Google CTF 2023 - myTLS
During the Google CTF 2023, my college and I encountered a fascinating challenge which was TLS themed. The task at hand involved exploiting files writes, hashes and signatures. This writeup is intended to walk you thought he process of how we solve the challenge and is also going to provide an overview of the challenge. If you are only interested in the solution just skip to the Exploit section. Challenge description I implemented my own mTLS....
Introduction to Censorship Resistance Systems
I recently had the opportunity to educate myself a bit about Censorship Resistance Systems (CRS) and wanted to share my understanding to make it easier for those who are interested in this topic. In this blog post, I will summarize the SoK: Making Sense of Censorship Resistance Systems paper and the corresponding 15-minute talk at the Privacy Enhancing Technologies Symposium, both of which greatly helped me grasp this subject. I highly recommend reading the paper or watching the talk for a more in-depth understanding....
AngstromCTF 2023 - Royal Society of Arts 2
Challenge description RSA strikes strikes strikes strikes strikes again again again again again! Author: JoshDaBosh rsa2.py from Crypto.Util.number import getStrongPrime, bytes_to_long, long_to_bytes f = open("flag.txt").read() m = bytes_to_long(f.encode()) p = getStrongPrime(512) q = getStrongPrime(512) n = p*q e = 65537 c = pow(m,e,n) print("n =",n) print("e =",e) print("c =",c) d = pow(e, -1, (p-1)*(q-1)) c = int(input("Text to decrypt: ")) if c == m or b"actf{" in long_to_bytes(pow(c, d, n)): print("No flag for you!...
Insomni'hack CTF 2023 - Still counting on you
There was only one crypto challenge at the Insomni鈥檋ack CTF 2023, and that was this one. Our application runs on a server, and we have a Python file that shows us how it works. The python file consists of 4 functions: xorshift128 encrypt_message encrypt_user_message menu We have the ability to encrypt a message of your choice using the encrypt_user_message function and we can get the encrypted admin_message which most likely also contains the flag....