/categories/writeups/Recent content in Writeups onHugo -- gohugo.ioThu, 17 Jul 2025 21:00:16 +0100/post/sr25-toxicity/Thu, 17 Jul 2025 21:00:16 +0100/post/sr25-toxicity/Click to expand challenge code from Crypto.Util.number import bytes_to_long from os import urandom from PIL import Image import numpy as np import random class DoubleLCG: def __init__(self, a1,a2, b1,b2, m, seed1, seed2): self.a1 = a1 self.a2 = a2 self.b1 = b1 self.b2 = b2 self.m = m self.state1 = bytes_to_long(urandom(6)) if seed1 is None else seed1 self.state2 = bytes_to_long(urandom(6)) if seed2 is None else seed2 self.counter = 0 def refresh(self): self./post/sr25-jigsaw/Thu, 17 Jul 2025 20:06:16 +0100/post/sr25-jigsaw/Click to expand challenge code from random import Random from Crypto.Util.number import bytes_to_long, long_to_bytes from Crypto.Cipher import AES from Crypto.Util.Padding import pad import os FLAG = os.getenv("FLAG", "FL1TZ{dummy_dum_dum}") COLOR_BLACK = "\x1b[30m" COLOR_RED = "\x1b[31m" COLOR_GREEN = "\x1b[32m" COLOR_YELLOW = "\x1b[33m" COLOR_BLUE = "\x1b[34m" COLOR_MAGENTA = "\x1b[35m" COLOR_CYAN = "\x1b[36m" COLOR_RESET = "\x1b[0m" BOLD = "\x1b[1m" RESET_BOLD = "\x1b[22m" class Jigsaw: def __init__(self): self.dealer = Random() def get_piece(self): return self./post/sr25-lights/Thu, 17 Jul 2025 19:31:16 +0100/post/sr25-lights/Click to expand challenge code from hashlib import sha256 from Crypto.Util.number import bytes_to_long, long_to_bytes from random import randint from Crypto.Cipher import AES from Crypto.Util.Padding import pad import json FLAG = b"FL1TZ{??????????????????????????}" p = 0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377 a = -3 b = 27 E = EllipticCurve(GF(p), [a,b]) G = E.gens()[0] j = E.j_invariant() def gen_random_number(): while True: P = E.random_point() if P.order() > j: break return bytes_to_long(sha256(long_to_bytes(int(P.xy()[0]))).digest()[:8]) def derive_key_iv(secret): key = sha256(long_to_bytes(secret))./post/sr25-eob/Thu, 17 Jul 2025 18:48:16 +0100/post/sr25-eob/Click to expand challenge code package main import ( "bufio" "crypto/rand" "encoding/hex" "fmt" "log" "math/big" "net" "strings" ) const LEN = 31 const MASK = (1 << LEN) - 1 const FLAG = "FL1TZ{?????????????????????????????}" var taps1 = []int{/*?, ?, ?, ?*/} var taps2 = []int{/*?, ?, ?, ?*/} type LFSR struct { state uint64 taps []int count int } func (l *LFSR) rekey(newseed uint64) { l.state = newseed } func newLFSR(taps []int) *LFSR { seed := genRandSeed() return &LFSR{state: seed, taps: taps} } func (l *LFSR)lfsrStep() uint8 { feedback := uint64(0) if l./post/sr25-novacain/Thu, 17 Jul 2025 18:06:16 +0100/post/sr25-novacain/Click to expand challenge code #!/usr/bin/env python3 """ Prove you know a satisfying assignment without revealing it—1 take per round, no pain. Protocol (each round): 1) Commit to each bit of your assignment. 2) I'll challenge you >:) 3) I'll pen either the full assignment or just the clause bits. 4) Survive all 128 rounds, and I might just give yout the flag. """ import random import hashlib from Crypto./post/sr25-puppet/Thu, 17 Jul 2025 17:57:16 +0100/post/sr25-puppet/Click to expand challenge code import os import secrets import sys import time from Crypto.Cipher import AES from Crypto.Util.Padding import pad, unpad SERVER_KEY = secrets.token_bytes(16) FLAG = os.environ.get("FLAG", "FL1TZ{????????????}") def issue_token(user_id: str) -> bytes: iv = secrets.token_bytes(16) payload = f"uid={user_id}&role=puppet".encode() cipher = AES.new(SERVER_KEY, AES.MODE_CBC, iv=iv) return iv + cipher.encrypt(pad(payload,16)) def check_token(token: bytes) -> str: iv = token[:16] ct = token[16:] cipher = AES.new(SERVER_KEY, AES.MODE_CBC, iv=iv) pt = cipher.decrypt(ct) print(f"Decrypted token: {pt!/post/sr25-ok-computer/Thu, 17 Jul 2025 17:22:16 +0100/post/sr25-ok-computer/Click to expand challenge code from Crypto.Util.number import getPrime, bytes_to_long flag = "FL1TZ{*********}" p = getPrime(512) q = getPrime(512) n = p * q e = 5 m = bytes_to_long(flag.encode()) c = pow(m, e, n) data = { "n": n, "e": e, "c": c } with open("computer.json", "w") as f: import json json.dump(data, f, indent=4) Since this CTF was destined to be pretty advanced, I didn’t want beginner players to leave with 0 solves./post/l3ak-oracle/Mon, 14 Jul 2025 19:47:16 +0100/post/l3ak-oracle/This challenge was a standard Hidden Number Problem dressed up in fantasy cosplay. The objective was clear: uncover a hidden value $\alpha$ using Babai's CVP algorithm Challenge Overview The challenge spins up a remote service that hands out: p: A 256-bit prime modulus. n: The bit length of p, which is 256. k: The number of bits to be leaked, calculated as int(n**0.5) + n.bit_length() + 1, which comes out to 26./post/l3ak-puzzle4/Mon, 14 Jul 2025 18:27:16 +0100/post/l3ak-puzzle4/Just when we thought we had the system figured out, the authors straight up yeeted the crutch from underneath us: the reference image. The url field in the API response was some nonesense that led nowhere. We were essentially flying blind. This challenge was a two-act play. First, solve a jigsaw puzzle with no picture on the box, that would award us with the source code for the platform. Second, use that source code to scout for a vulnerability that would yield us the flag./post/l3ak-puzzle3/Mon, 14 Jul 2025 17:55:16 +0100/post/l3ak-puzzle3/So, you saw how we handled the last puzzle. It was flashy, watching the browser solve itself was a neat party trick, but it’s hella inefficient. Relying on Selenium to brute-force the DOM with clicks felt like using a sledgehammer for brain surgery. For this next stage, the puzzles got harder and the timer got drastically shorter. It was time to evolve. As hinted before, we knew there was a backend API./post/l3ak-puzzle2/Mon, 14 Jul 2025 17:17:16 +0100/post/l3ak-puzzle2/This is the second challenge in a 5-part series involving solving a scrablmed image puzzles (10 of them in this case) in record time, for the most part. The first part is solvable manually, but this level increases the number of pieces and reduces the time limit for each puzzle, making atomation the clear path forward. Hint Discovery Initial analysis of the web page revealed hint. The <h1> element containing the puzzle’s title was also an <a> tag, linking to an external site (which is X, but not always)./post/r3coin/Tue, 08 Jul 2025 18:02:16 +0100/post/r3coin/This challenge involves a blockchain-like system that uses a chameleon hash function for transaction integrity. The goal is to exploit the chameleon hash properties to forge a transaction “Selling|flag|x” that allows us to buy the flag. Mechanics The app lets up perform a set of actions to interact with the chain: Work: Gives us some money Buy Gift: Appends a “Buy” entry followed by a “Selling|gift|100” onto the chain Refund oldest: Turns the oldest “Buy” transaction into a “Work|x” entry by internally forging a satisfying hash.