https://r98inver.github.io/Riccardo Invernizzi (r98inver)Personal website of Riccardo Invernizzi, math stutent ad KU Leuven. 2023-12-11T13:52:11+01:00 Riccardo Invernizzi https://r98inver.github.io/ Jekyll © 2023 Riccardo Invernizzi /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png HTB University CTF - mayday-mayday2023-12-11T11:00:00+01:00 2023-12-11T11:00:00+01:00 https://r98inver.github.io/posts/htb-mayday/ Riccardo Invernizzi An RSA challenge with leakage of MSB from the CRT exponents of the private key. The parameters allow an attack described in a paper by May (hinted by the title), Nowakowski and Sarkar leveraging the Coppersmith method to recover the key. Challenge Description The challenge setting is quite simple. We have a Crypto class defining some parameters: self.bits = bits self.alpha = 1/9 self.delta =... 0ctf - DoubleRSA2023-12-11T10:00:00+01:00 2023-12-11T10:00:00+01:00 https://r98inver.github.io/posts/zero-drsa/ Riccardo Invernizzi An RSA challenge where the encryption is performed by both Alice and Bob with some extra noise, and we have different information on each one and some oracle calls. The solution relies on efficient DLP computation and some tricks to increase the success probability. Challenge Description We have two main actors, alice and bob. After passing a simple proof of work, we are asked to provide two ... LakeCTF - keyshare2023-11-05T19:00:00+01:00 2023-11-05T19:00:00+01:00 https://r98inver.github.io/posts/lake-keyshare/ Riccardo Invernizzi A custom implementation of EC keysharing does not check if the provided public key lies on the curve. Due to the limited number of queries we have to find points of high enough order, and we can recover the flag. Challenge Description The challenge implements an elliptic curve key exchange protocol. First of all, the Curve and Point classes are defined. Everything is quite standard, except fr... TeamItaly CTF - BigRSA2023-10-01T14:00:00+02:00 2023-10-09T15:30:40+02:00 https://r98inver.github.io/posts/teamitaly-bigrsa/ Riccardo Invernizzi We have to solve RSA with a leak from which we can recover quite easily $ed - 1$. Event Link: TeamItaly CTF 2023 Challenge Description First of all, we have a weird keygen function: p, q = getStrongPrime(1024), getStrongPrime(1024) def RSAgen(e = None): d = 0 if not e: while(d.bit_length() < 2047): e = getPrime(2047) d = pow(e, -1, (p-1)*(q-1)... DownUnder CTF - FNV2023-09-12T14:00:00+02:00 2023-09-30T13:59:52+02:00 https://r98inver.github.io/posts/du-fnv/ Riccardo Invernizzi We have to provide a string that matches a specific value when hashed with FNV. Z3 is able to directly solve the challenge, if used carefully. Event Link: DownUnder CTF 2023 Challenge Description The challenge consists in a simple implementation of FNV hash: def fnv1(s): h = 0xcbf29ce484222325 for b in s: print(f'{b = }') h *= 0x00000100000001b3 h &= 0xffffffffffffffff prin...