https://z3r0s6.github.io/tags/crypto/Recent content in Crypto on z3r0sHugoenSun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/challenges/crypto-aliens/Sun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/challenges/crypto-aliens/<h1 id="crypto-aliens-write-up"> Crypto Aliens Write-up <a class="heading-link" href="#crypto-aliens-write-up"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <h2 id="challenge-summary"> Challenge Summary <a class="heading-link" href="#challenge-summary"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>We are given a remote service and a local copy of the challenge logic in <code>server.py</code>.</p> <p>The service asks for a message, applies a custom padding routine, appends a similarly padded flag, and then encrypts the result with AES-ECB.</p> <p>At first glance this looks annoying rather than breakable, because:</p>https://z3r0s6.github.io/challenges/crypto-babyencryption/Sun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/challenges/crypto-babyencryption/<h1 id="baby-encryption"> Baby encryption <a class="heading-link" href="#baby-encryption"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <blockquote> <p><strong>You are after an organised crime group which is responsible for the illegal weapon market in your country. As a secret agent, you have infiltrated the group enough to be included in meetings with clients. During the last negotiation, you found one of the confidential messages for the customer. It contains crucial information about the delivery. Do you think you can decrypt it?</strong></p>https://z3r0s6.github.io/challenges/crypto-raining-primes/Sun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/challenges/crypto-raining-primes/<h1 id="raining-primes-write-up"> Raining Primes Write-up <a class="heading-link" href="#raining-primes-write-up"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <h2 id="summary"> Summary <a class="heading-link" href="#summary"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>The service mixes three ideas:</p> <ol> <li>Prime generation of the form <code>p = a*r + b</code></li> <li>A homomorphic-looking key update routine</li> <li>RSA encryption of an AES-encrypted flag</li> </ol> <p>The design breaks because the same hidden 640-bit prime <code>r</code> is reused everywhere:</p> <ul> <li>every prime returned by option <code>1</code></li> <li>both RSA primes</li> <li>the <code>update_key()</code> routine</li> </ul> <p>Once <code>r</code> is recovered, the rest of the scheme collapses:</p>https://z3r0s6.github.io/challenges/crypto-the-last-dance/Sun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/challenges/crypto-the-last-dance/<blockquote> <p>To be accepted into the upper class of the Berford Empire, you had to attend the annual Cha-Cha Ball at the High Court. Little did you know that among the many aristocrats invited, you would find a burned enemy spy. Your goal quickly became to capture him, which you succeeded in doing after putting something in his drink. Many hours passed in your agency's interrogation room, and you eventually learned important information about the enemy agency's secret communications. Can you use what you learned to decrypt the rest of the messages?</p>https://z3r0s6.github.io/challenges/crypto-twisted-entanglement/Sun, 10 May 2026 00:00:00 +0000https://z3r0s6.github.io/challenges/crypto-twisted-entanglement/<h1 id="twisted-entanglement-write-up"> Twisted Entanglement Write-Up <a class="heading-link" href="#twisted-entanglement-write-up"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <h2 id="target"> Target <a class="heading-link" href="#target"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <ul> <li>Host: <code>154.57.164.77:30486</code></li> <li>Flag: <code>HTB{Ek3rT_W4s_s000_b0R1nG_1N_1991_4nD_1_h4t3_Pr0b4b1l1Ty_s0_I_Us3_4_ECC_S33d!}</code></li> </ul> <h2 id="vulnerabilities"> Vulnerabilities <a class="heading-link" href="#vulnerabilities"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>The challenge has two independent weaknesses that chain together cleanly.</p> <h3 id="1-invalid-curve-scalar-multiplication"> 1. Invalid-curve scalar multiplication <a class="heading-link" href="#1-invalid-curve-scalar-multiplication"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>Menu option <code>1</code> accepts an arbitrary user point and computes:</p> <div class="highlight"><pre tabindex="0" style="color:#e6edf3;background-color:#0d1117;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-python" data-lang="python"><span style="display:flex;"><span>public_key <span style="color:#ff7b72;font-weight:bold">=</span> multiply(private_key, point, E) </span></span></code></pre></div><p>There is no validation that the input point lies on the original secp256k1 curve. The code only uses <code>a</code> and <code>p</code> inside the EC formulas, so any point on any curve of the form:</p>