Merge branch 'main' of https://github.com/TheWinRaRs/RaRCTF2021-Chall…

…enges-Public

Tango pull

crypto/PsychECC/README.md

@@ -0,0 +1,3 @@
+# PsychECC
+## Crypto
+### Flag: rarctf{w0ah_str4ight_cl41r0v0y4nc3!!_8119733d69}

crypto/PsychECC/solve.sage

@@ -0,0 +1,13 @@
+p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
+order = 115792089210356248762697446949407573529996955224135760342422259061068512044369
+a = -3
+b = 41058363725152142129326129780047268409114441015993725554835256314039467401291
+E = EllipticCurve(GF(p),[a,3]) # our evil, invalid curve
+# Order is 115792089210356248762697446949407573529995394580452997270780266901612618829008
+# One of the factors is 3
+P = E.gens()[0]
+print(P)
+_p_=P*ZZ(E.order()/3) # This makes the order of _p_ be 3, so we have an incredibly high chance of success.
+print(_p_.order())
+print(f"Choice point: {_p_}")
+print(f"Predict point: {_p_*2}")

crypto/PsychECC/src/secret.py

@@ -0,0 +1 @@
+flag = "rarctf{w0ah_str4ight_cl41r0v0y4nc3!!_8119733d69}"

crypto/PsychECC/src/server.py

@@ -0,0 +1,70 @@
+from collections import namedtuple
+import random
+from secret import flag
+from Crypto.Util.number import inverse
+def moddiv(x,y,p):
+    return (x * inverse(y,p)) %p
+Point = namedtuple("Point","x y")
+class EllipticCurve:
+    INF = Point(0,0)
+    def __init__(self, a, b, p):
+        self.a = a
+        self.b = b
+        self.p = p
+    def add(self,P,Q):
+        if P == self.INF:
+            return Q
+        elif Q == self.INF:
+            return P
+
+        if P.x == Q.x and P.y == (-Q.y % self.p):
+            return self.INF
+        if P != Q:
+            Lambda = moddiv(Q.y - P.y, Q.x - P.x, self.p)
+        else:
+            Lambda = moddiv(3 * P.x**2 + self.a,2 * P.y , self.p)
+        Rx = (Lambda**2 - P.x - Q.x) % self.p
+        Ry = (Lambda * (P.x - Rx) - P.y) % self.p
+        return Point(Rx,Ry)
+    def multiply(self,P,n):
+        n %= self.p
+        if n != abs(n):
+            ans = self.multiply(P,abs(n))
+            return Point(ans.x, -ans.y % p)
+        R = self.INF
+        while n > 0:
+            if n % 2 == 1:
+                R = self.add(R,P)
+            P = self.add(P,P)
+            n = n // 2
+        return R
+# P256 parameters, secure.
+p = 115792089210356248762697446949407573530086143415290314195533631308867097853951
+order = 115792089210356248762697446949407573529996955224135760342422259061068512044369
+a = -3
+b = 41058363725152142129326129780047268409114441015993725554835256314039467401291
+E = EllipticCurve(a,b,p)
+print("Welcome to my prediction centre!")
+print("We're always looking out for psychics!")
+print("We're gonna choose a random number. You get to choose a point. We'll multiply that point by our random number.")
+print("Since this curve is of perfect and prime order, it'll be impossible to break this test.")
+print("Only a psychic could know!")
+print("Be psychic, get the flag.")
+x = int(input("Enter point x: "))
+y = int(input("Enter point y: "))
+P = Point(x,y)
+n = random.randint(1,order)
+Q = E.multiply(P,n)
+print("Ok, where do you think the point will go?")
+px = int(input("Enter point x: "))
+py = int(input("Enter point y: "))
+prediction = Point(px,py)
+if prediction == E.INF or prediction == P:
+    print("Psychics don't use dirty tricks.")
+    quit()
+if prediction == Q:
+    print("Wow! You're truly psychic!")
+    print(flag)
+    quit()
+print("Better luck next time.")
+print(f"Point was {Q}")

misc/IronOxide/README.md

@@ -0,0 +1,3 @@
+# Iron(III) Oxide
+## Misc
+### Flag: rarctf{w3lc0me_t0_th3_l4b!!!_30bb2505d5}

misc/IronOxide/solve.py

@@ -0,0 +1,90 @@
+from pwn import *
+while True:
+    p = process("./IronOxide") if not args.REMOTE else remote(args.HOST, int(args.PORT))
+    import itertools
+    from functools import reduce
+    data = []
+    sign = lambda x: 0 if x == 0 else x // abs(x)
+    from operator import add
+    from functools import reduce
+    for i in range(25):
+        idx = 0
+        data.append({})
+        for _ in range(24):
+            p.recvuntil(f": ")
+            if idx == i:
+                idx += 1
+            output = p.recvline()[:-1].decode().split(", ")
+            output[1] = int(output[1])
+            output[2] = float(output[2] if output[2] != 'NaN' else '0')
+            data[i][idx] = output
+            idx += 1
+    elemprops = []
+    with open("elemprops.csv") as csvfile:
+        csvfile.readline()
+        for i,line in enumerate(csvfile.readlines()[:62]):
+            line = line[:-1].split(',')
+            elemprops.append({"number": int(line[0]), "symbol": line[1], "valence": int(line[2]),
+            "electroneg": float(line[3])})
+
+
+    numbercombos = {}
+    for combo in itertools.product(range(1,63),repeat=2):
+        diff = abs(combo[0] - combo[1])
+        if diff in numbercombos.keys():
+            numbercombos[diff].append(combo)
+        else:
+            numbercombos[diff] = [combo]
+    bondcombos = {}
+    for combo in itertools.product(range(1,63),repeat=2):
+        num1 = elemprops[combo[0] - 1]["valence"]
+        num2 = elemprops[combo[1] - 1]["valence"]
+        if sign(num1) == 1 and sign(num2) == 1:
+            result = "Metallic"
+        elif sign(num1) == -1 and sign(num2) == -1:
+            result = "Covalent"
+        elif sign(num1) == 0 or sign(num2) == 0:
+            result = "No Reaction"
+        else:
+            result = "Ionic"
+        if result in bondcombos.keys():
+            bondcombos[result].append(combo)
+        else:
+            bondcombos[result] = [combo]
+    electrocombos = {}
+    for combo in itertools.product(range(1,63),repeat=2):
+        num1 = elemprops[combo[0] - 1]["electroneg"]
+        num2 = elemprops[combo[1] - 1]["electroneg"]
+        if num1 == 0 or num2 == 0:
+            diff = 0
+        else:
+            diff = round(abs(num1 - num2),2)
+        if diff in electrocombos.keys():
+            electrocombos[diff].append(combo)
+        else:
+            electrocombos[diff] = [combo]
+
+    results = []
+    for char in data:
+        possibles = []
+        for reaction in char:
+            bond, numdiff, electrodiff = char[reaction]
+            sets = set(reduce(add, numbercombos[numdiff])), set(reduce(add, bondcombos[bond])), set(reduce(add, electrocombos[electrodiff]))
+            possibles.extend(sets)
+        result = reduce(set.intersection, possibles)
+        print(result)
+        results.append(result)
+    p.recv()
+    combos = list(itertools.product(*results))
+    print(len(combos))
+    if len(combos) >= 30:
+        continue
+    for combo in itertools.product(*results):
+        combo = [x + 64 for x in combo]
+        print(combo)
+        key = bytes(combo)
+        p.sendline(key)
+        data = p.recv()
+        if b'rarctf' in data:
+            print(data)
+            quit()

misc/IronOxide/src/Dockerfile

@@ -0,0 +1,20 @@
+FROM ubuntu:18.04
+RUN apt-get update -y && apt-get install -y \
+    lib32z1 xinetd \
+&& rm -rf /var/lib/apt/lists/*
+RUN useradd ctf
+RUN mkdir /ctf
+RUN echo "You've been blocked by our xinetd - try again, and report if this repeats." > /etc/banner_fail
+COPY ./ctf.xinetd /etc/xinetd.d/ctf
+COPY ./start.sh /start.sh
+COPY ./setup.sh /setup.sh
+COPY ./IronOxide /ctf/IronOxide
+COPY ./elemprops.csv /ctf/elemprops.csv
+COPY ./flag.txt /ctf/flag.txt
+RUN chown -R root:ctf /ctf && chmod -R 750 /ctf
+RUN chmod +x /setup.sh
+RUN chown root:ctf /start.sh && chmod 750 /start.sh
+
+CMD ["/setup.sh"]
+
+EXPOSE 8888

misc/IronOxide/src/ctf.xinetd

@@ -0,0 +1,17 @@
+service ctf
+{
+    disable = no
+    socket_type = stream
+    protocol    = tcp
+    wait        = no
+    user        = ctf
+    type        = UNLISTED
+    port        = 8888
+    bind        = 0.0.0.0
+    server      = /start.sh
+    banner_fail = /etc/banner_fail
+    # Options below are for safety mainly
+    #per_source  = 10 # max instances per source at once
+    rlimit_cpu  = 20 # max cpu seconds
+    #rlimit_as  = 1024M # addr space resource limit
+}

misc/IronOxide/src/elemprops.csv

@@ -0,0 +1,105 @@
+atomicnumber,symbol,valence,electronegativity,group,period
+1,H,1,2.2,1,1
+2,He,0,0,18,1
+3,Li,1,0.98,1,2
+4,Be,2,1.57,2,2
+5,B,3,2.04,13,2
+6,C,-4,2.55,14,2
+7,N,-3,3.04,15,2
+8,O,-2,3.44,16,2
+9,F,-1,3.98,17,2
+10,Ne,0,0,18,2
+11,Na,1,0.93,1,3
+12,Mg,2,1.31,2,3
+13,Al,3,1.61,13,3
+14,Si,4,1.9,14,3
+15,P,-3,2.19,15,3
+16,S,-2,2.58,16,3
+17,Cl,-1,3.16,17,3
+18,Ar,0,0,18,3
+19,K,1,0.82,1,4
+20,Ca,2,1,2,4
+21,Sc,3,1.36,3,4
+22,Ti,4,1.54,4,4
+23,V,3,1.63,5,4
+24,Cr,2,1.66,6,4
+25,Mn,2,1.55,7,4
+26,Fe,2,1.83,8,4
+27,Co,2,1.88,9,4
+28,Ni,2,1.91,10,4
+29,Cu,1,1.9,11,4
+30,Zn,2,1.65,12,4
+31,Ga,3,1.81,13,4
+32,Ge,4,2.01,14,4
+33,As,3,2.18,15,4
+34,Se,-2,2.55,16,4
+35,Br,-1,2.96,17,4
+36,Kr,0,3,18,4
+37,Rb,1,0.82,1,5
+38,Sr,2,0.95,2,5
+39,Y,3,1.22,3,5
+40,Zr,4,1.33,4,5
+41,Nb,5,1.6,5,5
+42,Mo,4,2.16,6,5
+43,Tc,4,1.9,7,5
+44,Ru,3,2.2,8,5
+45,Rh,3,2.28,9,5
+46,Pd,2,2.2,10,5
+47,Ag,1,1.93,11,5
+48,Cd,2,1.69,12,5
+49,In,3,1.78,13,5
+50,Sn,-4,1.96,14,5
+51,Sb,3,2.05,15,5
+52,Te,4,2.1,16,5
+53,I,-1,2.66,17,5
+54,Xe,0,2.6,18,6
+55,Cs,1,0.79,1,6
+56,Ba,2,0.89,2,6
+57,La,3,1.1,3,6
+58,Ce,3,1.12,0,6
+59,Pr,3,1.13,0,6
+60,Nd,3,1.14,0,6
+61,Pm,3,1.13,0,6
+62,Sm,3,1.17,0,6
+63,Eu,3,1.2,0,6
+64,Gd,3,1.2,0,6
+65,Tb,3,1.2,0,6
+66,Dy,3,1.22,0,6
+67,Ho,3,1.23,0,6
+68,Er,3,1.24,0,6
+69,Tm,3,1.25,0,6
+70,Yb,3,1.1,0,6
+71,Lu,3,1.27,0,6
+72,Hf,4,1.3,4,6
+73,Ta,5,1.5,5,6
+74,W,4,2.36,6,6
+75,Re,3,1.9,7,6
+76,Os,4,2.2,8,6
+77,Ir,3,2.2,9,6
+78,Pt,2,2.28,10,6
+79,Au,3,2.54,11,6
+80,Hg,1,2,12,6
+81,Tl,1,1.62,13,6
+82,Pb,2,1.87,14,6
+83,Bi,1,2.02,15,6
+84,Po,4,2,16,6
+85,At,-1,2.2,17,6
+86,Rn,0,2.2,18,6
+87,Fr,1,0.7,1,7
+88,Ra,2,0.9,2,7
+89,Ac,3,1.1,3,7
+90,Th,4,1.3,0,7
+91,Pa,5,1.5,0,7
+92,U,2,1.38,0,7
+93,Np,7,1.36,0,7
+94,Pu,4,1.28,0,7
+95,Am,3,1.13,0,7
+96,Cm,3,1.28,0,7
+97,Bk,3,1.3,0,7
+98,Cf,3,1.3,0,7
+99,Es,1,1.3,0,7
+100,Fm,2,1.3,0,7
+101,Md,2,1.3,0,7
+102,No,3,1.3,0,7
+103,Lr,4,1.3,0,7
+104,Rf,3,0,4,7

misc/IronOxide/src/flag.txt

@@ -0,0 +1 @@
+rarctf{w3lc0me_t0_th3_l4b!!!_30bb2505d5}

misc/IronOxide/src/setup.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+service xinetd start
+sleep infinity

misc/IronOxide/src/start.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+cd /ctf
+./IronOxide