[NACTF2019] — Writeup
Writeup for NACTF 2019 by Nicholas.
I’m going to explain my writeup for some challenges that I have done in this year NACTF 2019.
Crypto: Randomizer #2: BBOB — 625 point
On this challenge, we were given a file called class-randomizer-2.c which contain a code that could generate a pseudorandom. In order to get the flag, we need to guess 10 random number correctly. Reading on the challenge description, there is a clue that the pseudorandom algorithm is Middle Square Weyl Sequence PRNG. After googling on how do this PRNG works, I found that this Weyl PRNG has vulnerability, and I start to making my payload.
Basically, what did I do was implement this attack explanation on Python. I use the z3-solver to help me solving the equations and getting the a, b, c, and d value. After we got the a, b, c, and d, that means we could get the x and w value, and we could guess the pseudorandom sequence.
Here is my fullscript:
Screenshot of the script running:
Flag: nactf{w3yl_w3yl_w3yl_h0w_th3_turnt4bl3s}Crypto: Reversible Sneaky Algorithm #2 — 350 point
We were given a file called are_you_shor.txt and shor.py that contains the encryption method. The challenge description give us an equation a^r ≡ 1 (mod n). Because the txt file called shor, I try to search it and found that Shor’s Algorithm is a quantum computer algorithm for integer factorization. Reading through the article of the wikipedia, turns out that we could get the factor of n if we have a and r value. GCD(pow(a, r/2, n)-1, n) result will be one of the n factor.
Here is the script that I used to solve this challenge. Notice that I create my own Key class for the PKCS1_OAEP key because I got an error when I try to generate the key using the pycrpto library.
Flag: nactf{d0wn_wi7h_7h3_0lig4rchy}Crypto: Randomizer: Board Problem #1–300 point
Here we go again with the randomizer challenge. We need to guess 4 number to get the flag. Examining the code, we could see that the nextRand() function return the first four digit of our targeted seed.
Okay, so basically, we could deduce that the seed length will be 16, the seed is square number (seed *= seed), and we could get the first four digit of the seed. In order to get the seed, we could connect to the service, request for a new random number for 2–3 times, and we try to guess the seed.
On the first request, we will get the first four digit, and generate all number which length is 16, square number, and have the same first four digit. We will get many numbers, and to narrow down, we just need to request for a new random number on the service.
After that, we only need to set the current seed by the possibilities of seeds that we generate before, and then generate the random number using nextRand() function. If the generated number is same with the number that we got from the service, that means we found the service seed. Repeat this step until the possibilities seed narrow down to only one seed. After getting the correct seed, you will be able to guess the number correctly, and you will get the flag.
Flag: nactf{th3_b35t_pr3d1ct0r_0f_fu7ur3_b3h4v10r_15_p4st_b3h4v10r}Crypto: Reversible Sneaky Algorithm #1 — 275 point
We were given only the n, e, and c value. But on the challenge description, it says that the flag is only 4 characters. Because of that small space, we could just bruteforce the flag and compare it encrypted value with then given c.
Flag: nactf{pkcs}Words from Author
The NACTF Crypto Challenge is pretty fun for me, especially the randomizer #2. I really enjoy working on that randomizer challenge. I will try to add the writeup for the other challenge if I have the time.
