https://r98inver.github.io/Riccardo Invernizzi (r98inver)Personal website of Riccardo Invernizzi, math stutent ad KU Leuven. 2023-09-08T19:00:22+02:00 Riccardo Invernizzi https://r98inver.github.io/ Jekyll © 2023 Riccardo Invernizzi /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png SekaiCTF - CryptoGRAPHy Series2023-08-27T14:00:00+02:00 2023-08-29T17:47:59+02:00 https://r98inver.github.io/posts/cryptography-series/ Riccardo Invernizzi We face an implementation of a Graph Encryption Scheme (GAS) for Shortest Path queries. The challenge consists in three levels: in the first one we are given the key, and we just have to decrypt the paths. For the second one we can perform arbitrary queries and we have to use them to leak the structure of the graph. The third and final step is to implement query recovery knowing the tokens of a... CCCamp - SeeBeeSee2023-08-18T15:00:00+02:00 2023-08-18T15:00:00+02:00 https://r98inver.github.io/posts/cccamp-seebeesee/ Riccardo Invernizzi The server accepts encrypted text, decrypts it using AES-CBC and an unknown key, and executes it. We are provided a sample script, that we can tamper in different points in order to get the key and hence arbitrary code execution. Event Link: CCCamp 2023 Challenge Description The server gives us access to two important functions. The first one is the runscript function: def runscript(dat... HTB Business CTF - Vitrium Stash2023-07-17T15:00:00+02:00 2023-08-19T00:06:47+02:00 https://r98inver.github.io/posts/htb-vitrium/ Riccardo Invernizzi We have to forge a DSA signature for the admin being able to ask the server a signature for an arbitrary username. We exploit the fact that the message is not hashed in the signature, and hence find two messages that are equal mod q giving us a valid signature. I solved this challenge together with @robin. Event Link: HTB Business CTF 2023 The full solution scripts is composed by: ... DeadSec CTF - Loud(s)2023-05-21T15:00:00+02:00 2023-05-22T10:13:24+02:00 https://r98inver.github.io/posts/dead-louds/ Riccardo Invernizzi We are given some CRT reminders modulo primes of a secret number, together with some fake values. To recover the number, for small instances a simple brute-force solution is enough; for the easy larger instance we can do that using the Coppersmith Method, which however fails for the harder one. Event Link: DeadSec CTF Step 1 - Brute-force The first wave of challenges included two related... Gurobi Showcase 2 - TSP and Lazy Constraints2023-05-06T22:00:00+02:00 2023-09-08T18:59:56+02:00 https://r98inver.github.io/posts/gurobi-tsp/ Riccardo Invernizzi This is the second post about the Gurobi solver. We will explore a functionality called lazy constraints: instead of providing all the constraints to the solver at the beginning, we will start solving a relaxed version of the problem. Every time we find a temporary solution, we incrementally add the constraints violated by that solution. Thanks to the dual simplex method, adding constraints can...