🪴 Notes Hehe

Assignment 1

05 Oct 20253 min read

E.1 Huuuuuge RSA

  1. This looks like standard RSA, with no obvious flaws
  2. Use factordb to find the factors of : and
  3. Use the following code to decrypt the rsa ciphertext and get the flag
n = p * q
phi = (p - 1) * (q - 1)
d = pow(e, -1, phi)
m = pow(c, d, n)
flag = long_to_bytes(m)

E.2 Password Attack

  1. Extract the hash from the word document using the office2john script
  2. Use hashcat to brute force the hash, with the rockyou.txt wordlist and find the password
  3. Enter the password in microsoft office to access the flag

E.3 Plaintext attack

  1. Create a plaintext.zip, containing the Assignment1.pdf file 7z a -mm=Copy plaintext.zip "Assignment 1.pdf"
  2. Use bkcrack to perform a plaintext attack and find the keys bkcrack -C sus_package.zip -c "Assignment 1.pdf" -P plaintext.zip -p "Assignment 1.pdf"
  3. extract flag.txt bkcrack -C sus_package.zip -c flag.txt -k 7e827b05 98ea3b23 33a5bfc8 -d flag.txt

M.1 Rolling Thunder!

  1. Encrypt.py directly XORs the n-byte key with each n-byte chunk of the input
  2. This means we can use known plaintext (the png header) to find the first 8 bytes of the secret key, and hopefully the key is shorter than 8 bytes. This is done by XORing the png header with the encrypted file (find_Key.py)
  3. The key elephant was found, which can then be XORed with each chunk of 8 bytes of the ciphertext to decrypt the file (decrypt.py). Luckily, the key is the same length as the png header and this produces a valid png with the flag
# find_key.py
header = b'\x89\x50\x4e\x47\x0d\x0a\x1a\x0a'
with open("flag.png.enc", "rb") as f:
    enc = f.read(8)
key = bytes(a ^ b for (a, b) in zip(header, enc))
print(key)
# decrypt.py
KEY = b'elephant'
with open("flag.png.enc", "rb") as f:
    data = bytearray(f.read())
for i in range(len(data)):
    data[i] ^= KEY[i % len(KEY)]
with open("flag.png", "wb") as g:
    g.write(data)

M.2 Secret Message

  1. Simple substitution cipher, I used https://planetcalc.com/8047/ to decrypt it automatically

M.3 Red Herring

  1. chall.py encrypts each byte in the input file individually. Using ECB means that the same character in the input will be encrypted to the same 16 byte block in the output
  2. I go through the encrypted file, keeping a record of what ciphertext each plaintext character encrypts into
  3. when we reach the secret, we hope that all the characters in the secret have been encountered already. we try to match each block in the output to our above record.

Graph View

Backlinks

  • No backlinks found