initial

Co-authored-by: 53buahapel <[email protected]>
Co-authored-by: adzkyyy <[email protected]>
Co-authored-by: aimardcr <[email protected]>
Co-authored-by: Dimas Maulana <[email protected]>
Co-authored-by: hanasuru <[email protected]>
Co-authored-by: Merricx <[email protected]>
Co-authored-by: zakigeyan <[email protected]>

Crypto/Alin/README.md

@@ -0,0 +1,23 @@
+# Alin
+
+rui
+
+---
+
+## Flag
+
+```
+INTECHFEST{y3t_4n0th3r_m4tr1x_ch4ll_bu7_wr1tt3n_1n_j4v4}
+```
+
+## Description
+> Just implement one of my class subject
+
+## Difficulty
+easy
+
+## Tags
+Java
+
+## Notes
+intentionally left empty

Crypto/Alin/chall/Matrix.java

@@ -0,0 +1,59 @@
+import java.util.Scanner;
+
+public class Matrix {
+    static Scanner input = new Scanner(System.in);
+
+    public static int[][] multiply(int[][] a, int[][] b){
+        int x = a.length;
+        int y = b[0].length;
+        int z = y;
+        int[][] result = new int[x][y];
+        for (int i = 0; i < x; i++) {
+            for (int j = 0; j < y; j++) {
+                for (int k = 0; k < z; k++) {
+                    result[i][j] += a[i][k] * b[k][j];
+                }
+            }
+        }
+        return result;
+    }
+
+    public static int[][][] string_to_matrix(String text){
+
+        int[][][] matrix = new int[text.length() / 9][3][3];
+        for (int i = 0; i < text.length(); i += 9){
+            int[][] matrices = new int[3][3];
+            for (int j = 0; j < 9; j++) matrices[j / 3][j % 3] = (int)text.charAt(i + j);
+            matrix[i / 9] = matrices;
+        }
+        return matrix;
+    }
+
+    public static void main(String[] args) {
+        System.out.print("plaintext: ");
+        String plaintext = input.nextLine();
+
+        if (plaintext.length() % 9 != 0) 
+            plaintext += "?".repeat(9 - (plaintext.length() % 9));
+
+        int[] cipher = new int[plaintext.length()];
+
+        int[][][] mat = string_to_matrix(plaintext);
+
+        for (int i = 0; i < mat.length; i++){
+            int[][] A = mat[i];
+            int[][] B = mat[0];
+            int[][] C = multiply(A, B);
+            for (int j = 0; j < 3; j++){
+                for (int k = 0; k < 3; k++){
+                    cipher[i * 9 + j * 3 + k] = C[j][k];
+                }
+            }
+        }
+
+        System.out.print("ciphertext: ");
+        for (int i = 0; i < cipher.length; i++){
+            System.out.print(cipher[i] + " ");
+        }
+    }
+}

Crypto/Alin/chall/flag.txt

@@ -0,0 +1 @@
+INTECHFEST{y3t_4n0th3r_m4tr1x_ch4ll_bu7_wr1tt3n_1n_j4v4}

Crypto/Alin/challenge.yml

@@ -0,0 +1,14 @@
+# yaml-language-server: $schema=../../challenge.schema.yaml
+name: "Alin"
+author: "rui"
+category: Crypto
+description: |
+    Just implement one of my class subject.
+
+value: 1000
+type: StaticAttachment
+
+flags:
+    - INTECHFEST{y3t_4n0th3r_m4tr1x_ch4ll_bu7_wr1tt3n_1n_j4v4}
+
+provide: ./dist

Crypto/Alin/dist/flag.enc

@@ -0,0 +1 @@
+16591 16716 18720 14700 14839 16596 15681 15810 17737 23089 23142 25955 18377 18305 20521 14746 14738 16272 19214 19535 21465 22507 22778 25463 19780 19694 22182 18507 18417 20641 18043 18278 20120 21986 22215 24733 19077 19278 21221 23126 23249 26010 19701 19598 22096 17963 17903 20089 17817 17747 19921 19586 19894 22442 16831 16778 18597 13356 13482 15057 13356 13482 15057

Crypto/CRC32plus/README.md

@@ -0,0 +1,25 @@
+# crc32plus
+
+deomkicer
+
+## Flag
+
+```
+INTECHFEST{m33t_in_the_m1ddle_is_b0ring__lets_meet_in_the_two_thirds}
+```
+
+## Description
+
+Pure crc32 is weak, that's why I tweaked it a little bit to make it more secure and then called it crc32plus.
+
+## Difficuly
+
+Hard
+
+## Tags
+
+crc32, meet-in-the-middle
+
+## Notes
+
+...

Crypto/CRC32plus/chall/Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.11-slim
+
+RUN apt-get update
+RUN apt-get install -y nano socat
+RUN pip install pycryptodome
+
+WORKDIR /opt
+
+COPY server.py .
+
+CMD echo $GZCTF_FLAG > flag.txt && socat TCP-LISTEN:5000,fork,reuseaddr EXEC:'python3 server.py'

Crypto/CRC32plus/chall/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  crc32plus:
+    build: .
+    container_name: crc32plus
+    ports:
+      - 5301:5000
+    restart: always
+    environment:
+      - GZCTF_FLAG=INTECHFEST{m33t_in_the_m1ddle_is_b0ring__lets_meet_in_the_two_thirds}

Crypto/CRC32plus/chall/flag.txt

@@ -0,0 +1 @@
+INTECHFEST{m33t_in_the_m1ddle_is_b0ring__lets_meet_in_the_two_thirds}

Crypto/CRC32plus/chall/init.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+FLAG="$GZCTF_FLAG" python3 server.py

Crypto/CRC32plus/chall/server.py

@@ -0,0 +1,82 @@
+#!/usr/bin/env python3
+from Crypto.Cipher import Salsa20
+from Crypto.Util.number import long_to_bytes
+import random
+import signal
+import string
+import os
+
+CHARSET = string.digits + string.ascii_lowercase + "_"
+FLAG = os.getenv("GZCTF_FLAG", "INTECHFEST{redacted}")
+
+
+class crc32plus:
+    def __init__(self, p):
+        self.m = 0xFFFFFFFF
+        self.p = p & self.m
+        self.t = []
+        for i in range(256):
+            v = i
+            for _ in range(8):
+                v = (self.p ^ (v >> 1)) if (v & 1) == 1 else (v >> 1)
+            self.t.append(v)
+
+    def _update(self, buf):
+        v = self.m
+        for c in buf:
+            v = self.t[(v ^ c) & 0xFF] ^ (v >> 8)
+        return v ^ self.m
+
+    def calc(self, buf):
+        v = self.m
+        buf = b"\x88" + buf + b"\x88"
+        for i in range(len(buf) - 1):
+            v = self._update(long_to_bytes(v, 4) + buf[i : i + 2])
+        return long_to_bytes(v ^ self.m, 4)
+
+    def __repr__(self):
+        return f"crc32plus(poly={hex(self.p)})"
+
+
+def gen_rand_str():
+    return "crc32plus_" + "".join(random.choices(CHARSET[:-1], k=6))
+
+
+def user_input(s):
+    try:
+        inp = input(s).strip()
+        assert len(inp) < 256 and all(c in CHARSET for c in inp)
+        return inp.encode()
+    except:
+        exit()
+
+
+def main():
+    poly = random.getrandbits(32)
+    c32p = crc32plus(poly)
+
+    print(f"Prove that you can find collision on {c32p}")
+    m1 = user_input("Message #1: ")
+    m2 = user_input("Message #2: ")
+    if m1 == m2 or c32p.calc(m1) != c32p.calc(m2):
+        print("Nope")
+        return
+
+    key = gen_rand_str().encode()
+    ptx = gen_rand_str().encode()
+    cipher = Salsa20.new(key)
+    ctx = cipher.nonce + cipher.encrypt(ptx)
+    hsh = c32p.calc(key)
+
+    print(f"Prove that you can reverse this crc32plus: {hsh.hex() + ctx.hex()}")
+    m3 = user_input("Plaintext: ")
+    if m3 != ptx:
+        print("Nope")
+        return
+
+    print(FLAG)
+
+
+if __name__ == "__main__":
+    signal.alarm(90)
+    main()

Crypto/CRC32plus/challenge.yml

@@ -0,0 +1,29 @@
+# yaml-language-server: $schema=../../challenge.schema.yaml
+name: "CRC32plus"
+author: "deomkicer"
+category: Crypto
+description: |
+    Pure crc32 is weak, that's why I tweaked it a little bit to make it more secure and then called it crc32plus.
+
+    Note: The timeout is changed to 90s
+
+value: 1000
+type: DynamicContainer
+
+scripts:
+    start: cd chall && docker build -t crc32plus .
+
+container:
+    flagTemplate: INTECHFEST{m33t_in_the_m1ddle_is_b0ring__lets_meet_in_the_two_thirds_[TEAM_HASH]}
+    containerImage: "crc32plus:latest"
+    memoryLimit: 512
+    cpuCount: 2
+    storageLimit: 512
+    containerExposePort: 5000
+    enableTrafficCapture: false
+
+provide: ./dist
+
+hints:
+    - This implementation (https://github.com/theonlypwner/crc32) might help, but you still need to tweak it for this challenge
+    - You need some luck to get the "good" poly. Once you get the "good" poly, you also need another luck and optimization for solving the collision and reversing the crc32plus in a very short time. On average, author's solution takes ~5 mins to bruteforce and finally be able to get the flag.

Crypto/CRC32plus/dist/server.py

@@ -0,0 +1,81 @@
+#!/usr/bin/env python3
+from Crypto.Cipher import Salsa20
+from Crypto.Util.number import long_to_bytes
+import random
+import signal
+import string
+
+CHARSET = string.digits + string.ascii_lowercase + "_"
+FLAG = open("flag.txt").read()
+
+
+class crc32plus:
+    def __init__(self, p):
+        self.m = 0xFFFFFFFF
+        self.p = p & self.m
+        self.t = []
+        for i in range(256):
+            v = i
+            for _ in range(8):
+                v = (self.p ^ (v >> 1)) if (v & 1) == 1 else (v >> 1)
+            self.t.append(v)
+
+    def _update(self, buf):
+        v = self.m
+        for c in buf:
+            v = self.t[(v ^ c) & 0xFF] ^ (v >> 8)
+        return v ^ self.m
+
+    def calc(self, buf):
+        v = self.m
+        buf = b"\x88" + buf + b"\x88"
+        for i in range(len(buf) - 1):
+            v = self._update(long_to_bytes(v, 4) + buf[i : i + 2])
+        return long_to_bytes(v ^ self.m, 4)
+
+    def __repr__(self):
+        return f"crc32plus(poly={hex(self.p)})"
+
+
+def gen_rand_str():
+    return "crc32plus_" + "".join(random.choices(CHARSET[:-1], k=6))
+
+
+def user_input(s):
+    try:
+        inp = input(s).strip()
+        assert len(inp) < 256 and all(c in CHARSET for c in inp)
+        return inp.encode()
+    except:
+        exit()
+
+
+def main():
+    poly = random.getrandbits(32)
+    c32p = crc32plus(poly)
+
+    print(f"Prove that you can find collision on {c32p}")
+    m1 = user_input("Message #1: ")
+    m2 = user_input("Message #2: ")
+    if m1 == m2 or c32p.calc(m1) != c32p.calc(m2):
+        print("Nope")
+        return
+
+    key = gen_rand_str().encode()
+    ptx = gen_rand_str().encode()
+    cipher = Salsa20.new(key)
+    ctx = cipher.nonce + cipher.encrypt(ptx)
+    hsh = c32p.calc(key)
+
+    print(f"Prove that you can reverse this crc32plus: {hsh.hex() + ctx.hex()}")
+    m3 = user_input("Plaintext: ")
+    if m3 != ptx:
+        print("Nope")
+        return
+
+    print(FLAG)
+
+
+if __name__ == "__main__":
+    signal.alarm(60)
+    main()

Crypto/Edward/README.md

@@ -0,0 +1,25 @@
+# edward
+
+merricx
+
+## Flag
+
+```
+INTECHFEST{https://imgur.com/a/HsPr3EU}
+```
+
+## Description
+
+You've seen PoW with a hash function, but have you seen PoW with a digital signature?
+
+## Difficulty
+
+medium
+
+## Tags
+
+ecc, ed25519
+
+## Notes
+
+Somewhat 0day-ish since not all libraries are affected, but most of the time it's not considered security vulnerability

Crypto/Edward/chall/Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.11-slim
+
+RUN apt-get update
+RUN apt-get install -y nano socat gcc
+RUN pip install ed25519
+
+WORKDIR /opt
+
+COPY challenge.py .
+
+
+CMD echo $GZCTF_FLAG > flag.txt && socat TCP-LISTEN:5000,fork,reuseaddr EXEC:'python3 challenge.py'