ASIS CTF Final 2019

Overall, this was a fun hunt. The crypto puzzles were really neat, and we managed to crack a few. However, we didn't have enough experience in tackling the rest, especially the Web and Pwnable puzzles.

We first document a little script we used for the Proof-of-Work required for some puzzles.

using Pkg; Pkg.add.(["SHA", "MD5"])

using SHA, MD5

function POW(Len, Hash, Code)

    Guess = String(rand('0':'z', Len))

    while bytes2hex(Hash(Guess))[end-5:end] != Code

        Guess = String(rand('0':'z', Len))

    end

    println(Guess)

end

Puzzles

Here are the puzzles we found interesting.

Crypto Puzzles

In general, the Crypto puzzles were at a moderate difficulty and very interesting and good for like a fairly new team like us.

In the puzzles Serifin and Primordial, we are faced with RSA-like encryption and had to exploit the bad generation of the primes in the private key.

For Bit game, we were given $m^2 \pmod{N}$ where $m$ is our secret key. The difficulties lie in the fact that $N$ is not prime.

We didn't manage to solve the following two puzzles during the contest, but we upsolved it later.

In Golden Delicious, we had to solve an Elliptic Curve Discrete Logarithm and here we achieve it by exploiting a poorly chosen elliptic curve.

Finally, in Ema's secret, we had to exploit a Known Plaintext attack in order to leak the secret keys.

Reverse Puzzles

In the puzzle Cursed app, we were given a binary, and needed to find a string in which it accepts. Here, we used a symbolic execution engine to help us find this string.