ctf writeups ✏️


ACSC 2023


STACK The Flags 2022


  • janken vs kurenaif: Recover seed for python PRNG
  • witches_symmetric_exam: Chaining OFB padding oracle into ECB encryption oracle into GCM encryption / decryption oracle
  • insufficient: Break
  • multivariate polynomial shares with CVP
  • this_is_not_lsb: RSA interval oracle and binary search
  • BBB: Polynomial RNG parameter selection to make RNG cyclic + Hastad’s broadcast attack on RSA
  • pqpq: Polynomial massaging to break RSA

WMCTF 2022


MCH 2022

ImaginaryCTF 2022

  • Poker: Recover python PRNG behind a modulo
  • Secure Encoding: Base64: Revert substitution cipher on Base64 data using simulated annealing
  • Living Without Expectations: Break learning with errors with CVP
  • Lorge: Break RSA key with smooth primes using Pollard p-1 attack despite mitigations
  • stream: Reverse binary and derive LCG key
  • hash: Custom hash collision using z3
  • otp: Biased one time pad

Google CTF 2022

  • OCR: Leak images in a ML test set with specially crafted model weights
  • Cycling: Recover RSA key from leaked kλ(n)k\lambda(n)

International Cybersecurity Challenge 2022

  • Trademark: Attack-defense service with polynomial cryptosystem and authorization bypass

SEETF 2022

  • Probability: Recover python PRNG from random.random() output + dynamic programming to win blackjack
  • To Infinity: Pathfinding over finite field using CVP and continued fractions
  • WeirdMachine: Assembly golf with awkward branching behaviour
  • Welcome: Carving QR code from video with opencv
  • Username Generator: XSS using window.name


ACSC 2021


  • GRIC: Linear checksum parameter recovery
  • Live From Serangoon Road: Recover LSFR state with z3
  • TOTOTT: Detecting pseudorandom functions with math and statistics
  • Which Lee?: Breaking toy neural network classifier with numerical instability


2020 and earlier

STACK the Flags 2020

Facebook CTF 2019

  • keybaseish: Generate valid RSA public key for a fixed signature

SwampCTF 2018