PicoCTF Crypto Challenges#

PicoCTF Challenge: Mod26#

Cryptography can be easy, do you know what ROT13 is?

cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}

from string import ascii_lowercase as alphabet
def rot(given: str, n: int) -> str:
    """
    Passes anything that is not lowercase ascii
    """
    return "".join(
        [
            alphabet[(alphabet.index(letter.lower()) + n) % 26]
            if letter.lower() in alphabet
            else letter
            for letter in given
        ]
    )
given = "cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_uJdSftmh}"
rot(given, 13)
"picoctf{next_time_i'll_try_2_rounds_of_rot13_hwqfsgzu}"

PicoCTF Challenge: The Numbers#

https://play.picoctf.org/practice/challenge/68?category=2&page=1

numbers

numbers = [
    16,
    9,
    3,
    15,
    3,
    20,
    6,
    "{",
    20,
    8,
    5,
    14,
    21,
    13,
    2,
    5,
    18,
    19,
    13,
    1,
    19,
    15,
    14,
    "}",
]
"".join([alphabet[number - 1] if type(number) is int else number for number in numbers])
'picoctf{thenumbersmason}'

PicoCTF Challenge: No Padding, No Problem#

Welcome to the Padding Oracle Challenge This oracle will take anything you give it and decrypt using RSA. It will not accept the ciphertext with the secret message… Good Luck!

n = 120199559973193838354549892082142658207097650252359537516083460817553570005386613360986166000912493892791691164047531246715465233526804393369018699102692997585282405404929642411769685589191403004314951464004606040856090582644697868607882790061040095046085624676496925724241831512872034324551286084224297842637
e = 65537
c = 7663878604603605176178448503196010884137598661534924550657029084967288918950468353300685296575323894095255258617919415054374805989359325652736220230210866108008415526260085801082953500312514266232101295493572110042773495662486665996281526563951110999276024750039987398638060394996693137783011654264697917058

RSA is malleable (Paar 192). We can transform the ciphertext into another ciphertext which is a known transformation of the plaintext… This can be achieved in RSA if the attacker replaces the ciphertext y with (s**e)*y with an integer s. For this example, we’ll double the cipher text (and know that we have to half the result returned from the oracle).

x = c * (pow(2, e, n))

Give x to Oracle and receive doubled

doubled = 580550060391700078946913236734911770139931497702556153513487440893406629034802718534645538074938502890768853279675297196794
result = int(doubled // 2)
print(result)
290275030195850039473456618367455885069965748851278076756743720446703314517401359267322769037469251445384426639837648598397
bytearray.fromhex(format(result, 'x')).decode()
'picoCTF{m4yb3_Th0se_m3s54g3s_4r3_difurrent_1772735}'