この大会は2020/5/23 4:00(JST)~2020/5/24 4:00(JST)に開催されました。
今回もチームで参戦。結果は 143点で461チーム中122位でした。
自分で解けた問題をWriteupとして書いておきます。
Sanity Check (misc, warmup)
フラグが逆順になっているので、戻す。
>>> '}FTC_noCel0m_y4lp_dn4_3m0h_74_y475_3543lp{mtp'[::-1]
'ptm{pl3453_574y_47_h0m3_4nd_pl4y_m0leCon_CTF}'
ptm{pl3453_574y_47_h0m3_4nd_pl4y_m0leCon_CTF}
Kid Exchange (crypto, warmup)
コードを見ながら、pcapngの通信を確認すると、以下のようになっている。暗号化したフラグはflag.encとしてエクスポートする。
[alice] 以下を送信 1: 273788890796601263265245594347262103880\n 2: 258572069890864811747964868343405266432 暗号化したフラグを送信 [bob] 以下を送信 3: 26837497238457670050499535274845058824\n 4: 40856090470940388713344411229977259912 暗号化したフラグを受信
e1, e2が不明なため、e5, e6が不明。e7も不明になるため、式を変形する。
e7 = (e5 + 4 * e6) % m
= (pow(e1, 4, m) + 4 * pow(e2, 4, m)) % m
p1 = (e1**2 - 2 * p2 + 2 * e2**2) % m
p1**2 = (e1**4 - 2*p2*(e1**2) + 2*((e1*e2)**2)
- 2*p2*(e1**2) + 4*(p2**2) - 4*p2*(e2**2)
+ 2*(e1*e2)**2 - 4*p2*(e2**2) + 4*(e2**4)) % m
= (e1**4 + 4*(e2**4) + 4 * (2 * p2**2 - p2*(e1**2) - 2 * p2 * (e2**2))) % m
= e7 + 4 * (2 * p2**2 - p2 *(e1**2 + 2 * (e2**2))) % m
= e7 - 4 * p2 * (e1**2 -2 * p2 + 2 * (e2**2))
= e7 - 4 * p2 * p1
e7 = p1**2 + 4 * p1 * p2上記のパラメータを使い、処理通りに復号してみる。
#!/usr/bin/env python3 from Crypto.Cipher import AES def unpad(s): return s.rstrip('\x00') n = 128 m = 2 ** n p1_a = 273788890796601263265245594347262103880 p2_a = 258572069890864811747964868343405266432 p1_b = 26837497238457670050499535274845058824 p2_b = 40856090470940388713344411229977259912 p3 = p1_a p4 = p2_a e3 = (p3 + 4 * p4) % m e4 = pow(3, p3 * e3, m) e7 = (pow(p1_b, 2, m) + 4 * p1_b * p2_b) % m k = pow(e4, e7, m) key = int.to_bytes(k, 16, 'big') cipher = AES.new(key, AES.MODE_ECB) with open('flag.enc', 'rb') as f: enc = f.read() flag = unpad(cipher.decrypt(enc).decode()) print(flag)
復号結果は以下の通り。
At first I was afraid, what could the answer be?
It said given this position find velocity.
So I tried to work it out, but I knew that I was wrong.
I struggled; I cried, "A problem shouldn't take this long!"
I tried to think, control my nerve.
It's evident that speed's tangential to that time-position curve.
This problem would be mine if I just knew that tangent line.
But what to do? Show me a sign!
So I thought back to Calculus.
Way back to Newton and to Leibniz,
And to problems just like this.
And just like that when I had given up all hope,
I said nope, there's just one way to find that slope.
And so now I, I will derive.
Find the derivative of x position with respect to time.
It's as easy as can be, just have to take dx/dt.
I will derive, I will derive. Hey, hey!
And then I went ahead to the second part.
But as I looked at it I wasn't sure quite how to start.
It was asking for the time at which velocity
Was at a maximum, and I was thinking "Woe is me."
But then I thought, this much I know.
I've gotta find acceleration, set it equal to zero.
Now if I only knew what the function was for a.
I guess I'm gonna have to solve for it someway.
So I thought back to Calculus.
Way back to Newton and to Leibniz,
And to problems just like this.
And just like that when I had given up all hope,
I said nope, there's just one way to find that slope.
And so now I, ptm{w3ak3r_vers1on_0f_DH} I will derive.
Find the derivative of velocity with respect to time.
It's as easy as can be, just have to take dv/dt.
I will derive, I will derive.
So I thought back to Calculus.
Way back to Newton and to Leibniz,
And to problems just like this.
And just like that when I had given up all hope,
I said nope, there's just one way to find that slope.
And so now I, I will derive.
Find the derivative of x position with respect to time.
It's as easy as can be, just have to take dx/dt.
I will derive, I will derive, I will derive!文中にフラグが書いてあった。
ptm{w3ak3r_vers1on_0f_DH}
