This week I have been solving the challenges at cryptohack.org. The past three days were a blast. Bit fiddling, hex buckling adventure. Did my last CTF more than a decade ago. There’s a mix of math, coding, and brain teasers.
The challenges are grouped in the following categories.
- General
- Mathematics
- Block Ciphers
- RSA
- Diffie-Hellman
- Elliptic Curves
- Miscellaneous
- Crypto on the Web
I’m bad at math so most of my points are from the problems that required coding and brain teasers. Wished I had a fast desktop machine for the challenges that can be bruteforced. Found the Elliptic Curves challenges the hardest. Going through all the categories would be rewarding. Creating a cryptographic anything or breaking a crypto something need not be a goal. Any burgeoning cybersecurity practitioner needs to be familiar with the broad subject of cryptography.
The challenges make extensive use of Python both in solutions and problems. You will read and reverse a lot of Python code. Stared at Python for hours. I find comprehensions and busy one-liners hard to read. Maybe that’s why I like Lua and Go a lot. I also found writing the solutions in Lua satisfying. I had to extend the crypto module of Ladylua to include various encoding and XOR functions. Also had to add a socket module for interacting with the various challenge services.
A part of the Crypto on the Web challenges require you to use an old vulnerable version of a Python module. I’m reminded of the awful state
of handling Python dependencies. I have skipped those even if they seem solvable to me. So far have exercised or refreshed my knowledge of hashing, encoding, ciphers. Learned more about JWT, and even about the PNG format. At one point I was creating PNGs from /usr/bin/printf and cat.
Some of the challenges can be solved using the command line tools available by default on Linux. On the top of my head, I have used at least
the following: base64 nc xxd bc openssl sed ssh-keygen tr hexdump. To round it up. Read a lot of Python and wrote some too. Wrote Lua and Go. Solved some on the command line and Python REPL.
Very few from my country have done the challenges. No bragging rights getting a 1st place or those Internet points. Might get my other points from the Miscellaneous and Crypto on the Web categories.
Overall presentation and challenges are fun. Learned a lot. Great job by the creators.