avatarItchishiki Satoshi

Summary

This content discusses the solution to a programming challenge from WhiteHat Grand Prix 06 - Quals 2020, focusing on the Programming 01 challenge, and provides the Blockchain - Misc challenge.

Abstract

The content presents a write-up of the solution to the Programming 01 challenge from WhiteHat Grand Prix 06 - Quals 2020, which requires finding the number of possible triangles created by N (1 to N) natural numbers, where N is less than 10^6. The author describes their approach, which involves using a brute-force program to find the right triangle and then implementing a calculation formula to get the flag. The content also presents the Blockchain - Misc challenge, which involves decrypting a password-protected ZIP file using the private keys of vulnerable RSA keys. The author provides the solution, which involves decoding the password using the private keys and then scanning a QR code to obtain the flag.

Opinions

  • The author emphasizes the importance of mathematical formulas for solving programming challenges, particularly those involving large numbers.
  • The author highlights the vulnerability of RSA keys with short public keys, which can be easily factored and used to decrypt encrypted messages.
  • The author suggests that the checking mechanism for blockchain applications in IoT systems may be removed or inadequate, leading to potential security vulnerabilities.
  • The author notes that the Blockchain - Misc challenge is a disguised crypto challenge, despite its title.
  • The author emphasizes the importance of scanning QR codes to obtain the flag in some challenges.
  • The author provides a detailed solution to both challenges, which may be helpful for other participants or those interested in learning about programming and cryptography.
  • The author encourages readers to enjoy the challenges and suggests following Infosec Write-ups for more such write-ups.

[Write-up] Programming 01 & Blockchain — WhiteHat Grand Prix 06 — Quals 2020

Programming 01

Question

nc 15.164.75.32 1999

Answer

PROGRAMING - WHITEHAT GRANDPRIX 06:

--> COUNT THE NUMBER OF POSSIBLE TRIANGLES <--

HOW MANY TRIANGLES ARE CREATED BY N (1..N) NUMBER. N < 10^6

Example:  N = 5
OUTPUT : 3 

(2,3,4),(3,4,5),(2,4,5)
................/\...................|\...................
.............../  \..................| \..................
............../    \.................|  \.................
............./      \................|   \................
............/        \...............|    \...............
.........../          \..............|     \..............
........../____________\.............|______\.............

n = 11
Answer: %

So the problem requires finding the number of triangles whose sides are integers, which can be created with natural numbers from 1 to N. Because N is very large (> 99999), it is highly likely that there will be a mathematical formula For the answer, we can google or sit and analyze the algorithm. But I am ignorant, so I will google :(( . Quick code 1 program to find the right triangle for the purposes of the problem:

then try to run with small N (4, 5, 6, 7, …), we get following sequence:

➜  whqual2020 python brute_triangle.py
1
3
7
13
22
34

Google it and get https://oeis.org/A173196

a(n-1) is the number of integer-sided scalene triangles with largest side <= n, including degenerate (i.e., collinear) triangles. a(n-2) is the number of non-degenerate integer-sided scalene triangles. — Alexander Evnin, Oct 12 2010

OK, so the remaining job is to implement the calculation formula, connect and get the flag (note the offset of N in question against n of the sequence):

Run and get the flag

So the flag is WhiteHat{Y0u_h4v3_4_Sm4rt_Br41n}

Blockchain — Misc

Question

Blockchain application in IOT system.
Using vulnerable chipset to generate public keys.

http://52.78.210.118/Blockchain.zip

Answer

At first glance at the title, I thought that there would be something related to blockchain with hash, timestamp, block, and so on, but once done, it was simply a disguised crypto post 😧. Unzip the file we have:

.
├── 34a7370734caff5d129ad355f78f3ccf.pem
├── 8a95963d7bedd2b81ad09cd1838c7a4d.pem
├── block1.json
├── block2.json
├── block3.json
└── flag.zip

The flag.zip file inside has a flag.txt file with a password, our task will be to find the password to decode this file. Reviewing the 2 pem files, the public key is very short, adding a hint to the article Using vulnerable chipset to generate public keys. it is possible that the factor will be or these 2 public keys will have the same factor. And it is true that the problem is in the second direction. We quickly find the corresponding p and q for 2 keys:

# 8a95963d7bedd2b81ad09cd1838c7a4d

p1 = 1091951834898382993408357240646061116416467734213916798265279491274843400183
q1 = 968357930958770928862265655524254201820039464684491130864944605493368598601

# 34a7370734caff5d129ad355f78f3ccf
p2 = 1091951834898382993408357240646061116416467734213916798265279491274843400183
q2 = 3602083547017910155331521957638413821351348404017103506647493207187611603783

check it out block1.json

{
  "data_block": [
    {
      "34a7370734caff5d129ad355f78f3ccf": {
        "messger": "864826346328927043007924641380681736981324987926997370887020532699182309378599192043216478265476219278213123962074508284028662403643532629433329761492"
      }
    },
    {
      "8a95963d7bedd2b81ad09cd1838c7a4d": {
        "messger": "259242051785557714557594066190019826465030870294179284671916925100489488841761299528416294893049464518482888070747927907550583942630013791833474340284"
      }
    }
  ]
}

We tried decrypt with the corresponding private key for the 2 messages will produce a plaintext, and surprisingly, both block 2 and block 3 can do the same (regardless of the front block? !!, seems to be due the checking is removed, leaving only the data inside). Quick code decoding file:

And run code:

➜  whqual2020 python blockchain.py 
Password using open flag.zip
Do you understand the blockchain?
Password = Password1+Password2
flag in flag.txt
Password2:'D@V!4P##Ij'
Password1:'irVOwoJR7d'

Using password irVOwoJR7dD@V!4P##Ij to unzip the file flag.zip we get a new file with content is base64, decode it to get a QR code image. Scan QR code then we capture the flag:

Flag: Whitehat{the_ flag_blockchain_ iot}

Enjoy it guys.

Follow Infosec Write-ups for more such awesome write-ups.

Bitcoin
Ctf
Writeup
Whitehat
2020
Recommended from ReadMedium
avatarOm Arora
RECON IS IMPORTANT !!! In Depth Recon Methodology Bug Bounty Part 01

Hello Everyone,

5 min read
avatarShaikh Minhaz
Bug Bounty Methodology — Step By Step Guide To Find Subdomains And Vulnerable URLs

Everybody in cybersecurity wants to do bug bounty, find some bugs, and earn bounties. Nowadays, people are getting very tempted by seeing…

4 min read
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarembossdotar
TryHackMe — Advanced SQL Injection — Writeup

Key points: SQLi | SQL injection | In-band SQLi | Out-of-band SQLi | Inferential SQLi | Error-Based SQLi | Union-Based SQLi |…

4 min read
avatarvic
Bug Bounty Programs Launched in August 2024

Introduction

2 min read
avatarAxoloth
TryHackMe | XSS | WriteUp

Explore in-depth the different types of XSS and their root causes.

3 min read