worked on the chall

This commit is contained in:
2026-01-08 09:42:09 +01:00
parent 6d8117c53c
commit ee95f4df4f
14 changed files with 313 additions and 232 deletions

25
res/decoy.txt Normal file
View File

@@ -0,0 +1,25 @@
From: ops-team@sec.in.tum.de
To: exam_archive@sec.in.tum.de
Subject: [Draft Item — Secure Systems]
Restricted Draft — Not Finalized
Question:
Suppose a QR code is divided into equal parts and randomly
reordered before printing. Security is claimed because the
order cannot be recovered without the exact permutation.
(a) Explain why relying on this hidden ordering ensures
long-term secrecy.
(b) Would the presence of alignment markers or error
correction change this conclusion? Justify briefly.
Solution (Internal Notes Only):
(a) The scheme is secure since without the original order,
the data is mathematically unrecoverable; no structure
leaks to the adversary.
(b) Alignment markers and redundancy do not help attackers,
because the scrambling completely destroys any visible
pattern, leaving only random noise.
Verification Token: h4tum{fake_fake_fake_flag]

24
res/mosaic_secret_message Normal file
View File

@@ -0,0 +1,24 @@
From: hochspezialisiert@sec.in.tum.de
To: itsec_examdraft@sec.in.tum.de
Subject: [Draft Question — Cryptography]
Confidential (ONLY FOR AUTHORIZED PERSONNEL)
Question:
Consider a toy "QR-encryption" scheme where a message is encoded into
a QR code and then randomized by permuting its tiles with a secret seed.
(a) Under ideal assumptions, explain why this scheme could satisfy
Kerckhoffs principle.
(b) Now assume an attacker can test permutations against the QR format
(find patterns, error correction, alignment markers). Why does this
reduce the effective security of the scheme?
Solution (DO NOT DISTRIBUTE):
(a) If the algorithm is known and the seed remains secret, only the
seed determines security → aligns with Kerckhoffs principle.
(b) QR codes have strong structural redundancy (finder patterns,
error correction). This gives the attacker an oracle to prune wrong
seeds quickly → brute force feasible.
Verification Token:

4
res/secret_message.txt Normal file
View File

@@ -0,0 +1,4 @@
Wow you solved the challenge!
Meet us at our booth we really want to get in touch with you :D
Show us the flag: