H4CK1NG G00GL3 - Ep 005 Ch 002: Project Zero Adventure

Bleichenbacher strikes back again (and again).
H4CK1NG G00GL3 - Ep 005 Ch 002: Project Zero Adventure

HACKING GOOGLE is a documentary of Google’s cybersecurity teams and H4CK1NG G00GL3 is it’s CTF counterpart. Project Zero Adventure is a cryptography challenge I wrote.

In the game, the players control the Security Princess to dodge the obstacles and catch the bugs (a variant of Google Chrome’s dinosaur game). After that, the server will sign messages consisting of the players' name and the score via the /sign API. The players will then submit it to the /highscore API. If the score submitted to the highscore API is negative, they will be given the flag.

However, there is one catch: The server is only willing to sign the results with non-negative scores.

Read more →

Google CTF 2022: Maybe Someday

Google CTF 2022: Maybe Someday
This is the third year I had a writeup on Google CTF (see my writeup in 2020 and 2021). Yet this time it is the official writeup for a challenge - as the challenge author! There are eventually 35 solvers (out of 382 teams) for the challenge.
Read more →

MOCSCTF 2022 Postmortem

@blackb6a helped preparing some challenges for MOCSCTF, a 8.5-hour long CTF in Macau. This time I wrote nine challenges and @hoifanrd made one of them (3-AES). This blog post covers the intended solution for all of them.
Read more →

Firebird Internal CTF 2022 Writeup

This is the time that Firebird Internal CTF happens. I made three crypto challenges this year - Lack of Entropy (⭐), Authenticator (⭐⭐) and Collider (⭐⭐). I will discuss the solution for all of them in the blog post.
Read more →

HKCERT CTF 2021 Postmortem (IV): The Remaining Ones

HKCERT CTF 2021 Postmortem (IV): The Remaining Ones
We will cover the remaining challenges I wrote in this part: Flag Checker™, The Wilderness and Potion of Ciphermath.
Read more →

HKCERT CTF 2021 Postmortem (III): The Reverse Challenges

HKCERT CTF 2021 Postmortem (III): The Reverse Challenges
As the third part of the series, three reversing challenges will be included: The Hardest Path, A Junior Mathematician and Let’s Chill.
Read more →

HKCERT CTF 2021 Postmortem (II): Harder Crypto Challenges

HKCERT CTF 2021 Postmortem (II): Harder Crypto Challenges
In this part, three harder crypto challenges will be covered: Tenet: The Plagarism, Sratslla SEA and Sign in Please, Again.
Read more →

HKCERT CTF 2021 Postmortem (I): Easier Crypto Challenges

HKCERT CTF 2021 Postmortem (I): Easier Crypto Challenges

Black Bauhinia coorganized HKCERT CTF 2021 and helped 95% of the technical stuffs, including challenge setting, platform development, infrastructure and etc. I will be writing a series of blog posts talking about the contest, and the first four would be the writeups of the challenges those I wrote.

In the first blog post, we will be going through four easier crypto challenges: A Joke Cipher, Cipher Mode Picker, Key Backup Service 1 and Key Backup Service 2.

Read more →

HKCERT CTF 2020 Postmortem

HKCERT CTF 2020 Postmortem
On August 2020, @blackb6a was invited to co-organize HKCERT CTF 2020 (which is held on November 2020) as one of the challenge authors. This is a CTF for secondary and tertiary students in Hong Kong. Although I had experience preparing CTFs earlier, this is actually the first CTF officially prepared by Black Bauhinia. I have written four challenges for this CTF - Sanity Check II (Web), LF2 (Reverse), Sign In Please (Crypto) and Calm Down (Crypto). There will also be some stories behind the scenes.
Read more →

hoifanrd’s osu! Challenge

hoifanrd's osu! Challenge
This is a beginning of a new series of blog posts that I review CTF challenges those are not publicly accessible. Generally I will spend some time to solve the challenge while discussing with the author, and give some feedback of the challenge. To kick-start, let’s look at hoifanrd from Firebird CTF team has shared a challenge he created some days ago.
Read more →

Firebird Internal CTF 2021 Writeup

I have written four question for Firebird Internal CTF - Oofbleck (Crypto), Obvious Transfer (Crypto), RC4 (Misc) and Prooof-ooof-Wooork (Reverse, Misc). I will be including all of them in this blog post.
Read more →

Firebird Intro CTF: Rotten Secured Algorithm

Rotten Secured Algorithm is the only challenge that I have written for Firebird Intro CTF. Two people (out of 166) ended up solving the challenge. There is a Python script attached in the challenge, as well as the output file. Let’s see what’s going on in the Python…
Read more →