Participate DiceCTF 2021

Author: Qwaz

Diff for: DiceCTF/2021/garbled/block_cipher.py

@@ -0,0 +1,57 @@
+SBoxes = [[15, 1, 7, 0, 9, 6, 2, 14, 11, 8, 5, 3, 12, 13, 4, 10], [3, 7, 8, 9, 11, 0, 15, 13, 4, 1, 10, 2, 14, 6, 12, 5], [4, 12, 9, 8, 5, 13, 11, 7, 6, 3, 10, 14, 15, 1, 2, 0], [2, 4, 10, 5, 7, 13, 1, 15, 0, 11, 3, 12, 14, 9, 8, 6], [3, 8, 0, 2, 13, 14, 5, 11, 9, 1, 7, 12, 4, 6, 10, 15], [14, 12, 7, 0, 11, 4, 13, 15, 10, 3, 8, 9, 2, 6, 1, 5]]
+
+SInvBoxes = [[3, 1, 6, 11, 14, 10, 5, 2, 9, 4, 15, 8, 12, 13, 7, 0], [5, 9, 11, 0, 8, 15, 13, 1, 2, 3, 10, 4, 14, 7, 12, 6], [15, 13, 14, 9, 0, 4, 8, 7, 3, 2, 10, 6, 1, 5, 11, 12], [8, 6, 0, 10, 1, 3, 15, 4, 14, 13, 2, 9, 11, 5, 12, 7], [2, 9, 3, 0, 12, 6, 13, 10, 1, 8, 14, 7, 11, 4, 5, 15], [3, 14, 12, 9, 5, 15, 13, 2, 10, 11, 8, 4, 1, 6, 0, 7]]
+
+def S(block, SBoxes):
+    output = 0
+    for i in range(0, len(SBoxes)):
+        output |= SBoxes[i][(block >> 4*i) & 0b1111] << 4*i
+
+    return output
+
+
+PBox = [13, 3, 15, 23, 6, 5, 22, 21, 19, 1, 18, 17, 20, 10, 7, 8, 12, 2, 16, 9, 14, 0, 11, 4]
+PInvBox = [21, 9, 17, 1, 23, 5, 4, 14, 15, 19, 13, 22, 16, 0, 20, 2, 18, 11, 10, 8, 12, 7, 6, 3]
+
+def permute(block, pbox):
+    output = 0
+    for i in range(24):
+        bit = (block >> pbox[i]) & 1
+        output |= (bit << i)
+    return output
+
+def encrypt_data(block, key):
+
+    for j in range(0, 3):
+        block ^= key
+        block = S(block, SBoxes)
+        block = permute(block, PBox)
+
+    block ^= key
+
+    return block
+
+
+def decrypt_data(block, key):
+    
+    block ^= key
+    
+    for j in range(0, 3):
+        block = permute(block, PInvBox)
+        block = S(block, SInvBoxes)
+        block ^= key
+
+    return block
+
+
+def encrypt(data, key1, key2):
+    encrypted = encrypt_data(data, key1)
+    encrypted = encrypt_data(encrypted, key2)
+    return encrypted
+
+
+def decrypt(data, key1, key2):
+    decrypted = decrypt_data(data, key2)
+    decrypted = decrypt_data(decrypted, key1)
+    return decrypted
+

Diff for: DiceCTF/2021/garbled/circuit.json

@@ -0,0 +1,9 @@
+{
+    "inputs" : [1, 2, 3, 4],
+    "outputs"   : [7],
+    "gates" : [
+        {"id" : 5, "type" : "AND", "in" : [1, 2]},
+        {"id" : 6, "type" : "AND", "in" : [3, 4]},
+        {"id" : 7, "type" : "AND", "in" : [5, 6]}
+    ]
+}

Diff for: DiceCTF/2021/garbled/evaluate_garbled_circuit_example.py

@@ -0,0 +1,30 @@
+"""
+This file is provided as an example of how to load the garbled circuit
+and evaluate it with input key labels.
+
+Note: the ACTUAL `g_tables` for this challenge are in `public_data.py`, and are not used in this example.
+
+It will error if the provided inputs are not valid label keys,
+ie do not match either of the `keys` made by `generate_garbled_circuit.py`
+"""
+
+import json
+
+from yao import evaluate_circuit
+from generate_garbled_circuit import g_tables, keys
+
+
+circuit_filename = "circuit.json"
+with open(circuit_filename) as json_file:
+    circuit = json.load(json_file)
+        
+
+inputs = {}
+for i in circuit["inputs"]:
+    v = keys[i][1]
+    inputs[i] = v
+
+evaluation = evaluate_circuit(circuit, g_tables, inputs)
+print("")
+print(evaluation)
+

Diff for: DiceCTF/2021/garbled/flag.py

@@ -0,0 +1,43 @@
+import hashlib
+import json
+
+from yao import evaluate_circuit
+from public_data import g_tables
+
+
+def xor(A, B):
+    return bytes(a ^ b for a, b in zip(A, B))
+
+
+##########################################################
+
+
+circuit_filename = "circuit.json"
+with open(circuit_filename) as json_file:
+    circuit = json.load(json_file)
+
+
+inputs = {
+    1: 11693387,
+    2: 11338704,
+    3: 7371799,
+    4: 2815776,
+}
+
+evaluation = evaluate_circuit(circuit, g_tables, inputs)
+print(evaluation)
+
+
+##########################################################
+
+
+msg = "{}:{}:{}:{}".format(inputs[1], inputs[2], inputs[3], inputs[4])
+msg = msg.encode('ascii')
+
+m = hashlib.sha512()
+m.update(msg)
+m.digest()
+
+xor_flag = b'\x90),u\x1b\x1dE:\xa8q\x91}&\xc7\x90\xbb\xce]\xf5\x17\x89\xd7\xfa\x07\x86\x83\xfa\x9b^\xcb\xd77\x00W\xca\xceXD7'
+
+print(xor(m.digest(), xor_flag))

Diff for: DiceCTF/2021/garbled/generate_garbled_circuit.py

@@ -0,0 +1,17 @@
+from yao import GarbledCircuit
+import json
+
+
+circuit_filename = "circuit.json"
+with open(circuit_filename) as json_file:
+    circuit = json.load(json_file)
+
+# creates a new garbled circuit each time
+gc = GarbledCircuit(circuit)
+
+g_tables = gc.get_garbled_tables()
+keys = gc.get_keys()
+
+
+print("g_tables = {}".format(repr(g_tables)))
+print("\nkeys = {}".format(repr(keys)))

Diff for: DiceCTF/2021/garbled/obtain_flag.py

@@ -0,0 +1,58 @@
+"""
+once you've found the input labels which make the circuit return `true`,
+then concatenate them together, hash them,
+and xor with the provided string to obtain the flag
+"""
+
+import hashlib
+import json
+
+from yao import evaluate_circuit
+from public_data import g_tables
+from private_data import keys, flag
+
+
+def xor(A, B):
+    return bytes(a ^ b for a, b in zip(A, B))
+
+
+##########################################################
+
+
+circuit_filename = "circuit.json"
+with open(circuit_filename) as json_file:
+    circuit = json.load(json_file)
+    
+
+# ?????????????????
+inputs = {
+ 1: ?????????????????,
+ 2: ?????????????????,
+ 3: ?????????????????,
+ 4: ?????????????????
+}
+
+
+evaluation = evaluate_circuit(circuit, g_tables, inputs)
+
+# circuit should return `true`
+for i in circuit['outputs']:
+    assert evaluation[i] == keys[i][1]
+
+
+##########################################################
+
+
+msg = "{}:{}:{}:{}".format(inputs[1], inputs[2], inputs[3], inputs[4])
+msg = msg.encode('ascii')
+
+m = hashlib.sha512()
+m.update(msg)
+m.digest()
+
+xor_flag = b'\x90),u\x1b\x1dE:\xa8q\x91}&\xc7\x90\xbb\xce]\xf5\x17\x89\xd7\xfa\x07\x86\x83\xfa\x9b^\xcb\xd77\x00W\xca\xceXD7'
+
+
+print( xor(m.digest(), xor_flag) )
+
+assert xor(m.digest(), xor_flag) == flag

Diff for: DiceCTF/2021/garbled/output.txt

@@ -0,0 +1,18 @@
+Ungarbling Gate 5
+Valid Combination Found
+(11693387, 188483) => 16554183
+(11693387, 11338704) => 2692508
+(12215201, 188483) => 16554183
+(12215201, 11338704) => 16554183
+Ungarbling Gate 6
+Valid Combination Found
+(7371799, 5588127) => 7903130
+(7371799, 2815776) => 15328025
+(9872293, 5588127) => 7903130
+(9872293, 2815776) => 7903130
+Ungarbling Gate 7
+Valid Combination Found
+(16554183, 15328025) => 2938161
+(16554183, 7903130) => 2938161
+(2692508, 15328025) => 13264649
+(2692508, 7903130) => 2938161

Diff for: DiceCTF/2021/garbled/public_data.py

@@ -0,0 +1,12 @@
+g_tables = {5: [(5737111, 2983937),
+  (15406556, 16284948),
+  (14172222, 14132908),
+  (4000971, 16383744)],
+ 6: [(8204186, 1546264),
+  (229766, 3208405),
+  (9550202, 13483954),
+  (13257058, 5195482)],
+ 7: [(1658768, 11512735),
+  (1023507, 9621913),
+  (7805976, 1206540),
+  (2769364, 9224729)]}

Diff for: DiceCTF/2021/garbled/solver/.gitignore

@@ -0,0 +1 @@
+/target

Diff for: DiceCTF/2021/garbled/solver/Cargo.lock

@@ -0,0 +1,10 @@
+[package]
+name = "solver"
+version = "0.1.0"
+authors = ["Yechan Bae <[email protected]>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+once_cell = "1.5.2"