Jun 26, 2018
You can find the challenge files and my exploit code here.Read more...
May 29, 2018
In the summer after my freshman year of college, I had an internship with a startup that tries to defeat phishing attacks against enterprise corporations. As such, I spent a lot of time staring at phishing sites. Once, I showed a phishing campaign against MIT’s OWA email portal to my boss, and he blew my mind when he dug through the site and managed to find a publicly-accessible text file where the attackers were logging all the password attempts.
Ever since, I’ve been trying to replicate that same experience on every phishing attempt that comes my way, and for the first time since then, I managed to do it! The attack was targeting Coinbase, probably the most popular site for buying and selling cryptocurrencies. I’ll first describe the campaign, and then show how I discovered the password log file.Read more...
May 07, 2018
TL;DR: a 1 byte overflow allows you to induce a small bias in the nonce used in the DSA signing algorithm. Use LLL to exploit this bias to find the private key.
I also explore a more natural variant of the problem in which the bias is in the most significant byte of the nonce rather than the least significant, and recover the private key in this case as well.Read more...
May 07, 2018
This problem was categorized under “Misc” and was worth only 125 points. Nevertheless, it was one of the harder challenges and received only 14 solves. ghostly_gray, fasano, and I worked on it for several hours over the course of the CTF, but we only solved it after the CTF had ended.
The challenge was themed around the NPR Quiz Show Wait Wait… Don’t Tell Me! and consisted solely of an address and port to connect to.Read more...
Apr 28, 2018
In the past four months I’ve had the experience of organizing a fledgling team for the MIT Mystery Hunt and helping organize, write, and run the second iteration of the Galactic Puzzle Hunt. In the process, I wrote / created a bunch of stuff related to puzzlehunting. This page will keep track of them all (as well as some earlier stuff I’ve made). I’ll periodically update this page as I create more stuff.Read more...
Apr 23, 2018
This was a simply-posed but tricky pwnable that ghostly_gray and I solved over the course of a long plane ride. We were given the source code (shown below) as well as the binary. Simply put, we had to write some x86-64 shellcode that used no more than 7 distinct bytes.Read more...
Jan 17, 2018
This year’s mystery hunt ended last Monday, and after a heroic effort, my team managed to be the twelfth and final team to finish. This hunt did have fewer puzzles than usual, but I don’t think anybody noticed. Puzzle quality was generally high across the board, and since the puzzles themselves were often longer than average (I think), it was all a wash. Below I’ve highlighted some puzzles of note (spoilers abound!):Read more...
Jan 10, 2018
One form of content that made a resurgence in my media diet last year was the newsletter. Like podcasts, newsletters have been around since the early years of the internet. Their appeal is obvious: instead of regularly visiting a website to read the news, just have it emailed straight to your inbox. I’ve found that newsletters are often better at providing context and perspective than traditional news outlets, which are often too busy breathlessly reporting latest-breaking updates.
Here are five newsletters that I’m currently subscribed to that I think are worth your time:Read more...
Dec 03, 2017
In 1999 Dan Boneh published a survey paper called “Twenty years of attacks on the RSA cryptosystem”. I like to tell people that if they read the entire paper they can solve just about every CTF challenge involving RSA.
This post is my attempt to do something similar with the discrete log problem, a primitive that underlies a bunch of cryptographic protocols including the Diffie-Hellman key exchange and the ElGamal encryption system. The algorithms all have similar-sounding names, and I wanted to just sit down and describe each of them to get them straight in my head.Read more...
Sep 18, 2017
This problem was much like any other CTF reversing challenge, but instead of a Linux or Windows executable, the binary was a Master Boot Record (MBR) that needed to be run under the QEMU full-system emulator.
We’re given the command to boot the MBR,
qemu-system-i386 -drive format=raw,file=realism, and we’re presented with this:
Simple, right? The entire MBR is only 512 bytes in size, so it’s not much to reverse.Read more...
Sep 10, 2017
On and off for the past couple of years, my friend Ray and I have been working through the Cryptopals Crypto Challenges, a series of exercises split across eight sets that explore modern cryptographic protocols and their weaknesses. The challenges start out pretty easy, but as you move forward, the attacks you’re asked to implement become increasingly difficult.
This post is about challenge 55, “MD4 Collisions.” In it, you’re asked to implement Wang’s 2004 attack on the MD4 hash function. The attack itself is pretty difficult: as far as Ray and I can tell, no one has posted a solution to it online. (There is this code from Bishop Fox, but it consists solely of a dense, 500-line, uncommented C program).
After several days of work, our script finally spit out a brand new collision:
In this post we’ll talk about the attack and our implementation in detail.Read more...
Jul 02, 2017
We are first presented with a simple HTML form that asks us to sign the word
challenge in order to login. If we look at the source of the page, we find a hidden div that includes an RSA public key and references to base64 encoding and PKCS1v1.5 / MD5. Our goal then seems to be to forge a signature for
challenge in PKCS1v1.5 format that will be accepted by the given public key.
Jun 26, 2017
There’s been a lot of buzz on dorm mailing lists and online forums about the changes that IS&T is making to MIT’s campus network. This post attempts to break down and explain the changes to a non-expert in networking in order to clear up some of the confusion surrounding the discussion.
First, a brief introduction to IP addresses and Network Address Translation (NAT):Read more...
Jun 25, 2017
GoogleCTF 2017 was held about a week ago; it was pretty difficult, but it had some cool challenges. This writeup is about one of the harder crypto challenges, Rubik.
We were given some Rust code that implements a version of Stickel’s Key Exchange protocol for the Rubik’s Cube Group. We were also given a service which executes this protocol and allows users to register public keys and login. Before we dive into the details of the protocol and the attack, let’s talk a little bit about Rubik’s Cubes.
To talk about a series of moves that can be applied to a Rubik’s Cube, most people use Singmaster Notation. The six letters
B describe 90 degree clockwise turns to each of the six faces. A prime after a letter indicates a counter-clockwise turn. Finally, the letters
z, describe rotating the entire cube 90 degrees clockwise on the
F faces respectively. A prime after these letters describes the corresponding counter-clockwise rotation.
This site allows you to apply a series of moves to a cube to explore the notation.Read more...
May 06, 2017
Last weekend was DEF CON Quals 2017, the annual qualifier round to the DEF CON CTF held in Las Vegas every year. Last year I tried the CTF on my own and managed to solve 1 challenge. This year I participated on Lab RATs, a joint collaboration between MIT Lincoln Labs, RPISec, and TechSec.
My friend Ray already recapped most of what went down during the weekend on his blog, so I don’t really feel the need to repeat any of it. Instead, let me tell the story of my past week entirely through pictures:Read more...
May 02, 2017
A few weeks ago some friends and I competed in the Google Games, a sort of hybrid between a puzzlehunt and a coding competition. It was a fun event, and we managed to come in first! As a prize, each member of our team received a slick backpack and a Google Home, a smart speaker like the Amazon Echo, but designed and built by Google.
One common workaround to this issue is to setup a personal access point wired into the MIT network that the Google Home can then connect to. I didn’t have an access point lying around, but I remembered that I did have a BeagleBone Black that I got from an IAP Internet of Things class a couple years ago. I decided to configure it to function as an access point.
I’m not much of a tinkerer, and the resulting process ended up being fairly involved. It wouldn’t have been feasible without the help of the many people who built custom drivers and documented the steps they took online. This post is my form of repayment; hopefully it will be useful for someone in the future.Read more...
Apr 23, 2017
PlaidCTF, PPP’s annual capture the flag, was held this past weekend. Because of Google Games and other work, I didn’t spend a large amount of time on it, but I and others on TechSec did manage to solve a few of the challenges.
Multicast was one of the earliest challenges released. We were given two files: a sage program called
generate.sage and a file with 20 large integers called
data.txt. You can find both of these files and my exploit here.
Apr 04, 2017
You know those people in life who you’re sort of friends with but only talk to when you pass each other in the hallway? You make small talk about what you’ve been up to or some shared interest you have, and then you say “I gotta go to this thing, but it was great seeing to you. Later!” and then never speak to them again until the next hallway-happenstance.
I generally hate these interactions (and I confess that I’ll sometimes take a longer route to avoid them), but I’ve found lately that with with a certain set of people these meetings are bearable because we talk about one specific shared interest: podcasts.
Podcasts have been around forever, but they’ve only taken off relatively recently (mostly due to Serial). Despite their growing popularity, its still a relatively niche form of media: something like 45% of Americans haven’t even heard of the term “podcasting”.
I know this fact because last March was #trypod, a month-long campaign to get more Americans interested in podcasting. Several of the podcasts I subscribe to urged their listeners to recommend a podcast to a friend or post a recommendation to social media with the hashtag #trypod.
Well, March is now over and I never recommended a podcast to anyone, so this post is my form of atonement. I’m currently subscribed to 18 podcasts (and I listen to basically every episode of each one); below I’ve listed each of them along with a brief description of what its about and why I enjoy it.
(Don’t know how to get started listening to podcasts? Have Ira Glass teach you by watching this great video.)Read more...
Feb 06, 2017
AlexCTF just finished this weekend and our team did pretty well, solving all but two of the challenges. In this post I’ll talk about my solution to one of the reverse engineering challenges, called “Catalyst system.” You can check out the raw binary here.Read more...
Jan 23, 2017
I’ll use this last post to talk about the events and the final runaround.
First, the events. There were four of them based on Charisma, Constitution, Strength + Dexterity, and Wisdom + Intelligence. The Charisma event was some sort of speed-dating activity, the Constitution event involved massive bobble-heads that were reused from the Crossing the Charles procession, the Strength + Dexterity event was a human-sized crossover between Hungry Hungry Hippos and Bananagrams, and the Wisdom + Intelligence event was a pub quiz with a twist.Read more...
Jan 21, 2017
This is part 2 of a series of posts about the MIT Mystery Hunt. You can find part 1 here.
This post will attempt to address the two questions on everyone’s minds right now: why was hunt so short, and is this a problem? First, the why.
Why was hunt so short? Well, it wasn’t because there were too few puzzles or metas:
| 2015 | 2016 | 2017 ----------------+-----------+---------+---------------- "easy" puzzles | 57 (fish) | 0 | 67 (character) total puzzles | ~160 | ~160 | ~160 metas | 12 - 15 | 12 - 21 | 15
This year’s hunt had close to 160 total puzzles and 15 metas, about the same as the numbers for prior years. It’s not clear what exactly counts as a meta because of subtleties such as meta-metas, puzzles that reference other puzzles, and puzzlehunts within puzzlehunts, but it’s safe to say that the hunt wouldn’t have been significantly longer had Setec simply included a couple additional character metas.
If it wasn’t the number of puzzles, it must be their difficulty, right? Puzzles that appeared in the character metas were meant to be easier than average, an intentional throwback to the 2015 hunt which included “fish” puzzles designed to be about 1/3 the difficulty of a normal Mystery Hunt puzzle. However, the number of fish puzzles and character puzzles was roughly the same, and the hunt had plenty of difficult puzzles.Read more...
Jan 20, 2017
The 2017 MIT Mystery Hunt ended last Sunday. When I describe the hunt to other people, I often tell them that it’s my favorite weekend of the year, and it is. I get to reunite with old friends, meet new people, and spend 3 straight days solving puzzles. Well, sometimes not quite 3 days, but more on that later.
This was my 6th Mystery Hunt, and the 3rd time I hunted on-site with ✈✈✈ Galactic Trendsetters ✈✈✈. This year we came in 4th, our best performance yet.
The hunt, run by Setec Astronomy and called “Monsters et Manus,” was themed around Dungeons and Dragons. The opening skit involved some D&D players getting sucked into their own game. To get out, they needed to defeat the evil sorcerer Mystereo Cantos (anagram of Setec Astronomy / Too Many Secrets) and recover the two-sided die (the coin!). The hunt structure involved two types of metapuzzles: 6 “character metas,” which were always pure metas and based on the D&D players and their roles, and 8 “quest metas,” which were often shell metas and represented various forays into the fantasy world. There were also 4 events scheduled throughout the weekend that were based on the six canonical attributes of D&D (charisma, constitution, wisdom, etc.). Each of the 6 characters had “levels” that represented how experienced he or she was. Levels could be increased through various mechanisms and puzzles were unlocked based on these levels.Read more...