DownUnderCTF 2023 Writeup
Bauhinia CTF 2023: How to Stop Time

After four years of team formation, we organized our first edition of Bauhinia CTF last weekend. There are over 650 teams registered and over 200 teams scored. This year, I made one crypto challenge, How to Stop Time. I also coauthored a web/crypto challenge, Amnesia, with @chthollic_.
This post is served as a short writeup of How to Stop Time, a crypto challenge with six solves during the contest period.
Google CTF 2023: MHK2
idekCTF 2022* Writeup
idekCTF 2022* definitely has a fun and inspiring set of cryptography challenges. I played with @blackb6a and we solved 8 of the 10 crypto challenges.
In this blog post, I’ll include my solution on three of them: Primonumerophobia (10 solves), Chronophobia (5 solves) and Decidophobia (3 solves).
Firebird Internal CTF 2023 Writeup

Like in 2021 and 2022, I contributed some challenges for Firebird’s internal CTF, which are from the Hong Kong University of Science and Technology. This time I wrote three crypto challenges: Randomsum, Shelter and Threerider.
There were 24 teams participating. There were three solves for Randomsum, while Shelter and Threerider were unsolved during the CTF.
HKCERT CTF 2022 Postmortem (II): Harder Crypto Challenges

HKCERT CTF 2022 Postmortem (I): Easier Crypto Challenges

This is the third year Black Bauhinia co-organized HKCERT CTF. This time I wrote nine challenges: Seven crypto, one reverse and one misc.
Similar to the last year, I have a series of three blog posts walking through the challenges that I wrote. We will discuss the four easier crypto challenges: Flawed ElGamal, Catch-22, Rogue Secret Assistant and Base64 encryption.
H4CK1NG G00GL3 - Ep 005 Ch 002: Project Zero Adventure
Bleichenbacher strikes back again (and again).

HACKING GOOGLE is a documentary of Google’s cybersecurity teams and H4CK1NG G00GL3 is it’s CTF counterpart. Project Zero Adventure is a cryptography challenge I wrote.
In the game, the players control the Security Princess to dodge the obstacles and catch the bugs (a variant of Google Chrome’s dinosaur game). After that, the server will sign messages consisting of the players' name and the score via the /sign
API. The players will then submit it to the /highscore
API. If the score submitted to the highscore API is negative, they will be given the flag.
However, there is one catch: The server is only willing to sign the results with non-negative scores.
BalsnCTF 2022 Writeup

vss is an interesting crypto challenge in BalsnCTF, which ended up having 9 solves. I took around 2.5 hours to solve the challenge. This challenge reminds me the yet another PRNG challenge from pbctf 2021, but with a setting which looked harder. I was pretty surprised that LLL worked, too.
lfsr is another crypto challenge in BalsnCTF with 6 solves. In the challenge, the output bits are computed nonlinearly from the LFSR states. Given that I knew almost nothing about LFSR, I just came up with the attack by myself… Well, I am not quite a paper guy and I couldn’t read.
Google CTF 2022: Maybe Someday

TSJ CTF 2022 (II): Signature
Breaking 256-bit ECDSA with $k = z \oplus d$ with only six signatures.
TSJ CTF 2022 (I): Cipher Switching Service

@blackb6a played TSJ CTF and CODEGATE CTF this weekend. Both of the CTFs had a bunch of epic (and hard-ish) crypto challenges, which made our head scratched for days.
We were two points behind @balsnctf few minutes before the game ends and I found one more flag. It is proud to tell that we won TSJ CTF 🎉!
Anyway, I will compile writeups for (at least) three challenges for TSJ CTF, namely Cipher Switching Service, Signature and Genie. I will go through Cipher Switching Service as the first part of the series.
DiceCTF 2022 (I): commitment-issues

DiceCTF is an annual CTF competition prepared by @dicegangctf. The challenges are great and we had a lot of fun solving them. I might be compiling writeup for a number of them, which depends if I had time.
I will first cover on a crypto challenge called commitment-issues, which had 16 solves (out of 1127 participating teams). @grhkm2023 and I spent a good 3 to 4 hours working on this challenge.
Firebird Internal CTF 2022 Writeup
Dragon CTF 2021: CRC Recursive Challenge (Warmup)

Balsn CTF 2021: dlog
pow
method. @grhkm2023 and I spent a lot of time working on this challenge. Although we did not solve it, we actually learned a lot from the challenge and lost a pile of hair (maybe it is just me).
HKCERT CTF 2021 Postmortem (II): Harder Crypto Challenges

HKCERT CTF 2021 Postmortem (I): Easier Crypto Challenges

Black Bauhinia coorganized HKCERT CTF 2021 and helped 95% of the technical stuffs, including challenge setting, platform development, infrastructure and etc. I will be writing a series of blog posts talking about the contest, and the first four would be the writeups of the challenges those I wrote.
In the first blog post, we will be going through four easier crypto challenges: A Joke Cipher, Cipher Mode Picker, Key Backup Service 1 and Key Backup Service 2.
BSides Ahmedabad CTF 2021 Writeup

No, we did not win. I see that coming and took a screenshot during the game.
BSides Ahmedabad CTF 2021 is organized by @zer0pts. That implies that players could spend a day happily working on the challenges. I enjoyed working on the challenges a lot. I’ll go through the harder crypto challenges and the reversing challenge called Collapsed License in this blog post.
pbctf 2021: Seed Me & Yet Another RSA

I am playing as a part of @blackb6a this time for perfect blue’s annual pbctf. This time there are six crypto challenges and I first blooded 🩸 half of them. I solved five of them, and collaborated with TWY (who made 99% of the process) for Seed Me. In this blog post, I will cover Seed Me and Yet Another RSA. I tried to make the whole post beginner friendly, hence included more details than necessary.
I was originally going to discuss all of the crypto challenges, but I found it is too demanding and tiring.
Google CTF 2021 Quals Writeup

PlaidCTF 2021: Leaky Block Cipher

PlaidCTF this year had very insane challenges. Although I have spent a lot of time working on those crypto challenges, I was only able to solve leaky block cipher.
This completely legitimate™ block cipher looks a bit like GCM, but my computer plumber keeps complaining about water residue. Can you help me spot the leak? The challenge has a hand-crafted AEAD scheme. We are required to go through 20 rounds of challenges, and this is how each round proceeds…
ångstromCTF 2021: Cache Money

I played ångstromCTF 2021 for @blackb6a to spend my Easter holiday. I solved most of the reverse and cryptography challenges alone. In particular, Cache Money is one of the harder crypto challenges that I spent more than one day dealing with. It is very rewarding, and eventually four teams ended up solving it.
This challenge reimplements the Advanced Encryption Standard (AES) on 128, 192 and 256-bit keys. The encryptor is equipped with caches and we are given a service to encrypt (or decrypt) our messages. In short, there are four oracles provided by the service ($k_0$ is the fixed secret key and $b \in \{128, 192, 256\}$).
Aero CTF 2021 Writeup

kurenaif 1K Subscriptions Challenges

DiceCTF 2021 Writeup (I)

justCTF 2020: Oracles

Firebird Internal CTF 2021 Writeup
TetCTF 2021: unevaluated
hxp CTF 2020: Hyper
Dragon CTF 2020 Writeup

Firebird Intro CTF: Rotten Secured Algorithm
Google CTF 2020: Oracle
I was teamed-up with @blackb6a on Google CTF this time. I have solved 7 challenges alone and 3 challenges with my teammates.
In particular, Oracle is a crypto challenge with 13 solves. It has got me spending 12 hours. All in all, it was a great experience in terms of learning, but my liver hurts. This piece of writeup may be very computation intensive, just because I would like to make everything clear.
UIUCTF 2020: nookcrypt
nookcrypt is a netcat service that have no source code released. There are two functions exposed:
- Gets an encrypted copy of the flag (and the message hello world).
- Encrypts an arbitrary message.
De1CTF 2020 Writeup
I was teamed up with @shellphish this time for De1CTF. During the game, I have solved 5 (out of 7) cryptography challenges individually, and a reverse challenge and a misc challenge in cooperation with DuSu and fs0c.
I said that I’ll commit the solution scripts to my Github after I have managed to prettify them. It never happened. I will not make the same promise again.
De1CTF 2019 Writeup
It has been a very long time that I’ve compiled a writeup. This time I have played on my own as @blackb6a. Let me write on some particular interesting ideas that I have learnt in the challenges. Bear with me if you find this writeup too math-intensive.
The solution scripts will be committed to my Github repository sooner or later, after I’ve managed to prettify them.