add challenges

README.md

@@ -0,0 +1,91 @@
+# My CTF Challenges
+
+Challenges I've made for public CTFs.
+
+# DownUnderCTF 2020
+Fri, 18 Sept. 2020, 19:00 AEST — Sun, 20 Sept. 2020, 19:00 AEST
+
+[**Website**](https://duc.tf) | [**CTFTime**](https://ctftime.org/event/1084/) | [**Official Repository**](https://github.com/DownUnderCTF/Challenges_2020_Public)
+
+|Name|Category|Difficulty|Solves|
+|---|---|---|---|
+|[rot-i](downunderctf-2020/rot-i)|crypto|👶|447|
+|[babyrsa](downunderctf-2020/babyrsa)|crypto|⭐️|144|
+|[Extra Cool Block Chaining](downunderctf-2020/extra-cool-block-chaining)|crypto|⭐️⭐️|52|
+|[Hex Shift Cipher](downunderctf-2020/hex-shift-cipher)|crypto|⭐️⭐️|44|
+|[Cosmic Rays](downunderctf-2020/cosmic-rays)|crypto|⭐️⭐️|25|
+|[1337crypt](downunderctf-2020/1337crypt)|crypto|⭐️⭐️⭐️|3|
+|[ImpECCable](downunderctf-2020/impeccable)|crypto|⭐️⭐️⭐️|3|
+|[LSB\|\|MSB Calculation Game](downunderctf-2020/lsb-msb-calculation-game)|crypto|⭐️⭐️⭐️|2|
+
+# DownUnderCTF 2021
+Fri, 24 Sept. 2021, 19:00 AEST — Sun, 26 Sept. 2021, 19:00 AEST
+
+[**Website**](https://duc.tf) | [**CTFTime**](https://ctftime.org/event/1312/) | [**Official Repository**](https://github.com/DownUnderCTF/Challenges_2021_Public)
+
+|Name|Category|Difficulty|Solves|
+|---|---|---|---|
+|[no strings](downunderctf-2021/no-strings)|reversing|👶|934|
+|[Substitution Cipher I](downunderctf-2021/substitution-cipher-i)|crypto|👶|362|
+|[Substitution Cipher II](downunderctf-2021/substitution-cipher-ii)|crypto|⭐️|155|
+|[treasure](downunderctf-2021/treasure)|crypto|⭐️|102|
+|[flag loader](downunderctf-2021/flag-loader)|reversing|⭐️|85|
+|[write what where](downunderctf-2021/write-what-where)|pwn|⭐️|70|
+|[connect the dots](downunderctf-2021/connect-the-dots)|reversing|⭐️⭐️|47|
+|[ready, bounce, pwn!](downunderctf-2021/ready-bounce-pwn)|pwn|⭐️⭐️|41|
+|[encrypted note](downunderctf-2021/encrypted-note)|pwn|⭐️⭐️⭐️|22|
+|[flag checker](downunderctf-2021/flag-checker)|reversing|⭐️⭐️⭐️|16|
+|[gamer](downunderctf-2021/gamer)|reversing|⭐️⭐️|15|
+|[power sign](downunderctf-2021/power-sign)|crypto|⭐️⭐️⭐️|14|
+|[yadlp](downunderctf-2021/yadlp)|crypto|⭐️⭐️⭐️|14|
+|[flag printer](downunderctf-2021/flag-printer)|reversing|⭐️⭐️|8|
+|[bullet hell](downunderctf-2021/bullet-hell)|reversing|⭐️⭐️|7|
+|[1337crypt v2](downunderctf-2021/1337crypt-v2)|crypto|⭐️⭐️⭐️|3|
+|[Substitution Cipher III](downunderctf-2021/substitution-cipher-iii)|crypto|⭐️⭐️⭐️|1|
+
+# DownUnderCTF 2022
+Fri, 23 Sept. 2022, 19:30 AEST — Sun, 25 Sept. 2022, 19:30 AEST
+
+[**Website**](https://duc.tf) | [**CTFTime**](https://ctftime.org/event/1625/) | [**Official Repository**](https://github.com/DownUnderCTF/Challenges_2022_Public)
+
+|Name|Category|Difficulty|Solves|
+|---|---|---|---|
+|[babyp(y)wn](downunderctf-2022/babypywn)|pwn|👶|643|
+|[source provided](downunderctf-2022/source-provided)|rev|👶|365|
+|[baby arx](downunderctf-2022/baby-arx)|crypto|👶|279|
+|[js lock](downunderctf-2022/js-lock)|rev|⭐️|136|
+|[login](downunderctf-2022/login)|pwn|⭐️|121|
+|[oracle for block cipher enthusiasts](downunderctf-2022/oracle-for-block-cipher-enthusiasts)|crypto|⭐️|102|
+|[cheap ring theory](downunderctf-2022/cheap-ring-theory)|crypto|⭐️|101|
+|[rsa interval oracle i](downunderctf-2022/rsa-interval-oracle-i)|crypto|⭐️|79|
+|[noteworthy](downunderctf-2022/noteworthy)|web|⭐️|60|
+|[ezpz-rev](downunderctf-2022/ezpz-rev)|rev|⭐️|42|
+|[rsa interval oracle ii](downunderctf-2022/rsa-interval-oracle-ii)|crypto|⭐️⭐️|36|
+|[ezpz-pwn](downunderctf-2022/ezpz-pwn)|pwn|⭐️|33|
+|[xva](downunderctf-2022/xva)|rev|⭐️⭐️|30|
+|[last digit](downunderctf-2022/last-digit)|misc|⭐️|26|
+|[Crypto Casino](downunderctf-2022/crypto-casino)|blockchain|⭐️|25|
+|[rsa interval oracle iii](downunderctf-2022/rsa-interval-oracle-iii)|crypto|⭐️⭐️|23|
+|[click the flag](downunderctf-2022/click-the-flag)|rev|⭐️⭐️|18|
+|[time locked](downunderctf-2022/time-locked)|crypto|⭐️⭐️|18|
+|[battlesweeper](downunderctf-2022/battlesweeper)|misc|⭐️⭐️⭐️|18|
+|[kv_db](downunderctf-2022/kv-db)|pwn|⭐️⭐️|17|
+|[faulty arx](downunderctf-2022/faulty-arx)|crypto|⭐️⭐️⭐️|11|
+|[file magic](downunderctf-2022/file-magic)|misc|⭐️⭐️|10|
+|[pac](downunderctf-2022/pac)|pwn|⭐️⭐️|7|
+|[rsa interval oracle iv](downunderctf-2022/rsa-interval-oracle-iv)|crypto|⭐️⭐️⭐️|5|
+|[EVM Vault Mechanism](downunderctf-2022/evm-vault-mechanism)|blockchain|⭐️⭐️⭐️|4|
+|[1337crypt v3](downunderctf-2022/1337crypt-v3)|crypto|⭐️⭐️⭐️|2|
+|[kyber±](downunderctf-2022/kyber)|crypto|⭐️⭐️⭐️⭐️|1|
+
+# Cyber Apocalypse 2023
+Sun, 19 March 2023, 00:00 AEDT — Thu, 23 March 2023, 23:59 AEDT
+
+[**Website**](https://ctf.hackthebox.com/event/details/cyber-apocalypse-2023-the-cursed-mission-821) | [**CTFTime**](https://ctftime.org/event/1889/) 
+> HackTheBox approached me to develop these challenges, some details like the title and description for the challenges were created by them.
+
+|Name|Category|Difficulty|Solves|
+|---|---|---|---|
+|[Colliding Heritage](cyber-apocalypse-2023/colliding-heritage)|crypto|⭐️|?|
+|[Biased Heritage](cyber-apocalypse-2023/biased-heritage)|crypto|⭐️⭐️|?|
+

ctfs.yaml

@@ -0,0 +1,23 @@
+- name: DownUnderCTF 2020
+  website: https://duc.tf
+  ctftime: https://ctftime.org/event/1084/
+  description: ""
+  date: "Fri, 18 Sept. 2020, 19:00 AEST — Sun, 20 Sept. 2020, 19:00 AEST"
+  repo: https://github.com/DownUnderCTF/Challenges_2020_Public
+- name: DownUnderCTF 2021
+  website: https://duc.tf
+  ctftime: https://ctftime.org/event/1312/
+  description: ""
+  date: "Fri, 24 Sept. 2021, 19:00 AEST — Sun, 26 Sept. 2021, 19:00 AEST"
+  repo: https://github.com/DownUnderCTF/Challenges_2021_Public
+- name: DownUnderCTF 2022
+  website: https://duc.tf
+  ctftime: https://ctftime.org/event/1625/
+  description: ""
+  date: "Fri, 23 Sept. 2022, 19:30 AEST — Sun, 25 Sept. 2022, 19:30 AEST"
+  repo: https://github.com/DownUnderCTF/Challenges_2022_Public
+- name: Cyber Apocalypse 2023
+  website: https://ctf.hackthebox.com/event/details/cyber-apocalypse-2023-the-cursed-mission-821
+  ctftime: https://ctftime.org/event/1889/
+  date: "Sun, 19 March 2023, 00:00 AEDT — Thu, 23 March 2023, 23:59 AEDT"
+  description: HackTheBox approached me to develop these challenges, some details like the title and description for the challenges were created by them.

cyber-apocalypse-2023/biased-heritage/README.md

@@ -0,0 +1,26 @@
+# Cyber Apocalypse 2023 - Biased Heritage
+
+- **Category:** crypto
+- **Solves:** -1/6482
+- **Difficulty:** ⭐️⭐️
+- **Hosting type:** tcp
+- **Tags:** Schnorr, LLL
+
+---
+
+> You emerge from the labyrinth to find a massive door blocking your path to the relic. It has the same authentication mechanism as the entrance, but it appears to be more sophisticated and challenging to crack. Can you devise a plan to breach the door and gain access to the relic?
+
+
+Handout files:
+
+- [./publish/server.py](./publish/server.py)
+
+## Solution
+
+Flag: `HTB{full_s1z3_n0nc3_l4cks_ful1_s1z3_3ntr0py}`
+
+
+- [**Solver**](./solve/solv.sage)
+
+
+

cyber-apocalypse-2023/biased-heritage/details.yaml

@@ -0,0 +1,19 @@
+id: cactf-2023-biased-heritage
+name: Biased Heritage
+category: crypto
+ctf: Cyber Apocalypse 2023
+difficulty: 2
+tags:
+  - Schnorr
+  - LLL
+notes: ''
+description: |
+  You emerge from the labyrinth to find a massive door blocking your path to the relic. It has the same authentication mechanism as the entrance, but it appears to be more sophisticated and challenging to crack. Can you devise a plan to breach the door and gain access to the relic?
+hosting: tcp
+handout_files:
+- ./publish/server.py
+flag: HTB{full_s1z3_n0nc3_l4cks_ful1_s1z3_3ntr0py}
+solve_stats:
+  # solved_teams: ?
+  num_teams: 6482
+solver: ./solve/solv.sage

cyber-apocalypse-2023/biased-heritage/publish/server.py

@@ -0,0 +1,87 @@
+#!/usr/bin/env python3
+
+import signal
+from secrets import randbelow
+from hashlib import sha256
+from Crypto.Util.number import isPrime, getPrime, long_to_bytes, bytes_to_long
+
+FLAG = "HTB{???????????????????????????????????????}"
+
+
+class SHA256chnorr:
+
+    def __init__(self):
+        # while True:
+        #     self.q = getPrime(512)
+        #     self.p = 2*self.q + 1
+        #     if isPrime(self.p):
+        #         break
+        self.p = 0x184e26a581fca2893b2096528eb6103ac03f60b023e1284ebda3ab24ad9a9fe0e37b33eeecc4b3c3b9e50832fd856e9889f6c9a10cde54ee798a7c383d0d8d2c3
+        self.q = (self.p - 1) // 2
+        self.g = 3
+        self.x = randbelow(self.q)
+        self.y = pow(self.g, self.x, self.p)
+
+    def H(self, msg):
+        return bytes_to_long(2 * sha256(msg).digest()) % self.q
+
+    def sign(self, msg):
+        k = self.H(msg + long_to_bytes(self.x))
+        r = pow(self.g, k, self.p) % self.q
+        e = self.H(long_to_bytes(r) + msg)
+        s = (k - self.x * e) % self.q
+        return (s, e)
+
+    def verify(self, msg, sig):
+        s, e = sig
+        if not (0 < s < self.q):
+            return False
+        if not (0 < e < self.q):
+            return False
+        rv = pow(self.g, s, self.p) * pow(self.y, e, self.p) % self.p % self.q
+        ev = self.H(long_to_bytes(rv) + msg)
+        return ev == e
+
+
+def menu():
+    print('[S]ign a message')
+    print('[V]erify a signature')
+    return input('> ').upper()[0]
+
+
+def main():
+    sha256chnorr = SHA256chnorr()
+    print('g:', sha256chnorr.g)
+    print('y:', sha256chnorr.y)
+    print('p:', sha256chnorr.p)
+
+    for _ in range(3):
+        choice = menu()
+
+        if choice == 'S':
+            msg = bytes.fromhex(input('Enter message> '))
+            if b'right hand' in msg:
+                print('No!')
+            else:
+                sig = sha256chnorr.sign(msg)
+                print('Signature:', sig)
+
+        elif choice == 'V':
+            msg = bytes.fromhex(input('Enter message> '))
+            s = int(input('Enter s> '))
+            e = int(input('Enter e> '))
+            if sha256chnorr.verify(msg, (s, e)):
+                if msg == b'right hand':
+                    print(FLAG)
+                else:
+                    print('Valid signature!')
+            else:
+                print('Invalid signature!')
+
+        else:
+            print('Invalid choice...')
+
+
+if __name__ == '__main__':
+    signal.alarm(30)
+    main()

cyber-apocalypse-2023/biased-heritage/solve/solv.sage

@@ -0,0 +1,56 @@
+from pwn import process
+from Crypto.Util.number import bytes_to_long, long_to_bytes
+from hashlib import sha256
+import ast
+
+def sign(msg):
+    conn.sendlineafter(b'> ', b'S')
+    conn.sendlineafter(b'message> ', msg.hex().encode())
+    return ast.literal_eval(conn.recvline().decode().strip().split('Signature: ')[1])
+
+def verify(msg, sig):
+    conn.sendlineafter(b'> ', b'V')
+    conn.sendlineafter(b'message> ', msg.hex().encode())
+    conn.sendlineafter(b's> ', str(sig[0]).encode())
+    conn.sendlineafter(b'e> ', str(sig[1]).encode())
+    return conn.recvline().decode().strip()
+
+conn = process('./chall.py')
+
+g = int(conn.recvline().decode().strip().split('g: ')[1])
+y = int(conn.recvline().decode().strip().split('y: ')[1])
+p = int(conn.recvline().decode().strip().split('p: ')[1])
+q = (p - 1) // 2
+
+s1, e1 = sign(b'asdf')
+s2, e2 = sign(b'zxcv')
+
+s1_ = s1 * pow(2^256 + 1, -1, q) % q
+s2_ = s2 * pow(2^256 + 1, -1, q) % q
+e1_ = e1 * pow(2^256 + 1, -1, q) % q
+e2_ = e2 * pow(2^256 + 1, -1, q) % q
+
+M = Matrix([
+    [q,   0,   0,       0],
+    [0,   q,   0,       0],
+    [e1_, e2_, 2^256/q, 0],
+    [s1_, s2_, 0,       2^256]
+])
+M = M.LLL()
+
+for r in M:
+    if r[-1] == 2^256:
+        x = int(r[-2] * q / 2^256) % q
+        if pow(g, x, p) != y:
+            x += 1
+        print('Recovered private key:', x)
+        break
+
+target_msg = b'right hand'
+k = 1337
+r = pow(g, k, p) % q
+e = bytes_to_long(2 * sha256(long_to_bytes(r) + target_msg).digest()) % q
+s = (k - x * e) % q
+
+flag = verify(target_msg, (s, e))
+print(flag)

cyber-apocalypse-2023/colliding-heritage/README.md

@@ -0,0 +1,26 @@
+# Cyber Apocalypse 2023 - Colliding Heritage
+
+- **Category:** crypto
+- **Solves:** -1/6482
+- **Difficulty:** ⭐️
+- **Hosting type:** tcp
+- **Tags:** MD5, Schnorr
+
+---
+
+> As you arrive at the location of the relic, you discover an ancient tomb that appears to have no visible entrance. However, a scan of the area reveals the presence of unusual RF signals coming from a specific location. With the help of your team, you manage to create an interface to communicate with the signal-emitting device. Unfortunately, the device only grants access to descendants of the pharaoh’s left hand. Can you find a way to enter the tomb?
+
+
+Handout files:
+
+- [./publish/server.py](./publish/server.py)
+
+## Solution
+
+Flag: `HTB{w3ll_y3s_bu7_4c7ual1y_n0...}`
+
+
+- [**Solver**](./solve/solv.py)
+
+
+

cyber-apocalypse-2023/colliding-heritage/details.yaml

@@ -0,0 +1,19 @@
+id: cactf-2023-colliding-heritage
+name: Colliding Heritage
+category: crypto
+ctf: Cyber Apocalypse 2023
+difficulty: 1
+tags:
+  - MD5
+  - Schnorr
+notes: ''
+description: |
+  As you arrive at the location of the relic, you discover an ancient tomb that appears to have no visible entrance. However, a scan of the area reveals the presence of unusual RF signals coming from a specific location. With the help of your team, you manage to create an interface to communicate with the signal-emitting device. Unfortunately, the device only grants access to descendants of the pharaoh’s left hand. Can you find a way to enter the tomb?
+hosting: tcp
+handout_files:
+- ./publish/server.py
+flag: HTB{w3ll_y3s_bu7_4c7ual1y_n0...}
+solve_stats:
+  # solved_teams: ?
+  num_teams: 6482
+solver: ./solve/solv.py