"C" for "CTF" and "C" for Cryptography

BSides Noida Cyber Security Conferences (August 14-15, 2021)

Originally published at https://bsidesnoida.in/crypto.html (Although the site is currently down, you can still read the article here)

Before starting, I'm assuming you have searched about these two questions at some point in time :

1. "What is cryptography?"

2. "Where do we use it and why?

I'm sure you've gone through some theory parts while reading the answers, so let's move to the fun part rather than the usual theory here!

Have you heard the story of Doge, Isabelle, and Karen? It's something like this...

One day Isabelle sent a message to Doge asking him for some financial help. She clearly mentioned the amount to be $500 and she also mentioned that she would return the amount as soon as possible.

After receiving the message Doge was shocked to see the amount to be $5,000,000.

Who changed the amount and how? Yes, you're right! It was Karen. It's not a big deal to eavesdrop or use any other trick to know the messages as they didn't use a secure way to communicate. Here comes the use of Cryptography. Let's continue the story.

Now that they know the importance of secure communication, they decided to encrypt their messages while sending and decrypt them while receiving. They have one key each for doing this job.

Doge asks Isabelle for some business papers and mentions the time to be exactly 5 PM. Isabelle received the message and it was written that she should meet him at 4 PM.

Who did this now? It's Karen again! She somehow managed to break the encryption, read the message, and change it. Here comes the use of strong and secure protocols so that we have an edge over adversaries.

---

Why should you choose Cryptography in CTFs?

✅ You can guess the ciphers very well. ✅ You were born to decrypt things. ✅ You think you know the Encryption. ✅ You are from a Mathematician Family/you love maths. ✅ You can cry a lot when the challenge is hard/your script fails every time. ✅ Sometimes Reverse engineers ask for your help and you feel like a "Crypto God".

✅ It's fun to do. ✅ You learn something new when you fail.

---

Cryptography Challenges in Capture The Flag (CTF) Competitions

The difficulty level of the challenges in a good CTF varies from complete beginner to hard/insane which touches lots of domains in this category.

My advice for a complete beginner would be:

1. Look at every challenge because each one is unique in its own way. Then decide which you can solve fast and keep the heavy researching part for the hard challenges.

2. Try to search the keywords related to the challenge to find the related resources.

3. Go through the writeups of past CTFs and you might find something valuable if not, you just read a valuable writeup and learned something new.

---

Handy tools for Cryptography

✅ Smooth Brain. ✅ Enough Sleep.

There are many available tools to make your life easy while solving CTF Challenges. Some basics tools are:

1. Any programing language in which you prefer to write your scripts. ( I prefer python3 for the availability of lots of modules and it's easy to use)
2. Some python3 packages that I use:

   • pycryptodome

   • labmath

   • numpy

   • sympy

   • gmpy or gmpy2 ( install these first libgmp3-dev libmpc-dev )

   • pwntools (optional - for remote interaction only)

3. Sagemath

---

1. Some Basics

Now, let's jump to some basics and get our hands dirty with the implementation of everything we learn. I'll be using python3 for most of them but you can choose anything you prefer.

Bases

Some theory part: https://en.wikipedia.org/wiki/Radix

Python3 implementations:

>>> n = 123                 # decimal form
>>> bin(n)                  # decimal to binary
'0b1111011'
>>> int('1111011', base=2)  # binary to decimal
123
>>> hex(n)                  # decimal to hexadecimal
'0x7b'
>>> int('0x7b', base=16)    # hexadecimal to decimal
123
>>> oct(n)                  # decimal to octal
'0o173'
>>> int('0o173',8)          # octal to decimal
123
>>>
>>> # Some miscellaneous handy tricks
>>>
>>> a = int.from_bytes(b'test', 'big')          # bytes to long integers
>>> a
1952805748
>>> a.to_bytes((a.bit_length()+7)//8, 'big')    # long integers to bytes
b'test'
>>> bytes.fromhex(hex(a)[2:])   # does the same
b'test'

Along with this, sometimes we might have to work with other base systems. Let's take a look at them.

• Base32 - https://en.wikipedia.org/wiki/Base32
• Base64 - https://en.wikipedia.org/wiki/Base64
• Base85 - https://en.wikipedia.org/wiki/Ascii85

Python3 implementations:

>>> import base64
>>> base64.b64encode(b'secret in base64')
b'c2VjcmV0IGluIGJhc2U2NA=='
>>> base64.b64decode(b'c2VjcmV0IGluIGJhc2U2NA==')
b'secret in base64'
>>> base64.b32encode(b'secret in base32')
b'ONSWG4TFOQQGS3RAMJQXGZJTGI======'
>>> base64.b32decode(b'ONSWG4TFOQQGS3RAMJQXGZJTGI======')
b'secret in base32'
>>> base64.b85encode(b'secret in base85')
b'b7f<4Wpp5EZXjY|b7eR+'
>>> base64.b85decode(b'b7f<4Wpp5EZXjY|b7eR+')
b'secret in base85'

PS: There are many other base systems but we rarely use them.

Thanks for reading! Feel free to reach out on any of the social platforms given below.

The next topic will be #Classical Cryptosystems

Stay tuned! Stay Safe!

Author - Rey (CTF Player @DarkArmy) Discord - rey#7813 Twitter - https://twitter.com/r3yc0n1c Github - https://github.com/r3yc0n1c LinkedIn - https://www.linkedin.com/in/raja-majumdar