ctfs
  • 👋Hello!
  • 🏴Practice
    • 🌐Cryptohack
      • Introduction
      • General
        • Encoding
        • XOR
        • Mathematics
        • Data Formats
      • Symmetric Ciphers
        • How AES Works
        • Symmetric Starter
        • Block Ciphers 1
        • Stream Ciphers
      • Mathematics
        • Modular Math
        • Lattices
      • RSA
        • Starter
        • Primes Part 1
        • Public Exponent
    • 🌐PortSwigger
      • Path Traversal
      • File Upload
      • SSRF Attacks
    • 🌐TryHackMe
      • Basic Skills
      • Linux
      • Penetration Testing
      • Networking
      • OSINT
  • 🚩Competitions
    • 2025
      • 🇮🇩GKSK#9 Osintathon
        • Mudik Lebaran (100 pts)
        • Foto Patung (100 pts)
        • Kolektor Komik (100 pts)
        • Tolong Aku (100 pts)
        • Kencan Pertama (100 pts)
        • Nama Si Pelaku (100 pts)
        • Cekidot (100 pts)
        • Ledakan! (100 pts)
        • 🎹🎶 (100 pts)
        • Batu Besar (100 pts)
        • Komentar (100 pts)
        • Ini dimana? (100 pts)
        • Koordinat Foto Misterius (100 pts)
        • Bianglalaaa (100 pts)
        • Aku Hacker (100 pts)
        • Anjazzz (100 pts)
        • Dikirim Kakakku (129 pts)
        • Ingfo Loker (154 pts)
        • MISSING 00 (100 pts)
        • MISSING 01 (154 pts)
        • Siapa Aku? (154 pts)
      • 🇮🇩IFEST 13
        • Ququerer (250 pts)
        • Silent Trace (370 pts)
        • Nugas (Solved After Event)
        • Free Flag (280 pts)
        • Brute (Solved After Event)
        • Web V1 (Solved After Event)
        • Bypass (Solved After Event)
        • Orbiter (Solved After Event)
      • 🌐OSINT Combine (Wildlife)
        • Getting Started (100 pts)
        • Proper Poppy (100 pts)
        • Legendary Beasts (200 pts)
        • Shadow Fleet (200 pts)
        • Proper Poppy II (200 pts)
        • Not So Smug Smuggler (200 pts)
        • Icy (200 pts)
        • Forest Pals (200 pts)
        • Safari Time II (200 pts)
        • Sneaky! (200 pts)
        • Hello Friend (300 pts)
        • Busy As A (300 pts)
        • Get Rotated! (300 pts)
        • High Seas (300 pts)
        • Nocturnal (300 pts)
        • Safari Time (400 pts)
        • Peak Weather (400 pts)
        • Singsong (400 pts)
        • Falling Fell (500 pts)
        • Kitty Cats (500 pts)
      • 🇮🇩RECURSION
        • let him cook
        • Basic Math
        • Favourite Number
        • Zarrar Cipher (100 pts)
        • paBlue Team (100 pts)
        • [🩸] I wish I was there on December 21, 2024 (100 pts)
        • Small House (200 pts)
        • [🩸] Mission Difference (456 pts)
    • 2024
      • 🌐Santa Claus CTF
        • Complete Picture
        • Day 1 - Big Bang
        • Day 2 - The Summer Job
        • Day 3 - The Visitors
        • Day 4 - Happy Birthday
        • Day 5 - Say My Name
        • Day 6 - Say "Cheese"
        • Day 7 - Revealing Pixels
        • Day 8 - Connecting The Dots
        • Day 9 - 404 Not Found
        • Day 10 - Breaking News
        • Day 11 - Ayrton Santa
        • Day 12 - Lost and Found
        • Day 13 - Planespotting
        • Day 14 - Santa Surveillance
        • Day 15 - Shaken, Not Stirred
        • Day 16 - Status Update
        • Day 17 - Waste ...of Time
        • Day 18 - Lost in Translation
        • Day 19 - Santa's Clones
        • Day 20 - Losing Tracks
        • Day 21 - Sing my Song
        • Day 22 - Eagle Eye
        • Day 23 - Distances Matters
        • Day 24 - Mastermind
      • 🌐Cyber Jawara International
        • Stone Game (100 pts)
        • prepare the tools (176 pts)
        • Persona (484 pts)
      • 🌐OSMOSIS Precon CTF
        • 1 The art of espionage
        • # 2 The Hack
        • # 3 The rabbit hole
        • # 4 The Association
        • # 6 Where is number 5
        • # 5 Who is it
        • Too many Layers
        • The prize
      • 🇮🇩Intechfest
        • Sanity Check (100 pts)
        • Alin (113 pts)
        • GerakSendiri (106 pts)
        • Details (100 pts)
      • 🇮🇩COMPFEST 16
        • Let's Help John! (100 pts)
        • money gone, wallet also gone (100 pts)
        • head’s up! (493 pts)
        • CaRd (304 pts)
        • Sanity Check (100 pts)
      • 🇮🇩Gemastik
        • Baby AES (451 pts)
        • Baby Structured (100 pts)
      • 🇮🇩Technofair 11
        • Kenangan
        • Xorban
        • Marsha
        • Siap Tempur!!
        • eftipi
        • kurang berarti
        • DUMPling
        • Malicious
      • 🌐DIVER OSINT
        • chiban
      • 🇮🇩GKSK#8 Osintathon
        • Sport Location
        • Meklaren lu warna apa boss ?
        • Postcode
        • Rumah Minang
        • Latihan
        • Anak Misterius
        • Travelling Anywhere
        • The Thief
        • Danger Watch
        • Misteri Ruang Angkasa
        • Fun Walk
        • I am Late
        • My Oshi
        • Wellcome to my Youtube Channel
        • Pesan Tersembunyi Wingdings
        • Salah Fokus
        • Apa itu GKSK?
        • Foto Bersejarah
        • Picture
        • Nostalgia Child
        • oldschool
        • Summer Olympic
      • 🇮🇩Techcomfest
        • pemanasan
        • crackable
        • Kuli-ah forensik
    • 2023
      • 🇮🇩Cyber Jawara
        • daruma
      • 🇮🇩NCW
        • Simple (220 pts)
        • wangsaf (320 pts)
        • Sillyville Saga (220 pts)
        • Freminhelp (Solved after event)
      • 🇮🇩Hology 6
      • 🇮🇩SlashRoot 7
        • Summary (441 pts)
        • eeee (480 pts)
        • Zebra Cross (409 pts)
        • Waka Waka eh eh (185 pts)
        • ANABUL (250 pts)
      • 🇮🇩COMPFEST 15
        • not simply corrupted (316 pts)
        • Artificial secret (356 pts)
      • 🇮🇩Gemastik
        • easy AES
        • k-1
        • Gen Z
      • 🇮🇩TechnoFair 10
        • RSA Bwang
        • Marsah
        • rapsodi
        • Pengen Merch JKT 😢
        • space mono
        • file pemberian fans
        • bantu aku mencari sebuah rahasia
    • 2022
      • 🇮🇩NCW
        • sabeb64 (331 pts)
        • cakemath (451 pts)
        • Downloader (244 pts)
        • 199 passcode (Solved after event)
      • 🇮🇩TEDCTF
      • 🇮🇩Gemastik
      • 🇮🇩OSCCTF
      • 🇮🇩ARA
  • 🪦Old Hello
Powered by GitBook
On this page
  1. Competitions
  2. 2024
  3. Technofair 11

Siap Tempur!!

Description

WAH INI DIAAAAAA SISTEM ALAT ENKRIPSI MUTAKHIR DARI ISEKAI YANG DAPAT MEMPORAK-PORANDAKAN KETAHANAN KRIPTOGRAFI REPUBLIK INDONESIA!!!!

Author: AnYujin

nc 103.185.53.181 4255

Kita diberikan 2 file source code yakni Paillier.py dan soal.py serta sebuah service. Berikut adalah file source dari soal.

from Crypto.Util.number import *
from math import lcm
import random

class Paillier :
    def __init__(self):
        self.cnt=1
        while True:
            p, q = getPrime(512), getPrime(512)
            if GCD(p*q, (p-1)*(q-1)) == 1:
                break
        self.phi=lcm(p-1,q-1)
        self.n = p * q
        self.r= { r+1 : random.randint(2, self.n-1) for r in range(128) }

    def encrypt(self,msg,r):
        msg_len=len(msg)
        msg=bytes_to_long(msg.encode())
        gm=pow(self.n+1,msg,self.n**2)
        if r==0:
            rn=pow(self.r[msg_len],self.n+self.cnt,self.n**2)
        else:
            rn=pow(r,self.n+self.cnt,self.n**2)
        ct=(gm*rn)%(self.n**2)
        self.cnt+=1
        return ct
from Paillier import Paillier
from secret import flag
from Crypto.Util.number import *

cipher=Paillier()

while True:
    print("What you want to do?")
    print("1. Encrypt a message")
    print("2. Encrypt the flag")
    print("3. exit")
    inp=int(input("> "))
    if(inp==1):
        print("Enter message")
        msg=input("> ")
        print("Enter r")
        r=int(input("> "))
        ct=cipher.encrypt(msg,r)
        print(f"encrypted : {ct}")
    elif(inp==2):
        ct=cipher.encrypt(flag,0)
        print(f"encrypted flag : {ct}")
    else:
        exit()

Di sini g di-set sebagai n+1. Dengan menggunakan teorema binomial:

gm = (g^m) mod n^2
gm = ((n+1)^m) mod n^2
gm = (1^m + n*m + mC2*n^2 + ...) mod n^2        # teorema binomial
gm = m*n + 1

Jika kita mendapatkan gm, maka kita bisa mendapatkan n. Di soal, kita bisa mengenkripsi pesan (misalnya 'A', nilai decimal = 65) dan memasukkan r secara custom. Kita bisa saja memasukkan r = 1 supaya ct == gm. Setelah itu, tinggal hitung n dengan n = (gm-1)//65.

Kerentanan berikutnya adalah n yang digunakan secara konstan. Di sini ada sistem untuk membedakan setiap enkripsi, yaitu menggunakan "count". Akan tetapi, sistem ini justru bisa kita manfaatkan. Misalnya saat ini count == 2, lalu kita encrypt flag sebanyak dua kali. Maka perhitungannya menjadi seperti berikut.

ct1 = gm*r^(n+2) % n^2
ct2 = gm*r^(n+3) % n^2
ct2 * ct1^-1 = r % n^2
# karena r pasti < n (aturan di Paillier), maka
ct2 * ct1^-1 = r

Nah, r sudah kita dapatkan. Berikutnya, kita bisa mendapatkan nilai gm dari flag.

gm = ( ct1 * r^(-(n+2)) ) % n**2

Jika gm sudah didapatkan, maka kita dapat menghitung nilai m dengan mudah, seperti berikut.

m = (gm-1)//n

Berikut adalah kode solver lengkapnya. Soal ini menggunakan service oracle, jadi nilai-nilai parameternya dapat berubah di setiap sesi.

from Crypto.Util.number import *

# Encrypt "A" (65 di decimal), dengan r = 1
# ct = gm
# gm = mn + 1; menggunakan teorema binomial
enc = 6276893213329167752128078564524048240849285055140453373047594965125809791555037998747079798841393543778930472616349381967164203034215086686735731569351040662962905680142589121570682267751062965110316378766857233231823737625177119068132482158735759725280167444770265925240695695090330576829133017323152505129816

# Hitung n
n = (enc-1)//65

# Encrypt flag; count = 2
ct1 = 2151001259599988641998687482514825897918853117427527508753809657678824521381422459080301076718220769920035886555508086414081804040166035319637893798225331941854353760922278861537398363948778726588084383060262022107783216975919757570739654080764839964098775953448354987642067340461419224033868176640116485910487147580198959174218206464320672276722564825402189709409812201239296474905048739507699102472221753449784211133814248833331498857609237219113254377786480322160204018358978337562409200694575619616187417223534388644070155013606463048348670479147544550868890764060911555244467495373340356511149366099153768656322

# Encrypt flag; count = 3
ct2 = 8606364435051217187722030150691256140186872568340894681580942425342565909071273472744444522307517631327206700058262478597222493931623793204619638784029937740513557377713105872776476601777504386459940448926403558044354753549548162949026905399197031667525702426260789925971085492578959021928767040320971517639011128905937272353581479523169238124490335284981318923405897387550637036278415141527211342090337416635263922548694959035055295794496995351114151320925811488048152141865905824268137940437829656899982376710649539807041707733957927859954017780664650309381744813500190916820763241894187567680487803371278947515324

# Ambil nilai r dari flag
r = (ct2 * inverse(ct1, n**2)) % n**2

# Hitung nilai gm dari flag
gm = (ct1 * inverse(pow(r, n+2, n**2), n**2)) % n**2

# Hitung m
m = (gm-1)//n
print(long_to_bytes(m))

Flag: TechnoFair11{R415ha_M4r5h4_M1ch13_Fl0R4_91T4}

PreviousMarshaNexteftipi

Last updated 10 months ago

Soal ini menerapkan . Untuk mendapatkan ciphertext ct, kita perlu menghitung ct = (g^m * r^n) mod n^2. Di soal ini, g^m dilambangkan dengan gm, sedangkan r^n dilambangkan dengan rn. Setelah menganalisis kode di atas untuk memeriksa adanya cacat implementasi yang menimbulkan kerentanan, ada beberapa hal yang ditemukan.

🚩
🇮🇩
Paillier cryptosystem