Initial Commit

Author: Joshua Liu

.gitattributes

@@ -0,0 +1,4 @@
+rev/nlibs/attachments/nlibs.tar.gz filter=lfs diff=lfs merge=lfs -text
+rev/nlibs-baby/attachments/baby.tar.gz filter=lfs diff=lfs merge=lfs -text
+misc/nmpz1/challenge/public/img.tar.gz filter=lfs diff=lfs merge=lfs -text
+misc/minecraft-hacked/challenge/idek.tar.gz filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1,138 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+# Python
+__pycache__/
+
+*.pyc
+
+# kctf
+kctf/

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "crypto/tensor-galore/challenge/vector-bundles-sagemath"]
+	path = crypto/tensor-galore/challenge/vector-bundles-sagemath
+	url = https://git.disroot.org/montessiel/vector-bundles-sagemath.git
+[submodule "crypto/tensor-galore/healthcheck/vector-bundles-sagemath"]
+	path = crypto/tensor-galore/healthcheck/vector-bundles-sagemath
+	url = https://git.disroot.org/montessiel/vector-bundles-sagemath.git

README.md

@@ -0,0 +1,9 @@
+# idekCTF 2024 
+idekCTF 2024 public challenge repository
+
+Notes:
+- All challenges which require a remote service is deployable using [kctf](https://google.github.io/kctf/google-cloud.html)
+- Any writeups from authors or competitors will be in the challenge's `README.md`
+- A majority of challenge contain a full solve script in `healthcheck/healthcheck.py`
+- Our instancer is in `klodd`
+- Our admin bot (which is outdated by 2 years) is in `terraform`

crypto/Heaven-or-Hell/README.md

@@ -0,0 +1,7 @@
+# Heaven or Hell
+**Category:** Crypto
+**Difficulty:** Medium
+**Author:** EggRoll
+
+## Description
+Do you believe in fate? 

crypto/Heaven-or-Hell/attachments/server.sage

@@ -0,0 +1,112 @@
+primes = list(prime_range(3,117))
+p = 4 * prod(primes) - 1
+base = bytes((int(p).bit_length() + 7) // 8)
+Fp = GF(p)
+
+def from_weierstrass(EC):
+	a, b = EC.a4(), EC.a6()
+	F = EC.base_field()
+	PR = PolynomialRing(F, name="z")
+	z = PR.gens()[0]
+	roots = (z**3 + a*z + b).roots()
+	assert len(roots) > 0
+	alpha = roots[0][0]
+	s = (3*alpha**2 + a).sqrt() ** (-1)
+	return -3 * (-1)**s.is_square() * alpha * s
+
+def to_weierstrass(A):
+	while True:
+		B = Fp.random_element()
+		if B.is_square() and B != 0:
+			break
+	a = (3 - A**2) * pow(3 * B**2, -1, p)
+	b = (2 * A**3 - 9 * A) * pow(27 * B**3, -1, p)
+	return EllipticCurve(Fp, [a, b])
+
+def group_action(pub, priv):
+	es = priv.copy()
+	A = pub
+	assert len(es) == len(primes)
+	EC = to_weierstrass(A)
+	while True:
+		if all(e == 0 for e in es):
+			break
+		x = Fp(randint(1, p-1))
+		r = Fp(x ** 3 + A * x ** 2 + x)
+		s = kronecker_symbol(r, p)
+		assert (2 * is_square(r)) - 1 == s
+		I = [i for i, e in enumerate(es) if sign(e) == s]
+		if len(I) == 0:
+			continue
+		if s == -1:
+			EC = EC.quadratic_twist()
+		while True:
+			tmp = EC.random_element()
+			if not tmp.is_zero():
+				break
+		x = tmp.xy()[0]
+		t = prod([primes[i] for i in I])
+		P = EC.lift_x(x)
+		assert (p + 1) % t == 0
+		Q = ((p + 1) // t) * P
+		for i in I:
+			assert t % primes[i] == 0
+			R = (t // primes[i]) * Q
+			if R.is_zero():
+				continue
+			phi = EC.isogeny(R)
+			EC = phi.codomain()
+			Q = phi(Q)
+			assert t % primes[i] == 0
+			t = t // primes[i]
+			es[i] -= s
+		if s == -1:
+			EC = EC.quadratic_twist()
+	return from_weierstrass(EC)
+
+def truncated(n, ratio):
+
+	kbits = int(n.bit_length() * ratio)
+	return (n >> kbits) << kbits
+
+class CSIDH:
+
+	def __init__(self):
+		self.priv = [randint(-2, 2) for _ in primes]
+		self.pub = group_action(0, self.priv)
+
+	def getPublic(self):
+		return self.pub
+
+	def getShare(self, other):
+		return group_action(other, self.priv)
+
+Angel, Devil = CSIDH(), CSIDH()
+print(f"Angel's Public Key = {Angel.getPublic()}")
+print(f"Devil's Public Key = {Devil.getPublic()}")
+
+choice = input("Deal with [A]ngel or [D]evil? Make your choice carefully: ")
+if choice == "A":
+	for i in range(5):
+		A = int(input("Enter the montgomery coefficient: "))
+		print(truncated(int(Angel.getShare(A)), 0.4))
+elif choice == "D":
+	for i in range(4):
+		D = int(input("Enter the montgomery coefficient: "))
+		print(truncated(int(Devil.getShare(D)), 0.3))
+else:
+	print("Ok ... You are from Super Guesser, right?")	
+
+S = int(Angel.getShare(Devil.getPublic()))
+if int(input("Did Angel or Devil tell your the secret: ")) == S:
+	try:
+		f = open('flag.txt','r')
+		FLAG = f.read()
+		f.close()
+	except:
+		FLAG = "idek{debug}"
+	print(f"FLAG = {FLAG}")
+else:
+	print("G_G")
+
+

crypto/Heaven-or-Hell/challenge.yaml

@@ -0,0 +1,14 @@
+apiVersion: kctf.dev/v1
+kind: Challenge
+metadata:
+  name: heaven-or-hell
+spec:
+  deployed: true
+  powDifficultySeconds: 0
+  network:
+    public: true
+  healthcheck:
+    # TIP: disable the healthcheck during development
+    enabled: true
+    image: us.gcr.io/idekctf-374221/heaven-or-hell-healthcheck:43385b359212a69207cda5e7d2f4ed7336c22841905a3add073dc29c17718205
+  image: us.gcr.io/idekctf-374221/heaven-or-hell-challenge:51746d19c08f367d629a1198372ea994a2d306b15ab445dc661874247a894858

crypto/Heaven-or-Hell/challenge/Dockerfile

@@ -0,0 +1,25 @@
+FROM sagemath/sagemath:latest AS chroot
+
+USER root
+
+RUN apt-get update && apt-get install -y socat python3 python3-pip && rm -rf /var/lib/apt/lists/*
+RUN sage -pip install pycryptodome
+
+RUN mkdir -m 777 /app
+
+USER sage
+
+COPY server.sage /app/
+COPY flag.txt /app/
+
+WORKDIR /app
+
+RUN sage --preparse server.sage
+
+FROM gcr.io/kctf-docker/challenge@sha256:eb0f8c3b97460335f9820732a42702c2fa368f7d121a671c618b45bbeeadab28
+
+COPY --from=chroot / /chroot
+
+COPY nsjail.cfg /home/user/
+
+CMD ["bash", "-c", "kctf_setup && kctf_drop_privs socat TCP-LISTEN:1337,reuseaddr,fork EXEC:\"kctf_pow nsjail --config /home/user/nsjail.cfg --cwd /app -- /usr/bin/sage --nodotsage server.sage.py\""]

crypto/Heaven-or-Hell/challenge/flag.txt

@@ -0,0 +1 @@
+idek{wh0_t3lls_y0u_th3_s3cr3t!}

crypto/Heaven-or-Hell/challenge/nsjail.cfg

@@ -0,0 +1,55 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# See options available at https://github.com/google/nsjail/blob/master/config.proto
+
+name: "default-nsjail-configuration"
+description: "Default nsjail configuration for pwnable-style CTF task."
+
+
+mode: ONCE
+uidmap {
+    inside_id: "1000"
+    outside_id: "user"
+}
+gidmap {
+    inside_id: "1000"
+    outside_id: "user"
+}
+rlimit_as_type: HARD
+rlimit_cpu_type: HARD
+rlimit_nofile_type: HARD
+rlimit_nproc_type: HARD
+
+envar: "HOME=/home/sage"
+
+cwd: "/home/sage"
+
+mount: [
+  {
+    src: "/chroot"
+    dst: "/"
+    is_bind: true
+  },
+  {
+    src: "/dev"
+    dst: "/dev"
+    is_bind: true
+  },
+  {
+    dst: "/tmp"
+    fstype: "tmpfs"
+    rw: true
+  }
+]