[Pragyan CTF] Evil Corp



fsociety has launched another attack at Evil Corp. However, Evil Corp has decided to encrypt the .dat file with a CBC cipher. Reports reveal that it is not AES and the key is relatively simple, but the IV might be long. And remember, fsociety and evilcorp are closely linked.

Hint! Snakes serve the fsociety. Hmmm.

Hint! fsociety and evilcorp are too close, even 16 characters long together. Damn


This challenge was tricky for lot of people, the riddle was hiding in the questions itself. The challenge doesn’t require high skills, just understanding the meaning behind the words and hints.

From the question we know it’s a CBC cipher, but which? I got it just after the first hint was released, something to do with snakes. hmm… Serpent! Serpent is another term for Snake, and there’s Serpent-CBC cipher.

What about the IV? We know several things about the IV:

  1. The length of Serpent-CBC IV must be 32 bytes,
    2. Most of the Serpent decrypters are taking the IV as hex sequence
    3. in the question: “but the IV might be long”
    4. in the Hint: “even 16 characters long together…fsociety and evilcorp are closely linked”.

So, this made me believe that the IV is “fsocietyevilcorp” because `len(hex(“fsocietyevilcorp”))==32`.

So we now know the algorithm and the IV, what is the Key? The question says “the key is relatively simple”. So I tried online with some simple and “obvious” keys until I recognize a valid header of file and found that the key was “fsociety“.

We got a leet JPEG image with the flag:

The flag was pragyanctf{hellofriend}

[Pragyan CTF] Game of Fame



p xasc. a zdmik qtng. yiy uist. easc os iye iq trmkbumk. gwv wolnrg kaqcs vi rlr.

Hint! Robert Sedgewick

To be honest, this challenge was pretty simple. I decrypted the text using online Vigenere cipher decrypter, which is the first cipher I try in suchcases, just after Caesar cipher.

The key was “pragyan” and the result was: “a game. a movie star. his wife. name of the cs textbook. the winner takes it all.”

I then used the hint about Robert Sedgewick, which is a famous computer science professor at Princeton University. I found that the flag is his CS textbook title.

The flag was pragyanctf{algorithms}.

[CSAW 2016] Sleeping Guard Writeup



Only true hackers can see the image in this magic PNG….
nc crypto.chal.csaw.io 8000

Author: Sophia D’Antoine

We are given with python script, Netcat command and a hint about a PNG file. Let’s run Netcat and see what we will get:

[Megabeets] /tmp/CSAW/clam# nc crypto.chal.csaw.io 8000
<alot of base64 text here>

We received a base64 encoded text from the server. It is probably our image so let’s decode it and save it to file:

[Megabeets]$> nc crypto.chal.csaw.io 8000 | base64 --decode > out.png

Trying to open the image we faced with an error, our image-viewer could not open the file. Open the file with text viewer and see that there is no PNG header. So, we have the image but it somehow encoded and we need to find out how to decode it. Let’s look at the script, the answer will probably be there. It’s not so long so I attached it here:

import base64
from twisted.internet import reactor, protocol
import os

PORT = 9013

import struct
def get_bytes_from_file(filename):  
    return open(filename, "rb").read()  

def length_encryption_key():
    return len(KEY)

def get_magic_png():
    image = get_bytes_from_file("./sleeping.png")
    encoded_string = base64.b64encode(image)
    key_len = length_encryption_key()
    print 'Sending magic....'
    if key_len != 12:
        return ''
    return encoded_string 

class MyServer(protocol.Protocol):
    def connectionMade(self):
        resp = get_magic_png()

class MyServerFactory(protocol.Factory):
    protocol = MyServer

factory = MyServerFactory()
reactor.listenTCP(PORT, factory)

Look at the highlighted rows. You can see that after encoding the file with base64 the script is checking whether the size of the encryption key is 12 . We don’t see any encryption in the script except the encoding itself but we can assume that in the original script an encryption is done using 12 bytes long key. But what encryption? There are billion of options, how can we find the right decryption algorithm to use? Well, the answer is simple – this is a CTF and the admins know that we cannot try all the possible decryption methods so it will probably be the banal option: XOR.

After choosing our encryption method let’s think how can we find the key itself. We know the file is a PNG image, so we can XOR the first 12 bytes of the encrypted flle with the first 12 bytes of normal PNG file.

89 50 4E 47 0D 0A 1A 0A 00 00 00 0D XOR DE 3F 0F 2F 52 4B 45 41 65 79 21 32 == 57 6F 41 68 5F 41 5F 4B 65 79 21 3F  

which  in ASCII is: “WoAh_A_Key!?”

Now that we have the key we can let python do it’s magic:

def xor(data, key):
    l = len(key)
    return bytearray((
        (data[i] ^ key[i % l]) for i in range(0,len(data))

# Read the encrypted image as bytearray
data = bytearray(open('out.png', 'rb').read())

# This is our key as bytearray: "WoAh_A_Key!?"
key = bytearray([0x57, 0x6f, 0x41, 0x68, 0x5f, 0x41, 0x5f, 0x4b, 0x65, 0x79, 0x21, 0x3f])

with open('decrypted.png', 'w') as file_:

And you’ll get the image and the flag:


[TWCTF-2016: Crypto] Twin Primes Writeup


Challenge description:
Decrypt it.

We have 4 files in the archive:

  • encrypt.py – A Python script uses RSA algorithm to encrypt the flag
  • encryped – The encrypted message
  • key 1 – n, and e of one of the keys used in the encryption process
  • key 2 – n, and e of the other key used in the encryption process

Are you ready for your math lesson? Here we go.
After reading encrypt.py we know that:

  • n1 = p*q
  • n2 (p+2)(q+2)
  • p and q are twin primesi.e p is prime and p+is also prime; similar for q.

Now let’s turn the equation into an equation with one unknown and then solve it for the unknown.We can Isolate q to be twin-primes_1  and substitute q in the other equation. Now we have an equation in one unknown:twin-primes_2

Solve the equation and you’ll get: twin-primes_3

We need to solve this quadratic equation in order to find p and q. After that it will not be a problem to find the d’s and build the keys.
The rest is in the script: