COMP2633 Fall 2024 Week 6B Homework Hints

# COMP2633 Fall 2024 Week 6B Homework Hints ## Homework 6-Bi: AES-UWU 1. Read through the code, draw an image of the encryption (and decryption) so that you can visualize the cipher. Some examples of the images are here for your reference. ![Block cipher mode of operations](https://hackmd.io/_uploads/BJ5DOMqxJe.png) Particularly, you may want to refer to the modes that we have discussed, like CBC mode. ![CBC](https://hackmd.io/_uploads/H1PZtf5gke.png) 2. Read through the code again, find out what the decrypt function is doing. Is it really decrypting the ciphertext? What information do you get from the decrypt function? How can you exploit this information? 3. If you find this challenge too difficult, maybe you can solve an easier version of this challenge before attempting this. For example, you can remove the payload length restriction and reused iv restriction and the PoW. After you have solved the easier version, gradually add the restrictions and think about how to bypass them. 4. If you somehow got stuck in the PoW, you can refer to Homework 2-3 and 2-4. Probably something there may be able to help you with that. 5. Solve the challenge locally before connecting to the remote server. Trust me, you will be less painful if you do this. If you can do it locally but not remotely, think about the reason why that happens. Are there anything in the slides that may help you solve the issue? 6. The challenge author is here to help. 7. The challenge author has found something in his trash can... ![AES-UWU](https://hackmd.io/_uploads/H1V1hDGZJx.png) ## Homework 6-Bii: Absurd/Double Encryption Scheme 1. This slide may help. ![Slides](https://hackmd.io/_uploads/Bky_6Mqekg.png) 2. Is 3DES 3 times secure compared with DES? What exactly does it mean 3 times secure? Why is there 3DES in the first place? Is there some vulnerability that DES have but 3DES does not have? What are the vulnerabilities of DES then? 3. From the previous point, why people are using 3DES but not just 2? 4. Are there any misconfiguration in the cipher? Or is the program leaking something that it is not supposed to leak? How does this help you? 5. Same as homework 6-Bi, maybe drawing an image of the cipher helps. What exactly is the encrypt function doing? And how does `__init__` affect the encryption? 6. Do you remember how many bits does a DES key have? Do you find anything strange related to this in the code? If so, why is this the case? You may also try something locally to find out some behaviors of the program. 7. The encrypted flag is given to you at the very end of the program. That means you cannot change your payload according to the encrypted flag. In other words, you have to decrypt whatever ciphertext that is given to you at the end. 8. If your code takes a very long time, like more than an hour to run. Then you have something more you can do. If you can't find anything to optimize, try to solve the challenge outside virtual machines. 9. Again, the challenge author is here to help. Good luck and try harder in the homework. ![Bad CTF Bingo](https://hackmd.io/_uploads/SJ5DMm9eyl.png)