Project maintained by dm248 Hosted on GitHub Pages — Theme by mattgraham

Some thoughts on b01lers CTF 2021

Apr 14, 2021

b01lers CTF 2021 happened about 10 days ago. I hope that each participant had a good time :) With the experience from last year, it went pretty much flawlessly IMO. The one small annoyance was that we had to stick with the Saturday start time that was originally announced by mistake. Plus that some hints had to be added eventually :P Five problems of mine made it in time before the cutoff. I was worried that five would not be enough but those fears were unfounded. Amazingly, all the pieces created by everyone else in the various categories fell rapidly into place right before the competition.

First I made Unlucky Strike, a straightforward padding oracle problem with a small twist. It always throws you an edge case, so it simulates getting one unlucky lottery ticket and your having to make the best of it. You must understand how the standard attack really goes because rerunning for a more favorable situation is unlikely to help.

Reasonable Security Ahead recycled a few by now popular RSA attack elements, namely, inferring the public key from ptxt-ctxt pairs, and mounting a related message attack. The menu option to encrypt arbitrary input was thrown in there to provide some superfluous functionality. You needed a bit of parallelism (“use resources wisely”) for reasonably quick results. My only regret is that I could not pick an exponent close to 31337 because that would have made the second stage way too slow :/

To me Double XOR was the most exciting idea this year. It was added relatively late because I first needed to break it :) I have no idea how the guys in polygl0ts did it, I used four-byte correlations and eventually employed n-gram log likelihoods. Totally doable (you will see more on that elsewhere). Baby Double XOR got created to give people a warm-up for the real one.

Bars, Windchests, Vocals was born because at the beginning of this year I finally gave in to a longtime desire, and started learning how to play the piano. Thanks to an old Mickey Rourke movie, the BWV578 fugue by Bach has been on my list of pieces to try (ok, ok, it is an organ piece but why not). BWV is a cool system, mapping integers to music. The reverse is somewhat more ambiguous than I thought - it turns out that some chorals correspond to a range of numbers. The fix was to supplement the scores with a couple math relations. It was pure luck that multiples of 100 arose so readily :D The flag had to be a bit funky because for clarity I steered clear of numbers below 100.

It was definitely a fun event from the organizers’ perspective as well. In retrospect, the main lesson for next year is to have a few hints prepared and ready to go for each challenge. And to announce dates more carefully :P Some minor CTFx fixes would also be handy (some of us might even implement those). See you next year!