diff --git a/Cryptography/bcc/README.md b/Cryptography/bcc/README.md new file mode 100644 index 0000000..ca59c68 --- /dev/null +++ b/Cryptography/bcc/README.md @@ -0,0 +1,3 @@ +# BCC + +to-do \ No newline at end of file diff --git a/Cryptography/bcc/challenge.yml b/Cryptography/bcc/challenge.yml new file mode 100644 index 0000000..f036a05 --- /dev/null +++ b/Cryptography/bcc/challenge.yml @@ -0,0 +1,29 @@ +name: "BCC" +category: Cryptography +description: |- + Beelliptic Curve Cryptography, or BCC, is a cryptographic scheme based on the mathematical properties of bees and elliptic curves. Buzzing with security, BCC offers a unique approach to encryption and digital signatures, making it a sweet choice for protecting sensitive information in the digital age. Your task is to exploit the weaknesses in the BCC implementation to retrieve the flag. + + Author: ringoshiro + +##### DON'T CHANGE +value: 500 +type: dynamic +extra: + initial: 500 + decay: 30 + minimum: 100 +##### DON'T CHANGE + +flags: + - BEECTF{4uth0r_n33d5_r3st_n0w...} + +tags: + - medium + +files: + - dist/chall.py + - dist/output.txt + +state: hidden + +version: "0.1" diff --git a/Cryptography/bcc/dist/chall.py b/Cryptography/bcc/dist/chall.py new file mode 100644 index 0000000..0958575 --- /dev/null +++ b/Cryptography/bcc/dist/chall.py @@ -0,0 +1,43 @@ +from secret import p, a, b, G, BETA + +def add(P, Q, a, p): + if P is None: + return Q + if Q is None: + return P + x1, y1 = P + x2, y2 = Q + if x1 == x2 and (y1 != y2 or y1 == 0): + return None + if x1 == x2: + m = (3 * x1 * x1 + a) * pow(2 * y1, -1, p) % p + else: + m = (y2 - y1) * pow(x2 - x1, -1, p) % p + x3 = (m * m - x1 - x2) % p + y3 = (m * (x1 - x3) - y1) % p + return (x3, y3) + +def mul(k, P, a, p): + R0 = None + R1 = P + for bit in bin(k)[2:]: + if bit == '0': + R1 = add(R0, R1, a, p) + R0 = add(R0, R0, a, p) + else: + R0 = add(R0, R1, a, p) + R1 = add(R1, R1, a, p) + return R0 + +flag = int.from_bytes(b"BEECTF{xxxxxxxxxxxxxxxxxxxxxxxx}") +kprime = (flag + BETA) % (p - 1) + +Gx = G[0] +Qx = mul(kprime, G, a, p)[0] +Rx = mul(BETA, G, a, p)[0] + +print(f'{p = }') +print(f'{a = }') +print(f'{Gx = }') +print(f'{Qx = }') +print(f'{Rx = }') \ No newline at end of file diff --git a/Cryptography/bcc/dist/output.txt b/Cryptography/bcc/dist/output.txt new file mode 100644 index 0000000..03009c8 --- /dev/null +++ b/Cryptography/bcc/dist/output.txt @@ -0,0 +1,5 @@ +p = 3059506932006842768669313045979965122802573567548630439761719809964279577239571933 +a = 2448848303492708630919982332575904911263442803797664768836842024937962142592572096 +Gx = 1175626665511163128867519385055567089318632886502007689116591740322574196248254667 +Qx = 1692192797051786849921937448962108889305900850182074908387601492835973879030967392 +Rx = 432244659212727282574552361819256527291075425049776311256018620682846747709939971 \ No newline at end of file diff --git a/Cryptography/bcc/src/flag.txt b/Cryptography/bcc/src/flag.txt new file mode 100644 index 0000000..1b64480 --- /dev/null +++ b/Cryptography/bcc/src/flag.txt @@ -0,0 +1 @@ +BEECTF{4uth0r_n33d5_r3st_n0w...} \ No newline at end of file