cscg ist super
This commit is contained in:
41
2026/cscg/crypto/intro1/main.py
Executable file
41
2026/cscg/crypto/intro1/main.py
Executable file
@@ -0,0 +1,41 @@
|
||||
#!/usr/bin/env pypy3
|
||||
|
||||
import os
|
||||
from pydoc import plain
|
||||
from sys import byteorder
|
||||
from Crypto.Cipher import AES
|
||||
from Crypto.Util import Counter
|
||||
import hashlib
|
||||
|
||||
# Create a secret.py file with a variable `FLAG` for local testing :)
|
||||
from secret import FLAG
|
||||
|
||||
secret_key = os.urandom(16)
|
||||
|
||||
def encrypt(plaintext, counter):
|
||||
m = hashlib.sha256()
|
||||
m.update(counter.to_bytes(8, byteorder="big"))
|
||||
|
||||
alg = AES.new(secret_key, AES.MODE_CTR, nonce=m.digest()[0:8])
|
||||
ciphertext = alg.encrypt(plaintext)
|
||||
|
||||
return ciphertext.hex()
|
||||
|
||||
|
||||
def main():
|
||||
print("DES is broken, long live the secure AES encryption!")
|
||||
print("Give me a plaintext and I'll encrypt it a few times for you. For more security of course!")
|
||||
|
||||
try:
|
||||
plaintext = bytes.fromhex(input("Enter some plaintext (hex): "))
|
||||
except ValueError:
|
||||
print("Please enter a hex string next time.")
|
||||
exit(0)
|
||||
|
||||
for i in range(256):
|
||||
print(f"Ciphertext {i:03d}: {encrypt(plaintext, i)}")
|
||||
|
||||
print("Flag:", encrypt(FLAG.encode("ascii"), int.from_bytes(os.urandom(1), byteorder="big")))
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
1
2026/cscg/crypto/intro1/secret.py
Normal file
1
2026/cscg/crypto/intro1/secret.py
Normal file
@@ -0,0 +1 @@
|
||||
FLAG = "CSCG{i_love_my_mum}"
|
||||
34
2026/cscg/crypto/intro1/solve.py
Normal file
34
2026/cscg/crypto/intro1/solve.py
Normal file
@@ -0,0 +1,34 @@
|
||||
from pwn import context, args, process, remote, success, xor
|
||||
|
||||
context.update(arch='amd64', os='linux', log_level='info')
|
||||
|
||||
URL = 'iaet6burymdllg3rflxg4ym7vk-1024-intro-crypto-1.challenge.cscg.live'
|
||||
PORT = 443
|
||||
|
||||
def start():
|
||||
if args.REMOTE:
|
||||
return remote(URL, PORT, ssl=True)
|
||||
else:
|
||||
return process(['python3', './main.py'])
|
||||
|
||||
io = start()
|
||||
|
||||
payload_len = 512
|
||||
io.sendlineafter(b"Enter some plaintext (hex): ", (b"00" * payload_len))
|
||||
|
||||
keystreams = []
|
||||
for i in range(256):
|
||||
line = io.recvline()
|
||||
ks = bytes.fromhex(line.strip().split(b" ")[-1].decode())
|
||||
keystreams.append(ks)
|
||||
|
||||
io.recvuntil(b"Flag: ")
|
||||
flag_enc = bytes.fromhex(io.recvline().strip().decode())
|
||||
|
||||
io.close()
|
||||
|
||||
for ks in keystreams:
|
||||
candidate = xor(flag_enc, ks[:len(flag_enc)])
|
||||
if b"CSCG{" in candidate or b"flag{" in candidate:
|
||||
success(f"Found Flag: {candidate.decode()}")
|
||||
break
|
||||
Reference in New Issue
Block a user