Category: Crypto

Points: 482 (10 solves)

Overview

In this challenge we are given a custom Feistel cipher network, and we need to perform a known-plaintext key recovery, the attack must be online and take less than 4 minutes. I solved this in a unintended way as I managed to solve it with Gröbner basis, instead of the intended interpolation attack.

Cipher analysis

The cipher we are given implements a 7 round Feistel network with a block size of 16.

The round function it implemented as follows, where key is the $i$-th round subkey

def _f(self, l: int, r: int, key: int) -> int:
	return l ^ sbox(r ^ key, n=self._block_size * 4)

SBOX

The SBOX works over $K = GF(2)[x]/\langle x^{64} + x^4 + x^3 + x + 1 \rangle$ and implements the map $f: x \mapsto x^{2^{64} - 2} + x^{24} + x^{22} + x^{20} + x^{19} + x^{17} + x^{16} + x^{15} + x^{13} + x^{12} + x^{11} + x^7 + x^5 + x^4 + x^2 + x$, which is the same as $f: x \mapsto x^{-1} + x^{24} + x^{22} + x^{20} + x^{19} + x^{17} + x^{16} + x^{15} + x^{13} + x^{12} + x^{11} + x^7 + x^5 + x^4 + x^2 + x$

Notice that this is an invertible function.

Category: Rev

Difficulty: Insane

Points: 493 (9 solves)

Challenge Description

Mcvaru skate aka skate homie is trying to put in some practice at skatepark IOR, but scooter kids keep getting in his way and snaking him. Out of anger he yells at one of the kids, but it's 2023, scooter kids have evolved. They now demand some sort of code if you want them to move. Find the flag and help varu skate land a hardflip at the 6 stair.

PS: ./compiler program password

Overview

In this challenge we are given a compiler and file containing some custom assembly code (skatepark.IOR). The compiler takes in said file and a passwords and runs the custom assembly with the password as input.

Looking at the IOR file we can guess what some of the instructions do and how the compiler works in general: