From 6d98aa2237fd71e9fc9d95c598467eb27362641c Mon Sep 17 00:00:00 2001 From: Philipp Nowak Date: Sun, 19 Jan 2020 04:08:27 +0100 Subject: [PATCH] Add crypto note --- writeups/litplus/otw19.md | 11 +++++------ writeups/litplus/otw19/A0Intro.md | 2 +- writeups/litplus/otw19/Adv-02.md | 9 ++++----- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/writeups/litplus/otw19.md b/writeups/litplus/otw19.md index 93b0b24..61c5148 100644 --- a/writeups/litplus/otw19.md +++ b/writeups/litplus/otw19.md @@ -14,7 +14,7 @@ Challenges participated in: Total time spent: 39.75 hours (+ 4 hours for writeups) -- More effort TBD ### Personal Reflection -Since the guidelines require that the whole writeup be in a single file, this has been merged by a very sophisticated shell script. The source files for the individual challenges are located in the [`writeups/litplus/otw19`](..) directory and match the RegEx `Adv-\d{2}.md`. +Since the guidelines require that the whole writeup be in a single file, this has been merged by a very sophisticated shell script. The source files for the individual challenges are located in the [`writeups/litplus/otw19`](/writeups/litplus/otw19) directory and match the RegEx `Adv-\d{2}.md`. In general, this CTF was very fun and interesting to play! I originally planned to do more work before Christmas, but other courses sadly did not like this idea *at all*. However, Summer ADVENTure was very interesting, so I continued figuring our more and more things. In the end, it ended up eating most of my Christmas break nights, but I think that I learned a lot of new things. I was surprised that I was able to play such a major part in solving three of the challenges. Another great thing was that I got to play around writing non-trivial Python applications, which is something I had wanted to do for some time anyways. @@ -229,11 +229,10 @@ As `@Hetti` revealed in Mattermost, the intended solution was to use an item dup The way this bug worked was that the server accepted a list of inventories as move target. So, the player was able to move a single item to two inventories at the same time, duplicating it. This can be repeated to obtain expensive items, which have a very large value margin, yielding funds for the flag quickly. I created a [Proof of Concept server](https://gitlab.w0y.at/ctfs/overthewire-advent-bonanza-2019/blob/master/day-02/dupe_server.py#L117), which duplicates items reliably. Those can be sold in the real client, but I wasn't able to get it to work automatically (probably some dumb mistake). However, we already had the flag at this time, so I did not put in further effort. -### Lessons Learned - * Just because the encryption *seems* like a (reused) One-Time-Pad, doesn't mean it is - * Discovering a very weird format might just mean you're not thinking outside of the box enough, consider how likely challenges could be solved (e.g. here, if I want a standardised protocol, I'll probably use a library that can use the same model on server and client) - * It's always an item duplication - * Python is cool +Possibly related, in the [suggested solution](https://github.com/OverTheWireOrg/advent2019/tree/master/advent-challenges/2019-12-02_rev3/solution), the bug is described as moving from an inventory to itself. + +Also, the constant auxilliary stream we assumed is not quite correct. The [actual implementation](https://github.com/OverTheWireOrg/advent2019/blob/master/advent-challenges/2019-12-02_rev3/common/EncryptedStream.cs) uses AES in ECB mode. However, this amounts to the same behaviour as we assumed and is also the suggested solution. + --- day-23 Gr8 Escape diff --git a/writeups/litplus/otw19/A0Intro.md b/writeups/litplus/otw19/A0Intro.md index 94ec8b3..4ccfc3a 100644 --- a/writeups/litplus/otw19/A0Intro.md +++ b/writeups/litplus/otw19/A0Intro.md @@ -14,7 +14,7 @@ Challenges participated in: Total time spent: 39.75 hours (+ 4 hours for writeups) -- More effort TBD ### Personal Reflection -Since the guidelines require that the whole writeup be in a single file, this has been merged by a very sophisticated shell script. The source files for the individual challenges are located in the [`writeups/litplus/otw19`](..) directory and match the RegEx `Adv-\d{2}.md`. +Since the guidelines require that the whole writeup be in a single file, this has been merged by a very sophisticated shell script. The source files for the individual challenges are located in the [`writeups/litplus/otw19`](/writeups/litplus/otw19) directory and match the RegEx `Adv-\d{2}.md`. In general, this CTF was very fun and interesting to play! I originally planned to do more work before Christmas, but other courses sadly did not like this idea *at all*. However, Summer ADVENTure was very interesting, so I continued figuring our more and more things. In the end, it ended up eating most of my Christmas break nights, but I think that I learned a lot of new things. I was surprised that I was able to play such a major part in solving three of the challenges. Another great thing was that I got to play around writing non-trivial Python applications, which is something I had wanted to do for some time anyways. diff --git a/writeups/litplus/otw19/Adv-02.md b/writeups/litplus/otw19/Adv-02.md index 56815c9..d81b97e 100644 --- a/writeups/litplus/otw19/Adv-02.md +++ b/writeups/litplus/otw19/Adv-02.md @@ -202,10 +202,9 @@ As `@Hetti` revealed in Mattermost, the intended solution was to use an item dup The way this bug worked was that the server accepted a list of inventories as move target. So, the player was able to move a single item to two inventories at the same time, duplicating it. This can be repeated to obtain expensive items, which have a very large value margin, yielding funds for the flag quickly. I created a [Proof of Concept server](https://gitlab.w0y.at/ctfs/overthewire-advent-bonanza-2019/blob/master/day-02/dupe_server.py#L117), which duplicates items reliably. Those can be sold in the real client, but I wasn't able to get it to work automatically (probably some dumb mistake). However, we already had the flag at this time, so I did not put in further effort. -### Lessons Learned - * Just because the encryption *seems* like a (reused) One-Time-Pad, doesn't mean it is - * Discovering a very weird format might just mean you're not thinking outside of the box enough, consider how likely challenges could be solved (e.g. here, if I want a standardised protocol, I'll probably use a library that can use the same model on server and client) - * It's always an item duplication - * Python is cool +Possibly related, in the [suggested solution](https://github.com/OverTheWireOrg/advent2019/tree/master/advent-challenges/2019-12-02_rev3/solution), the bug is described as moving from an inventory to itself. + +Also, the constant auxilliary stream we assumed is not quite correct. The [actual implementation](https://github.com/OverTheWireOrg/advent2019/blob/master/advent-challenges/2019-12-02_rev3/common/EncryptedStream.cs) uses AES in ECB mode. However, this amounts to the same behaviour as we assumed and is also the suggested solution. + --- -- 2.43.0