SekaiCTF 2022 Challenges

Author: sahuang

README.md

@@ -1,2 +1,6 @@
-# sekaictf-2022
-Source code and writeup for SekaiCTF 2022. https://ctftime.org/event/1619
+# SekaiCTF 2022
+
+This repo contains source code and writeups for SekaiCTF 2022.
+
+## Challenges
+

crypto/README.md

@@ -0,0 +1,13 @@
+<img src="https://files.catbox.moe/lwcdks.svg" align="right" width=300>
+
+# Cryptography
+
+| Name                                                    | Author                                     | Difficulty | Solves                                         |
+|---------------------------------------------------------|--------------------------------------------|------------|-------------------------------------------------|
+| [Time Capsule](time-capsule/)                         | sahuang      | Easy (1)   | 178 |
+| [FaILProof](failproof/)                                 | deuterium | Normal (2) |   62                                              |
+| [Secure Image Encryption](secure-image-encryption/) | Yanhu1 & sahuang | Normal (2) |   49                                              |
+| [Diffecient](diffecient/)                               | deuterium | Hard (3) |  7                                               |
+| [EZMaze](ezmaze/)                                       | Utaha                                      | Hard (3)   |     11                                            |
+| [Robust CBC](robust-cbc/)                           | sahuang & Yanhu1 | Expert (4) |              10                                   |
+| [FaILProof Revenge](failproof-revenge/)               | deuterium | Expert (4) |   16                                              |

crypto/diffecient/README.md

@@ -0,0 +1,9 @@
+# diffecient
+
+## Description
+
+Welcome to the Diffecient Security Key Database API, for securely and efficiently saving tons of long security keys! Feel *free* to query your security keys, and pay a little to add your own to our state-of-the-art database.
+
+We trust our product so much that we even save our own keys here!
+
+**First Solve**: Maple Bacon

crypto/diffecient/challenge/Dockerfile

@@ -0,0 +1,19 @@
+FROM python:3.9-slim-buster
+
+RUN apt-get update && \
+    apt-get install -y lib32z1 xinetd && \
+    pip3 install requests mmh3 && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN useradd -m user && \
+    chown -R root:root /home/user
+
+COPY app /home/user/
+COPY xinetd /etc/xinetd.d/user
+
+WORKDIR /home/user
+
+EXPOSE 9999
+
+CMD ["/usr/sbin/xinetd", "-dontfork"]

crypto/diffecient/challenge/app/diffecient.py

@@ -0,0 +1,125 @@
+import math
+import random
+import re
+import mmh3
+
+def randbytes(n): return bytes ([random.randint(0,255) for i in range(n)])
+
+class BloomFilter:
+    def __init__(self, m, k, hash_func=mmh3.hash):
+        self.__m = m
+        self.__k = k
+        self.__i = 0
+        self.__digests = set()
+        self.hash = hash_func
+
+    def security(self):
+        false_positive = pow(
+            1 - pow(math.e, -self.__k * self.__i / self.__m), self.__k)
+        try:
+            return int(1 / false_positive).bit_length()
+        except (ZeroDivisionError, OverflowError):
+            return float('inf')
+
+    def _add(self, item):
+        self.__i += 1
+        for i in range(self.__k):
+            self.__digests.add(self.hash(item, i) % self.__m)
+
+    def check(self, item):
+        return all(self.hash(item, i) % self.__m in self.__digests
+                   for i in range(self.__k))
+
+    def num_passwords(self):
+        return self.__i
+
+    def memory_consumption(self):
+        return 4*len(self.__digests)
+
+
+class PasswordDB(BloomFilter):
+    def __init__(self, m, k, security, hash_func=mmh3.hash):
+        super().__init__(m, k, hash_func)
+        self.add_keys(security)
+        self.addition_quota = 1
+        self.added_keys = set()
+
+    def add_keys(self, thresh_security):
+        while self.security() > thresh_security:
+            self._add(randbytes(256))
+        print("Added {} security keys to DB".format(self.num_passwords()))
+        print("Original size of keys {} KB vs {} KB in DB".format(
+            self.num_passwords()//4, self.memory_consumption()//1024))
+
+    def check_admin(self, key):
+        if not re.match(b".{32,}", key):
+            print("Admin key should be atleast 32 characters long")
+            return False
+        if not re.match(b"(?=.*[a-z])", key):
+            print("Admin key should contain atleast 1 lowercase character")
+            return False
+        if not re.match(b"(?=.*[A-Z])", key):
+            print("Admin key should contain atleast 1 uppercase character")
+            return False
+        if not re.match(br"(?=.*\d)", key):
+            print("Admin key should contain atleast 1 digit character")
+            return False
+        if not re.match(br"(?=.*\W)", key):
+            print("Admin key should contain atleast 1 special character")
+            return False
+        if key in self.added_keys:
+            print("Admin account restricted for free tier")
+            return False
+        return self.check(key)
+
+    def query_db(self, key):
+        if self.check(key):
+            print("Key present in DB")
+        else:
+            print("Key not present in DB")
+
+    def add_sample(self, key):
+        if self.addition_quota > 0:
+            self._add(key)
+            self.added_keys.add(key)
+            self.addition_quota -= 1
+            print("key added successfully to DB")
+        else:
+            print("API quota exceeded")
+
+
+BANNER = r"""
+ ____  ____  ____  ____  ____  ___  ____  ____  _  _  ____
+(  _ \(_  _)( ___)( ___)( ___)/ __)(_  _)( ___)( \( )(_  _)
+ )(_) )_)(_  )__)  )__)  )__)( (__  _)(_  )__)  )  (   )(
+(____/(____)(__)  (__)  (____)\___)(____)(____)(_)\_) (__)
+
+Welcome to diffecient security key database API for securely
+and efficiently saving tonnes of long security keys!
+Feel FREE to query your security keys and pay a little to
+add your own security keys to our state of the art DB!
+We trust our product so much that we even save our own keys here
+"""
+print(BANNER)
+PASSWORD_DB = PasswordDB(2**32 - 5, 47, 768, mmh3.hash)
+while True:
+    try:
+        option = int(input("Enter API option:\n"))
+        if option == 1:
+            key = bytes.fromhex(input("Enter key in hex\n"))
+            PASSWORD_DB.query_db(key)
+        elif option == 2:
+            key = bytes.fromhex(input("Enter key in hex\n"))
+            PASSWORD_DB.add_sample(key)
+        elif option == 3:
+            key = bytes.fromhex(input("Enter key in hex\n"))
+            if PASSWORD_DB.check_admin(key):
+                from flag import flag
+                print(flag)
+            else:
+                print("No Admin no flag")
+        elif option == 4:
+            exit(0)
+    except:
+        print("Something wrong happened")
+        exit(1)

crypto/diffecient/challenge/app/flag.py

@@ -0,0 +1 @@
+flag = b'SEKAI{56f066a1b13fd350ac4a4889efe22cb1825651843e9d0ccae0f87844d1d65190}'

crypto/diffecient/challenge/xinetd

@@ -0,0 +1,12 @@
+service challenge
+{
+    disable     = no
+    type        = UNLISTED
+    socket_type = stream
+    protocol    = tcp
+    port        = 9999
+    wait        = no
+    user        = user
+    server      = /usr/local/bin/python
+    server_args = /home/user/diffecient.py
+}

crypto/diffecient/solution/solve.py

@@ -0,0 +1,61 @@
+import mmh3
+import pwn
+
+
+def forward_block(block):
+    """
+    initial transformation of 4 byte block in murmurhash3
+    """
+    n = int.from_bytes(block, 'little')
+    n = (n * 0xcc9e2d51) & 0xffffffff
+    n = (n >> 17) | (n << 15) & 0xffffffff
+    n = (n * 0x1b873593) & 0xffffffff
+    return n.to_bytes(4, 'little')
+
+
+def invert_block(block):
+    """
+    invert a 4 byte block in murmurhash3
+    """
+    n = int.from_bytes(block, 'little')
+    n = (n * 0x56ed309b) & 0xffffffff
+    n = (n >> 15) | (n << 17) & 0xffffffff
+    n = (n * 0xdee13bb1) & 0xffffffff
+    return n.to_bytes(4, 'little')
+
+
+def forward(blocks):
+    """
+    forward_block applied to all 4 byte chunks
+    """
+    return b''.join(forward_block(blocks[i:i + 4])
+                    for i in range(0, len(blocks), 4))
+
+
+def invert(blocks):
+    """
+    invert applied to all 4 byte chunks
+    """
+    return b''.join(invert_block(blocks[i:i + 4])
+                    for i in range(0, len(blocks), 4))
+
+
+DIFF = b'\x00\x00\x04\x00\x00\x00\x00\x80'
+
+
+def collision8(text):
+    return invert(bytes(i ^ j for i, j in zip(DIFF, forward(text))))
+
+
+sample_valid_password = b'A' * 28 + b'Aa1!'
+sample_colliding_password = collision8(
+    sample_valid_password[:8]) + sample_valid_password[8:]
+
+HOST, PORT = "challs.ctf.sekai.team", 3003
+REM = pwn.remote(HOST, PORT)
+REM.sendline('2') # store sample key
+REM.sendline(sample_colliding_password.hex())
+REM.sendline('3') # claim flag
+REM.sendline(sample_valid_password.hex())
+REM.sendline('4') # exit
+print(REM.recvall().decode())

crypto/ezmaze/README.md

@@ -0,0 +1,7 @@
+# EZMaze
+
+## Description
+
+Can you escape the Maze? OwO  
+
+**First Solve**: Black Bauhinia

crypto/ezmaze/challenge/Dockerfile

@@ -0,0 +1,21 @@
+FROM python:3.9-slim-buster
+
+RUN apt-get update && \
+    apt-get install -y lib32z1 xinetd && \
+    pip3 install requests mmh3 && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN pip3 install pycryptodome
+
+RUN useradd -m user && \
+    chown -R root:root /home/user
+
+ADD app /home/user/
+COPY xinetd /etc/xinetd.d/user
+
+WORKDIR /home/user
+
+EXPOSE 9999
+
+CMD ["/usr/sbin/xinetd", "-dontfork"]

crypto/ezmaze/challenge/app/chall.py

@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+import os
+import random
+from Crypto.Util.number import *
+
+from flag import flag
+
+directions = "LRUD"
+SOLUTION_LEN = 64
+
+def toPath(x: int):
+	s = bin(x)[2:]
+	if len(s) % 2 == 1:
+		s = "0" + s
+
+	path = ""
+	for i in range(0, len(s), 2):
+		path += directions[int(s[i:i+2], 2)]
+	return path
+
+def toInt(p: str):
+	ret = 0
+	for d in p:
+		ret = ret * 4 + directions.index(d)
+	return ret
+
+def final_position(path: str):
+	return (path.count("R") - path.count("L"), path.count("U") - path.count("D"))
+
+class RSA():
+	def __init__(self):
+		self.p = getPrime(512)
+		self.q = getPrime(512)
+		self.n = self.p * self.q
+		self.phi = (self.p - 1) * (self.q - 1)
+		self.e = 65537
+		self.d = pow(self.e, -1, self.phi)
+
+	def encrypt(self, m: int):
+		return pow(m, self.e, self.n)
+
+	def decrypt(self, c: int):
+		return pow(c, self.d, self.n)
+
+def main():
+	solution = "".join([random.choice(directions) for _ in range(SOLUTION_LEN)])
+	sol_int = toInt(solution)
+	print("I have the solution of the maze, but I'm not gonna tell you OwO.")
+
+	rsa = RSA()
+	print(f"n = {rsa.n}")
+	print(f"e = {rsa.e}")
+	print(hex(rsa.encrypt(sol_int)))
+
+	while True:
+		try:
+			opt = int(input("Options: 1. Decrypt 2. Check answer.\n"))
+			if opt == 1:
+				c = int(input("Ciphertext in hex: "), 16)
+				path = toPath(rsa.decrypt(c))
+				print(final_position(path))
+			elif opt == 2:
+				path = input("Solution: ").strip()
+				if path == solution:
+					print(flag)
+				else:
+					print("Wrong solution.")
+					exit(0)
+			else:
+				print("Invalid option.")
+				exit(0)
+		except:
+			exit(0)
+
+if __name__ == "__main__":
+	main()

crypto/ezmaze/challenge/app/flag.py

@@ -0,0 +1 @@
+flag = b"SEKAI{parity_reveals_everything_:<_8f1261a517796b4d}"

crypto/ezmaze/challenge/xinetd

@@ -0,0 +1,12 @@
+service challenge
+{
+    disable     = no
+    type        = UNLISTED
+    socket_type = stream
+    protocol    = tcp
+    port        = 9999
+    wait        = no
+    user        = user
+    server      = /usr/local/bin/python
+    server_args = /home/user/chall.py
+}

crypto/ezmaze/solution/README.md

@@ -0,0 +1,3 @@
+# Writeup
+
+https://hackmd.io/@Utaha1228/r1TGg7t-s