── Attack-CTR-Bit-Flipping │ └── Challenges │ │ └── README.md └── CBC-IV-Detection │ └── example.py ├── Pictures └── 1.png ├── RSA-encryption ├── Intro-Challenges │ ├── Challenge-13 │ │ ├── run.sh │ │ ├── README.md │ │ └── exploit.py │ ├── Challenge-14 │ │ ├── run.sh │ │ ├── README.md │ │ └── exploit.py │ ├── 7h3_Godf4ther │ │ ├── README.md │ │ ├── ciphertext.txt │ │ └── encrypt.py │ ├── Challenge-2 │ │ ├── ciphertext.txt │ │ ├── publickey.pem │ │ ├── README.md │ │ └── encrypt.py │ ├── C4-reloaded │ │ ├── ciphertext.txt │ │ ├── publickey.pem │ │ ├── README.md │ │ └── encrypt.py │ ├── Challenge-0 │ │ ├── ciphertext.txt │ │ └── README.md │ ├── Challenge-1 │ │ ├── ciphertext.txt │ │ ├── README.md │ │ ├── privatekey.txt │ │ └── encrypt.py │ ├── Challenge-4 │ │ ├── ciphertext.txt │ │ ├── publickey.pem │ │ ├── encrypt.py │ │ └── README.md │ ├── Dp&Dq │ │ ├── README.md │ │ ├── publickey.pem │ │ ├── data.txt │ │ └── encrypt.py │ ├── Welcome │ │ ├── README.md │ │ └── encrypt.py │ ├── LoS-reloaded │ │ ├── README.md │ │ └── encrypt.py │ ├── Labyrinth-of-Suffering │ │ ├── README.md │ │ ├── encrypt.py │ │ └── data.txt │ ├── Challenge-3 │ │ ├── README.md │ │ ├── ciphertext.txt │ │ └── encrypt.py │ └── Meth_M4th │ │ ├── encrypt.py │ │ ├── README.md │ │ └── data.txt ├── Attack-Retrieve-Modulus │ ├── Challenges │ │ ├── Lost-Key │ │ │ ├── run.sh │ │ │ ├── flag │ │ │ ├── README.md │ │ │ ├── exploit.py │ │ │ └── rsa.py │ │ └── README.md │ └── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ ├── 7.gif │ │ ├── 8.gif │ │ ├── 9.gif │ │ ├── 10.gif │ │ ├── 11.gif │ │ ├── 12.gif │ │ └── 13.gif ├── Pictures │ ├── 1.gif │ ├── 2.gif │ ├── 3.gif │ ├── 4.gif │ └── 5.gif ├── Attack-Wiener │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ └── 5.gif │ ├── Challenges │ │ ├── Multi_Layer_RSA │ │ │ ├── ciphertext.txt │ │ │ ├── modulus.txt │ │ │ ├── README.md │ │ │ └── Multi_LayerRSAencrypt.py │ │ └── README.md │ └── exploit.py ├── Factorisation-Fermat │ ├── Challenges │ │ ├── Crafted-RSA │ │ │ ├── README.md │ │ │ ├── ciphertext.txt │ │ │ ├── modulus.txt │ │ │ └── encrypt.py │ │ ├── qproximity │ │ │ ├── secret.enc │ │ │ ├── public │ │ │ └── README.md │ │ ├── Easy-RSA-2 │ │ │ └── README.md │ │ └── README.md │ ├── Pictures │ │ └── 1.gif │ ├── fermat.sage │ └── README.md ├── Attack-Coppersmith │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ └── 5.gif │ ├── Challenges │ │ ├── stereotypes │ │ │ ├── ciphertext │ │ │ ├── plaintext.txt │ │ │ ├── pubkey.txt │ │ │ └── README.md │ │ ├── Really-Suspicious-Acronym │ │ │ ├── README.md │ │ │ ├── task.sage │ │ │ └── output.txt │ │ └── README.md │ └── exploit.py ├── Attack-Franklin-Reiter │ ├── Challenges │ │ ├── RSA-2 │ │ │ ├── README.md │ │ │ └── RSA-2 │ │ └── README.md │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ └── 7.gif │ └── exploit.sage ├── Attack-Common-Modulus │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ └── 6.gif │ ├── Challenges │ │ ├── README.md │ │ └── RSA-1s-Fun │ │ │ ├── modulus.txt │ │ │ ├── encrypt.py │ │ │ └── ciphertext.txt │ ├── exploit.py │ └── README.md ├── Attack-Common-Prime │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ └── 3.gif │ └── Challenges │ │ └── README.md ├── Attack-LSBit-Oracle │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ └── 7.gif │ ├── exploit.py │ └── lsbitoracle.py ├── Attack-Wiener-variant │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ └── 3.gif │ ├── exploit.py │ ├── Challenges │ │ ├── README.md │ │ └── Gracias │ │ │ ├── README.md │ │ │ └── gracias.py │ └── README.md ├── Attack-Hastad-Broadcast │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ └── 5.gif │ └── Challenges │ │ ├── Multicast │ │ ├── multicast_684d222a7554c098301c2d8a608c85dd.tar.gz │ │ ├── README.md │ │ └── generate.sage │ │ └── README.md ├── Attack-LSBit-Oracle-variant │ └── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ ├── 7.gif │ │ ├── 8.gif │ │ └── 9.gif ├── Factorisation-Pollard's_p-1 │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ └── 3.gif │ ├── Challenges │ │ ├── handicraft_rsa │ │ │ ├── ._handicraft_rsa.py │ │ │ ├── publickey.pub │ │ │ ├── README.md │ │ │ ├── handicraft_rsa.py │ │ │ └── output.txt │ │ └── README.md │ └── exploit.py └── PKCS1-v1.5-Padded-RSA │ └── README.md ├── Digital-Signatures ├── Ong-Schnorr-Shamir │ └── README.md ├── Elliptic-Curve-DSA │ ├── Pictures │ │ ├── 1.gif │ │ ├── 10.gif │ │ ├── 11.gif │ │ ├── 12.gif │ │ ├── 13.gif │ │ ├── 14.gif │ │ ├── 15.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ ├── 7.gif │ │ ├── 8.gif │ │ └── 9.gif │ └── Attack-k-reuse │ │ └── Pictures │ │ ├── 1.png │ │ ├── 2.png │ │ ├── 3.png │ │ ├── 4.png │ │ ├── 5.png │ │ ├── 6.png │ │ ├── 7.png │ │ ├── 8.png │ │ └── 9.png ├── ElGamal-Signatures │ ├── Pictures │ │ ├── picture1.gif │ │ ├── picture2.gif │ │ ├── picture3.gif │ │ ├── picture4.gif │ │ ├── picture5.gif │ │ ├── picture6.gif │ │ ├── picture7.gif │ │ └── picture8.gif │ ├── Challenges │ │ ├── README.md │ │ └── Nonsense │ │ │ ├── README.md │ │ │ └── signatures │ └── example.py ├── Unpadded-RSA-Digital-Signatures │ ├── Pictures │ │ ├── eq1.gif │ │ ├── eq2.gif │ │ ├── eq3.gif │ │ ├── eq4.gif │ │ └── eq5.gif │ └── example.py ├── PKCS#1-v1.5-Padded-RSA-Digital-Signature │ └── Pictures │ │ └── eq1.gif └── Attack-e=3-Bleichenbacher │ ├── Challenges │ ├── cryptopals-set6-p42 │ │ └── README.md │ └── README.md │ └── README.md ├── Discrete-Logarithm-Problem ├── Challenges │ ├── Baby-DLP │ │ ├── Server │ │ │ ├── b1.sh │ │ │ ├── flag │ │ │ └── server.py │ │ └── README.md │ ├── DLP │ │ └── README.md │ └── README.md ├── Pictures │ ├── 1.gif │ ├── 2.gif │ ├── 3.gif │ ├── 4.gif │ ├── 5.gif │ ├── 6.gif │ ├── 7.gif │ ├── 8.gif │ ├── 9.gif │ ├── 9.png │ └── 10.gif ├── Algo-Pollard-Rho │ ├── Pictures │ │ └── 1.gif │ └── README.md ├── Algo-Pohlig-Hellman │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ └── 2.png │ └── README.md ├── Elliptic-Curve-DLP │ ├── Pictures │ │ ├── 1.gif │ │ ├── 10.gif │ │ ├── 11.gif │ │ ├── 12.gif │ │ ├── 13.gif │ │ ├── 14.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ ├── 7.gif │ │ ├── 8.gif │ │ └── 9.gif │ ├── Algo-Pollard-Rho │ │ ├── Pictures │ │ │ ├── 1.gif │ │ │ ├── 10.gif │ │ │ ├── 11.gif │ │ │ ├── 12.gif │ │ │ ├── 13.gif │ │ │ ├── 14.gif │ │ │ ├── 15.gif │ │ │ ├── 16.gif │ │ │ ├── 17.gif │ │ │ ├── 18.gif │ │ │ ├── 19.gif │ │ │ ├── 2.gif │ │ │ ├── 20.gif │ │ │ ├── 21.gif │ │ │ ├── 22.gif │ │ │ ├── 23.gif │ │ │ ├── 3.gif │ │ │ ├── 4.gif │ │ │ ├── 5.gif │ │ │ ├── 6.gif │ │ │ ├── 7.gif │ │ │ ├── 8.gif │ │ │ └── 9.gif │ │ └── Challenges │ │ │ ├── Multiplayer-1 │ │ │ ├── points.db │ │ │ ├── README.md │ │ │ └── parameters.sage │ │ │ ├── Multiplayer-2 │ │ │ ├── points.db │ │ │ ├── README.md │ │ │ └── parameters.sage │ │ │ └── README.md │ ├── Algo-Baby-Step-Giant-Step │ │ ├── Pictures │ │ │ ├── 1.gif │ │ │ ├── 2.gif │ │ │ ├── 3.gif │ │ │ ├── 4.gif │ │ │ ├── 5.gif │ │ │ └── 6.gif │ │ └── bsgs_ecdlp.py │ └── brute_ecdlp.py ├── Algo-Baby-Step-Giant-Step │ ├── Pictures │ │ ├── 1.gif │ │ ├── 2.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ └── 7.gif │ └── bsgs.py └── brute.py ├── Elliptic-Curves ├── Pictures │ ├── 1.gif │ ├── 1.png │ ├── 10.gif │ ├── 11.gif │ ├── 12.gif │ ├── 13.gif │ ├── 14.gif │ ├── 15.gif │ ├── 16.gif │ ├── 17.gif │ ├── 18.gif │ ├── 19.gif │ ├── 2.gif │ ├── 2.jpg │ ├── 20.gif │ ├── 21.gif │ ├── 4.gif │ ├── 5.gif │ ├── 6.gif │ ├── 7.gif │ ├── 8.gif │ └── 9.gif └── ellipticcurve.sage ├── Identification ├── Pictures │ └── 1.png └── Ephemeral-Key-Auth │ ├── Pictures │ ├── 1.png │ ├── 2.png │ └── 3.png │ └── Challenges │ ├── EC-Auth │ ├── EC-auth.tar.gz │ └── README.md │ └── README.md ├── Message-Authentication-Code ├── CBC-MAC-Forgery │ └── Challenges │ │ ├── README.md │ │ └── He-Moron │ │ ├── source.py │ │ └── README.md └── Attack-Length-Extension-CBC-MAC │ ├── key.py │ └── README.md ├── Elgamal-Encryption ├── Pictures │ ├── picture1.gif │ ├── picture2.gif │ ├── picture3.gif │ ├── picture4.gif │ ├── picture5.gif │ └── picture6.gif └── Challenges │ ├── Megalal │ └── README.md │ ├── README.md │ └── Prime-Enigma │ └── README.md ├── Diffie-Hellman-Key-Exchange ├── Pictures │ ├── 1.gif │ ├── 2.gif │ ├── 3.gif │ ├── 4.gif │ ├── 5.gif │ └── 6.gif ├── Attack-Invalid-Curve-Point │ ├── Pictures │ │ ├── 1.gif │ │ ├── 10.gif │ │ ├── 11.gif │ │ ├── 12.gif │ │ ├── 13.gif │ │ ├── 14.gif │ │ ├── 15.gif │ │ ├── 16.gif │ │ ├── 17.gif │ │ ├── 18.gif │ │ ├── 19.gif │ │ ├── 2.gif │ │ ├── 20.gif │ │ ├── 21.gif │ │ ├── 22.gif │ │ ├── 3.gif │ │ ├── 4.gif │ │ ├── 5.gif │ │ ├── 6.gif │ │ ├── 7.gif │ │ ├── 8.gif │ │ └── 9.gif │ └── Challenges │ │ └── README.md └── Attack-Small-Subgroup-Confinement │ ├── Pictures │ ├── 1.gif │ ├── 2.gif │ ├── 3.gif │ ├── 4.gif │ ├── 5.gif │ ├── 6.gif │ ├── 7.gif │ ├── 8.gif │ ├── 9.gif │ ├── 10.gif │ ├── 11.gif │ ├── 12.gif │ ├── 13.gif │ ├── 14.gif │ └── 15.gif │ └── Challenges │ └── README.md ├── Authenticated-Encryption ├── AES-GCM │ ├── Pictures │ │ └── 1.png │ └── Attack-Forbidden │ │ └── Challenges │ │ ├── Forbidden │ │ ├── known │ │ ├── README.md │ │ └── task.py │ │ └── README.md └── AE-with-MACs │ ├── Encrypt-and-MAC │ └── Pictures │ │ ├── 1.png │ │ └── 2.png │ ├── Encrypt-then-MAC │ └── Pictures │ │ ├── 1.png │ │ ├── 2.png │ │ ├── 3.png │ │ ├── 4.png │ │ └── 5.png │ └── MAC-then-Encrypt │ └── Pictures │ ├── 1.png │ ├── 2.png │ ├── 3.png │ └── 4.png └── LICENSE /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/entries: -------------------------------------------------------------------------------- 1 | 12 2 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/format: -------------------------------------------------------------------------------- 1 | 12 2 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/wc.db-journal: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Pictures/1.png -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-13/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | python encrypt.py 3 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-14/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | python encrypt.py 3 | -------------------------------------------------------------------------------- /Digital-Signatures/Ong-Schnorr-Shamir/README.md: -------------------------------------------------------------------------------- 1 | # Ong-Schnorr-Shamir Signature Scheme 2 | 3 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Challenges/Baby-DLP/Server/b1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | python server.py -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Challenges/Lost-Key/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | python rsa.py 3 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Challenges/Baby-DLP/Server/flag: -------------------------------------------------------------------------------- 1 | TWCTF{0f97c1c3ac2aedbd7fb8cd39d50f2b561d31f770} -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Byte-at-a-Time/secret.py: -------------------------------------------------------------------------------- 1 | flag = "test{y0u_g0t_it_right_my_boiiii_and_here_you_get_the_prize}" -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/1.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/1.png -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/10.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/11.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/12.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/13.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/14.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/15.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/15.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/16.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/16.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/17.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/17.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/18.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/18.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/19.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/19.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/2.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/2.jpg -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/20.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/20.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/21.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/21.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/4.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/5.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/6.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/7.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/8.gif -------------------------------------------------------------------------------- /Elliptic-Curves/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elliptic-Curves/Pictures/9.gif -------------------------------------------------------------------------------- /Identification/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Identification/Pictures/1.png -------------------------------------------------------------------------------- /Message-Authentication-Code/CBC-MAC-Forgery/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 1. He Moron- Xiomara CTF 2018 -------------------------------------------------------------------------------- /RSA-encryption/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Challenges/Lost-Key/flag: -------------------------------------------------------------------------------- 1 | hitcon{1east_4ign1f1cant_BYTE_0racle_is_m0re_pow3rfu1!} 2 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/1.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/2.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/3.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/4.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/5.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/6.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/7.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/8.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/9.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/9.png -------------------------------------------------------------------------------- /Elgamal-Encryption/Pictures/picture1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elgamal-Encryption/Pictures/picture1.gif -------------------------------------------------------------------------------- /Elgamal-Encryption/Pictures/picture2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elgamal-Encryption/Pictures/picture2.gif -------------------------------------------------------------------------------- /Elgamal-Encryption/Pictures/picture3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elgamal-Encryption/Pictures/picture3.gif -------------------------------------------------------------------------------- /Elgamal-Encryption/Pictures/picture4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elgamal-Encryption/Pictures/picture4.gif -------------------------------------------------------------------------------- /Elgamal-Encryption/Pictures/picture5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elgamal-Encryption/Pictures/picture5.gif -------------------------------------------------------------------------------- /Elgamal-Encryption/Pictures/picture6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Elgamal-Encryption/Pictures/picture6.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Pictures/1.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Pictures/2.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Pictures/3.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Pictures/4.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Pictures/5.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Pictures/6.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Pictures/10.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/Crafted-RSA/README.md: -------------------------------------------------------------------------------- 1 | # Crafted-RSA 2 | 3 | 1. Challenge Description: _None_ 4 | 2. Writeups: _None_ -------------------------------------------------------------------------------- /Authenticated-Encryption/AES-GCM/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AES-GCM/Pictures/1.png -------------------------------------------------------------------------------- /Identification/Ephemeral-Key-Auth/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Identification/Ephemeral-Key-Auth/Pictures/1.png -------------------------------------------------------------------------------- /Identification/Ephemeral-Key-Auth/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Identification/Ephemeral-Key-Auth/Pictures/2.png -------------------------------------------------------------------------------- /Identification/Ephemeral-Key-Auth/Pictures/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Identification/Ephemeral-Key-Auth/Pictures/3.png -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Coppersmith/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Coppersmith/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Coppersmith/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Coppersmith/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Coppersmith/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Challenges/RSA-2/README.md: -------------------------------------------------------------------------------- 1 | # RSA-2 2 | 3 | 1. Challenge Description: Go do some math 4 | 2. Challenge writeup: -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Modulus/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Modulus/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Modulus/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Modulus/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Modulus/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Modulus/Pictures/6.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Prime/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Prime/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Prime/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Prime/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Prime/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Common-Prime/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/6.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle/Pictures/7.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener-variant/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener-variant/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Wiener-variant/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Factorisation-Fermat/Pictures/1.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/1.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/10.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/11.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/12.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/13.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/14.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/15.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/15.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/2.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/3.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/4.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/5.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/6.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/7.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/8.gif -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Pictures/9.gif -------------------------------------------------------------------------------- /Message-Authentication-Code/Attack-Length-Extension-CBC-MAC/key.py: -------------------------------------------------------------------------------- 1 | AES_key = "a9c3ffe462a9948c3e36b08d83a83e45" 2 | MAC_flag = "438e60628a7470339f3a06d24c6e6139" -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/6.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Franklin-Reiter/Pictures/7.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Hastad-Broadcast/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Hastad-Broadcast/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Hastad-Broadcast/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Hastad-Broadcast/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Hastad-Broadcast/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/6.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/7.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/8.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/9.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/10.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/11.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/12.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Retrieve-Modulus/Pictures/13.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Pollard-Rho/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Pollard-Rho/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/4.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/5.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/6.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/7.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/8.gif -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-LSBit-Oracle-variant/Pictures/9.gif -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Factorisation-Pollard's_p-1/Pictures/1.gif -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Factorisation-Pollard's_p-1/Pictures/2.gif -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Factorisation-Pollard's_p-1/Pictures/3.gif -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-13/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-13 2 | 3 | **Level**: 4 4 | 5 | **Challenge Description**: [No Description] 6 | 7 | **Points**: 40 8 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-14/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-14 2 | 3 | **Level**: 4 4 | 5 | **Challenge Description**: [No Description] 6 | 7 | **Points**: 40 8 | -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture1.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture2.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture3.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture4.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture5.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture6.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture7.gif -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Pictures/picture8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/ElGamal-Signatures/Pictures/picture8.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/Pictures/1.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/Pictures/2.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/Pictures/2.png -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/1.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/10.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/11.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/12.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/13.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/14.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/2.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/3.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/4.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/5.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/6.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/7.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/8.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Pictures/9.gif -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-and-MAC/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-and-MAC/Pictures/1.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-and-MAC/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-and-MAC/Pictures/2.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/1.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/2.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/3.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/4.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/5.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/6.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/7.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/8.png -------------------------------------------------------------------------------- /Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Elliptic-Curve-DSA/Attack-k-reuse/Pictures/9.png -------------------------------------------------------------------------------- /Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq1.gif -------------------------------------------------------------------------------- /Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq2.gif -------------------------------------------------------------------------------- /Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq3.gif -------------------------------------------------------------------------------- /Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq4.gif -------------------------------------------------------------------------------- /Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/Unpadded-RSA-Digital-Signatures/Pictures/eq5.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/1.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/2.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/3.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/4.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/5.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/6.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/Pictures/7.gif -------------------------------------------------------------------------------- /Identification/Ephemeral-Key-Auth/Challenges/EC-Auth/EC-auth.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Identification/Ephemeral-Key-Auth/Challenges/EC-Auth/EC-auth.tar.gz -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/stereotypes/ciphertext: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Coppersmith/Challenges/stereotypes/ciphertext -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/qproximity/secret.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Factorisation-Fermat/Challenges/qproximity/secret.enc -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/1.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/2.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/3.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/4.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/Encrypt-then-MAC/Pictures/5.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/1.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/2.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/3.png -------------------------------------------------------------------------------- /Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Authenticated-Encryption/AE-with-MACs/MAC-then-Encrypt/Pictures/4.png -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/wc.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/wc.db -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/1.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/10.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/11.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/12.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/13.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/14.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/15.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/15.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/16.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/16.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/17.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/17.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/18.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/18.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/19.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/19.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/2.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/20.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/20.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/21.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/21.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/22.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/22.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/3.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/4.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/5.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/6.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/7.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/8.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Pictures/9.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/1.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/2.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/3.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/4.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/5.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/6.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/7.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/8.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/9.gif -------------------------------------------------------------------------------- /Digital-Signatures/PKCS#1-v1.5-Padded-RSA-Digital-Signature/Pictures/eq1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Digital-Signatures/PKCS#1-v1.5-Padded-RSA-Digital-Signature/Pictures/eq1.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/10.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/11.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/12.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/13.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/14.gif -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/15.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Pictures/15.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/1.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/10.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/10.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/11.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/11.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/12.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/12.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/13.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/13.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/14.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/14.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/15.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/15.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/16.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/16.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/17.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/17.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/18.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/18.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/19.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/19.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/2.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/20.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/20.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/21.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/21.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/22.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/22.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/23.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/23.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/3.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/4.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/5.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/6.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/7.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/7.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/8.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/8.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/9.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Pictures/9.gif -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Bit-Flipping/README.md: -------------------------------------------------------------------------------- 1 | # CBC Bit Flipping Attack 2 | 3 | You can read about this attack in detail on my blog [here](https://masterpessimistaa.wordpress.com/2017/05/03/cbc-bit-flipping-attack/) -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/pristine/1a/1a4b4f8bd24c89aa0ee7e7c697f21d714e35efc0.svn-base: -------------------------------------------------------------------------------- 1 | # Baby Crypt 2 | 3 | flag is in the source file 4 | 5 | Just give them a place to nc to 6 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Locked_Dungeon/Locked-Dungeons-1.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Locked_Dungeon/Locked-Dungeons-1.zip -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/1.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/2.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/3.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/3.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/4.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/4.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/5.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/5.gif -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/6.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/Pictures/6.gif -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/7h3_Godf4ther/README.md: -------------------------------------------------------------------------------- 1 | # 7h3_Godf4ther 2 | 3 | **Level**: 6 4 | 5 | **Description**: "Great men are not born great, they grow great" - Don Vito Corleone 6 | 7 | **Points**: 100 8 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Challenges/handicraft_rsa/._handicraft_rsa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Factorisation-Pollard's_p-1/Challenges/handicraft_rsa/._handicraft_rsa.py -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/fermat.sage: -------------------------------------------------------------------------------- 1 | def basic_fermat(n): 2 | a = ceil(sqrt(n)) 3 | b2 = a^2 - n 4 | while not is_square(b2): 5 | a += 1 6 | b2 = a^2 - n 7 | return (a-sqrt(b2), a+sqrt(b2)) 8 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-1/points.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-1/points.db -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-2/points.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-2/points.db -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Bit-Flipping/Challenges/Secret-Server/README.md: -------------------------------------------------------------------------------- 1 | # Secret-Server 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/4849](https://ctftime.org/task/4849) 4 | 2. Writeups: [Other writeups](https://ctftime.org/task/4849) 5 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Padding-Oracle/Challenges/Secret-Server/README.md: -------------------------------------------------------------------------------- 1 | # Secret-Server 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/4849](https://ctftime.org/task/4849) 4 | 2. Writeups: [Other writeups](https://ctftime.org/task/4849) 5 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Locked_Dungeon/README.md: -------------------------------------------------------------------------------- 1 | # Locked Dungeons 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/5679](https://ctftime.org/task/5679) 4 | 2. Writeups: [https://ctftime.org/task/5679](https://ctftime.org/task/5679) -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Challenges/Multicast/multicast_684d222a7554c098301c2d8a608c85dd.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ashutosh1206/Crypton/HEAD/RSA-encryption/Attack-Hastad-Broadcast/Challenges/Multicast/multicast_684d222a7554c098301c2d8a608c85dd.tar.gz -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-2/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 0f01d27bfc4c93f023cffdf8cd8f43b0a574b7ba70484ff3b36d65d41a01397dc684da97a7b5be14bb56671b9edaaff9e57bfdf747e092d408962dcb9452b9667f9bb2a7e398cf2493e62e6f471ec675756b257245b21fabe646f1271acb5833161f584ac3fc3d71e255110ee2e57c2eb865 -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Bit-Flipping/Challenges/CNVService/README.md: -------------------------------------------------------------------------------- 1 | # CNVService 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/5212](https://ctftime.org/task/5212) 4 | 2. Writeups: [My writeup](https://masterpessimistaa.wordpress.com/2018/01/31/cnvservice-acebear-ctf-2018-writeup/) 5 | -------------------------------------------------------------------------------- /Digital-Signatures/Attack-e=3-Bleichenbacher/Challenges/cryptopals-set6-p42/README.md: -------------------------------------------------------------------------------- 1 | # Bleichenbacher's e=3 RSA Attack 2 | 3 | **Description**: 4 | 5 | **Points**: _None_ 6 | 7 | **Writeup**: [My exploit script](https://github.com/ashutosh1206/Matasano-Crypto-Challenges/tree/master/set6/p42) -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/stereotypes/plaintext.txt: -------------------------------------------------------------------------------- 1 | Welcome to BackdoorCTF17. Just one advice Never ignore the challenge names, they provides the maximum hint. Okay now let's leave the boring stuff apart i know you are eagerly waiting to gain some points So here it is : XXXXXXXXXXXXXXX -------------------------------------------------------------------------------- /Message-Authentication-Code/CBC-MAC-Forgery/Challenges/He-Moron/source.py: -------------------------------------------------------------------------------- 1 | def sign(k, m): 2 | ECB = AES.new(k, AES.MODE_ECB) 3 | mb = [m[i:i + 16] for i in range(0, len(m), 16)] 4 | t = ECB.encrypt(mb[0]) 5 | for i in range(1,len(mb)): 6 | t = ECB.encrypt(strxor(mb[i], t)) 7 | return hexlify(t) 8 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/7h3_Godf4ther/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 990a4695d825e060635354574bb1ffeb961ecbf6982cd4d156426f2e4ea123a15ab8102eeb09ecbeec916b0bccf98ba644f8644820a4f6d96abffe4d7844c26190d029204f41a08550a451b59c53e29a2040751a1742f3d1246cb49bc0c0fe473926bd6660411847938d7656f83274cbe7edeb251f623a786b67960515be7e29 -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/C4-reloaded/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 10d4f78cb70069ef086b3e2c42b8e465c1ebf509c770e9d4f0177df154e0175690a6a9f4d5132dcdb89dde0e192f00215a7af701ec4fe112aedc9e35751b9bda2cff76ab119451f4f112d49c6a670f3ac82794663eb8df1ea9c3d379b840bf192c43be9a890a06bbf8f10b46fd9015e180b0ba14916de49a634ad8fac6b49f91 -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-0/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 57f1475ae4d803f0536cb62b0111cfcde087ae804fda2e1cf6498c367ee3a1d75d926cedd9d9883f189c3d9f0836bf1a636fcae407a103bde88e39095ec90abc13287432d0271ad2c7e937c191bf049cee3d69b3c280c5e9e25900be0917caa30b51d0fe049c11702f341f7106cb00fcc9e93abd980f09d6d9ae259868e72bfa -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-1/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 0fd80251ce21fa09f8835817f9978edfd99f1e5429e8b8db5669391657b3574cf26fa9d6b2ee32399e7fdb15e35380efb2575b36b15c9359e808ecb857e0f29a9326c60d9080f78d3c2d1c1d5e7a730cc42ac25e6fdfbac12f938a11a2d2b3761236beaad12c038d7bf642e8e44a32db7a225bacb740f72c4617f7ff75f2da30 -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-4/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 3135b04822f3eaadb3cef509f214f42c9e9e5c18a68565dc435e5f67e626398fb7d49bd31ca10d738c4ccd78610d1b2f522becf312483bd2a1ab7bdbf73338e847c751021bada55fa4a071dbb726d1f127dd439577251862a25dac562ba110be9350fb461dffc772c8cc6cbe8aff79d860882ebd4f768e6442e2f1f9f4bb83f9 -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:-------------------:|:------:|:----:|:----------------:|:------:| 5 | | 1 |[Lost-Key](Lost-Key/)| HITCON | 2018 | _None_ | 257 | 6 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Challenges/Multi_Layer_RSA/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 5d695edb47b81a303d162611f7d407579160ef8818929031e1e13ca20cb7094eddbb0658d95980e1753182c5d5c529fb45062891bb5da573c618e35df0103233ded582a53ed807846b19ea82be427f2bbc63e5c7eb685d8a22b2b7539cf45d4ad93bbf5b892b66288b568b6bbff6bb263d809475e6f0aa3cfd01539d8364c243 -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/Easy-RSA-2/README.md: -------------------------------------------------------------------------------- 1 | # Easy RSA 2 2 | 3 | 1. **Challenge Description**: Let's continue with RSA 4 | 2. **Writeups**: 5 | + [Unintended solution - Fermat's Factorisation](https://ctftime.org/task/8848) 6 | 7 | ## Directory Contents 8 | 1. [task.py](task.py): Given task file 9 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Dp&Dq/README.md: -------------------------------------------------------------------------------- 1 | # Dp&Dq 2 | 3 | **Level**: 4 4 | 5 | **Description**: No need! 6 | 7 | **Points**: 40 8 | 9 | **Documentation reference for libraries used**: 10 | 1. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 11 | 2. gmpy2: https://gmpy2.readthedocs.io/en/latest/ 12 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | 3 | RUN apt-get update && apt-get install -y python python-crypto socat 4 | COPY ./baby_crypt.py /opt/baby_crypt.py 5 | RUN chmod +x /opt/baby_crypt.py 6 | 7 | CMD socat -T60 TCP-LISTEN:8000,reuseaddr,fork EXEC:"python -u /opt/baby_crypt.py" 8 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Challenges/DLP/README.md: -------------------------------------------------------------------------------- 1 | # DLP 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/3825](https://ctftime.org/task/3825) 4 | 2. Writeups: 5 | * [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/ASIS-CTF-Quals/DLP) 6 | * [Other writeups](https://ctftime.org/task/3825) -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Dp&Dq/publickey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHBsoNasn+Gcy1HsQRM56yO+koGG 3 | aZ38qdxWxFDBHwWsMepvjJOaTr2eze6RSn7WnM4G4wXFlDe5HMXOjdBamO6IXBER 4 | THjXoe5ApHPHO2A13mY8b5gt6MYfe236VV/as0s1T+uqRZjfGx7F7mIgzfrPtzw3 5 | GMhjlTbZFA19S3s9AgMBAAE= 6 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/C4-reloaded/publickey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDeOyxb9W4/uMYhwPwA0RoI4Fo 3 | 7Nv80buJzIS34i0ShS3YfwTSuJ6nH7hpLj3+5nVK10ru7rFMLiNYh6/1yvVpsxb4 4 | sWodZlOoEQghGSj7JoS5b5ZDQSACePzla9rUUcqgkvKT0ST+KGQ7nVrqKzj0/H+0 5 | /b3UGhxEDpwYOTKyIwIDAQAB 6 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-2/publickey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGcMA0GCSqGSIb3DQEBAQUAA4GKADCBhgKBgHzwnQdNCkQOtxBLcHAiGeOsH/fM 3 | aOISdozS7cu4uBLziemxiVvz6usF1y7X5c3UD8pYp08z6dTeBrMfDbE5w5SVvx8y 4 | 4dJ+wrzdDciOInUvtguPli/IS2de6DIWpiOQShTX/auK604oE2If9s6e4XqZQQMw 5 | caqlsRPzNDC+9+m3AgED 6 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-4/publickey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgFLzG+bNJlCs6BLFAQbEX4SWxDPJ 3 | xTJb+bLVGkdSX/EfroClr/+QHJD0H6O7G01s5wqQptC++ddkjF4Ha0vFRoVXywxu 4 | H2toAaJfU7nTlEpvGz6Yq954lexUnmYHKla2SUMJfIJ0Ap4zP4GM+6a7fxMvthDZ 5 | Y33dDzS9A+Ev+T8PAgMBAAE= 6 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /Identification/Ephemeral-Key-Auth/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:-------------------:|:-------------------:|:----:|:----------------:|:------:| 5 | | 1 |[EC-Auth](EC-Auth/) | InCTF International | 2018 | Medium | 999 | 6 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/qproximity/public: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgAOBxiQviVpL4G5d0TmVmjDn51zu 3 | iravDlD4vUlVk9XK79/fwptVzYsjimO42+ZW5VmHF2AUXaPhDC3jBaoNIoa78CXO 4 | ft030bR1S0hGcffcDFMm/tZxwu2/AAXCHoLdjHSwL7gxtXulFxbWoWOdSq+qxtak 5 | zBSZ7R1QlDmbnpwdAgMDEzc= 6 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Challenges/Baby-DLP/README.md: -------------------------------------------------------------------------------- 1 | # Baby-DLP 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/4541](https://ctftime.org/task/4541) 4 | 2. Writeups: 5 | * [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/Tokyo-Westerns-CTF/baby-dlp) 6 | * [Other writeups](https://ctftime.org/task/4541) -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/README.md: -------------------------------------------------------------------------------- 1 | # BabyCrypt 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/4662](https://ctftime.org/task/4662) 4 | 2. Writeups: 5 | * [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/CSAW-CTF-Quals/BabyCrypt) 6 | * [Other writeups](https://ctftime.org/task/4662) -------------------------------------------------------------------------------- /Elgamal-Encryption/Challenges/Megalal/README.md: -------------------------------------------------------------------------------- 1 | # Megalal 2 | 3 | 1. Challenge Description: You can reach a strange authentication system here: nc 35.197.255.108 1337. I'm sure you know what you have to do. 4 | 2. Writeups: [https://ctftime.org/task/5145](https://ctftime.org/task/5145) 5 | 6 | ## Directory Contents 7 | 1. [megalal.py](megalal.py) - given encryption script -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Challenges/Multi_Layer_RSA/modulus.txt: -------------------------------------------------------------------------------- 1 | n = 135568509670260054049994954417860747085442883428459182441559553532993752593294067458983143521109377661295622146963670193783017382697726454953197805014428888491744355387957923382241961401063461549210355871385000347645387907568135032087942016502668629010859519249039662555733548461551175133582871220209515648241 -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Small-Subgroup-Confinement/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:-------------------:|:-------------------:|:----:|:----------------:|:------:| 5 | | 1 | Cryptopals Set-8 Challenge-57 | _None_ | _None_ | Medium | _None_ | 6 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/pristine/9f/9f481da4832613295516aa52febcc399e4e51f55.svn-base: -------------------------------------------------------------------------------- 1 | FROM ubuntu:14.04 2 | 3 | RUN apt-get update && apt-get install -y python python-crypto socat 4 | COPY ./baby_crypt.py /opt/baby_crypt.py 5 | RUN chmod +x /opt/baby_crypt.py 6 | 7 | CMD socat -T60 TCP-LISTEN:8000,reuseaddr,fork EXEC:"python -u /opt/baby_crypt.py" 8 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/exploit.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | def pollard(n, B): 4 | a = 2 5 | for p in primes(B): 6 | pp = 1 7 | while pp*p <= B: 8 | pp *= p 9 | a = pow(a, pp, n) # provided a>=b, gcd(a, b) = gcd(a%b, b) 10 | g = gcd(a-1, n) 11 | if 1 < g < n: 12 | return g 13 | return None -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Prime/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:-------------------------------------------------:|:-------:|:----:|:----------------:|:------:| 6 | | 1 | [Challenge-3](../../Intro-Challenges/Challenge-3/)| _None_ | | 2 | 20 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:-------------------------------------------------:|:-------------:|:----:|:----------------:|:------:| 6 | |1 | [RSA-1s-Fun](RSA-1s-Fun/) | InCTF | 2017 | _None_ | 150 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:-------------------------------------------------:|:-------------:|:----:|:----------------:|:------:| 6 | |1 | [RSA-2](RSA-2/) | b00t2root'18 | 2018 | _None_ | 150 | -------------------------------------------------------------------------------- /Authenticated-Encryption/AES-GCM/Attack-Forbidden/Challenges/Forbidden/known: -------------------------------------------------------------------------------- 1 | (C1, T1) = (1761e540522379aab5ef05eabc98516fa47ae0c586026e9955fd551fe5b6ec37e636d9fd389285f3, 0674d6e42069a10f18375fc8876aa04d) 2 | (C2, T2) = (1761e540522365aab1e644ed87bb516fa47ae0d9860667d852c6761fe5b6ec37e637c7fc389285f3, cf61b77c044a8fb1566352bd5dd2f69f) 3 | C3 = 1761e540522379aab5ef05eabc98516fa47ae0d9860667d852c6761fe5b6ec37e646a581389285f3 4 | 5 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/qproximity/README.md: -------------------------------------------------------------------------------- 1 | # QProximity 2 | 3 | 1. Challenge Description: _None_ 4 | 2. Writeups: 5 | * [By the challenge author](https://grocid.net/2017/09/16/finding-close-prime-factorizations/) 6 | * [Other writeups](https://ctftime.org/writeup/7463) 7 | 8 | 9 | ## Directory Contents 10 | 1. [public](public)- public key file 11 | 2. [secret.enc](secret.enc)- ciphertext file -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:----------:|:----:|:----------------:|:------:| 6 | | 1 | [Nonsense](Nonsense/) | Volga-Quals| 2018 | _None_ | 200 | 7 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-2/README.md: -------------------------------------------------------------------------------- 1 | # Multiplayer-2 2 | 3 | 1. Challenge Description: [N/A]() 4 | 2. Writeups: 5 | + [N/A]() 6 | 7 | ## Directory Contents 8 | 1. [server.sage](server.sage)- given encryption script 9 | 2. [parameters.sage](parameters.sage) - File containing public EC parameters required for hosting the challenge locally 10 | 3. [points.db](points.db) - database essential for challenge hosting 11 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Challenges/Multicast/README.md: -------------------------------------------------------------------------------- 1 | # Multicast 2 | 3 | 1. Challenge Description: Many messages intercepted. Break them. 4 | 2. Challenge Writeups: 5 | + [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/Plaid-CTF/Multicast) 6 | + [Other writeups](https://ctftime.org/task/3999) 7 | 8 | ## Directory Contents 9 | 1. [data.txt](data.txt)- output file 10 | 2. [generate.sage](generate.sage)- encryption script -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Welcome/README.md: -------------------------------------------------------------------------------- 1 | # Welcome 2 | 3 | **Level**: 1 4 | 5 | **Description**: Do whatever you want, just get me the flag! 6 | 7 | **Points**: 5 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. gmpy2: https://gmpy2.readthedocs.io/en/latest/ 12 | 2. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 13 | 3. pycrypto's PublicKey RSA module: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html -------------------------------------------------------------------------------- /Authenticated-Encryption/AES-GCM/Attack-Forbidden/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:---------------:|:----:|:----------------:|:------:| 6 | | 1 | [Forbidden](Forbidden/) | Volga CTF Quals | 2018 | _None_ | 300 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/exploit.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | def wiener(e, n): 4 | m = 12345 5 | c = pow(m, e, n) 6 | q0 = 1 7 | 8 | list1 = continued_fraction(Integer(e)/Integer(n)) 9 | conv = list1.convergents() 10 | for i in conv: 11 | k = i.numerator() 12 | q1 = i.denominator() 13 | 14 | for r in range(30): 15 | for s in range(30): 16 | d = r*q1 + s*q0 17 | m1 = pow(c, d, n) 18 | if m1 == m: 19 | return d 20 | q0 = q1 21 | return None -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 5 | | 1 | [Gracias](Gracias/) | ASIS Finals | 2017 | _None_ | 287 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Padding-Oracle/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 5 | | 1 | [Secret-Server](Secret-Server/) | HITCON Quals | 2017 | _None_ | 221 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Challenges/Multi_Layer_RSA/README.md: -------------------------------------------------------------------------------- 1 | # Multi Layer RSA 2 | 3 | 1. Challenge Description: Adding Layers to encryption doesn't always help! 4 | 2. Challenge Writeups: 5 | + [My writeup](https://amritabi0s.wordpress.com/2017/12/18/inctf-2017-multi-layer-rsa-writeup/) 6 | 7 | ## Directory Contents 8 | 1. [ciphertext.txt](ciphertext.txt)- Ciphertext file 9 | 2. [modulus.txt](modulus.txt)- Public key file 10 | 3. [Multi_LayerRSAencrypt.py](Multi_LayerRSAencrypt.py)- Encryption file -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 5 | | 1 | [Handicraft RSA](handicraft_rsa/) | ASIS Finals | 2017 | _None_ | 138 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 6 | | 1 | [Multicast](Multicast/) | Plaid | 2017 | _None_ | 175 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/Challenges/Gracias/README.md: -------------------------------------------------------------------------------- 1 | # Gracias 2 | 3 | 1. Challenge Description: Some people think that combination of cryptographic systems will definitely improve the security. That’s your turn to prove them wrong. 4 | 2. Challenge Writeups: 5 | + [My writeup](https://masterpessimistaa.wordpress.com/2017/11/24/asis-finals-ctf-2017-gracias-writeup/) 6 | 7 | ## Directory Contents 8 | 1. [gracias.py](gracias.py)- encryption.py 9 | 2. [enc_pubkey.txt](enc_pubkey.txt)- ciphertext and public key file -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:-------------------------------------------------:|:-------------:|:----:|:----------------:|:------:| 5 | | 1 | [Multi Layer RSA](Multi_Layer_RSA/) | InCTF | 2017 | _None_ | 100 | 6 | | 2 | [Ron, Adi and Leonard](https://ctftime.org/task/6448) | Hackcon | 2018 | _None_ | 100 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/LoS-reloaded/README.md: -------------------------------------------------------------------------------- 1 | # Labyrinth of Suffering reloaded 2 | 3 | **Level**: 5 4 | 5 | **Description**: "What is the best way to go about being a person? What are the rules of this game, and how might we best play it?" 6 | "Damn it! How will I ever get out of this labyrinth of suffering??" - Looking for Alaska by John Green. Getting out isn't easy, really. 7 | "You live for pretentious metaphors" - Moby Dick 8 | 9 | **Points**: 60 10 | 11 | **References**: Symbolism, Imagery and Allegory -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/stereotypes/pubkey.txt: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAh66REMby35rVp0fJwltg 3 | V2rCvxd2AC1OXboXcq6guHA0lCmc+FE4voS/LZ9PiHlenM1jRU/fVTJX2glaDerN 4 | RG/ZqU2Q5AbThhzHTstcoRxuzrP9CxO8IyZ/nxTvIBk+YQJwPMOz/fen8+cgO51D 5 | Tslm2QSr2AtoNz/7h/O0Bv9Tr4ufhUjdOtpjTgbwh+1K1ZjNoXUgAkXgtezUXoMR 6 | YO9+wLkyeigYcJcexw1jLu15oh2mNRh3uUbdVLLroW2te/XSEXPRWyI6TFgSxozp 7 | QU8/ur8D7tKP/GVkbU8ygcxq/o0hwUUn71DdDVDWWJlpW1PGtjdM7AXjgVPKZehz 8 | 8QIBBw== 9 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/exploit.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | def wiener(e, n): 4 | m = 12345 5 | c = pow(m, e, n) 6 | lst = continued_fraction(Integer(e)/Integer(n)) 7 | conv = lst.convergents() 8 | for i in conv: 9 | k = i.numerator() 10 | d = int(i.denominator()) 11 | try: 12 | m1 = pow(c, d, n) 13 | if m1 == m: 14 | print "[*] Found d: ", d 15 | return d 16 | except: 17 | continue 18 | return -1 19 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-1/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-1 2 | 3 | **Level**: 1 4 | 5 | **Description**: You are given ciphertext of a message that is encrypted using `encrypt.py` and stored in `ciphertext.txt`. Also, private key values are stored in `privatekey.txt`. Get the flag and score some points! 6 | 7 | **Points**: 10 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 12 | 2. [OPTIONAL] gmpy2: https://gmpy2.readthedocs.io/en/latest/ -------------------------------------------------------------------------------- /Authenticated-Encryption/AES-GCM/Attack-Forbidden/Challenges/Forbidden/README.md: -------------------------------------------------------------------------------- 1 | # Forbidden 2 | 3 | 1. Challenge Description: Our friend tried to send us all his BTCs, but MAC of the transaction was lost. We need your help to compute MAC for this encrypted transaction. Send it in format VolgaCTF{AuthTag_in_HEX}. 4 | 2. Writeups: [Writeup by team RedRocket](http://blog.redrocket.club/2018/03/27/VolgaCTF-Forbidden/) 5 | 6 | ## Directory Contents 7 | 1. [task.py](task.py) - given encryption script 8 | 2. [known](known) - given ciphertext, authtag pairs -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/README.md: -------------------------------------------------------------------------------- 1 | # Really Suspicious Acronym 2 | 3 | 1. **Challenge Description**: You can't break my public key if you don't know it, amirite? 4 | 2. **Challenge write-ups**: 5 | + [by s0rc3r3r](https://ctftime.org/writeup/13941) 6 | 7 | ## Directory Contents 8 | 1. [task.sage](task.sage) - challenge encryption script 9 | 2. [output.txt](output.txt) - output file; includes public key, ciphertext etc. 10 | 3. [exploit.sage](exploit.sage) - solution script, written in sage 11 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Labyrinth-of-Suffering/README.md: -------------------------------------------------------------------------------- 1 | # Labyrinth of Suffering 2 | 3 | **Level**: 4 4 | 5 | **Description**: Not sure if your basics are clear in Number Theory? Test them here! 6 | 7 | **Points**: 50 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. gmpy2: https://gmpy2.readthedocs.io/en/latest/ 12 | 2. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 13 | 3. pycrypto's PublicKey RSA module: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Challenges/handicraft_rsa/publickey.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+m7iHurBa9G8ujEiTpZ 3 | 71aHOVNhQXpd6jCQNhwMN3hD6JHkv0HSxmJwfGe0EnXDtjRraWmS6OYzT4+LSrXs 4 | z9IkWGzRlJ4lC7WHS8D3NWIWYHCP4TRt2N0TlWXWm9nFCrEXqQ3IWgYQpQvKzsds 5 | etnIZJL1tf1wQzGE6rbkbvURlUBbzBSuidkmi0kY5Qxp2Jfb6OUI647zx2dPxJpD 6 | ffSCNffVIDUYOvrgYxIhs5HmCF3XECC3VfaKtRceL5JM8R0qz5nVU2Ns8hPvSVP+ 7 | 7/i7G447cjW151si0joB7RpBplu44Vk8TXXDAk0JZdW6KwJn7ITaX04AAAAAAAAA 8 | AQIDAQAB 9 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /RSA-encryption/PKCS1-v1.5-Padded-RSA/README.md: -------------------------------------------------------------------------------- 1 | # RSA Encryption using PKCS#1-v1.5 padding 2 | 3 | Prerequisites: 4 | 1. [RSA Encryption/Decryption](https://github.com/ashutosh1206/Crypton/tree/master/RSA-encryption) 5 | 6 | 7 | This section covers RSA encryption using PKCS1-v1.5 padding. Padding was introduced in RSA to ensure security against attacks such as cube-root (we introduce padding to ensure the ciphertext wraps around the modulus), [Coppersmith's Attack](https://github.com/ashutosh1206/Crypton/tree/master/RSA-encryption/Attack-Coppersmith), etc. -------------------------------------------------------------------------------- /Message-Authentication-Code/CBC-MAC-Forgery/Challenges/He-Moron/README.md: -------------------------------------------------------------------------------- 1 | # He Moron 2 | 3 | **Description**: An overconfident boastful moron has claimed that he has written his own version of a MAC and has challenged the people here at Xiomara to break it! We are very certain that he might have made a mistake in the implementation. So, help us find one, crack his scheme and get the flag! 4 | 5 | **Challenge points**: 250 6 | 7 | **Files**: 8 | 1. server.py: Code running on the server 9 | 2. source: Source code given 10 | 11 | 12 | **Writeup**: 13 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-1/README.md: -------------------------------------------------------------------------------- 1 | # Multiplayer-1 2 | 3 | 1. Challenge Description: [https://ctftime.org/task/6860](https://ctftime.org/task/6860) 4 | 2. Writeups: 5 | + [My writeup](https://ctftime.org/writeup/11832) 6 | 7 | ## Directory Contents 8 | 1. [server.sage](server.sage)- given encryption script 9 | 2. [parameters.sage](parameters.sage) - File containing public EC parameters required for hosting the challenge locally 10 | 3. [points.db](points.db) - database essential for challenge hosting 11 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/Crafted-RSA/ciphertext.txt: -------------------------------------------------------------------------------- 1 | 6444941f812bd69f57dd94579532e52230e0cb6c3990e6bed0f19950e30126afe92baf35db0ee64cc8d59443b2bff99574142bdab354400ea19ef309b37b946d18e4d003ab63c159cebd7f954867f7a82e1d44082d8d63e1fea874f3793ab56c28b2d66eb054edd3520bf60f70806d8c49e8f80200dd33943376042ee324d425c612b7ab7a52bd86b42e6f485ce19b83db156a6ea42ba8d90ca348f444887f230672bd90d673a36250476a5c3e1413fc09862007f4fee942dcf1ec45ae7fd04ab829bde3f3d3e1ee562a2c7ecfd98b345f87cfe1f6cff67c81c7d23c659cd29660376f4b64fa592dd17695124818e95ce8b09f4f24d9d9f05cf929237eac3dff -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Padding-Oracle/README.md: -------------------------------------------------------------------------------- 1 | # CBC Padding Oracle Attack 2 | 3 | To read about it in detail about Padding Oracle Attack on CBC mode of encryption, refer to this blog by Ron Bowes [Padding Oracle Attack- in depth](https://blog.skullsecurity.org/2013/padding-oracle-attacks-in-depth). And after looking at the attack you can refer this for an example - [Padding Oracle Attack- an example](https://blog.skullsecurity.org/2013/a-padding-oracle-example). The explanation is precise and easy to understand! Thanks to Ron [iagox86](https://github.com/iagox86) for the amazing explanation! -------------------------------------------------------------------------------- /Elgamal-Encryption/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:-----------:|:----:|:----------------:|:------:| 6 | | 1 | [Prime-Enigma](Prime-Enigma/) | Hack.lu CTF | 2017 | _None_ | 150 | 7 | | 2 | [Megalal](Megalal/) | 34c3 Junior | 2017 | _None_ | 188 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/exploit.sage: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | # All the variable names mean the same as mentioned in the explanation 4 | # For eg, a,b are the values in the function f = ax + b 5 | 6 | def gcd(a, b): 7 | while b: 8 | a, b = b, a % b 9 | return a.monic() 10 | 11 | def franklinreiter(C1, C2, e, N, a, b): 12 | P. = PolynomialRing(Zmod(N)) 13 | g1 = (a*X + b)^e - C1 14 | g2 = X^e - C2 15 | print "Result" 16 | result = -gcd(g1, g2).coefficients()[0] 17 | return hex(int(result))[2:].replace("L","").decode("hex") 18 | -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Challenges/Nonsense/README.md: -------------------------------------------------------------------------------- 1 | # Nonsense 2 | 3 | 1. Challenge Description: We've intercepted several consecutive signatures. Take everything you need and find the secret key. Send it to us in hex. 4 | 2. Writeups: 5 | * [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2018/VolgaCTF-Quals/Nonsense) 6 | * [Other writeups](https://ctftime.org/task/5610) 7 | 8 | 9 | ## Directory Contents 10 | 1. [encrypt.py](encrypt.py) - given encryption script 11 | 2. [signatures](signatures) - file containing all the signatures generated -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/task.sage: -------------------------------------------------------------------------------- 1 | def bytes_to_long(data): 2 | return int(data.encode("hex"),16) 3 | 4 | def rsa(msg,e,n): 5 | return pow(bytes_to_long(msg),e,n) 6 | 7 | flag = open('flag.txt','r').read() 8 | tmp = randint(2**1023, 2**1024) 9 | e = 65537 10 | p = next_prime(0xDEAD*tmp+randint(2, 2**500)) 11 | q = next_prime(0xBEEF*tmp+randint(2, 2**500)) 12 | N = p*q 13 | print('msg1 = '+str(rsa("You can't factor the modulus",e,N))) 14 | print('msg2 = '+str(rsa("If you don't know the modulus!",e,N))) 15 | print('flag = '+str(rsa(flag,e,N))) 16 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/stereotypes/README.md: -------------------------------------------------------------------------------- 1 | # Stereotypes 2 | 3 | 1. Challenge Description: Welcome to BackdoorCTF17. Just one advice Never ignore the challenge names, they provides the maximum hint. Okay now let's leave the boring stuff apart i know you are eagerly waiting to gain some points So here it is : XXXXXXXXXXXXXXX 4 | 2. Challenge writeups: 5 | + [by blue](https://ctftime.org/writeup/7654) 6 | 7 | ## Directory Contents 8 | 1. [ciphertext](ciphertext)- ciphertext file 9 | 2. [plaintext.txt](plaintext.txt)- plaintext file 10 | 3. [pubkey.txt](pubkey.txt)- public key -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Challenges/handicraft_rsa/README.md: -------------------------------------------------------------------------------- 1 | # Handicraft RSA 2 | 3 | 1. Challenge Description: Someone is developing his own RSA system in his very old home's basement. Prove him that this RSA system is only valid on his basement! 4 | 2. Challenge Writeups: 5 | + [Writeup by Rule110](https://ctftime.org/writeup/7427) 6 | + [Writeup by ESPR](https://ctftime.org/writeup/7419) 7 | 8 | ## Directory Contents 9 | 1. [handicraft_rsa.py](handicraft_rsa.py)- encryption file 10 | 2. [output.txt](output.txt)- output file 11 | 3. [publickey.pub](publickey.pub)- public key file -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-0/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-0 2 | 3 | **Level**: 1 4 | 5 | **Description**: A simple walkthrough over how `unpadded RSA encryption` works. You are given the ciphertext encryted using RSA in `ciphertext.txt` and `encrypt.py` is used to encrypt the flag. Read how the encryption works from `encrypt.py`, calculate d using p,q given and hence get the flag. 6 | 7 | **Points**: 10 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 12 | 2. [OPTIONAL] gmpy2: https://gmpy2.readthedocs.io/en/latest/ -------------------------------------------------------------------------------- /Block-Cipher/Attack-CTR-Bit-Flipping/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:----------:|:----:|:----------------:|:------:| 6 | | 1 | [Cryptopals Challenge-26](http://cryptopals.com/sets/4/challenges/26)| _None_ |_None_| _None_ | _None_ | 7 | 8 | 9 | Cryptopals Challenge-26 exploit script: [exploit.py](https://github.com/ashutosh1206/Matasano-Crypto-Challenges/blob/master/set4/p26/exploit.py) -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/C4-reloaded/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-4 Reloaded 2 | 3 | **Level**: 3 4 | 5 | **Description**: Hope you solved challenge-4 and enjoyed it! This time too, we have the same vulnerability, just added some randomisation to make things a bit more difficult! 6 | 7 | **Points**: 35 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. gmpy2: https://gmpy2.readthedocs.io/en/latest/ 12 | 2. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 13 | 3. pycrypto's PublicKey RSA module: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Labyrinth-of-Suffering/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import * 3 | import gmpy2 4 | from secret import flag 5 | 6 | p = getPrime(512) 7 | q = getPrime(512) 8 | n = p*q 9 | e = 65537 10 | 11 | s = pow(2, p-0xdeadbeef, n) 12 | message = bytes_to_long(flag) 13 | ciphertext = pow(message, e, n) 14 | ciphertext = long_to_bytes(ciphertext) 15 | ciphertext = ciphertext.encode("hex") 16 | 17 | out_str = "[1] ciphertext: " + ciphertext + "\n[2] n: " + str(n) + "\n[3] e: " + str(e) + "\n[4] s: " + str(s) 18 | obj1 = open("data.txt",'w') 19 | obj1.write(out_str) -------------------------------------------------------------------------------- /Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:-------------------:|:-------------------:|:----:|:----------------:|:------:| 5 | | 1 | Cryptopals Set-8 Challenge-59 | _None_ | _None_ | Medium | _None_ | 6 | | 2 | [EC-Cooldown](https://github.com/teambi0s/InCTFi/tree/master/2018/Crypto/EC-Cooldown) | InCTF International-2018 | 2018 | Medium | 1000 | 7 | | 3 | [Secure Password DB](https://ctftime.org/task/8086) | SpamAndFlags Teaser 2019 | 2019 | Medium | 357 | 8 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Dp&Dq/data.txt: -------------------------------------------------------------------------------- 1 | [*] ciphertext: 190400328f5de054f9441b3bcc880b6f1b8cbcf9b0ec7200adb77df3aeeb3a078a56d7c292dfca4bfcedfd5d04baacbdd0ef7e09abedee4bd019d558fe8dceb4992470de5a91f0cae31474d533b913f1fac6af8ef90e7c48cd997a54cfb116535dc2f0c899da7164ca42cc81b3e1b0f62000ef0c84e4562baef1735cf4f2f5e7 2 | [*] dp: 8321799485573394942860161613115645956831906109530714384373208626667653915259713390904176783594390723717464276624389144661507957436413671900779232689662021 3 | [*] dq: 2198929330929270024294269318575741752298983645094723246081092280962552792055470240383972603201186261174772783400859274241718426034485142439904994069255041 -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:--------------:|:----:|:----------------:|:------:| 6 | | 1 | [Multiplayer Part-1](Multiplayer-1/) | Hack.lu | 2018 | _None_ | 268 | 7 | | 2 | [Multiplayer Part-2](Multiplayer-2/) | Hack.lu | 2018 | _None_ | | 8 | -------------------------------------------------------------------------------- /Digital-Signatures/Attack-e=3-Bleichenbacher/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:---------------------------------------------------------------------------:|:----------------:|:-------:|:----------------:|:------:| 6 | |1 | [Cryptopals Set-6 Challenge-42](http://cryptopals.com/sets/6/challenges/42) | _None_ | _None_ | _None_ | _None_ | 7 | |2 | [RSA CTF Challenge](https://ctftime.org/task/4233) | Google CTF Quals | 2017 | Medium | _None_ | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-1/privatekey.txt: -------------------------------------------------------------------------------- 1 | d: 16674440118012703327250441651827447414883115267385535896258056940902053974041459048570804128769329208368609586641816535253060495809085135720463507190636829663140409668935975403245910582943233005928361736126168922017946174180692640447247905659211062068260330460434066199355148719556676953323140496520670298081 2 | n: 97327465444798587278055948925526845496009505279537394552285739021722293489201558751886782168432091942363160534355604762279998727630923810091914577017524593073642676827447173895227246888600059180358809402075042576891370242394248767130395066592747932602851717995806723009815226684448970582305350597344040878031 -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Challenges/RSA-1s-Fun/modulus.txt: -------------------------------------------------------------------------------- 1 | n = 20333254691880587307936337314043639948842015851766398721090407302956251747329178671065731363354242526918246592697537469440013326971933436283835869953205389270794974354649936678036319060756577261022556782132429409780897209149764199287410299784057084352324514504271696413494646839995519846723688986124055120364880326007695589111754397828528457250142219463380016968678118831245509936377859985508548247011183090952083546525956426331360929466685835043639197893823027068509935334942858316357902671524385521979877692725137825489358188564620960020623845798362737725511832599703350407211941298094845205725160096135130216181313 -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/Crafted-RSA/modulus.txt: -------------------------------------------------------------------------------- 1 | n: 16597712262800095098226130512282927179497011173406539443409876664765634654792363184411825406484837021057998483611151825837103388795480529002121502546121948928066281359031028270878297218661409934035886546020930964028780335737680348596910306513206117504108058925329858396067856573163592825383960058578681644875980180546847557812966223271765120162910255137784213094212309609759257353674875979882725784871783757837297703281196379092511265281287845023919390729682379344606965288462358145824117145872183931465422694130609005144944508184194344888497580577863328136806345023037939204996365581479722451260520977982655414777159 -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-2/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-2 2 | 3 | **Level**: 1 4 | 5 | **Description**: You are given ciphertext of a message that is encrypted using `encrypt.py` and stored in `ciphertext.txt`. Also, you are given public key parameters in `publickey.pem`, get the flag and score some points! 6 | 7 | **Points**: 15 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. [NECESSARY]gmpy2: https://gmpy2.readthedocs.io/en/latest/ 12 | 2. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 13 | 3. pycrypto's PublicKey RSA module: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html 14 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/baby_crypt.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | def dumb_pad(imp): 4 | while len(imp)%16 != 0: 5 | imp+="0" 6 | return imp 7 | 8 | 9 | from Crypto.Cipher import AES 10 | import hashlib 11 | 12 | 13 | k = hashlib.sha256() 14 | flag = "flag{Crypt0_is_s0_h@rd_t0_d0...}" 15 | k.update(flag) 16 | key = k.digest() 17 | c = AES.new(key,AES.MODE_ECB); 18 | def oracle(inp): 19 | #c = AES.new(key,AES.MODE_ECB); 20 | return c.encrypt(dumb_pad(inp+flag)).encode('hex') 21 | 22 | while True: 23 | imp = raw_input("Enter your username (no whitespace): ") 24 | print("Your Cookie is: " + oracle(imp)) 25 | -------------------------------------------------------------------------------- /Elgamal-Encryption/Challenges/Prime-Enigma/README.md: -------------------------------------------------------------------------------- 1 | # Prime Enigma 2 | 3 | 1. Challenge Description: Hey there fellow lizard how nice of you to drop by! Did you know those filthy humans really think that some numbers have special meanings? Seven, 13 and for some strange reason even 9000. Go and show them that a good prime does not make a secure cryptosystem! 4 | 2. Writeups: 5 | * [My writeup](https://github.com/ashutosh1206/Crypto-CTF-Writeups/tree/master/2017/Hack.lu-CTF/prime-enigma) 6 | * [Other writeups](https://ctftime.org/task/4770) 7 | 8 | ## Directory Contents 9 | 1. [encrypt.py](encrypt.py) - given encryption script 10 | 2. [ciphertext.txt](ciphertext.txt) - ciphertext file -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Challenges/RSA-1s-Fun/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | 3 | e1 = 9 4 | e2 = 123 5 | 6 | def prime_gen(): 7 | while True: 8 | p = getPrime(1024) 9 | q = getPrime(1024) 10 | n = p*q 11 | phin = (p-1)*(q-1) 12 | if GCD(e1, phin) == 1 and GCD(e2, phin) == 1: 13 | return (p, q, n) 14 | p, q, n = prime_gen() 15 | 16 | print "p: ", p 17 | print "q: ", q 18 | print "n: ", n 19 | 20 | flag = bytes_to_long(open("flag.txt").read().strip()) 21 | assert flag < n 22 | assert flag**9 > n 23 | 24 | c1 = pow(flag, e1, n) 25 | c2 = pow(flag, e2, n) 26 | 27 | print "c1: ", c1 28 | print "c2: ", c2 29 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-3/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-3 2 | 3 | **Level**: 2 4 | 5 | **Description**: Alice wants to send the same message to 4 different people. So, for this he generates 4 different public key pairs, encrypts the same message for 4 people using these public key pairs, generates the corresponding ciphertexts and sends each ciphertext to each person. We have the public key parameters for each person. Find the vulnerability, and find out what Alice is sending! 6 | 7 | **Points**: 20 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 12 | 2. gmpy2: https://gmpy2.readthedocs.io/en/latest/ -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/exploit.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | # f is the monic polynomial f(x) = (m + x)**e - c whose roots we have to find 4 | def stereotyped(f, N): 5 | P. = PolynomialRing(Zmod(N)) 6 | beta = 1 7 | dd = f.degree() # Degree of the polynomial 8 | epsilon = beta/7 9 | XX = ceil(N**((beta**2/dd) - epsilon)) 10 | rt = f.small_roots(XX, beta, epsilon) 11 | return rt 12 | 13 | def N-factorize(f, N): 14 | P. = PolynomialRing(Zmod(N)) 15 | beta = 0.5 16 | dd = f.degree() # Degree of the polynomial 17 | epsilon = beta/7 18 | XX = ceil(N**((beta**2/dd) - epsilon)) 19 | rt = f.small_roots(XX, beta, epsilon) 20 | return rt 21 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-4/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import RSA 3 | import gmpy2 4 | from secret import flag 5 | 6 | while True: 7 | p = getPrime(512) 8 | q = p+2 9 | if isPrime(q): 10 | break 11 | n = p*q 12 | e = 65537 13 | phin = (p-1)*(q-1) 14 | assert GCD(e, phin) == 1 15 | 16 | d = inverse(e, phin) 17 | 18 | # Message/Flag to be encrypted 19 | m = bytes_to_long(flag) 20 | ciphertext = long_to_bytes(pow(m, e, n)) 21 | ciphertext = ciphertext.encode("hex") 22 | 23 | obj1 = open("ciphertext.txt",'w') 24 | obj1.write(ciphertext) 25 | 26 | key = RSA.construct((n, long(e))) 27 | f = open("publickey.pem",'w') 28 | f.write(key.exportKey("PEM")) -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/pristine/b7/b75d2c87ea0c9c2edc7481c17e76aa6d8ef45574.svn-base: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | def dumb_pad(imp): 4 | while len(imp)%16 != 0: 5 | imp+="0" 6 | return imp 7 | 8 | 9 | from Crypto.Cipher import AES 10 | import hashlib 11 | 12 | 13 | k = hashlib.sha256() 14 | flag = "flag{Crypt0_is_s0_h@rd_t0_d0...}" 15 | k.update(flag) 16 | key = k.digest() 17 | c = AES.new(key,AES.MODE_ECB); 18 | def oracle(inp): 19 | #c = AES.new(key,AES.MODE_ECB); 20 | return c.encrypt(dumb_pad(inp+flag)).encode('hex') 21 | 22 | while True: 23 | imp = raw_input("Enter your username (no whitespace): ") 24 | print("Your Cookie is: " + oracle(imp)) 25 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:----------:|:----:|:----------------:|:------:| 6 | | 1 | [Cryptopals Challenge-12](http://cryptopals.com/sets/2/challenges/12)| _None_ |_None_| _None_ | _None_ | 7 | | 2 | [Baby-Crypt](Baby-Crypt/) | CSAW-Quals | 2017 | _None_ | 350 | 8 | | 3 | [Locked Dungeons](Locked_Dungeon/) | Swamp-CTF | 2018 | _None_ | 481 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 4 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 5 | | 1 | [Easy-RSA-2](Easy-RSA-2/)| ISITDTU CTF Quals | 2019 | _None_ | 919 | 6 | | 2 | [QProximity](qproximity/) | SEC-T CTF | 2017 | _None_ | 200 | 7 | | 3 | [Crafted-RSA](Crafted-RSA/) | InCTF | 2017 | _None_ | 150 | 8 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:--------------:|:----:|:----------------:|:------:| 6 | | 1 | [DLP](DLP/) | ASIS Quals | 2017 | _None_ | 158 | 7 | | 2 | [Baby-DLP](Baby-DLP/) | Tokyo-Westerns | 2017 | _None_ | 91 | 8 | | 3 | [Madlog](https://ctftime.org/task/4617) | SEC-T CTF | 2017 | _None_ | 200 | -------------------------------------------------------------------------------- /Identification/Ephemeral-Key-Auth/Challenges/EC-Auth/README.md: -------------------------------------------------------------------------------- 1 | # EC-Auth 2 | 3 | 1. **Challenge Description**: Service running at `nc 18.191.200.160 1337` 4 | 2. **Challenge Writeup**: 5 | + [My write-up](https://masterpessimistaa.wordpress.com/2018/10/14/inctf-2018-crypto-writeups-part-2/) 6 | 7 | ## Instructions to host locally 8 | Reference: [Challenge Source- InCTF International](https://github.com/teambi0s/InCTFi/tree/master/2018/Crypto/EC-Auth/ChallHost) 9 | 10 | Run the shell script run.sh taken from the above link directory and interact with the service using pwntools' `process` function. 11 | 12 | ## Directory Contents 13 | 1. [ecauth.py](ecauth.py): Authentication script 14 | 2. [ecsession.py](ecsession.py): Driver script 15 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Meth_M4th/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import RSA 3 | import gmpy2 4 | from secret import flag 5 | 6 | p = getPrime(512) 7 | q = getPrime(512) 8 | n = p*q 9 | phin = (p-1)*(q-1) 10 | 11 | s = p*(n-p-q+1) 12 | e = 65537 13 | assert GCD(e, phin) == 1 14 | d = inverse(e, phin) 15 | 16 | message = bytes_to_long(flag) 17 | ciphertext = pow(message, e, n) 18 | ciphertext = long_to_bytes(ciphertext) 19 | ciphertext = ciphertext.encode("hex") 20 | 21 | obj1 = open("data.txt",'w') 22 | write_data = "[1] Ciphertext: " + ciphertext + "\n" + "[2] Modulus: " + str(n) + "\n" + "[3] Public Key exponent: " + str(e) + "\n" + "[4] s: " + str(s) 23 | obj1.write(write_data) 24 | obj1.close() -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Meth_M4th/README.md: -------------------------------------------------------------------------------- 1 | # Meth_M4th 2 | 3 | **Level**: 4 4 | 5 | **Description**: The level is 4 not because of it's difficulty but of it's trickiness. Check if there are some unusual variable values given in the challenge which are not supposed to be given in conventional unpadded RSA. Apply some basic Theorems from Number Theory, find the vulnerability, exploit it and get the flag! 6 | 7 | **Points**: 45 8 | 9 | 10 | **Documentation reference for libraries used**: 11 | 1. gmpy2: https://gmpy2.readthedocs.io/en/latest/ 12 | 2. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 13 | 3. pycrypto's PublicKey RSA module: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 6 | | 1 | [Stereotypes](stereotypes/) | Backdoor | 2017 | _None_ | | 7 | | 2 | [Bazik](https://ctftime.org/task/6293) | Meepwn-Quals | 2018 | _None_ | 100 | 8 | | 3 | [Really Suspicious Acronym](Really-Suspicious-Acronym/) | CONFidence CTF Teaser | 2019 | _None_ | 99 | 9 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/C4-reloaded/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import RSA 3 | import gmpy2 4 | from secret import flag 5 | 6 | 7 | p = getPrime(512) 8 | 9 | i = 10000 10 | while True: 11 | q = p + i 12 | if isPrime(q): 13 | break 14 | i += 1 15 | print "i: ", i 16 | n = p*q 17 | e = 65537 18 | phin = (p-1)*(q-1) 19 | assert GCD(e, phin) == 1 20 | 21 | d = inverse(e, phin) 22 | 23 | # Message/Flag to be encrypted 24 | m = bytes_to_long(flag) 25 | ciphertext = long_to_bytes(pow(m, e, n)) 26 | ciphertext = ciphertext.encode("hex") 27 | 28 | obj1 = open("ciphertext.txt",'w') 29 | obj1.write(ciphertext) 30 | 31 | key = RSA.construct((n, long(e))) 32 | f = open("publickey.pem",'w') 33 | f.write(key.exportKey("PEM")) -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-1/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import gmpy2 3 | from secret import flag 4 | 5 | p = getPrime(512) 6 | q = getPrime(512) 7 | n = p*q 8 | e = 65537 9 | 10 | # Euler's Totient function 11 | phin = (p-1)*(q-1) 12 | assert GCD(e, phin) 13 | # Private key exponent 14 | d = inverse(e, phin) 15 | 16 | # m is the message/flag 17 | m = bytes_to_long(flag) 18 | ciphertext = pow(m, e, n) 19 | ciphertext = long_to_bytes(ciphertext).encode("hex") 20 | print "d: ", d 21 | print "ciphertext: ", ciphertext 22 | 23 | 24 | # Writing private key to privatekey.txt 25 | obj1 = open("privatekey.txt",'w') 26 | append = "d: " + str(d) + "\n" + "n: " + str(n) 27 | obj1.write(append) 28 | obj1.close() 29 | 30 | obj1 = open("ciphertext.txt",'w') 31 | obj1.write(ciphertext) 32 | obj1.close() -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/7h3_Godf4ther/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from secret import flag 3 | 4 | e = 65537 5 | n = 551504906448961847141690415172108060028728303241409233555695098354559944134593608349928135804830998592132110248539199471080424828431558863560289446722435352638365009233192053427739540819371609958014315243749107802424381558044339319969305152016580632977089138029197496120537936093909331580951370236220987003013 6 | dp = 11830038111134559585647595089660079959437934096133759102294626765549623265660232459679672150751523484215314838435592395437758168739238085557609083462380613 7 | 8 | message = bytes_to_long(flag) 9 | ciphertext = pow(message, e, n) 10 | ciphertext = long_to_bytes(ciphertext) 11 | ciphertext = ciphertext.encode("hex") 12 | 13 | f = open("ciphertext.txt",'w') 14 | f.write(ciphertext) -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Baby-Step-Giant-Step/bsgs_ecdlp.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | def bsgs_ecdlp(P, Q, E): 4 | if Q == E((0, 1, 0)): 5 | return P.order() 6 | if Q == P: 7 | return 1 8 | m = ceil(sqrt(P.order())) 9 | lookup_table = {j*P: j for j in range(m)} 10 | for i in range(m): 11 | temp = Q - (i*m)*P 12 | if temp in lookup_table: 13 | return (i*m + lookup_table[temp]) % P.order() 14 | return None 15 | 16 | if __name__ == "__main__": 17 | import random 18 | E = EllipticCurve(GF(17), [2, 2]) 19 | try: 20 | for i in range(100): 21 | x = random.randint(2, 19) 22 | assert bsgs_ecdlp(E((5, 1)), x*E((5, 1)), E) == x 23 | except Exception as e: 24 | print e 25 | print "[-] Something's wrong!" 26 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener/Challenges/Multi_Layer_RSA/Multi_LayerRSAencrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | 3 | flag = open("flag.txt").read() 4 | flag = int(flag.encode("hex"),16) 5 | 6 | p = getPrime(512) 7 | q = getPrime(512) 8 | n = p*q 9 | phin = (p-1)*(q-1) 10 | 11 | encryption_keys = [34961, 3617491, 68962801, 293200159531, 1191694878666066510321450623792489136756229172407332230462797663298426983932272792657383336660801913848162204216417540955677965706955404313949733712340714861638106185597684745174398501025724130404133569866642454996521744281284226124355987843894614599718553178595963014434904833] 12 | 13 | for i in encryption_keys: 14 | assert GCD(i,phin) == 1 15 | 16 | for i in encryption_keys: 17 | flag = pow(flag, i, n) 18 | 19 | flag = hex(flag)[2:].replace("L","") 20 | 21 | obj1 = open("ciphertext.txt",'w') 22 | obj1.write(flag) 23 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-4/README.md: -------------------------------------------------------------------------------- 1 | # Challenge-4 2 | 3 | **Level**: 3 4 | 5 | **Description**: You are given ciphertext of a message that is encrypted using `encrypt.py` and stored in `ciphertext.txt`. Also, you are given public key parameters in `publickey.pem`. Sometimes you have to look carefully how some values are being generated, and if their exists some pattern. 6 | Apply your school mathematics to solve this challenge! I am sure you will be happy once you get the solution to this challenge ;) 7 | 8 | **Points**: 30 9 | 10 | 11 | **Documentation reference for libraries used**: 12 | 1. gmpy2: https://gmpy2.readthedocs.io/en/latest/ 13 | 2. pycrypto: https://www.dlitz.net/software/pycrypto/api/2.6/ 14 | 3. pycrypto's PublicKey RSA module: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html 15 | -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/example.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import hashlib 3 | import random 4 | 5 | def key_gen(bit_size): 6 | p = getPrime(bit_size) 7 | g = 2 8 | x = random.randint(2, p-3) 9 | y = pow(g, x, p) 10 | return (y, p, g) 11 | 12 | def sign(message, y, p, g): 13 | h = hashlib.md5(message).hexdigest() 14 | while True: 15 | k = random.randint(2, p-2) 16 | if GCD(k, p-1) == 1: 17 | break 18 | r = pow(g, k, p) 19 | s = ((h-(x*r))*inverse(k, p-1)) % (p-1) 20 | return (r, s, message) 21 | 22 | def verify(message, s, r, y, p, g): 23 | try: 24 | assert r > 0 and r < p 25 | assert s > 0 and s < p-1 26 | h = hashlib.md5(message).hexdigest() 27 | assert pow(g, h, p) == (pow(r, s, p)*pow(y, r, p)) % p 28 | print "Signature successfully verified!" 29 | except: 30 | raise VerificationError("Invalid Signature!") 31 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-1/parameters.sage: -------------------------------------------------------------------------------- 1 | param = { "hacklu": 2 | ((889774351128949770355298446172353873, 12345, 67890), 3 | # Generator of Subgroup of prime order 73 bits, 79182553273022138539034276599687 to be excact 4 | (238266381988261346751878607720968495, 591153005086204165523829267245014771), 5 | # challenge Q = xP, x random from [0, 79182553273022138539034276599687) 6 | (341454032985370081366658659122300896, 775807209463167910095539163959068826) 7 | ) 8 | } 9 | 10 | serverAdress = '0.0.0.0' 11 | serverPort = 23426 12 | 13 | (p, a, b), (px, py), (qx, qy) = param["hacklu"] 14 | E = EllipticCurve(GF(p), [a, b]) 15 | P = E((px, py)) 16 | Q = E((qx, qy)) 17 | 18 | def is_distinguished_point(p): 19 | return p[0] < 2^(100) 20 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/Algo-Pollard-Rho/Challenges/Multiplayer-2/parameters.sage: -------------------------------------------------------------------------------- 1 | param = { "hacklu": 2 | ((889774351128949770355298446172353873, 12345, 67890), 3 | # Generator of Subgroup of prime order 73 bits, 79182553273022138539034276599687 to be excact 4 | (238266381988261346751878607720968495, 591153005086204165523829267245014771), 5 | # challenge Q = xP, x random from [0, 79182553273022138539034276599687) 6 | (341454032985370081366658659122300896, 775807209463167910095539163959068826) 7 | ) 8 | } 9 | 10 | serverAdress = '0.0.0.0' 11 | serverPort = 23426 12 | 13 | (p, a, b), (px, py), (qx, qy) = param["hacklu"] 14 | E = EllipticCurve(GF(p), [a, b]) 15 | P = E((px, py)) 16 | Q = E((qx, qy)) 17 | 18 | def is_distinguished_point(p): 19 | return p[0] < 2^(100) 20 | -------------------------------------------------------------------------------- /Digital-Signatures/Unpadded-RSA-Digital-Signatures/example.py: -------------------------------------------------------------------------------- 1 | from Crypto.PublicKey import RSA 2 | from Crypto.Util.number import * 3 | from hashlib import md5 4 | 5 | def signer(M): 6 | message = M 7 | p = getPrime(512) 8 | q = getPrime(512) 9 | n = p*q 10 | phin = (p-1)*(q-1) 11 | e = 65537 12 | key = RSA.construct((long(n), long(e))) 13 | assert GCD(e, phin) == 1 14 | d = inverse(e, phin) 15 | M = md5(M).digest() 16 | M = bytes_to_long(M) 17 | s = pow(M, d, n) 18 | s = long_to_bytes(s) 19 | return (key, s, message) 20 | 21 | def verifier(pubkey, s, M): 22 | s = bytes_to_long(s) 23 | n = pubkey.n 24 | e = pubkey.e 25 | M = md5(M).digest() 26 | pt = pow(s, e, n) 27 | pt = long_to_bytes(pt) 28 | if pt == M: 29 | print "Verified!" 30 | else: 31 | raise VerificationError("Verification Failed!") 32 | 33 | M = "testing" 34 | pubkey, s, M = signer(M) 35 | verifier(pubkey, s, M) -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Challenges/Lost-Key/README.md: -------------------------------------------------------------------------------- 1 | # Lost-Key 2 | 3 | 1. **Challenge Description**: I lost my public key. Can you find it for me? 4 | + `nc 18.179.251.168 21700` 5 | 2. **Challenge Writeup** 6 | + [CTFtime](https://ctftime.org/task/6888) 7 | + [My exploit script](https://github.com/ashutosh1206/Crypto-CTF-Writeups/blob/master/2018/HITCON-CTF/Lost-Key/exploit.py) 8 | 9 | ## Instructions to host locally 10 | Run the shell script [run.sh](run.sh) and interact with the service using pwntools' `process` function. For more information, checkout the script I wrote to solve the challenge locally [exploit.py](exploit.py). 11 | 12 | ## Directory Contents 13 | 1. [rsa.py](rsa.py): encryption script 14 | 2. [flag](flag): flag file (Not public, only for hosting purposes) 15 | 3. run.sh 16 | 4. [exploit.py](exploit.py): exploit script to solve the challenge locally 17 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Hastad-Broadcast/Challenges/Multicast/generate.sage: -------------------------------------------------------------------------------- 1 | nbits = 1024 2 | e = 5 3 | flag = open("flag.txt").read().strip() 4 | assert len(flag) <= 64 5 | m = Integer(int(flag.encode('hex'),16)) 6 | out = open("data.txt","w") 7 | 8 | for i in range(e): 9 | while True: 10 | p = random_prime(2^floor(nbits/2)-1, lbound=2^floor(nbits/2-1), proof=False) 11 | q = random_prime(2^floor(nbits/2)-1, lbound=2^floor(nbits/2-1), proof=False) 12 | ni = p*q 13 | phi = (p-1)*(q-1) 14 | if gcd(phi, e) == 1: 15 | break 16 | 17 | while True: 18 | ai = randint(1,ni-1) 19 | if gcd(ai, ni) == 1: 20 | break 21 | 22 | bi = randint(1,ni-1) 23 | mi = ai*m + bi 24 | ci = pow(mi, e, ni) 25 | out.write(str(ai)+'\n') 26 | out.write(str(bi)+'\n') 27 | out.write(str(ci)+'\n') 28 | out.write(str(ni)+'\n') 29 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/LoS-reloaded/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import hashlib 3 | import gmpy2 4 | 5 | p = getPrime(512) 6 | q = getPrime(512) 7 | n = p*q 8 | print "n: ", n 9 | e = 65537 10 | d = inverse(e, (p-1)*(q-1)) 11 | print "d: ", d 12 | 13 | hash_p = hashlib.sha256(str(p)).hexdigest() 14 | hash_q = hashlib.sha256(str(q)).hexdigest() 15 | 16 | 17 | # You only have access to the variables being printed on the screen when you run this program 18 | print "You have two chances to get out of this labyrinth: " 19 | for i in range(2): 20 | p1 = raw_input("Give me p: ") 21 | p2 = raw_input("Give me q: ") 22 | if hashlib.sha256(p1).hexdigest() == hash_p and hashlib.sha256(p2).hexdigest() == hash_q: 23 | print "Nice, you solved it. But how do you get of the labyrinth of suffering?? Getting out of it isn't easy" 24 | print "You still feel trapped, don't you?" 25 | break 26 | else: 27 | print "Oops sorry" -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Pollard-Rho/README.md: -------------------------------------------------------------------------------- 1 | # Pollard Rho Algorithm 2 | 3 | **Prerequisites**: 4 | 1. [Discrete Logarithm Problem](https://github.com/ashutosh1206/Crypton/tree/master/Discrete-Logarithm-Problem) 5 | 6 | **Pollard Rho Algorithm** can give a unique solution in cases where order of the group, over which the DLP is defined, is a prime number. First, let us define our DLP over the Cyclic Group `G` = ![picture](Pictures/1.gif) having order `n`. 7 | 8 | You can refer to section 3.6.3 of chapter-3 from Handbook of Applied Cryptography to read in detail about Pollard Rho Algorithm 9 | 10 | I implemented this algorithm in python here (with appropriate explanation): [pollardrho.py](pollardrho.py) 11 | 12 | 13 | ## References 14 | 1. [Wikipedia- Pollard Rho for DLP](https://en.wikipedia.org/wiki/Pollard%27s_rho_algorithm_for_logarithms) 15 | 2. [Handbook of Applied Cryptography](http://cacr.uwaterloo.ca/hac/about/chap3.pdf) 16 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Labyrinth-of-Suffering/data.txt: -------------------------------------------------------------------------------- 1 | [1] ciphertext: 44e66fa36292bcfc3cce5ca922459594b6f83e8e6e8d60a9091b05172b1c622a5bb8f83a8d735d9500be5a9b12d28f3ba4f2b77e44db17790e048d9c047d051dceaffd849edbfd2a8d49655270b1f9dc9101e5460e0b5dd499a2883d834be9273cc9be63897affc3121a16b4236b09f40df7a62aeeea8b1ce01bd5f8a14f77df 2 | [2] n: 113688948285842899107975301022215849433130338840548967469541502266648698859427789882909935207845403124414725514641333266767452747358231793289531990179230714791473631866452291072856425388757401443749925740001136871466483114739269309310921145831373531460767011787628854371542639519059269733470587037962830964359 3 | [3] e: 65537 4 | [4] s: 110370426497831451822733079366661860666728698339026653069387375346858803122482504061742694145615596997099499205833427010409309411871260175273898702828048810670546334410438335896013750536574988181103172134795428262705168693013020908366310747455165631530131553809081551583619903892751314809459201354290153163772 -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/Challenges/Gracias/gracias.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from gmpy import * 4 | from Crypto.Util.number import * 5 | import gensafeprime 6 | from flag import FLAG 7 | 8 | def make_pubpri(nbit): 9 | p, q, r = [ getPrime(nbit) for _ in xrange(3)] 10 | n = p * q * r 11 | phi = (p-1)*(q-1)*(r-1) 12 | l = min([p, q, r]) 13 | d = getPrime(1 << 8) 14 | e = inverse(d, phi) 15 | a = gensafeprime.generate(2*nbit) 16 | while True: 17 | g = getRandomRange(2, a) 18 | if pow(g, 2, a) != 1 and pow(g, a/2, a) != 1: 19 | break 20 | return (n, e, a, g), (n, d, a, g) 21 | 22 | def encrypt(m, pub): 23 | n, e, a, g = pub 24 | k = getRandomRange(2, a) 25 | K = pow(g, k, a) 26 | c1, c2 = pow(k, e, n), (m * K) % a 27 | return c1, c2 28 | 29 | nbit = 512 30 | pubkey, privkey = make_pubpri(nbit) 31 | m = bytes_to_long(FLAG) 32 | c = encrypt(m, pubkey) 33 | print 'c =', c 34 | print 'pubkey =', pubkey -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Challenges/Baby-DLP/Server/server.py: -------------------------------------------------------------------------------- 1 | # Python 3 2 | from signal import alarm 3 | from Crypto.Util.number import * 4 | 5 | p = 160634950613302858781995506902938412625377360249559915379491492274326359260806831823821711441204122060415286351711411013883400510041411782176467940678464161205204391247137689678794367049197824119717278923753940984084059450704378828123780678883777306239500480793044460796256306557893061457956479624163771194201 6 | g = 2 7 | 8 | bits = size(p) 9 | 10 | with open("flag", "r") as f: 11 | flag = f.readline().strip().encode("latin1") 12 | m = bytes_to_long(flag) 13 | 14 | def run(fin, fout): 15 | alarm(1200) 16 | try: 17 | while True: 18 | line = fin.readline()[:4+bits//4] 19 | s = int(line, 16) # Note: input is HEX 20 | c = pow(g, m ^ s, p) 21 | fout.write(hex(c) + "\n") 22 | fout.flush() 23 | except: 24 | pass 25 | 26 | if __name__ == "__main__": 27 | run(sys.stdin, sys.stdout) 28 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/exploit.py: -------------------------------------------------------------------------------- 1 | import gmpy2 2 | from Crypto.Util.number import * 3 | 4 | def egcd(a, b): 5 | if (a == 0): 6 | return (b, 0, 1) 7 | else: 8 | g, y, x = egcd(b % a, a) 9 | return (g, x - (b // a) * y, y) 10 | 11 | # Calculates a^{b} mod n when b is negative 12 | def neg_pow(a, b, n): 13 | assert b < 0 14 | assert GCD(a, n) == 1 15 | res = int(gmpy2.invert(a, n)) 16 | res = pow(res, b*(-1), n) 17 | return res 18 | 19 | # e1 --> Public Key exponent used to encrypt message m and get ciphertext c1 20 | # e2 --> Public Key exponent used to encrypt message m and get ciphertext c2 21 | # n --> Modulus 22 | # The following attack works only when m^{GCD(e1, e2)} < n 23 | def common_modulus(e1, e2, n, c1, c2): 24 | g, a, b = egcd(e1, e2) 25 | if a < 0: 26 | c1 = neg_pow(c1, a, n) 27 | else: 28 | c1 = pow(c1, a, n) 29 | if b < 0: 30 | c2 = neg_pow(c2, b, n) 31 | else: 32 | c2 = pow(c2, b, n) 33 | ct = c1*c2 % n 34 | m = int(gmpy2.iroot(ct, g)[0]) 35 | return long_to_bytes(m) -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Byte-at-a-Time/README.md: -------------------------------------------------------------------------------- 1 | # CBC Byte at a Time Attack 2 | 3 | Prerequisites: 4 | 1. [Block Ciphers](https://github.com/ashutosh1206/Crypton/tree/master/Block-Cipher) 5 | 2. [CBC mode of encryption](https://github.com/ashutosh1206/Crypton/tree/master/Block-Cipher/Mode-of-Encryption) 6 | 3. [ECB Byte at a time Attack](https://github.com/ashutosh1206/Crypton/tree/master/Block-Cipher/Attack-ECB-Byte-at-a-Time) 7 | 8 | The attack is almost similar to ECB Byte at a time attack, and the exploit script will also be the same in both cases. They only differ in their computations, since in CBC mode plaintext is XORed with the ciphertext of the previous block, but we don't have to worry about it in our attack, since the server does the job. You can read about the attack in detail [here](https://grocid.net/2016/05/01/byte-wise-decryption-of-aes-cbc/) 9 | Check out an example for this attack [here](exploit.py) 10 | 11 | # References 12 | 1. [Byte wise decryption of AES-CBC by grocid](https://grocid.net/2016/05/01/byte-wise-decryption-of-aes-cbc/) 13 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-3/ciphertext.txt: -------------------------------------------------------------------------------- 1 | ['31c2fbff33dec7b070cf737c57393c8ab9982ae51b87b64d001a00aa74264254159e81e13b82ac5bc4d7f38aead06fabbf5b21ee668700a44673fac75bc09b084e79513ada3d11b248ae5fca74ba0c2f807e73052f3090ee61a3bd226e14f4b0544f952449623b8cbd01cc42ff5462c4904d0c28af6dbce73596de45279461fd', '06c12db6573d6f6e1b2ecdaff825c6369da39fa7568f63cb6943070af8a3643e603493e23917833261f9c247d504455f3ef0e637d5f18ad2eeb5293ec0bb622bb171802a8d994b27a274c7dc417e247672b27bffb3dba25ea8dabb7379a58dd41704b605baf123046a88b4c5d5c238a6fae10007c28e482f84568c20f39d8bd7', '5ec536c327efe1a8432e4d36b76227ccebb15d73a102689ba24f7aadbd99298b17a63ee0396c4c489201e10e224f493364b8d999258ad507039520dfddca559c4c26eddc331fc3cf3dda65695aa5c8316423b57f35f641a7154771cd6735f1e8e6b1b212542bc6c21f5323e127447e07ef2cd5584f6a41eeef6b6e1c652b385e', '6488452ed101d5261f29924c5f5a6d3c5ecde3ea7e7ed235aa9c5f62b95dcadaaf2918a9085477d01536478fa747e2ab953b5ae4b56d1e8c074748e98db8fe2672c99720dcd0c968e31ceab02a532715c7f11b8c25384c406202b654d9ccaedcc0a2b017cee63285ae7d22a0c8a0da527e175b1dd042031eb6f9c1ef7dfd5e04'] -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Challenges/handicraft_rsa/handicraft_rsa.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from Crypto.Util.number import * 4 | from Crypto.PublicKey import RSA 5 | from secret import s, FLAG 6 | 7 | def gen_prime(s): 8 | while True: 9 | r = getPrime(s) 10 | R = [r] 11 | t = int(5 * s / 2) + 1 12 | for i in range(0, t): 13 | R.append(r + getRandomRange(0, 4 * s ** 2)) 14 | p = reduce(lambda a, b: a * b, R, 2) + 1 15 | if isPrime(p): 16 | if len(bin(p)[2:]) == 1024: 17 | return p 18 | 19 | while True: 20 | p = gen_prime(s) 21 | q = gen_prime(s) 22 | n = p * q 23 | e = 65537 24 | d = inverse(e, (p-1)*(q-1)) 25 | if len(bin(n)[2:]) == 2048: 26 | break 27 | 28 | msg = FLAG 29 | key = RSA.construct((long(n), long(e), long(d), long(p), long(p))) 30 | for _ in xrange(s): 31 | enc = key.encrypt(msg, 0)[0] 32 | msg = enc 33 | 34 | print key.publickey().exportKey() 35 | print '-' * 76 36 | print enc.encode('base64') 37 | print '-' * 76 38 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Bit-Flipping/Challenges/README.md: -------------------------------------------------------------------------------- 1 | # Challenges 2 | 3 | 4 | | S.No. | Challenge | CTF | Year | Difficulty Level | Points | 5 | |-------|:--------------------------------------------------------------------:|:------------------------:|:----:|:----------------:|:------:| 6 | | 1 | [Cryptopals Challenge-16](http://cryptopals.com/sets/2/challenges/16)| _None_ |_None_| _None_ | _None_ | 7 | | 2 | [Secret-Server](Secret-Server/) | HITCON Quals | 2017 | _None_ | 221 | 8 | | 3 | [CNVService](CNVService/) | AceBear Security Contest | 2018 | _None_ | 856 | 9 | | 4 | [USSH 3.0](https://ctftime.org/task/6311) | CTFZone CTF Quals | 2018 | _None_ | 138 | 10 | | 5 | [Into The Darkness](https://ctftime.org/task/6580) | HackIT CTF | 2018 | _None_ | 862 | 11 | | 6 | [level-21](http://websec.fr/level21) | websec.fr | Wargame | medium | 3 | 12 | -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Pollard's_p-1/Challenges/handicraft_rsa/output.txt: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+m7iHurBa9G8ujEiTpZ 3 | 71aHOVNhQXpd6jCQNhwMN3hD6JHkv0HSxmJwfGe0EnXDtjRraWmS6OYzT4+LSrXs 4 | z9IkWGzRlJ4lC7WHS8D3NWIWYHCP4TRt2N0TlWXWm9nFCrEXqQ3IWgYQpQvKzsds 5 | etnIZJL1tf1wQzGE6rbkbvURlUBbzBSuidkmi0kY5Qxp2Jfb6OUI647zx2dPxJpD 6 | ffSCNffVIDUYOvrgYxIhs5HmCF3XECC3VfaKtRceL5JM8R0qz5nVU2Ns8hPvSVP+ 7 | 7/i7G447cjW151si0joB7RpBplu44Vk8TXXDAk0JZdW6KwJn7ITaX04AAAAAAAAA 8 | AQIDAQAB 9 | -----END PUBLIC KEY----- 10 | ---------------------------------------------------------------------------- 11 | eER0JNIcZYx/t+7lnRvv8s8zyMw8dYspZlne0MQUatQNcnDL/wnHtkAoNdCalQkpcbnZeAz4qeMX 12 | 5GBmsO+BXyAKDueMA4uy3fw2k/dqFSsZFiB7I9M0oEkqUja52IMpkGDJ2eXGj9WHe4mqkniIayS4 13 | 2o4p9b0Qlz754qqRgkuaKzPWkZPKynULAtFXF39zm6dPI/jUA2BEo5WBoPzsCzwRmdr6QmJXTsau 14 | 5BAQC5qdIkmCNq7+NLY1fjOmSEF/W+mdQvcwYPbe2zezroCiLiPNZnoABfmPbWAcASVU6M0YxvnX 15 | sh2YjkyLFf4cJSgroM3Aw4fVz3PPSsAQyCFKBA== 16 | 17 | ---------------------------------------------------------------------------- 18 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-2/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import RSA 3 | import gmpy2 4 | from secret import flag 5 | 6 | p = getPrime(512) 7 | q = getPrime(512) 8 | n = p*q 9 | # size() from Crypto.Util.number tells the size of the number (in bits) 10 | size1 = size(n) 11 | 12 | e = 3 13 | assert GCD(e, (p-1)*(q-1)) == 1 14 | 15 | m = bytes_to_long(flag) 16 | ciphertext = long_to_bytes(pow(m, e, n)) 17 | ciphertext = ciphertext.encode("hex") 18 | 19 | obj1 = open("ciphertext.txt",'w') 20 | obj1.write(ciphertext) 21 | 22 | publickey = RSA.construct((n, long(e))) 23 | # Read this documentation on how to construct and import PEM files using pycrypto 24 | # Public Key encryption: https://www.dlitz.net/software/pycrypto/api/2.6/toc-Crypto.PublicKey.RSA-module.html 25 | # Construct PEM files: https://www.dlitz.net/software/pycrypto/api/2.6/Crypto.PublicKey.RSA-module.html#construct 26 | # Import PEM files: https://www.dlitz.net/software/pycrypto/api/2.6/Crypto.PublicKey.RSA-module.html#importKey 27 | f = open("publickey.pem",'w') 28 | f.write(publickey.exportKey("PEM")) -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Meth_M4th/data.txt: -------------------------------------------------------------------------------- 1 | [1] Ciphertext: 5b9feedf48150d63d260c369938f6ecc0c45ae3a2324d9b015664c2d11ec45d6b0f73e70c8725be14160d8339be0e38c0e9841b39edae10034dff2bccd78f5fe5fa4a9d8ad1a402a5b1a0a21a3195cf7a8b386eb4c54449381c45ee505d2f38dc6ac11fb832bf242b5a329a478e9f945e294f9609c868e1168707e4fc5ab5d03 2 | [2] Modulus: 133095870112005146092382972901213883452759108789540790614042017618450631753415472749677277612512646010842240282301823025359098848400672660595257702729487331835699317726469726176764841055707221749866877945117579551600626818617712498459246588454571986800628812690342530906065404677395718075032563645494218217109 3 | [3] Public Key exponent: 65537 4 | [4] s: 1345927315295711353860005148837052503450884346640365927256876088648388782530190101512568553600529508565138546919416498878232374682972123815852651928389528485256966101168561262585191225184043928367739922633126877158874575770441291439853810910245293570871006718060830004546121746507491816130801523626248142985859145651122137297774659937031034547145840393887844439600962292925424901865106522213639199385125557217380356761469427393436531989512137516812067587435292772 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Ashutosh Ahelleya 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Franklin-Reiter/Challenges/RSA-2/RSA-2: -------------------------------------------------------------------------------- 1 | 2 | msg + "qwerty" RSA encrypted with (n,e) ----> c1 3 | msg + "asdfgh" RSA encrypted with (n,e) ----> c2 4 | 5 | 6 | n = 114725527397185618184017233206819193913174443780510744606142335459665478168081417742295326326458510125306461590118257162988125409459000413629137879229803717947627133370343339582895822944017711093729671794212087753322731071609302218014807365556283824229308384059742494244873283137838666434755861643308137132991 7 | 8 | e = 12289 9 | 10 | c1 = 87410813732157727701928184577314318681587457726095432638836338681211650253979034474596959990411435773763619929643745595561018045828590610328140736165000754846648327232298646701600080979346670157972588491030528441191645554122003288005262778737855011793921980764813901447954145380508985385929190951189001811183 11 | 12 | c2 = 13405530225102142120310029551994876557837309021095393214835868463875586021351445304878372433515568058695315045246405214821866800311993984428311760617739453096525618753380012567374424357402936368910846206438489444245873338816383688500972351617863313954864557810634214028546221991063291427532826592675208605764 13 | 14 | Find msg. 15 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Welcome/encrypt.py: -------------------------------------------------------------------------------- 1 | # RSA modulus 2 | n = 89928311288179011519146428089532751379523591729622855508594372783166478638917327757191123264641418795443514859544099539422860363086133465517078412097475326937856290265542196688524185772419476324834419576555062944062383244109784866915010028008734205492481116857889368085002365514967068884805814897932754658961L 3 | 4 | # Euler's Totient Function: https://en.wikipedia.org/wiki/Euler%27s_totient_function 5 | phin = (p-1)*(q-1) 6 | e = 65537 7 | # You will know how d is calculated as you move on further solving these challenges 8 | d = 9974348761062807799146671129023506870588476559540847714908715622638160630274349687459332514620420117247950158140074454919583929372310361488069990654691975678966812319952558452020783995983648814894273413199715498765593824693014878541105366177785811920577583349903357558945708664999648041451991782189528550577L 9 | 10 | # ciphertext = pow(message, e, n) 11 | ciphertext = 89607111639919127209650034924273346966533469612321885496366954902260836555651605455268315685564884102521751315138745054317891549734624460415579282469559824676571129509386897261361718686847757184676797652741644509297296594801094652142919180951341757690575359920800914815550536137727683352201005845272448559627L -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/Challenges/Crafted-RSA/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import RSA 3 | import gmpy2 4 | import random 5 | from secret import num_size 6 | 7 | seed = 0 8 | 9 | def genPrime(sz): 10 | global seed 11 | while True: 12 | if seed == 0: 13 | pr = getPrime(sz) 14 | while size(pr) < 1024: 15 | pr *= getRandomNBitInteger(16) 16 | i = 2 17 | while i<1000 and size(pr)==1024: 18 | if isPrime(pr+i) and size(pr+i) == 1024: 19 | seed = pr+i 20 | return pr+i 21 | i += 1 22 | else: 23 | pr = seed + random.randint(2**100,2**300) 24 | if isPrime(pr) and size(pr) == 1024: 25 | seed = pr 26 | return pr 27 | 28 | p = genPrime(num_size) 29 | q = genPrime(num_size) 30 | e = 2**16 + 1 31 | phin = (p-1)*(q-1) 32 | n = p*q 33 | 34 | print "n: ", n 35 | print "p: ", p 36 | print "q: ", q 37 | 38 | flag = open("flag.txt", 'r').read() 39 | flag = int(flag.encode("hex"),16) 40 | 41 | ciphertext = hex(pow(flag, e, n))[2:].replace("L","") 42 | print ciphertext 43 | obj1 = open("ciphertext.txt", 'w').write(ciphertext) 44 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-CBC-Byte-at-a-Time/exploit.py: -------------------------------------------------------------------------------- 1 | from Crypto.Cipher import AES 2 | from Crypto.Util.number import * 3 | from os import urandom 4 | from secret import flag 5 | 6 | BLOCKSIZE = 16 7 | key = urandom(16) 8 | print "key: ", key.encode("hex") 9 | iv = urandom(16) 10 | print "iv: ", iv.encode("hex") 11 | 12 | def pad(s): 13 | s += (BLOCKSIZE - (len(s) % BLOCKSIZE))*(chr(BLOCKSIZE - (len(s) % BLOCKSIZE))) 14 | return s 15 | 16 | def encryption(plaintext): 17 | plaintext = plaintext + flag 18 | plaintext = pad(plaintext) 19 | assert len(plaintext) % BLOCKSIZE == 0 20 | obj1 = AES.new(key, AES.MODE_CBC, iv) 21 | ciphertext = obj1.encrypt(plaintext) 22 | return ciphertext.encode("hex") 23 | 24 | #<---------------------------------------------------------------------> 25 | #<------------------------------------------------------------------> 26 | s = "" 27 | for k in range(4): 28 | for i in range(1, BLOCKSIZE+1): 29 | input_str = 'a'*(16-i) 30 | ct = encryption(input_str)[32*k:32*k+32] 31 | for j in range(256): 32 | ct1 = encryption(input_str + s + chr(j))[32*k:32*k+32] 33 | if ct == ct1: 34 | s += chr(j) 35 | break 36 | print s 37 | #<-----------------------------------------------------------------> -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/Challenges/RSA-1s-Fun/ciphertext.txt: -------------------------------------------------------------------------------- 1 | c1: 2866791410300982209581160682590202727064178543076468723716078826950532969157774101954514922479283214185175373229881780072369520438740798302436630031675039672300318769368767955792505592752805860745234692545366181568007521937632340018956679380260500802782833711686141651664082139115158618826168145286856348145354753632046650620308808972739953286345861292290201731165641142066561682325108497439840996007817718867058397591772543642180750091195001088272756689038764789254056479422278248719908521586989566666627884968909640431124163896764204393560913490590077031435330210539197147863375903077038431543732467897239841303254 2 | c2: 4885380046320959173192546343078276684691332256383912605057298042587886299857925359111993638346079742855901548480637616739859552612594516195353274413384196031117800323365020227270534113077873495873427630043665909900269079429369278616380093363461750865151600963795982366459803668193824090785941635118091474660341873110737939523053889456794499981099067016285308979086542807431649241746997853017895403122499239437959257317791355670927392439947971693686626563871460473615495733407552262810140872942644864039949040024604157449691762976155356244948844966532675041107842219829093528089233085580060616519775692376829287486898 -------------------------------------------------------------------------------- /RSA-encryption/Factorisation-Fermat/README.md: -------------------------------------------------------------------------------- 1 | # Fermat's Factorisation 2 | 3 | Prerequisites: 4 | 1. [RSA Encryption/Decryption](https://github.com/ashutosh1206/Crypton/blob/master/RSA-encryption/README.md) 5 | 6 | Fermat's Factorisation is based on the representation of odd integer as difference of two squares: 7 | ![equation](Pictures/1.gif) 8 | This difference is factorable as **(a+b)*(a-b)** 9 | We can use the above property to factorise modulus N in RSA when the difference between the primes is small: 10 | Difference ~ (N)1/4 11 | 12 | ## Basic Fermat's Factorisation 13 | To implement basic approach of Fermat's Factorisation, we can do the following: 14 | 1. Calculate `a` as ceil of square root of N 15 | 2. Calculate `b2` = a**2 - N 16 | 3. Check if `b2` is a perfect square. If b2 is a perfect square then `return a - Square_root(b2)` and `a + Square_root(b2)` as the factors. If not, do the following: 17 | - Increment `a` by 1, i.e. a += 1 18 | - Calculate `b2` again as a**2 - N 19 | - Repeat Step-3 20 | 21 | Check out the implementation of basic Fermat's Factorisation [here](fermat.sage) 22 | 23 | 24 | ## References 25 | 1. [Fermat's Factorisation](http://www.cse.unt.edu/~tarau/teaching/PP/NumberTheoretical/FACTORING/Fermat%27s%20factorization%20method.pdf) 26 | -------------------------------------------------------------------------------- /Elliptic-Curves/ellipticcurve.sage: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | def _EllipticCurve(p, a, b): 4 | E = EllipticCurve(GF(p), [a, b]) 5 | return E 6 | 7 | def _add(P, Q): 8 | return P + Q 9 | 10 | def _scalar_mul(c, P): 11 | return c*P 12 | 13 | def _testECC(): 14 | """ 15 | Reference: https://ctftime.org/task/6860 16 | 17 | Testing validity for single instance 18 | """ 19 | # Defining the Elliptic Curve 20 | p = 889774351128949770355298446172353873 21 | a = 12345 22 | b = 67890 23 | E = _EllipticCurve(p, a, b) 24 | 25 | # Defining points on the Elliptic Curve 26 | px, py = (238266381988261346751878607720968495, 591153005086204165523829267245014771) 27 | qx, qy = (341454032985370081366658659122300896, 775807209463167910095539163959068826) 28 | P = E((px, py)) 29 | Q = E((qx, qy)) 30 | 31 | P_plus_Q = E((323141381196798033512190262227161667, 775010084514487531788273912037060561)) 32 | twelveP = E((771157329084582589666569152178346504, 869049850567812139357308211622374273)) 33 | 34 | try: 35 | assert _add(P, Q) == P_plus_Q 36 | assert _scalar_mul(12, P) == twelveP 37 | except: 38 | return -1 39 | return 1 40 | 41 | if _testECC() == 1: 42 | print "[+] Test Passed!" 43 | else: 44 | print "[-] Test Failed!" 45 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/brute.py: -------------------------------------------------------------------------------- 1 | def brute_dlp(g, y, p): 2 | """ 3 | Brute Force algorithm to solve DLP. Use only if the group is very small. 4 | Includes memoization for faster computation 5 | 6 | :parameters: 7 | g : int/long 8 | Generator of the group 9 | y : int/long 10 | Result of g^x % p 11 | p : int/long 12 | Group over which DLP is generated. Commonly p is a prime number 13 | """ 14 | mod_size = len(bin(p-1)[2:]) 15 | 16 | print "[+] Using Brute Force algorithm to solve DLP" 17 | print "[+] Modulus size: " + str(mod_size) + ". Warning! Brute Force is not efficient\n" 18 | 19 | sol = pow(g, 2, p) 20 | if y == 1: 21 | return p-1 22 | if y == g: 23 | return 1 24 | if sol == y: 25 | return 2 26 | i = 3 27 | while i <= p-1: 28 | sol = sol*g % p 29 | if sol == y: 30 | return i 31 | i += 1 32 | return None 33 | 34 | if __name__ == "__main__": 35 | try: 36 | assert pow(2, brute_dlp(2, 25103, 50021), 50021) == 25103 37 | assert pow(2, brute_dlp(2, 147889, 200003), 200003) == 147889 38 | print brute_dlp(2, 4, 19) 39 | except: 40 | print "[+] Function inconsistent and incorrect, check the implementation" 41 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Challenges/Lost-Key/exploit.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | from Crypto.Util.number import * 3 | from Crypto.PublicKey import * 4 | import math 5 | 6 | def encrypt(m): 7 | m=long_to_bytes(m) 8 | r.recvuntil("cmd: ") 9 | r.sendline("A") 10 | r.recvuntil("input: ") 11 | r.sendline(m.encode("hex")) 12 | return int(r.recvline().strip(),16) 13 | 14 | def decrypt(m): 15 | m=long_to_bytes(m) 16 | r.recvuntil("cmd: ") 17 | r.sendline("B") 18 | r.recvuntil("input: ") 19 | r.sendline(m.encode("hex")) 20 | return int(r.recvline().strip(),16) 21 | 22 | r = process("./run.sh") 23 | r.recvline().strip() 24 | flag_enc = bytes_to_long(r.recvline().strip().decode("hex")) 25 | 26 | # Finding the modulus 27 | c1 = encrypt(2) 28 | c2 = encrypt(3) 29 | c3 = encrypt(5) 30 | c4 = encrypt(2**2) 31 | c5 = encrypt(3**2) 32 | c6 = encrypt(5**2) 33 | N = GCD(GCD(c1**2 - c4, c2**2 - c5), c3**2 - c6) 34 | print "Modulus: ", N 35 | 36 | for j in range(2, 1000000): 37 | assert N % j != 0 38 | 39 | # LS Byte Oracle Attack 40 | flag = "\n" 41 | for i in range(1,60): 42 | inv = inverse(256**i, N) 43 | _multiplier = encrypt(inv) 44 | chosen_ct = flag_enc*_multiplier 45 | output = decrypt(chosen_ct) 46 | flag_char = (output - (bytes_to_long(flag)*inv) % N) % 256 47 | flag = chr(flag_char) + flag 48 | print flag 49 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Dp&Dq/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import gmpy2 3 | from Crypto.PublicKey import RSA 4 | from secret import flag, factor_p, factor_q 5 | 6 | n = 78947048749078921553533397168223306327077414586183944609818553584663665747677757164091069731707888197818123265891690348381736231229561730395657333262905613958377739828118875586000068815867354664296956931106342366972209987312006882239420435532019823504851246162228112328268031305782869824549589268029030234941 7 | e = 65537 8 | 9 | p = factor_p 10 | q = factor_q 11 | assert p*q == n 12 | phin = (p - 1)*(q - 1) 13 | 14 | d = inverse(e, phin) 15 | 16 | # d congruent to dp (mod p) 17 | # d congruent to dq (mod q) 18 | # Apply Chinese Remainder Theorem to solve the equations and get d 19 | # Ref. to: https://crypto.stanford.edu/pbc/notes/numbertheory/crt.html 20 | # Ref. to: https://en.wikipedia.org/wiki/Chinese_remainder_theorem 21 | dp = d % (p-1) 22 | dq = d % (q-1) 23 | 24 | key = RSA.construct((n, long(e))) 25 | obj1 = open("publickey.pem",'w') 26 | obj1.write(key.exportKey('PEM')) 27 | obj1.close() 28 | 29 | message = bytes_to_long(flag) 30 | ciphertext = pow(message, e, n) 31 | ciphertext = long_to_bytes(ciphertext) 32 | ciphertext = ciphertext.encode("hex") 33 | 34 | f = open("data.txt",'w') 35 | f.write("[*] ciphertext: " + ciphertext + "\n" + "[*] dp: " + str(dp) + "\n" + "[*] dq: " + str(dq)) 36 | f.close() -------------------------------------------------------------------------------- /Digital-Signatures/Attack-e=3-Bleichenbacher/README.md: -------------------------------------------------------------------------------- 1 | # e=3 Bleichenbacher's Signature Forgery 2 | Prerequisites: 3 | 1. [RSA Encryption/Decryption](https://github.com/ashutosh1206/Crypton/tree/master/RSA-encryption) 4 | 2. [RSA Digital Signatures on padded messages using PKCS#1 v1.5](https://github.com/ashutosh1206/Crypton/tree/master/Digital-Signatures/PKCS%231-v1.5-Padded-RSA-Digital-Signature) 5 | 6 | The following blog posts/articles have explained e=3 Bleichenbacher's Signature Forgery attack clearly and can be useful: 7 | 1. [Filippo Valsorda's CVE](https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/) --> This was a CVE by Filippo Valsorda on python-rsa module due to fault in implementation of signatures of PKCS#1 v1.5 padded messages 8 | 2. [Karabut's writeup for RSA CTF Challenge, Google CTF Quals 2017](http://karabut.com/google-ctf-2017-quals-rsa-ctf-challenge-writeup.html) 9 | 3. [Hal Finney's write-up on Bleichenbacher's Signature Forgery](https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html) 10 | 4. [Interesting explanation on Stack Exchange](https://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5) 11 | 12 | 13 | Check out the original paper describing the attack by Daniel Bleichenbacher- [http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf](http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf) -------------------------------------------------------------------------------- /RSA-encryption/Attack-Retrieve-Modulus/Challenges/Lost-Key/rsa.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from Crypto.Util.number import * 3 | from gmpy2 import * 4 | import os,sys 5 | 6 | sys.stdin = os.fdopen(sys.stdin.fileno(), 'r', 0) 7 | sys.stdout = os.fdopen(sys.stdout.fileno(), 'w', 0) 8 | 9 | def genKey(): 10 | p = getPrime(512) 11 | q = getPrime(512) 12 | n = p*q 13 | phi = (p-1)*(q-1) 14 | while True: 15 | e = getRandomInteger(40) 16 | if gcd(e,phi) == 1: 17 | d = int(invert(e,phi)) 18 | return n,e,d 19 | 20 | def calc(n,p,data): 21 | num = bytes_to_long(data) 22 | res = pow(num,p,n) 23 | return long_to_bytes(res).encode('hex') 24 | 25 | def readFlag(): 26 | flag = open('flag').read() 27 | assert len(flag) >= 50 28 | assert len(flag) <= 60 29 | prefix = os.urandom(68) 30 | return prefix+flag 31 | 32 | if __name__ == '__main__': 33 | n,e,d = genKey() 34 | flag = calc(n,e,readFlag()) 35 | print 'Here is the flag!' 36 | print flag 37 | for i in xrange(150): 38 | msg = raw_input('cmd: ') 39 | if msg[0] == 'A': 40 | m = raw_input('input: ') 41 | try: 42 | m = m.decode('hex') 43 | print calc(n,e,m) 44 | except: 45 | print 'no' 46 | exit(0) 47 | elif msg[0] == 'B': 48 | m = raw_input('input: ') 49 | try: 50 | m = m.decode('hex') 51 | print calc(n,d,m)[-2:] 52 | except: 53 | print 'no' 54 | exit(0) 55 | -------------------------------------------------------------------------------- /Authenticated-Encryption/AES-GCM/Attack-Forbidden/Challenges/Forbidden/task.py: -------------------------------------------------------------------------------- 1 | from cryptography.hazmat.backends import default_backend 2 | from cryptography.hazmat.primitives.ciphers import ( 3 | Cipher, algorithms, modes 4 | ) 5 | #from secret import key 6 | 7 | 8 | def encrypt(iv, key, plaintext, associated_data): 9 | encryptor = Cipher( 10 | algorithms.AES(key), 11 | modes.GCM(iv), 12 | backend=default_backend() 13 | ).encryptor() 14 | encryptor.authenticate_additional_data(associated_data) 15 | ciphertext = encryptor.update(plaintext) + encryptor.finalize() 16 | 17 | return (ciphertext, encryptor.tag) 18 | 19 | 20 | def decrypt(key, associated_data, iv, ciphertext, tag): 21 | decryptor = Cipher( 22 | algorithms.AES(key), 23 | modes.GCM(iv, tag), 24 | backend=default_backend() 25 | ).decryptor() 26 | decryptor.authenticate_additional_data(associated_data) 27 | 28 | return decryptor.update(ciphertext) + decryptor.finalize() 29 | 30 | 31 | iv = "9313225df88406e555909c5aff5269aa".decode('hex') 32 | key = "\x1eh_[Q\xa0\xae\xfb\x9b,\x11\x85\xfb\xa6\xbe\xaa" 33 | 34 | ciphertext1, tag1 = encrypt(iv, key, "From: John Doe\nTo: John Doe\nSend 100 BTC", "John Doe") 35 | ciphertext2, tag2 = encrypt(iv, key, "From: VolgaCTF\nTo: VolgaCTF\nSend 0.1 BTC", "VolgaCTF") 36 | ciphertext3, tag3 = encrypt(iv, key, "From: John Doe\nTo: VolgaCTF\nSend ALL BTC", "John Doe") 37 | -------------------------------------------------------------------------------- /Digital-Signatures/ElGamal-Signatures/Challenges/Nonsense/signatures: -------------------------------------------------------------------------------- 1 | ('VolgaCTF{nKpV/dmkBeQ0n9Mz0g9eGQ==}', 1030409245884476193717141088285092765299686864672, 830067187231135666416948244755306407163838542785) 2 | ('VolgaCTF{KtetaQ4YT8PhTL3O4vsfDg==}', 403903893160663712713225718481237860747338118174, 803753330562964683180744246754284061126230157465) 3 | ('VolgaCTF{8NXrNihQFZHXN/aLQeYKtg==}', 573204611556272128788136170196175308321188191436, 91103585122319085944642441222968347176761155259) 4 | ('VolgaCTF{uDh3jKDKW2utTkblP43NQw==}', 988208923601321592314278832250352152086708201148, 535902494423594375360085340272213659149931817732) 5 | ('VolgaCTF{gtE4LCuhT5drcDunvKz/oQ==}', 398664332680411743333343859695363011153860369916, 392831307484494740050270232580899453387203218646) 6 | ('VolgaCTF{rS9IEsyvXHOCUo0/TL2c1A==}', 1069308776596602518230279648695605679674084062212, 1092197517441497735860968374670599451237193808469) 7 | ('VolgaCTF{4gEh/j9EGwZ20NEoBieDbQ==}', 299126738734367538949359921058714964192219834697, 1033663138335940105270395993670462206279669465530) 8 | ('VolgaCTF{RwpewhJhMGH0MORFtXQfAw==}', 45947153576235029841784762518202071246619636555, 160232137675713914067049553022084774145041067326) 9 | ('VolgaCTF{i7QjVusEQboUz2tPx/Uxkw==}', 158481243947457932495342738131507924205209157088, 260728631055453998945003114392349125641429319965) 10 | ('VolgaCTF{nQwf/+78QMObu3S3Oh1Olg==}', 117030185689896730023482874167356847173848413476, 645757721193000290408806214518814010431656731046) 11 | 12 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/exploit.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from Crypto.PublicKey import RSA 3 | from pwn import * 4 | 5 | def _encrypt(message): 6 | r.recvuntil("choice: ") 7 | r.sendline("1") 8 | r.recvuntil("to encrypt (in hex): ") 9 | r.sendline(message.encode("hex")) 10 | ct = r.recvline("ciphertext (in hex): ").strip()[37:] 11 | r.recvline() 12 | r.recvline() 13 | return ct.decode("hex") 14 | 15 | def _decrypt(ciphertext): 16 | r.recvuntil("choice: ") 17 | r.sendline("2") 18 | r.recvuntil("to decrypt (in hex): ") 19 | r.sendline(ciphertext.encode("hex")) 20 | pt = r.recvline("plaintext (in hex): ").strip()[36:] 21 | r.recvline() 22 | r.recvline() 23 | return pt.decode("hex") 24 | 25 | r = process("./encrypt.py") 26 | r.recvline() 27 | flag_enc = r.recvline().strip()[31:].decode("hex") 28 | N = int(r.recvline().strip()[20:]) 29 | print "flag_enc: ", flag_enc 30 | print "N: ", N 31 | print "\n\n" 32 | 33 | e = 65537 34 | upper_limit = N 35 | lower_limit = 0 36 | 37 | flag = "" 38 | i = 1 39 | while i <= 1034: 40 | chosen_ct = long_to_bytes((bytes_to_long(flag_enc)*pow(2**i, e, N)) % N) 41 | output = _decrypt(chosen_ct) 42 | if ord(output[-1]) == 0: 43 | upper_limit = (upper_limit + lower_limit)/2 44 | elif ord(output[-1]) == 1: 45 | lower_limit = (lower_limit + upper_limit)/2 46 | else: 47 | break 48 | print "Unsuccessfull" 49 | i += 1 50 | 51 | print "Flag : ", long_to_bytes(lower_limit) 52 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Wiener-variant/README.md: -------------------------------------------------------------------------------- 1 | # A variant of Wiener's Attack on RSA 2 | 3 | Prerequisites: 4 | 1. [RSA Encryption/Decryption](https://github.com/ashutosh1206/Crypton/blob/master/RSA-encryption/README.md) 5 | 2. [Wiener's Attack on RSA](https://github.com/ashutosh1206/Crypton/tree/master/RSA-encryption/Attack-Wiener) 6 | 7 | As we know that Wiener's Attack works in case where d < N1/4. This attack works in the scenario when d is a few bits greater than N1/4. 8 | 9 | ## The Attack 10 | The attack says that in case `d` is a few bits greater than N1/4 candidates for private key exponent are of the form ![equation](Pictures/1.gif), where ![equation](Pictures/2.gif) and ![equation](Pictures/3.gif) is `(m+1)`th and `(m)`th convergent of continued fraction of `e/n`. We can apply this to our exploit as follows: 11 | ```python 12 | def wiener(e, n): 13 | m = 12345 14 | c = pow(m, e, n) 15 | q0 = 1 16 | 17 | list1 = continued_fraction(Integer(e)/Integer(n)) 18 | conv = list1.convergents() 19 | for i in conv: 20 | k = i.numerator() 21 | q1 = i.denominator() 22 | 23 | for r in range(30): 24 | for s in range(30): 25 | d = r*q1 + s*q0 26 | m1 = pow(c, d, n) 27 | if m1 == m: 28 | return d 29 | q0 = q1 30 | return None 31 | ``` 32 | The exploit script [here](exploit.py). You can also read this paper [here](https://www.math.tugraz.at/~cecc08/abstracts/cecc08_abstract_20.pdf) that discusses variant of Wiener's Attack in detail. 33 | 34 | 35 | ## References 36 | 1. [A variant of Wiener's Attack on RSA- Andrej Dujella](https://www.math.tugraz.at/~cecc08/abstracts/cecc08_abstract_20.pdf) -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-13/exploit.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from pwn import * 3 | 4 | def _encrypt(message): 5 | r.recvuntil("choice: ") 6 | r.sendline("1") 7 | r.recvuntil("encrypt (in hex): ") 8 | r.sendline(message.encode("hex")) 9 | ct = r.recvline().strip()[37:].decode("hex") 10 | r.recvline() 11 | r.recvline() 12 | return ct 13 | 14 | def extractmod_eknown(_encrypt, e, limit=4): 15 | """ 16 | Reference: https://crypto.stackexchange.com/questions/43583/deduce-modulus-n-from-public-exponent-and-encrypted-data 17 | 18 | Function to extract the value of modulus, given value of public key exponent 19 | 20 | :input parameters: 21 | _encrypt : : Function interacting with the server for encryption 22 | e : : Public Key exponent 23 | limit : : number of values to be sent for encryption 24 | """ 25 | try: 26 | assert limit <= 4 27 | except AssertionError: 28 | print "[+] Limit too big!" 29 | return -1 30 | try: 31 | m_list = [2, 3, 5, 7] 32 | mod_list = [(bytes_to_long(_encrypt(long_to_bytes(m_list[i])))) - (m_list[i]**e) for i in range(limit)] 33 | _GCD = mod_list[0] 34 | for i in range(limit): 35 | _GCD = GCD(_GCD, mod_list[i]) 36 | return _GCD 37 | except Exception as e: 38 | print "[+] Exception: ", e 39 | 40 | r = process("./run.sh") 41 | N = extractmod_eknown(_encrypt, 65537, 4) 42 | print "N: ", N 43 | assert N != -1 44 | r.sendline("2") 45 | r.recvuntil("modulus: ") 46 | r.sendline(str(N)) 47 | print r.recvline().strip() 48 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-3/encrypt.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from secret import flag 3 | 4 | modulus_list = [143786356117385195355522728814418684024129402954309769186869633376407480449846714776247533950484109173163811708549269029920405450237443197994941951104068001708682945191370596050916441792714228818475059839352105948003874426539429621408867171203559281132589926504992702401428910240117807627890055235377744541913L, 5 | 73988726804584255779346831019194873108586184186524793132656027600961771331094234332693404730437468912329694216269372797532334390363774803642809945268154324370355113538927414351037561899998734391507272602074924837440885467211134022878597523920836541794820777951492188067045604789153534513271406458984968338509L, 6 | 95666403279611361071535593067846981517930129087906362381453835849857496766736720885263927273295086034390557353492037703154353541274448884795437287235560639118986397838850340017834752502157881329960725771502503917735194236743345777337851076649842634506339513864285786698870866229339372558162315435127197444193L, 7 | 119235191922699211973494433973985286182951917872084464216722572875998345005104112625024274855529546680909781406076412741844254205002739352725207590519921992295941563460138887173402493503653397592300336588721082590464192875253265214253650991510709511154297580284525736720396804660126786258245028204861220690641L] 8 | 9 | e = [114194L, 130478L, 122694L, 79874L] 10 | message = bytes_to_long(flag) 11 | ciphertext = [pow(message, e[i], modulus_list[i]) for i in range(4)] 12 | ciphertext = [long_to_bytes(ciphertext[i]) for i in range(4)] 13 | ciphertext = [ciphertext[i].encode("hex") for i in range(4)] 14 | 15 | obj1 = open("ciphertext.txt",'w') 16 | obj1.write(str(ciphertext)) -------------------------------------------------------------------------------- /Block-Cipher/CBC-IV-Detection/example.py: -------------------------------------------------------------------------------- 1 | from Crypto.Cipher import AES 2 | from os import urandom 3 | 4 | key = urandom(16) 5 | iv = urandom(16) 6 | 7 | def padding(plaintext, blocksize): 8 | padlen = blocksize - (len(plaintext) % blocksize) 9 | pt_hex = plaintext.encode("hex") + padlen*(hex(padlen)[2:].zfill(2)) 10 | return pt_hex.decode("hex") 11 | 12 | def CBC_encrypt(plaintext): 13 | plaintext = padding(plaintext, 16) 14 | obj1 = AES.new(key, AES.MODE_CBC, iv) 15 | return obj1.encrypt(plaintext) 16 | 17 | def CBC_decrypt(ciphertext): 18 | obj2 = AES.new(key, AES.MODE_CBC, iv) 19 | plaintext = obj2.decrypt(ciphertext) 20 | return plaintext 21 | 22 | # Assuming the above code is running on a server and we only have access to its encryption and decryption oracle 23 | # We can do the following, as an attacker to get the value of iv 24 | #---------------------------------------------------------------------------------------------------------------------------------- 25 | # The following is what an attacker will do to implement the exploit 26 | 27 | plaintext = "Crypton is a repository of a compilation of all the popular attacks on encryption systems and digital signatures" 28 | plaintext = padding(plaintext, 16) # Assuming that the attacker knows blocksize 29 | ciphertext = CBC_encrypt(plaintext) 30 | 31 | # For the exploit we need atleast three blocks of ciphertext 32 | ciphertext = ciphertext[:16] + "\x00"*16 + ciphertext[:16] 33 | pt = CBC_decrypt(ciphertext) 34 | possible_iv = "" 35 | for i in range(16): 36 | possible_iv += chr(ord(pt[i]) ^ ord(pt[32+i])) 37 | print possible_iv == iv 38 | 39 | if possible_iv == iv: 40 | print "[*] Exploit working. The value of iv in hex is: ", possible_iv.encode("hex") 41 | else: 42 | print "[*] Exploit failed!" 43 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Elliptic-Curve-DLP/brute_ecdlp.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | import random 3 | 4 | def brute_ecdlp(P, Q, E): 5 | """ 6 | Brute Force algorithm to solve ECDLP and retrieve value of secret key `x`. 7 | Use only if group is very small. 8 | Includes memoization for faster computation 9 | [Warning]: Tested for Weierstrass Curves only 10 | 11 | :parameters: 12 | E : sage.schemes.elliptic_curves.ell_finite_field.EllipticCurve_finite_field_with_category 13 | Elliptic Curve defined as y^2 = x^3 + a*x + b mod p 14 | P : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field 15 | Base point of the Elliptic Curve E 16 | Q : sage.schemes.elliptic_curves.ell_point.EllipticCurvePoint_finite_field 17 | Q = x*P, where `x` is the secret key 18 | """ 19 | _order = P.order() 20 | try: 21 | assert P == E((P[0], P[1])) 22 | except TypeError: 23 | print "[-] Point does not lie on the curve" 24 | return -1 25 | 26 | res = 2*P 27 | if res == Q: 28 | return 2 29 | if Q == E((0, 1, 0)): 30 | return _order 31 | if Q == P: 32 | return 1 33 | i = 3 34 | while i <= P.order() - 1: 35 | res = res + P 36 | if res == Q: 37 | return i 38 | i += 1 39 | return -1 40 | 41 | 42 | if __name__ == "__main__": 43 | E = EllipticCurve(GF(17), [2, 2]) 44 | P = E((5, 1)) 45 | try: 46 | for _ in range(100): 47 | x = random.randint(2, 18) 48 | assert brute_ecdlp(E((5, 1)), x*P, E) == x 49 | except Exception as e: 50 | print e 51 | print "[-] Function inconsistent and incorrect" 52 | print "[-] Check your implementation" 53 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-LSBit-Oracle/lsbitoracle.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import long_to_bytes, bytes_to_long 2 | from Crypto.PublicKey import RSA 3 | 4 | 5 | def lsbitoracle(flag_enc, _decrypt, e, N, upper_limit, lower_limit): 6 | """ 7 | Reference: https://crypto.stackexchange.com/questions/11053/rsa-least-significant-bit-oracle-attack 8 | 9 | Function implementing LSBit Oracle Attack 10 | 11 | *Warning*: Function does not return the last byte of the final plaintext 12 | 13 | :parameters: 14 | flag_enc : str 15 | Ciphertext you want to decrypt 16 | _decrypt : function 17 | Function interacting with the server for decryption 18 | e : int/long 19 | Public Key exponent 20 | N : long 21 | Public Key Modulus 22 | upper_limit: long 23 | Maximum value of corresponding plaintext of flag_enc 24 | lower_limit: long 25 | Minimum value of corresponding plaintext of flag_enc 26 | 27 | Since the attack messes up with the last byte of the plaintext, lsbitoracle 28 | function returns only flag[:-1]. It returns -1 in case of any Exception 29 | """ 30 | flag = "" 31 | i = 1 32 | while lower_limit < upper_limit: 33 | chosen_ct = long_to_bytes((bytes_to_long(flag_enc)*pow(2**i, e, N)) % N) 34 | output = _decrypt(chosen_ct) 35 | if ord(output[-1]) == 0: 36 | upper_limit = (upper_limit + lower_limit)/2 37 | elif ord(output[-1]) == 1: 38 | lower_limit = (lower_limit + upper_limit)/2 39 | else: 40 | return -1 41 | i += 1 42 | # clearing the last byte from the flag 43 | flag = lower_limit & (~0xff) 44 | return long_to_bytes(flag) 45 | -------------------------------------------------------------------------------- /RSA-encryption/Intro-Challenges/Challenge-14/exploit.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from pwn import * 3 | 4 | def _encrypt(message): 5 | r.recvuntil("choice: ") 6 | r.sendline("1") 7 | r.recvuntil("encrypt (in hex): ") 8 | r.sendline(message.encode("hex")) 9 | ct = r.recvline().strip()[37:].decode("hex") 10 | r.recvline() 11 | r.recvline() 12 | return ct 13 | 14 | def extractmod_eunknown(_encrypt, limit=4): 15 | """ 16 | Reference: https://crypto.stackexchange.com/questions/43583/deduce-modulus-n-from-public-exponent-and-encrypted-data 17 | 18 | Function to extract the value of modulus without the value of public key exponent 19 | 20 | :input parameters: 21 | _encrypt : : Function interacting with the server for encryption 22 | limit : : number of values to be sent for encryption 23 | """ 24 | try: 25 | assert limit <= 4 26 | except AssertionError: 27 | print "[+] Limit too big!" 28 | return -1 29 | try: 30 | m_list = [2, 3, 5, 7] 31 | ct_list = [bytes_to_long(_encrypt(long_to_bytes(m_list[i]**2))) for i in range(limit)] 32 | ct_list2 = [bytes_to_long(_encrypt(long_to_bytes(m_list[i]))) for i in range(limit)] 33 | assert len(ct_list) == len(ct_list2) 34 | mod_list = [(ct_list2[i]**2 - ct_list[i]) for i in range(limit)] 35 | _gcd = mod_list[0] 36 | for i in mod_list: 37 | _gcd = GCD(_gcd, i) 38 | return _gcd 39 | except Exception as es: 40 | print "[+] Exception: ", es 41 | return -1 42 | 43 | r = process("./run.sh") 44 | N = extractmod_eunknown(_encrypt, 4) 45 | print "N: ", N 46 | assert N != -1 47 | r.sendline("2") 48 | r.recvuntil("modulus: ") 49 | r.sendline(str(N)) 50 | print r.recvline().strip() 51 | -------------------------------------------------------------------------------- /Message-Authentication-Code/Attack-Length-Extension-CBC-MAC/README.md: -------------------------------------------------------------------------------- 1 | # Length Extension Attack on CBC-MAC 2 | 3 | Prerequisites: 4 | 1. [CBC-MAC](https://en.wikipedia.org/wiki/CBC-MAC) 5 | 6 | Using the attack described here, the attacker can generate a valid **Authentication Tag** of message M1 || M2 given MAC(M1), without having the knowledge of key k. Note that M2 can selected purely by choice of the attacker. 7 | 8 | Case scenario: 9 | * Code running on the server that allows the user to give a string as an input 10 | * Checks if the string is equal to M1 || M2, if not then it 11 | * Calculates CBC-MAC of the input string 12 | * Returns the Authentication Tag of the message 13 | Otherwise, 14 | * Returns a null string 15 | 16 | As an attacker, we want to get the authentication tag of M1 || M2, without sending M1 || M2 as the input. Let us see how we can do it. 17 | 18 | 19 | ## The vulnerability and exploit 20 | ![image](https://i.imgur.com/upHacu8.png) 21 | There are two cases that we have to take into consideration while implementing the exploit: case when the IV is a null string and the other when IV is not a null string. 22 | * Case 1: When IV is a null string: We can get the authentication tag of M1 || M2 by the following steps: 23 | * Get the authentication tag of message M1 = MAC(M1) 24 | * XOR it with M2, and send the result as input to the code running on the server. 25 | * The output will be MAC(M1 || M2) 26 | * Case 2: When IV is not null: It's value will most probably be given, we can get the authetication tag of M1 || M2 by the following steps: 27 | * Get the authentication tag of message M1 = MAC(M1) 28 | * XOR it with (M2 xor IV) and send the result as input to the code running on the server 29 | * The output will be MAC(M1 || M2) 30 | 31 | ## Example 32 | Check out the example script [here](CBC-Length-Extension.py). 33 | 34 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Coppersmith/Challenges/Really-Suspicious-Acronym/output.txt: -------------------------------------------------------------------------------- 1 | msg1 = 4249729541274832324831915101850978041491970958978013333892918723306168770472089196478720527554982764987079625218029445015042835412969986610407794962546486526768377464483162272541733624521350257458334912357961557141551376502679112069746250223130120067678503609054343306910481618502449487751467838568736395758064426403381068760701434585433915614901796040740316824283643177505677105619002929103619338876322183416750542848507631412106633630984867562243228659040403724671325236096319784525457674398019860558530212905126133378508676777200538275088387251038714220361173376355185449239483472545370043145325106307606431828449482078191 2 | msg2 = 13075855845498384344820257559893309320125843093107442572680776872299102248743866420640323500087788163238819301260173322187978140866718036292385520509724506487692001245730298675731681509412177547061396861961413760298064385526657135656283464759479388590822600747903100354135682624356454872283852822117199641700847558605700370117557855396952083088645477966782338316017387406733063346986224014837246404581562813312855644424128648363175792786282857154624788625411070173092512834181678732914231669616670515512774709315620233482515821178277673737845032672993814500177126048019814877397547310166915188341668439101769932492677363463422 3 | flag = 1325070956009103489249194637347510588506729608784127511926628895543304940415297099207601498626181915901848862854995077315475674257593360012633818395699000501896896712855638114932274873636706679536094148084825113213348693669110684534612150434985589138003619494080556587882502882245480530148296233019306164832959924719530089539412878605051284492900919153291539285764067215954480046474237129247005910958854570936626494664674014970792183182621261776942952172643573955950074108555363333808330455648256916095619261620286120748266415219259665310637340092503523139379869446053982200858497231506892485419429178671743186148288407233657 -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Baby-Step-Giant-Step/bsgs.py: -------------------------------------------------------------------------------- 1 | from sage.all import * 2 | 3 | def bsgs(g, y, p): 4 | """ 5 | Reference: 6 | 7 | To solve DLP: y = g^x % p and get the value of x. 8 | We use the property that x = i*m + j, where m = ceil(sqrt(n)) 9 | 10 | :parameters: 11 | g : int/long 12 | Generator of the group 13 | y : int/long 14 | Result of g**x % p 15 | p : int/long 16 | Group over which DLP is generated. Commonly p is a prime number 17 | 18 | :variables: 19 | m : int/long 20 | Upper limit of baby steps / giant steps 21 | x_poss : int/long 22 | Values calculated in each giant step 23 | c : int/long 24 | Giant Step pre-computation: c = g^(-m) % p 25 | i, j : int/long 26 | Giant Step, Baby Step variables 27 | lookup_table: dictionary 28 | Dictionary storing all the values computed in the baby step 29 | """ 30 | mod_size = len(bin(p-1)[2:]) 31 | 32 | print "[+] Using BSGS algorithm to solve DLP" 33 | print "[+] Modulus size: " + str(mod_size) + ". Warning! BSGS not space efficient\n" 34 | 35 | m = ceil(sqrt(p-1)) 36 | # Baby Step 37 | lookup_table = {pow(g, j, p): j for j in range(m)} 38 | # Giant Step pre-computation 39 | c = pow(g, m*(p-2), p) 40 | # Giant Steps 41 | for i in range(m): 42 | temp = (y*pow(c, i, p)) % p 43 | if temp in lookup_table: 44 | # x found 45 | return i*m + lookup_table[temp] 46 | return None 47 | 48 | 49 | if __name__ == "__main__": 50 | try: 51 | assert pow(2, bsgs(2, 4178319614, 6971096459), 6971096459) == 4178319614 52 | assert pow(3, bsgs(3, 362073897, 2500000001), 2500000001) == 362073897 53 | except: 54 | print "[+] Function inconsistent and incorrect, check the implementation" 55 | -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Locked_Dungeon/enter_the_dungeon1.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import argparse 4 | from hashlib import sha256 5 | from Crypto.Cipher import AES 6 | import os 7 | import sys 8 | 9 | BLOCK_SIZE = 16 10 | PAD_LIMIT = 48 11 | KEY = os.urandom(16) 12 | 13 | pad_len = lambda inp: (BLOCK_SIZE - len(inp) % BLOCK_SIZE) 14 | pad = lambda inp: inp + chr(pad_len(inp))*pad_len(inp) 15 | 16 | 17 | class AESCipher: 18 | def __init__(self, key): 19 | self.key = sha256(key).digest() 20 | 21 | def encrypt(self, raw): 22 | cipher = AES.new(self.key, AES.MODE_ECB) 23 | return "".join("{:02x}".format(ord(c)) for c in cipher.encrypt(raw)) 24 | 25 | def mod_pad(self, inp, flag_size): 26 | input_len = len(inp) 27 | if input_len > PAD_LIMIT: 28 | excess_len = input_len - PAD_LIMIT 29 | if excess_len > flag_size: 30 | padded_inp = inp[flag_size:flag_size + PAD_LIMIT] 31 | else: 32 | padded_inp = inp[:flag_size - excess_len] + inp[flag_size:] 33 | return padded_inp 34 | else: 35 | padded_inp= pad(inp) 36 | return padded_inp 37 | 38 | def mod_encrypt(self, raw, flag_size): 39 | raw = self.mod_pad(raw, flag_size) 40 | encrypted_data = self.encrypt(raw) 41 | return encrypted_data 42 | 43 | if __name__ == "__main__": 44 | with open("flag.txt") as fp: 45 | flag = fp.read() 46 | flag_size = len(flag) 47 | if flag_size > PAD_LIMIT: 48 | print("Flag is too big") 49 | exit(1) 50 | aescipher = AESCipher(key=KEY) 51 | req_count = 0 52 | while req_count < 0x1900: 53 | req_count += 1 54 | user_input = raw_input() 55 | if len(user_input) > 0x64: 56 | continue 57 | sys.stdout.write(aescipher.mod_encrypt(flag + user_input, flag_size)) 58 | sys.stdout.write('\n') 59 | sys.stdout.flush() -------------------------------------------------------------------------------- /Block-Cipher/Attack-ECB-Byte-at-a-Time/Challenges/Baby-Crypt/.svn/pristine/66/6675cec2f7feffd7eeb51d994f7747ef99edbbc0.svn-base: -------------------------------------------------------------------------------- 1 | #! /usr/bin/python 2 | 3 | from subprocess import Popen, PIPE 4 | import shlex 5 | 6 | blksz = 32 7 | blocksize=blksz 8 | cmd = shlex.split("python baby_crypt.py") 9 | 10 | 11 | import socket 12 | HOST,PORT = "localhost",1337 13 | sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) 14 | sock.connect((HOST,PORT)) 15 | def r(input): 16 | 17 | #a = Popen(cmd, stdin=PIPE, stdout=PIPE) 18 | #b = a.communicate(input+"\n") 19 | #b=b[0][53:]; 20 | b = sock.recv(1024) 21 | sock.sendall(input) 22 | b = sock.recv(1024).split(":")[1].lstrip().strip(); 23 | return repr(b.strip().lstrip()) 24 | 25 | 26 | def align(prefix): 27 | build = "" 28 | while len(build) % blocksize != blocksize-len(prefix)-1: 29 | build = "a" + build; 30 | return build; 31 | 32 | def chk(ali,bas,new): 33 | length = len(ali)+1+blksz 34 | #print str(length) 35 | return bas[:length]==new[:length] 36 | 37 | def slv1(prefix): 38 | s = align(prefix) 39 | #print "tr="+s 40 | #print "ln="+str(len(s)) 41 | base = (r(s)) 42 | #print "base="+base 43 | for i in range(33,127): # Assume ASCIIi 44 | tr = s+prefix+ chr(i); 45 | #print "I="+str(i) 46 | #print "tr="+tr 47 | #print "ln="+str(len(tr)) 48 | new = r(tr) 49 | #time.sleep(.01) 50 | #print " new="+new 51 | if chk(s,base,new): 52 | return chr(i); 53 | print("EXCEOPTIONNSONSONSONSON") 54 | return None 55 | 56 | 57 | #one = align("") 58 | #print r(one)[:32] 59 | #print r(one+'f')[:32] 60 | 61 | #import sys 62 | #sys.exit(1) 63 | import time 64 | retur = "" 65 | while r != None: 66 | retur += slv1(retur) 67 | print repr(retur) 68 | #time.sleep(.1) 69 | #print r(align("")) 70 | #print r(align("")+'f') 71 | #print r(align("")+'c') 72 | #print r('a'*128) 73 | #blksz = 32 74 | #blocksize=32 75 | #print r(align("")) 76 | #print r(align("")+'f') 77 | #print r(align("")+'c') 78 | 79 | #print slv1("") 80 | #print slv1("f") 81 | #print(r("2"*blksz*22+"boop")) 82 | -------------------------------------------------------------------------------- /Discrete-Logarithm-Problem/Algo-Pohlig-Hellman/README.md: -------------------------------------------------------------------------------- 1 | # Pohlig Hellman Algorithm 2 | 3 | **Prerequisites**: 4 | 1. [Discrete Logarithm Problem](https://github.com/ashutosh1206/Crypton/tree/master/Discrete-Logarithm-Problem) 5 | 6 | **Pohlig Hellman Algorithm** is applicable in cases where order of the group, over which DLP is defined, is a smooth number (ie. the number that can be factored into small prime numbers). First, let us define our DLP over the Cyclic Group `G` = ![picture](Pictures/1.gif) having order `n`. 7 | 8 | There are different variations to Pohlig-Hellman algorithm that can be applied in different conditions: 9 | 1. When **order** of a group **is a power of 2 only** ie. n = 2e 10 | 2. When **order** of a group **is a power of a prime** ie. n = pe, where `p` is a prime number 11 | 3. **General algorithm** ie. n = p1e1 p2e2 p3e3... prer 12 | 13 | ## Order of a group is a power of 2 14 | ![picture](Pictures/2.png) 15 | *Source: https://crypto.stackexchange.com/questions/34180/discrete-logarithm-problem-is-easy-in-a-cyclic-group-of-order-a-power-of-two* 16 | 17 | I implemented this algorithm in python here: [ph_orderp2.py](ph_orderp2.py) 18 | 19 | So if you have a group whose order is a power of 2, you can now solve the DLP in ![picture](Pictures/2.gif), where `e` is the exponent in the group order n = 2e. 20 | 21 | ## Order of a group is a power of a prime number 22 | 23 | **Source**: [http://anh.cs.luc.edu/331/notes/PohligHellmanp_k2p.pdf](http://anh.cs.luc.edu/331/notes/PohligHellmanp_k2p.pdf) 24 | 25 | I implemented this algorithm in python here: [ph_orderpp.py](ph_orderpp.py) 26 | 27 | ## General Algorithm 28 | 29 | **Source**: [http://anh.cs.luc.edu/331/notes/PohligHellmanp_k2p.pdf](http://anh.cs.luc.edu/331/notes/PohligHellmanp_k2p.pdf) 30 | 31 | I implemented this algorithm in python/sage here: 32 | [pohlig_hellman.py](pohlig_hellman.py) 33 | -------------------------------------------------------------------------------- /RSA-encryption/Attack-Common-Modulus/README.md: -------------------------------------------------------------------------------- 1 | # Common-Modulus Attack 2 | 3 | 4 | Prerequisites: 5 | 1. [RSA Encryption/Decryption](https://github.com/ashutosh1206/Crypton/blob/master/RSA-encryption/README.md) 6 | 7 | 8 | Common Modulus attack works in the scenario when a message is encrypted in two different ways, once using a modulus and a public key exponent and another time using the same modulus but different public exponent. Mathematically, ciphertext in each case can be written as: 9 | ![picture](Pictures/1.gif) 10 | ![picture](Pictures/2.gif) 11 | 12 | ## The Attack 13 | Let us try and get the coefficients of [Bezout's Identity](https://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity) using Extended Euclid Algorithm over `e1` and `e2`. I wrote a python implementation of the Extended Euclid Algorithm, which you can use: 14 | ```python 15 | def egcd(a, b): 16 | if (a == 0): 17 | return (b, 0, 1) 18 | else: 19 | g, y, x = egcd(b % a, a) 20 | return (g, x - (b // a) * y, y) 21 | ``` 22 | The function will return GCD of `e1` and `e2` along with the coefficients of Bezout's Identity `a` and `b` respectively. From Extended Euclid Algorithm we can write: 23 | ``` 24 | (e1 * a) + (e2 * b) = GCD(e1, e2) 25 | ``` 26 | We can create a similar scenario as above using `c1` and `c2` that we have. Let us see how we can do it: 27 | First we take `c1` to the power `a` so that we have: 28 | ![picture](Pictures/3.gif) --> **(1)** 29 | Similarly we take `c2` to the power `b` to get: 30 | ![picture](Pictures/4.gif) --> **(2)** 31 | Multiplying equations (1) and (2) we have: 32 | ![picture](Pictures/5.gif) --> **(3)** 33 | Now that we have `GCD(e1, e2)` as the exponent of m, it is possible that the result of ![picture](Pictures/6.gif) may not wrap around the modulus N, ie. ![picture](Pictures/6.gif) may not be greater than the modulus N. In such cases, we can directly get message `m` from equation-3 as the GCD(e1, e2)th root of the result obtained in **equation-3**. 34 | 35 | You can check the implementation of the attack [here](exploit.py). 36 | --------------------------------------------------------------------------------