Arkavidia quals

sayang sekali 2 chall nyaris solve

28/151

Name	Category	Status
Wibu	Reverse Engineering	Solved
Beta Token	Web	Solved
TabTabiTab	Web	Upsolved
Weird Format	Cryptography	Solved

1

Wibu

Katanya di ITB banyak wibunya.

Author: msfir

Starting off the chall is interesting we were given an elixir executable if im not wrong so after studying i found out that we can compile the code using Eshell

but the code was not that nice to understand so i changed decompilers and i found out that we can use a tool called decompilerl so i went and used that

now the codes are more readable and the encryption function is below what i screenshotted but its pretty simple so we can just reverse the process of encrypting the txt file given

2

Beta Token

Zagreus meet Sisyphus on his way to Olympus and befriended Him. One day, Sisyphus shared a secret to Zagreus. He claimed that this secret was told to him by his Boulder. When Zagreus heard of this secret he merely said, "What a weak secret, anyone can guess that."

Author: BoredAngel

starting off the challenge we can check out some interesting endpoints including the flag endpoint which checks if we are an admin or not

after i logged in i noticed that the website uses a JWT token thats interesting to i immediately went to the flag endpoint the make the algo to none and changed my role to ADMIN but it didnt seem to work

i remembered i read something similar to this there was a possibility that the secret for the token could be bruteforced so i immediately tried to bruteforce the secret for the token

we actually managed to bruteforced the secret for the jwt this means we can easily craft the admin token and guess what

we solved the challenge

3

TabTabiTab

Tab tabi tab tab tabi tab tab tabi tab tab tabali

Author: um

I upsolved this challenge i was too overthinking at the competition so i couldnt even think straight but sadly the chall was actually super easy i just didnt notice

so the chall basiclly reflects the user login to the cookie if you noticed and if you tried sqlis can actually work this is actually the challenge we can just do a simple sqli and find the table name and i found a flagz_is_here thing i forgot the correct table name but you get it so we can just select the flagz from that table and check out the flask session

4

Weird Format

Have you studied discrete mathematics ⊂(◉‿◉)つ

Author: Etynso

one of the most fun challenge to understand for me

from Crypto.Util.number import bytes_to_long, getPrime
from Crypto.Random.random import randint
import signal

with open("flag.txt", "r") as f :
    FLAG = f.read().encode()

p, q = getPrime(384), getPrime(384)
n = p*q

g, r1, r2 = randint(2, n), randint(2, n), randint(2, n)
g1 = pow(g, r1 * (p - 1), n)
g2 = pow(g, r2 * (q - 1), n)

def encrypt(m) :
    assert (0 <= m < n)
    s1, s2 = randint(2, n), randint(2, n)
    c1 = (m * pow(g1, s1, n)) % n
    c2 = (m * pow(g2, s2, n)) % n
    return c1, c2

def encrypt_service() :
    m = int(input("Plaintext: "))
    assert (0 <= m < n)
    c1, c2 = encrypt(m)
    print(f"Encrypted: {(c1, c2)}")

options = ["Encrypt", "Decrypt", "Exit"]
def menu() :
    [print(f"{i + 1}. {opt}") for i, opt in enumerate(options)]

def main() :
    print(f"Encrypted Flag: {encrypt(bytes_to_long(FLAG))}")

    while True :
        menu()
        choice = int(input(">> "))
        if choice == 1 :
            encrypt_service()
        elif choice == 2 :
            print("Do it yourself :D")
        elif choice == 3:
            print("Kay Bye")
            exit()
        else :
            raise IndexError()

if __name__ == "__main__" :
    try :
        main()
    except :
        print("Uh Oh")
        exit()

this chall uses a very large N and it uses 2 C

Encryption algorithm :

g1 = g^(r1*(p - 1)) mod n

g2 = g^(r2*(q - 1)) mod n

c1 = (m * g1^s1) mod n

c2 = (m * g2^s2) mod n

s1 s2 are a random number generated g, p and q aswell

so we were given the power of doing an encryption ourselves this will help plenty cause we can just use m = 1 then we can simplify the encryption to

c1 = g1^s1 mod n

c2 = g2^s2 mod n

so just because c1 and c2 are congruent modulo we could actually find the p and q just by doing a simple gcd

now that we have both the p and q we can just use crt to find the m for below

c1 = m mod p

c2 = m mod q

then we could extract the flag

from pwn import *
import re
from math import gcd
from Crypto.Util.number import *

def crt(a, b, p, q):
    inv_q = pow(q, -1, p)
    inv_p = pow(p, -1, q)
    x = (a * q * inv_q + b * p * inv_p) % (p * q)
    return x

r = remote('20.195.43.216', 8555)

r.recvuntil(b"Encrypted Flag: ")
encrypted_flag_line = r.recvline().decode().strip()
c1_flag, c2_flag = map(int, re.findall(r'\d+', encrypted_flag_line))

c1_list, c2_list = [], []
for _ in range(5):
    r.sendlineafter(b">> ", b"1") 
    r.sendlineafter(b"Plaintext: ", b"1")
    r.recvuntil(b"Encrypted: ")
    ct_line = r.recvline().decode().strip()
    c1, c2 = map(int, re.findall(r'\d+', ct_line))
    c1_list.append(c1)
    c2_list.append(c2)

p = c1_list[0] - 1
for c1 in c1_list[1:]:
    p = gcd(p, c1 - 1)

q = c2_list[0] - 1
for c2 in c2_list[1:]:
    q = gcd(q, c2 - 1)

m_p = c1_flag % p
m_q = c2_flag % q
flag = crt(m_p, m_q, p, q)

print("Flag:", long_to_bytes(flag).decode())