(crypto) : added 2 easy challs

Added:
xor-salad : beginner-easy
hshh : easy-medium

crypto/hshh/challenge.yml

@@ -0,0 +1,30 @@
+name: "hshh"
+author: "souvlakia"
+category: crypto
+
+description: |
+  I've been working on a new encryption algorithm that hashes and xors the input. I think it's secure, but I'm not sure. Can you take a look?
+  
+
+value: 500
+type: dynamic_docker
+extra:
+  initial: 500
+  minimum: 100
+  decay: 25
+  redirect_type: direct
+  compose_stack: !filecontents docker-compose.yml
+
+flags:
+  - GTBQ{d0n7_r3u53_k3y5!!}
+
+files:
+  - public/server.py
+
+tags:
+  - crypto
+  - easy
+  - medium
+
+state: visible
+version: "0.1"

crypto/hshh/docker-compose.yml

@@ -0,0 +1,7 @@
+version: '3'
+services:
+  casino:
+    build: ./setup/
+    image: ghcr.io/cybermouflons/gtbq-2024/hshh:latest
+    ports:
+      - 1337:1337

crypto/hshh/public/server.py

@@ -0,0 +1,35 @@
+from hashlib import sha256
+from itertools import cycle
+from secret import FLAG
+def xor(a:bytes, b:bytes)->bytes:
+    if len(a)<len(b): # make sure a >= b
+        a,b=b,a
+    return bytes([x^y for x,y in zip(a,cycle(b))])
+
+
+def H(s:bytes)->bytes:
+    return sha256(s).digest()
+
+def encrypt(msg:str,key='🤫🤫🤫')->str:
+    key = key.encode()
+    key = H(key)
+    msg = msg.encode()
+    for _ in range(1000):
+        key = H(key)
+        msg = xor(msg, key)
+    return msg.hex()
+
+
+if __name__ == '__main__':
+    print('Select an option:')
+    while True:
+        choice=input('1. Encrypt\n2. Get encrypted flag\n3. Exit\n')
+        if choice == '1':
+            msg=input('Enter the message to encrypt: ')
+            print(encrypt(msg))
+        elif choice == '2':
+            print(encrypt(FLAG))
+        elif choice == '3':
+            exit()
+        else:
+            print('Invalid choice')

crypto/hshh/setup/Dockerfile

@@ -0,0 +1,9 @@
+FROM ubuntu:22.04
+
+RUN apt-get update && apt-get install -y socat python3
+
+WORKDIR /app
+COPY . .
+
+EXPOSE 1337
+CMD ["socat", "-v","TCP-LISTEN:1337,reuseaddr,fork", "EXEC:'python3 /app/server.py'"]

crypto/hshh/setup/secret.py

@@ -0,0 +1 @@
+FLAG='GTBQ{d0n7_r3u53_k3y5!!}'

crypto/hshh/setup/server.py

@@ -0,0 +1,33 @@
+from hashlib import sha256
+from itertools import cycle
+from secret import FLAG
+def xor(a:bytes, b:bytes)->bytes:
+    return bytes([x^y for x,y in zip(a,b)])
+
+
+def H(s:bytes)->bytes:
+    return sha256(s).digest()
+
+def encrypt(msg:str,key='🤫🤫🤫🤫🤫🤫')->str:
+    key = key.encode()
+    msg = msg.encode()
+    key = H(key)
+    for _ in range(1000):
+        key = H(key)
+        msg = xor(msg, key)
+    return msg.hex()
+
+
+if __name__ == '__main__':
+    print('Select an option:')
+    while True:
+        choice=input('1. Encrypt\n2. Get encrypted flag\n3. Exit\nYour choice: ')
+        if choice == '1':
+            msg=input('Enter the message to encrypt: ')
+            print(encrypt(msg))
+        elif choice == '2':
+            print(encrypt(FLAG))
+        elif choice == '3':
+            exit()
+        else:
+            print('Invalid choice')

crypto/hshh/sol/README.md

@@ -0,0 +1,33 @@
+# Solution:
+
+```python
+for _ in range(1000):
+    key = H(key)
+    msg = xor(msg, key)
+return msg.hex()
+```
+- We have something like:
+    - enc = msg $ \oplus (H(key) \oplus H(H(key)) \oplus ... \oplus H^{1000}(key)) $
+- Since the app is using the same key each time we have a constant 
+    $ (H(key) \oplus H(H(key)) \oplus ... \oplus H^{1000}(key)) = h $
+- Requesting ```encrypt('\0'*100)``` we get `enc = msg ^ h = h`, since `msg=0`
+- Since we know `h`, we request the enc_flag and xor it with `h`.
+
+```python
+from pwn import *
+context.encoding='ascii'
+t = remote('localhost',1337)
+def send_hex_msg(data):
+    t.sendlineafter('ce: ','1')
+    t.sendlineafter('rypt: ',data)
+    return bytes.fromhex(t.recvline().strip().decode())
+
+def get_enc_flag():
+    t.sendlineafter('ce: ','2')
+    return bytes.fromhex(t.recvline().strip().decode())
+
+X=send_hex_msg('\0'*100) 
+enc=get_enc_flag()
+flag=xor(X,enc)
+print(flag)
+```

crypto/hshh/sol/solve.py

@@ -0,0 +1,17 @@
+from pwn import *
+context.encoding='ascii'
+t = remote('localhost',1337)
+def send_hex_msg(data):
+    t.sendlineafter('ce: ','1')
+    t.sendlineafter('rypt: ',data)
+    return bytes.fromhex(t.recvline().strip().decode())
+
+def get_enc_flag():
+    t.sendlineafter('ce: ','2')
+    return bytes.fromhex(t.recvline().strip().decode())
+
+X=send_hex_msg('\0'*100)
+enc=get_enc_flag()
+flag=xor(X,enc)
+print(flag)
+

crypto/xor-salad/challenge.yml

@@ -0,0 +1,27 @@
+name: "Xor Salad"
+author: "souvlakia"
+category: crypto
+
+description: |
+  Instead of adding each salad ingredient to the bowl, we XOR them together. Can you figure out the recipe?
+
+value: 500
+type: dynamic
+extra:
+  initial: 500
+  minimum: 50
+  decay: 25
+
+flags:
+  - GTBQ{x0r_x0r_x0r}
+
+files:
+  - public/main.py
+
+tags:
+  - crypto
+  - beginner
+  - easy
+
+state: visible
+version: "0.1"

crypto/xor-salad/public/main.py

@@ -0,0 +1,14 @@
+from Crypto.Util.number import bytes_to_long as b2l
+from secret import FLAG,A,B,C
+FLAG=b2l(FLAG)
+assert A == b2l('🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒'.encode())
+
+assert B ^ A == b2l('🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅'.encode()) ^ b2l('🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅'.encode())
+
+assert B ^ C == b2l('🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋'.encode())
+
+salad = A ^ B ^ C ^ FLAG
+
+print(salad)
+
+#32044748876454659761763649612745889488449687984965417070150788708113761729751415887526854769841329766223092305434872099365412876811500785218456935012

crypto/xor-salad/setup/main.py

@@ -0,0 +1,11 @@
+from Crypto.Util.number import bytes_to_long as b2l
+from secret import FLAG
+FLAG=b2l(FLAG)
+
+A = b2l('🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒'.encode())
+
+B = A ^ b2l('🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅'.encode()) ^ b2l('🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅'.encode())
+
+C = B ^ b2l('🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋'.encode())
+
+print(A ^ B ^ C ^ FLAG)

crypto/xor-salad/setup/secret.py

@@ -0,0 +1 @@
+FLAG=b'GTBQ{x0r_x0r_x0r}'

crypto/xor-salad/sol/solve.py

@@ -0,0 +1,11 @@
+from Crypto.Util.number import long_to_bytes as l2b, bytes_to_long as b2l
+
+out=32044748876454659761763649612745889488449687984965417070150788708113761729751415887526854769841329766223092305434872099365412876811500785218456935012
+
+A = b2l('🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒🥒'.encode())
+
+B = A ^ b2l('🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅🧅'.encode()) ^ b2l('🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅🍅'.encode())
+
+C = B ^ b2l('🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋🍋'.encode())
+
+print(l2b(A ^ B ^ C ^ out))