Writeups
  • UMASS CTF 2024
    • Crypto-Brutal Mogging
    • Crypto - Shuffling as a Service
  • GPN CTF 2024
    • Crypto-Boombox
  • WANICTF 2024
    • Crypto - Replacement
    • Crypto - Easy Calc
    • Crypto - dance
    • Crypto - speedy
    • Crypto - Many Xor Shift
    • Crypto - uf
  • UIUCTF 2024
    • Crypto-Without a Trace
    • Crypto-Determined
    • Crypto-Naptime
    • Crypto-Snore Signatures
    • Crypto-Groups
  • DeadSec CTF 2024
    • Crypto - Raul Rosas
    • Crypto - SSP
    • Crypto - Password Guesser
  • corCTF 2024
    • Crypto - Steps
    • Crypto - Monkfish
    • Crypto - Anglerfish
  • LITCTF 2024
    • Crypto- Symmetric RSA
    • Crypto -Truly Symmetric RSA
  • IrisCTF 2025
    • Crypto - knutsacque
  • UofTCTF 2025
    • Misc - Simple Signing
  • HTB CyberApocalypse
    • Crypto - Copperbox
  • BreachCTF 2025
    • Crypto - Taaffeite Encryption
    • Crypto - Big Stuff
Powered by GitBook
On this page
  • Full Implementation
  • Challenge
  1. WANICTF 2024

Crypto - dance

step by step - Gureisya

PreviousCrypto - Easy CalcNextCrypto - speedy

Last updated 11 months ago

Challenge

First we look at how the usernames are being generated

dt_now = datetime.datetime.now()
minutes = dt_now.minute
sec = dt_now.second
data1 = f'user: {username}, {minutes}:{sec}'
data2 = f'{username}'+str(random.randint(0, 10))
d[username] = make_token(data1, data2)
print('Registered successfully!')
print('Your token is:', d[username])

The user is registered using data from when the user was created. The token generated is used to encrypt the flag

We can bruteforce over all the possible times to get all the possible tokens

Combinations for data 1

d1=[]
for i in range(60):
    for j in range(60):
        d1.append(f'user: {username}, {i}:{j}')

Combinations for data 2

d2 = []
for i in range(10):
    d2.append(f'{username}'+str(i))
for i in d2:
    for j in d1:
        token = make_token(j, i)
        sha256 = hashlib.sha256()
        sha256.update(token.encode())
        key = sha256.hexdigest()[:32]
        nonce = token[:12]
        cipher = MyCipher(key.encode(), nonce.encode())
        dec = cipher.encrypt(long_to_bytes(int(ciphertext,16)))
        if b"FLAG" in dec:
            print(dec)
            break
#FLAG{d4nc3_l0b0t_d4nc3!!}
Full Implementation