search
cryptopwn
Page cover

bugPwnSecCTF 24 Writeups

In this page, I'll be sharing the writeups to the challenges i wrote for PwnSecCTF 24

hashtag
RSNAY - Cryptography (EASY)

We're given this handout:

from Crypto.Util.number import *
from secret import flag,e,n



def encrypt(m):
    return pow(m,e,n)

assert (pow(encrypt(flag),e,n) - flag) % GCD(e,n)  == 0


menu = """Welcome to my Encryption Service! 
Choose an option:
1. Encrypt
2. Get Flag
3. Exit
"""
def main():
    encryption_counter = 0
    print(menu)
    while True:
        choice = input("Enter your choice: ")
        if choice == '1':
            if encryption_counter >= 2:
                print("You have reached the maximum number of encryptions allowed!")
                break
            else:
                encryption_counter += 1
                m = int(input("Enter the message you want to encrypt: "))
                print(f"Here is your encrypted message: {encrypt(m)}")
        elif choice == '2':

            print(f"Here is your flag: {encrypt(flag)}")
        elif choice == '3':
            print("Goodbye!")
            break
        else:
            print("Invalid choice! Please try again.")
            continue


if __name__ == "__main__":
    main()

We can either encrypt a ciphertext we have, encrypt the flag and leave, if we wish to encrypt a chosen plaintext we're limited to only 2 encryptions.

let's analyze the assertion we're given

hashtag
Understanding and Breaking the Assertion

The given assertion is:

This simplifies to:

flag(ee)flag0(modgcd)(e,N)flag^{(e * e)} - flag ≡ 0 \pmod \gcd(e, N)

  • Output of GCD: The possible values of GCD(e, N) are 1, p, or q, where (N=pq)(N = p \cdot q). Since the assertion wouldn’t hold meaningfully if GCD(e, N) = 1, it implies that (e = p) or (e = q).

  • Simplification: From here onward, assume (e = p). This substitution allows us to analyze the system further.

circle-exclamation

I know the assertion is a weirdly phrased hint, apologies haha

hashtag
Finding (N)

To determine (N), leverage the fact that (p) is odd. Sending -1 as input results in the following:

(1)p1N1(modN)(-1)^p \equiv -1 \equiv N - 1\pmod N

From this, we can deduce:

N=(1)pmodN+1N = (-1)^p \mod N + 1

hashtag
Finding (p)

To extract (p), use Fermat’s Little Theorem:

xpx(modp)for any x coprime with Nx^p \equiv x \pmod{p} \quad \text{for any } x \text{ coprime with } N

Rewriting, we find:

xpx0(modp)x^p - x \equiv 0 \pmod{p}

This implies that (xpx)(x^p - x) is divisible by (p). Using this property, we can compute:

p=GCD(N,xpx)p = \text{GCD}(N, x^p - x)

where (x) is a random number coprime to (N).

hashtag
Solver

hashtag
Calculus Help - Cryptography (EASY)

We're given the following handout:

This challenge involves using Simpson’s rule for numerical integration to compute a key for decrypting the flag. Let’s break it down step by step.

hashtag
What is Simpson’s Rule?

Simpson’s rule is a method to approximate the definite integral of a function f(x) over an interval [a,b]. The formula is:

abf(x)dxba6[f(a)+4f(2a+b)+f(b)]\int_a ^b ​ f(x)dx≈ \frac {b−a} 6 ​ [f(a)+4f( 2 a+b ​ )+f(b)]

In this challenge, the interval is [2.420, 1.77415], and the function is f(x), which you can query using get_hint(x).

hashtag
Steps to Solve the Challenge

  1. Understand the Function f(x):

    • Use the get_hint(x) option to get the values of f(x) at key points:

    • x1=2.420, x2=(2.420+1.77415)/2, and x3=1.77415.

  2. Apply Simpson’s Rule:

    • Plug the values of f(x) into Simpson’s rule to calculate the integral. This result forms the key, which is rounded to two decimal places.

  3. Decrypt the Flag:

    • Use the computed key to derive the AES encryption key and IV. Then decrypt the ciphertext to get the flag.

hashtag
Why Simpson’s Rule?

Simpson’s rule is used here because:

  • It gives a quick and accurate way to approximate integrals.

  • The challenge tests your ability to calculate the integral precisely, as small errors can lead to the wrong key.

hashtag
Summary of Key Steps:

  • Use get_hint(x) to calculate f(2.420), f(1.77415), and f((2.420+1.77415)/2).

  • Compute the integral using Simpson’s rule and round to two decimal places.

  • Use the result as the encryption key to decrypt the flag.

circle-info

It's essential to remember that this is an approximation and can have a high error level for some functions, hence why it's more practical to brute force the .xx decimal points just incase it doesn't instantly work...

Once we find our key we decrypt using AES-CBC and Retrieve our flag.

hashtag
Solver

Thanks to masashi for providing the solve script as I was too lazy to write it...

hashtag
Unintended Solve

This solve exploits the library issue with evaluating large numbers, if we input a large number as a hint we'll get a funny output giving the secret function we use to evaluate the key.

Also, credit to bebo07_ for finding it, absolute legend!

hashtag
Personal Reflection

This is only my second time writing challenges for a CTF, and honestly, I’m pretty happy with how they turned out. Sure, there were some flaws—classic skill issues—but hey, we’re all learning here! I hope my weird hints and occasional oops moments didn’t drive anyone too crazy. Huge thanks for all the feedback and support—it means a lot!

PreviousMiscNextCryptography

Last updated