Home
Riccardo Invernizzi (r98inver)
Cancel

DeadSec CTF - Loud(s)

We are given some CRT reminders modulo primes of a secret number, together with some fake values. To recover the number, for small instances a simple brute-force solution is enough; for the easy la...

Gurobi Showcase 2 - TSP and Lazy Constraints

This is the second post about the Gurobi solver. We will explore a functionality called lazy constraints: instead of providing all the constraints to the solver at the beginning, we will start solv...

Gurobi Showcase 1 - Sudoku

I recently gave a talk at the Solving Polynomial Systems seminar about Linear Convex Optimization and the Gurobi software (here part of the material presented). Gurobi is a state-of-the-art optimiz...

KalamarCTF - OTP

Two interesting challenges about OneTimePassword (OTP) encription. In both cases we have a key reuse, which allows us to reduce to breaking single-key-xor in an obvious (BabyOTP) and less obvious (...

TetCTF - Casino 2

We bet on a casino that implements the Golang PRNG. From truncated outputs we can (almost) reconstruct the internal state. By winning with high frequency we are able to exponentially increase our b...

HexaHue Decoder

As part of a challenge in the Damncon 2022 CTF, I had to decode the follownig image: This is clearly the Hexahue Cipher. However, not without surprise, I could not find any automatic image decod...

Reply - EmoGigi

An emoji search webpage is vulnerable to sql injection due to incorrect sanitizing of unicode characters. I solved this challenge together whit @Teuler27. Event Link: Reply CyberSecurity Chall...