This article continues the series of challenges write ups from Cryptohack. This time we are going to look at the vulnerability in AES-CFB8 which lays in the heart of Logonzero vulnerability (CVE-202–1472). I will explain the essentials, but if you feel like you need some more details, read this paper. …

For this challenge we are provided with the source code for the API we can use:

We have the server source code and its network address. As usual, let’s examine the code: So the server allows us to perform two operations: generate token and verify token. We can generate token only once per connection but we can verify it as many times as we want…

Description So we have the server’s network address and the source code. Let’s examine the source code: First, this code generates two primes p and q. The generation function is pretty interesting: It sets p to 256-bit prime and q to p + 6 and then checks if p =…

For challenge we are provided with the server network address and its source code. Consider the source code: Here is the essentials of the source: There are two operations it can perform: sign and verify sign operation takes some hex string data as an input, calculates its signature and…

For this challenge we are provided with a source code one_time_beach.py and an encrypted file cipher.enc. Also we have a hint that the…

Foreword K3RN3L CTF was really cool this year, there were a lot of fascinating crypto challenges. Too bad, I was busy this weekend, so I only took a brief view on a couple of them and solved just one, which is the challenge I’m going to explain. Challenge description So we are given…

Analyzing the code For this challenge we are provided with the server network address and the source code: Let’s first look at the main function. It first generates some two values N and token. Then it prints us the N and each byte of the token encrypted by function encryptByte(b, N). After…

For this task we have the server source code and the server address. Let’s look inside the source code