Cryptoverse CTF 2023

Crypto

Warmup 1

Challenge cho ciphertext : GmvfHt8Kvq16282R6ej3o4A9Pp6MsN
ciphertext dùng rot13 và base58 để encode
Decode bằng cyberChef

Image Not Showing Possible Reasons

The image was uploaded to a note which you don't have access to
The note which the image was originally uploaded to has been deleted

Learn More →

Flag: cvctf{base58_with_rot}

Warmup 2

This cipher is invented by French cryptographer Felix Delastelle at the end of the 19th century.

Ciphertext: SCCGDSNFTXCOJPETGMDNG Hint: CTFISGODABEHJKLMNPQRUVWXY

Convert flag to lowercase. Add { and } to make it a valid flag format. No underscore is needed.

Với gợi ý challenge cho mình xác định được cipher tên là Bifid Cipher
Sau đó decode bằng dcoder

Image Not Showing Possible Reasons

The image was uploaded to a note which you don't have access to
The note which the image was originally uploaded to has been deleted

Learn More →

Format thành chữ thường
Flag : cvctf{funbifiddecoding}

Warmup 3

I designed a new substitution cipher! Since it's in Chinese, all online tools surely won't work.

女川弓彳己廾川马己马大川口川彳己广巛川巛飞马飞己广己辶彳巾山彐马己宀川巾口川彳马辶. 弓艹口马山川艹巾, 马川艹廾廾艹彐弓川屮艹彳己广辶巾己廾彳艹广艹巛艹女己广马大川彳己廾彐川马飞马飞己广屮山口己弓宀飞广寸艹弓弓彳大艹弓弓川广寸川口. 飞辶山己门门广巛川巾口马己己巛马大川艹屮己宀川彳大飞广川口川, 大川巾川飞口马大川辶弓艹寸: 彳宀彳马辶{飞广口川彳门巾川彳大广彳飞彐大川巾}. 口门屮廾飞马马大川辶弓艹寸飞广弓己女川巾彳艹口川.

Dùng một đoạn script chuyển các kí tự thành dạng chữ cái thu được một chuỗi mật mã thay thế

ciphertext = "女川弓彳己廾川 马己 马大川 口川彳己广巛 川巛飞马飞己广 己辶 彳巾山彐马己宀川巾口川 彳马辶. 弓艹口马 山川艹巾, 马川艹廾 廾艹彐弓川 屮艹彳己广 辶巾己廾 彳艹广艹巛艹 女己广 马大川 彳己廾彐川马飞马飞己广 屮山 口己弓宀飞广寸 艹弓弓 彳大艹弓弓川广寸川口. 飞辶 山己门 门广巛川巾口马己己巛 马大川 艹屮己宀川 彳大飞广川口川, 大川巾川 飞口 马大川 辶弓艹寸: 彳宀彳马辶{飞广口川彳门巾川彳大广彳飞彐大川巾}. 口门屮廾飞马 马大川 辶弓艹寸 飞广 弓己女川巾 彳艹口川."

# Define the substitution cipher mapping
substitution_map = {
    "女": "a", "川": "b", "弓": "c", "彳": "d", "己": "e", "廾": "f",
    "马": "g", "大": "h", "口": "i", "广": "j", "巛": "k", "飞": "l",
    "辶": "m", "艹": "n", "山": "o", "彐": "p", "宀": "q", "巾": "r",
    "屮": "s", "寸": "t", "门": "u", "彑": "v"
}

# Decode the ciphertext using the substitution cipher
plaintext = ""
for char in ciphertext:
    if char in substitution_map:
        plaintext += substitution_map[char]
    else:
        plaintext += char

print(plaintext)

abcdefb ge ghb ibdejk bklglej em dropgeqbrib dgm. cnig obnr, gbnf fnpcb sndej mref dnjnkn aej ghb defpbglglej so iecqljt ncc dhnccbjtbi. lm oeu ujkbrigeek ghb nseqb dhljbib, hbrb li ghb mcnt: dqdgm{ljibdurbdhjdlphbr}. iusflg ghb mcnt lj ceabr dnib.

Sau đó mình dùng quipqiup để solve

Image Not Showing Possible Reasons

The image was uploaded to a note which you don't have access to
The note which the image was originally uploaded to has been deleted

Learn More →

Flag: cvctf{insecurechncipher}

Baby AES

Challenge cho script

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from secret import flag

KEY_LEN = 2
BS = 16
key = pad(open("/dev/urandom","rb").read(KEY_LEN), BS)
iv =  open("/dev/urandom","rb").read(BS)

cipher = AES.new(key, AES.MODE_CBC, iv)
ct = cipher.encrypt(pad(flag, 16))

print(f"iv = {iv.hex()}")
print(f"ct = {ct.hex()}")

# Output:
# iv = 1df49bc50bc2432bd336b4609f2104f7
# ct = a40c6502436e3a21dd63c1553e4816967a75dfc0c7b90328f00af93f0094ed62

Vì key len chỉ có 2 byte nên ta có thể brute force
solve.py

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad

ciphertext = bytes.fromhex('a40c6502436e3a21dd63c1553e4816967a75dfc0c7b90328f00af93f0094ed62')
iv = bytes.fromhex('1df49bc50bc2432bd336b4609f2104f7')

for i in range(2 ** 16):
    key = i.to_bytes(2, byteorder='big')
    key = pad(key,16)
    cipher = AES.new(key, AES.MODE_CBC, iv)
    plaintext = cipher.decrypt(ciphertext)
    try:
        plaintext = plaintext.decode().rstrip('\x00')
        print(f"Key: {key.hex()}, Plaintext: {plaintext}")
    except:
        pass

Flag: cvctf{b4by_AES_s1mpL3}

Cryptoverse CTF 2023

Crypto

Warmup 1

Warmup 2

Warmup 3

Baby AES

Read more

DoxPit HackTheBox

Lỗ hổng leo thang đặc quyền Linux CVE-2024-1086

HackTheBox - ProxyAsAService

HackTheBox - RenderQuest