[writeup] add crypto & re (part)

Author: onealmond

README.md

@@ -3,14 +3,14 @@
 
 ### Reverse Engineering
 
-- _HeroCTF 2021_
-	- [Kernel Module #3](heroctf-2021/kernel-module-3/writeup.md)
-	- [Kernel Module #2](heroctf-2021/kernel-module-2/writeup.md)
-	- [Kernel Module #1](heroctf-2021/kernel-module-1/writeup.md)
-	- [Win But Twisted](heroctf-2021/win-but-twisted/writeup.md)
-	- [H4XOR](heroctf-2021/h4XOR/writeup.md)
-	- [JNI](heroctf-2021/JNI/writeup.md)
-	- [sELF Control](heroctf-2021/self-control/writeup.md)
+- _HeroCTF V3_
+	- [Kernel Module #3](heroctf-v3/kernel-module-3/writeup.md)
+	- [Kernel Module #2](heroctf-v3/kernel-module-2/writeup.md)
+	- [Kernel Module #1](heroctf-v3/kernel-module-1/writeup.md)
+	- [Win But Twisted](heroctf-v3/win-but-twisted/writeup.md)
+	- [H4XOR](heroctf-v3/h4XOR/writeup.md)
+	- [JNI](heroctf-v3/JNI/writeup.md)
+	- [sELF Control](heroctf-v3/self-control/writeup.md)
 
 - _GLSC CTF 2021_
   - [Collisions](glsc-ctf-2021/collisions/writeup.md)
@@ -41,6 +41,8 @@
   - [Dialtone](google-ctf-2019/dialtone/writeup.md)
 
 - _CTFLearn_
+  - [Rotterdam](ctflearn/rotterdam/writeup.md)
+  - [Jumper](ctflearn/jumper/writeup.md)
   - [Rangoon](ctflearn/rangoon/writeup.md)
   - [Ramada](ctflearn/ramada/writeup.md)
   - [Recklinghausen](ctflearn/recklinghausen/writeup.md)
@@ -75,11 +77,11 @@
 
 ### Web
 
-- _HeroCTF 2021_
-	- [You Should Die](heroctf-2021/you-should-die/writeup.md)
-	- [Transfer](heroctf-2021/transfer/writeup.md)
-	- [PwnQL #2](heroctf-2021/pwnQL-2/writeup.md)
-	- [PwnQL #1](heroctf-2021/pwnQL-1/writeup.md)
+- _HeroCTF V3_
+	- [You Should Die](heroctf-v3/you-should-die/writeup.md)
+	- [Transfer](heroctf-v3/transfer/writeup.md)
+	- [PwnQL #2](heroctf-v3/pwnQL-2/writeup.md)
+	- [PwnQL #1](heroctf-v3/pwnQL-1/writeup.md)
 
 - _GLSC CTF 2021_
   - [MR. Roboto](glsc-ctf-2021/mr.roboto/writeup.md)
@@ -114,6 +116,12 @@
 
 ### Crypto
 
+- _CTFLearn_
+  - [AlexCTF CR2 Many Time Secrets](ctflearn/alexctf-cr2-many-time-secrets/writeup.md)
+  - [RSA Beginner](ctflearn/rsa-beginner/decrypt.py)
+  - [RSA Noob](ctflearn/rsa-noob/decrypt.py)
+  - [Substitution](ctflearn/substitution-cipher/substitution.py)
+
 - _Google CTF 2019_
   - [Cryptoqkd](google-ctf-2019/cryptoqkd.web.ctfcompetition.com/post.py)
 

ctflearn/alexctf-cr2-many-time-secrets/decrypt.py

@@ -0,0 +1,90 @@
+import string
+
+msg = []
+
+with open('msg', 'r') as fd:
+    buf = fd.readlines()
+    print('len of one line', len(buf[0].strip()))
+    msg = ''.join([l.strip() for l in buf])
+
+msg = [int(msg[i:i+2], 16) for i in range(0, len(msg), 2)]
+prefix = "ALEXCTF{"
+
+plain = [chr(msg[i] ^ ord(prefix[i])) for i in range(len(prefix))]
+print(''.join(plain))
+
+# Guess the plain starts with "Dear Friend"
+plain = ''.join(plain) + "end"
+print(plain)
+
+prefix = ''.join(map(chr, [msg[i] ^ ord(plain[i]) for i in range(len(plain))]))
+print(prefix)
+
+# Guess flag starts with "ALEXFLAG{HERE_"
+prefix += "E_"
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i]) for i in range(len(prefix))]))
+print(plain)
+
+# Found some meaningful words in partially decoded message
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i%len(prefix)]) for i in range(len(msg))]))
+print(plain)
+
+i = plain.find('nderstood')
+plain = plain[:i-1] + 'u' + plain[i:]
+i = plain.find('sed', i)
+plain = plain[:i-1] + 'u' + plain[i:]
+i = plain.find('time ', i)
+plain = plain[:i+5] + 'padding' + plain[i+5+7:]
+i = plain.find("kcz", i)
+plain = plain[:i] + 'key' + plain[i+3:]
+i = plain.find("gree", i)
+plain = plain[:i-1] + 'a' + plain[i:]
+i = plain.find("ncryption", i)
+plain = plain[:i-1] + 'e' + plain[i:]
+i = plain.find("schcne", i)
+plain = plain[:i] + 'scheme' + plain[i+6:]
+print(plain)
+
+prefix = ''.join(map(chr, [msg[i] ^ ord(plain[i]) for i in range(len(plain))]))
+print("== with modified plain text")
+print(prefix)
+
+# Now we know the flag starts with "ALEXCTF{HERE_GOES_"
+# and the plain text becomes "Dear Friend, This "
+prefix = "ALEXCTF{HERE_GOES_"
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i%len(prefix)]) for i in range(len(msg))]))
+print("== with prefix:", prefix)
+print(plain)
+
+# Got more words by guessing "THE_FLAG", but still not completely right
+prefix = prefix + "THE_FLAG"
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i%len(prefix)]) for i in range(len(msg))]))
+print("== with prefix:", prefix)
+print(plain)
+
+i = plain.find("-@8O")
+plain = plain[:i] + " I u" + plain[i+4:]
+i = plain.find("encry", i)
+plain = plain[:i+5] + "ption" + plain[i+5+5:]
+i = plain.find("-d}Nhod", i)
+plain = plain[:i] + " method" + plain[i+7:]
+i = plain.find("cracfl", i)
+plain = plain[:i+4] + "ked " + plain[i+4+4:]
+i = plain.find("kepy", i)
+plain = plain[:i+3] + "t secure" + plain[i+3+8:]
+i = plain.find("yb|8[", i)
+plain = plain[:i] + "you a" + plain[i+5:]
+i = plain.find("thdz8_n", i)
+plain = plain[:i] + "this e" + plain[i+6:]
+plain = plain[:-1] + "s"
+print(plain)
+
+prefix = ''.join(map(chr, [msg[i] ^ ord(plain[i]) for i in range(len(plain))]))
+print("== with modified plain text")
+print(prefix)
+
+# now we know the flag is "ALEXCTF{HERE_GOES_THE_KEY}", test again
+prefix = "ALEXCTF{HERE_GOES_THE_KEY}"
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i%len(prefix)]) for i in range(len(msg))]))
+print("== with prefix:", prefix)
+print(plain)

ctflearn/alexctf-cr2-many-time-secrets/writeup.md

@@ -0,0 +1,104 @@
+
+As the key is partially known, the prefix *"ALEXCTF{"*, we shall be able to get part of the plain text by xor it with the cipher text. 
+
+```python
+plain = [chr(msg[i] ^ ord(prefix[i])) for i in range(len(prefix))]
+print(''.join(plain))
+```
+
+The decoded text is *"Dear Fri"*, guessed the plain text starts with *"Dear Friend"*. Decrypt key with it we got *"ALEXFLAG{HER"*.
+
+```python
+prefix = ''.join(map(chr, [msg[i] ^ ord(plain[i]) for i in range(len(plain))]))
+```
+
+Guessed the following characters are "E_", so the decrypted key became *"ALEXFLAG{HERE_"*. So the plain text starts with *"Dear Friend, "*. Tried to decrypt the whole plain text with it, we found some meaningful words in partially decoded plain text.
+
+```python
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i%len(prefix)]) for i in range(len(msg))]))
+print(plain)
+```
+
+```bash
+Dear Friend, Rkix<tgSr.^<Wnderstood my kjs}kkv`s<Wsed One time vbd+ynmLn~cuMn scheme, I hcbro<tf_c.~his the only eh`rrltgQy.zyVhod that is mgwhnqazWto{p[ proven to be&mo<c|_terxever if the kcz bo e[gz7oGcure, Let Me mmo|<ihnab<Cgree with me rl ~oe.Jgd<Gncryption schcne+}ly_n}9
+```
+
+Tried to fix some understanable words and decode the key with it.
+
+```python
+i = plain.find('nderstood')
+plain = plain[:i-1] + 'u' + plain[i:]
+i = plain.find('sed', i)
+plain = plain[:i-1] + 'u' + plain[i:]
+i = plain.find('time ', i)
+plain = plain[:i+5] + 'padding' + plain[i+5+7:]
+i = plain.find("kcz", i)
+plain = plain[:i] + 'key' + plain[i+3:]
+i = plain.find("gree", i)
+plain = plain[:i-1] + 'a' + plain[i:]
+i = plain.find("ncryption", i)
+plain = plain[:i-1] + 'e' + plain[i:]
+i = plain.find("schcne", i)
+plain = plain[:i] + 'scheme' + plain[i+6:]
+print(plain)
+
+prefix = ''.join(map(chr, [msg[i] ^ ord(plain[i]) for i in range(len(plain))]))
+print(prefix)
+```
+
+In the output, we can find the next word of key *"GOES"*, so now the decrypted key became *"ALEXCTF{HERE_GOES"*.
+
+```bash
+Dear Friend, Rkix<tgSr.^<understood my kjs}kkv`s<used One time paddingLn~cuMn scheme, I hcbro<tf_c.~his the only eh`rrltgQy.zyVhod that is mgwhnqazWto{p[ proven to be&mo<c|_terxever if the key bo e[gz7oGcure, Let Me mmo|<ihnab<agree with me rl ~oe.Jgd<encryption scheme+}ly_n}9
+ALEXCTF{HERE_ALEXCTF{HERE}ALEXCTF{HERE_ALEXCTF{HERE}ALEXCTF{HERE_GOESTL{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE_GOEXCTF{HERE_ALEXCTF{HERE_ALEXCTF{HERE}ALEXCTF{HERE_ALEXCTF{HERE}ALEXCTF{HERE_GOEXCTF{HER
+```
+
+We are looking for flag, so could it be *"HERE_GOES_THE_FLAG"*? The decoded text is different, still not done yet, but we can see some more meaningful words.
+
+```bash
+Dear Friend, This time-@8Onderstood my mistake acm8Osed One time pad encry}}qUn scheme, I heard that-`lis the only encryption-d}Nhod that is mathematicletC proven to be not cracfl|ever if the key is kepy)k_cure, Let Me know if yb|8[gree with me to use thdz8_ncryption scheme alway~'
+```
+
+Tried to fix some of them and decode the key.
+
+```python
+i = plain.find("-@8O")
+plain = plain[:i] + " I u" + plain[i+4:]
+i = plain.find("encry", i)
+plain = plain[:i+5] + "ption" + plain[i+5+5:]
+i = plain.find("-d}Nhod", i)
+plain = plain[:i] + " method" + plain[i+7:]
+i = plain.find("cracfl", i)
+plain = plain[:i+4] + "ked " + plain[i+4+4:]
+i = plain.find("kepy", i)
+plain = plain[:i+3] + "t secure" + plain[i+3+8:]
+i = plain.find("yb|8[", i)
+plain = plain[:i] + "you a" + plain[i+5:]
+i = plain.find("thdz8_n", i)
+plain = plain[:i] + "this e" + plain[i+6:]
+plain = plain[:-1] + "s"
+print(plain)
+
+prefix = ''.join(map(chr, [msg[i] ^ ord(plain[i]) for i in range(len(plain))]))
+print(prefix)
+```
+
+Now we could identitfy the flag *"ALEXCTF{HERE_GOES_THE_KEY}"*.
+
+```bash
+ALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_FLAGALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_FLAGALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_FLAGALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_KEY}ALEXCTF{HERE_GOES_THE_F
+```
+
+Verified the key by decrypt the whold cipher text with it.
+
+```python
+prefix = "ALEXCTF{HERE_GOES_THE_KEY}"
+plain = ''.join(map(chr, [msg[i] ^ ord(prefix[i%len(prefix)]) for i in range(len(msg))]))
+print(plain)
+```
+
+Here is the plain text and the above is the right key, also the flag.
+
+```bash
+Dear Friend, This time I understood my mistake and used One time pad encryption scheme, I heard that it is the only encryption method that is mathematically proven to be not cracked ever if the key is kept secure, Let Me know if you agree with me to use this encryption scheme always.
+```

ctflearn/bangalore-assembler-chall/decode.c

@@ -0,0 +1,72 @@
+#include <stdio.h>
+
+unsigned long vals1[30] = {0x00014c4c5e, 0x005130720c, 0x003e87df91, 0x00340ccb70, 0x00676fa321, \
+            0x002aa1a2a0, 0x005165565c, 0x0005526445, 0x006a480682, 0x0033dfa545, \
+            0x004c88ea19, 0x0073255b4e, 0x0074c67bfe, 0x0052f90324, 0x006f44e5df, \
+            0x001435d143, 0x0066d75377, 0x0035b86969, 0x000448dc19, 0x000c13eaf7, \
+            0x0015fedd23, 0x00422b655c, 0x0061ef012d, 0x000fd42ba5, 0x002ca8f2c9, \
+            0x00054b8249, 0x006dc2f69d, 0x0076ba54d5, 0x0068e371c0, 0x001551247c
+}; 
+unsigned long vals2[30] = {0x0002f21618, 0x00577d3f68, 0x000c838fda, 0x0068e5cdc4, 0x006314b34d, \
+            0x007a193245, 0x0009525af6, 0x0031a96ada, 0x0056957557, 0x0001610dfe, \
+            0x002e59bcbf, 0x002051fae0, 0x0068b5e038, 0x0031f0fadb, 0x004160e7a4, \
+            0x006e7ff823, 0x006130cd85, 0x0063a55548, 0x007a88b47f, 0x000938111f, \
+            0x006b16ee35, 0x0078cb6446, 0x0016cab7a1, 0x001e9a7cd6, 0x0027f24b7f, \
+            0x004a9f28e9, 0x00029c5bf9, 0x000ee5248e, 0x007e91a8b2, 0x006add9c6a
+}; 
+unsigned long vals3[30] = {0x0053d9c12d, 0x007e4f6f47, 0x0056084aad, 0x0053ce10aa, 0x00349ef85d, \
+            0x007a19aaaa, 0x001e102afb, 0x005f71a2af, 0x005a6edb6c, 0x0021ca6074, \
+            0x000de96e1d, 0x006def4121, 0x00626b818b, 0x0071f7f9f7, 0x0064c5dc07, \
+            0x005c41e208, 0x003934170c, 0x0043ffab5b, 0x006aa9e600, 0x0070f44639, \
+            0x0072f4fbbb, 0x0034b15564, 0x0055f40b0a, 0x00146e2173, 0x004c244136, \
+            0x003d5f0e6a, 0x005b745413, 0x0074b3a37f, 0x0048669939, 0x0048659c9f
+}; 
+unsigned long vals4[30] = {0x0051095f4d, 0x000bd6fed3, 0x0021d06bec, 0x0068a2be66, 0x0065b4db28, \
+            0x00523e80b2, 0x00151e2877, 0x007b25fbce, 0x001c3f1002, 0x005f3de306, \
+            0x005190a5b8, 0x00141e6c1e, 0x0046f23ce0, 0x0002fd6107, 0x0005340b05, \
+            0x0032e8d951, 0x0031aae0ef, 0x00721b2012, 0x0027b2da28, 0x0053c349bb, \
+            0x002580f1e2, 0x001a0fb431, 0x00147d67e6, 0x0024ee0a0e, 0x003dd7b640, \
+            0x0034f01b4d, 0x003d60a616, 0x007f05ad3c, 0x000b8b10dd, 0x007064f0ad
+};
+unsigned long flag [30] = {0x00a8f10265, 0x00e2b9dd5a, 0x003ed39108, 0x0137df46b0, 0x0163cf89f4, \
+            0x0130e2005e, 0x0059c5c456, 0x00e4b06978, 0x00b6f2b73e, 0x0073c8b677, \
+            0x00c89c6ede, 0x0112b6833f, 0x01060a173a, 0x00f81b68de, 0x00d9941c55, \
+            0x0111dd04a2, 0x0122e71875, 0x014cbd3551, 0x003c2b50ed, 0x00b98307b9, \
+            0x0119622208, 0x00a8575118, 0x0041cb19f0, 0x005eee93e0, 0x0056973551, \
+            0x00a7a5c099, 0x00688bacfc, 0x017032876f, 0x00ba9e9447, 0x0138b04da1
+};
+
+unsigned long step1(int i) {
+  unsigned long a = vals4[i];
+  unsigned long b = flag[i];
+  return b - a;
+}
+
+unsigned long step2(int i, unsigned long c) {
+  unsigned long a = vals3[i];
+  return a ^ c;
+}
+
+unsigned long step3(int i, unsigned long c) {
+  unsigned long a = vals2[i];
+  return c - a;
+}
+
+unsigned long step4(int i, unsigned long c) {
+  unsigned long a = vals1[i];
+  return c ^ a;
+}
+
+int main() {
+  unsigned long res;
+  unsigned long flag[30] = {0};
+
+  for (int i = 0; i < 30; i++) {
+    res = step1(i);
+    res = step2(i, res);
+    res = step3(i, res);
+    res = step4(i, res);
+    flag[i] = res % 256;
+    printf("%c", flag[i]);
+  }
+}

ctflearn/bruXOR/decrypt.py

@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+
+s = "q{vpln'bH_varHuebcrqxetrHOXEj"
+output = []
+
+for c in range(256):
+    output.append([])
+    for i in range(len(s)):
+        a = ord(s[i]) ^ c
+        if (a >= ord('a') and a <= ord('z')) or\
+           (a >= ord('A') and a <= ord('Z')) or\
+           (a >= ord('0') and a <= ord('9')) or\
+           a == ord('_') or a == ord('{') or a == ord('}') or a == ord('@'):
+           output[-1].append(chr(a))
+    if output[-1] and output[-1][-1] == '}':
+        print(chr(c), ''.join(output[-1]))

ctflearn/jumper/writeup.md

@@ -0,0 +1,29 @@
+
+We were asked to find out where does it jump to from *0x80484e2*. The destination is stored in register *eax*.
+
+```asm
+ 80484df:       8b 45 f0                mov    -0x10(%ebp),%eax
+ 80484e2:       ff d0                   call   *%eax <--- What address does this jump to??
+```
+
+Look back a few lines, there was a ``fgets`` call to get user input and the value is stored in *eax*. When user input is *jump*, ``fgets`` reads only 4 bytes, the last byte is set to *"\x00"* for end of string, therefore, in register *eax* the value is *006d756a* for string *"
+jum\x00"*.
+
+```asm
+ 80484b4:       50                      push   %eax
+ 80484b5:       6a 04                   push   $0x4
+ 80484b7:       8d 45 f0                lea    -0x10(%ebp),%eax
+ 80484ba:       50                      push   %eax
+ 80484bb:       e8 80 fe ff ff          call   8048340 <fgets@plt>
+```
+
+The coming loop increaments value in *eax* by 5 for 8 times, so when it quit the loop, *eax* became *0x006d756a+40*, which is the flag *0x6d7592* without leading zeros.
+
+```asm
+ 80484cc:       8b 45 f0                mov    -0x10(%ebp),%eax
+ 80484cf:       83 c0 05                add    $0x5,%eax
+ 80484d2:       89 45 f0                mov    %eax,-0x10(%ebp)
+ 80484d5:       83 45 f4 01             addl   $0x1,-0xc(%ebp)
+ 80484d9:       83 7d f4 07             cmpl   $0x7,-0xc(%ebp)
+ 80484dd:       7e ed                   jle    80484cc <jump+0x3d>
+```

ctflearn/re-verse-dis/find_passwd.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+def bytes_to_array(dat, sz):
+    dat = dat.split()
+    arr = []
+    for i in range(0, len(dat), sz):
+        arr.append(int(''.join(reversed(dat[i:i+sz])), 16))
+    return arr
+
+key = "IdontKnowWhatsGoingOn"
+s = "08 00 00 00 06 00 00 00 2c 00 00 00 3a 00 00 00 32 00 00 00 30 00 00 00 1c 00 00 00 5c 00 00 00 01 00 00 00 32 00 00 00 1a 00 00 00 12 00 00 00 45 00 00 00 1d 00 00 00 20 00 00 00 30 00 00 00 0d 00 00 00 1b 00 00 00 03 00 00 00 7c 00 00 00 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
+s = bytes_to_array(s, 4)
+pw = []
+
+for i in range(len(key)):
+    pw.append(ord(key[i]) ^ s[i])
+print(''.join(map(chr, pw)))
+