https://systemoverlord.com/tags/boston-key-party.htmlRecent content in Boston Key Party on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Mon, 10 Mar 2014 21:29:13 +0000https://systemoverlord.com/2014/03/10/boston-key-party-mind-your-ps-and-qs/Mon, 10 Mar 2014 21:29:13 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/03/10/boston-key-party-mind-your-ps-and-qs/<p>About a week old, but I thought I&rsquo;d put together a writeup for mind your Ps and Qs because I thought it was an interesting challenge.</p> <p>You are provided 24 RSA public keys and 24 messages, and the messages are encrypted using RSA-OAEP using the private components to the keys. The flag is spread around the 24 messages.</p> <p>So, we begin with an analysis of the problem. If they&rsquo;re using RSA-OAEP, then we&rsquo;re not going to attack the ciphertext directly. While RSA-OAEP might be vulnerable to timing attacks, we&rsquo;re not on a network service, and there are no known ciphertext-only attacks on RSA-OAEP. So how are the keys themselves? Looking at them, we have a ~1024 bit modulus:</p>https://systemoverlord.com/2013/06/10/boston-key-party-mitm/Mon, 10 Jun 2013 00:54:54 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2013/06/10/boston-key-party-mitm/<p>Boston Key Party is the latest CTF I've played in (this time playing with some local friends as part of our team 'Shadow Cats'). The first challenge we cleared (actually, first blood in the CTF) was MITM.</p> <p>Now, you might think a challenge named "MITM" was some sort of Man-In-The-Middle exercise, but it's actually crypto! We're given five base-64 encoded messages: two plaintext/ciphertext pairs, and a ciphertext (which we're presumably supposed to decrypt).</p>