• UMassCTF 2022 - HatMash

    Cryptography – 500 pts (1 solve) – Chall author: Polymero (me)

    What do you mean “We think you spend too much time with matrices.”? It’s just a hash function, jeez…

  • HackPack CTF 2022 - P(ai)^3

    Cryptography – 469 pts (15 solves) – Chall author: Polymero (me)

    Pai-ai-ai… My Paillier scheme seems to be broken and I stored my favourite flag in it. Please help me get it back, will you? Who could have guessed this would ever happen? … Me… I- I wrote it… yeah.

  • HackPack CTF 2022 - Repeating Offense

    Cryptography – 443 pts (20 solves) – Chall author: Polymero (me)

    One-time oracles using RSA or Paillier are not a great idea due to those slippery mathemagicians… I would like to see them slip their way through RSA AND Paillier! After all, you cannot rob two banks at the same time. … What?


  • K3RN3LCTF 2021 - Game of Secrets

    Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)

    “John wants to play a game, a game of secrets. Recover his secret or be encrypted.”

  • K3RN3LCTF 2021 - HADIOR

    Cryptography – 499 pts (3 solves) – Chall author: Polymero (me)

    “HADIOR will hold the DOOR.”

  • K3RN3LCTF 2021 - Shrine of the Sweating Buddha

    Cryptography – 500 pts (0 solves) – Chall author: Polymero (me)

    “Welcome to the Shrine of the Sweating Buddha. Share the burden of your worries, my child ~~~.”

    Hint: share some (7) of your worries and perhaps your fortune will guide you to the flag.

  • K3RN3LCTF 2021 - Tick Tock

    Cryptography – 496 pts (6 solves) – Chall author: Polymero (me)

    “I chopped up my flag and hid it behind this simple key exchange. Try dlogging your way in if you are brave enough!”

  • K3RN3LCTF 2021 - Total Encryption

    Cryptography – 500 pts (0 solves) – Chall author: Polymero (me)

    “To store our most embarrassing secrets, we created a Remote Secure Armoury protected by layered RSA encryption with XOR blinding. Never again will my friends be able to mock me for my use of words!”

  • K3RN3LCTF 2021 - Beecryption

    Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)

    I was watching the bees and it seemed as if they were trying to tell me something… Have I finally gone crazy?!?

  • K3RN3LCTF 2021 - Poly Expo go BRRRRR

    Cryptography – 494 pts (9 solves) – Chall author: Polymero (me)

    “I’m going to say this again: I did not have sexual relations with that polynomial, Miss Polinsky.”

  • K3RN3LCTF 2021 - Poly-Proof

    Cryptography – 490 pts (11 solves) – Chall author: Polymero (me)

    They asked me to set up a zero-knowledge proof that runs in polynomial time. I don’t know what that means but I assume they want me to use polynomials, right?

  • K3RN3LCTF 2021 - lightningrod

    Reverse Engineering – 499 pts (3 solves) – Chall author: Polymero (me)

    “Warning: Weather Control Device detected! ZAP ZAP [insert conscript_death.mp3 here]”

    “Note: there is a typo in the flag, sorry >m<.”

  • K3RN3LCTF 2021 - 1-800-758-6237

    Cryptography – 437 pts (28 solves) – Chall author: Polymero (me)


  • K3RN3LCTF 2021 - Ain't no Mountain High Enough

    Cryptography – 500 pts (1 solve) – Chall author: Polymero (me)

    “Hills are easy to climb, but mountains? Hoho, they sure are something else!”

  • K3RN3LCTF 2021 - Cozzmic Dizzcovery

    Cryptography – 499 pts (3 solves) – Chall author: Polymero (me)

    “See that comb over there? It came from that meteorite I mentioned yesterday. Take a look at this, if I send bytes in, different bytes come out! Then there’s this button that seems to just produce random bytes… I’m absolutely stumped :S”

  • K3RN3LCTF 2021 - Non-Square Freedom (1 and 2)

    Cryptography – 465 pts (21 solves) and 490 pts (11 solves) – Chall author: Polymero (me)

    “What can I say, I just like squares.”

  • K3RN3LCTF 2021 - Objection!

    Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)

    “Looks like Harry is hoarding his flags again… Maybe he will stop if we can convince him both Alice and Carlo dislike hoarding too. Alice and Carlo, being stereotypical CTF admins, are not responding to your complaints. Guess you will just have to answer for them… Luckily, I managed to secure you a channel to the domain controller of the CTF server.”

  • K3RN3LCTF 2021 - Twizzty Buzzinezz

    Cryptography – 100 pts (116 solves) – Chall author: Polymero (me)

    “Some bees convinced me to invest in their new cryptosystem. They zzzaid their new XOR keyzztream would revolutionizzze the crypto market. However, they quickly buzzed away so all I have is this weird flyer they dropped. Luckily it has some source code on the back.”
    “Have I just really been scammed by some bees??”

  • WORMCON 0x01 2021 - Exclusive

    Cryptography – 100 pts (25 solves) – Chall author: BUILDYOURCTF

    A home-rolled XOR cipher with a stunning key space of 1 byte, yes a total of 256 different keys. That just asks to be brute-forced and so that is exactly what we will do. Try out all the keys and get our flag.

  • WORMCON 0x01 2021 - Fake Encryption

    Cryptography – 379 pts (12 solves) – Chall author: BUILDYOURCTF

    A PNG containing the flag is first encrypted with DES-ECB, then another copy is first shuffled in blocks of 8 bytes followed by the same encryption. We are given the encrypted flag PNG and both the raw and encrypted shuffled PNGs. Due to the nature of the ECB mode and the DES block size being 8 bytes, we are able to easily recover the original flag PNG.

  • WORMCON 0x01 2021 - Invisible Cipher

    Cryptography – 419 pts (10 solves) – Chall author: BUILDYOURCTF

    Simple substitution cipher that can be assessed through frequency analysis. Or for the more busy (‘lazy’) people under us, a combination of quick frequency analysis and Quipqiup will do the trick just fine!

  • RACTF 2021 - Military Grade

    Crypto-Web – 300 pts (48 solves) – Chall author: Unknown

    Seeding your PRNG function with the current time is never a good idea, although using nanosecond precision might make the possible space large enough to discourage brute-forcing. It will however, get completely ruined if you use a mask such as the owner of this website. S M H The only security here is the fact that the source code is written in Go. heh take that Go!

  • corCTF 2021 - 4096

    Cryptography – 360 pts (219 solves) – Chall author: qopruzjf

    Having many bits in your RSA modulus sounds great, but its security is defined by its generation. And let me tell you, using a load of small primes is not the way too go! The modulus can easily be factored and hence the ciphertext decrypted.

  • corCTF 2021 - LCG_k

    Cryptography – 489 pts (25 solves) – Chall author: qopruzjf

    When it comes to signatures, proper randomness is essential. A standard Linear Congruential Generator is not good enough, not by a long shot. In fact, we only need a total of four signatures from the server to completely break it and be able to forge any signature we want ourselves.

  • corCTF 2021 - babypad

    Cryptography – 484 pts (35 solves) – Chall author: willwam845

    A clean AES-CTR Padding Oracle Attack challenge, no hurdles, no bs. We can send cipher texts to the server and it will tell us whether or not it succeeded to unpad the decrypted cipher text. This allows us to straight up use the server as a padding oracle to decrypt the encrypted flag.

  • corCTF 2021 - babyrsa

    Cryptography – 476 pts (50 solves) – Chall author: willwam845

    Somebody leaked a screenshot of a Discord chat with the author’s RSA modulus primes! Well, partially… Turns out we are missing some of the digits, but not enough to stop us from recovering his private exponent and steal his flag. >:)

  • corCTF 2021 - bank

    Cryptography – 489 pts (25 solves) – Chall author: quintec

    A new and upcoming bank called ‘CoR Bank’ is using the most recent cryptographic security, quantum cryptography! We even get a whole free dollar :). There is only one small problem for them, we are allowed to fidget with our qubits. And as usual, we are up to no good.

  • UIUCTF 2021 - Constructive Criticism

    Misc – 408 pts (14 solves) – Chall author: Pranav Goel

    Some lo-fi bops on Soundcloud seem to be hiding something. There are cuts in the song where the emphasis jumps from one stereo-channel to the other. Turns out the separate channels in the WAV files are not exactly the same. At some parts they align, and at others they are slightly different. Visualising this difference reveals a bit-like structure which we decode in order to obtain the flag! A unique challenge for sure!

  • UIUCTF 2021 - Q-Rious Transmissions

    Misc – 322 pts (23 solves) – Chall author: boron

    Alice and Bob have shared two entangled qubits, which they use to transfer data between them using what appears to be similar to superdense coding (but without sending any qubits). Given only Alice’s operations on her own qubit, can we reconstruct what she send to Bob? Can we, or can we not? You won’t know until you collapse the state of this write-up. ;)

  • ImaginaryCTF 2021 - Cookie Stream

    Web – 150 pts (86 solves) – Chall author: Eth007

    A classic example of how not to use a cookie-based login system for your webpage, how not to hash stored passwords, and how not to create passwords to begin with… A singular un-salted hashed password is easy to recognise and reverse. Being able to login succesfully to a non-admin account we steal its cookie and bit-flip our way to the admin page!

  • ImaginaryCTF 2021 - New Technology

    Cryptography – 300 pts (50 solves) – Chall author: Robin_Jadoul

    This challenge is a prime example of why exploring (a local version of) the provided code can lead you to the flag, without at all understanding what is going on. I show you how I found the solution, I proof that it is indeed the solution, without touching any of the underlying math. Che… who needs number theory anyway?

  • ImaginaryCTF 2021 - Prisoner's Dilemma

    Misc – 200 pts (63 solves) – Chall author: Robin_Jadoul

    A fun little VIM jail. Most of our ways out are blocked by mapping the necessary keys to nothing. Even if we do get out, the connection is immediately broken. Luckily, there is still a way we can get to ex-mode to escape.

  • ImaginaryCTF 2021 - Mazed

    Misc – 225 pts (38 solves) – Chall author: puzzler7

    This cheeky server taunts us with a 4D maze of length 10, so a total of 10x10x10x10 tiles. We start in one corner, with the flag in the other. Because there is only a time limit of 10 seconds and not a limit on the number of moves through the maze, we can just calculate a brute-force solution. Not exactly elegant, but there is no need to be this time.

  • ImaginaryCTF 2021 - Password Checker

    Web – 450 pts (15 solves) – Chall author: Zyphen

    An online ‘password checker’ with some (regex) obfuscated verification function. Running it through any online deobfuscator reveals the internal structure of the code. Some additional cleaning allows us to recover the restrictions on the input for us to get the flag. I chose to opt for brute-force (I like it rough x/) and to abuse the most ingenious invention of humankind, language.

  • ImaginaryCTF 2021 - ZKPoD

    Cryptography – 400 pts (19 solves) – Chall author: Robin_Jadoul

    Sending a cipher text to the server returns a flawed ‘Zero Knowledge Proof of Decryption’. This ZKPoD protocol however leaks the parity of the decrypted cipher text, allowing us to abuse the server as a LSB oracle. Using a rather straightforward attack we can recover the decrypted flag in O(2*2log(n)) (~4096) server calls. Lucky for us, plumbers are typically slow to arrive ;).

  • San Diego CTF 2021 - Desmos Pro

    Reversing – 799 pts (5 solves) – Chall author: k3v1n

    Math lock created in Desmos. Reversable through mathematical investigation.

  • Foobar CTF 2021 - Back to the future

    Cryptography – 453 pts (13 solves) – Chall author: Brad Hawk

    In order to enter the ‘sanctum sanctorum’ we need to predict a random output. The random module is seeded by a hidden value, which can be retrieved through RSA encryption (e=4) of the time() plus the hidden value.

  • Foobar CTF 2021 - Hill-Kill

    Cryptography – 436 pts (15 solves)

    Iterative Hill cipher server challenge, given ciphertext and key.

  • Foobar CTF 2021 - Intern

    Cryptography – 461 pts (12 solves)

    RSA with public exponent e=3, allowing us to use Franklin-Reiter related message attack. The caveat is that the (related) messages are created by adding a random number, generated by a LCG, to the integer flag. By reconstructing the LCG we can apply our attack and recover the flag.

  • Foobar CTF 2021 - Pascal's Chemistry Lab

    Cryptography – 453 pts (13 solves)

    Paillier encryption with trivial factorisation of the modulus.

  • NetOn CTF 2021 - BritishScientific

    Cryptography – 242 pts (11 solves) – Chall author: Wozen

    Playfair cipher with hinted key in challenge flavourtext.

  • NetOn CTF 2021 - Facts Br0!

    Cryptography – 244 pts (10 solves) – Chall author: N0xi0us

    Importing the PEM key file we find a very short public key, which we trivially factorise using online tools.

  • NetOn CTF 2021 - Gotta catch em flag

    Misc – 248 pts (6 solves) – Chall author: Troyano

    A flag hidden inside a Pokémon game, more like Pogémon amirite…

  • NetOn CTF 2021 - Grades

    Web – 486 pts (10 solves) – Chall author: Raulet

    Easily reversible encryption function behind obfuscation, yuckie.

  • NetOn CTF 2021 - Let me in!

    Web – 245 pts (9 solves) – Chall author: X4v1l0k

    Captchas connected to PHP session cookies are not a secure idea, so let’s break in!

  • NetOn CTF 2021 - Limited

    Pwn – 499 pts (4 solves) – Chall author: X4v1l0k

    Flag is locked behind a 3-digit code, which can be trivially brute-forced.

  • NetOn CTF 2021 - MathTomata

    Misc – 245 pts (9 solves) – Chall author: Nikeley

    A finite-state machine construction with a solution that itself is the flag.

  • NetOn CTF 2021 - PawN PawN

    Cryptography – 188 pts (29 solves) – Chall author: eljoselillo7

    Some morse and chess board encodings.

  • NetOn CTF 2021 - Picnicnic

    Web – 222 pts (20 solves) – Chall author: eljoselillo7

    Simple cookie trail containing base64 encoded pieces of the flag.

  • NetOn CTF 2021 - RSA... no primEs, no problEm

    Cryptography – 500 pts (2 solves) – Chall author: isHaacK

    Given both the public key and the secret value phi(n) we can derive the private component. There is one catch though, we do not know the public exponent… but we can just try until we find the right value.

  • NetOn CTF 2021 - Run Run Run

    Misc-Web – 215 pts (22 solves) – Chall author: X4v1l0k

    Scripting to read and solve randomised equations on a website.

  • NetOn CTF 2021 - SecretMessage

    Cryptography – 247 pts (8 solves) – Chall author: X4v1l0k

    Simple reversing of a custom encryption function.

  • NetOn CTF 2021 - Step by step

    Web – 239 pts (13 solves) – Chall author: X4v1l0k

    The website leaks when we have a correct substring of the flag, so we can brute-force our way to the full flag.

  • NetOn CTF 2021 - Weak xor

    Cryptography – 239 pts (13 solves) – Chall author: N0xi0us

    XOR with known plaintext allows us to easily recover the key.

  • NetOn CTF 2021 - Welcome to Filterland

    Web – 208 pts (24 solves) – Chall author: eljoselillo7

    Simple web challenge where we need to bypass the PHP strcmp() function.

  • UMass CTF 2021 - Weird RSA

    Cryptography – 500 pts (10 solves) – Chall author: Soul

    Augmented RSA encryption algorithm using the Lucas Sequence, also known as the LUC-Cryptosystem, combined with weak prime generations that allows for Fermat factorisation.