Mind Your Ps and Qs

James S published on 2022-10-02

Mind Your Ps and Qs picoGym writeup.

Challenges

In RSA, a small e value can be problematic, but what about N? Can you decrypt this?

File given: values

values:

c= 8533139361076999596208540806559574687666062896040360148742851107661304651861689
n= 769457290801263793712740792519696786147248001937382943813345728685422050738403253
e= 65537

Explaination

RSA is an asymmetric cryptographic algorithm. It is called asymmetric because there are 2 keys. Public key are used to encrypt the clear text. Private key on the other hand are used to decrypt the encrypted text.

Information

James S published on 2022-09-30

Information Picogym Writeups

Files can always be changed in a secret way. Can you find the flag?

We were given the file cat.jpg. There’s something called a metadata on some images. Metadata stores basic information about the images. Such as author, time when the picture was taken, color profiles, and many more.

To view the metadata of an images, you can use a tool called exiftool. To install it on Ubuntu or other Debian based system you can use the command: sudo apt install exiftool Or if you are on a arch based system you can use the command: sudo pacman -S perl-image-exiftool Alternatively you can use an online tool to view metadatas.

Pickle Rick TryHackMe Writeup

James S published on 2022-09-11

Pickle Rick TryHackMe Writeup

This is a blog on how i solved Pickle Rick room on tryhackme. Note that i use linux. First i put the machine IP into env using the export command.

export IP=(your target machine's IP addres)

Enum

Nmap

I did a simple nmap scan on the server:

nmap -sCV -oN nmap-init.log $IP

-sCV is for using the default scripts and check for services version on the machine. -oN is to log the output of nmap into a file.

Postman CryptoburstCTF 2022 writeup

James S published on 2022-08-20

Postman - cryptoburst ctf 2022 writeups

we were given the image

first i tried searching for postman qr. Found no result. then, i tried reverse searching with google images. i found a similar images, from a website explaining types of barcode. https://www.dynamsoft.com/blog/insights/the-comprehensive-guide-to-1d-and-2d-barcodes/ the name of the barcodes are MaxiCode. It was used by UPS so the name Postman makes sense. Now it just comes down to reading the qr. After some browsing i found an online tool for reading. https://products.conholdate.app/barcode/recognize/maxicode here’s the result:

Ook What Am I Looking At CryptoburstCTF 2022 writeup

James S published on 2022-08-20

Ook What Am I Looking At - cryptoburst ctf 2022

We were given the string

. . . . . . . . . . . . . . . . . . . . ! ? . ? . . . ? . . . . . . . ? . . . . . . . . . . . . . . . ? . . . . . . . . . . . . . . . . . . . . ? . ? . ? . ? . ! ! ? ! . ? . ? . ? ! ! ! ! ! ! ! . . ? . . . . . . . . . . . . . . . . . . . . . . ! . ! ! ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . . . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . . ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . ! . ! ! ! . . . . . . . . . . . ! . ? . ? . . . . . . . ! . ! ! ! . . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . ? ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . ? . ? . ! . . ? . ? . . . . . . ! . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . ? ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! ! ! . ? . ? . . . . . . . . . . . . . . . ! . . ? . ? . . . . . . . . . . . . ! . ? . ? . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . ? . ? ! ! ! . ! ! ! ! ! ! ! ! ! . ? . ? . ! . . ? . . ! . ! ! ! . . . . . . . ! . ? . ! . . ? . ? . . . . . . . . . . . . . . . . ! . ? . ! ! ! ! ! ! ! . . ? ! ! ! ! ! ! ! ! ! . ? . ? . ! . . ? . . . . . . . . . . . . . . . . ! . . ? . . ! . ? . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . ? . . . . . . . . . . . . . . . . . . ! . . ? ! ! ! ! ! ! ! ! ! . . ? ! ! ! ! ! . ? . ! . ? . ? . . . . . . . . . . . . . . . ! . . ? . ? . ? . . ! . ? . ? . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . ? . ? . ? . . . . . . . . . . . . ! . ? . . . . . . . . . . . . . . . . . . . . . ! . . ? ! ! ! ! ! ! ! ! ! . ? . . . . . . . ! . ? . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . ? . ? ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . ! . ? . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . . ? . . . . . . . . . . . . . . . . . . ! . ! ! ! . . . ! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . ? . ? . . . . . . . . . . . . ! . ? . . . . . . . . . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . . . . . . . . . . . . . . . . . ! . . . . . ! . . ? ! ! ! ! ! ! ! ! ! ! ! . ? . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! ! ! ! ! . . ? ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! . ? . . . . . . . . . . . . . ! . ! ! ! ! ! ! ! ! ! ! ! ! ! . . ? ! . . . . . . . . . . . . . . . . . . . . . . . . . ! . ? . ! . . . . . . . . . . . . . . . ! . . . . . . . . . . . . . ! . ? . ! ! ! ! ! ! ! ! ! ! ! ! ! . . ? ! ! ! ! ! ! ! ! ! ! ! . . ? . . . . . . . . ! .

The first thing i notice is the name challenge. Ook were out of its place. i tried searching Ook Chipher but i found none.

Tadpole CorCTF 2022 writeup

James S published on 2022-08-06

Tadpole corctf 2022 writeups

we were given two files

file 1: tadpole.py

from Crypto.Util.number import bytes_to_long, isPrime
from secrets import randbelow

p = bytes_to_long(open("flag.txt", "rb").read())
assert isPrime(p)

a = randbelow(p)
b = randbelow(p)

def f(s):
    return (a * s + b) % p

print("a = ", a)
print("b = ", b)
print("f(31337) = ", f(31337))
print("f(f(31337)) = ", f(f(31337)))

file 2: output.txt

a =  7904681699700731398014734140051852539595806699214201704996640156917030632322659247608208994194840235514587046537148300460058962186080655943804500265088604049870276334033409850015651340974377752209566343260236095126079946537115705967909011471361527517536608234561184232228641232031445095605905800675590040729
b =  16276123569406561065481657801212560821090379741833362117064628294630146690975007397274564762071994252430611109538448562330994891595998956302505598671868738461167036849263008183930906881997588494441620076078667417828837239330797541019054284027314592321358909551790371565447129285494856611848340083448507929914
f(31337) =  52926479498929750044944450970022719277159248911867759992013481774911823190312079157541825423250020665153531167070545276398175787563829542933394906173782217836783565154742242903537987641141610732290449825336292689379131350316072955262065808081711030055841841406454441280215520187695501682433223390854051207100
f(f(31337)) =  65547980822717919074991147621216627925232640728803041128894527143789172030203362875900831296779973655308791371486165705460914922484808659375299900737148358509883361622225046840011907835671004704947767016613458301891561318029714351016012481309583866288472491239769813776978841785764693181622804797533665463949

Understanding tadpole.py

I’ll try understanding the code line by line.