# PicoCTF Crypto Challenges¶

## PicoCTF Challenge: Mod26¶

Cryptography can be easy, do you know what ROT13 is?

cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}

from string import ascii_lowercase as alphabet

def rot(given: str, n: int) -> str:
"""
Passes anything that is not lowercase ascii
"""
return "".join(
[
alphabet[(alphabet.index(letter.lower()) + n) % 26]
if letter.lower() in alphabet
else letter
for letter in given
]
)

given = "cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}"

rot(given, 13)

"picoctf{next_time_i'll_try_2_rounds_of_rot13_hwqfsgzu}"


## PicoCTF Challenge: The Numbers¶

https://play.picoctf.org/practice/challenge/68?category=2&page=1

numbers = [
16,
9,
3,
15,
3,
20,
6,
"{",
20,
8,
5,
14,
21,
13,
2,
5,
18,
19,
13,
1,
19,
15,
14,
"}",
]

"".join([alphabet[number - 1] if type(number) is int else number for number in numbers])

'picoctf{thenumbersmason}'


## PicoCTF Challenge: No Padding, No Problem¶

Welcome to the Padding Oracle Challenge This oracle will take anything you give it and decrypt using RSA. It will not accept the ciphertext with the secret message… Good Luck!

n = 120199559973193838354549892082142658207097650252359537516083460817553570005386613360986166000912493892791691164047531246715465233526804393369018699102692997585282405404929642411769685589191403004314951464004606040856090582644697868607882790061040095046085624676496925724241831512872034324551286084224297842637

e = 65537

c = 7663878604603605176178448503196010884137598661534924550657029084967288918950468353300685296575323894095255258617919415054374805989359325652736220230210866108008415526260085801082953500312514266232101295493572110042773495662486665996281526563951110999276024750039987398638060394996693137783011654264697917058


RSA is malleable (Paar 192). We can transform the ciphertext into another ciphertext which is a known transformation of the plaintext… This can be achieved in RSA if the attacker replaces the ciphertext y with (s**e)*y with an integer s. For this example, we’ll double the cipher text (and know that we have to half the result returned from the oracle).

x = c * (pow(2, e, n))


Give x to Oracle and receive doubled

doubled = 580550060391700078946913236734911770139931497702556153513487440893406629034802718534645538074938502890768853279675297196794

result = int(doubled // 2)
print(result)

290275030195850039473456618367455885069965748851278076756743720446703314517401359267322769037469251445384426639837648598397

bytearray.fromhex(format(result, 'x')).decode()

'picoCTF{m4yb3_Th0se_m3s54g3s_4r3_difurrent_1772735}'