Cryptography

Challenge	Link
Kata Pengantar (100 pts)	Here
Kisinik Kripti Algoritem (223 pts)	Here
Kepapasan (431 pts)	Here
Rabun Genap (431 pts)	Here

Kata Pengantar (100 pts)

Description

-

Solution

Diberikan file txt sebagai berikut

Cjixoxv Qxvxtp qz ZBJCV 2022!

Wxz cjonx! Xfxgxw gxizxt djlcjoxtpxv ntvng djlgyofjvzcz?
Gnwxlxf gxizxt cjonx fntux cjoxtpxv uxtp cxox qjtpxtgn!
Cjoxtpxv vzqxg wxtux djlqxofxg fxqx gxizxt cxex, vjvxfz
enpx vjlwxqxf vjoxt-vjoxt gxizxt, exqz vjvxfixw cjoxtpxv!
Xuy xmxiz fjlenxtpxton qjtpxt ojojkxwgxt cyxi ztz!
Gxon fxcvz dzcx! ztz, bixptux xqx qzdxmxw ! 
ZBJCV22{1ii_cv4u_du_u0nl_c1q3_qdx943210}

Gunakan quipquip , mendapatkan string yang bisa terbaca namun ada beberapa kesalahan. Lakukan pembenaran secara manual dengan memetakan nilai yang tepat. Berikut pemetaan yang kami gunakan untuk mendapatkan flag

Cjixoxv=Selamat Qxvxtp=Datang qz=di ZBJCV=IFEST cjonx=semua 
djlcjoxtpxv=bersemangat

Flag : IFEST22{1ll_st4y_by_y0ur_s1d3_dba943210}

Kisinik Kripti Algoritem (223 pts)

Description

-

Solution

Bisa dilihat hasil enkripsi berulang dan nilai untuk setiap index sama pemetaannya. Misal AB dengan CB , maka nilai ciphertext B akan sama. Jadi tinggal leak semua kemungkinan dan petakan ke plaintext. Berikut solver yang kami gunanakn

from pwn import *
import string

length = 38
r = remote("103.185.38.244",9989)

r.recvuntil(b"Pilih: ")
r.sendline(b"3")
r.recvuntil(b"Hasil: ")
ct = r.recvline().strip().decode()
list_pt = string.printable[:-6]
list_map = [[] for _ in range(length)]
for i in list_pt:
	r.recvuntil(b"Pilih: ")
	r.sendline(b"1")
	r.recvuntil(b"string: ")
	payload = i.encode()*length
	r.sendline(payload)
	r.recvuntil(b"Hasil: ")
	tmp = r.recvline().strip().decode()
	for j in range(len(tmp)):
		list_map[j].append(tmp[j])
flag = ""
for i in range(len(ct)):
	flag += list_pt[list_map[i%length].index(ct[i])]
print(flag)

Flag : IFEST22{ad03h_k03ntj1ku_k3t4hu4n_ini_random_string_biar_ga_di_brute_force_sama_kamu}

Kepapasan (431 pts)

Description

-

Solution

Diberikan source code sebagai berikut

from Crypto.Cipher import AES
import random
from Crypto.Util.Padding import pad


# J: So for the key, I use 5 random digits and repeat it until i get 16 bytes
# M: What? Man, i was using the exact same formula!

first_key = b""
second_key = b""
FLAG = b"IFEST22{REDACTED}"

def generateKey():
	global first_key, second_key
	first_key = (str(random.randint(0, 99999)).zfill(5)*4)[:16].encode()
	second_key = (str(random.randint(0, 99999)).zfill(5)*4)[:16].encode()

def encrypt(plaintext, a, b):
	cipher = AES.new(a, mode=AES.MODE_ECB)
	ct = cipher.encrypt(pad(plaintext, 16))
	cipher = AES.new(b, mode=AES.MODE_ECB)
	ct = cipher.encrypt(ct)
	return ct.hex()

def main():
	generateKey()
	print("Here's your flag, but encrypted heheh:", encrypt(FLAG, first_key, second_key))
	while True:
		print("Text to encrypt:")
		plain = input(">> ")
		print("result:", encrypt(plain.encode(), first_key, second_key))

if __name__ == '__main__':
	main()

Mirip soal pico ctf , kebetulan kemaren ngerjain. Jadi gunakan script yang sama tinggal ubah des (di pico) menjadi aes. Vulnya adalah meet-in-the-middle , intinya decrypt hasil enkripsi known untuk key1 dan encrypt known untuk dapat key1 dimana hasil decrypt enkripsi known dengan key2 == hasil encrypt known dengan key1 . Berikut solver yang kami gunakan

from Crypto.Cipher import AES
import random
from Crypto.Util.Padding import pad
from pwn import *

payload = b"a"
inp = pad(payload,16)
r = remote("kepapasan.user.cloudjkt01.com",9977)
r.recvuntil(b"heheh: ")
ct_flag = bytes.fromhex(r.recvline().strip().decode())
r.recvuntil(b">> ")
r.sendline(payload)
r.recvuntil(b"result: ")
enc_inp = bytes.fromhex(r.recvline().strip().decode())
r.close()
list_key1 = {}
list_key2 = {}
for i in range(0, 99999+1):
	key = (str(i).zfill(5)*4)[:16].encode()
	cipher1 = AES.new(key, AES.MODE_ECB)
	enc_msg = cipher1.encrypt(inp)
	dec_msg = cipher1.decrypt(enc_inp)
	list_key1[enc_msg] = key
	list_key2[dec_msg] = key

tmp = list_key1.keys() & list_key2.keys()
print(tmp)
index = tmp.pop()
key1 = list_key1[index]
key2 = list_key2[index]
print(f"Key 1 : {key1}")
print(f"Key 2 : {key2}")
cipher1 = AES.new(key1, AES.MODE_ECB)
cipher2 = AES.new(key2, AES.MODE_ECB)

enc_msg = cipher2.decrypt(ct_flag)
flag = cipher1.decrypt(enc_msg)
print(flag)

Flag : IFEST22{Prepare_for_AES_Trouble_and_make_it_AES_Double}

Rabun Genap (431 pts)

Description

-

Solution

Diberikan source code sebagai berikut

from Crypto.Util.number import *
import random
from sympy import *

FLAG = b"IFEST22{REDACTED}"
def generate_prime():
	p = getPrime(512)
	q = nextprime(p)
	while p%4 != 3 or q%4 !=3:
		p = getPrime(512)
		q = nextprime(p)
	return p, q

def encrypt(m, n):
	return pow(m, 32, n)

p, q = generate_prime()
n = p*q
m = bytes_to_long(FLAG)

ct = encrypt(m, n)

file = open('out.txt', 'w')
file.write(f"n = {n}\nct = {ct}")

p dan q bisa didapat dengan square root lalu next prime. Untuk decrypt mendapatkan referensi berikut https://github.com/Hong5489/0x41414141-CTF/tree/main/easyrsa . Karena e=32 , maka e = 2^5 . Jadi bedanya tinggal nambah 1 loop saja

from Crypto.Util.number import *
import gmpy2
from sympy import *

n = 167369799324048138104052175535407583505752871957215436773759031023017258211926244898005523956634683846521843112989667257058661590892952518940981897603075244277403071620405906110395876285850586645267366109871364424530232323323093329164542366451609555755793278574306885322737868611730986497942446035931912990173
c = 21531359371326785000813539498235533853399851284161815602787505606478539937473829218703225074127036671433545623422527404993307032442845415396127106566947516725271774364574823414757530290809389432379888075234068890851808191948433382743838583087849527954870829102252458108566336758346284806983878333023038231317
tmp = gmpy2.iroot(n,2)[0]
q = nextprime(tmp)
p = n//q
e = 32
phi = (p-1)*(q-1)
d = inverse(e,phi)
# m = pow(ct,d,n)

def egcd(a, b):
	if a == 0:
		return (b, 0, 1)
	else:
		g, y, x = egcd(b % a, a)
		return (g, x - (b // a) * y, y)

g ,yp,yq = egcd(p,q)

mp = pow(c,(p+1)//4,p)
mq = pow(c,(q+1)//4,q)

for i in range(4):
	mp = pow(mp,(p+1)//4,p)
	mq = pow(mq,(q+1)//4,q)

r = (yp*p*mq + yq*q*mp) % n
mr = n - r
s = (yp*p*mq - yq*q*mp) % n
ms = n - s
for num in [r,mr,s,ms]:
	print(long_to_bytes(num))

Flag : IFEST22{xixixi_bapack_rabin_bisa_aja}