Add files via upload

cybermouflons · Apr 17, 2024 · 9bcdf36 · 9bcdf36
1 parent 1a34734
commit 9bcdf36
Show file tree

Hide file tree

Showing 6 changed files with 116 additions and 0 deletions.
diff --git a/crypto/Identity_Thief/public/main.sage b/crypto/Identity_Thief/public/main.sage
@@ -0,0 +1,28 @@
+from Cryptodome.Cipher import AES
+from Cryptodome.Util.Padding import pad
+from Cryptodome.Util.number import long_to_bytes
+from hashlib import sha256
+
+from secret import FLAG, p, a, b, k1, k2, k3, priv_a, priv_b
+
+F = GF(p)
+E = EllipticCurve(F, [a, b])
+G = E(p*k1, p*(k2 + 1/p), p*k3)
+
+A = G * priv_a
+B = G * priv_b
+
+C = priv_a * B
+
+assert C == priv_b * A
+
+# now use it as shared secret
+hash = sha256()
+hash.update(str(C).encode())
+
+key = hash.digest()[16:32]
+iv = b'Identity_Thief!!'
+cipher = AES.new(key, AES.MODE_CBC, iv)
+
+encrypted = cipher.encrypt(pad(FLAG, 16))
+print(encrypted)
diff --git a/crypto/Identity_Thief/public/output.txt b/crypto/Identity_Thief/public/output.txt
@@ -0,0 +1 @@
+b'\xe9\x81\xd9mA\x98\xa8\x06\x0beO\xe2\x9c\xae\x91\x0cF\xf9gx\xb7\x81S\xf6\xb8\xb2\xcb\xd0\x93\x82\x01N\x99ea\x9aq\x17J%\xa5\xcbQ\xee\x08\xe2\xdfWQ2}\x1c7\xc3\x94\x8d\xa5\x84\x18\xbf\xcdr>]'
diff --git a/crypto/Identity_Thief/readme.md b/crypto/Identity_Thief/readme.md
@@ -0,0 +1,19 @@
+# Identity Thief
+**Category**: Crypto
+
+**Author**: tratrafe2
+
+**Difficulty**: Easy/Medium
+
+## Description
+Someone stole our identity and every secret we had used! Luckily, we were able to retrieve some of the thief's code and output.
+
+## Solution
+<details>
+ <summary>Reveal Spoiler</summary>
+
+	ECC: The generation point G is the identity point (0,1,0) due to field p. Anything you multiply with it is just G.
+
+	Flag: "CCSC{Y0u_g0tt4_b3_c4r3fu11_wh3n_us1n9_f13ld_m4th3m4tics}
+
+</details>
diff --git a/crypto/Identity_Thief/setup (private)/main.sage b/crypto/Identity_Thief/setup (private)/main.sage
@@ -0,0 +1,28 @@
+from Cryptodome.Cipher import AES
+from Cryptodome.Util.Padding import pad
+from Cryptodome.Util.number import long_to_bytes
+from hashlib import sha256
+
+from secret import FLAG, p, a, b, k1, k2, k3, priv_a, priv_b
+
+F = GF(p)
+E = EllipticCurve(F, [a, b])
+G = E(p*k1, p*(k2 + 1/p), p*k3)
+
+A = G * priv_a
+B = G * priv_b
+
+C = priv_a * B
+
+assert C == priv_b * A
+
+# now use it as shared secret
+hash = sha256()
+hash.update(str(C).encode())
+
+key = hash.digest()[16:32]
+iv = b'Identity_Thief!!'
+cipher = AES.new(key, AES.MODE_CBC, iv)
+
+encrypted = cipher.encrypt(pad(FLAG, 16))
+print(encrypted)
diff --git a/crypto/Identity_Thief/setup (private)/secret.py b/crypto/Identity_Thief/setup (private)/secret.py
@@ -0,0 +1,14 @@
+#random_prime(2^501-1,True,2^500)
+
+p = 3544586586404839716743450700755350944190909210686380589492740375090828797943931786977485612415612241126715350705841238635553243797946762615264009871631
+a = 3953543544958166811696366964427228482995930471266002450746364121071360556818454005962209235490056449211960555846572445070567314982097521871448748081909
+b = 511889818633645242579501089977116334495142605752926795733202010949426290156293809013863748188012848119424288763205725288901325578121117166411916457969
+
+priv_a = 3410498175567482803715684868040412717215259145459056764741586718495108875403860404672582556871305209745159175833631276328960590887062400275070428157686540365576641446782704222805221
+priv_b = 3920760244978874160491367148105439133414528041114944597034280700207159400865552439761652653901059786361213504971710044453880781796793863189563820817941257438748448931876719429744549
+
+k1 = 3774582487189547942809034431038528909521256771106840746948111862640116158436355987320156538623424396021547295104614971406866370513616697094441564222461
+k2 = 5618275977427130317752193633447070675808642443193693236365218816716449193758875564838059283647903432721118657332076485437360681759908014397272058339311
+k3 = 6307576736314643829750354567477256166107445303742099591118401485926087450064769653388529639515973933440042038763437874108674141505216994665499783152799
+
+FLAG = b"CCSC{Y0u_g0tt4_b3_c4r3fu11_wh3n_us1n9_f13ld_m4th3m4tics}"
diff --git a/crypto/Identity_Thief/sol (private)/solve.sage b/crypto/Identity_Thief/sol (private)/solve.sage
@@ -0,0 +1,26 @@
+from Cryptodome.Cipher import AES
+from Cryptodome.Util.Padding import pad
+from Cryptodome.Util.number import long_to_bytes
+from hashlib import sha256
+
+# From given output:
+ciphertext = b'\xe9\x81\xd9mA\x98\xa8\x06\x0beO\xe2\x9c\xae\x91\x0cF\xf9gx\xb7\x81S\xf6\xb8\xb2\xcb\xd0\x93\x82\x01N\x99ea\x9aq\x17J%\xa5\xcbQ\xee\x08\xe2\xdfWQ2}\x1c7\xc3\x94\x8d\xa5\x84\x18\xbf\xcdr>]'
+
+# Assigned values that don't really matter:
+p = random_prime(2^101-1,True,2^100)
+a = 124124
+b = 789235692
+F = GF(p)
+E = EllipticCurve(F, [a, b])
+G = E(0, 1, 0)
+
+# now use it as shared secret
+hash = sha256()
+hash.update(str(G).encode())
+
+key = hash.digest()[16:32]
+iv = b'Identity_Thief!!'
+cipher = AES.new(key, AES.MODE_CBC, iv)
+
+flag = cipher.decrypt(ciphertext)
+print(flag)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		b'\xe9\x81\xd9mA\x98\xa8\x06\x0beO\xe2\x9c\xae\x91\x0cF\xf9gx\xb7\x81S\xf6\xb8\xb2\xcb\xd0\x93\x82\x01N\x99ea\x9aq\x17J%\xa5\xcbQ\xee\x08\xe2\xdfWQ2}\x1c7\xc3\x94\x8d\xa5\x84\x18\xbf\xcdr>]'