PicoCTF Crypto Challenges

PicoCTF Challenge: Mod26

Cryptography can be easy, do you know what ROT13 is?

cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}

from string import ascii_lowercase as alphabet
def rot(given: str, n: int) -> str:
    """
    Passes anything that is not lowercase ascii
    """
    return "".join(
        [
            alphabet[(alphabet.index(letter.lower()) + n) % 26]
            if letter.lower() in alphabet
            else letter
            for letter in given
        ]
    )
given = "cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}"
rot(given, 13)
"picoctf{next_time_i'll_try_2_rounds_of_rot13_hwqfsgzu}"

PicoCTF Challenge: The Numbers

https://play.picoctf.org/practice/challenge/68?category=2&page=1

numbers

numbers = [
    16,
    9,
    3,
    15,
    3,
    20,
    6,
    "{",
    20,
    8,
    5,
    14,
    21,
    13,
    2,
    5,
    18,
    19,
    13,
    1,
    19,
    15,
    14,
    "}",
]
"".join([alphabet[number - 1] if type(number) is int else number for number in numbers])
'picoctf{thenumbersmason}'

PicoCTF Challenge: No Padding, No Problem

Welcome to the Padding Oracle Challenge This oracle will take anything you give it and decrypt using RSA. It will not accept the ciphertext with the secret message… Good Luck!

n = 120199559973193838354549892082142658207097650252359537516083460817553570005386613360986166000912493892791691164047531246715465233526804393369018699102692997585282405404929642411769685589191403004314951464004606040856090582644697868607882790061040095046085624676496925724241831512872034324551286084224297842637
e = 65537
c = 7663878604603605176178448503196010884137598661534924550657029084967288918950468353300685296575323894095255258617919415054374805989359325652736220230210866108008415526260085801082953500312514266232101295493572110042773495662486665996281526563951110999276024750039987398638060394996693137783011654264697917058

RSA is malleable (Paar 192). We can transform the ciphertext into another ciphertext which is a known transformation of the plaintext… This can be achieved in RSA if the attacker replaces the ciphertext y with (s**e)*y with an integer s. For this example, we’ll double the cipher text (and know that we have to half the result returned from the oracle).

x = c * (pow(2, e, n))

Give x to Oracle and receive doubled

doubled = 580550060391700078946913236734911770139931497702556153513487440893406629034802718534645538074938502890768853279675297196794
result = int(doubled // 2)
print(result)
290275030195850039473456618367455885069965748851278076756743720446703314517401359267322769037469251445384426639837648598397
bytearray.fromhex(format(result, 'x')).decode()
'picoCTF{m4yb3_Th0se_m3s54g3s_4r3_difurrent_1772735}'