https://buki-freak.github.io/2020/08/03/De1ta-CTF-2020-Review/index.html https://0xdktb.top/2020/05/04/WriteUp-De1CTF2020-Crypto/

#cakectf2021 import random def LFSR(): r = random.randrange(1 << 64) while True: yield r & 1 b = (r & 1) ^\ ((r & 2) >> 1) ^\ ((r & 8) >> 3) ^\ ((r & 16) >> 4) r = (r >> 1) | (b << 63) if __name__ == '__main__': with open("flag.txt", "rb")…

#CSACTF2019 https://ctftime.org/task/8457 Just a basic xor. Flag in form of CSACTF{...} c = '\x13\x13eg#v\t\x05\x0f#HE\x04CC\x07\x0f0V\x14\x15\\\x17\t\x0f2AU\x02\x01\x00\x01#\x1fE{\x14\\\x13\x17#qG{\x04\x00\x1e\x11$q\x14J\n' フラグはCSACTF…

CBCモード IVがわからなくて、使い回されているというなかなか見ない状況だけど、そういうときにIVを特定する手法がある。 条件は CBCモードでの暗号化ができること CBCモードでの復号の成否がわかること 何をするかと言うと、 適当な3ブロック以上の平文を…

#ASIS_CTF_Finals_2022 #!/usr/bin/env sage from Crypto.Util.number import * from secret import C, flag def monon(C, P): a, d, p = C x, y = P return (a*x**2 + y**2 - d*x**2*y**2) % p == 1 def monadd(C, P, Q): a, d, p = C assert monon(C, P) a…

subset product problem #!/usr/bin/python from Crypto.Util.number import * import random from flag import flag sv = bin(bytes_to_long(flag[5:-1]))[2:] nbit = len(sv) q = 39485091642302322462443783940079058526663151328744488399920207767 r = …

#ACTF_2022 from socket import socket import socketserver import argparse from core import connection_engine, connection_handle_socket import socket def banner(): print(''' ___ ___ ___ _ _ _ __ ___ ___ ___ _ __ _ __ / __|/ _ \/ __| | | | '_…

RSA Hastad Broadcast attack on padded message https://furutsuki.hatenablog.com/entry/2020/07/26/185243#crypto-RSA-textbook

#0CTF/TCTF2019 https://ctftime.org/task/7870

#redpwnctf2021 #!/usr/bin/env sage import secrets import json from Crypto.Util.number import bytes_to_long, long_to_bytes from sage.combinat import permutation n = 25_000 Sn = SymmetricGroup(n) def pad(M): padding = long_to_bytes(secrets.r…

#!/usr/sbin/julia import Primes: nextprime struct Data g::BigInt q::BigInt sks::Array{Array{BigInt}} pks::Array{BigInt} secret::Array{UInt8} end function create_key(len::Int, data::Data) sk::Array{BigInt} = [] pk::BigInt = 1 if length(data…

InCTF | waRSAwの応用で、 LSBLeakAttackなんだけど、mod 2じゃなくてmod Xのとき 平文を進数で表す 暗号文 を復号して得られるオラクルは 暗号文 を復号してオラクルを得ると、 なので、得られたオラクルから を引いて 同様に暗号文 を復号すると だから、…

#diceCTF_2021 #good_challenges_2021 from Crypto.Random.random import randrange from Crypto.Util.number import getPrime, GCD r = 17 def keygen(): while True: p = getPrime(1024) a, b = divmod(p-1, r) if b == 0 and GCD(r, a) == 1: break while…

#angstromctf_2022 #!/usr/local/bin/python3 from Crypto.Util.number import getStrongPrime, long_to_bytes, bytes_to_long, inverse from secrets import randbelow, token_bytes print("Welcome to my super secret service! (under construction)") BI…

#UnionCTF #!/usr/bin/env python3 from secrets import flag, musical_key from Crypto.Util.number import isPrime import math def sieve_for_primes_to(n): # Copyright Eratosthenes, 204 BC size = n//2 sieve = [1]*size limit = int(n**0.5) for i i…

#TSGCTF_2021 #hakatashi # See also https://github.com/tsg-ut/pycryptodome from Crypto.PublicKey import DSA from Crypto.Signature import DSS from Crypto.Hash import SHA256 from Crypto.Util.number import getPrime from Crypto.Random.random im…

#TSGCTF_2021 #hakatashi from secret import e from Crypto.Util.number import getStrongPrime, isPrime p = getStrongPrime(1024) q = getStrongPrime(1024) N = p * q phi = (p - 1) * (q - 1) with open('flag.txt', 'rb') as f: flag = int.from_bytes…

#secconbeginners2021 from Crypto.Util.number import * from random import getrandbits from os import urandom # from flag import flag def gen_primes(bits, e): q = getStrongPrime(bits) p = q while True: p = p-8 # p-8 phi = (p - 1) * (q - 1) i…

LFSR class PRNG256(object): def __init__(self, seed): self.mask = (1 << 256) - 1 self.seed = seed & self.mask @staticmethod def from_value(value): value_rev = int('{:0256b}'.format(value)[::-1], 2) return PRNG256(value_rev) def _pick(self)…

from hashlib import sha256 from Crypto.Cipher import AES from Crypto.Util.number import long_to_bytes, bytes_to_long from Crypto.Util.Padding import pad, unpad import base64 from secret import flag RECEIVER_NUM = 7 def generate_safecurve()…

Markle-Hellman Knapsack暗号 一般に部分和問題が難しく、超増加列上では簡単であることを用いた公開鍵暗号 部分和問題: 値の組 と値があって、を満たすを求めよ 超増加列: を満たす数列 Knapsack暗号での暗号化 超増加列を秘密鍵、をnbitの平文とする。適当…

How_to_recover_cryptographic_keys_from_partial_information.pdf Recovering cryptographic keys from partial information, by exampleってやつのほうが新しいです

#!/usr/bin/env python3 from Crypto.Cipher import AES from Crypto.Util.Padding import pad, unpad from Crypto.Util.strxor import strxor from os import urandom flag = open('./flag.txt', 'rb').read().strip() KEY = urandom(16) IV = urandom(16) …

#cryptoctf2021 #!/usr/bin/env python3 from Crypto.Util.number import * from math import gcd from flag import FLAG def keygen(nbit, dbit): assert 2*dbit < nbit while True: u, v = getRandomNBitInteger(dbit), getRandomNBitInteger(nbit // 2 - …

EllipticCurve https://jack4818.github.io/Chujowy/

#CONFidenceCTF2019Teaser #Hensel's_Lift https://ctftime.org/task/7837 lift.sageとout.txtが与えられる。 flag = int(open('flag.txt','r').read().encode("hex"),16) ranges = int(log(flag,2)) p = next_prime(ZZ.random_element(2^15, 2^16)) k = 100…

#AeroCTF2019 https://ctftime.org/task/7767 Again, these memes, we have even stopped talking to them. Just look at it, they seem to be crazy. 次のファイルが与えられる kappa_pride pepe kappa look_at_this_dude kappa trollface look_at_this_dud…

#acsc2021 import os import string from Crypto.Cipher import AES, ARC4, DES BLOCK = 16 def bxor(a, b): res = [c1 ^ c2 for (c1, c2) in zip(a, b)] return bytes(res) def block_hash(data): data = AES.new(data, AES.MODE_ECB).encrypt(b"\x00" * AE…

#0CTF_Quals_2021 #!/usr/bin/python3 import os import socketserver import random import signal import string import struct from hashlib import sha256 import secrets import pykeepass from flag import flag MAXSIZE = 0x2000 class Task(socketse…