{
"decryptions": [
"Chungus is the god of thunder.",
"Earl grey tea is good for him.",
"March is a cold season for me.",
"Go and watch boba fett please.",
"I am someone who likes to eat!",
"Professor Katz taught me this.",
"All I got on the exam was a B.",
"Cryptography is a cool course!"
],
"key": "8a619ee676527b384a9fd54f505bab0bbecc96316d2c4fc49a3dbc5af2d5"
}
import hashlib
if __name__ == '__main__':
plaintexts = [
"Chungus is the god of thunder.",
"Earl grey tea is good for him.",
"March is a cold season for me.",
"Go and watch boba fett please.",
"I am someone who likes to eat!",
"Professor Katz taught me this.",
"All I got on the exam was a B.",
"Cryptography is a cool course!"
]
pt_str = ''
for pt in plaintexts:
pt_str += pt
print('UMDCTF{' + hashlib.md5(pt_str.encode()).hexdigest() + '}')
Flag : UMDCTF{0a46e0b2b19dc21b5c15435653ffed67}
Vigenere Xor
Bài cung cấp 3 file encrypt.py, keygen.py và ciphertext.txt
encrypt.py
import random
from binascii import unhexlify, hexlify
KEY_LEN = [REDACTED]
with open('plaintext.txt', 'r') as f:
pt = f.read()
with open('key.hex', 'r') as f:
key = unhexlify(f.read().strip())
ct_bytes = []
for i in range(len(pt)):
ct_bytes.append(ord(pt[i]) ^ key[i % KEY_LEN])
ct = bytes(ct_bytes)
print(hexlify(ct).decode() + '\n')
with open('ciphertext.txt', 'w') as f:
f.write(hexlify(ct).decode() + '\n')
keygen.py
import random
from binascii import hexlify
KEY_LEN = [REDACTED]
keybytes = []
for _ in range(KEY_LEN):
keybytes.append(random.randrange(0,255))
print(f'key = {bytes(keybytes)}')
key = hexlify(bytes(keybytes)).decode()
with open('key.hex', 'w') as f:
print(f'key = {key}')
f.write(key + '\n')
Sau khi up file ta thấy len key = 29 là xác suất cao nhất và dowload file đầu về
f = open('c544ff71-85ae-4e83-8533-bf83e24cdc7d','rb')
print(f.read())
#b'okay, kid im done. i doubt you even have basic knowlege of hacking. i doul boot linux so i can run my scripts. you made a big mistake of replying to my comment without using a proxy, because i\'m already tracking youre ip. since ur so hacking iliterate, that means internet protocol. once i find your ip i can easily install a backdoor trojan into your pc, not to mention your email will be in my hands. dont even bother turning off your pc, because i can rout malware into your power system so i can turn your excuse of a computer on at any time. it might be a good time to cancel your credit card since ill have that too. if i wanted i could release your home information onto my secure irc chat and maybe if your unlucky someone will come knocking at your door. id highly suggest you take your little comment about me back since i am no script kiddie. i know java and c++ fluently and make my own scripts and source code. because im a nice guy ill give you a chance to take it back (UMDCTF{d1d_y0u_use_k4s!sk1_0r_IoC???}). you have 4 hours in unix time, clock is ticking. ill let you know when the time is up by sending you an email to [redacted] which I aquired with a java program i just wrote. see you then :) You think it\'s funny to take screenshots of people\'s NFTs, huh? Property theft is a joke to you? I\'ll have you know that the blockchain doesn\'t lie. I own it. Even if you save it, it\'s my property. You are mad that you don\'t own the art that I own. Delete that screenshot.Identity theft is not a joke, Jim! Millions of families suffer every year! But I must explain to you how all this mistaken idea of denouncing pleasure and praising pain was born and I will give you a complete account of the system, and expound the actual teachings of the great explorer of the truth, the master-builder of human happiness. No one rejects, dislikes, or avoids pleasure itself, because it is pleasure, but because those who do not know how to pursue pleasure rationally encounter consequences that are extremely painful. Nor again is there anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain some advantage from it? But who has any right to find fault with a man who chooses to enjoy a pleasure that has no annoying consequences, or one who avoids a pain that produces no resultant pleasure? On the other hand, we denounce with righteous indignation and dislike men who are so beguiled and demoralized by the charms of pleasure of the moment, so blinded by desire, that they cannot foresee the pain and trouble that are bound to ensue; and equal blame belongs to those who fail in their duty through weakness of will, which is the same as saying through shrinking from toil and pain. These cases are perfectly simple and easy to distinguish. In a free hour, when our power of choice is untrammelled and when nothing prevents our being able to do what we like best, every pleasure is to be welcomed and every pain avoided. But in certain circumstances and owing to the claims of duty or the obligations of business it will frequently occur that pleasures have to be repudiated and annoyances accepted. The wise man therefore always holds in these matters to this principle of selection: he rejects pleasures to secure other greater pleasures, or else he endures pains to avoid worse pains. Explaining that his gambling associate was otherwise a perfectly pleasant individual, local man Jim Hameroff, 49, told reporters Tuesday that his bookie could be a real jerk when he didn\'t get his money. "I tell you, my bookie gets a real bee in his bonnet anytime I don\'t pay him, or I come up short by a couple hundred bucks," said Hameroff, noting that the bookmaker would be his best friend one minute, when a boxing match was coming up, but a bit of a prick the next, when he didn\'t get his cash right away. "Everything can be peachy keen, but then I\'m a few weeks late with a payment, and suddenly, he turns into a big, mean grump, dangling me over a balcony railing or threatening to break my ankles. Now, I admit that I can be a little emotional myself sometimes, but it\'s usually in response to him screaming while pointing a gun at my head and threatening to kill my family if he doesn\'t get paid." Hameroff added that despite the bookie\'s mercurial disposition, he was always full of encouragement when it came to betting on a 16-to-one underdog, for which Hameroff was appreciative, because that kind of support could be hard to find.\n\n'
from Crypto.Util.number import *
m = 13150845956946746250100902536397018956586635593211871208044657052203700247804915093769142842837480650899265765067875045299371455492088973745784909770225372976654867869388810440016413411764612140929528084880556753780289854448170958922561820646834578498463382083172252932802500425581388905633207267376839019667837
print(long_to_bytes(m))
output
b"I'm just patiently waiting for someone to finally be able to decrypt this message. UMDCTF{y0u_r3ally_kn0w_y0ur_br04dc45t_4tt4ck!}"
Flag : UMDCTF{y0u_r3ally_kn0w_y0ur_br04dc45t_4tt4ck!}
MTP
Bài cung cấp file
ciphertexts.txt
:Dạng này là many time pad nên khi đi lục lọi mình có tìm được 1 tool khá hay : https://github.com/CameronLonsdale/MTP
Enter và tiếp tục chỉnh sửa sao cho hợp lý thôi
Sau đó nhấn
ESC
và chọnExport
thôiKiểm tra file
result.json
ta được kết quả :Flag :
UMDCTF{0a46e0b2b19dc21b5c15435653ffed67}
Vigenere Xor
Bài cung cấp 3 file
encrypt.py
,keygen.py
vàciphertext.txt
encrypt.py
keygen.py
Ciphertext.txt
Ta thấy ciphertext rất dài và xor với key thì đây là dạng
Xor + Frequency analysis
nhé !Đầu tiên ta đọc dữ liệu và ghi vào
cpt
Đến đây ta có 2 cách :
Cách 1 : Đưa lên https://wiremask.eu/tools/xor-cracker/
Sau khi up file ta thấy len key = 29 là xác suất cao nhất và dowload file đầu về
Flag :
UMDCTF{d1d_y0u_use_k4s!sk1_0r_IoC???}
Cách 2 : Dùng https://github.com/hellman/xortool
Snowden
Bài RSA này khi nc vào thì sẽ trả về n,e,c với n khác nhau và e chạy loanh quanh trong mấy giá trị [21,23,25,29,31,..], c = m^e
Dễ thấy nếu e giống nhau (Hastad Broadcast Attack) thì ta dùng CRT và căn e là ra flag
output
output
output
Flag :
UMDCTF{y0u_r3ally_kn0w_y0ur_br04dc45t_4tt4ck!}