ctf writeups ✏️

2023

ACSC 2023

• Corrupted: RSA key recovery from censored private key
• Dual Signature Algorithm: Leak DSA key from nonce and key reuse with different modulus using CVP
• EasySSTI: Golang SSTI into RFI using echo Context scope
• Check_Number_63: Recover RSA key from modulus reuse across different $e$ with CVP
• ngo: Speed up LSFR with fast exponentiation
• Admin Dashboard: HTTP method confusion + forging LCG token
• Hardware is not so hard: SD / SPI packet carving
• serverless: Reverse obfuscated RSA function in webpage
• Merkle Hellman: Small cipher space on knapsack cryptosystem

2022

STACK The Flags 2022

• Encryptdle: Chosen plaintext attack on Camellia cipher
• jagacha: Recover python PRNG
• Pad the flag: Modified Bleichenbacher padding oracle attack
• MysteryCrypt: Meet-in-the-middle to break small key on feistel-like cipher
• ThatsALotOfRSA: Online queries for RSA key duplication

SECCON CTF 2022

• janken vs kurenaif: Recover seed for python PRNG
• witches_symmetric_exam: Chaining OFB padding oracle into ECB encryption oracle into GCM encryption / decryption oracle
• insufficient: Break
• multivariate polynomial shares with CVP
• this_is_not_lsb: RSA interval oracle and binary search
• BBB: Polynomial RNG parameter selection to make RNG cyclic + Hastad’s broadcast attack on RSA
• pqpq: Polynomial massaging to break RSA

WMCTF 2022

• ecc: Elliptic curve parameter recovery
• homo: Knapsack cryptosystem with weak parameter sizes
• nanoDiamond / nanoDiamond-rev: Using error correction codes to win Ulam’s game

UIUCTF 2022

• Bro-key-n: RSA key recovery from censored private key
• Sussy ML: Exploratory data analysis and clustering on intermediate image classifier output
• blackboxwarrior: imagehash.average_hash() collision
• mom can we have AES: MITM on toy handshake protocol + chosen plaintext attack on AES-ECB
• That-crete Log: Pohlig-Hellman on partially smooth prime
• Elliptic Clock Crypto: Discrete log on ellipse curve with smooth order

MCH 2022

• qEXMRY^7: Statistical analysis to revert XOR cipher
• Sharing is caring: Shamir’s Secret Sharing over integers
• Squaring Off: One prime Paillier

ImaginaryCTF 2022

• Poker: Recover python PRNG behind a modulo
• Secure Encoding: Base64: Revert substitution cipher on Base64 data using simulated annealing
• Living Without Expectations: Break learning with errors with CVP
• Lorge: Break RSA key with smooth primes using Pollard p-1 attack despite mitigations
• stream: Reverse binary and derive LCG key
• hash: Custom hash collision using z3
• otp: Biased one time pad

Google CTF 2022

• OCR: Leak images in a ML test set with specially crafted model weights
• Cycling: Recover RSA key from leaked $k\lambda(n)$

International Cybersecurity Challenge 2022

• Trademark: Attack-defense service with polynomial cryptosystem and authorization bypass

SEETF 2022

• Probability: Recover python PRNG from random.random() output + dynamic programming to win blackjack
• To Infinity: Pathfinding over finite field using CVP and continued fractions
• WeirdMachine: Assembly golf with awkward branching behaviour
• Welcome: Carving QR code from video with opencv
• Username Generator: XSS using window.name

2021

ACSC 2021

• Cowsay as a Service: Node.js server prototype pollution into shell injection
• Favorite Emojis: Server side request forgery into XSS
• Swap on Curve: Elliptic curve parameter recovery with swappable points
• Two Rabin: Polynomial massaging and coppersmith
• Wonderful Hash: Custom hash collision using meet in the middle attack
• RSA Stream: RSA related message
• NYONG Coin: Overwritten file carving with autopsy
• Pickle Rick: Recovering bytecode from python pickle

CTF.SG CTF 2021

• GRIC: Linear checksum parameter recovery
• Live From Serangoon Road: Recover LSFR state with z3
• TOTOTT: Detecting pseudorandom functions with math and statistics
• Which Lee?: Breaking toy neural network classifier with numerical instability

DSO-NUS CTF 2021

• Syscall Phobia: Shellcode with ROP to blacklisted instructions
• YALA (Part 1): Static .apk analysis and password cracking

2020 and earlier

STACK the Flags 2020

• Feed the Beast: blind SQLi via RSS feed parser
• You shall not pass!: Domain spoofing + XSS via postMessage and client side template injection
• IOT RSA Token: 1602 LCD protocol sniffing + forging RSA SecurID OTP

Facebook CTF 2019

• keybaseish: Generate valid RSA public key for a fixed signature

SwampCTF 2018

• Pagoda 1/2/3: Base64 but using chinese I-Ching hexagrams
• Orb of light 1/2/3: Quipquip + projectile math + fragmented image stego