duksctf

Bunch of sec. enthusiasts who sometimes play CTF

ASIS 2022 - Mariana

Find 40 discrete logarithm fixed points to solve the challenge. The range check allows to solve the equation with the Chinese remainder theorem with a negative value.

Read More

SEKAI 2022 - Symbolic Needs 2

*Cryptocurrency scammer was caught and laptop confiscated, use strings to recover command used to access his wallet and patch + decompile python pyc file to regenerate bip39 mnemonic and recreate the private key.

Read More

SEKAI 2022 - Broken Converter

XPS file which looks corrupt but in fact it is a OpenType font inside scrambled using Microsoft custom algorithm and then using fontdrop website to recover his secret.

Read More

SEKAI 2022 - Blind Infection 1

A ransomware encrypted some text file, but the user has already used an online paste website to save it. Read the firefox profiles backuped by snap and find tin the history the url of the paste.

Read More

PlaidCTF 2020 - Reee

Execute an unscrambling function to get the compare algorithm. Then figure out what the algorithm does to recover the flag.

Read More

BlackAlps 2019 - Schnorr

Schnorr signature with a Blum-Blum-Schub PRNG to generate the nonce. Since the quadratic equation can be solved in the prime group the private key can be recover from two consecutive signatures.

Read More

GreHack 2019 - Delayed Memories - The Grid

Reverse challenge which is finally a maze. A move is encoded on 2 bit of a character given as input. The combination which gets you out of the maze is the flag. We present here three different ways to solve the challenge.

Read More

N1CTF 2019 - Part3-BabyRSA

RSA encrypted flag but each flag bit is encrypted at a time with random padding. The padding is a square thus using computing the Jacobi symbol for each bit encryption reveals the flag.

Read More

Insomni'hack 2019 - INSFS

A serial connection gives access to a basic filesystem. Repairing the filesystem with debug tools and adjusting an offset gives access to protected data.

Read More

Ph0wn 2018 - LoRa{1,2,3}

LoRa1: Use LoRa dev board to listen to the EU 868.1MHZ and received the flag LoRa2: Scan all the EU frequencies and SpreadFactor to get the flag LoRa3: Find the flag on the LoRa base station

Read More

Y-Not-CTF - SmS Secret Secure Server - Crypto

We’re given a ssh username, server ip and public key using ECDSA, along with a _very secure RNG_ python script used to generate the ECDSA key. Exploiting a weakness in the RNG, we can enumerate all possible keys and find the private key to log on the server.

Read More

Y-Not-CTF - BlackBox

The binary ask for a password and use RunPE technic to create a new process. Two technic can be used, first is to dump the PE when the program copy it, second is to break on SetThreadContext and put a breakpoint on the new entrypoint.

Read More

GoogleCTF 2017 - Rubik

An interactive server implements a login challenge with a variant of Diffie-Hellman on the group of permutations of the Rubik’s cube. After computing a discrete logarithm on this (non-abelian) group, we can compute the handshake to log in as admin and obtain the flag.

Read More

Google CTF 2017 - Counting (RE)

We’re given two files: an ELF binary counter, and some data code. The goal of the challenge is then to find the output of ./counter 9009131337. Keywords: reverse engineering, virtual machine, hailstone sequence, fibonnaci modulo

Read More

PlaidCTF 2017 - Echo

We’re given a webapp performing text2speech on a maximium of 4 tweets. Exploiting an remote command injection in the dockerized script generating the audio allows to decode remotely the flag before exfiltrating it using text2speech.

Read More

PlaidCTF 2017 - FHE

The flag is encrypted with ElGamal and an additional layer of custom fully-homomorphic encryption. We can recover the FHE key under known-message attack by solving a linear system. The group used for ElGamal is weak (its order has small prime factors), so we can compute a discrete logarithm to recover the secret exponent and decrypt the flag.

Read More

PlaidCTF 2017 - Multicast

The same flag is encrypted 5 times with RSA small public exponent and linear padding. The generalization of Håstad’s broadcast attack and the Coppersmith method allow to recover the flag.

Read More

Make IDA Pro Great Again

In this post I will explain a neat way to use our own python, Qt 5.6, PyQt 5.6 version with IDA Pro, then how to use a chrooted Arch Linux 32bit to run IDA Pro in order not to pollute our host with pesky lib32-XX packages and Finally I will document installation and configuration of some useful IDA Pro plugins.

Read More

AlexCTF 2017 - unVM me

A Python byte code file was provided without the source code. After its decompilation, we noticed that each 5-byte slice of the flag was hash with MD5 and compared. After brute forcing the hashes contained in the file we got the flag.

Read More

AlexCTF 2017 - Bring weakness

A sever shows us random looking numbers and we have to predict the output of the next number. The numbers were generated using a linear congruential generator. Using the Marsaglia method we were ale to fully recover the parameters of the PRNG and thus predict the number sequence.

Read More

AlexCTF 2017 - Packed Movement

Elf binary asking for a flag. The binary was packed by UPX then poorly obfusctated using the movfusator, just looking at the assembly, a mov R2, 0xXX pattern appears, using a ida script to grab all mov R2 yield the flag.

Read More

AlexCTF 2017 - Catalyst System

Elf binary asking for username/password, the username is used to compute a seed to srand, which then get use to substract rand() with every 4 bytes of the password.

Read More

AlexCTF 2017 - Unknown Format

We received a USB PCAP of an update transaction between a computer and Amazon Kindle. After reconstructing the update, we used a tool called KindleTool in order to deobfuscate the binary, then we used some python code to inflate the malformed gzip inside.

Read More

TUM CTF 2016 - haggis

The challenge is to create a plaintext with a given prefix that will result in a AES CBC-MAC mode using PKCS#7 padding.

Read More

DEFCON qualifiers 2016 - heapfun4u

This challenge is about a binary with a custom implemented heap. With a use after free, it is possible to corrupt the double linked free list and have the address of a chunk written at an arbitrary address. With that we overwrite the saved return pointer with the address of the shellcode and pop a shell.

Read More

DEFCON qualifiers 2016 - Baby-re

Remote binary asks for 13 values, looking at the binary we find out that the condition is a system of linear equations over 32-bit signed integers. We find the equations from the binary and solve them to find the unique solution.

Read More

TU CTF 2016 - Secure Auth

To authenticate on a server we had to provide a message signed with a RSA private key. Hopefully the server allows us to sign any message except the one requested with the same key.

Read More

Plaid CTF 2016 - fixedpoint

Here is another solution to a pwn challenge. They are no vulnerability per say, but a rather interesting way of getting code execution through floating point arithmetics.

Read More

Plaid CTF 2016 - Butterfly

Here is a solution to the second pwn challenge butterfly. This is not your usual buffer overflow, but rather a nice demonstration on how bit flips can be dangerous!

Read More

Plaid CTF 2016 - Kriptovor

Kriptovor is a real ransomware, we analyzed the pcap, found the privatekey in the second email send by the malware, we then installed Delphi and use the lockbox3 library to decrypt with the RSA private key the AES key that was used to encrypt the flag.

Read More

Plaid CTF 2016 - Morset

After connecting to a socket, we received some character that looks like morse code. We use a python script to decode it, then it looks like base36, we decode it and we found a string asking us to send the sha256 of it. We send it back using the same encoding scheme which gave us the flag.

Read More

Nuit du hack quals 2016 - Invest

We received a invest.pcapng file which contains a schematic, encrypted files and a binary chain. Once the binary chain was passed in the schematic we obtained a password to decrypt with OpenSSL the files. The resulting file is a Word document with the Flag inside.

Read More

Nuit du hack quals 2016 - Catch me if you can

The task is a usb pcap where two files were transfered. The trick was to take each odd packet number and take 0x708 of each to create the first file, use the even for the 2nd file. We were left with two Libreoffice ods file. In the 2nd one, we found a table and a weird alphabetic suite which used against the table give us the flag.

Read More

Insomni'hack 2016 - Pcapbleeding

We got a pcap, the problem was obvious from the challenge name (heartbleed). Given the RSA-2048 pubkey we sought for prime numbers of around 1024 bits in the pcaps, then reconstructed the private key and used it to decrypt the encrypted part of the session, which contained the flag.

Read More

Insomni'hack 2016 - Microwave

The microwave application is used to let your microwave tweets you favorite food. We identified two vulnerabilities in the binary: a string format and a buffer overflow. The string format allowed us to leak the canary and some addresses of the libc. Those were then used to exploit the buffer overflow and access the flag.

Read More