2022

UMassCTF 2022  HatMash
Cryptography – 500 pts (1 solve) – Chall author: Polymero (me)
What do you mean “We think you spend too much time with matrices.”? It’s just a hash function, jeez…

HackPack CTF 2022  P(ai)^3
Cryptography – 469 pts (15 solves) – Chall author: Polymero (me)
Paiaiai… My Paillier scheme seems to be broken and I stored my favourite flag in it. Please help me get it back, will you? Who could have guessed this would ever happen? … Me… I I wrote it… yeah.

HackPack CTF 2022  Repeating Offense
Cryptography – 443 pts (20 solves) – Chall author: Polymero (me)
Onetime oracles using RSA or Paillier are not a great idea due to those slippery mathemagicians… I would like to see them slip their way through RSA AND Paillier! After all, you cannot rob two banks at the same time. … What?
2021

K3RN3LCTF 2021  Game of Secrets
Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)
“John wants to play a game, a game of secrets. Recover his secret or be encrypted.”

K3RN3LCTF 2021  HADIOR
Cryptography – 499 pts (3 solves) – Chall author: Polymero (me)
“HADIOR will hold the DOOR.”

K3RN3LCTF 2021  Shrine of the Sweating Buddha
Cryptography – 500 pts (0 solves) – Chall author: Polymero (me)
“Welcome to the Shrine of the Sweating Buddha. Share the burden of your worries, my child ~~~.”
Hint: share some (7) of your worries and perhaps your fortune will guide you to the flag.

K3RN3LCTF 2021  Tick Tock
Cryptography – 496 pts (6 solves) – Chall author: Polymero (me)
“I chopped up my flag and hid it behind this simple key exchange. Try dlogging your way in if you are brave enough!”

K3RN3LCTF 2021  Total Encryption
Cryptography – 500 pts (0 solves) – Chall author: Polymero (me)
“To store our most embarrassing secrets, we created a Remote Secure Armoury protected by layered RSA encryption with XOR blinding. Never again will my friends be able to mock me for my use of words!”

K3RN3LCTF 2021  Beecryption
Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)
I was watching the bees and it seemed as if they were trying to tell me something… Have I finally gone crazy?!?

K3RN3LCTF 2021  Poly Expo go BRRRRR
Cryptography – 494 pts (9 solves) – Chall author: Polymero (me)
“I’m going to say this again: I did not have sexual relations with that polynomial, Miss Polinsky.”

K3RN3LCTF 2021  PolyProof
Cryptography – 490 pts (11 solves) – Chall author: Polymero (me)
They asked me to set up a zeroknowledge proof that runs in polynomial time. I don’t know what that means but I assume they want me to use polynomials, right?

K3RN3LCTF 2021  lightningrod
Reverse Engineering – 499 pts (3 solves) – Chall author: Polymero (me)
“Warning: Weather Control Device detected! ZAP ZAP [insert conscript_death.mp3 here]”
“Note: there is a typo in the flag, sorry >m<.”

K3RN3LCTF 2021  18007586237
Cryptography – 437 pts (28 solves) – Chall author: Polymero (me)
“I NEED A PLUMBER ASAP, MY FLAG IS LEAKING ALL OVER THE PLACE!!!”

K3RN3LCTF 2021  Ain't no Mountain High Enough
Cryptography – 500 pts (1 solve) – Chall author: Polymero (me)
“Hills are easy to climb, but mountains? Hoho, they sure are something else!”

K3RN3LCTF 2021  Cozzmic Dizzcovery
Cryptography – 499 pts (3 solves) – Chall author: Polymero (me)
“See that comb over there? It came from that meteorite I mentioned yesterday. Take a look at this, if I send bytes in, different bytes come out! Then there’s this button that seems to just produce random bytes… I’m absolutely stumped :S”

K3RN3LCTF 2021  NonSquare Freedom (1 and 2)
Cryptography – 465 pts (21 solves) and 490 pts (11 solves) – Chall author: Polymero (me)
“What can I say, I just like squares.”

K3RN3LCTF 2021  Objection!
Cryptography – 500 pts (2 solves) – Chall author: Polymero (me)
“Looks like Harry is hoarding his flags again… Maybe he will stop if we can convince him both Alice and Carlo dislike hoarding too. Alice and Carlo, being stereotypical CTF admins, are not responding to your complaints. Guess you will just have to answer for them… Luckily, I managed to secure you a channel to the domain controller of the CTF server.”

K3RN3LCTF 2021  Twizzty Buzzinezz
Cryptography – 100 pts (116 solves) – Chall author: Polymero (me)
“Some bees convinced me to invest in their new cryptosystem. They zzzaid their new XOR keyzztream would revolutionizzze the crypto market. However, they quickly buzzed away so all I have is this weird flyer they dropped. Luckily it has some source code on the back.”
“Have I just really been scammed by some bees??” 
WORMCON 0x01 2021  Exclusive
Cryptography – 100 pts (25 solves) – Chall author: BUILDYOURCTF
A homerolled XOR cipher with a stunning key space of 1 byte, yes a total of 256 different keys. That just asks to be bruteforced and so that is exactly what we will do. Try out all the keys and get our flag.

WORMCON 0x01 2021  Fake Encryption
Cryptography – 379 pts (12 solves) – Chall author: BUILDYOURCTF
A PNG containing the flag is first encrypted with DESECB, then another copy is first shuffled in blocks of 8 bytes followed by the same encryption. We are given the encrypted flag PNG and both the raw and encrypted shuffled PNGs. Due to the nature of the ECB mode and the DES block size being 8 bytes, we are able to easily recover the original flag PNG.

WORMCON 0x01 2021  Invisible Cipher
Cryptography – 419 pts (10 solves) – Chall author: BUILDYOURCTF
Simple substitution cipher that can be assessed through frequency analysis. Or for the more busy (‘lazy’) people under us, a combination of quick frequency analysis and Quipqiup will do the trick just fine!

RACTF 2021  Military Grade
CryptoWeb – 300 pts (48 solves) – Chall author: Unknown
Seeding your PRNG function with the current time is never a good idea, although using nanosecond precision might make the possible space large enough to discourage bruteforcing. It will however, get completely ruined if you use a mask such as the owner of this website. S M H The only security here is the fact that the source code is written in Go. heh take that Go!

corCTF 2021  4096
Cryptography – 360 pts (219 solves) – Chall author: qopruzjf
Having many bits in your RSA modulus sounds great, but its security is defined by its generation. And let me tell you, using a load of small primes is not the way too go! The modulus can easily be factored and hence the ciphertext decrypted.

corCTF 2021  LCG_k
Cryptography – 489 pts (25 solves) – Chall author: qopruzjf
When it comes to signatures, proper randomness is essential. A standard Linear Congruential Generator is not good enough, not by a long shot. In fact, we only need a total of four signatures from the server to completely break it and be able to forge any signature we want ourselves.

corCTF 2021  babypad
Cryptography – 484 pts (35 solves) – Chall author: willwam845
A clean AESCTR Padding Oracle Attack challenge, no hurdles, no bs. We can send cipher texts to the server and it will tell us whether or not it succeeded to unpad the decrypted cipher text. This allows us to straight up use the server as a padding oracle to decrypt the encrypted flag.

corCTF 2021  babyrsa
Cryptography – 476 pts (50 solves) – Chall author: willwam845
Somebody leaked a screenshot of a Discord chat with the author’s RSA modulus primes! Well, partially… Turns out we are missing some of the digits, but not enough to stop us from recovering his private exponent and steal his flag. >:)

corCTF 2021  bank
Cryptography – 489 pts (25 solves) – Chall author: quintec
A new and upcoming bank called ‘CoR Bank’ is using the most recent cryptographic security, quantum cryptography! We even get a whole free dollar :). There is only one small problem for them, we are allowed to fidget with our qubits. And as usual, we are up to no good.

UIUCTF 2021  Constructive Criticism
Misc – 408 pts (14 solves) – Chall author: Pranav Goel
Some lofi bops on Soundcloud seem to be hiding something. There are cuts in the song where the emphasis jumps from one stereochannel to the other. Turns out the separate channels in the WAV files are not exactly the same. At some parts they align, and at others they are slightly different. Visualising this difference reveals a bitlike structure which we decode in order to obtain the flag! A unique challenge for sure!

UIUCTF 2021  QRious Transmissions
Misc – 322 pts (23 solves) – Chall author: boron
Alice and Bob have shared two entangled qubits, which they use to transfer data between them using what appears to be similar to superdense coding (but without sending any qubits). Given only Alice’s operations on her own qubit, can we reconstruct what she send to Bob? Can we, or can we not? You won’t know until you collapse the state of this writeup. ;)

ImaginaryCTF 2021  Cookie Stream
Web – 150 pts (86 solves) – Chall author: Eth007
A classic example of how not to use a cookiebased login system for your webpage, how not to hash stored passwords, and how not to create passwords to begin with… A singular unsalted hashed password is easy to recognise and reverse. Being able to login succesfully to a nonadmin account we steal its cookie and bitflip our way to the admin page!

ImaginaryCTF 2021  New Technology
Cryptography – 300 pts (50 solves) – Chall author: Robin_Jadoul
This challenge is a prime example of why exploring (a local version of) the provided code can lead you to the flag, without at all understanding what is going on. I show you how I found the solution, I proof that it is indeed the solution, without touching any of the underlying math. Che… who needs number theory anyway?

ImaginaryCTF 2021  Prisoner's Dilemma
Misc – 200 pts (63 solves) – Chall author: Robin_Jadoul
A fun little VIM jail. Most of our ways out are blocked by mapping the necessary keys to nothing. Even if we do get out, the connection is immediately broken. Luckily, there is still a way we can get to exmode to escape.

ImaginaryCTF 2021  Mazed
Misc – 225 pts (38 solves) – Chall author: puzzler7
This cheeky server taunts us with a 4D maze of length 10, so a total of 10x10x10x10 tiles. We start in one corner, with the flag in the other. Because there is only a time limit of 10 seconds and not a limit on the number of moves through the maze, we can just calculate a bruteforce solution. Not exactly elegant, but there is no need to be this time.

ImaginaryCTF 2021  Password Checker
Web – 450 pts (15 solves) – Chall author: Zyphen
An online ‘password checker’ with some (regex) obfuscated verification function. Running it through any online deobfuscator reveals the internal structure of the code. Some additional cleaning allows us to recover the restrictions on the input for us to get the flag. I chose to opt for bruteforce (I like it rough x/) and to abuse the most ingenious invention of humankind, language.

ImaginaryCTF 2021  ZKPoD
Cryptography – 400 pts (19 solves) – Chall author: Robin_Jadoul
Sending a cipher text to the server returns a flawed ‘Zero Knowledge Proof of Decryption’. This ZKPoD protocol however leaks the parity of the decrypted cipher text, allowing us to abuse the server as a LSB oracle. Using a rather straightforward attack we can recover the decrypted flag in O(2*2log(n)) (~4096) server calls. Lucky for us, plumbers are typically slow to arrive ;).

San Diego CTF 2021  Desmos Pro
Reversing – 799 pts (5 solves) – Chall author: k3v1n
Math lock created in Desmos. Reversable through mathematical investigation.

Foobar CTF 2021  Back to the future
Cryptography – 453 pts (13 solves) – Chall author: Brad Hawk
In order to enter the ‘sanctum sanctorum’ we need to predict a random output. The random module is seeded by a hidden value, which can be retrieved through RSA encryption (e=4) of the time() plus the hidden value.

Foobar CTF 2021  HillKill
Cryptography – 436 pts (15 solves)
Iterative Hill cipher server challenge, given ciphertext and key.

Foobar CTF 2021  Intern
Cryptography – 461 pts (12 solves)
RSA with public exponent e=3, allowing us to use FranklinReiter related message attack. The caveat is that the (related) messages are created by adding a random number, generated by a LCG, to the integer flag. By reconstructing the LCG we can apply our attack and recover the flag.

Foobar CTF 2021  Pascal's Chemistry Lab
Cryptography – 453 pts (13 solves)
Paillier encryption with trivial factorisation of the modulus.

NetOn CTF 2021  BritishScientific
Cryptography – 242 pts (11 solves) – Chall author: Wozen
Playfair cipher with hinted key in challenge flavourtext.

NetOn CTF 2021  Facts Br0!
Cryptography – 244 pts (10 solves) – Chall author: N0xi0us
Importing the PEM key file we find a very short public key, which we trivially factorise using online tools.

NetOn CTF 2021  Gotta catch em flag
Misc – 248 pts (6 solves) – Chall author: Troyano
A flag hidden inside a Pokémon game, more like Pogémon amirite…

NetOn CTF 2021  Grades
Web – 486 pts (10 solves) – Chall author: Raulet
Easily reversible encryption function behind obfuscation, yuckie.

NetOn CTF 2021  Let me in!
Web – 245 pts (9 solves) – Chall author: X4v1l0k
Captchas connected to PHP session cookies are not a secure idea, so let’s break in!

NetOn CTF 2021  Limited
Pwn – 499 pts (4 solves) – Chall author: X4v1l0k
Flag is locked behind a 3digit code, which can be trivially bruteforced.

NetOn CTF 2021  MathTomata
Misc – 245 pts (9 solves) – Chall author: Nikeley
A finitestate machine construction with a solution that itself is the flag.

NetOn CTF 2021  PawN PawN
Cryptography – 188 pts (29 solves) – Chall author: eljoselillo7
Some morse and chess board encodings.

NetOn CTF 2021  Picnicnic
Web – 222 pts (20 solves) – Chall author: eljoselillo7
Simple cookie trail containing base64 encoded pieces of the flag.

NetOn CTF 2021  RSA... no primEs, no problEm
Cryptography – 500 pts (2 solves) – Chall author: isHaacK
Given both the public key and the secret value phi(n) we can derive the private component. There is one catch though, we do not know the public exponent… but we can just try until we find the right value.

NetOn CTF 2021  Run Run Run
MiscWeb – 215 pts (22 solves) – Chall author: X4v1l0k
Scripting to read and solve randomised equations on a website.

NetOn CTF 2021  SecretMessage
Cryptography – 247 pts (8 solves) – Chall author: X4v1l0k
Simple reversing of a custom encryption function.

NetOn CTF 2021  Step by step
Web – 239 pts (13 solves) – Chall author: X4v1l0k
The website leaks when we have a correct substring of the flag, so we can bruteforce our way to the full flag.

NetOn CTF 2021  Weak xor
Cryptography – 239 pts (13 solves) – Chall author: N0xi0us
XOR with known plaintext allows us to easily recover the key.

NetOn CTF 2021  Welcome to Filterland
Web – 208 pts (24 solves) – Chall author: eljoselillo7
Simple web challenge where we need to bypass the PHP strcmp() function.

UMass CTF 2021  Weird RSA
Cryptography – 500 pts (10 solves) – Chall author: Soul
Augmented RSA encryption algorithm using the Lucas Sequence, also known as the LUCCryptosystem, combined with weak prime generations that allows for Fermat factorisation.