├── 2022 ├── Codegate Finals │ └── [crypto] GIGA-Cloud-Storage │ │ ├── README.md │ │ ├── dist │ │ ├── client │ │ │ └── client.py │ │ └── server │ │ │ ├── codegate │ │ │ ├── key.txt │ │ │ └── src │ │ │ │ └── flag.enc │ │ │ └── server.py │ │ └── solution │ │ ├── README.md │ │ └── solver.py ├── Codegate Quals │ └── [crypto] PrimeGenerator │ │ ├── README.md │ │ ├── dist │ │ └── prob.py │ │ └── solution │ │ ├── README.md │ │ └── solver.sage ├── WACON Finals │ ├── [crypto] BYOS │ │ ├── README.md │ │ ├── dist │ │ │ └── prob.py │ │ └── solution │ │ │ ├── README.md │ │ │ └── solver.py │ ├── [crypto] mistake │ │ ├── README.md │ │ ├── dist │ │ │ ├── flag.bmp.enc │ │ │ └── prob.py │ │ └── solution │ │ │ ├── README.md │ │ │ ├── flag.bmp │ │ │ ├── flag_enc_256.bmp │ │ │ └── solver.py │ ├── [misc] mosaic │ │ ├── README.md │ │ ├── dist │ │ │ ├── OFL.txt │ │ │ ├── PublicSans-Regular.ttf │ │ │ ├── mosaic.png │ │ │ └── prob.py │ │ └── solution │ │ │ ├── README.md │ │ │ ├── original.png │ │ │ └── solver.py │ └── [misc] sudokugame │ │ ├── README.md │ │ ├── dist │ │ ├── prob.py │ │ └── prob_dist.py │ │ └── solution │ │ ├── README.md │ │ └── solver.py └── WACON Quals │ ├── [crypto] the-game-of-des │ ├── README.md │ ├── dist │ │ └── prob.py │ └── solution │ │ ├── README.md │ │ └── solver.py │ ├── [crypto] zero-time-signature │ ├── README.md │ ├── dist │ │ └── prob.py │ └── solution │ │ ├── README.md │ │ └── solver.py │ ├── [misc] hashashashashash │ ├── README.md │ ├── dist │ │ └── prob.py │ └── solution │ │ ├── README.md │ │ ├── original.png │ │ └── solver.py │ └── [reversing] type-confusion │ ├── README.md │ ├── dist │ └── prob │ └── solution │ ├── README.md │ ├── program.cpp │ └── solver.py ├── 2023 ├── CCE Quals │ └── [crypto] NZK-SIARK │ │ ├── README.md │ │ ├── dist │ │ ├── GF.py │ │ ├── constants.py │ │ └── prob.py │ │ └── solution │ │ ├── GF.py │ │ ├── README.md │ │ ├── constants.py │ │ ├── solver.py │ │ └── writeup.md ├── Codegate Finals │ └── [crypto] tiny-encryption │ │ ├── README.md │ │ ├── dist │ │ ├── constant_generator.sage │ │ ├── constants.txt │ │ ├── prob.sage │ │ └── tiny-encryption.sage │ │ └── solution │ │ ├── README.md │ │ ├── constants.txt │ │ └── solver.sage ├── Codegate Quals │ ├── [crypto] anti-kerckhoffs │ │ ├── README.md │ │ ├── dist │ │ │ └── prob.py │ │ └── solution │ │ │ ├── README.md │ │ │ └── solver.py │ └── [crypto] secure-prime-generator │ │ ├── README.md │ │ ├── dist │ │ ├── client_example.py │ │ └── prob.py │ │ └── solution │ │ ├── README.md │ │ └── solver.py ├── WACON Finals │ └── [crypto] the-game-of-des-2 │ │ ├── README.md │ │ ├── dist │ │ ├── data_baby │ │ │ ├── ct0 │ │ │ ├── ct1 │ │ │ ├── ct10 │ │ │ ├── ct11 │ │ │ ├── ct12 │ │ │ ├── ct13 │ │ │ ├── ct14 │ │ │ ├── ct15 │ │ │ ├── ct16 │ │ │ ├── ct17 │ │ │ ├── ct18 │ │ │ ├── ct19 │ │ │ ├── ct2 │ │ │ ├── ct20 │ │ │ ├── ct21 │ │ │ ├── ct22 │ │ │ ├── ct23 │ │ │ ├── ct24 │ │ │ ├── ct25 │ │ │ ├── ct26 │ │ │ ├── ct27 │ │ │ ├── ct28 │ │ │ ├── ct29 │ │ │ ├── ct3 │ │ │ ├── ct30 │ │ │ ├── ct31 │ │ │ ├── ct32 │ │ │ ├── ct33 │ │ │ ├── ct34 │ │ │ ├── ct35 │ │ │ ├── ct36 │ │ │ ├── ct37 │ │ │ ├── ct38 │ │ │ ├── ct39 │ │ │ ├── ct4 │ │ │ ├── ct40 │ │ │ ├── ct41 │ │ │ ├── ct42 │ │ │ ├── ct43 │ │ │ ├── ct44 │ │ │ ├── ct45 │ │ │ ├── ct46 │ │ │ ├── ct47 │ │ │ ├── ct48 │ │ │ ├── ct49 │ │ │ ├── ct5 │ │ │ ├── ct50 │ │ │ ├── ct51 │ │ │ ├── ct52 │ │ │ ├── ct53 │ │ │ ├── ct54 │ │ │ ├── ct55 │ │ │ ├── ct56 │ │ │ ├── ct57 │ │ │ ├── ct58 │ │ │ ├── ct59 │ │ │ ├── ct6 │ │ │ ├── ct60 │ │ │ ├── ct61 │ │ │ ├── ct62 │ │ │ ├── ct63 │ │ │ ├── ct7 │ │ │ ├── ct8 │ │ │ ├── ct9 │ │ │ ├── pt0 │ │ │ ├── pt1 │ │ │ ├── pt10 │ │ │ ├── pt11 │ │ │ ├── pt12 │ │ │ ├── pt13 │ │ │ ├── pt14 │ │ │ ├── pt15 │ │ │ ├── pt16 │ │ │ ├── pt17 │ │ │ ├── pt18 │ │ │ ├── pt19 │ │ │ ├── pt2 │ │ │ ├── pt20 │ │ │ ├── pt21 │ │ │ ├── pt22 │ │ │ ├── pt23 │ │ │ ├── pt24 │ │ │ ├── pt25 │ │ │ ├── pt26 │ │ │ ├── pt27 │ │ │ ├── pt28 │ │ │ ├── pt29 │ │ │ ├── pt3 │ │ │ ├── pt30 │ │ │ ├── pt31 │ │ │ ├── pt32 │ │ │ ├── pt33 │ │ │ ├── pt34 │ │ │ ├── pt35 │ │ │ ├── pt36 │ │ │ ├── pt37 │ │ │ ├── pt38 │ │ │ ├── pt39 │ │ │ ├── pt4 │ │ │ ├── pt40 │ │ │ ├── pt41 │ │ │ ├── pt42 │ │ │ ├── pt43 │ │ │ ├── pt44 │ │ │ ├── pt45 │ │ │ ├── pt46 │ │ │ ├── pt47 │ │ │ ├── pt48 │ │ │ ├── pt49 │ │ │ ├── pt5 │ │ │ ├── pt50 │ │ │ ├── pt51 │ │ │ ├── pt52 │ │ │ ├── pt53 │ │ │ ├── pt54 │ │ │ ├── pt55 │ │ │ ├── pt56 │ │ │ ├── pt57 │ │ │ ├── pt58 │ │ │ ├── pt59 │ │ │ ├── pt6 │ │ │ ├── pt60 │ │ │ ├── pt61 │ │ │ ├── pt62 │ │ │ ├── pt63 │ │ │ ├── pt7 │ │ │ ├── pt8 │ │ │ └── pt9 │ │ ├── data_easy │ │ │ ├── ct0 │ │ │ ├── ct1 │ │ │ ├── ct10 │ │ │ ├── ct11 │ │ │ ├── ct12 │ │ │ ├── ct13 │ │ │ ├── ct14 │ │ │ ├── ct15 │ │ │ ├── ct16 │ │ │ ├── ct17 │ │ │ ├── ct18 │ │ │ ├── ct19 │ │ │ ├── ct2 │ │ │ ├── ct20 │ │ │ ├── ct21 │ │ │ ├── ct22 │ │ │ ├── ct23 │ │ │ ├── ct24 │ │ │ ├── ct25 │ │ │ ├── ct26 │ │ │ ├── ct27 │ │ │ ├── ct28 │ │ │ ├── ct29 │ │ │ ├── ct3 │ │ │ ├── ct30 │ │ │ ├── ct31 │ │ │ ├── ct32 │ │ │ ├── ct33 │ │ │ ├── ct34 │ │ │ ├── ct35 │ │ │ ├── ct36 │ │ │ ├── ct37 │ │ │ ├── ct38 │ │ │ ├── ct39 │ │ │ ├── ct4 │ │ │ ├── ct40 │ │ │ ├── ct41 │ │ │ ├── ct42 │ │ │ ├── ct43 │ │ │ ├── ct44 │ │ │ ├── ct45 │ │ │ ├── ct46 │ │ │ ├── ct47 │ │ │ ├── ct48 │ │ │ ├── ct49 │ │ │ ├── ct5 │ │ │ ├── ct50 │ │ │ ├── ct51 │ │ │ ├── ct52 │ │ │ ├── ct53 │ │ │ ├── ct54 │ │ │ ├── ct55 │ │ │ ├── ct56 │ │ │ ├── ct57 │ │ │ ├── ct58 │ │ │ ├── ct59 │ │ │ ├── ct6 │ │ │ ├── ct60 │ │ │ ├── ct61 │ │ │ ├── ct62 │ │ │ ├── ct63 │ │ │ ├── ct7 │ │ │ ├── ct8 │ │ │ ├── ct9 │ │ │ ├── pt0 │ │ │ ├── pt1 │ │ │ ├── pt10 │ │ │ ├── pt11 │ │ │ ├── pt12 │ │ │ ├── pt13 │ │ │ ├── pt14 │ │ │ ├── pt15 │ │ │ ├── pt16 │ │ │ ├── pt17 │ │ │ ├── pt18 │ │ │ ├── pt19 │ │ │ ├── pt2 │ │ │ ├── pt20 │ │ │ ├── pt21 │ │ │ ├── pt22 │ │ │ ├── pt23 │ │ │ ├── pt24 │ │ │ ├── pt25 │ │ │ ├── pt26 │ │ │ ├── pt27 │ │ │ ├── pt28 │ │ │ ├── pt29 │ │ │ ├── pt3 │ │ │ ├── pt30 │ │ │ ├── pt31 │ │ │ ├── pt32 │ │ │ ├── pt33 │ │ │ ├── pt34 │ │ │ ├── pt35 │ │ │ ├── pt36 │ │ │ ├── pt37 │ │ │ ├── pt38 │ │ │ ├── pt39 │ │ │ ├── pt4 │ │ │ ├── pt40 │ │ │ ├── pt41 │ │ │ ├── pt42 │ │ │ ├── pt43 │ │ │ ├── pt44 │ │ │ ├── pt45 │ │ │ ├── pt46 │ │ │ ├── pt47 │ │ │ ├── pt48 │ │ │ ├── pt49 │ │ │ ├── pt5 │ │ │ ├── pt50 │ │ │ ├── pt51 │ │ │ ├── pt52 │ │ │ ├── pt53 │ │ │ ├── pt54 │ │ │ ├── pt55 │ │ │ ├── pt56 │ │ │ ├── pt57 │ │ │ ├── pt58 │ │ │ ├── pt59 │ │ │ ├── pt6 │ │ │ ├── pt60 │ │ │ ├── pt61 │ │ │ ├── pt62 │ │ │ ├── pt63 │ │ │ ├── pt7 │ │ │ ├── pt8 │ │ │ └── pt9 │ │ ├── data_hard │ │ │ ├── ct0 │ │ │ ├── ct1 │ │ │ ├── ct10 │ │ │ ├── ct11 │ │ │ ├── ct12 │ │ │ ├── ct13 │ │ │ ├── ct14 │ │ │ ├── ct15 │ │ │ ├── ct16 │ │ │ ├── ct17 │ │ │ ├── ct18 │ │ │ ├── ct19 │ │ │ ├── ct2 │ │ │ ├── ct20 │ │ │ ├── ct21 │ │ │ ├── ct22 │ │ │ ├── ct23 │ │ │ ├── ct24 │ │ │ ├── ct25 │ │ │ ├── ct26 │ │ │ ├── ct27 │ │ │ ├── ct28 │ │ │ ├── ct29 │ │ │ ├── ct3 │ │ │ ├── ct30 │ │ │ ├── ct31 │ │ │ ├── ct32 │ │ │ ├── ct33 │ │ │ ├── ct34 │ │ │ ├── ct35 │ │ │ ├── ct36 │ │ │ ├── ct37 │ │ │ ├── ct38 │ │ │ ├── ct39 │ │ │ ├── ct4 │ │ │ ├── ct40 │ │ │ ├── ct41 │ │ │ ├── ct42 │ │ │ ├── ct43 │ │ │ ├── ct44 │ │ │ ├── ct45 │ │ │ ├── ct46 │ │ │ ├── ct47 │ │ │ ├── ct48 │ │ │ ├── ct49 │ │ │ ├── ct5 │ │ │ ├── ct50 │ │ │ ├── ct51 │ │ │ ├── ct52 │ │ │ ├── ct53 │ │ │ ├── ct54 │ │ │ ├── ct55 │ │ │ ├── ct56 │ │ │ ├── ct57 │ │ │ ├── ct58 │ │ │ ├── ct59 │ │ │ ├── ct6 │ │ │ ├── ct60 │ │ │ ├── ct61 │ │ │ ├── ct62 │ │ │ ├── ct63 │ │ │ ├── ct7 │ │ │ ├── ct8 │ │ │ └── ct9 │ │ ├── des.py │ │ ├── prob_baby.py │ │ ├── prob_easy.py │ │ └── prob_hard.py │ │ └── solution │ │ ├── README.md │ │ ├── linear_trail_check.py │ │ ├── solver_easy.py │ │ └── solver_hard.py ├── WACON Quals │ ├── [crypto] baby-cipher │ │ ├── README.md │ │ ├── dist │ │ │ └── prob.py │ │ └── solution │ │ │ ├── README.md │ │ │ └── solver.py │ ├── [crypto] pss │ │ ├── README.md │ │ ├── dist │ │ │ ├── prob.py │ │ │ └── pss_data │ │ └── solution │ │ │ ├── README.md │ │ │ └── solver.py │ ├── [crypto] white-arts │ │ ├── README.md │ │ ├── dist │ │ │ ├── Generator.py │ │ │ ├── RandomFunction.py │ │ │ ├── RandomPermutation.py │ │ │ └── prob.py │ │ └── solution │ │ │ ├── README.md │ │ │ └── solver.py │ ├── [misc] let-me-win │ │ ├── README.md │ │ ├── app │ │ │ ├── app.py │ │ │ └── templates │ │ │ │ ├── check.html │ │ │ │ ├── index.html │ │ │ │ ├── scoreboard_requested.html │ │ │ │ ├── setting.html │ │ │ │ └── team.html │ │ └── solution │ │ │ ├── README.md │ │ │ └── solver.py │ └── [misc] mic-check │ │ ├── README.md │ │ ├── app │ │ └── app.py │ │ └── solution │ │ └── README.md ├── Whitehat Finals │ └── [crypto] blocks │ │ ├── README.md │ │ ├── dist │ │ └── prob.py │ │ └── solution │ │ ├── README.md │ │ └── solver.py └── Whitehat Quals │ └── [crypto] discrete_log │ ├── README.md │ ├── dist │ ├── prob.py │ └── prob_revenge.py │ └── solution │ ├── README.md │ ├── preprocess.txt │ └── solver.py ├── LICENSE └── README.md /2022/Codegate Finals/[crypto] GIGA-Cloud-Storage/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] GIGA Cloud Storage 2 | 3 | ## Tag 4 | 5 | RSA, Man in the Middle attack, eprint 2022/959(MEGA: Malleable Encryption Goes Awry) 6 | 7 | ## Difficulty 8 | 9 | Hard 10 | 11 | ## Scenario 12 | 13 | (Only a very brief summary of the situation is given. For detailed information, please refer to the code.) 14 | 15 | Both the server and the client are running as services in different port(9001 / 9002). You can confirm that communication is functioning correctly by passing the client's output to the server and the server's output to the client. 16 | 17 | The client can save files on the server or retrieve files from it. Each user has an RSA private key, and the files are encrypted with AES. The AES encryption key is derived from the RSA private key. 18 | 19 | The goal is to recover the flag from a file named `flag.enc`, which is saved by a user named `codegate` who is already registered. -------------------------------------------------------------------------------- /2022/Codegate Finals/[crypto] GIGA-Cloud-Storage/dist/server/codegate/key.txt: -------------------------------------------------------------------------------- 1 | 5901d4d62364a649837b4638748fd17beb3942388cce66f7595ea589820b7ca86fa1c33d92435f6820c06e09752b4bcf1f0a3936d173d482fb414cabe446ed00fbcc7de15b79670e8cf0ee478be647b6bf637e4a69eac25b2d8567fd400b01b3bbf9ec3a6cee1718d43cb8c5d16b0ebd35e3cffc2bc58662338e56f3a7a9478d958d8abac38a84d801e11cd209510782b5e9f5bcc277b5e7518c38571c923771c2a22c1dc11abf5a82d32c1c4e3ae84300a11fd09a978304cf65c6e31c8286685020c63c1ed465a1f0e2423bafff2cf1b951266cacfd99580693c0cdd80d8224a41e56bfc9ae430fc219a6a4d8570d487de2dc67ec5610734181e72bc5cf8691f04ffb9997d259d757e4779966d1fd0c911c50928345a5c8fedfd81f56c07340051d97c41c6529a5593b854af0f10f832c158b049a53325d13e68b6d34b297be 2 | 312f77b75d0dcf6dd54c4f12f6a220b12a617c73a7b6ba061ddb5733927ed603502cfbfa3607880d558a3cbde74b04a94c24b9940bf80b7f9464336108c71729aa5e412d4a434f8c9903d063c834efc25bfc65d3879dacb4ae42c53586124fe5f6771f674e984f3a999eda035e9176c5a20f2c8860ee470090680f668564eed7d724d31182238aed00a377c11144c537296b995f65ffd4256910f0e711f059fdbe69524913a10d6be930cf2c19c1afe53bd5adcf0aa09dac2d1103af61afa413986a90c1e1e2f739e8dcc6a2ed886259569dee4ad5babfd1b8f67ede5b75d2bca287d49cbaab7c77bc1afedfd8f230a9d63d23f37eadbbd8a984cb59e43945149b11ff06f578a36d7bb18a667dc976f3f4e1e8ba20d38501031bfaeb84a40f45187f1c28a5ba0382251962f67101892a3c15a864a79a4b446367cd2418ada4ec 3 | d48e1cc30261b74d88f70825635765f57905a6fe14ac012a15bd3da5e977773883acaa2e29e9a1abb2d53f3d577fe4a575050e4928f17ea6ab8f6430a33b17139e3854d2fc9837a8a39775bff06fcf4d006dea99d91bd05e41443151e3a26dd287f66977fbde51e290802c7e17fb5dd927cf2bd38f49309d9d7549758851ed238661531d83dd0c05f5fedb7dece60d268cfa64db86d76410d6e98ae4c702ee10c5ff364e635024de9471c40b5c4b396e20b664a181fad45cdcf07c44537a6f17a026574c79b68fadb5caecfc6f35b23963bf05aadcdc2df54bba46cfec810a6581fba5f8c8474c4d7c2559ff1a959cefc09bf0acffebc586fb929fcd4625c75d8c3f8801b4f555adf9d756ea487315f7607e2178d6879d65bd194853be63fe17c6307923ab5cf70989095eccb1c0c1be98f02f0f33d45d1618041dc51fae01a55e6adedfc77100a883666eb3c5063545d5f870e2b41a075dcdde08e1b143d660d1d100647e4e8bb2906fdf188bab040412b0745ad732e62c9aa60e09bb4a73c21b6e2b8a77c805c759ce77cb235d3b841c06a155acd0c0ccc5318fa752c249dd767d44195c021153fd4372049889e970cfaa57117a5174f60395e6c54b35323cac58d6a8858b4610c07c937c721fd70d57f9a0f3d43931234881ea047afffa740bae7af956badea71c5b0f06cac29536993cf2fa99b9fd03a9b3ff5546e08ed6e13c9df9df407564b49375952e377ec1a71dbc6d55d13d02af793f2a445cbf21f4468dd013a0e4fda9b53b0c54bd22efb5a9b49c58b2873dd2f636b348622e70864c572d3adb5e5b9a5746e76e2ddd9a2dcba5d08a7b0b771cf3c1f134ea18aecca80238498960dbc1a806a162db5b99 4 | 7a00dbda0a01db597eee1759f4565870da4757c42e0b4cef0a3cabe759e6ef24dcab8a3313c5e2c95ec7f38010b763b831f4d9b7f9539b8c7447f0f81f11caf00f75813d87cd803137d088b0f1ee8179f532a58cdb427cd0ad903babaf3312b954d9694d306e62f5ae6af08348ed9560c1bbecd84799fb942e4b0486f6af7a6649e9d50a1f7ef460ea5f5d087f3565ff09336336496729f786b6a654d99ad4a7f925dc268cd5c1b35c3c6cf57089e2afb53532832c7b66a17b2287e67c53518ba90a99d1a8495369cf3530109709d5419a5046b733dcb4e6006f8cbc964d17ab6121f94b6a1a46b28e17077f24adf417c21a5f2d50f741773befe15d3c9c37906c92798618879c0c9c5fe346e0a67f73fc6640c1c32c2d3ac1512fc781c95e259fcd79496523a07e73d5171f37251a3fbb80a12ee7a18cdce8d6381a7cf59d18 5 | 12659214462730739290777710676401716129364537461971321037157877540193780746910540896819650182970880505880808257029478576966922788012182813161567264480789412487933555048594859387373262444873139956649127172509365160527593844518913325580532608517683946927197373934501869789520791006507064633048240282420120292353010385218838558491852148859208850993839899492722657498287727598894181537635087547896216039380309309759245366183056244723928135316860412330991393425352005295678522825817645977696006156843729550866483053456177362041805254686689400982564781219502910693511366956648759975359689060253588108513703355540146694238377 6 | -------------------------------------------------------------------------------- /2022/Codegate Finals/[crypto] GIGA-Cloud-Storage/dist/server/codegate/src/flag.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/Codegate Finals/[crypto] GIGA-Cloud-Storage/dist/server/codegate/src/flag.enc -------------------------------------------------------------------------------- /2022/Codegate Finals/[crypto] GIGA-Cloud-Storage/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] GIGA Cloud Storage 2 | 3 | ## Solution 4 | 5 | This challenge was inspired by [MEGA: MALLEABLE ENCRYPTION GOES AWRY](https://mega-awry.io/), and this attack directly works in this challenge. It is possible to recover RSA key using binary search. 6 | 7 | There was a unintended solution using `p = int(aes_dec(bytes.fromhex(packet_recv_plain(sock).decode()), pw_hash))`(`client.py, L118`). When `int()` is called with non integer values, then it outputs a argument in a error message. This feature made the challenge easier. 8 | 9 | Fortunately, this vulnerability doesn't make the challenge like `mic check` level, but it's still regretful personally. -------------------------------------------------------------------------------- /2022/Codegate Quals/[crypto] PrimeGenerator/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Prime Generator 2 | 3 | ## Tag 4 | 5 | RSA, Coppersmith attack, Chinese remainder theorem 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | 296 bits `UPPER` is fixed first. Then the user receives sufficiently many primes with a form `UPPER|lower` for a random `lower`. 14 | 15 | A user also receives a encrypted flag with RSA. Primes in RSA private key are also form `UPPER|lower`. -------------------------------------------------------------------------------- /2022/Codegate Quals/[crypto] PrimeGenerator/dist/prob.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | from Crypto.Util.number import * 3 | import os 4 | 5 | BITS = 512 6 | UPPER_BITS = 296 7 | LOWER_BITS = BITS - UPPER_BITS 8 | 9 | UPPER = bytes_to_long(os.urandom(UPPER_BITS // 8)) << LOWER_BITS 10 | FLAG = b'codegate2022{--------------------------}' 11 | FLAG += b'\x00' + os.urandom(128 - 2 - len(FLAG)) 12 | 13 | def menu1(): 14 | while True: 15 | lower = bytes_to_long(os.urandom(LOWER_BITS // 8)) 16 | p = UPPER | lower 17 | if isPrime(p): return lower 18 | 19 | def menu2(): 20 | p = UPPER + menu1() 21 | q = getPrime(512) 22 | e = 0x10001 23 | n = p * q 24 | return n, pow(bytes_to_long(FLAG), e, n) 25 | 26 | while True: 27 | print("1. Generate 10 random primes (only lower bits)") 28 | print("2. Encrypt a flag") 29 | idx = int(input("> ")) 30 | if idx == 1: 31 | print("How many? (Up to 10)") 32 | num = int(input("> ")) 33 | for _ in range(min(10, num)): 34 | print(menu1()) 35 | elif idx == 2: 36 | n, c = menu2() 37 | print(f"n : {n}") 38 | print(f"c : {c}") -------------------------------------------------------------------------------- /2022/Codegate Quals/[crypto] PrimeGenerator/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Prime Generator 2 | 3 | ## Solution 4 | 5 | It is known that $n$ is efficiently factorized when partial bits of $p$ is exposed usingg coppersmith attack. So our goal is to recover a `UPPER`. 6 | 7 | menu1 is quite artificial and it gives a important "hint" of UPPER. For example, when we receive a number 16 through menu1, it refers that `UPPER % 3 != 2`, `UPPER % 5 != 4`, `UPPER % 7 != 5`, ... We can eliminate candidate remainder for specific primes. 8 | 9 | By gathering enough informations(about 1200-1600 primes), UPPER can be recovered by Chinise remainder theorem. After that, flag is recovered by Coppersmith attack(RSA Factoring with high bits known attack). -------------------------------------------------------------------------------- /2022/Codegate Quals/[crypto] PrimeGenerator/solution/solver.sage: -------------------------------------------------------------------------------- 1 | #!/usr/bin/sage 2 | from Crypto.Util.number import * 3 | from pwn import * 4 | from sage.all import * 5 | import math 6 | 7 | r = remote("localhost", 9001) 8 | 9 | BITS = 512 10 | UPPER_BITS = 296 11 | LOWER_BITS = BITS - UPPER_BITS 12 | 13 | primes = [ 3, 5, 7, 11, 13, 17, 19, 23, 29, 14 | 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 15 | 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 16 | 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 17 | 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 18 | 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 19 | 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 20 | 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 21 | 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 22 | 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 23 | 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 24 | 607, 613, 617, 619, 631, 641, 643, 647, 653, 659] 25 | 26 | remainders = [set([x for x in range(p)]) for p in primes] 27 | 28 | def prod(L): 29 | val = 1 30 | for x in L: 31 | val *= x 32 | return val 33 | 34 | def get_lower(): 35 | r.recvuntil(b"> ") 36 | r.sendline(b"1") 37 | r.recvuntil(b"> ") 38 | r.sendline(b"10") 39 | return [int(r.recvline()) for _ in range(10)] 40 | 41 | def get_nc(): 42 | r.recvuntil(b"> ") 43 | r.sendline(b"2") 44 | r.recvuntil(b"n : ") 45 | n = int(r.recvline()) 46 | r.recvuntil(b"c : ") 47 | c = int(r.recvline()) 48 | return n, c 49 | 50 | def rsa_high_bits_known(n, c, upper): 51 | F. = PolynomialRing(Zmod(n), implementation='NTL'); 52 | pol = x - upper 53 | beta = 0.48 # we should have q >= N^beta 54 | XX = 2 ** LOWER_BITS 55 | epsilon = beta / 7 56 | rt = pol.small_roots(XX, beta, epsilon) 57 | q = int(gcd(rt[0] - upper, n)) 58 | p = int(n) // int(q) 59 | assert(p*q == n and p > 1 and q > 1) 60 | phi = (p-1)*(q-1) 61 | e = 0x10001 62 | d = int(pow(e, -1, phi)) 63 | plain = int(pow(c, d, n)) 64 | print(long_to_bytes(plain)) 65 | 66 | #### STEP 1. Recover UPPER using crt #### 67 | print("[+] STEP 1. Recover UPPER using crt") 68 | crt_a = [0] 69 | crt_m = [2**LOWER_BITS] 70 | 71 | cnt = 0 72 | while prod(crt_m) < 2**BITS: 73 | cnt += 1 74 | if cnt % 10 == 0: 75 | print(f"Gather {cnt*10} primes.. progress : {int(100 * (math.log2(prod(crt_m))-LOWER_BITS) / UPPER_BITS)}%") 76 | lowers = get_lower() 77 | for lower in lowers: 78 | for i in range(len(primes)): 79 | rem = lower % primes[i] 80 | if rem in remainders[i]: 81 | remainders[i].remove(rem) 82 | if len(remainders[i]) == 1: 83 | crt_a.append(primes[i] - remainders[i].pop()) 84 | crt_m.append(primes[i]) 85 | 86 | upper = crt(crt_a, crt_m) 87 | print(f"[+]UPPER = {upper.hex()}") 88 | 89 | #### STEP 2. Recover FLAG using RSA Factoring with high bits known attack ### 90 | print("[+] STEP 2. Recover FLAG using RSA Factoring with high bits known attack") 91 | n, c = get_nc() 92 | rsa_high_bits_known(n, c, upper) 93 | -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] BYOS/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] BYOS 2 | 3 | ## Tag 4 | 5 | SPN, Weak permutation 6 | 7 | ## Difficulty 8 | 9 | Hard 10 | 11 | ## Scenario 12 | 13 | Toy block cipher based on the simple SPN is given. plaintext/ciphertext is 24 bits and key is 72 bits. S-box and bit permutations are determined from the seed which is given by user. -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] BYOS/dist/prob.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | from Crypto.Cipher import DES 3 | import os 4 | 5 | FLAG = open("flag.txt", 'rb').read() 6 | assert len(FLAG) == 96 7 | 8 | level = int(input("Select a security level > ")) 9 | if level < 42: 10 | print(f"Level {level} is not enough I guess...?") 11 | exit(-1) 12 | 13 | dat = FLAG 14 | for i in range(level): 15 | key = bytes.fromhex(input(f"Select your own key[{i}] in hex format > ")) 16 | if len(key) != 8 or len(set(key)) != 8: 17 | print("bye..") 18 | exit(-1) 19 | dat = DES.new(key, DES.MODE_ECB).encrypt(dat) 20 | 21 | 22 | print("enc :", dat.decode()) -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] BYOS/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] BYOS 2 | 3 | ## Solution 4 | 5 | First of all, `key3` is simply ignored when the difference between two ciphers $C1 \oplus C2$ is considered. When the permutation is chosen to be MSB 12 bits and LSB 12 bits are not mixed, then remaining keys can also be divided into MSB/LSB. This allows to bruteforce only `24 bits` for MSB/LSB, respectively. -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] BYOS/solution/solver.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | 3 | r = remote('localhost', 9001) 4 | 5 | r.sendline(b'42') 6 | 7 | # DES weak key 8 | for i in range(21): 9 | r.sendline(b'1fe01ee10ef10ff0') 10 | r.sendline(b'e01fe11ef10ef00f') 11 | 12 | r.recvuntil(b"enc : ") 13 | print(r.recv().decode()) -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] mistake 2 | 3 | ## Tag 4 | 5 | Weakness of ECB mode 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | Each block is 32 bytes, and the encryption function is `(pow(g, x, P) + a * index ** 2 + b * index + c) % P`. Encryption mode in ECB mode. 14 | 15 | The pixel size `1920 x 1281` was given in the problem discription. -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/dist/flag.bmp.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Finals/[crypto] mistake/dist/flag.bmp.enc -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/dist/prob.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | 3 | 4 | P = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff72ef 5 | g = 5 6 | a = 0xe86680d8ebd7cfec4d29118f1b470ce6f0dfdba9ef2b2d217fc4f9cbe21b974c 7 | b = 0x34b368d265d16df26ea6bc6c04c24b3f7e8885cdac2f722de6141e6e4c17a110 8 | c = 0x1cb0bc561d53c36847e0cb2b66484d8ece75eb937f84b6ac43e81a74332d14f5 9 | 10 | def encrypt(x, index): 11 | assert(x < P-1) 12 | return (pow(g, x, P) + a * index ** 2 + b * index + c) % P 13 | 14 | fr = open("flag.bmp", "rb") 15 | plain = fr.read() 16 | fw = open("flag.bmp.enc", "wb") 17 | 18 | SIZE = 32 19 | for i in range(0, len(plain), 32): 20 | block = bytes_to_long(plain[i:i+32]) 21 | fw.write(long_to_bytes(encrypt(block, i), 32)) 22 | 23 | fw.close() 24 | 25 | 26 | 27 | 28 | # BMP_HEADER_LEN = 0x36 -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] mistake 2 | 3 | ## Solution 4 | 5 | As `a,b,c` are public values, `a * index ** 2 + b * index + c` is known. After substracting this part, the ciphertext is same when the plaintext is same. This allows to mount a well-known ECB attack. -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/solution/flag.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Finals/[crypto] mistake/solution/flag.bmp -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/solution/flag_enc_256.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Finals/[crypto] mistake/solution/flag_enc_256.bmp -------------------------------------------------------------------------------- /2022/WACON Finals/[crypto] mistake/solution/solver.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | 3 | P = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff72ef 4 | g = 5 5 | a = 0xe86680d8ebd7cfec4d29118f1b470ce6f0dfdba9ef2b2d217fc4f9cbe21b974c 6 | b = 0x34b368d265d16df26ea6bc6c04c24b3f7e8885cdac2f722de6141e6e4c17a110 7 | c = 0x1cb0bc561d53c36847e0cb2b66484d8ece75eb937f84b6ac43e81a74332d14f5 8 | 9 | bmp_header = bytes.fromhex('424DB69670000000000036000000280000008007000001050000010018000000000080967000C40E0000C40E00000000000000000000FFFFFFFFFFFFFFFFFFFF') 10 | 11 | fr = open("flag.bmp.enc", "rb") 12 | cipher = fr.read() 13 | 14 | fw = open("flag_ecbattack.bmp", "wb") 15 | fw.write(bmp_header) 16 | 17 | SIZE = 32 18 | for i in range(0, len(cipher), 32): 19 | if i <= 1: continue # ignore header part 20 | block = (bytes_to_long(cipher[i:i+32]) - a * i**2 - b * i - c) % P 21 | fw.write(long_to_bytes(block, 32)) 22 | 23 | fw.close() 24 | 25 | 26 | 27 | 28 | # BMP_HEADER_LEN = 0x36 -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/README.md: -------------------------------------------------------------------------------- 1 | # [misc] mosaic 2 | 3 | ## Tag 4 | 5 | Image Processing, backtracking 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | The mosaic image and the code to process image is given. Mosaic is simply takes the average the pixel value for the small rectangle area. -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/dist/PublicSans-Regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Finals/[misc] mosaic/dist/PublicSans-Regular.ttf -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/dist/mosaic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Finals/[misc] mosaic/dist/mosaic.png -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/dist/prob.py: -------------------------------------------------------------------------------- 1 | from PIL import Image, ImageDraw, ImageFont 2 | from hashlib import sha256 3 | import string 4 | 5 | 6 | flag = 'WACon{??????????????????????????????????????????????????}' 7 | assert len(flag) == 57 8 | assert all(x in string.ascii_lowercase or x in string.digits for x in flag[6:-1]) 9 | # You can bruteforce locally. Plz do not bruteforce on server :p 10 | assert sha256(flag.encode()).hexdigest() == '931f585a2d5d558ae8a76a44a10f7c2e08d6eebf0a21e8b263f527bbb7bc11b6' 11 | 12 | R = 104 13 | C = 1104 14 | SIZE = 8 15 | img = Image.new('L', (C, R),255) 16 | d = ImageDraw.Draw(img) 17 | fnt = ImageFont.truetype("./PublicSans-Regular.ttf", 30) 18 | d.text((50, 35), text = flag, font = fnt, fill = 0) 19 | 20 | 21 | for i in range(0, C, SIZE): 22 | for j in range(0, R, SIZE): 23 | color_tot = 0 24 | for c in range(i, i + SIZE): 25 | for r in range(j, j + SIZE): 26 | color_tot += img.getpixel((c, r)) 27 | 28 | for c in range(i, i + SIZE): 29 | for r in range(j, j + SIZE): 30 | img.putpixel((c, r), color_tot // (SIZE * SIZE)) 31 | 32 | img.save('mosaic.png') 33 | 34 | 35 | -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/solution/README.md: -------------------------------------------------------------------------------- 1 | # [misc] mosaic 2 | 3 | ## Solution 4 | 5 | As the `SIZE = 8` is small, it is possible to recover a flag using backtracking algorithm. -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/solution/original.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Finals/[misc] mosaic/solution/original.png -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] mosaic/solution/solver.py: -------------------------------------------------------------------------------- 1 | from PIL import Image, ImageDraw, ImageFont 2 | from hashlib import sha256 3 | import string 4 | R = 104 5 | C = 1104 6 | SIZE = 8 7 | img = Image.new('L', (C, R),255) 8 | #flag = 'WACon{ifuwant2keepas3cretumusta1s0hyd3itfromy0ur5e1f1984}' 9 | charset = string.ascii_lowercase + string.digits 10 | 11 | img_mosaic = Image.open("mosaic.png") 12 | 13 | def gen_mosaic_image(s): 14 | img = Image.new('L', (C, R),255) 15 | d = ImageDraw.Draw(img) 16 | fnt = ImageFont.truetype("./PublicSans-Regular.ttf", 30) 17 | d.text((50, 35), text = s, font = fnt, fill = 0) 18 | 19 | for i in range(0, C, SIZE): 20 | for j in range(0, R, SIZE): 21 | color_tot = 0 22 | for c in range(i, i + SIZE): 23 | for r in range(j, j + SIZE): 24 | color_tot += img.getpixel((c, r)) 25 | 26 | for c in range(i, i + SIZE): 27 | for r in range(j, j + SIZE): 28 | img.putpixel((c, r), color_tot // (SIZE * SIZE)) 29 | 30 | return img 31 | # find next character 32 | def go(s): 33 | cand = [] 34 | for ch in charset: 35 | img = gen_mosaic_image(s + ch) 36 | # Find right most non-white pixel 37 | nonwhite_c = C-1 38 | while all(img.getpixel((nonwhite_c, i)) == 0xff for i in range(R)): 39 | nonwhite_c -= 8 40 | 41 | chk = True 42 | for c in range(0, nonwhite_c-7, SIZE): 43 | for r in range(0, R, SIZE): 44 | #print(img.getpixel((c, r)), img_mosaic.getpixel((c,r))) 45 | if img.getpixel((c, r)) != img_mosaic.getpixel((c,r)): 46 | chk = False 47 | break 48 | 49 | if chk: 50 | cand.append(ch) 51 | return cand 52 | 53 | def dfs(s): 54 | print(s) 55 | if len(s) == 56: 56 | print("!!!!", s + "}") 57 | cand = go(s) 58 | for c in cand: 59 | dfs(s + c) 60 | return None 61 | 62 | print(dfs("WACon{")) -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] sudokugame/README.md: -------------------------------------------------------------------------------- 1 | # [misc] sudokugame 2 | 3 | ## Tag 4 | 5 | Game Theory 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | Two players play a `sudokugame`: 14 | 15 | Each player places numbers on the 9x9 board following the basic Sudoku rules. The player who cannot place a number loses. 16 | 17 | A user plays the above game with AI. The score is +1 for a win and -1 for a loss. If the score reaches +10, then the flag is awarded. 18 | 19 | [+] While server was running `prob.py`, `prob_dist.py` is given to users to hide AI strategy. -------------------------------------------------------------------------------- /2022/WACON Finals/[misc] sudokugame/solution/README.md: -------------------------------------------------------------------------------- 1 | # [misc] sudokugame 2 | 3 | ## Solution 4 | 5 | My solution was simply using basic game theory techniques such as minimax tree. However, competiters were pointed out that there is a strategy to win 100% when a user moves first(See [this](https://mathoverflow.net/questions/297872/who-wins-two-player-sudoku). Their solutions are much l33t..😇😇 -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] the-game-of-des/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] The Game of DES 2 | 3 | ## Tag 4 | 5 | DES, DES weak key 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | After performing DES 42 times with a user-selected key, if every byte of the ciphertext is printable ASCII, provide the ciphertext `(print("enc:", data.decode()))`. Each byte of the key must be different each time (`if len(key) != 8 or len(set(key)) != 8`). -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] the-game-of-des/dist/prob.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | from Crypto.Cipher import DES 3 | import os 4 | 5 | FLAG = open("flag.txt", 'rb').read() 6 | assert len(FLAG) == 96 7 | 8 | level = int(input("Select a security level > ")) 9 | if level < 42: 10 | print(f"Level {level} is not enough I guess...?") 11 | exit(-1) 12 | 13 | dat = FLAG 14 | for i in range(level): 15 | key = bytes.fromhex(input(f"Select your own key[{i}] in hex format > ")) 16 | if len(key) != 8 or len(set(key)) != 8: 17 | print("bye..") 18 | exit(-1) 19 | dat = DES.new(key, DES.MODE_ECB).encrypt(dat) 20 | 21 | 22 | print("enc :", dat.decode()) -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] the-game-of-des/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] The Game of DES 2 | 3 | ## Solution 4 | 5 | The probability that every byte of the ciphertext is printable ASCII when using a random key is approximately $2^{-96}$, making it practically impossible. However, DES has a vulnerability called weak keys, where encrypting a message $M$ with key $K$ and then encrypting it with key $K'$ results in the original message $M$. By exploiting this vulnerability, performing 42 encryptions with keys in the pattern $K, K', K, K', \dots$ will yield the ciphertext that matches the original message, allowing you to obtain printable ASCII. It's worth noting that the original weak keys do not satisfy the condition of having different bytes for each key, but in DES, the least significant bit of each byte is a parity bit, and Python's DES module ignores this bit, allowing you to meet the condition. -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] the-game-of-des/solution/solver.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | 3 | r = remote('localhost', 9001) 4 | 5 | r.sendline(b'42') 6 | 7 | # DES weak key 8 | for i in range(21): 9 | r.sendline(b'1fe01ee10ef10ff0') 10 | r.sendline(b'e01fe11ef10ef00f') 11 | 12 | r.recvuntil(b"enc : ") 13 | print(r.recv().decode()) -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] zero-time-signature/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Zero time signature 2 | 3 | ## Tag 4 | 5 | Hash-based signature 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | A signature for one message entered by the user is given. This signature is a Hash-based signature called `Lamport signature` and is widely known to be a One-Time Signature (secure for one signature only). If you can generate a valid signature for the message `gimme a flag plz^^`, you can obtain the flag. -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] zero-time-signature/dist/prob.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | import hashlib 3 | import os 4 | import signal 5 | 6 | MESSAGE_LEN = 18 7 | SPELL = 'gimme a flag plz^^' 8 | FLAG = open("flag.txt").read() 9 | 10 | def forward(msg, step): 11 | for _ in range(step): 12 | msg = hashlib.sha256(msg).digest() 13 | return msg 14 | 15 | def keygen(): 16 | priv = [[] for _ in range(MESSAGE_LEN + 1)] 17 | for i in range(MESSAGE_LEN): 18 | priv[i].append((os.urandom(32))) 19 | for j in range(256): 20 | priv[i].append(hashlib.sha256(priv[i][-1]).digest()) 21 | 22 | priv[MESSAGE_LEN].append((os.urandom(32))) 23 | for j in range(256 * MESSAGE_LEN): 24 | priv[MESSAGE_LEN].append(hashlib.sha256(priv[MESSAGE_LEN][-1]).digest()) 25 | 26 | pub = [L[-1] for L in priv] 27 | priv[MESSAGE_LEN].reverse() 28 | return priv, pub 29 | 30 | def sign(msg, priv): 31 | assert(len(msg) == MESSAGE_LEN) 32 | assert(len(priv) == MESSAGE_LEN+1) 33 | tot = 0 34 | sig = [] 35 | for i, c in enumerate(msg): 36 | sig.append(priv[i][256 - ord(c)]) 37 | tot += ord(c) 38 | sig.append(priv[MESSAGE_LEN][256 * MESSAGE_LEN - tot]) 39 | return sig 40 | 41 | def verify(msg, signature, pub): 42 | assert(len(msg) == MESSAGE_LEN) 43 | assert(len(signature) == MESSAGE_LEN+1) 44 | assert(len(pub) == MESSAGE_LEN+1) 45 | tot = 0 46 | for i, c in enumerate(msg): 47 | if forward(signature[i], ord(c)) != pub[i]: 48 | return False 49 | tot += ord(c) 50 | return forward(signature[MESSAGE_LEN], 256 * MESSAGE_LEN - tot) == pub[MESSAGE_LEN] 51 | 52 | priv, pub = keygen() 53 | for i, c in enumerate(pub): 54 | print(f"pub[{i}] = {pub[i].hex()}") 55 | 56 | print("You can sign for the ONLY ONE message") 57 | msg = input("message > ") 58 | 59 | if len(msg) != MESSAGE_LEN or msg == SPELL: 60 | print("no...") 61 | exit(-1) 62 | 63 | sig1 = sign(msg, priv) 64 | for i, c in enumerate(sig1): 65 | print(f"sig1[{i}] = {sig1[i].hex()}") 66 | 67 | print("Can you forge a signature for the magical message 'gimme a flag plz^^'?") 68 | 69 | sig2 = [] 70 | for i in range(MESSAGE_LEN+1): 71 | tmp = input(f"sig2[{i}] (in hex) > ") 72 | sig2.append(bytes.fromhex(tmp)) 73 | 74 | if verify(SPELL, sig2, pub): 75 | print("Good job!", FLAG) 76 | else: 77 | print("no...") 78 | exit(-1) -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] zero-time-signature/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Zero time signature 2 | 3 | ## Solution 4 | 5 | Users must send a value greater than the respective value for each byte of SPELL to determine the correct `signature[0..17]` for SPELL. However, in doing so, it seems impossible to know the correct value for the `signature[18]`, which is generated by adding up the entire ASCII code values. 6 | 7 | As long as the user inputs only printable ASCII, it is impossible to forge the signature. However, Python's `ord` function can return values greater than 255, and since negative indices can be used in arrays, you can cleverly use `ord(256)`, `ord(512)`, and similar values to forge the signature. -------------------------------------------------------------------------------- /2022/WACON Quals/[crypto] zero-time-signature/solution/solver.py: -------------------------------------------------------------------------------- 1 | import hashlib 2 | import os 3 | 4 | from pwn import * 5 | 6 | def forward(msg, step): 7 | for _ in range(step): 8 | msg = hashlib.sha256(msg).digest() 9 | return msg 10 | 11 | MESSAGE_LEN = 18 12 | SPELL = 'gimme a flag plz^^' 13 | FLAG = 'flag{afsdfadfads}' 14 | 15 | r = remote('localhost', 9001) 16 | 17 | pub = [] 18 | for i in range(MESSAGE_LEN+1): 19 | x = r.recvline().split(b'=')[1].strip() 20 | pub.append(bytes.fromhex(x.decode())) 21 | 22 | r.recvuntil('>') 23 | msg = chr(256)*(MESSAGE_LEN-1) + chr(512) 24 | r.sendline(msg) 25 | 26 | sig1 = [] 27 | for i in range(MESSAGE_LEN+1): 28 | x = r.recvline().split(b'=')[1].strip() 29 | sig1.append(bytes.fromhex(x.decode())) 30 | 31 | sig2 = [] 32 | tot = sum(ord(c) for c in SPELL) 33 | for i, c in enumerate(SPELL): 34 | if i != len(SPELL) - 1: 35 | sig2.append(forward(sig1[i], 256 - ord(c))) 36 | else: 37 | sig2.append(forward(sig1[i], 255 - ord(c))) 38 | sig2.append(forward(sig1[MESSAGE_LEN], tot - 255)) 39 | 40 | for i in range(MESSAGE_LEN+1): 41 | r.recvuntil('>') 42 | r.sendline(sig2[i].hex()) 43 | 44 | r.interactive() -------------------------------------------------------------------------------- /2022/WACON Quals/[misc] hashashashashash/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Zero time signature 2 | 3 | ## Tag 4 | 5 | Bitcoin Proof-of-Work 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | Create a `seed` with a random string, and then change the `seed` into the hash value of a string chosen by the user, which itself contains the `seed`. Repeat this process until a user has 12 leading zeros, then flag is obtained. If you have fewer than 12 leading zeros, we use a "partial scoring" approach. Check the code for more details. -------------------------------------------------------------------------------- /2022/WACON Quals/[misc] hashashashashash/dist/prob.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | import hashlib 3 | import signal 4 | import string 5 | 6 | def leading_zero(s): 7 | cnt = 0 8 | while cnt < len(s) and s[cnt] == '0': 9 | cnt += 1 10 | return cnt 11 | 12 | def is_strong_phrase(s): 13 | if len(s) < 16: return False 14 | if len(set(string.ascii_lowercase) & set(s)) < 3: return False 15 | if len(set(string.ascii_uppercase) & set(s)) < 3: return False 16 | if len(set(string.digits) & set(s)) < 3: return False 17 | if len(set(string.punctuation) & set(s)) < 3: return False 18 | for i in range(len(s)): 19 | if abs(ord(s[i]) - ord(s[i-1])) < 5: 20 | return False 21 | return True 22 | 23 | signal.alarm(60) 24 | 25 | FLAG = open("flag.txt", 'rb').read() 26 | SALT = '1q2w3e4r!' 27 | target = 16**12 28 | 29 | phrase = input("Select a STRONG phrase(Don't think too much! I just don't want you struggle with a connection lost) > ") 30 | if not is_strong_phrase(phrase): 31 | print("bye..") 32 | exit(-1) 33 | 34 | seed = hashlib.sha256((phrase + SALT).encode()).digest() 35 | print(f"seed = {seed.hex()}") 36 | 37 | while target >= 0: 38 | dat = bytes.fromhex(input("data > ")) 39 | if seed[:16] not in dat: 40 | print("bye..") 41 | exit(-1) 42 | seed = hashlib.sha256(dat).digest() 43 | rev = input("reverse?(y/n) > ") 44 | if rev == 'y': 45 | seed = seed[::-1] 46 | print(f"seed = {seed.hex()}") 47 | target -= 16**leading_zero(seed.hex()) 48 | print(FLAG) 49 | exit(0) -------------------------------------------------------------------------------- /2022/WACON Quals/[misc] hashashashashash/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Zero time signature 2 | 3 | ## Solution 4 | 5 | The intended solution is to use a bitcoin mining process. If you submit a transaction contains `SEED`, then it will be placed on the block. After following the structure, you can reach the block header, which has sufficient leading zeroes. Bitcoin testnet is enough. -------------------------------------------------------------------------------- /2022/WACON Quals/[misc] hashashashashash/solution/original.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Quals/[misc] hashashashashash/solution/original.png -------------------------------------------------------------------------------- /2022/WACON Quals/[misc] hashashashashash/solution/solver.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import hashlib, json 3 | from pwn import * 4 | 5 | def get_block_raw(hash): 6 | url = f'https://blockstream.info/testnet/api/block/{hash}/raw' 7 | resp = requests.get(url) 8 | return resp.content 9 | 10 | def get_block_header(hash): 11 | url = f'https://blockstream.info/testnet/api/block/{hash}/header' 12 | resp = requests.get(url) 13 | return resp.text 14 | 15 | def get_transaction_raw(txid): 16 | url = f'https://blockstream.info/testnet/api/tx/{txid}/hex' 17 | resp = requests.get(url) 18 | return bytes.fromhex(resp.text) 19 | 20 | def get_transaction_info(txid): 21 | url = f'https://blockstream.info/testnet/api/tx/{txid}' 22 | resp = requests.get(url) 23 | return json.loads(resp.text) 24 | 25 | def get_merkle_proof(txid): 26 | url = f'https://blockstream.info/testnet/api/tx/{txid}/merkle-proof' 27 | resp = requests.get(url) 28 | return json.loads(resp.text) 29 | 30 | def sha256(x): 31 | return hashlib.sha256(x).digest() 32 | 33 | def sha256_double(x): 34 | return sha256(sha256(x)) 35 | 36 | # Eliminate [marker], [flag], and [witness] 37 | # https://bitcoin.stackexchange.com/questions/77699/whats-the-difference-between-txid-and-hash-getrawtransaction-bitcoind 38 | def txid_processed_data(x, witness): 39 | dat = b'' 40 | dat = x[:4] + x[6:] 41 | idx = dat.find(witness) 42 | dat = dat[:idx-2] + dat[-4:] 43 | return dat 44 | 45 | def interact(r, dat, rev): 46 | r.recvuntil(b'data > ') 47 | r.sendline(dat) 48 | r.recvuntil(b'reverse?(y/n) > ') 49 | r.sendline(rev) 50 | r.recvuntil(b'seed = ') 51 | seed = r.recvline().strip().decode() 52 | return seed 53 | 54 | def solve(txid): 55 | # 1. Transaction 56 | x = get_transaction_raw(txid) 57 | info_json = get_transaction_info(txid) 58 | witness = bytes.fromhex(info_json['vin'][0]['witness'][0]) 59 | dat = txid_processed_data(x, witness) 60 | #assert(sha256_double(dat)[::-1] == bytes.fromhex(txid)) 61 | seed = interact(r, dat.hex().encode(), b'n') 62 | seed = interact(r, seed.encode(), b'n') 63 | 64 | # 2. Merkle tree 65 | merkle_json = get_merkle_proof(txid) 66 | merkle_list = merkle_json['merkle'] 67 | merkle_pos = merkle_json['pos'] 68 | for i in range(len(merkle_list)): 69 | if merkle_pos % 2 == 0: 70 | seed = seed + bytes.fromhex(merkle_list[i])[::-1].hex() 71 | else: 72 | seed = bytes.fromhex(merkle_list[i])[::-1].hex() + seed 73 | seed = interact(r, seed.encode(), b'n') 74 | seed = interact(r, seed.encode(), b'n') 75 | merkle_pos //= 2 76 | 77 | # 3. Block header 78 | block_header = get_block_header(info_json['status']['block_hash']) 79 | seed = interact(r, block_header, b'n') 80 | seed = interact(r, seed.encode(), b'y') 81 | print("seed is ", seed) 82 | r.interactive() 83 | 84 | 85 | r = remote('localhost', 9001) 86 | r.sendline(b'_0BaAaAaAaRk1nGd09{^o^}*') # phrase = _0BaAaAaAaRk1nGd09{^o^}* 87 | r.recvuntil(b'seed = ') 88 | seed = r.recvline().strip() 89 | print("seed", seed) 90 | # 1. Convert seed to Bech32 address 91 | # 2. Receive a testnet coin to bech32 address using https://bitcoinfaucet.uo1.net/send.php (or anything else) 92 | # 3. Find a txid which includes seed 93 | # 4. Wait until transaction is included in any block 94 | #txid = input().strip() 95 | txid = '03ba86055ee9a2f17fae859f958b743bf8cc65b3cc62c0c4d00c3cf05b30f14e' 96 | solve(txid) 97 | 98 | ''' 99 | EXAMPLE 100 | seed : d6cdeccac8d25fca16c0d6bf74de5583 101 | transaction : 03ba86055ee9a2f17fae859f958b743bf8cc65b3cc62c0c4d00c3cf05b30f14e 102 | ''' -------------------------------------------------------------------------------- /2022/WACON Quals/[reversing] type-confusion/README.md: -------------------------------------------------------------------------------- 1 | # [reversing] Type confusion 2 | 3 | ## Tag 4 | 5 | IEEE-754 format 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | For a 64-bit integer a, you need to find a value that satisfies both `a != 0` and `a = *(double *)&a`. -------------------------------------------------------------------------------- /2022/WACON Quals/[reversing] type-confusion/dist/prob: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2022/WACON Quals/[reversing] type-confusion/dist/prob -------------------------------------------------------------------------------- /2022/WACON Quals/[reversing] type-confusion/solution/README.md: -------------------------------------------------------------------------------- 1 | # [reversing] Type confusion 2 | 3 | ## Solution 4 | 5 | Let's refer to the IEEE-754 format. For a 64-bit integer, with the most significant bit set to 0 and the next 11 bits as $x$, and the lower 52 bits as $y$, the integer representation can be expressed as $v1 = x \times (2^{52}) + y$, while the floating-point representation can be expressed as $v2 = ((2^{52} + y) \times 2^{-52}) \times 2^{x - 1023}$. 6 | 7 | When comparing these two values, considering that there may be a loss of up to 12 bits in the integer representation, you need to find values for $x$ and $y that differ by $2^{12}$ or less. As $x$ increases, the rate of increase of $v2 becomes very steep. Therefore, the point where $v1 and $v2$ meet is at $x = 1085, and at this point, $y = 268543086285044$. 8 | 9 | Here is the code to determine this: 10 | 11 | ```py 12 | import math 13 | 14 | for x in range(1075, 2000): 15 | a = 2**52 * x - 2**(x-1023) 16 | b = 2 ** (x-1075) - 1 17 | if b==0: continue 18 | y = a/b 19 | if y < 1 or y > 2**52: continue 20 | print(x,y,math.log2(y),a%b) 21 | print((x<<52) + int(y)) 22 | ``` -------------------------------------------------------------------------------- /2022/WACON Quals/[reversing] type-confusion/solution/program.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | using namespace std; 5 | 6 | unsigned long long a; 7 | 8 | string readflag(){ 9 | ifstream readfile; 10 | readfile.open("flag.txt"); 11 | string flag; 12 | getline(readfile, flag); 13 | readfile.close(); 14 | return flag; 15 | } 16 | 17 | bool sanity_check1(){ 18 | cout << 42 / a << '\n'; // avoid a = 0 19 | return true; 20 | } 21 | 22 | double type_conversion(unsigned long long a){ 23 | return *(double *)&a; 24 | } 25 | 26 | bool sanity_check2(){ 27 | return a == type_conversion(a); 28 | } 29 | 30 | int main(){ 31 | string flag = readflag(); 32 | cin >> a; 33 | if(!sanity_check1()) 34 | return -1; 35 | if(!sanity_check2()) 36 | return -1; 37 | cout << flag << '\n'; 38 | } -------------------------------------------------------------------------------- /2022/WACON Quals/[reversing] type-confusion/solution/solver.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | 3 | r = remote('localhost', 9001) 4 | 5 | r.sendline(b'4886674138783273204') 6 | r.recvuntil(b"0\n") 7 | print(r.recv()) 8 | -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] NZK-SIARK 2 | 3 | ## Tag 4 | 5 | AES, ZK-SNARK 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | The challenge asks us to find the KEY which satisfies `AES_K(P) = C`. `P, C` are randomly chosen. Unlike normal AES, the verifier(=server) does not directly compute the inverse. Inverse is given by prover(=user) and the verifier only verifies by checking `x * (x * xinv - GF(1)) == GF(0)`. -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/dist/GF.py: -------------------------------------------------------------------------------- 1 | class GF: # Polynomial = x^8 + x^4 + x^3 + x^1 + x^0 2 | def __init__(self, val): 3 | self.val = val 4 | 5 | def __add__(self, other): 6 | return GF(self.val ^ other.val) 7 | 8 | def __sub__(self, other): 9 | return GF(self.val ^ other.val) 10 | 11 | def __mul__(self, other): 12 | a = self.val 13 | b = other.val 14 | ret = 0 15 | for i in range(8): 16 | if (b & 1): 17 | ret ^= a 18 | a = (a << 1) 19 | if a & 0x100: 20 | a = (a & 0xff) ^ 0x1B 21 | b >>= 1 22 | return GF(ret) 23 | 24 | def lrotate(self, other): 25 | return GF(((self.val << other) & 0xff) | (self.val >> (8-other))) 26 | 27 | def __rshift__(self, other): 28 | return GF((self.val >> other) & 0xff) 29 | 30 | def __eq__(self, other): 31 | return self.val == other.val 32 | 33 | def __str__(self): 34 | return hex(self.val)[2:].zfill(2) 35 | 36 | def __int__(self): 37 | return self.val 38 | 39 | -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/dist/constants.py: -------------------------------------------------------------------------------- 1 | Rcon = ( 2 | 0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 3 | 0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, 4 | 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, 5 | 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, 6 | ) 7 | 8 | -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/dist/prob.py: -------------------------------------------------------------------------------- 1 | from GF import GF 2 | from constants import Rcon 3 | import os 4 | 5 | def get_sbox_and_verify(x): 6 | xinv = int(input(f"inv({x}) > "), 16) 7 | assert 0 <= xinv < 256 8 | xinv = GF(xinv) 9 | assert x * (x * xinv - GF(1)) == GF(0) 10 | return xinv + xinv.lrotate(1) + xinv.lrotate(2) + xinv.lrotate(3) + xinv.lrotate(4) + GF(99) 11 | 12 | def key_schedule(round_keys, KEY): 13 | for i in range(4): 14 | for j in range(4): 15 | round_keys[i][j].val = KEY[i + 4*j] 16 | 17 | for i in range(4, 4*ROUNDS+4): 18 | if i % 4 == 0: 19 | round_keys[0][i] = round_keys[0][i-4] \ 20 | + get_sbox_and_verify(round_keys[1][i-1]) \ 21 | + GF(Rcon[i // 4]) 22 | 23 | for j in range(1, 4): 24 | round_keys[j][i] = round_keys[j][i-4] \ 25 | + get_sbox_and_verify(round_keys[(j+1)%4][i-1]) 26 | 27 | else: 28 | for j in range(4): 29 | round_keys[j][i] = round_keys[j][i-4] + round_keys[j][i-1] 30 | 31 | def add_round_key(state, round_key): 32 | for i in range(4): 33 | for j in range(4): 34 | state[i][j] = state[i][j] + round_key[i][j] 35 | 36 | def sub_bytes(state): 37 | for i in range(4): 38 | for j in range(4): 39 | state[i][j] = get_sbox_and_verify(state[i][j]) 40 | 41 | def shift_rows(state): 42 | state[1][0], state[1][1], state[1][2], state[1][3] = state[1][1], state[1][2], state[1][3], state[1][0] 43 | state[2][0], state[2][1], state[2][2], state[2][3] = state[2][2], state[2][3], state[2][0], state[2][1] 44 | state[3][0], state[3][1], state[3][2], state[3][3] = state[3][3], state[3][0], state[3][1], state[3][2] 45 | 46 | 47 | def mix_columns(state): 48 | mat = [[GF(2), GF(3), GF(1), GF(1)], 49 | [GF(1), GF(2), GF(3), GF(1)], 50 | [GF(1), GF(1), GF(2), GF(3)], 51 | [GF(3), GF(1), GF(1), GF(2)]] 52 | tmp = [GF(0) for _ in range(4)] 53 | for j in range(4): 54 | for i in range(4): 55 | tmp[i] = mat[i][0] * state[0][j] + mat[i][1] * state[1][j] + mat[i][2] * state[2][j] + mat[i][3] * state[3][j] 56 | for i in range(4): 57 | state[i][j] = tmp[i] 58 | 59 | BLOCK_SIZE = 16 60 | 61 | PLAINTEXT = os.urandom(BLOCK_SIZE) 62 | CIPHERTEXT = os.urandom(BLOCK_SIZE) 63 | 64 | ROUNDS = 10 65 | round_keys = [[GF(0) for i in range(4 * (ROUNDS + 1))] for j in range(4)] 66 | 67 | print(f"Your goal is to find KEY K which satisfies AES_K({PLAINTEXT.hex()}) = {CIPHERTEXT.hex()}") 68 | 69 | try: 70 | KEY = bytes.fromhex(input("KEY > ")) 71 | assert len(KEY) == BLOCK_SIZE 72 | except: 73 | print("[-] Invalid Key") 74 | exit(-1) 75 | 76 | print("### Key schedule ###") 77 | key_schedule(round_keys, KEY) 78 | 79 | print("### Encryption ###") 80 | state = [[GF(0) for i in range(4)] for j in range(4)] 81 | 82 | ''' 83 | P[0] P[4] P[8] P[12] 84 | P[1] P[5] P[9] P[13] 85 | P[2] P[6] P[10] P[14] 86 | P[3] P[7] P[11] P[15] 87 | ''' 88 | for i in range(4): 89 | for j in range(4): 90 | state[i][j].val = PLAINTEXT[i + 4*j] 91 | 92 | add_round_key(state, [[round_keys[z][j] for j in range(4)] for z in range(4)] ) 93 | 94 | for i in range(ROUNDS - 1): 95 | sub_bytes(state) 96 | shift_rows(state) 97 | mix_columns(state) 98 | add_round_key(state, [[round_keys[z][j] for j in range(4*i+4, 4*i+8)] for z in range(4)]) 99 | 100 | sub_bytes(state) 101 | shift_rows(state) 102 | add_round_key(state, [[round_keys[z][j] for j in range(4*ROUNDS, 4*ROUNDS+4)] for z in range(4)]) 103 | 104 | out = '' 105 | 106 | for i in range(4): 107 | for j in range(4): 108 | out += hex(state[j][i].val)[2:].zfill(2) 109 | 110 | if out == CIPHERTEXT.hex(): 111 | print("Good job!", open("flag", 'r').read()) 112 | 113 | else: 114 | print(f"{out} != {CIPHERTEXT.hex()} :(") -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/solution/GF.py: -------------------------------------------------------------------------------- 1 | class GF: # Polynomial = x^8 + x^4 + x^3 + x^1 + x^0 2 | def __init__(self, val): 3 | self.val = val 4 | 5 | def __add__(self, other): 6 | return GF(self.val ^ other.val) 7 | 8 | def __sub__(self, other): 9 | return GF(self.val ^ other.val) 10 | 11 | def __mul__(self, other): 12 | a = self.val 13 | b = other.val 14 | ret = 0 15 | for i in range(8): 16 | if (b & 1): 17 | ret ^= a 18 | a = (a << 1) 19 | if a & 0x100: 20 | a = (a & 0xff) ^ 0x1B 21 | b >>= 1 22 | return GF(ret) 23 | 24 | def lrotate(self, other): 25 | return GF(((self.val << other) & 0xff) | (self.val >> (8-other))) 26 | 27 | def __rshift__(self, other): 28 | return GF((self.val >> other) & 0xff) 29 | 30 | def __eq__(self, other): 31 | return self.val == other.val 32 | 33 | def __str__(self): 34 | return hex(self.val)[2:].zfill(2) 35 | 36 | def __int__(self): 37 | return self.val 38 | 39 | -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] NZK-SIARK 2 | 3 | ## Solution 4 | 5 | The goal of this problem is to manipulate results when the computation of the S-box during AES is delegated to a prover. 6 | 7 | The verification for the inverse xinv of x is `x * (x * xinv - GF(1)) == GF(0)', but the problem is that `x = 0, xinv = arbitrary` passes the verification. 8 | 9 | Therefore, an attacker can simply leave `KEY = PLAINTEXT`, keygen normally, and then match the outputs of the S-boxes so that the inputs of the S-box layer are all zero each time. The output of the last S-box can be matched so that its output is `CIPHERTEXT`. -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/solution/constants.py: -------------------------------------------------------------------------------- 1 | Rcon = ( 2 | 0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 3 | 0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, 4 | 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, 5 | 0xD4, 0xB3, 0x7D, 0xFA, 0xEF, 0xC5, 0x91, 0x39, 6 | ) 7 | 8 | Sbox = ( 9 | 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 10 | 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 11 | 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 12 | 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 13 | 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 14 | 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 15 | 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 16 | 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 17 | 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 18 | 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 19 | 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 20 | 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 21 | 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 22 | 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 23 | 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 24 | 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16, 25 | ) -------------------------------------------------------------------------------- /2023/CCE Quals/[crypto] NZK-SIARK/solution/writeup.md: -------------------------------------------------------------------------------- 1 | # 개요 2 | 3 | AES 중 S-box의 계산을 prover에게 위임한 환경에서 결과를 조작하는 문제 4 | 5 | # 풀이 6 | 7 | x의 Inverse xinv에 대한 검증을 `x * (x * xinv - GF(1)) == GF(0)` 으로 하는데, 이 경우 `x = 0, xinv = arbitrary`가 검증을 통과한다는 문제가 있다. 8 | 9 | 그렇기 때문에 공격자는 일단 `KEY = PLAINTEXT`으로 두고 keygen을 정상적으로 한 후, 매번 Sbox layer의 input이 all zero가 되게끔 S-box의 출력을 적절하게 맞추면 된다. 제일 마지막 S-box의 출력은 output이 `CIPHERTEXT`가 되게끔 잘 끼워맞추면 된다. 10 | 11 | # 문제 세팅 방법 12 | 13 | 플래그 모듈 빌드 && 도커 업 : `make` 14 | 15 | 도커 업 : `make start` 16 | 17 | # 출제지문 18 | 19 | Not Zero-Knowledge Succint Interactive Argument of Knowledge 20 | 21 | Not Zero-Knowledge : This system is "not" zero-knowledge. 22 | Succint : The verifier does not directly compute the inverse; it only verifies it. 23 | Interactive : The prover and verifier should interact. 24 | Argument of Knowledge : A malicious prover cannot cheat. -------------------------------------------------------------------------------- /2023/Codegate Finals/[crypto] tiny-encryption/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Tiny Encryption 2 | 3 | ## Tag 4 | 5 | LowMC variants, Difference enumeration attack, eprint 2018/859(Cryptanalysis of Low-Data Instances of Full LowMCv2) 6 | 7 | ## Difficulty 8 | 9 | Hard 10 | 11 | ## Scenario 12 | 13 | Cryptosystem is a LowMC variants. S-box is very simple(`cipher[0] += cipher[1] * cipher[2]`), but the round number is 128. Attack setting is Chosen plaintext attack setting but only 4 plaintext-ciphertext pairs are given. 14 | 15 | Flag is given even a single key bit leak is succeed. -------------------------------------------------------------------------------- /2023/Codegate Finals/[crypto] tiny-encryption/dist/constant_generator.sage: -------------------------------------------------------------------------------- 1 | import random 2 | 3 | def get_invertible_matrix(n): 4 | while True: 5 | mat = matrix(GF(2), n, n) 6 | for i in range(n): 7 | for j in range(n): 8 | mat[i,j] = random.randint(0,1) 9 | if mat.is_invertible(): 10 | return mat 11 | 12 | def get_random_vector(n): 13 | vec = vector(GF(2), n) 14 | for i in range(n): 15 | vec[i] = random.randint(0,1) 16 | return vec 17 | 18 | N = 256 19 | ROUNDS = 128 20 | random.seed("BTS Bongjunho Sonheungmin Cogechan Let's go!!") 21 | matrices = [get_invertible_matrix(N) for _ in range(ROUNDS)] 22 | vectors = [get_random_vector(N) for _ in range(ROUNDS)] 23 | 24 | f = open("constants.txt", "w") 25 | 26 | for r in range(ROUNDS): 27 | for i in range(N): 28 | for j in range(N): 29 | f.write(str(matrices[r][i][j])) 30 | f.write("\n") 31 | 32 | for i in range(N): 33 | f.write(str(vectors[r][i])) 34 | f.write("\n") 35 | 36 | f.close() -------------------------------------------------------------------------------- /2023/Codegate Finals/[crypto] tiny-encryption/dist/prob.sage: -------------------------------------------------------------------------------- 1 | #!/usr/bin/sage 2 | import os 3 | 4 | load('tiny-encryption.sage') 5 | 6 | MAGIC_NUMBER = 256 7 | N = 256 8 | 9 | def bytes_to_vector(b): 10 | vec = vector(GF(2), N) 11 | assert len(b) == N // 8 12 | for i in range(len(b)): 13 | tmp = b[i] 14 | for j in range(8): 15 | vec[8*i+7-j] = tmp & 1 16 | tmp >>= 1 17 | return vec 18 | 19 | def vector_to_bytes(vec): 20 | assert len(vec) == N 21 | b = bytearray(N // 8) 22 | for i in range(len(b)): 23 | for j in range(8): 24 | b[i] = (b[i] << 1) | int(vec[8*i + j]) 25 | return b 26 | 27 | success = 0 28 | while success < MAGIC_NUMBER: 29 | print(f"!!! {success}/{MAGIC_NUMBER} !!!") 30 | key_b = os.urandom(N // 8) 31 | key = bytes_to_vector(key_b) 32 | for i in range(4): 33 | plain_b = bytes.fromhex(input("plaintext > ")) 34 | assert len(plain_b) == N // 8, "Invalid plaintext length" 35 | plain = bytes_to_vector(plain_b) 36 | cipher = encrypt(plain, key) 37 | cipher_b = vector_to_bytes(cipher) 38 | print(f"ciphertext > {cipher_b.hex()}") 39 | 40 | while True: 41 | idx = int(input("Guess any bits. Key index? > ")) 42 | if not 0 <= idx < N: 43 | break 44 | guess = input(f"key[{idx}]? > ") 45 | if int(guess) == key[idx]: 46 | print("Correct!") 47 | success += 1 48 | else: 49 | exit(-1) 50 | 51 | print("Good job!") 52 | print(open("flag.txt").read()) -------------------------------------------------------------------------------- /2023/Codegate Finals/[crypto] tiny-encryption/dist/tiny-encryption.sage: -------------------------------------------------------------------------------- 1 | N = 256 2 | ROUNDS = 128 3 | 4 | matrices = [matrix(GF(2), N, N) for _ in range(ROUNDS)] 5 | vectors = [vector(GF(2), N) for _ in range(ROUNDS)] 6 | 7 | def load_constants(): 8 | f = open("constants.txt", "r") 9 | for r in range(ROUNDS): 10 | for i in range(N): 11 | row = f.readline() 12 | for j in range(N): 13 | matrices[r][i,j] = int(row[j]) 14 | 15 | row = f.readline() 16 | for i in range(N): 17 | vectors[r][i] = int(row[i]) 18 | 19 | load_constants() 20 | 21 | def encrypt(plain, key): 22 | cipher = plain[:] 23 | for r in range(ROUNDS): 24 | # S-BOX layer 25 | cipher[0] += cipher[1] * cipher[2] 26 | # Key addition 27 | cipher += key 28 | # Linear layer 29 | cipher = matrices[r] * cipher + vectors[r] 30 | return cipher -------------------------------------------------------------------------------- /2023/Codegate Finals/[crypto] tiny-encryption/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Tiny Encryption 2 | 3 | ## Solution 4 | 5 | Inspired by LowMC's Difference Enumeration Technique. You can set the inputs appropriately so that the same input goes into the S-box for all but the last round. See the paper for more details. -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] anti-kerckhoffs/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] anti Kerckhoffs 2 | 3 | ## Tag 4 | 5 | SAS construction, Hidden S-box, DOI 10.1007/3-540-44987-6_24(Structural Cryptanalysis of SASAS) 6 | 7 | ## Difficulty 8 | 9 | Hard 10 | 11 | ## Scenario 12 | 13 | Field is `GF(17)` and plaintext size is $20$. Calculation has three layers: 14 | 15 | 1. SboxLayer1 - $S_1(x) = a_1x^2 + b_1x + c_1$ for some hidden $a_1,b_1,c_1$. 16 | 2. LinearLayer - Multiplying with hidden matrix $M$. 17 | 3. SboxLayer2 - $S_1(x) = a_2x^2 + b_2x + c_2$ for some hidden $a_2,b_2,c_2$. 18 | 19 | `TARGET` is given and the goal is finding input `I` such that `calc(I) = TARGET`. A user can query at most `77777` times. When the user provides the input `x`, server does not replies the actual value of the output. It only replies whether each element in the output matches each element in the `TARGET`. -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] anti-kerckhoffs/dist/prob.py: -------------------------------------------------------------------------------- 1 | import math 2 | import os 3 | import hashlib 4 | import signal 5 | import secrets 6 | 7 | QUERY_LIMIT = 77777 8 | MOD = 17 9 | m = 20 10 | 11 | def quadratic_eval(coeffs, x): 12 | return (coeffs[2] * x ** 2 + coeffs[1] * x + coeffs[0]) % MOD 13 | 14 | def get_random_quadratic(): 15 | c2 = secrets.randbelow(MOD - 1) + 1 16 | c1 = secrets.randbelow(MOD) 17 | c0 = secrets.randbelow(MOD) 18 | return [c0, c1, c2] 19 | 20 | def calc(Inputs): 21 | Outputs = [quadratic_eval(SboxLayer1[i], Inputs[i]) for i in range(m)] 22 | Outputs = [sum(LinearLayer[i][j] * Outputs[j] for j in range(m)) for i in range(m)] 23 | Outputs = [quadratic_eval(SboxLayer2[i], Outputs[i]) for i in range(m)] 24 | return Outputs 25 | 26 | def print_list(L, prefix = ''): 27 | print(prefix, end='') 28 | for x in L: 29 | print(x, end = ' ') 30 | print() 31 | 32 | def compare(L1, L2): 33 | ret = 0 34 | for i in range(m): 35 | if L1[i] == L2[i]: 36 | ret += 2 ** i 37 | return ret 38 | 39 | def list_to_int(L): 40 | assert len(L) == m, "Invalid list format" 41 | assert all(0 <= x < MOD for x in L), "Invalid list format" 42 | ret = 0 43 | for i in range(m): 44 | ret += L[i] * MOD ** i 45 | return ret 46 | 47 | def int_to_list(x): 48 | assert 0 <= x < MOD ** m, "Invalid int format" 49 | L = [0] * m 50 | for i in range(m): 51 | L[i] = x % MOD 52 | x //= MOD 53 | return L 54 | 55 | SboxLayer1 = [get_random_quadratic() for _ in range(m)] 56 | LinearLayer = [[secrets.randbelow(MOD-1) + 1 for _ in range(m)] for _ in range(m)] 57 | SboxLayer2 = [get_random_quadratic() for _ in range(m)] 58 | 59 | HIDDEN = [secrets.randbelow(MOD) for _ in range(m)] 60 | TARGET = calc(HIDDEN) 61 | 62 | print(f"TARGET = {list_to_int(TARGET)}") 63 | 64 | query_count = 0 65 | 66 | win = False 67 | 68 | while not win: 69 | Inputs = list(map(int, input("Inputs > ").split())) 70 | query_count += len(Inputs) 71 | if query_count > QUERY_LIMIT: 72 | print("bye..") 73 | exit(-1) 74 | Outputs = [] 75 | 76 | for I in Inputs: 77 | O = calc(int_to_list(I)) 78 | if TARGET == O: 79 | win = True 80 | Outputs.append(compare(TARGET, O)) 81 | print_list(Outputs, "Outputs = ") 82 | 83 | print("Good job!", open("flag", 'r').read()) 84 | 85 | 86 | 87 | -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] anti-kerckhoffs/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] anti Kerckhoffs 2 | 3 | ## Solution 4 | 5 | Note that the quadratic of the first Sbox layer does not need to be exact. For example, if an S-box is `ax^2 + bx + c`, we can find `t * (ax^2 + bx + c)` and multiply each element in the middle Affine layer by `t^(-1)`, which will give us the same output. 6 | 7 | So for the first S-box layer, we just need to find something that satisfies `(x-t[i])^2`, which we can do by finding collision pairs in each S-box. 8 | 9 | For the next affine layer, we can use a similar idea and consider `A[i][0] = 1`. For `A[i][j]`, we can use a fact that if the $i$-th elements of the output is differ, then the inputs of the $i$-th Sbox in `SboxLayer2`. This removes 1 impossible candidates of `A[i][j]`. 10 | 11 | In the end, the last Sbox layer doesn't need to be recovered and we get a candidate input for the last Sbox layer that matches the target, which we can handle appropriately. -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] secure-prime-generator/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] secure Prime Generator 2 | 3 | ## Tag 4 | 5 | RSA, MPC, Malicious model, eprint 2020/370(Multiparty generation of an RSA Modulus) 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | A user interacts with server, and generates RSA modulus together. In a semi-honest model, this protocol is safe but.. -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] secure-prime-generator/dist/client_example.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from hashlib import sha256 3 | from pwn import * 4 | from itertools import product 5 | import random 6 | 7 | def get_additive_shares(x, n, mod): 8 | shares = [0] * n 9 | shares[n-1] = x 10 | for i in range(n-1): 11 | shares[i] = random.randrange(mod) 12 | shares[n-1] = (shares[n-1] - shares[i]) % mod 13 | assert sum(shares) % mod == x 14 | return shares 15 | 16 | BITS = 512 17 | 18 | def POW(): 19 | print("[DEBUG] POW...") 20 | b_postfix = r.recvline().decode().split(' = ')[1][6:].strip() 21 | h = r.recvline().decode().split(' = ')[1].strip() 22 | for brute in product('0123456789abcdef', repeat=6): 23 | b_prefix = ''.join(brute) 24 | b_ = b_prefix + b_postfix 25 | if sha256(bytes.fromhex(b_)).hexdigest() == h: 26 | r.sendlineafter(b' > ', b_prefix.encode()) 27 | return True 28 | 29 | assert 0, "Something went wrong.." 30 | 31 | def generate_shared_modulus(): 32 | print("[DEBUG] generate_shared_modulus...") 33 | p2 = random.randrange(2 ** BITS, 2 ** (BITS+1)) 34 | q2 = random.randrange(2 ** BITS, 2 ** (BITS+1)) 35 | 36 | SMALL_PRIMES = [2, 3, 5, 7, 11, 13] 37 | # Candidates of p1 38 | for prime in SMALL_PRIMES: 39 | remainder_candidates = [] 40 | # c = (-p2 % prime) should not be chosen 41 | while len(remainder_candidates) < (prime+1) // 2: 42 | c = random.randrange(prime) 43 | if c == -p2 % prime or c in remainder_candidates: 44 | continue 45 | remainder_candidates.append(c) 46 | 47 | r.sendlineafter(b' > ', ' '.join(str(c) for c in remainder_candidates).encode()) 48 | 49 | # Candidates of q1 50 | for prime in SMALL_PRIMES: 51 | remainder_candidates = [] 52 | # c = (-q2 % prime) should not be chosen 53 | while len(remainder_candidates) < (prime+1) // 2: 54 | c = random.randrange(prime) 55 | if c == -q2 % prime or c in remainder_candidates: 56 | continue 57 | remainder_candidates.append(c) 58 | 59 | r.sendlineafter(b' > ', ' '.join(str(c) for c in remainder_candidates).encode()) 60 | 61 | p1_enc = int(r.recvline().decode().split(' = ')[1]) 62 | q1_enc = int(r.recvline().decode().split(' = ')[1]) 63 | p2_enc = pow(p2, SERVER_E, SERVER_N) 64 | q2_enc = pow(q2, SERVER_E, SERVER_N) 65 | 66 | X = [] 67 | shares_a = get_additive_shares(1, 4, SERVER_N) 68 | shares_b = get_additive_shares(1, 4, SERVER_N) 69 | shares_c = get_additive_shares(1, 4, SERVER_N) 70 | 71 | # N = p1*q1 + sum(pow(x, SERVER_D, SERVER_N) for x in X) = p1*q1 + p1*q2 + p2*q1 * p2*q2 = (p1+p2)*(q1+q2) 72 | for i in range(4): 73 | X.append(pow(shares_a[i], SERVER_E, SERVER_N) * p1_enc * q2_enc % SERVER_N) 74 | X.append(pow(shares_b[i], SERVER_E, SERVER_N) * p2_enc * q1_enc % SERVER_N) 75 | X.append(pow(shares_c[i], SERVER_E, SERVER_N) * p2_enc * q2_enc % SERVER_N) 76 | random.shuffle(X) 77 | 78 | r.sendlineafter(b' > ', ' '.join(str(x) for x in X).encode()) 79 | 80 | N = int(r.recvline().decode().split(' = ')[1]) 81 | 82 | return p2, q2, N 83 | 84 | # STEP 2 - N_validity_check 85 | def N_validity_check_client(p2, q2, N): 86 | print("[DEBUG] N_validity_check_client...") 87 | for _ in range(20): 88 | b = int(r.recvline().decode().split(' = ')[1]) 89 | client_digest = sha256(long_to_bytes(pow(b, p2+q2, N))).hexdigest() 90 | r.sendlineafter(b' > ', client_digest.encode()) 91 | msg = r.recvline().decode() 92 | if msg != "good!\n": 93 | print(msg) 94 | return -1 95 | 96 | flag_enc = int(r.recvline().decode().split(' = ')[1]) 97 | return flag_enc 98 | 99 | r = process(["python3", "./prob.py"]) 100 | POW() 101 | SERVER_N = int(r.recvline().decode().split(' = ')[1]) 102 | SERVER_E = int(r.recvline().decode().split(' = ')[1]) 103 | p2, q2, N = generate_shared_modulus() 104 | flag_enc = N_validity_check_client(p2, q2, N) 105 | if flag_enc == -1: 106 | exit(-1) 107 | 108 | print(f"{N = }") 109 | print(f"{flag_enc = }") 110 | -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] secure-prime-generator/dist/prob.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from hashlib import sha256 3 | import os 4 | import signal 5 | 6 | BITS = 512 7 | 8 | def POW(): 9 | b = os.urandom(32) 10 | print(f"b = ??????{b.hex()[6:]}") 11 | print(f"SHA256(b) = {sha256(b).hexdigest()}") 12 | prefix = input("prefix > ") 13 | b_ = bytes.fromhex(prefix + b.hex()[6:]) 14 | return sha256(b_).digest() == sha256(b).digest() 15 | 16 | def generate_server_key(): 17 | while True: 18 | p = getPrime(1024) 19 | q = getPrime(1024) 20 | e = 0x10001 21 | if (p-1) % e == 0 or (q-1) % e == 0: 22 | continue 23 | d = pow(e, -1, (p-1)*(q-1)) 24 | n = p*q 25 | return e, d, n 26 | 27 | # Generate N = (p1+p2) * (q1+q2) where p2 and q2 are shares chosen by the client 28 | def generate_shared_modulus(): 29 | SMALL_PRIMES = [2, 3, 5, 7, 11, 13] 30 | print(f"{SERVER_N = }") 31 | print(f"{SERVER_E = }") 32 | 33 | p1_remainder_candidates = {} 34 | q1_remainder_candidates = {} 35 | # We prevent p1+p2 is divided by small primes 36 | # by asking the client for a possible remainders of p1 37 | for prime in SMALL_PRIMES: 38 | remainder_candidates = set(map(int, input(f"Candidates of p1 % {prime} > ").split())) 39 | assert len(remainder_candidates) == (prime+1) // 2, f"[-] wrong candidates for {prime}" 40 | p1_remainder_candidates[prime] = remainder_candidates 41 | 42 | while True: 43 | p1 = bytes_to_long(os.urandom(BITS // 8)) 44 | for prime in SMALL_PRIMES: 45 | if p1 % prime not in p1_remainder_candidates[prime]: 46 | break 47 | else: 48 | break 49 | 50 | # and same goes for q1 51 | for prime in SMALL_PRIMES: 52 | remainder_candidates = set(map(int, input(f"Candidates of q1 % {prime} > ").split())) 53 | assert len(remainder_candidates) == (prime+1) // 2, f"[-] wrong candidates for {prime}" 54 | q1_remainder_candidates[prime] = remainder_candidates 55 | 56 | while True: 57 | q1 = bytes_to_long(os.urandom(BITS // 8)) 58 | 59 | for prime in SMALL_PRIMES: 60 | if q1 % prime not in q1_remainder_candidates[prime]: 61 | break 62 | else: 63 | break 64 | 65 | p1_enc = pow(p1, SERVER_E, SERVER_N) 66 | q1_enc = pow(q1, SERVER_E, SERVER_N) 67 | 68 | print(f"{p1_enc = }") 69 | print(f"{q1_enc = }") 70 | X = list(map(int, input("X > ").split())) 71 | assert len(X) == 12 72 | 73 | N = (p1*q1 + sum(pow(x, SERVER_D, SERVER_N) for x in X)) % SERVER_N 74 | assert N.bit_length() >= 1024, f"[-] too short.., {N.bit_length()}" 75 | 76 | print(f"{N = }") 77 | 78 | return p1, q1, N 79 | 80 | # check whether N is a product of two primes 81 | def N_validity_check(p1, q1, N): 82 | for _ in range(20): 83 | b = bytes_to_long(os.urandom(2 * BITS // 8)) 84 | print(f"{b = }") 85 | client_digest = input("Client digest > ") 86 | server_digest = sha256(long_to_bytes(pow(b, N+1-p1-q1, N))).hexdigest() 87 | if server_digest != client_digest: 88 | print("N is not a product of two primes I guess..") 89 | return False 90 | else: 91 | print("good!") 92 | 93 | return True 94 | 95 | if not POW(): 96 | exit(-1) 97 | 98 | signal.alarm(60) 99 | SERVER_E, SERVER_D, SERVER_N = generate_server_key() 100 | p1, q1, N = generate_shared_modulus() 101 | if not N_validity_check(p1, q1, N): 102 | exit(-1) 103 | 104 | FLAG = open("flag", 'rb').read() 105 | FLAG += b'\x00' + os.urandom(128 - 2 - len(FLAG)) 106 | FLAG_ENC = pow(bytes_to_long(FLAG), 0x10001, N) 107 | 108 | print(f"{FLAG_ENC = }") 109 | 110 | -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] secure-prime-generator/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] secure Prime Generator 2 | 3 | ## Solution 4 | 5 | Originally, $N$ should be determined as $N = (p1 + p2) \times (q1 + q2)$. However an attacker can influence the selection of $N$ to be what they desire, not necessarily $(p1 + p2) \times (q1 + q2)$. 6 | 7 | However, N must pass the `N_validity_check` routine, so the attacker sets $N$ to be a product of $p$'s, where $p-1$ is a divisor of 1801800 then hope that $N-1-p1-q1$ is a multiple of `1801800`. There are conditions for giving the remainder concerning `SMALL_PRIMES`, and by providing the desired remainder and negatives like `(r, -1, -2, -3, ..)`, they can force the remainder to be as required. This increases the probability of $N-1-p1-q1$ being a divisor of `1801800` to `1/60`. As a result, they can recover the flag after roughly 60 attempts. -------------------------------------------------------------------------------- /2023/Codegate Quals/[crypto] secure-prime-generator/solution/solver.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from hashlib import sha256 3 | from pwn import * 4 | from itertools import product 5 | import random 6 | 7 | BITS = 512 8 | 9 | def get_malicious_N(): 10 | base = 2*3*5*7*11*13 * 60 # 1801800 11 | i = 0 12 | N = 1 13 | phi = 1 14 | while i*i <= base: 15 | i += 1 16 | if base % i != 0: 17 | continue 18 | if isPrime(i+1): 19 | N *= i+1 20 | phi *= i 21 | if isPrime(base//i + 1): 22 | N *= (base//i + 1) 23 | phi *= (base//i) 24 | return N, phi 25 | 26 | def get_additive_shares(x, n, mod): 27 | shares = [0] * n 28 | shares[n-1] = x 29 | for i in range(n-1): 30 | shares[i] = random.randrange(mod) 31 | shares[n-1] = (shares[n-1] - shares[i]) % mod 32 | assert sum(shares) % mod == x 33 | return shares 34 | 35 | def POW(): 36 | print("[DEBUG] POW...") 37 | b_postfix = r.recvline().decode().split(' = ')[1][6:].strip() 38 | h = r.recvline().decode().split(' = ')[1].strip() 39 | for brute in product('0123456789abcdef', repeat=6): 40 | b_prefix = ''.join(brute) 41 | b_ = b_prefix + b_postfix 42 | if sha256(bytes.fromhex(b_)).hexdigest() == h: 43 | r.sendlineafter(b' > ', b_prefix.encode()) 44 | return True 45 | 46 | assert 0, "Something went wrong.." 47 | 48 | def generate_shared_modulus(): 49 | SMALL_PRIMES = [2, 3, 5, 7, 11, 13] 50 | # Constraints: N + 1 - p1 - q1 = 0 mod prime 51 | # Candidates of p1. p1 = N+1 mod prime 52 | for prime in SMALL_PRIMES: 53 | remainder_candidates = [(malicious_N+1) % prime] + [-i for i in range(1, (prime+1)//2)] 54 | r.sendlineafter(b' > ', ' '.join(str(c) for c in remainder_candidates).encode()) 55 | 56 | # Candidates of q1. q1 = 0 mod prime 57 | for prime in SMALL_PRIMES: 58 | remainder_candidates = [0] + [-i for i in range(1, (prime+1)//2)] 59 | r.sendlineafter(b' > ', ' '.join(str(c) for c in remainder_candidates).encode()) 60 | 61 | p1_enc = int(r.recvline().decode().split(' = ')[1]) 62 | q1_enc = int(r.recvline().decode().split(' = ')[1]) 63 | 64 | 65 | X = [-p1_enc * q1_enc, pow(malicious_N, SERVER_E, SERVER_N)] + [0] * 10 66 | 67 | r.sendlineafter(b' > ', ' '.join(str(x) for x in X).encode()) 68 | 69 | N = int(r.recvline().decode().split(' = ')[1]) 70 | assert N == malicious_N 71 | 72 | # STEP 2 - N_validity_check 73 | def N_validity_check_client(): 74 | for _ in range(20): 75 | b = int(r.recvline().decode().split(' = ')[1]) 76 | # assume that 1801800 | p1+q1 (with 1/60 probability) 77 | client_digest = sha256(long_to_bytes(pow(b, 1801800, malicious_N))).hexdigest() 78 | r.sendlineafter(b' > ', client_digest.encode()) 79 | msg = r.recvline().decode() 80 | if msg != "good!\n": 81 | print(msg) 82 | return -1 83 | 84 | flag_enc = int(r.recvline().decode().split(' = ')[1]) 85 | return flag_enc 86 | 87 | # malicious_N = 959786094359720393880755527014764297679284755008821449461738878016667441640737889548200382905165934296940972577769636941286395812979837734191509330192492184139324025254327298004205565526064865419849248314429472118817582677251789213073647457952361312265239139158754424189980214703262530643640838565624080643710 88 | malicious_N, malicious_phi = get_malicious_N() 89 | assert malicious_N.bit_length() >= 1024 90 | 91 | print("### About 60 trials are required ###") 92 | cnt = 1 93 | while True: 94 | #r = process(["python3", "./prob.py"]) 95 | r = remote('43.200.47.102', 9001) 96 | print(f"{cnt}-th trial") 97 | POW() 98 | SERVER_N = int(r.recvline().decode().split(' = ')[1]) 99 | SERVER_E = int(r.recvline().decode().split(' = ')[1]) 100 | cnt += 1 101 | generate_shared_modulus() 102 | flag_enc = N_validity_check_client() 103 | if flag_enc == -1: 104 | r.close() 105 | continue 106 | break 107 | 108 | d = pow(0x10001, -1, malicious_phi) 109 | flag = pow(flag_enc, d, malicious_N) 110 | 111 | print(long_to_bytes(flag)) 112 | -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] The Game of DES2 2 | 3 | ## Tag 4 | 5 | DES, Linear cryptanalysis, Ciphertext only attack, DOI 10.1007/3-540-48285-7_33(Linear Cryptanalysis Method for DES Cipher) 6 | 7 | ## Difficulty 8 | 9 | Hard 10 | 11 | ## Scenario 12 | 13 | The goal is to break a reduced-round DES. Plaintext is biased. IP, CP, P, and FP are changed to prevent that obtaining flag without understanding LC so that using the trail provided in the Matsui's paper. 14 | 15 | - Baby : round number = 2, known plaintext attack 16 | - Easy : round number = 5, known plaintext attack 17 | - Hard : round number = 5, Ciphertext only attack -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct0 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct1 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct10: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct10 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct11: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct11 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct12 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct13: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct13 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct14: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct14 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct15: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct15 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct16: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct16 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct17: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct17 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct18: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct18 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct19: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct19 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct2 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct20: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct20 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct21: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct21 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct22: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct22 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct23 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct24: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct24 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct25: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct25 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct26: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct26 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct27: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct27 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct28: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct28 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct29: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct29 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct3 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct30: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct30 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct31: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct31 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct32 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct33: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct33 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct34: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct34 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct35: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct35 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct36: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct36 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct37: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct37 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct38: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct38 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct39: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct39 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct4 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct40: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct40 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct41: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct41 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct42: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct42 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct43: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct43 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct44: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct44 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct45: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct45 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct46: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct46 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct47: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct47 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct48: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct48 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct49: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct49 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct5 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct50: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct50 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct51: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct51 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct52: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct52 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct53: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct53 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct54: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct54 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct55: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct55 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct56: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct56 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct57: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct57 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct58: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct58 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct59: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct59 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct6 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct60: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct60 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct61: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct61 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct62: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct62 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct63: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct63 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct7 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct8 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/ct9 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt0: -------------------------------------------------------------------------------- 1 | 36-8863-68083260-0732509-60-700797644414298431847617703424122746305-631-37282874179-9722034403439894-4420-156-0296--4-0-24169061 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt1: -------------------------------------------------------------------------------- 1 | 611957312-03346233545578426-33545-5474-15194430915822374886-793512080996502981-321-10356-59272530968-768-55376152112059970-14016 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt10: -------------------------------------------------------------------------------- 1 | 972633308-7698287414-485-1870700381-83-3703185130165656119976-7065302-7-9085-536662-931-303006512778868167--473-31224892620-2724 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt11: -------------------------------------------------------------------------------- 1 | 2-89355195479732967-9-13-88989909734869665574751357200984-0162906683575502262999534367463-22779052878310411924280-09058843797008 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt12: -------------------------------------------------------------------------------- 1 | 295-4508739-582-26162-86766815752-10849556640-220040585-726456061655593509127585575-5257-31829-1817-8148781-32187---976878436193 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt13: -------------------------------------------------------------------------------- 1 | 01-021800734682107151113190516-52650550-1576330146-47086-7732-0614884-3885894285866-373212114142411321-004347431799850568538-686 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt14: -------------------------------------------------------------------------------- 1 | -8134822--1615028557176491363997161405482214576758311387455-8-390275-40-47-02848--83434-5-9106056152681-4891857905-892487-455539 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt15: -------------------------------------------------------------------------------- 1 | 65905--00016729204651-814808273887-735114458-1-97111-37243-958950774474311480345-7773352119778501064282389055410-523086588665905 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt16: -------------------------------------------------------------------------------- 1 | 842636562268510621589147-5092529792-249652102579-590-39-49317729652689-70200819935285835044713812618358998500278972386505-132-94 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt17: -------------------------------------------------------------------------------- 1 | 941527743735674-52-608010559-17149-584976-95626-7583-94288918-599127943020573596683852722-1605957024-4550785291129--222422231-85 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt18: -------------------------------------------------------------------------------- 1 | 66296-865150996558-82--76147879144195606-3-3412054092-40823805020266001399626871838-75---338051441610743-5322077520--74866479-24 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt19: -------------------------------------------------------------------------------- 1 | 43-03598-5-489457--106-65-511545246446646296272597338895-8-2033919392656-41-46252557--770-5500121282520177366700099-69811863-5-6 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt2: -------------------------------------------------------------------------------- 1 | 09787983721447286198858845338661711615-0938652085215553265270-49245-8053201662718-8-33351--49-753943481798776295935416-6859-0604 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt20: -------------------------------------------------------------------------------- 1 | 89-560830708716-1261239911917993177358234065353---4864845083305838-80-860466650041092-6-484201042092-487519774415937938630921095 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt21: -------------------------------------------------------------------------------- 1 | 6616265111345880284473136-7443-7010868005965308969430041959062-6492-52328969-016350707302-48126---10908780303988-645037082668637 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt22: -------------------------------------------------------------------------------- 1 | 388738205-065325370414972766609777-026-990448943850-77101505676-0-967892824306--62-86301-1974273433537819-6-20143601-747934-6583 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt23: -------------------------------------------------------------------------------- 1 | 71922471033-78090436827547359907626248-6302557981732--913--1653099-5303-29969843626237-801585-60514477495531294978645-679-3167-0 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt24: -------------------------------------------------------------------------------- 1 | 9-099414293191730-091647939050804243-755165892530553-47497571522990333293756-56314-48-209262490430702986024-97759264919691459261 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt25: -------------------------------------------------------------------------------- 1 | -458466292-64-093776-7008454453035277208372023042168664584747-8-322-1497--92150405274207859004838452473414568-234350718553-05367 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt26: -------------------------------------------------------------------------------- 1 | 8460066785960-85-46-2859-42921177554122-05680890008589833674127295-510723877156-46558368928-62450-1203-596560999-12550-0752-9471 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt27: -------------------------------------------------------------------------------- 1 | 0-825521949716-42669789360669-28011495-945755568109197882166566611--6--30135822959610447925908473894557518626027-462-345-4926-70 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt28: -------------------------------------------------------------------------------- 1 | 77120613356484--4050752927077948078420-130152642--67768832745284-6--7-54-1--8804591-67373-011666815446784687182379323843834288-- -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt29: -------------------------------------------------------------------------------- 1 | 61020315220023650061201509687394139116262578-3-15340735-6-0019399159677510-0534578-336628664693-01733696-578242529456-03067-7672 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt3: -------------------------------------------------------------------------------- 1 | 59776908470297-34290133900432012938323586346388387463301--73-5-0610539255413-4950561524855-04-81664-0944393092458264798840109-21 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt30: -------------------------------------------------------------------------------- 1 | 479592177116816-375-34769067086552004474554-64705-85320-272-9463-998606285--4-7176-652-981-50694-27553824-64-2070432503085432--2 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt31: -------------------------------------------------------------------------------- 1 | 87778-4326-231638765--6311355276106625942038243816800057-32-0608833455230434--5--860673-30871---88518830683-834889259722017-6646 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt32: -------------------------------------------------------------------------------- 1 | 54059-8817258-537138162106458-512204-08-49812015459700236575261272928551497484325297880501736-947632629724731071-6-7261384916733 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt33: -------------------------------------------------------------------------------- 1 | 051-66482-833141872-391229773-34672-9086--89087-0729130813226519024351---98-7355516220480117166931011530652727343551805370779-0- -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt34: -------------------------------------------------------------------------------- 1 | 4918-8---996-3781-265069052642477036760001045863431226018107766130345170283735-99695-335-50-2559839762-710861780-904609766856785 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt35: -------------------------------------------------------------------------------- 1 | 923788--89141247707329150905219794858700353979242442729795008824796412404489--8083100388129402-46792003264398821806133895-610470 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt36: -------------------------------------------------------------------------------- 1 | 4696639866279738655525964444731869-646091-87-77-2345-3-333790130--451886427340094-941110--2755252312011404907614288-711662107523 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt37: -------------------------------------------------------------------------------- 1 | 5923828-7-464064-19256-814382-067352--5---1859898613411-6332365988-37772623-496704130756285909691091576866811-48119910683593052- -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt38: -------------------------------------------------------------------------------- 1 | -7-732---0746-99819421767340199-924694015704-83450958007972-839500797897954-6916424-773164397-7041565--7464104107574268018902077 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt39: -------------------------------------------------------------------------------- 1 | 368-0-325716306-110-65042026-7-58123923804005609501016878559537494654169-7-2-9891661001-89-12914244791128-3787-3793109283585-839 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt4: -------------------------------------------------------------------------------- 1 | 74-75127771528165918402468997303031721-71692964892-3924346853099034-081565139625040514774-2953--8-845443145617353-61608279963444 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt40: -------------------------------------------------------------------------------- 1 | 17-364-4593624-75-512201401552803937474653-6870515124-97243-3-0-42-55286739626177-18429133240-240841025--9301398794793143762-5-2 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt41: -------------------------------------------------------------------------------- 1 | 5567-8260-75847-4-108760-148641469181130024582502519834196--02-895680145584328151953040-102217-6825874761378-15310--697153940951 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt42: -------------------------------------------------------------------------------- 1 | -75895-14-282975024928580089225906917941017---2190402-041189324-166827251433622-9784-286547665--83-78098-6391965884016529-861366 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt43: -------------------------------------------------------------------------------- 1 | 840-599152338111508424-4240801262873-278352179053-3333961211025476-817481568-910-2345481292611-111767169734988878648-91538016065 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt44: -------------------------------------------------------------------------------- 1 | 6153621283604320-99-1299273278051-833194313-3437453077120081662899961237032539784818491806--3099-277626-820561--32367657435260-3 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt45: -------------------------------------------------------------------------------- 1 | 24579055854301277662205440044126-7419600141418051258165922774161277696020033210368480453-90444-356-04820440695426566-8-6-61-2241 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt46: -------------------------------------------------------------------------------- 1 | 74485206-60272491098-093----2614--7459--3226421305917-40682135-902843409565477-1243496576326-120807985684-4-83287-14915574795026 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt47: -------------------------------------------------------------------------------- 1 | 231766932-1-8-915932786961-662080360839922-5252364643793597435961-533966852571198044518787820--7-027530253487050094-829496743151 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt48: -------------------------------------------------------------------------------- 1 | 6218660527019871238--69759-893-74599824-720-196-1465-399---289251186-4420-2566-744707777-754472459492062804885077808151679972162 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt49: -------------------------------------------------------------------------------- 1 | 3775180920249889-9110-0333833296340819752221554346787415-568975945783231489250372223382591454887618-48638729-0394845693655192-37 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt5: -------------------------------------------------------------------------------- 1 | 4826-669--20524-005343280429-7627396641652137-570618-733044220716-140284943175-706-53--4408962837251107-1866872913148-3026972930 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt50: -------------------------------------------------------------------------------- 1 | 264--207021733-363726140673923360509671030700962281-046300-93365128948479-0807-29-2747812-81858651282509967848896494311274660287 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt51: -------------------------------------------------------------------------------- 1 | 17-5147493-58857775184371-20382-017-8909947865-8202-02087622015-76973739854-1-539454776504055852-41545561856299-0300410611467505 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt52: -------------------------------------------------------------------------------- 1 | 7-0406917765-7430-7858740743-736229-9-993-9-945391-528295-8-5938-279983-25-5481-93057781490801160798267623286217664-26800-249118 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt53: -------------------------------------------------------------------------------- 1 | 07-93646113976-754642422559437937985289793-88-079100--90469121699386555103-00486492498613530780420240246-10113247350469781998848 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt54: -------------------------------------------------------------------------------- 1 | 87619228351-87417-3445135977-11-18236069225700026948357265334725-45244-3131084560810462194165403243092558403238489-8230023644767 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt55: -------------------------------------------------------------------------------- 1 | 90537021-82315921335-9-548628600784-0208410368163583-66679036322705193-161526074805281495865804611592730-7567-622188275526390306 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt56: -------------------------------------------------------------------------------- 1 | 287--6401454109115447-09923-117441723620300700812-15279550927883195-5156353345763647994501-6685-0--84679976063673495681351-28466 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt57: -------------------------------------------------------------------------------- 1 | 598958376602382-045268-4-906760192-88151360--98994-8-888652-2-391541410598-50248065251327723-7661950123-9-52866756962723700--4-9 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt58: -------------------------------------------------------------------------------- 1 | -2848-54-0444-49-5062310581-3932999-09506514105120610766758525-8646-34197766-899635085-0530-9238051-1551797714348130093219302479 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt59: -------------------------------------------------------------------------------- 1 | 73704-459032034914-531381-22086046429026579440278130832352259403061437-47-93330764809332-893376-311497987945-00278-657383653-941 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt6: -------------------------------------------------------------------------------- 1 | 68-48324455204-84-455252865476-7951970--8894683-967634905-33195136293-0016954-90151010-6386879925375316965-024-30436455115396013 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt60: -------------------------------------------------------------------------------- 1 | 50220976180505283-92580744237626-74-911-175565057-76-00-1143589-331-27754214964-87544--7943-3024360068719-743911066395-980889791 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt61: -------------------------------------------------------------------------------- 1 | 7-1641-295072778745626--279--8086-5418490-50-98078895550537505211-8507-25-3918-50049615364812255537--8416630401007640-64--346199 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt62: -------------------------------------------------------------------------------- 1 | 3982622762801853533388470-2918759293-22-1384309715613531337701952090871056840168--4461079-7-4-69-01780926555-520-1251855-2731-18 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt63: -------------------------------------------------------------------------------- 1 | 068-7757-5138382560468469022561-587-734093185398508--590625-4616-11305420-3468214894369124989323-27284693078633436451204-4-67847 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt7: -------------------------------------------------------------------------------- 1 | 682401-69882710-42520-07363-4659713529825123781-6968919063156027-7575-20158-68-55174-4350086025-297264063461540741171868605609-6 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt8: -------------------------------------------------------------------------------- 1 | 510-41471389260407714439743606242-1623--5-6522802903923121709863869553-4-77734409980-8548-60704525015--6--709953-76670888-11374- -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_baby/pt9: -------------------------------------------------------------------------------- 1 | 074-75542434199063101983386271478037080283-39256117954934079702158688176299051-823463259594037605865-9955--85580072169505941--32 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct0 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct1 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct10: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct10 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct11: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct11 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct12 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct13: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct13 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct14: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct14 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct15: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct15 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct16: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct16 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct17: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct17 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct18: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct18 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct19: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct19 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct2 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct20: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct20 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct21: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct21 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct22: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct22 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct23 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct24: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct24 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct25: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct25 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct26: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct26 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct27: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct27 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct28: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct28 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct29: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct29 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct3 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct30: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct30 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct31: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct31 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct32 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct33: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct33 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct34: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct34 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct35: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct35 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct36: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct36 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct37: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct37 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct38: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct38 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct39: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct39 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct4 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct40: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct40 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct41: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct41 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct42: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct42 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct43: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct43 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct44: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct44 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct45: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct45 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct46: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct46 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct47: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct47 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct48: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct48 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct49: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct49 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct5 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct50: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct50 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct51: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct51 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct52: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct52 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct53: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct53 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct54: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct54 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct55: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct55 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct56: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct56 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct57: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct57 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct58: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct58 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct59: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct59 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct6 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct60: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct60 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct61: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct61 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct62: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct62 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct63: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct63 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct7 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct8 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_easy/ct9 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct0 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct1 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct10: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct10 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct11: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct11 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct12: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct12 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct13: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct13 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct14: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct14 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct15: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct15 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct16: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct16 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct17: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct17 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct18: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct18 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct19: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct19 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct2 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct20: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct20 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct21: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct21 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct22: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct22 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct23: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct23 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct24: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct24 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct25: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct25 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct26: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct26 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct27: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct27 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct28: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct28 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct29: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct29 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct3 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct30: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct30 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct31: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct31 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct32: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct32 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct33: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct33 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct34: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct34 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct35: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct35 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct36: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct36 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct37: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct37 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct38: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct38 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct39: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct39 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct4: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct4 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct40: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct40 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct41: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct41 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct42: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct42 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct43: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct43 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct44: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct44 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct45: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct45 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct46: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct46 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct47: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct47 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct48: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct48 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct49: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct49 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct5: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct5 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct50: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct50 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct51: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct51 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct52: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct52 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct53: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct53 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct54: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct54 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct55: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct55 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct56: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct56 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct57: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct57 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct58: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct58 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct59: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct59 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct6 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct60: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct60 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct61: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct61 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct62: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct62 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct63: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct63 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct7: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct7 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct8: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct8 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct9: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Finals/[crypto] the-game-of-des-2/dist/data_hard/ct9 -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/prob_baby.py: -------------------------------------------------------------------------------- 1 | import os 2 | import des 3 | import random 4 | import sys 5 | 6 | print(sys.version_info) 7 | print("========== Constants ===========") 8 | print(des.IP) 9 | print(des.CP_1) 10 | print(des.CP_2) 11 | print(des.P) 12 | print(des.FP) 13 | print("===============================\n") 14 | 15 | key = os.urandom(8) 16 | flag = "WACON2023{" + key.hex() + "}" 17 | print(f"flag = {flag}") 18 | key_bits = des.bytes_to_bits(key) 19 | for i in range(64): 20 | tmp_key = des.bits_to_bytes(key_bits) 21 | cipher = des.DES(tmp_key, 2) # ROUND NUMBER = 2 22 | key_bits = key_bits[1:] + key_bits[:1] 23 | file_pt = open(f"data_baby/pt{i}", "wb") 24 | file_ct = open(f"data_baby/ct{i}", "wb") 25 | 26 | random.seed(os.urandom(32)) 27 | for _ in range(16): 28 | pt = ''.join(random.choices('0123456789-', k=8)).encode() 29 | ct = cipher.encrypt(pt) 30 | file_pt.write(pt) 31 | file_ct.write(ct) 32 | 33 | file_pt.close() 34 | file_ct.close() 35 | 36 | 37 | ''' 38 | sys.version_info(major=3, minor=10, micro=4, releaselevel='final', serial=0) 39 | ========== Constants =========== 40 | [3, 60, 61, 15, 41, 33, 13, 14, 53, 24, 36, 4, 8, 32, 22, 39, 43, 35, 12, 50, 30, 40, 20, 21, 0, 7, 34, 51, 57, 49, 52, 37, 6, 9, 48, 47, 19, 2, 16, 18, 26, 55, 62, 58, 31, 54, 11, 17, 10, 38, 56, 29, 1, 42, 28, 25, 5, 59, 27, 44, 46, 45, 23, 63] 41 | [19, 37, 50, 47, 8, 4, 36, 30, 55, 6, 14, 35, 44, 0, 49, 41, 26, 12, 59, 53, 17, 54, 51, 57, 5, 22, 10, 2, 16, 52, 1, 62, 46, 60, 56, 33, 21, 29, 34, 48, 27, 38, 43, 18, 32, 9, 20, 61, 3, 13, 11, 15, 58, 45, 42, 28] 42 | [19, 34, 14, 12, 3, 5, 42, 35, 17, 40, 27, 53, 29, 18, 7, 48, 0, 20, 22, 16, 28, 45, 39, 54, 1, 2, 38, 6, 31, 47, 44, 30, 52, 25, 43, 13, 49, 50, 24, 33, 15, 10, 26, 9, 21, 8, 23, 46] 43 | [14, 13, 16, 26, 2, 19, 5, 22, 30, 27, 24, 0, 11, 9, 29, 3, 8, 15, 25, 12, 7, 23, 17, 21, 6, 28, 18, 4, 20, 10, 31, 1] 44 | [52, 48, 3, 46, 5, 49, 15, 37, 54, 41, 28, 4, 61, 40, 26, 24, 59, 34, 19, 27, 47, 21, 18, 43, 29, 9, 36, 35, 51, 62, 6, 45, 32, 12, 22, 56, 11, 16, 31, 50, 7, 10, 39, 2, 55, 14, 42, 13, 60, 0, 63, 25, 44, 8, 57, 20, 53, 1, 17, 38, 23, 58, 30, 33] 45 | ================================ 46 | ''' -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/prob_easy.py: -------------------------------------------------------------------------------- 1 | import os 2 | import des 3 | import random 4 | import sys 5 | 6 | print(sys.version_info) 7 | print("========== Constants ===========") 8 | print(des.IP) 9 | print(des.CP_1) 10 | print(des.CP_2) 11 | print(des.P) 12 | print(des.FP) 13 | print("===============================\n") 14 | 15 | key = os.urandom(8) 16 | flag = "WACON2023{" + key.hex() + "}" 17 | print(f"flag = {flag}") 18 | key_bits = des.bytes_to_bits(key) 19 | for i in range(64): 20 | tmp_key = des.bits_to_bytes(key_bits) 21 | cipher = des.DES(tmp_key, 5) # ROUND NUMBER = 5 22 | key_bits = key_bits[1:] + key_bits[:1] 23 | file_pt = open(f"data_easy/pt{i}", "wb") 24 | file_ct = open(f"data_easy/ct{i}", "wb") 25 | 26 | random.seed(os.urandom(32)) 27 | for _ in range(65536): 28 | pt = ''.join(random.choices('0123456789-', k=8)).encode() 29 | ct = cipher.encrypt(pt) 30 | file_pt.write(pt) 31 | file_ct.write(ct) 32 | 33 | file_pt.close() 34 | file_ct.close() 35 | 36 | 37 | ''' 38 | sys.version_info(major=3, minor=10, micro=4, releaselevel='final', serial=0) 39 | ========== Constants =========== 40 | [3, 60, 61, 15, 41, 33, 13, 14, 53, 24, 36, 4, 8, 32, 22, 39, 43, 35, 12, 50, 30, 40, 20, 21, 0, 7, 34, 51, 57, 49, 52, 37, 6, 9, 48, 47, 19, 2, 16, 18, 26, 55, 62, 58, 31, 54, 11, 17, 10, 38, 56, 29, 1, 42, 28, 25, 5, 59, 27, 44, 46, 45, 23, 63] 41 | [19, 37, 50, 47, 8, 4, 36, 30, 55, 6, 14, 35, 44, 0, 49, 41, 26, 12, 59, 53, 17, 54, 51, 57, 5, 22, 10, 2, 16, 52, 1, 62, 46, 60, 56, 33, 21, 29, 34, 48, 27, 38, 43, 18, 32, 9, 20, 61, 3, 13, 11, 15, 58, 45, 42, 28] 42 | [19, 34, 14, 12, 3, 5, 42, 35, 17, 40, 27, 53, 29, 18, 7, 48, 0, 20, 22, 16, 28, 45, 39, 54, 1, 2, 38, 6, 31, 47, 44, 30, 52, 25, 43, 13, 49, 50, 24, 33, 15, 10, 26, 9, 21, 8, 23, 46] 43 | [14, 13, 16, 26, 2, 19, 5, 22, 30, 27, 24, 0, 11, 9, 29, 3, 8, 15, 25, 12, 7, 23, 17, 21, 6, 28, 18, 4, 20, 10, 31, 1] 44 | [52, 48, 3, 46, 5, 49, 15, 37, 54, 41, 28, 4, 61, 40, 26, 24, 59, 34, 19, 27, 47, 21, 18, 43, 29, 9, 36, 35, 51, 62, 6, 45, 32, 12, 22, 56, 11, 16, 31, 50, 7, 10, 39, 2, 55, 14, 42, 13, 60, 0, 63, 25, 44, 8, 57, 20, 53, 1, 17, 38, 23, 58, 30, 33] 45 | ================================ 46 | ''' -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/dist/prob_hard.py: -------------------------------------------------------------------------------- 1 | import os 2 | import des 3 | import random 4 | import sys 5 | 6 | print(sys.version_info) 7 | print("========== Constants ===========") 8 | print(des.IP) 9 | print(des.CP_1) 10 | print(des.CP_2) 11 | print(des.P) 12 | print(des.FP) 13 | print("===============================\n") 14 | 15 | key = os.urandom(8) 16 | flag = "WACON2023{" + key.hex() + "}" 17 | print(f"flag = {flag}") 18 | key_bits = des.bytes_to_bits(key) 19 | for i in range(64): 20 | tmp_key = des.bits_to_bytes(key_bits) 21 | cipher = des.DES(tmp_key, 5) # ROUND NUMBER = 5 22 | key_bits = key_bits[1:] + key_bits[:1] 23 | #file_pt = open(f"data_hard/pt{i}", "wb") 24 | file_ct = open(f"data_hard/ct{i}", "wb") 25 | 26 | random.seed(os.urandom(32)) 27 | for _ in range(65536): 28 | pt = ''.join(random.choices('0123456789-', k=8)).encode() 29 | ct = cipher.encrypt(pt) 30 | #file_pt.write(pt) 31 | file_ct.write(ct) 32 | 33 | #file_pt.close() 34 | file_ct.close() 35 | 36 | 37 | ''' 38 | sys.version_info(major=3, minor=10, micro=4, releaselevel='final', serial=0) 39 | ========== Constants =========== 40 | [3, 60, 61, 15, 41, 33, 13, 14, 53, 24, 36, 4, 8, 32, 22, 39, 43, 35, 12, 50, 30, 40, 20, 21, 0, 7, 34, 51, 57, 49, 52, 37, 6, 9, 48, 47, 19, 2, 16, 18, 26, 55, 62, 58, 31, 54, 11, 17, 10, 38, 56, 29, 1, 42, 28, 25, 5, 59, 27, 44, 46, 45, 23, 63] 41 | [19, 37, 50, 47, 8, 4, 36, 30, 55, 6, 14, 35, 44, 0, 49, 41, 26, 12, 59, 53, 17, 54, 51, 57, 5, 22, 10, 2, 16, 52, 1, 62, 46, 60, 56, 33, 21, 29, 34, 48, 27, 38, 43, 18, 32, 9, 20, 61, 3, 13, 11, 15, 58, 45, 42, 28] 42 | [19, 34, 14, 12, 3, 5, 42, 35, 17, 40, 27, 53, 29, 18, 7, 48, 0, 20, 22, 16, 28, 45, 39, 54, 1, 2, 38, 6, 31, 47, 44, 30, 52, 25, 43, 13, 49, 50, 24, 33, 15, 10, 26, 9, 21, 8, 23, 46] 43 | [14, 13, 16, 26, 2, 19, 5, 22, 30, 27, 24, 0, 11, 9, 29, 3, 8, 15, 25, 12, 7, 23, 17, 21, 6, 28, 18, 4, 20, 10, 31, 1] 44 | [52, 48, 3, 46, 5, 49, 15, 37, 54, 41, 28, 4, 61, 40, 26, 24, 59, 34, 19, 27, 47, 21, 18, 43, 29, 9, 36, 35, 51, 62, 6, 45, 32, 12, 22, 56, 11, 16, 31, 50, 7, 10, 39, 2, 55, 14, 42, 13, 60, 0, 63, 25, 44, 8, 57, 20, 53, 1, 17, 38, 23, 58, 30, 33] 45 | ================================ 46 | ''' -------------------------------------------------------------------------------- /2023/WACON Finals/[crypto] the-game-of-des-2/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] The Game of DES2 2 | 3 | ## Solution 4 | 5 | (Although I strongly agree that it is brain-teasing,) It is enough to follow the basic linear cryptanalysis attack. Linear trail is obtained from the function `get_linear_info` in `linear_trail_check.py`. 6 | 7 | Last round can be reverted with partial key guess. Then the linear trail is: 8 | 9 | 1R : 4th sbox, input mask 52, output mask 2 (10/64) 10 | 2R : 6th sbox, input mask 4, output mask 10 (12/64) 11 | 3R : pass 12 | 4R : 6th sbox, input mask 4, output mask 10 (12/64) 13 | 14 | -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] baby-cipher/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] baby cipher 2 | 3 | ## Tag 4 | 5 | SPN, MiMC, Ciphers over Ring 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | The cipher is similar with MiMC, but the arithmatization is based on the $\mathbb{Z}_{2^128}$, instead of field is $\mathbb{F}_{2^128}$ -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] baby-cipher/dist/prob.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import math 3 | import os 4 | import hashlib 5 | import signal 6 | 7 | STATE_SIZE = 4 8 | N = 128 9 | MOD = 2**N 10 | NUM_ROUNDS = 256 11 | TIME_OUT = 600 12 | QUERY_NUM = 100 13 | 14 | round_constants = [[0]*STATE_SIZE for _ in range(NUM_ROUNDS)] 15 | 16 | def set_round_constants(iv): 17 | for i in range(NUM_ROUNDS): 18 | for j in range(STATE_SIZE): 19 | m = b'wacon2023_' + long_to_bytes(iv) + bytes([i]) + bytes([j]) 20 | round_constants[i][j] = bytes_to_long(hashlib.sha256(m).digest()) % MOD 21 | 22 | def encrypt(state, KEY): 23 | assert len(state) == len(KEY) == STATE_SIZE 24 | for i in range(NUM_ROUNDS): 25 | # Add key and round constants 26 | for j in range(STATE_SIZE): 27 | state[j] = pow(state[j] + KEY[j] + round_constants[i][j], (i+j) % 4 + 3, MOD) 28 | # Shift 29 | state[0], state[1], state[2], state[3] = state[1], state[2], state[3], state[0] 30 | 31 | def challenge(): 32 | KEY = [bytes_to_long(os.urandom(N // 8)) for _ in range(STATE_SIZE)] 33 | for _ in range(QUERY_NUM): 34 | plain = list(map(int, input("plain?(ex: 1 1 1 1) > ").split())) 35 | iv = int(input("iv? > ")) 36 | if len(plain) != STATE_SIZE or min(plain) < 0 or max(plain) >= MOD: 37 | print("wrong plaintext") 38 | continue 39 | if iv < 0 or iv >= MOD: 40 | print("wrong iv") 41 | continue 42 | set_round_constants(iv) 43 | state = plain[:] 44 | encrypt(state, KEY) 45 | print(f"cipher = {state[0]} {state[1]} {state[2]} {state[3]}") 46 | 47 | key_guess = list(map(int, input("key?(ex: 1 1 1 1) > ").split())) 48 | if KEY != key_guess: 49 | print("Wrong...") 50 | exit(-1) 51 | else: 52 | print("Good!") 53 | 54 | signal.alarm(TIME_OUT) 55 | 56 | challenge() 57 | 58 | print("Good job!", open("flag.txt", 'r').read()) -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] baby-cipher/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] baby cipher 2 | 3 | ## Solution 4 | 5 | It is possible to recover `keys` in mod $2^1$ first. Then recovering in mod $2^2, \dots, 2^{128}$ step by step. -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] baby-cipher/solution/solver.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import random 3 | import os 4 | from copy import deepcopy 5 | from tqdm import tqdm 6 | from pwn import * 7 | 8 | 9 | STATE_SIZE = 4 10 | N = 128 11 | MOD = 2**N 12 | NUM_ROUNDS = 256 13 | TIME_OUT = 600 14 | QUERY_NUM = 100 15 | 16 | def query(plain, iv): 17 | r.recvuntil(b" > ") 18 | r.sendline(f"{plain[0]} {plain[1]} {plain[2]} {plain[3]}".encode()) 19 | r.recvuntil(b" > ") 20 | r.sendline(str(iv).encode()) 21 | r.recvuntil(b" = ") 22 | cipher = list(map(int, r.recvline().split())) 23 | return cipher 24 | 25 | def query_ans(KEY): 26 | r.recvuntil(b" > ") 27 | r.sendline(f"{KEY[0]} {KEY[1]} {KEY[2]} {KEY[3]}".encode()) 28 | r.interactive() 29 | 30 | def encrypt(state, KEY): 31 | assert len(state) == len(KEY) == STATE_SIZE 32 | for i in range(NUM_ROUNDS): 33 | # Add key and round constants 34 | for j in range(STATE_SIZE): 35 | state[j] = pow(state[j] + KEY[j] + round_constants[i][j], (i+j) % 4 + 3, MOD) 36 | # Shift 37 | state[0], state[1], state[2], state[3] = state[1], state[2], state[3], state[0] 38 | 39 | #r = process(["python3", "prob.py"]) 40 | r = remote("175.118.127.63", 3715) 41 | 42 | plains = [[random.randrange(1,MOD,2),random.randrange(1,MOD,2),random.randrange(1,MOD,2),random.randrange(1,MOD,2)] for _ in range(100)] 43 | ivs = [random.randrange(0,MOD) for _ in range(100)] 44 | ciphers = [None] * 100 45 | 46 | for i in range(100): 47 | ciphers[i] = query(plains[i], ivs[i]) 48 | 49 | round_constants = [[0]*STATE_SIZE for _ in range(NUM_ROUNDS)] 50 | 51 | def set_round_constants(iv): 52 | for i in range(NUM_ROUNDS): 53 | for j in range(STATE_SIZE): 54 | m = b'wacon2023_' + long_to_bytes(iv) + bytes([i]) + bytes([j]) 55 | round_constants[i][j] = bytes_to_long(hashlib.sha256(m).digest()) % MOD 56 | 57 | current_mod = 2 58 | key_remainder_candidates = [[a,b,c,d] for a in [0,1] for b in [0,1] for c in [0,1] for d in [0,1]] 59 | 60 | round_constants_eachiv = [] 61 | for iv in ivs: 62 | set_round_constants(iv) 63 | round_constants_eachiv.append(deepcopy(round_constants)) 64 | 65 | chk = 0 66 | while True: 67 | next_candidates = [] 68 | for candidates in key_remainder_candidates: 69 | for i in range(100): 70 | round_constants = round_constants_eachiv[i] 71 | #set_round_constants(ivs[i]) 72 | state = plains[i][:] 73 | encrypt(state, candidates) 74 | if any(state[j] % current_mod != ciphers[i][j] % current_mod for j in range(4)): 75 | break 76 | 77 | else: 78 | if current_mod == MOD: 79 | query_ans(candidates) 80 | exit() 81 | else: 82 | next_candidates += [[candidates[0]+a,candidates[1]+b,candidates[2]+c,candidates[3]+d] for a in [0,current_mod] for b in [0,current_mod] for c in [0,current_mod] for d in [0,current_mod]] 83 | 84 | key_remainder_candidates = next_candidates 85 | current_mod *= 2 86 | chk+=1 87 | print(f"{chk}/{N}, {len(key_remainder_candidates)} candidates") 88 | 89 | if len(key_remainder_candidates) == 0: 90 | break -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] pss/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] PSS 2 | 3 | ## Tag 4 | 5 | Secret sharing, MPC-in-the-head, eprint 2018/1212(Multi-Target Attacks on the Picnic Signature Scheme and Related Protocols) 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | Likes a MPC-in-the-head-based signature, $N$ parties are sharing a permutation. seeds for $N-1$ parties is given but seed for the hidden party is not revealed. Flag is permutated using a permutation. 14 | 15 | Secret sharing is given for $2^{17}$ times and entropy for seed -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] pss/dist/prob.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import os 3 | from hashlib import sha256 4 | from tqdm import tqdm 5 | 6 | def cascade_hash(msg, cnt, digest_len): 7 | assert digest_len <= 32 8 | msg = msg * 10 9 | for _ in range(cnt): 10 | msg = sha256(msg).digest() 11 | return msg[:digest_len] 12 | 13 | def seed_to_permutation(seed): 14 | permutation = '' 15 | msg = seed + b"_shuffle" 16 | while len(permutation) < 16: 17 | msg = cascade_hash(msg, 777, 32) 18 | msg_hex = msg.hex() 19 | for c in msg_hex: 20 | if c not in permutation: 21 | permutation += c 22 | 23 | return permutation 24 | 25 | def permutation_secret_sharing_gen(secret): 26 | seed_len = 5 27 | master_seed = os.urandom(seed_len) 28 | seed_tree = [None] * (2*N - 1) 29 | seed_tree[0] = master_seed 30 | for i in range(N-1): 31 | h = cascade_hash(seed_tree[i], 123, 2 * seed_len) 32 | seed_tree[2*i+1], seed_tree[2*i+2] = h[:seed_len], h[seed_len:] 33 | 34 | secret_list = list(secret.decode()) # ex) ['0','1','2','3',...] 35 | for i in range(N): 36 | # i-th party has a permutation derived from seed_tree[i+N-1] 37 | permutation = seed_to_permutation(seed_tree[i + N - 1]) 38 | secret_list = [hex(permutation.find(x))[2:] for x in secret_list] 39 | 40 | permutated_secret = ''.join(secret_list) 41 | hidden_party = os.urandom(1)[0] & 7 42 | proof_idxs = merkle_proof_indexes[hidden_party] 43 | 44 | return seed_tree[proof_idxs[0]] + \ 45 | seed_tree[proof_idxs[1]] + \ 46 | seed_tree[proof_idxs[2]] + \ 47 | bytes([hidden_party]) + \ 48 | bytes.fromhex(permutated_secret) 49 | 50 | merkle_proof_indexes = { 51 | 0 : [2,4,8], 52 | 1 : [2,4,7], 53 | 2 : [2,3,10], 54 | 3 : [2,3,9], 55 | 4 : [1,6,12], 56 | 5 : [1,6,11], 57 | 6 : [1,5,14], 58 | 7 : [1,5,13], 59 | } 60 | 61 | 62 | N = 8 # Number of parties 63 | 64 | secret = b'---REDACTED---' 65 | flag = b"WACON2023{" + secret + b'}' 66 | 67 | assert len(secret) == 16 and set(secret) == set(b"0123456789abcdef") 68 | # You can bruteforce the secret directly if you can overcome ^^^O(0xbeeeef * 16!)^^^!!! 69 | assert cascade_hash(flag, 0xbeeeef, 32).hex() == 'f7a5108a576391671fe3231040777e9ac455d1bb8b84a16b09be1b2bac68345c' 70 | 71 | fw = open("pss_data", "wb") 72 | for _ in tqdm(range(2 ** 17)): 73 | fw.write(permutation_secret_sharing_gen(secret)) 74 | 75 | fw.close() -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] pss/dist/pss_data: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/encrypted-def/my-ctf-challenges/8f97e051deff8e009ae62b61c2fc392ee829df0f/2023/WACON Quals/[crypto] pss/dist/pss_data -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] pss/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] PSS 2 | 3 | ## Solution 4 | 5 | Since there are $2^{17}$ secret sharings, it is possible to recover a seed corresponding to one of the $2^{17}$ hidden nodes by checking $2^{23}$ candidates. -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] white-arts/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] White arts 2 | 3 | ## Tag 4 | 5 | Symmetric primitives, Indistingushiability 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | There are 5 distinguish games. 14 | 15 | Game 1 - 1 round feistel vs random permutation 16 | Game 2 - 2 round feistel vs random permutation 17 | Game 3 - 3 round feistel vs random permutation (inverse query is allowed) 18 | Game 4 - CMT(CBC-MAC Tweak)-like mode vs truncated random permutation (inverse query is allowed) 19 | Game 5 - Sum of four permutations vs random function(256 queries) 20 | 21 | Total 266 queries are allowed. -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] white-arts/dist/RandomFunction.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | class RandomFunction(): 4 | def __init__(self, n): 5 | self.domain_cache = {} 6 | self.range_cache = {} 7 | self.n = n # n "bytes" 8 | 9 | # Inverse query is not allowed 10 | def query(self, q): 11 | x = q 12 | if x not in self.domain_cache: 13 | self.domain_cache[x] = os.urandom(self.n) 14 | return self.domain_cache[x] -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] white-arts/dist/RandomPermutation.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | class RandomPermutation(): 4 | def __init__(self, n): 5 | self.domain_cache = {} 6 | self.range_cache = {} 7 | self.n = n # n "bytes" 8 | 9 | def query(self, q, inverse = False): 10 | if not inverse: 11 | x = q 12 | if x in self.domain_cache: 13 | return self.domain_cache[x] 14 | 15 | while True: 16 | y = os.urandom(self.n) 17 | if y in self.range_cache: 18 | continue 19 | 20 | self.domain_cache[x] = y 21 | self.range_cache[y] = x 22 | return y 23 | 24 | else: 25 | y = q 26 | if y in self.range_cache: 27 | return self.range_cache[y] 28 | 29 | while True: 30 | x = os.urandom(self.n) 31 | if x in self.domain_cache: 32 | continue 33 | 34 | self.domain_cache[x] = y 35 | self.range_cache[y] = x 36 | return x -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] white-arts/dist/prob.py: -------------------------------------------------------------------------------- 1 | import math 2 | import os 3 | from Generator import Generator1, Generator2, Generator3, Generator4, Generator5 4 | 5 | query_left = 266 6 | 7 | def guess_mode(G, query_num): 8 | for _ in range(query_num): 9 | q = bytes.fromhex(input("q? > ")) 10 | inverse = input("inverse(y/n)? > ") == 'y' 11 | assert len(q) == G.input_size 12 | print(G.calc(q, inverse).hex()) 13 | 14 | # Time to guess 15 | assert input("mode? > ") == str(G.mode) # 0(gen) / 1(random) 16 | 17 | def challenge_generator(challenge_name, Generator): 18 | global query_left 19 | print(f"#### Challenge = {challenge_name}") 20 | query_num = int(input(f"How many queries are required to solve {challenge_name}? > ")) 21 | query_left -= query_num 22 | for _ in range(40): 23 | G = Generator() 24 | guess_mode(G, query_num) 25 | 26 | 27 | challenge_generator("Generator1", Generator1) 28 | challenge_generator("Generator2", Generator2) 29 | 30 | if query_left < 0: 31 | print("You passed all challenges for EASY but query limit exceeded. Try harder :(") 32 | exit(-1) 33 | 34 | print("(Only for a junior division) Good job! flag_baby =", open("flag_baby.txt").read()) 35 | 36 | challenge_generator("Generator3", Generator3) 37 | 38 | if query_left < 0: 39 | print("You passed all challenges for EASY but query limit exceeded. Try harder :(") 40 | exit(-1) 41 | 42 | print("Good job! flag_easy =", open("flag_easy.txt").read()) 43 | 44 | challenge_generator("Generator4", Generator4) 45 | challenge_generator("Generator5", Generator5) 46 | 47 | if query_left < 0: 48 | print("You passed all challenges for HARD but query limit exceeded. Try harder :(") 49 | exit(-1) 50 | 51 | print("(Only for general/global divisions) Good job! flag_hard =", open("flag_hard.txt").read()) 52 | -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] white-arts/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] White arts 2 | 3 | ## Solution 4 | 5 | TODO.. but solution is straightforward when you refer a solver code. -------------------------------------------------------------------------------- /2023/WACON Quals/[crypto] white-arts/solution/solver.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import random 3 | import os 4 | from copy import deepcopy 5 | from tqdm import tqdm 6 | from pwn import * 7 | 8 | def xor(a : bytes, b : bytes): 9 | return bytes([u ^ v for u,v in zip(a,b)]) 10 | 11 | def query(q, inverse): 12 | if inverse == True: 13 | inverse = 'y' 14 | if inverse == False: 15 | inverse = 'n' 16 | r.recvuntil(b" > ") 17 | r.sendline(q.hex().encode()) 18 | r.recvuntil(b" > ") 19 | r.sendline(inverse.encode()) 20 | return bytes.fromhex(r.recvline().strip().decode()) 21 | 22 | #r = process(["python3", "./deploy/prob.py"]) 23 | r = remote("175.118.127.63", 2821) 24 | 25 | def chal1(): 26 | ### Challenge 1, 1 query 27 | r.recvuntil(b" > ") 28 | r.sendline(b"1") 29 | for _ in tqdm(range(40)): 30 | result = query(bytes(16), False) 31 | r.recvuntil(b" > ") 32 | if result[:8] == bytes(8): 33 | r.sendline(b'0') 34 | else: 35 | r.sendline(b'1') 36 | 37 | 38 | def chal2(): 39 | ### Challenge 2, 2 queries 40 | r.recvuntil(b" > ") 41 | r.sendline(b"2") 42 | for _ in tqdm(range(40)): 43 | M1 = bytes(16) 44 | M2 = bytes([1]+[0]*15) 45 | result1 = query(M1, False) 46 | result2 = query(M2, False) 47 | r.recvuntil(b" > ") 48 | if xor(result1[:8], result2[:8]) == bytes([1] + [0]*7): 49 | r.sendline(b'0') 50 | else: 51 | r.sendline(b'1') 52 | 53 | def chal3(): 54 | ### Challenge 3, 3 queries 55 | # Generic Attacks on Feistel Schemes 56 | r.recvuntil(b" > ") 57 | r.sendline(b"3") 58 | for _ in tqdm(range(40)): 59 | x1 = bytes(16) 60 | y1 = query(x1, False) 61 | s1, t1 = y1[:8], y1[8:] 62 | 63 | x2 = bytes([1] + [0]*15) 64 | y2 = query(x2, False) 65 | s2, t2 = y2[:8], y2[8:] 66 | 67 | y3 = s2 + xor(t2, bytes([1] + [0]*7)) 68 | x3 = query(y3, True) 69 | l3, r3 = x3[:8], x3[8:] 70 | 71 | r.recvuntil(b" > ") 72 | if xor(s2, s1) == r3: 73 | r.sendline(b'0') 74 | else: 75 | r.sendline(b'1') 76 | 77 | def chal4(): 78 | ### Challenge 4, 4 queries 79 | r.recvuntil(b" > ") 80 | r.sendline(b"4") 81 | BLOCK0 = bytes(8) 82 | BLOCK1 = bytes([0]*7+[1]) 83 | for _ in tqdm(range(40)): 84 | x1 = BLOCK0 + BLOCK0 85 | y1 = query(x1, False) 86 | 87 | x2 = BLOCK1 + BLOCK1 88 | y2 = query(x2, False) 89 | 90 | z1 = query(xor(y1, BLOCK1) + BLOCK1, True) 91 | z2 = query(xor(y2, BLOCK1) + BLOCK0, True) 92 | 93 | r.recvuntil(b" > ") 94 | if xor(z1, z2) == BLOCK1: 95 | r.sendline(b'0') 96 | else: 97 | r.sendline(b'1') 98 | 99 | def chal5(): 100 | ### Challenge 5, 256 queries 101 | r.recvuntil(b" > ") 102 | r.sendline(b"256") 103 | for _ in tqdm(range(40)): 104 | s = 0 105 | for i in range(256): 106 | y = query(bytes([i]), False) 107 | s ^= y[0] 108 | 109 | r.recvuntil(b" > ") 110 | if s == 0: 111 | r.sendline(b'0') 112 | else: 113 | r.sendline(b'1') 114 | 115 | chal1() 116 | chal2() 117 | 118 | print(r.recvuntil(b"#")) # Get flag_baby 119 | 120 | chal3() 121 | 122 | print(r.recvuntil(b"#")) # Get flag_easy 123 | 124 | chal4() 125 | chal5() # Having 15% of failure prob 126 | 127 | r.interactive() # Get flag_hard -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/README.md: -------------------------------------------------------------------------------- 1 | # [misc] let me win 2 | 3 | ## Tag 4 | 5 | Linear programming 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | When the user connects to service, user can see the virtual ctf scoreboard. Each team in the virtual ctf has their own solving challenge list. Likes a ordinary ctf, the point of each challenge is determined by the number of solvers. The user's goal is to set a ranking as `expected_ranking_list` by manupulate points for each number of solvers. -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/app/templates/check.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Scoreboard 5 | 6 | 7 |

Scoreboard

8 |
    9 | {% for item in ranking %} 10 |
  1. {{ item[1] }} {{item[0]}}
    2. 11 | {% endfor %} 12 |
13 | From 14 | U 15 | p 16 | p 17 | e 18 | r 19 | G 20 | u 21 | e 22 | e 23 | s 24 | e 25 | r 26 | : 27 | {{msg}} 28 | 29 | -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/app/templates/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | WAKWAKCON 2023 5 | 6 | 7 |

WAKWAKCON 2023

8 |

Scenario

9 |

You are organizing WAKWAKCON 2023, which is a sub events of the WACON 2023. 10 | The challenges solved by the teams are already known. 11 | Each problem is worth the same scores 12 | and CTF uses a dynamic scoring system, so the more people who solve it, 13 | the lower the score.

14 | 15 |

An unethical hacking group 16 | U 17 | p 18 | p 19 | e 20 | r 21 | G 22 | u 23 | e 24 | e 25 | s 26 | e 27 | r 28 | is requesting that setting scoreboard as they want by choosing appropriate scroing system.

29 | 30 | The Reward is FLAG!!!!! Let's go!!!🥰🥰🥰🤣 31 | 32 |

TL;DR - Set scoreboard as requested scoreboard by manipulate scoring system.

33 | 34 |

Team Lists

35 |
    36 | {% for team in teams %} 37 |
  • {{ team }}
    • 38 | {% endfor %} 39 |
40 |

Requested Scoreboard

41 | 42 |

Set Scoring System

43 | 44 | 45 | -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/app/templates/scoreboard_requested.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Requested Scoreboard 5 | 6 | 7 |

Requested Scoreboard

8 |
    9 | {% for item in ranking_list %} 10 |
  1. {{ item[1] }}
    2. 11 | {% endfor %} 12 |
13 | Please don't blame me... I just made this from the random seed except KINGGOD 14 | U 15 | p 16 | p 17 | e 18 | r 19 | G 20 | u 21 | e 22 | e 23 | s 24 | e 25 | r 26 | hehe... 27 | 28 |

(Note : If the score is same, then ranking is determined by the dictonary order.)

29 | 30 | -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/app/templates/setting.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Settings 5 | 6 | 7 |

Settings

8 |
    9 |
  • An each score should strictly decreasing if the number of solver is increased
    • 10 |
  • An each score should be greater than 0, less than 1,000,000,000
    • 11 |
12 |
13 | {% for i in L %} 14 | Scores for {{i[0]}} solve(s) :
15 | {% endfor %} 16 | 17 | 18 |
19 | 20 | -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/app/templates/team.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | {{ team_name }} 5 | 6 | 7 |

{{ team_name }} Solves..

8 |
    9 | {% for problem in team_problems %} 10 |
  • {{ problem }}
    • 11 | {% endfor %} 12 |
13 | 14 | 15 | -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/solution/README.md: -------------------------------------------------------------------------------- 1 | # [misc] let me win 2 | 3 | ## Solution 4 | 5 | Since every constraints are linear, it is possible to solve with linear programming. -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] let-me-win/solution/solver.py: -------------------------------------------------------------------------------- 1 | from bs4 import BeautifulSoup 2 | import requests 3 | from z3 import * 4 | 5 | BASE_URL = 'http://175.118.127.123:5000' 6 | 7 | teams = '''zer0cats 8 | CheckTheSign 9 | C4T BuT M3W 10 | idk 11 | kalmaronion 12 | HikeBoy 13 | justCatchTheFish 14 | r3kabunny 15 | SNSD 16 | organi-cats 17 | thequackerscrew 18 | 1daysober 19 | More Fried Elite Duck 20 | Black Butterflies 21 | Project Sakura 22 | QQQ 23 | ShyKOR 24 | Goose N 25 | MINUS 26 | Balsamic Vinegar 27 | Never Stop Exploding 28 | DiceDang 29 | The Round Network Society 30 | 796e74 31 | The Moose 32 | Upper Guesser 33 | HackingForBeer 34 | Waffle Bacon 35 | ChordBlue 36 | mhackaroni 37 | Watermelon Paddler 38 | Perfect Pink 39 | Katzekatbin 40 | The Quack 41 | Shellfish 42 | Dragon Sushi 43 | Emu Eggs Benny 44 | YGY 45 | OsakaWesterns 46 | Polygroot 47 | Dragon Vector 48 | LCDC 49 | 127 50 | Eat, Sleep, Misc, Repeat 51 | Nu0L 52 | o0ps 53 | Bubble Tea Deliverers 54 | Dashwhackers 55 | A*C*E 56 | CloseToAll 57 | Deficit 58 | squareimentary 59 | daejeonelectricdecomposer 60 | none2root 61 | Inverselab 62 | Ever Stop Exploiting 63 | copyn 64 | SunBugs 65 | FBISEC 66 | defined 67 | NEWSEC'''.split('\n') 68 | 69 | def parse_challenges(teamname): 70 | url = BASE_URL + '/team/' + teamname 71 | response = requests.get(url) 72 | soup = BeautifulSoup(response.text, 'html.parser') 73 | 74 | li_tags = soup.find_all('li') 75 | challs = [] 76 | for li in li_tags: 77 | if li.text: 78 | challs.append(li.text) 79 | return challs 80 | 81 | 82 | def get_rank_list(): 83 | url = BASE_URL + '/scoreboard_requested' 84 | response = requests.get(url) 85 | soup = BeautifulSoup(response.text, 'html.parser') 86 | 87 | li_tags = soup.find_all('li') 88 | ranks = [] 89 | for li in li_tags: 90 | if li.text: 91 | ranks.append(li.text) 92 | return ranks 93 | 94 | 95 | def find_solution(): 96 | vars = [Int(f'var{i}') for i in range(len(teams))] 97 | eqs = [] 98 | for team in ranks: 99 | eq = 0 100 | for chal in team_solved[team]: 101 | eq += vars[occur[chal]-1] 102 | eqs.append(eq) 103 | 104 | z = Solver() 105 | z.add(vars[-1] > 0) 106 | z.add(vars[0] < 10**9) 107 | for i in range(len(teams)-1): 108 | z.add(eqs[i] > eqs[i+1]) 109 | z.add(vars[i] > vars[i+1]) 110 | 111 | if z.check() == sat: 112 | model = z.model() 113 | ret = [] 114 | for var in vars: 115 | ret.append(model[var].as_long()) 116 | print(ret) 117 | 118 | else: 119 | print("unsat") 120 | exit(-1) 121 | 122 | return ret 123 | 124 | def send_query(sol): 125 | url = BASE_URL + '/check' 126 | data = {} 127 | for i in range(len(teams)): 128 | data[f"input{i+1}"] = str(sol[i]) 129 | 130 | resp = requests.post(url, data=data) 131 | t = resp.text 132 | if "WACON" not in t: 133 | print("nono..") 134 | else: 135 | i1 = t.find("WACON") 136 | i2 = t.find("}") 137 | print(t[i1:i2+1]) 138 | 139 | team_solved = {} 140 | occur = {} 141 | 142 | for team in teams: 143 | team_solved[team] = parse_challenges(team) 144 | for chal in team_solved[team]: 145 | if chal not in occur: 146 | occur[chal] = 0 147 | occur[chal] += 1 148 | 149 | ranks = get_rank_list() 150 | #print(ranks) 151 | #exit() 152 | 153 | print("Parse done") 154 | 155 | print("z3 gogo") 156 | sol = find_solution() 157 | send_query(sol) 158 | -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] mic-check/README.md: -------------------------------------------------------------------------------- 1 | # [misc] mic check 2 | 3 | ## Tag 4 | 5 | Fake 404 error 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | A user may receive status 200 or 404 based on their directory. Note that 200 page looks like 404 error page, but it can be distingushed using status code. 14 | 15 | (The concept is inspired by G0RiyA. I'm just implementing his idea with diff and chatGPT.) -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] mic-check/app/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, abort, Response 2 | 3 | app = Flask(__name__) 4 | 5 | FLAG = "WACON2023{2060923e53fa205a48b2f9ad47d943c4}" 6 | 7 | @app.route('/robots.txt', methods=['GET']) 8 | def robots_txt(): 9 | content = """User-agent: * 10 | allow: /W/A/C/O/N/2/""" 11 | return Response(content, content_type="text/plain") 12 | 13 | 14 | @app.route('/', methods=['GET']) 15 | def guess_flag(guess): 16 | fake_contents = ''' 17 | 18 | 19 | 404 Not Found 20 |

Not Found

21 |

The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.

''' 22 | # Split the URL path into individual bytes 23 | parts = guess.split('/') 24 | 25 | # Check each byte with the corresponding byte of the FLAG 26 | for i, part in enumerate(parts): 27 | if i >= len(FLAG) or FLAG[i] != part: 28 | abort(404) 29 | # If the guess so far is correct, but not the full flag, return 200 30 | if len(parts) <= len(FLAG): 31 | return fake_contents, 200 32 | else: 33 | abort(404) 34 | 35 | if __name__ == '__main__': 36 | app.run() -------------------------------------------------------------------------------- /2023/WACON Quals/[misc] mic-check/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] The Game of DES 2 | 3 | ## Solution 4 | 5 | Simply check status code and step into directory for each character(`/W/A/C/O/N/2/....`) -------------------------------------------------------------------------------- /2023/Whitehat Finals/[crypto] blocks/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Blocks 2 | 3 | ## Tag 4 | 5 | Block cipher modes of operation 6 | 7 | ## Difficulty 8 | 9 | Easy 10 | 11 | ## Scenario 12 | 13 | A user is asked to distinguish ECB/CBC/CTR/OFB/CFB mode using only two encryption/decryption queries. A user can set `pt`(or `ct`) and `iv` for each query. -------------------------------------------------------------------------------- /2023/Whitehat Finals/[crypto] blocks/dist/prob.py: -------------------------------------------------------------------------------- 1 | from Crypto.Cipher import AES 2 | from Crypto.Util import Counter 3 | from Crypto.Util.number import bytes_to_long 4 | import os 5 | 6 | ECB_MODE = 0 7 | CBC_MODE = 1 8 | CTR_MODE = 2 9 | CFB_MODE = 3 10 | OFB_MODE = 4 11 | 12 | # choose random number from 0 to n-1 13 | def secure_random_choice(n): 14 | while True: 15 | x = os.urandom(1)[0] 16 | if x // n == 0xff // n: 17 | continue 18 | return x % n 19 | 20 | def challenge(): 21 | mode = secure_random_choice(5) 22 | key = os.urandom(16) 23 | 24 | for _ in range(2): 25 | iv = bytes.fromhex(input("iv? > ")) 26 | assert len(iv) == 16, f"Invalid iv size({len(iv)})" 27 | 28 | enc_option = input("encrypt? ('y' if encrypt/'n' if decrypt) > ") == 'y' 29 | 30 | if mode == ECB_MODE: 31 | cipher = AES.new(key, AES.MODE_ECB) 32 | elif mode == CBC_MODE: 33 | cipher = AES.new(key, AES.MODE_CBC, iv=iv) 34 | elif mode == CTR_MODE: 35 | ctr = Counter.new(128, initial_value=bytes_to_long(iv)) 36 | cipher = AES.new(key, AES.MODE_CTR, counter=ctr) 37 | elif mode == CFB_MODE: 38 | cipher = AES.new(key, AES.MODE_CFB, iv=iv, segment_size=128) 39 | else: 40 | cipher = AES.new(key, AES.MODE_OFB, iv=iv) 41 | 42 | 43 | if enc_option: # encrypt 44 | pt = bytes.fromhex(input("plaintext? > ")) 45 | assert len(pt) % 16 == 0, f"Invalid pt size({len(pt)})" 46 | ct = cipher.encrypt(pt) 47 | print(f"ct = {ct.hex()}") 48 | 49 | else: # decrypt 50 | ct = bytes.fromhex(input("ciphertext? > ")) 51 | assert len(ct) % 16 == 0, f"Invalid ct size({len(ct)})" 52 | pt = cipher.decrypt(ct) 53 | print(f"pt = {pt.hex()}") 54 | 55 | 56 | guess = int(input("mode? > ")) 57 | if mode == guess: 58 | print("Good!") 59 | return True 60 | else: 61 | print("nono..", mode, guess) 62 | return False 63 | 64 | 65 | for i in range(100): 66 | print(f"Stage {i+1}/100") 67 | if not challenge(): 68 | exit(-1) 69 | 70 | print("Good job!", open("flag").read()) -------------------------------------------------------------------------------- /2023/Whitehat Finals/[crypto] blocks/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] Blocks 2 | 3 | ## Solution 4 | 5 | For simplicity, we will refer to `0000...00` as `BLOCK0`, `0000...01` as `BLOCK1`, and `pt[i]` as the `i`th block of the plaintext `pt` and `ct[i]` as the `i`th block of the ciphertext `ct`. 6 | 7 | Now let's look at the characteristics of each mode. 8 | 9 | In ECB, regardless of the index of the block and iv, if the plaintexts are identical, the same ciphertext will result. 10 | 11 | CBC considers the decryption process of obtaining a plaintext from a ciphertext, given two plaintext-ciphertext pairs `(pt1, ct1), (pt2, ct2)`. Then, if `ct1[i] = ct2[i]`, then `pt1[i] ^ ct1[i-1] = pt2[i] ^ ct2[i-1]`, independent of `iv`. If `i = 0`, then `pt1[i] ^ iv1 = pt2[i] ^ iv2`. 12 | 13 | CTR is `pt1[i] ^ ct1[i] = pt2[i-1] ^ ct2[i-1]` if `iv2 = iv1+1`. 14 | 15 | CFB is `pt1[i+1] ^ ct1[i+1] == pt2[i+1] ^ ct2[i+1]` if `ct1[i] == ct2[i]`, regardless of `iv`. 16 | 17 | OFB has the property that if `iv1 = iv2`, then `pt1[i] ^ ct1[i] = pt2[i] ^ ct2[i]`, although the solution is to just classify it as OFB if all other modes are absent. However, this is a characteristic that CTR also has. 18 | 19 | If we had a generous number of queries allowed, the problem would be simple, but since we are limited to only two queries, we need to devise a way to distinguish between all modes. If you think about it, it's hard to distinguish between CTR and OFB when the iv of two queries is the same. Instead, we need to make the ivs different to distinguish between CTR and OFB. And if the ivs are different, and we encrypt both times, we cannot intentionally create `ct1[i] == ct2[i]', so the full nature of CFB is not revealed. Therefore, we can see that one of the queries must be a decryption process. 20 | 21 | From these considerations, we can finally categorize the modes in the following way 22 | 23 | - Query 1: `iv1 = BLOCK0`, `pt1 = BLOCK0 + BLOCK0 + BLOCK0 + BLOCK0`, `enc_option = y` (=encrypt) 24 | - Query 2: `iv1 = BLOCK1`, `ct2 = ct1[0] + BLOCK0 + BLOCK0`, `enc_option = n` (=decrypt) 25 | 26 | 1. Judge as ECB if `ct1[0] == ct1[1]`. 27 | 2. if `ct1[3] == pt2[2]`, it is a CTR. 28 | 3. CBC if `pt2[0] == BLOCK1`. 29 | 4. CFB if `pt2[1] == ct1[1]`. 30 | 5. If the above 4 conditions are not satisfied, it is OFB. 31 | 32 | Of course, there are many other ways to solve this problem. 33 | -------------------------------------------------------------------------------- /2023/Whitehat Finals/[crypto] blocks/solution/solver.py: -------------------------------------------------------------------------------- 1 | from pwn import * 2 | from Crypto.Util import strxor 3 | 4 | ECB_MODE = 0 5 | CBC_MODE = 1 6 | CTR_MODE = 2 7 | CFB_MODE = 3 8 | OFB_MODE = 4 9 | 10 | #context.log_level = 'debug' 11 | #r = process(["python3", "./prob.py"]) 12 | r = remote("3.34.50.93", 4816) 13 | 14 | BLOCK0 = bytes(16) 15 | BLOCK1 = bytes(15) + bytes([1]) 16 | 17 | for i in range(100): 18 | print(f"Stage {i+1}/100") 19 | mode = -1 20 | iv1 = BLOCK0 21 | pt1 = BLOCK0 + BLOCK0 + BLOCK0 + BLOCK0 22 | r.recvuntil(b" > ") # iv 23 | r.sendline(iv1.hex()) 24 | r.recvuntil(b" > ") # enc_option 25 | r.sendline(b'y') 26 | r.recvuntil(b" > ") # pt 27 | r.sendline(pt1.hex()) 28 | r.recvuntil(b" = ") # ct 29 | ct1 = bytes.fromhex(r.recvline().decode()) 30 | 31 | iv2 = BLOCK1 32 | ct2 = ct1[:16] + BLOCK0 + BLOCK0 33 | r.recvuntil(b" > ") # iv 34 | r.sendline(iv2.hex()) 35 | r.recvuntil(b" > ") # enc_option 36 | r.sendline(b'n') 37 | r.recvuntil(b" > ") # ct 38 | r.sendline(ct2.hex()) 39 | r.recvuntil(b" = ") # pt 40 | pt2 = bytes.fromhex(r.recvline().decode()) 41 | 42 | if ct1[0:16] == ct1[16:32]: 43 | mode = ECB_MODE 44 | 45 | elif ct1[48:64] == pt2[32:48]: 46 | mode = CTR_MODE 47 | 48 | elif pt2[0:16] == BLOCK1: 49 | mode = CBC_MODE 50 | 51 | elif pt2[16:32] == ct1[16:32]: 52 | mode = CFB_MODE 53 | 54 | else: 55 | mode = OFB_MODE 56 | 57 | r.recvuntil(b" > ") # mode 58 | r.sendline(str(mode).encode()) 59 | 60 | print(r.interactive()) -------------------------------------------------------------------------------- /2023/Whitehat Quals/[crypto] discrete_log/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] discrete_log 2 | 3 | ## Tag 4 | 5 | Discrete logarithm, Pohlig Hellman algorithm, Chinese remainder theorem 6 | 7 | ## Difficulty 8 | 9 | Medium 10 | 11 | ## Scenario 12 | 13 | In the problem, a 1020-bit random value $x$ is generated by appending a random byte after flag each time, and the attacker knows a randomly chosen base $g$ and $g^x \mod p$ for any $p$ he chooses, 77 times in total. However, $p$ must satisfy a number of conditions defined in the `is_safe_prime` function. These conditions are 14 | 15 | 1. $p$ must be 1024 bits or less. 16 | 2. $p-1$ must have a prime factor $q$ of at least 1000 bits. -------------------------------------------------------------------------------- /2023/Whitehat Quals/[crypto] discrete_log/dist/prob.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import os 3 | 4 | def is_safe_prime(p): 5 | if not isPrime(p): 6 | return False 7 | 8 | if p.bit_length() > 1024: 9 | return False 10 | 11 | q = int(input("A large(> 999 bits) prime q such that q | p-1? (in hex) > "), 16) 12 | if q < 0 or q.bit_length() < 1000 or p % q != 1: 13 | return False 14 | 15 | return True 16 | 17 | N = 1020 18 | flag = open('flag', 'rb').read() 19 | x = flag + os.urandom(N // 8 - len(flag)) 20 | x = bytes_to_long(x) 21 | 22 | for _ in range(77): 23 | p = int(input("prime modulus p? (in hex) > "), 16) 24 | if not is_safe_prime(p): 25 | print("invalid p..") 26 | exit(-1) 27 | 28 | g = bytes_to_long(os.urandom(N // 8)) 29 | print(f"g = {hex(g)[2:]}") 30 | 31 | y = pow(g, x, p) 32 | print(f"g^x = {hex(y)[2:]}") 33 | 34 | print("bye..") -------------------------------------------------------------------------------- /2023/Whitehat Quals/[crypto] discrete_log/dist/prob_revenge.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | import os 3 | 4 | def is_safe_prime(p): 5 | if not isPrime(p): 6 | return False 7 | 8 | if p.bit_length() > 1024: 9 | return False 10 | 11 | q = int(input("A large(> 999 bits) prime q such that q | p-1? (in hex) > "), 16) 12 | if isPrime(q) or q < 0 or q.bit_length() < 1000 or p % q != 1: 13 | return False 14 | 15 | return True 16 | 17 | N = 1020 18 | flag = open('flag', 'rb').read() 19 | x = flag + os.urandom(N // 8 - len(flag)) 20 | x = bytes_to_long(x) 21 | 22 | for _ in range(77): 23 | p = int(input("prime modulus p? (in hex) > "), 16) 24 | if not is_safe_prime(p): 25 | print("invalid p..") 26 | exit(-1) 27 | 28 | g = bytes_to_long(os.urandom(N // 8)) 29 | print(f"g = {hex(g)[2:]}") 30 | 31 | y = pow(g, x, p) 32 | print(f"g^x = {hex(y)[2:]}") 33 | 34 | print("bye..") -------------------------------------------------------------------------------- /2023/Whitehat Quals/[crypto] discrete_log/solution/README.md: -------------------------------------------------------------------------------- 1 | # [crypto] discrete_log 2 | 3 | ## Solution 4 | 5 | First, given $x = at + b$, consider $(g^x)^{2q}$: $(g^x)^{2q} = g^{x \times 2q} = g^{(at + b) \times 2q} = g^{2tq \times a} \times g^{2qb} = (g^{p-1})^{qa} \times g^{2qb}$, and by Fermat's theorem, $g^{p-1} \equiv 1 ( \text{mod } p)$, so we conclude that $(g^x)^{2q} \equiv g^{2qb} = (g^{2q})^b (\text{mod } p)$. 6 | 7 | 8 | Next, let's define $g' = g^{2q}$, then since $(g') ^ t \equiv 1 (\text{mod } p)$, the order of $g'$ is a weak number in $t$, and in particular, if $t$ is prime, the order of $g'$ is $1$ or $t$. So if $g' \not\equiv 1(\text{mod } p)$ when $t$ is prime, then the order of $g'$ is necessarily $t$, which means that $(g')^0, (g')^1, (g')^2, \dots, (g')^{t-1}$ are all different values. Finally, if we compute $(g^x)^{2q}$ and $(g')^0, (g')^1, (g')^2, \dots, (g')^{t-1}$ and find a $(g')^b$ among them that matches $(g^x)^{2q}$, we know that $x$ divided by $t$ is the remainder $b$. 9 | 10 | This means that for every query, an attacker can find the remainder of $x$ divided by $t$ by setting $p$ to $p = 2 \times t \times q + 1$ for small primes $t$ of 24 bits or less and large primes $q$ of 1000 bits or more. The way to find this $p$ is to simply grab an arbitrary $t$ and $q$ and see if $2 \times t \times q + 1$ is prime. The prime number theorem tells us that the probability of a 1024-bit number being prime is $1/1024$, so roughly 1024 iterations will give us $p$. However, this is a relatively time-consuming process, and you may want to consider preprocessing the list of such $p$ beforehand. In my actual exploit code, I preprocessed the $(p, q, t)$ pairs by picking a prime $q$ at random and holding it fixed, keeping the primes below $10^6$ as candidates for $t$, and then going through them one by one to find $p$ for which $2tq+1$ is prime. 11 | 12 | This can be repeated a total of 77 times for the 24-bit or smaller primes chosen by the attacker, and since the product of these primes is roughly 1848 bits, which is much larger than $x$, which is 1020 bits, we can finally recover $x$ using the Chinese Remainder Theorem. 13 | 14 | [+] I made a dumb mistakes that $q$'s primality is not checked in original problem(`prob.py`)😥😥. Please check `prob_revenge.py`. -------------------------------------------------------------------------------- /2023/Whitehat Quals/[crypto] discrete_log/solution/solver.py: -------------------------------------------------------------------------------- 1 | from Crypto.Util.number import * 2 | from pwn import * 3 | from sage.all import * 4 | import random 5 | from tqdm import tqdm 6 | 7 | 8 | def preprocess(): 9 | q_lists = [] 10 | while len(q_lists) < 3000: 11 | p = random.randint(2**1000, 2**1001) 12 | if isPrime(p): 13 | q_lists.append(p) 14 | print(len(q_lists)) 15 | 16 | return q_lists 17 | 18 | def get_unsafe_p(r): 19 | print("!!", r) 20 | q = (2**1024 - 1) // r 21 | if q % 2 == 0: 22 | q -= 1 23 | 24 | z = 0 25 | while q.bit_length() >= 1000: 26 | z += 1 27 | if z % 100 == 0: 28 | print(z) 29 | if not isPrime(q): 30 | q -= 2 31 | continue 32 | print("here?") 33 | p = q * r * 2 + 1 34 | if not isPrime(p): 35 | q -= 2 36 | continue 37 | 38 | return p, q 39 | 40 | return -1, -1 41 | 42 | def query(p, q): 43 | c.sendlineafter(b'>', hex(p)[2:].encode()) 44 | c.sendlineafter(b'>', hex(q)[2:].encode()) 45 | c.recvuntil(b' = ') 46 | g = int(c.recvline(), 16) 47 | c.recvuntil(b' = ') 48 | y = int(c.recvline(), 16) 49 | return g, y 50 | 51 | c = process(['python3', 'prob.py']) 52 | 53 | small_primes = prime_range(1,10**6) 54 | small_primes = small_primes[::-1] 55 | #q_lists = preprocess() 56 | 57 | crt_a = [] 58 | crt_m = [] 59 | 60 | def preprocess(): 61 | small_primes = prime_range(1,10**6) 62 | small_primes = small_primes[::-1] 63 | go = 0 64 | while go < 70: 65 | q = getPrime(1000) 66 | for r in small_primes: 67 | p = 2 * r * q + 1 68 | if isPrime(int(p)): 69 | break 70 | 71 | else: 72 | continue 73 | 74 | small_primes.remove(r) 75 | g, y = query(p, q) 76 | base = pow(g, 2*q, p) 77 | if base == 1: 78 | continue 79 | 80 | L = [p,q,r] 81 | f = open("preprocess.txt", "a") 82 | f.write(str(L) + '\n') 83 | f.close() 84 | go += 1 85 | 86 | # preprocess() 87 | 88 | L = [] 89 | for line in open("preprocess.txt").readlines(): 90 | z = eval(line) 91 | L.append(z) 92 | 93 | idx = 0 94 | while prod(crt_m) < 2 ** 1020: 95 | p,q,r = L[idx] 96 | idx += 1 97 | g, y = query(p, q) 98 | base = pow(g, 2*q, p) 99 | if base == 1: 100 | continue 101 | 102 | target = pow(y, 2*q, p) 103 | 104 | mul = 1 105 | for i in tqdm(range(r)): 106 | if mul == target: 107 | crt_a.append(i) 108 | crt_m.append(r) 109 | break 110 | mul = mul * base % p 111 | 112 | print(int(prod(crt_m)).bit_length(), "/ 1020") 113 | 114 | 115 | ans = crt(crt_a, crt_m) 116 | print(long_to_bytes(ans)) 117 | 118 | c.close() -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 encrypted-def 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | --------------------------------------------------------------------------------