CR3 CTF 2024

Chall
Category
Total Solved

getting-closer-dang

crypto

46 Solved

donut

forensic

36 Solved

jscripting

web

13 Solves

This only me + n2l team writeup ( because i also play in another team called Huntik ) . im not played in N2L so N2L got 119th place.

getting-closer-dang

855B
crypto_getting-closer-damn.7z
archive
Open

chall.py

import os, json, random, math
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from Crypto.Util.number import getPrime, GCD
from hashlib import sha256
#from secret import FLAG

def get_prod():
    return math.prod([random.choice(pool) for _ in range(3)])

FLAG = b'cr3{???????????????????????????????}'

N = getPrime(512)

pool = [getPrime(9) for _ in range(10)]
a, b = [get_prod() for _ in range(2)]

g = GCD(N**a - 1, N**b - 1) # pros of having a quantum computer ^-^

key = sha256(str(g).encode()).digest()[:16]
iv = os.urandom(16)
cipher = AES.new(key, AES.MODE_CBC, iv)
ct = cipher.encrypt(pad(FLAG, 16))
out = {'iv': iv.hex(), 'ct': ct.hex()}

with open('output.txt', 'w') as f:
    f.write(f'{N = }\n')
    f.write(f'{out = }')

program enkripsi aes cbc sederhana di mana, pada variabel g terdapat penghitungan GCD antara (N^a)-1 dengan (N^b)-1 output.txt

mekanisme enkripsi:

  1. Generate N prime random sebesar 512 bit

  2. Generate nilai array pool

  3. Menghitung faktor secara random yang terdapat pada array pool dan di simpan pada variabel a dan b

  4. Menghitung GCD(FPB) dari (N^a) - 1 dengan (N^b) - 1)

  5. Menyimpan hasil perhitungan GCD kemudian dijadikan sebagai key untuk mengencrypt

mekanisme decrypt menurut gwhj: Merecover nilai a,b -> tidak mungkin karena tidak disediakan nilai g, karena hal tersebut saya menemukan opsi lain yakni penghitungan nilai g dari GCD akan sama dengan persamaan berikut (N^GCD(a,b))-1, karena hal tersebut sama maka tinggal bruteforce saja nilai GCD(a,b)

solver.py

by : gr3yr4t

donut

186KB
for_donut.7z
archive
Open
chall source

after we extract it we can see there is a .git files and my terminal shows it git

we can see we in branch master

bet the git seems broken after i use command log or status

so i directly use grep or strings like this:

and we can see in the head we can strings to see the log of commit

we can see the hash of the added flag we directly use git show

cr3{w3_4r3_411_10v3_d0n7T5!1

jscripting

3KB
web_jscripting.7z
archive
Open

referr to this Bypassing force return & proccess null

cr3{W0vv53Rs_1n5q3c70R_G4dg3T!!1}

PreviousFindIT 2024NextTBTL CTF 2024

Last updated