-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
MohamadAli
authored
May 22, 2024
1 parent
130b564
commit 1b12e3c
Showing
9 changed files
with
506 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
tags: | ||
- BYUCTF | ||
- BYUCTF-2024 | ||
- Crypto | ||
- RSA | ||
--- | ||
|
||
|
||
# چالش AreSA | ||
|
||
<center> | ||
![AreSA](AreSA.png) | ||
</center> | ||
|
||
## صورت سوال | ||
فایلی که بهمون دادن رو بررسی میکنیم و با توجه به نام متغیرها پی میبریم که از رمزگذاری RSA استفاده شده است. | ||
|
||
|
||
یه فایل متنی بهمون دادن که محتواش اینه: | ||
### خروجی `cne.txt`: | ||
``` | ||
n = 128393532851463575343089974408848099857979358442919384244000744053339479654557691794114605827105884545240515605112453686433508264824840575897640756564360373615937755743038201363814617682765101064651503434978938431452409293245855062934837618374997956788830791719002612108253528457601645424542240025303582528541 | ||
e = 65537 | ||
c = 93825584976187667358623690800406736193433562907249950376378278056949067505651948206582798483662803340120930066298960547657544217987827103350739742039606274017391266985269135268995550801742990600381727708443998391878164259416326775952210229572031793998878110937636005712923166229535455282012242471666332812788 | ||
``` | ||
|
||
## روش حل | ||
|
||
خب خیلی سریع میریم و $n$ رو بررسی میکنیم و میبینیم که یک عدد اول هست. بنابراین $Phi$ را محاسبه کرده و بقیه مراحل بسیار واضح هست. | ||
|
||
|
||
```python linenums="1" hl_lines="8-10" | ||
from Crypto.Util.number import * | ||
|
||
n = 128393532851463575343089974408848099857979358442919384244000744053339479654557691794114605827105884545240515605112453686433508264824840575897640756564360373615937755743038201363814617682765101064651503434978938431452409293245855062934837618374997956788830791719002612108253528457601645424542240025303582528541 | ||
e = 65537 | ||
c = 93825584976187667358623690800406736193433562907249950376378278056949067505651948206582798483662803340120930066298960547657544217987827103350739742039606274017391266985269135268995550801742990600381727708443998391878164259416326775952210229572031793998878110937636005712923166229535455282012242471666332812788 | ||
|
||
|
||
phi = n-1 | ||
d=inverse(e, phi) | ||
long_to_bytes(pow(c, d, n)) | ||
``` | ||
|
||
|
||
|
||
--- | ||
??? success "FLAG :triangular_flag_on_post:" | ||
<div dir="ltr">`byuctf{d1d_s0m3_rs4_stuff...m1ght_d3l3t3_l4t3r}`</div> | ||
|
||
|
||
!!! نویسنده | ||
[MohamadAli](https://github.com/wh1te-r0s3) | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
--- | ||
tags: | ||
- BYUCTF | ||
- BYUCTF-2024 | ||
- Crypto | ||
--- | ||
|
||
|
||
# چالش Austen Supremacy | ||
|
||
<center> | ||
![Austen-Supremacy](Austen-Supremacy.png) | ||
</center> | ||
|
||
## صورت سوال | ||
لیدیا جین آستن را دوست دارد. در واقع کتاب مورد علاقه او Pride and Prejudice است. او و دوستانش دوست دارند درباره کتاب با هم صحبت کنند، اما اخیرا لیدیا شروع به رمزگذاری پیام های خود کرده است. متأسفانه دوستان لیدیا کد مخفی او را درک نمی کنند -- می توانید به آنها کمک کنید و پیام مخفی را شناسایی کنید؟ | ||
|
||
``` | ||
1.1.1 8.9.8 10.2.11 4.14.28 61.2.4 47.10.3 23.7.37 41.12.4 17.6.10 1.1.21 | ||
``` | ||
|
||
## حل | ||
با توجه به فرمت پیامی که لیدا ارسال کرده حدس زدیم که ممکنه ربطی به این کتاب کرده باشه بنابراین رفتیم و کتاب رو دانلود کردیم و حس زدیم که الگوی پیامی که لیدا ارسال کرده به صورت زیر است: | ||
|
||
``` | ||
Chapter.Paragraph.Character | ||
``` | ||
خوشبختانه حدسمون درست بود و فلگ رو بدست اوردیم. | ||
|
||
|
||
|
||
--- | ||
??? success "FLAG :triangular_flag_on_post:" | ||
<div dir="ltr">`byuctf{ilovedarcy}`</div> | ||
|
||
|
||
!!! نویسنده | ||
[MohamadAli](https://github.com/wh1te-r0s3), | ||
[HIGHer](https://twitter.com/HIGH01012) | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,161 @@ | ||
--- | ||
tags: | ||
- BYUCTF | ||
- BYUCTF-2024 | ||
- Crypto | ||
- Eliptic-Curve | ||
--- | ||
|
||
|
||
# چالش Times | ||
|
||
<center> | ||
![Times](Times.png) | ||
</center> | ||
|
||
## صورت سوال | ||
میگه این فقط یک ضرب است....درسته؟ | ||
|
||
|
||
یه فایل متنی و یک اسکریپت پایتون رو بهمون دادن | ||
|
||
### خروجی `times.txt`: | ||
``` | ||
Curve: y^2 = x**3 + 13x + 245 % 335135809459196851603485825030548860907 | ||
Point: (14592775108451646097, 237729200841118959448447480561827799984) | ||
{'ciphertext': b'SllGMo5gxalFG9g8j4KO0cIbXeub0CM2VAWzXo3nbIxMqy1Hl4f+dGwhM9sm793NikYA0EjxvFyRMcU2tKj54Q==', 'iv': b'MWkMvRmhFy2vAO9Be9Depw=='} | ||
``` | ||
|
||
## روش حل | ||
|
||
وقتی فایل متنی رو میبینیم با توجه به منحنی و فرمتی که داره متوجه میشیم که با Elliptic-Curve طرف هستیم. در واقع این منحنی بیضوی در یک میدان محدود از نقاطی تشکیل شده که باید به معادله به فرمت زیر را برآورده کنه: | ||
|
||
$$y^2 =x^3 + ax + b$$ | ||
|
||
و با توجه به عنوان سوال حدس میزنیم که هدف scalar multiplication هست. | ||
|
||
```python linenums="1" | ||
import hashlib | ||
from Crypto.Cipher import AES | ||
from Crypto.Util.Padding import pad, unpad | ||
from ellipticcurve import * # I'll use my own library for this | ||
from base64 import b64encode | ||
import os | ||
from Crypto.Util.number import getPrime | ||
|
||
def encrypt_flag(shared_secret: int, plaintext: str): | ||
iv = os.urandom(AES.block_size) | ||
|
||
#get AES key from shared secret | ||
sha1 = hashlib.sha1() | ||
sha1.update(str(shared_secret).encode('ascii')) | ||
key = sha1.digest()[:16] | ||
|
||
#encrypt flag | ||
plaintext = pad(plaintext.encode('ascii'), AES.block_size) | ||
cipher = AES.new(key, AES.MODE_CBC, iv) | ||
ciphertext = cipher.encrypt(plaintext) | ||
|
||
return { "ciphertext" : b64encode(ciphertext), "iv" : b64encode(iv) } | ||
|
||
def main(): | ||
the_curve = EllipticCurve(13, 245, getPrime(128)) | ||
start_point = None | ||
while start_point is None: | ||
x = getPrime(64) | ||
start_point = the_curve.point(x) | ||
print("Curve: ", the_curve) | ||
print("Point: ", start_point) | ||
new_point = start_point * 1337 | ||
|
||
flag = "byuctf{REDACTED}" | ||
print(encrypt_flag(new_point.x, flag)) | ||
|
||
if __name__ == "__main__": | ||
main() | ||
``` | ||
|
||
خب نگاهی به اسکریپت داده شده میندازیم و میبینیم که بعله همونطور که حدس میزدیم هدف محاسبه scalar multiplication با $n=1337$ و بعدش مختصات x حاصل از خروجی scalar multiplication رو به عنوان shared secret و فلگ رو به عنوان plaintext به تابع encrypt_flag داده می شود. | ||
|
||
|
||
در واقع تمام کاری که ما باید انجام بدیم اینه که یک تابع scalar multiplication بنویسیم و بعد اون یک تابع برای decrypt کردن فلگ با توجه AES در مد CBC بنویسیم ( همانطور که میبنید ciphertext و iv در فایل times.txt قرار داده شده است ). | ||
|
||
|
||
### پیاده سازی Scalar Multiplication: | ||
```python linenums="1" | ||
from Crypto.Util.number import * | ||
P=(14592775108451646097, 237729200841118959448447480561827799984) | ||
p=335135809459196851603485825030548860907 | ||
a=13 | ||
def point_addition(P, Q, p, a): | ||
if P == (0,0): | ||
return Q | ||
elif Q == (0,0): | ||
return P | ||
elif P[0] == Q[0] & P[1] == -Q[1]: | ||
return (0,0) | ||
elif P != Q: | ||
landa = (((Q[1] - P[1]) % p) * inverse( ((Q[0] - P[0]) % p), p)) % p | ||
elif P == Q: | ||
landa = ( (((3*((P[0]**2) % p) % p) + a) % p) * inverse( ((2 * P[1]) % p), p)) % p | ||
x = (((landa**2) % p) - P[0] - Q[0]) % p | ||
y = (((landa*((P[0] - x) % p)) % p) - P[1]) % p | ||
return (x, y) | ||
|
||
def scalar_multiplication(P, n, p, a): | ||
Q = P | ||
R = (0,0) | ||
while n > 0: | ||
if n % 2 == 1: | ||
R = point_addition(R, Q, p, a) | ||
Q = point_addition(Q, Q, p, a) | ||
n = math.floor(n/2) | ||
return R | ||
|
||
scalar_multiplication(P, 1337, p, a) | ||
``` | ||
|
||
### پیاده سازی decrypt_flag: | ||
```python | ||
from Crypto.Cipher import AES | ||
from base64 import b64decode | ||
from Crypto.Util.Padding import unpad | ||
|
||
|
||
def decrypt_flag(shared_secret: int, ciphertext_dict: dict): | ||
|
||
# Derive AES key from shared secret (same as encryption) | ||
sha1 = hashlib.sha1() | ||
sha1.update(str(shared_secret).encode('ascii')) | ||
key = sha1.digest()[:16] | ||
|
||
# Retrieve ciphertext and IV from dictionary | ||
ciphertext = b64decode(ciphertext_dict["ciphertext"]) | ||
iv = b64decode(ciphertext_dict["iv"]) | ||
|
||
# Decrypt the ciphertext | ||
cipher = AES.new(key, AES.MODE_CBC, iv) | ||
plaintext = unpad(cipher.decrypt(ciphertext), AES.block_size) | ||
|
||
# Return the decrypted string | ||
return plaintext.decode('ascii') | ||
|
||
|
||
shared_secret = 130102914376597655583988556541378621904 | ||
|
||
ciphertext_dict = {'ciphertext': b'SllGMo5gxalFG9g8j4KO0cIbXeub0CM2VAWzXo3nbIxMqy1Hl4f+dGwhM9sm793NikYA0EjxvFyRMcU2tKj54Q==', 'iv': b'MWkMvRmhFy2vAO9Be9Depw=='} | ||
|
||
|
||
decrypt_flag(shared_secret, ciphertext_dict) | ||
``` | ||
|
||
|
||
|
||
--- | ||
??? success "FLAG :triangular_flag_on_post:" | ||
<div dir="ltr">`byuctf{mult1pl1c4t10n_just_g0t_s0_much_m0r3_c0mpl1c4t3d}`</div> | ||
|
||
|
||
!!! نویسنده | ||
[MohamadAli](https://github.com/wh1te-r0s3) | ||
|
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.