Cryptography challenges from n00bzCTF 2023
100% yay
Aes-1
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.spec.KeySpec;
import java.util.Base64;
public class AESChallenge {
private static final String AES_ALGORITHM = "AES";
private static final String PBKDF2_ALGORITHM = "PBKDF2WithHmacSHA256";
private static final int ITERATIONS = 10000;
private static final int KEY_SIZE = 256;
private static SecretKey generateKey(String password, byte[] salt) throws Exception {
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, ITERATIONS, KEY_SIZE);
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBKDF2_ALGORITHM);
SecretKey tmp = factory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), AES_ALGORITHM);
}
private static String encrypt(String plainText, SecretKey key) throws Exception {
Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encryptedBytes = cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(encryptedBytes);
}
public static void main(String[] args) {
String flag = "REDACTED";
String password = "aesiseasy";
byte[] salt = "saltval".getBytes(StandardCharsets.UTF_8);
try {
SecretKey key = generateKey(password, salt);
String encryptedFlag = encrypt(flag, key);
System.out.println("Encrypted Flag: " + encryptedFlag);
} catch (Exception e) {
e.printStackTrace();
}
}
}
Thanks to Github copilot, “I” wrote a decryption method.
private static String decrypt(String encryptedText, SecretKey key) throws Exception {
Cipher cipher = Cipher.getInstance(AES_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] encryptedBytes = Base64.getDecoder().decode(encryptedText);
byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
return new String(decryptedBytes);
}
Flag: n00bz{1_d0n't_l1k3_a3s_ch4ll3ng3_d0_y0u_lik3?_41703148ed8347adbe238ffbdbaf5e16}
Maas
#!/usr/bin/python3
import random
from Crypto.Util.number import *
flag = open('flag.txt').read()
alpha = 'abcdefghijklmnopqrstuvwxyz'.upper()
to_guess = ''
for i in range(16):
to_guess += random.choice(alpha)
for i in range(len(to_guess)):
for j in range(3):
inp = int(input(f'Guessing letter {i}, Enter Guess: '))
guess = inp << 16
print(guess % ord(to_guess[i]))
last_guess = input('Enter Guess: ')
if last_guess == to_guess:
print(flag)
else:
print('Incorrect! Bye!')
exit()
I tried to find a modulus number where for each character the output was unique. Then use that modulus and decrypt the flag.
alpha = 'abcdefghijklmnopqrstuvwxyz'.upper()
for q in range(1,1000000):
c = []
for i in range(26):
c.append((q<<16) % ord(alpha[i]))
b = 0
for a in c:
s = 0
for d in c:
if a == d:
s += 1
if s > 1:
b = 1
break
if not b:
break
# print(q)
# print(c)
from pwn import *
context.log_level = 'error'
r = remote("challs.n00bzunit3d.xyz", 51081)
f = ""
for i in range(16):
r.recv()
r.sendline(bytes(str(q),'utf-8'))
f += alpha[c.index(int(r.recvline().decode()))]
for i in range(2):
r.recv()
r.sendline(bytes(str(q),'utf-8'))
r.recv()
r.sendline(bytes(f,"utf-8"))
print(r.recv().decode('utf-8').strip())
Flag: n00bz{M0dul0_f7w_1a4d3f5c!}
RSA
Assuming the string the server is encrypting is the same flag, this is just Håstad’s broadcast attack.
from pwn import *
from sympy.ntheory.modular import crt
from gmpy2 import iroot
from Crypto.Util.number import long_to_bytes
ns=[]
cs=[]
for i in range(17):
r = remote('challs.n00bzunit3d.xyz', 2069)
e = eval(r.recvline().rstrip().lstrip(b'e = '))
cs.append(eval(r.recvline().rstrip().lstrip(b'ct = ')))
ns.append(eval(r.recvline().rstrip().lstrip(b'n = ')))
r.close()
M17 = crt(ns, cs)[0]
print(long_to_bytes(iroot(M17,17)[0]))
Flag: n00bz{5m4ll_3_1s_n3v3r_g00d!}