Overview 2021

An overview of all CTF challenges I checked out this year. Some even contain a write-up I wrote, although they can be quite sparse. Feel free to contact me about any of the challenges below. ^w^

Check out write-ups by my teammates on K3RN3L4RMY.com

backdoorctf 2021


  • non abelian - Crypto x (x) › Matrix DDH, integer size reveals origin
  • non abelian revenge - Crypto x (x) › Matrix DDH, determinant reveals origin
  • MDLP - Crypto x (x) › DLP with matrices,
  • I’m the Mountain - Crypto x (x) › Kyber, weak implementation
  • lfsr - Crypto 500 (1) › Simple Power Analysis (SPA) with hidden taps
  • Beyond the Mountain - Crypto 500 (0) › Kyber, x

ASIS CTF Finals 2021


  • Stairs - Crypto 191 (43) › RSA-like cryptosystem reduced to quadratic equation
  • nDLP - Crypto 218 (37) › DLP, modulus factors into insecure small primes
  • RAS - Crypto 224 (36) › RSA, low-entropy prime generation
  • mDLP - Crypto 262 (30) › DLP over matrix group, solve DLP over eigenvalues

hxp CTF 2021


  • gipfel - Crypto 85 (109) › Diffie-Hellman, trivial subgroup attack
  • kipferl - Crypto 227 (35) › x
  • infinity - Crypto 500 (11) › CSIDH, x
  • caBalS puking - Misc/Crypto 667 (6) › x
  • zipfel - Crypto 714 (5) › x
  • f_cktoring - Crypto 833 (3) › Quadratic field homomorphism into ECM factoring

SECCON CTF 2021


  • pppp - Crypto 117 (70) › x
  • oOoOoO - Crypto 182 (26) › x
  • CCC - Crypto 221 (17) › x
  • cerberus - Crypto 227 (16) › x
  • XXX - Crypto 240 (14) › x
  • Sign Wars - Crypto 305 (8) › x
  • case-insensitive - Misc 305 (8) › x

idekCTF 2021


  • EccRoll - Crypto x (x) › ECC-based DDH beaten by trivial on curve check
  • DestroyedRSA - Crypto x (x) › Backdoor RSA prime construction (paper crypto)
  • Seedoflife - Crypto x (x) › Brute-force PRNG seed
  • Hashbrown - Crypto x (x) › Brute-force home-rolled hash collision

X-MAS CTF 2021


  • Having a BLAST - Bioinformatics 50 (133) 2nd blood › x
  • A putative sequence - Bioinformatics 428 (40) 2nd blood › x
  • SantaVax reverse engineering - Bioinformatics 711 (14) 1st blood › Dissecting custom mRNA vaccin
  • One Time Present - Crypto/Rev 494 (12) › x
  • Santa’s Secret Encoding Machine - Crypto 496 (10) › x
  • Santa’s Bilingual Encryption System - Crypto 498 (6) › x
  • Santa’s Secure Database - Crypto 498 (6) › x
  • Worst two reindeer - Crypto 500 (3) 3rd blood › Near-linear block cipher key recovery
  • Still Two Bad Reindeer - Crypto 500 (3) › x

VULNCON CTF 2021


  • x - Crypto x (x) › x

HITCON CTF 2021


  • so easy rsa - Crypto 210 (56) › x
  • a little easy rsa - Crypto 240 (37) › x
  • magic rsa - Crypto 262 (27) › x
  • magic dlog - Crypto 262 (27) › x
  • so easy but not rsa - Crypto 305 (15) › x
  • still not rsa - Crypto 321 (12) › x

N1CTF 2021


  • checkin - Crypto ? (7) › x
  • n1ogin - Crypto ? (7) › x
  • n1token1 - Crypto ? (3) › x
  • n1token2 - Crypto ? (3) › x

K3RN3LCTF 2021


The challenges I wrote:

  • Twizzty Buzzinezz - Crypto 100 (116) › XOR with predictable key stream
  • 1-800-758-6237 - Crypto 437 (28) › XOR cribbing
  • Non-Square Freedom 1 - Crypto 465 (21) › Multi-prime RSA with small message
  • Non-Square Freedom 2 - Crypto 490 (11) › Weak multi-prime RSA
  • Poly-Proof - Crypto 490 (11) › Bad polynomial commitment scheme
  • Poly Expo go BRRRRR - Crypto 494 (9) › Polynomial-based RSA is easily factored
  • Tick Tock - Crypto 496 (6) › Clock group DLP solved in quadratic homomorphism
  • 3Dangerous Commute - Misc 497 (5) › Reverse mine sweeper into Dijkstra min-cost path
  • lightningrod - Rev 499 (3) › Brute-force base64 input through XOR field
  • Cozzmic Dizzcovery - Crypto 499 (3) › XOR field state recovery
  • HADIOR - Crypto 499 (3) › Hamming distance oracle into signature forgery
  • Objection! - Crypto 500 (2) › Double signature spoofing through domain injection
  • Beecryption - Crypto 500 (2) › Affine cryptosystem solved with known plaintext-ciphertext
  • Game of Secrets - Crypto 500 (2) › ‘Game of Life’ inspired cryptosystem leaks round keys
  • Ain’t no Mountain High Enough - Crypto 500 (1) › Multi-key Hill Cipher solved with basic linear algebra
  • Shrine of the Sweating Buddha - Crypto 500 (0) › Paillier with predictable blind pattern and recursive Paillier
  • Mowhock - Crypto 500 (0) › Chaotic orbits based on logistic maps, weak IV injection
  • Total Encryption - Crypto 500 (0) › Multi-layered RSA beaten by Franklin-Reiter and Coppersmith attacks

BuckeyeCTF 2021


  • Key exchange - Crypto 40 (141) › x
  • Key exchange 2 - Crypto 90 (34) › x
  • Defective RSA - Crypto 441 (33) › RSA with non co-prime public exponent, multiple solutions possible
  • Elliptigo - Crypto 465 (21) › Invalid curve attack on Curve25519 by choosing low-order base point

ASIS CTF Quals 2021


  • Madras - Crypto 59 (88) › RSA with math hint
  • Spiritual - Crypto 79 (60) › ECC, order of field extensions
  • Pinhole - Crypto 134 (31) › Matrix-substitution cipher
  • Lagleg - Crypto 201 (18) › Small key space brute-force
  • Damas - Crypto 477 (1) › Matrix DLP red-herring, Wiener attack

pbctf 2021


  • Alkaloid Stream - Crypto 134 (132) › Simple reverse of encryption function
  • Steroid Stream - Crypto 198 (38) › Finding additions to a linear independent set to retrieve key (unintended solution)
  • GoodHash - Crypto 218 (30) › Forge GCM IV collision
  • Seed Me - Crypto 242 (23) › Java.utils.random LCG seed forgery
  • Yet Another PRNG - Crypto 292 (14) › x
  • Yet Another RSA - Crypto 309 (12) › x

TastelessCTF 2021


  • crybaby - Crypto 492 (14) › AES-GCM with re-used IV leads to a simple tag forgery

TSGCTF 2021


  • Beginner’s Crypto 2021 - Crypto 100 (126) › x
  • Minimalist’s Private - Crypto 137 (49) › RSA with substantially small Carmichael function
  • Baba is Flag - Crypto 162 (34) › x
  • Flag is Win - Crypto 278 (10) › x
  • This is DSA - Crypto 290 (9) › x

DownUnderCTF 2021

  • Substitution Cipher I - Crypto 100 (362) › x
  • Break Me! - Crypto 100 (162) › x
  • Substitution Cipher II - Crypto 100 (155) › x
  • treasure - Crypto 100 (102) › x
  • JWT - Web 457 (34) › x
  • Secuchat - Crypto 462 (32) › Heap of public RSA keys leaks shared prime which allows us to decrypt some users’ messages
  • encrypted note - Pwn 483 (22) › x
  • power sign - Crypto 494 (14) › x
  • yadlp - Crypto 494 (14) › x
  • OTWhat 1 - Crypto 496 (12) › x
  • OTWhat 2 - Crypto 500 (5) › x
  • 1337crypt v2 - Crypto 500 (3) › x
  • Substitution Cipher III - Crypto 500 (1) › x

H@cktivityCon 2021 CTF

  • Triforce - Crypto 444 (73) › Simple AES-CBC IV recovery from encryption/decryption oracle
  • Sausage Links - Crypto 468 (55) › Wiener attack on multi-prime RSA

CSAW CTF Qualification Round 2021


  • RSA Pop Quiz - Crypto 390 (137) › RSA, small private exponent, close primes, LSB oracle, partial key exposure
  • Forgery - Crypto 405 (127) › Simple DSA forgery due to faulty mask and message check
  • Save the Tristate - Misc 474 (68) › Trivial QKD-esque challenge
  • ECC Pop Quiz - Crypto 478 (63) › ECC, anomalous curve, simple curve, singular curve
  • Bits - Crypto 497 (24) › Discrete logarithm bit leak reveals the multiplicative order to be smooth

WORMCON 0x01 2021


  • Exclusive - Crypto 100 (25) › Home-rolled XOR cipher with key space of 256, easily brute-forced
  • Fake Encryption - Crypto 379 (12) › DES-ECB encryption recovered using known plaintext-ciphertext pair
  • Invisible Cipher - Crypto 419 (10) › Substitution cipher broken with quick frequency analysis and quipqiup
  • Rem, Shinobu, Asuna - Crypto 475 (6) › RSA math hint
  • Sir Oracle - Crypto 484 (5) › DHE with user input XOR leak

FwordCTF 2021


  • Leaky-Blinders - Crypto 100 (121) › Non-key bytes leaked iteratively
  • Boombastic - Crypto 738 (55) › Math to recover server secret into signature forgery
  • Invincible - Crypto 930 (29) › ECC invalid-curve-attack
  • Login - Crypto 991 (11) › Length-extension-attack into RSA modulus recovery
  • Transfer - Crypto 998 (6) › ECDSA fault-attack due to a HMAC bug
  • Procyon - Crypto 1000 (4) › DHE HNP, see Raccoon Attack

corCTF 2021


  • 4096 - Crypto 360 (219) › RSA modulus consisting of many small primes
  • dividing_secrets - Crypto 434 (121) › Dividing the secret allows us to recover LSB with legendre symbols
  • supercomputer - Crypto 457 (85) › Ridiculous powers (no modulus) computed with LTE
  • babyrsa - Crypto 476 (50) › Partially recovered RSA parameters recovered using univariate roots
  • babypad - Crypto 484 (35) › AES-CTR padding oracle attack
  • babyrand - Crypto 487 (29) › bad PRNG recovered using multivariate roots
  • bank - Crypto 489 (25) › Simple qubit manipulation to recover their state
  • LCG_k - Crypto 489 (25) › ECDSA with related nonces recovered using symbolic math
  • mystery_stream - Crypto 496 (10) ›
  • fried_rice - Crypto 497 (6) › ‘dp’ leak into bad PRNG (polynomial LCG) seed recovery
  • leave_it_to_chance - Crypto 498 (5) › DSA recovery using modular-roots into forgery

SSTF 2021


  • RC Four - Crypto [EASY] › RC4 is a stream cipher and therefore malleable.
  • RSA 101 - Crypto [EASY] › RSA, using homomorphic properties to deceive the server
  • meLorean - Crypto [EASY] › Linear regression to recover slope, which decodes to ASCII
  • MenInBlackHats - Crypto [MEDIUM] › Data-analysis of 3D coordinates, rotation reveals QR-code
  • DecryptTLS - Crypto [HARD] › TLS 1.3 PCAP with bad client-side secret key in ECDHE
  • License - Crypto [HARD] › ECDSA-signature-based DRM forgery
  • Xero Trust - Crypto [HARD] › Web encryption with AES-CBC

RACTF 2021


  • Military-Grade - Crypto-Web 300 (48) › Time seeded PRNG with bad masking, written in Go

BSidesNoidaCTF 2021


  • MACAW - Crypto 445 (50) › AES-CBC with MAC authentication
  • MACAW Revenge - Crypto 473 (27) › AES-CBC with MAC auth, but limited attempts
  • baby_crypto - Crypto 479 (22) ›
  • KOTF Returns - Crypto 486 (15) › DSA forgery (no hash leak)
  • low power crypto - Crypto 494 (7) › ECC invalid-curve-attack
  • prng - Crypto 499 (1) ›
  • damn boi - Crypto 500 (0) ›

RaRCTF 2021


  • PsychECC - Crypto 400 (39) › ECC invalid-curve-attack
  • rotoRSA - Crypto 300 (29) › RSA, polynomial GCD
  • Randompad - Crypto 700 (24) › Mersenne Twister PRNG padding recoverd with Coppersmith
  • Snore - Crypto 600 (17) › Hidden number problem in Schnorr signatures solved with LLL
  • A3S - Crypto 800 (4) › AES with trits and trytes, affine S-box

UIUCTF 2021


  • Constructive Criticism - Misc 408 (14) › Audio, signal processing
  • Q-Rious Transmissions - Misc 322 (23) › Quantum entanglement (with Python-Qiskit)
  • Capture the :flag: - Forensics 311 (24) › LSB steganography
  • SUPER - Forensics 371 (18) › Encrypted VHD containing a DOS EXE

CryptoCTF 2021


  • Robert - Crypto 194 (19) › (inverse) Carmichael function
  • Frozen - Crypto 142 (29) › Math reverse, signature forgery
  • Hamul - Crypto 83 (56) › String conactation of primes
  • Improved - Crypto 117 (37) › Hash collision
  • Keybase - Crypto 48 (118) › AES CBC, IV recovery
  • Triplet - Crypto 91 (50) › RSA, custom keygen
  • Wolf - Crypto 128 (33) › AES GCM(CTR), short IV, time.time()
  • Salt and Pepper - Crypto 71 (69) › Length extension attack on MD5 and SHA1

ImaginaryCTF 2021


  • Password Checker - Web 450 (15) › Deobfuscated JavaScript, brute-force
  • ZKPoD - Crypto 400 (19) › Parity leak into LSB oracle
  • Mazed - Misc 225 (38) › Maze, brute-force
  • Off To The Races! - Misc 275 (39) › Regex, multi-threading vuln leads to check bypass
  • Short Story - Forensics 150 (39) › Hex encoded into word lengths
  • Primetime - Crypto 300 (41) › Hex-encoding using primes
  • New Technology - Crypto 300 (50) › Number theory
  • Roll it back - Crypto 300 (58) › Reversing
  • Prisoner’s Dilemma - Misc 200 (63) › Vim jail
  • Cookie Stream - Web 150 (86) › AES CTR, bit flipping on cookies
  • Lines - Crypto 150 (128) › Diffie-Hellman
  • Rock Solid Algorithm - Crypto 100 (149) › RSA, small e, modular roots
  • Flip Flops - Crypto 100 (160) › AES CBC, block flipping

San Diego CTF 2021


  • A Primed Hash Candidate - Crypto 292 (21) › Custom hash, math reverse
  • Encrypted Communications - Crypto 699 (6) › AES-CBC, padding vuln, .strip() vuln
  • Desmos Pro - Reversing 799 (5) › Math reverse

DEFCON CTF Quals 2021


  • nooombers - Crypto 127 (44) ›
  • qoo-or-ooo - Crypto 120 (58) ›
  • back-to-qoo - Crypto 128 (43) ›
  • smart-cryptooo - Crypto 5 (343) ›

S4Lab CTF 2021


  • Baby-Xor - Crypto ? (?) ›
  • Baby-IQ - Crypto ? (?) ›
  • Baby-RSA - Crypto ? (?) ›
  • Merles - Crypto ? (?) ›
  • khayyam - Crypto ? (?) ›
  • genie - Crypto ? (?) ›
  • malady - Crypto ? (?) ›
  • phillip - Crypto ? (?) ›
  • PTS - Misc ? (?) ›
  • Determinant - Misc ? (?) ›
  • Tom - Misc ? (?) ›

Cyber Apocalypse 2021


  • PhaseStream 3 - Crypto 300 (531) › AES-CTR, re-used key-iv, known plain text
  • PhaseStream 4 - Crypto 300 (334) › AES-CTR, re-used key-iv, deduced plain text
  • SoulCrabber 2 - Crypto 300 (229) › Rust, time seeded PRNG
  • Forge of Empires - Crypto 325 (95) › Forge ElGamel signatures, no-hashing vulnerability
  • Super Metroid - Crypto 325 (77) › Weak ECC
  • Tetris - Crypto 325 (75) › Transposition cipher analysis
  • SpongeBob SquarePants: Battle for Bikini Bottom - Rehydrated - Crypto 325 (61) › Custom hash function collisions
  • Wii Phit - Crypto 350 (38) ›
  • RuneScape - Crypto 400 (20) › Custom multivariate polynomial encryption
  • Hyper Metroid - Crypto 425 (18) › Hyperelliptic curve cryptography, Jacobian order
  • Tetris 3D - Crypto 425 (18) › Transposition cipher analysis
  • Alienspeak - Misc 375 (30) ›

PlaidCTF 2021


  • xorsa - Crypto 100 (180) › RSA with XOR hint
  • leaky block cipher - Crypto 400 (22) › Weak AES-GCM-like cipher manipulation
  • Fake Medallion - Crypto 420 (4) › Qubit encryption, …
  • Proxima Concursus: The Game - Crypto 200 (5) › Rust,
  • Proxima Concursus: Particle Collider - Crypto 200 (5) › Rust,

UMDCTF 2021


  • Subway - Crypto 225 (88) › Substitution cipher
  • Office Secrets - Crypto 250 (87) › RSA, same message with different public exponents
  • Cards Galore - Crypto 707 (25) › Solitaire cipher
  • Whose Base Is It Anyway - Crypto 741 (19) › Matryoshka doll-like base encoding(s)

RITSEC CTF 2021


  • Lorem Ipsum - Crypto 150 (135) › Trithemius Ave Maria cipher
  • RITSEC Hash - Crypto 250 (56) › Custom hash collision
  • Streams & Rivers - Crypto 399 (2) › (Manual) Mersenne Twister prediction
  • Feedback - Crypto 500 (0) › LFSR, creative custom encryption

Midnightsun CTF 2021


  • ocat_024 - Crypto 220 (19) ›
  • dbcsig_64434 - Crypto 228 (18) ›
  • Backup: Alice - Crypto 91 (82) › RSA,
  • Backup: Bob - Crypto 91 (81) › RSA,
  • Backup: Craig - Crypto 345 (8) ›
  • Backup: Dan - Crypto 345 (8) ›
  • Backup: Eve - Crypto 113 (55) › Substitution cipher, guessing
  • Backup: Frank - Crypto 121 (49) › Partially masked private RSA-SSH key recovery

BSides Canberra CTF 2021


  • Make RSA Great Again - Crypto 50* (?) › RSA
  • Dispicable Key - Crypto 200* (?) › AES-ECB
  • Bomb Disposal - Crypto 200* (?) › PRNG state recovery, LCG with Blum-Blum-Shub
  • Empty Fault - Crypto 200* (?) › Merkle tree hash collision
  • Vanity AES - Crypto 500* (?) › AES-??? mode IV+key re-use through simultaneous connection
  • Super Cool Facts! - Crypto 500* (?) › ECC, invalid point attack

b01lers CTF 2021


  • RSASSS - Crypto 493 (13) › RSA, Shamir’s secret sharing
  • Baby Double XOR - Crypto 497 (8) › Double XOR cipher cryptanalysis, all unknowns
  • Unlucky Strike - Crypto 498 (7) › AES-CBC padding oracle attack to forge encryption
  • Cold War Gets Hotter - Crypto 499 (4) ›
  • Reasonable Security Ahead - Crypto 500 (2) ›
  • Double XOR - Crypto 500 (1) ›

ångstromCTF 2021


  • Home Rolled Crypto - Crypto 70 (173) › Bit-wise encryption, input-output reverse
  • Follow the Currents - Crypto 70 (270) › Simple XOR cipher brute-force
  • Circle of Trust - Crypto 100 (85) › Custom secret sharing scheme, math reverse
  • I’m so Random - Crypto 100 (237) › Custom PRNG, weak PRNG
  • Oracle of Blair - Crypto 160 (136) › AES-CBC decryption oracle exploit (not a padding oracle attack)

Foobar CTF 2021


  • Profezzor revenge - Crypto 100 (66) › XOR entire PDF with key derived from hex signature
  • Lost-N - Crypto 100 (47) › RSA, unknown modulus recovery from cipher- plaintext pairs
  • Hill-Kill - Crypto 436 (15) › Hill cipher, linear algebra, pwn automatic decryption
  • Back to the future - Crypto 453 (13) › RSA, modular square roots, time seeded random
  • Pascal’s Chemistry Lab - Crypto 453 (13) › Fermat factorisation, Paillier cryptosystem
  • Intern - Crypto 461 (12) › RSA, LCG prediction, Franklin-Reiter related message attack, (Coppersmith’s short-pad attack)
  • From Japan with Love - Stego 383 (20) › QR, red herring, LSB hidden ascii

picoCTF 2021


  • Easy Peasy - Crypto 40 (424) › XOR cipher disguised as an OTP, len(key) != len(msg)
  • New Caesar - Crypto 60 (586) › Caesar cipher-like, simple reverse and brute-force, small key
  • Mini RSA - Crypto 70 (374) › RSA, small public exponent e, brute-force e-th root of k*N
  • Dachshund Attacks - Crypto 80 (587) › RSA, small private exponent d, brute-force d
  • No Padding, No Problem - Crypto 90 (326) › RSA, chosen chiphertext attack (no padding)
  • Pixelated - Crypto 100 (586) › Image XOR
  • Play Nice - Crypto 110 (414) › Playfair cipher
  • Double DES - Crypto 120 (214) › 2DES-ECB, meet in the middle attack
  • Compress and Attack - Crypto 130 (163) › Compression before encryption leak
  • Scrambled: RSA - Crypto 140 (99) ›
  • It’s Not My Fault 1 - Crypto 300 (82) ›
  • New Vignere - Crypto 300 (255) › Vigenère cipher-like, reverse and brute-force, small character space
  • Clouds - Crypto 500 (16) ›

UMassCTF 2021


  • malware - Crypto 434 (78) › AES-CTR with re-used iv/counter and known plaintext
  • Factoring is Fun - Crypto 500 (7) › Iterative Lattice Factorisation with ‘random’ known bits of p
  • Weird RSA - Crypto 500 (10) › LUC-RSA cryptosystem (2nd order Lucas sequence), Fermat factorisation
  • warandpieces - Stego 499 (13) › 16-bit encoding (hex)

Securinets CTF Quals 2021


  • MiTM - Crypto 559 (36) › Diffie-Hellman exchange man in the middle attack (w/ ghost-check)
  • MiTM Revenge - Crypto 757 (27) › Diffie-Hellman delayed man in the middle attack, XOR vuln (w/ ghost-check)
  • Special - Crypto 908 (17) › RSA LSB attack with small root finding
  • Shilaformi - Crypto 940 (14) ›
  • Sign it! - Crypto 949 (13) ›
  • Exfiltration - Stego 793 (25) ›

LINE CTF 2021


  • babycrypto1 - Crypto 50 (106) ›
  • babycrypto2 - Crypto 50 (98) ›
  • babycrypto3 - Crypto 50 (58) ›
  • babycrypto4 - Crypto 50 (35) ›

BlueHens CTF 2021


  • hot_diggity_dog - Crypto 75 (48) › RSA, large public exponent e, brute-force small private exponent d
  • PHEnomenal - Crypto 212 (29) › Paillier Homomorphic Encryption
  • OTP1 - Crypto 284 (26) ›
  • OTP2 - Crypto 422 (17) ›
  • OPT3 - Crypto 482 (9) ›
  • aHead Of The curve (Probably) - Crypto 493 (6) ›
  • hot_diggity_dog_2 - Crypto 500 (1) ›
  • conFidential searcH and dEstroy - Crypto 500 (1) ›

Codefest CTF 2020


  • RSA 1.0 - Crypto ? (?) › RSA, multi-prime factorisation, insufficient padding
  • RSA 2.0 - Crypto ? (?) › RSA, even public exponent e, Tonelli-Shanks decryption
  • Anime is Love - Stego ? (?) ›
  • Telephone - Stego ? (?) ›
  • b1n4rY - Stego ? (?) › QR code
  • Sanity Check 2 - OSINT ? (?) › Simple ciphers and encoding
  • E-mail - OSINT ? (?) › Google
  • C is hard - Pwn ? (?) › Buffer overflow exploit

NahamCon CTF 2021


  • Dice Roll [Medium] - Crypto 406 (201) › Mersenne-twister based RNG prediction
  • Elliptical [Hard] - Crypto 500 (19) › ECDSA re-used nonce exploit
  • Treasure [Easy] - Crypto 448 (154) › Book cipher
  • Eaxy [Easy] - Crypto 433 (172) › Iterative XOR encryption
  • DDR [Medium] - Scripting 497 (51) › Pixel values, PIL Python script

DaVinciCTF 2021


  • Bootless RSA - Crypto 25 (127) › RSA, small public exponent e
  • The more, the less - Crypto 41 (62) › RSA, multi-prime factorisation
  • Substitution - Crypto 25 (266) › Substitution cipher
  • Kanagawa - Pwn 59 (92) › Buffer overflow exploit
  • Format me - Pwn 90 (47) › String format exploit

NetOn CTF 2021


  • Just win - Pwn 250 (4) ›
  • Limited - Pwn 499 (4) › Simple password brute-force
  • Darkness - Pwn 500 (1) ›
  • Side Login - Pwn 500 (2) ›
  • Welcome to FilterLand - Web 208 (24) › PHP strcmp exploit
  • Picnicnic - Web 222 (20) › Cookie trail
  • Let me in! - Web 245 (9) › Captcha with PHPSESSID cookie
  • Grades - Web 486 (10) › JavaScript encryption de-obfuscation and brute-force
  • Jungle Meeting - Stego 50 (33) › Strings and grep
  • Seeing blurry - Stego 50 (16) › - Autostereogram
  • Winter - Stego 218 (21) › Whitespace ssteganography (snow, stegsnow)
  • Step by step - Stego 250 (4) › Pixel value masking and steghide
  • Invisibility - Stego 500 (3) › Unicode zero-width steganography
  • Caesar’s Secret - OSINT 163 (34) › Waybackmachine, Twitter
  • Capture The Flag - OSINT 436 (20) › Google, Google Maps
  • PawN PawN - Crypto 188 (29) › Morse-code, chess board set-up code and visual encoding
  • Weak xor - Crypto 239 (13) › Small XOR key and partly known plaintext
  • BritishScientific - Crypto 242 (11) › Playfair cipher
  • Facts Br0! - Crypto 244 (10) › RSA, PEM file, simple factorisation
  • Not Morse - Crypto 249 (5) › Baconian cipher
  • RSA… no primEs, no problEm - Crypto 500 (2) › Unkown e with known phi(n), brute-force values for e
  • Run Run Run - Coding 215 (22) › Python automated HTML requests
  • Step by step - Coding 239 (13) › Trial and error with substrings
  • SecretMessage - Coding 247 (8) › Reverse encryption function
  • Infiltration - Forensics 183 (30) › PCAP investigation
  • Picasso01 - Forensics 225 (19) › Binwalk, strings and grep
  • Lost in Lab - Forensics 479 (12) › Disk image
  • File Bomb - Reversing 475 (13) › ELF disassembly
  • Inception - Misc 183 (30) › QR codes
  • Photogra.fy - Misc 227 (18) › Simple flag search
  • Kasiski the magician - Misc 235 (15) › Magic numbers fix (hex signature fix)
  • MathTomata - Misc 245 (9) › Deterministic finite automaton
  • Gotta catch em flag - Misc 248 (6) › GBA Emulator, Pokémon FireRed