ctf tasks
The numbers are very rough (and necessarily subjective) difficulty estimates on a scale from 0 to 9.
Most of these are available in VMs packaged after the CTF to keep the challenges "running"; see here.
hxp CTF 2022
Date: 2023-03-10 16:00Z +48h.cryptography
- (9) the_swirl: exploit leakage from a botched NTT implementation to solve Ring‑LWE faster. files writeup
- (8) not_csidh: break a key exchange in an isogeny volcano of ordinary elliptic curves. files (pseudo)writeup
- (6) sequoa: break the "post‑quantum" signature scheme from ePrint 2023/318. files writeup
- (4) whistler: exploit leakage from a non‑CCA‑secure Ring‑LWE-based key exchange protocol. files writeup writeup
hxp CTF 2021
Date: 2021-12-17 15:00Z +48h.cryptography
- (8) f_cktoring: factor an RSA modulus made of numbers (x+1)²+123y² where x²+123y² is smooth. files writeup
- (6) infinity: recover the private key from a faulty CSIDH implementation in SageMath. files writeup writeup
- (6) zipfel: break a SPEKE-like protocol using a pairing test to bruteforce offline. files hint writeup
- (3) kipferl: break a SPEKE-like protocol using group theory and offline bruteforce. files writeup
- (2) gipfel: break a SPEKE-like protocol using (-1)² = 1 and offline bruteforce. files writeups
miscellaneous
hxp CTF 2020
Date: 2020-12-18 15:00Z +48h.cryptography
- (8) hyperhyper: break an RNG based on a special hyperelliptic curve (entire sequence). files writeup
- (5) hyper: break an RNG based on a special hyperelliptic curve (short subsequence). files writeup writeup
exploitation
- (8)
wisdom2:
get
root(local privilege escalation) in SerenityOS. files writeup writeup - (5) pfoten: exploit a world-(read|write)able swap file in Linux. files writeup writeup
reversing
hxp 36C3 CTF
Date: 2019-12-27 20:00Z +48h.cryptography
- (8) numb_theory: attack a textbook-RSA-like signature scheme in ℤ[x]/(n,x⁴-7). files writeup
- (4) dumb_theory: same as numb_theory, but modulo x³-7 instead of x⁴-7. files writeup
- (7) fortuna_hell: find a linear congruential generator whose output is printable shellcode. files writeup
- (3)
nacht:
break NaCl's
crypto_onetimeauthwith swapped key and message arguments. files writeups - (2) bacon: invert a homebrew hash function based on the Speck cipher. files writeups
exploitation
- (7)
wisdom:
get
root(local privilege escalation) in SerenityOS. files writeup - (5) sicher²: bypass the authentication in a custom HTTP server. files writeups
hxp CTF 2018
Date: 2018-12-07 12:00Z +48h.cryptography
- (6) blinder: solve DLP in a generic group using a CDH oracle (non-smooth case). files writeups
- (5) curve12833227: solve DLP on a singular Montgomery curve. files writeups
- (4) oops2: perform a plaintext-recovery attack on OCB2 [hint: 1,2]. files writeups
- (4) blind: solve DLP in a generic group using a CDH oracle (smooth case). files writeups
- (4)
uff:
exploit an API violation when using NaCl's
crypto_sign. files writeups - (2) daring: decrypt RSA with e=3, a short message, and a static padding scheme. files writeups
hxp CTF 2017
Date: 2017-11-17 12:00Z +48h.cryptography
- (9) categorical: find collisions for the CGL supersingular isogeny hash function. files writeup
- (7) notsosmart: crack RSA keys generated using a bad key generation algorithm. files solution
- (6) 4ES: break 4-round AES. files solution
- (3) flea: crack an RSA key given some leakage depending on the factors. files solution
- (2) ouchenticated: break a homebrew CRC-based message authentication code. files solution
TUMCTF 2016
Date: 2016-09-30 16:00Z +48h.cryptography
- (8) shaman: manipulate (badly) authenticated secret shares. files writeup
- (6) tacos: compute discrete logarithms modulo a "safe" prime. files writeup
- (6) ndis: perform the GCM nonce-reuse attack on TLS. writeup
- (4)
pythia:
exploit an API violation when using NaCl's
secret_box. files - (4) dream: inspired by the "Content Scrambling System". files
- (2) hiecss: break a hidden-elliptic-curve signature system. files writeup
exploitation
- (6) c_with_templates: embed printable shellcode into a constant string at compile time. files
reversing
- (5) lambda0xe: reverse-engineer obfuscated C++14 code. files