Skip to content Skip to navigation
01 Oct

Mining Your Rs and Ss (Crypto 500)


[To try to solve the task see an attachment below the writeup]

For this particular task we've been given some sort of CA to issue user certificates and authentication part to verify issued user certificate using SSL handshake. The main purpose according to the message provided after authentication is to login with certificate issued to the user named admin. There is no sense telling that one can not do this in ordinary way by requesting it from CA provided.

29 Sep

AES Broken (300)


This time we are given a rather long file, presumably ciphertext -- the result of AES transformation weak in some sort of way. After taking a look at it in Sublime we can't find anything wrong with it: indeed, Sublime does normally hang after us trying to make a full-text search through the file. Let's better make it binary and open in some lightweight hex editor.

29 Sep

Rolling Hash



def RabinKarpRollingHash( str, a, n ):
        result = 0
        l = len(str)
        for i in range(0, l):
                result += ord(str[i]) * a ** (l - i - 1) % n
        print "result = ", result

RabinKarpRollingHash(flag, 256, 10**30)

output is 
What is the flag?


25 Sep

xorcise (exploit 500)


We've got the following binary and its source code: xorcise.

$ file xorcise
xorcise: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked 
(uses shared libs), for GNU/Linux 2.6.32, not stripped

Looking attentively at source code you can find this interesting moment in decipher function:


Subscribe to BalalaikaCr3w RSS