# BSides Algiers 2023
# Crypto
## Broken_Base64
Challenge cho đoạn ciphertext `lbGxtYXRlc3tZMHVfaDRWM183MF91TmQzcjV0NG5EX0gwd19CNDUzNjRfdzBSazV9` ở dạng base64 nhưng bị thiếu
Vì format flag là shellmates{...} khi encode b64 "shellmates{" ta được `c2hlbGxtYXRlc3t` . Ciphertext thiếu 3 byte `c2h` khi kết hợp lại và decode thu được flag
Flag: `shellmates{Y0u_h4V3_70_uNd3r5t4nD_H0w_B45364_w0Rk5}`
## SRNG
Challenge cho file [challenge.py](https://bsides.shellmates.club/files/35651fe695ac5f30746e416ed5302789/challenge.py?token=eyJ1c2VyX2lkIjoxMDksInRlYW1faWQiOjYzLCJmaWxlX2lkIjo5OX0.ZFlkyA.hrHI6nvHB7iHUVROZJyfIZghd5E)
```python!
#!/usr/bin/env python
from flag import FLAG
import time
class Spooder:
def __init__(self):
self.rand, self.i = int(time.time()), 2
self.generate_random()
def generate_random(self, m: int = 0x10ffff) -> int:
self.rand = pow(self.i, self.rand, m)
self.i = self.i + 1
return self.rand
def generate_padding(self, l: int = 0x101) -> str:
padding = ''
for i in range(self.generate_random(l)):
padding += chr(self.generate_random(0xd7fb))
return padding
spooder = Spooder()
def spooder_encryption(message: str) -> str:
pad = spooder.generate_padding()
message = ''.join([chr(ord(c) ^ spooder.generate_random(0xd7fb)) for c in message])
cipher = pad + message
return cipher
if __name__ == '__main__':
welcome = f'''
▗▄▖ ▗▄▄▖ ▗▄ ▗▖ ▄▄
▗▛▀▜ ▐▛▀▜▌▐█ ▐▌ █▀▀▌
▐▙ ▐▌ ▐▌▐▛▌▐▌▐▌
▜█▙ ▐███ ▐▌█▐▌▐▌▗▄▖
▜▌▐▌▝█▖▐▌▐▟▌▐▌▝▜▌
▐▄▄▟▘▐▌ ▐▌▐▌ █▌ █▄▟▌
▀▀▘ ▝▘ ▝▀▝▘ ▀▘ ▀▀
\n
This is not the RNG the world wants, and it's not the RNG the world need, but this is the RNG that the world gets.
Welcome to the Spooder Random Number Generator, or special random number generator.
It can generate random numbers like this: {', '.join([str(spooder.generate_random()) for _ in range(spooder.generate_random(121))])}.
It can also generate random strings like this: {spooder.generate_padding(53)}.
You can also use it to encrypt secrets like this: {spooder_encryption(FLAG).encode().hex()}.
Here is a free trial:
1. Generate random string.
2. Generate random number.
3. Encrypt.
'''
print(welcome)
tries = spooder.generate_random(7)
print(f'You have {tries} tries .')
for _ in reversed(range(tries)):
choice = input('Choose wisely:\n\t> ')
if choice == '1':
print(spooder.generate_padding(11))
elif choice == '2':
print(spooder.generate_random(101))
elif choice == '3':
print(spooder_encryption(input('what do you want to encrypt?\n\t> ')))
else:
exit(0)
```
Đọc qua source code mình thấy đây là 1 dạng sinh số ngẫu nhiên . Seed trong bài là time lấy từ hàm time()
```python!
self.rand, self.i = int(time.time()), 2
```
Với mỗi time seed sẽ cho 1 output khác nhau và cố định đối với mỗi giá trị time seed.
Ta chạy trên máy mình để lấy 1 giá trị time seed và output tương ứng và brute force flag
solve.py
```python!
import string
import time
class Spooder:
def __init__(self):
self.rand, self.i = 1683349692, 2
self.generate_random()
def generate_random(self, m: int = 0x10ffff) -> int:
self.rand = pow(self.i, self.rand, m)
self.i = self.i + 1
return self.rand
def generate_padding(self, l: int = 0x101) -> str:
padding = ''
for i in range(self.generate_random(l)):
padding += chr(self.generate_random(0xd7fb))
return padding
spooder = Spooder()
def spooder_encryption(message: str) -> str:
pad = spooder.generate_padding()
message = ''.join([chr(ord(c) ^ spooder.generate_random(0xd7fb)) for c in message])
cipher = pad + message
return cipher
cipher_flag = "e78c8fec8d85e6aa9de495a6e390bfe3a9beea8d80ea9986ed869debb5aee697b3e6adbee1bdbee99c9aed9e87ebb486eb99b7e6abb2e5baa9e380adec83afe9b59ee2a9bce3bf8eec9ea5e8b7b9e5adb4e793a3ed8d95e78bb1e3b9b1e99aa8e4b89eeaaea3e8b08fe194aaeabcbae0b1bee8a490eb8cafe595bee3a09ee3b2bae596a5e181bee7a1b9"
', '.join([str(spooder.generate_random()) for _ in range(spooder.generate_random(121))])
new = [cipher_flag[i:i+6] for i in range(0,len(cipher_flag),6)]
spooder.generate_padding(53)
pad = spooder.generate_padding()
flag = ''
for i in range(len(new)):
x = spooder.generate_random(0xd7fb)
for c in range(256):
if chr(c ^ x).encode().hex() == new[i]:
flag += chr(c)
print(flag)
```
Flag: `shellmates{5p00d3R_Fl4g_f0r_sPooDeR_cH4lL3nge}`
Sign in with Wallet
Connect another wallet