This past weekend, I joined Shellphish for a last minute CTF called Cryptoverse
While I’m still a crypto n00b, I spent a few hours gathering some flags for the team.
Crypto
Warmup 1
293 solves / 107 points
Decode the following ciphertext: cGlwZ3N7cG5yZm5lXzY0X3Nnan0=.
Remember: CyberChef is your friend.
The ciphertext for this challenge had the distinct appearance of base64
. The output format was correct, perhaps a simple rotation cipher such as ROT13
will help. This gets us our flag.
flag:
cvctf{caesar_64_ftw}
Warmup 2
274 solves / 113 points
First described by Giovan Battista Bellaso in 1553, this cipher is easy to understand and implement, but it resisted all attempts to break it until 1863, three centuries later.
Remember: The Key to success is determination.
fzvxw{hqtegmfr_lw_msf_scrslg_kvwlhyk_fpr_kxg?}
If the given key and flag didn’t give it away, a quick search could tell you this is likely a Vigenère cipher
.
Throw that in CyberChef and get the flag.
flag: cvctf{vigenere_is_too_guessy_without_the_key?}
Warmup 3
313 solves / 102 points
You should recognize this instantly.
-.-. …- -.-. - ..-. – —– .-. ….. …– .. … -. —– - ….. —– ..-. ..- -.
Note: Add { and } around the flag. Flag is all lower case.
Dots and dashes scream Morse code
. dcode.fr is a great tool for all things decoding, including morse code.
flag: cvctf{m0r53isn0tfun}
Warmup 4
73 solves / 387 points
Last warmup. You should get it fast if you use any social media.
In science fіctіοn metaνerse is iterationоf the Internet as a sⅰngle, universal and immersive virtual world that is facilitated by the use of virtual reality and augmented reality headsets.
Note: Wrap the message you decoded in cvctf{}.
Note 2: This challenge involves some steganography tool related to a social media.
For this challenge, I tried several things before ultimately being successful. I thought maybe it would have to do with zero-width characters
and tried tools like Stegsnow with no luck.
Eventually I found a Twitter Secret Message tool that gave the flag.
flag: cvctf{secretsaretobeh1dd3n}
Substitution
240 solves / 129 points
Substitution is a cryptographic technique where a plaintext is replaced by a ciphertext. The ciphertext is a substitution of the plaintext.
Here is a very simple CTF-related substitution cipher. Find out the flag.
Hxpkdiz kcz Osxe ja x apzhjxs ljvr go jvogimxkjgv azhdijkf hgmpzkjkjgva. Kcziz xiz kcizz hgmmgv kfpza, Uzgpxirf, Xkkxhl Rzozvhz xvr mjyzr. Jo fgd cxwz ojedizr gdk kcz xqgwz mzaaxez, cziz ja fgdi osxe, pszxaz xrr hdisf qixhlzka qzogiz adqmjaajgv: hwhkoxwzifajmpszadqakjkdkjgv
For this challenge, I realized hwhkoxwzifajmpszadqakjkdkjgv
likely was the flag, hence the first hwhko
should map to cvctf
. After a little trial and error targeting 1 or 2 letter words, I decrypted with the following:
Plaintext: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: sxhugyocritkmxfpbdlxxnvaxeXXXXXXXCXITXXXFXXDXXJXXAXX
Later, I found out quipquip can solve this for us.
flag: cvctf{averysimplesubstitution}
CyberMania
42 solves / 443 points
I got this piece of ciphertext from my friend who is a Cyber Mania. It must have hidden something…
file: secret.txt
secret.txt
contains:
|
|
After a bit of CyberChef magic…
These emoji’s seemed suspicious, so I found cryptoji and it popped out the flag.
flag: cvctf{3m0j1_c4n_L34K_7h1ng5}
RSA 1
183 solves / 182 points
The n is so large that it’s not possible to factor it. Or is it?
n = 0x7c05a45d02649367ebf6f472663119777ce5f9b3f2283c7b03471e9feb1714a3ce9fa31460eebd9cd5aca7620ecdb52693a736e2fcc83d7909130c6038813fd16ef50c5ca6f491b4a8571289e6ef710536c4615604f8e7aeea606d4b5f59d7adbec935df23dc2bbc2adebbee07c05beb7fa68065805d8c8f0e86b5c3f654e651
e = 0x10001
ct = 0x35b63f7513dbb828800a6bcd708d87a6c9f33af634b8006d7a94b7e3ba62e6b9a1732a58dc35a8df9f7554e1168bfe3de1cb64792332fc8e5c9d5db1e49e86deb650ee0313aae53b227c75e40779a150ddb521f3c80f139e26b2a8880f0869f755965346cd28b7ddb132cf8d8dcc31c6b1befc83e21d8c452bcce8b9207ab76e
factordb allows us to “factorize” n
to find p
and q
. The rest is plug and chug.
|
|
flag: cvctf{f4c70rDB_15_p0w3rfu1}
Reverse
Baby Reverse
239 solves / 130 points
Baby warmup.
files: chall
After running the program, it gave the output:
$ ./chall
You do not really need to run the program...
The flag is: cvctf{7h15_15_4_f4k3_fl4g}
So, I ran:
strings chall | grep cvctf
This gave the flag.
flag: cvctf{r3v3r53_15_4w350m3}
Basic Transforms
97 solves / 337 points
Basic JS for you to tackle.
file: app.js
app.js
contains:
|
|
For this challenge, I simply used CyberChef again and reversed the cipher.
However, I wasn’t getting the full flag upon decoding the Vigenère cipher
. So, I reverted back to js using the runkit environment.
flag: cvctf{0bfu5_N0d3_H@}
Misc
iKUN1
https://www.youtube.com/watch?v=w8bidbK0PI
Find the flag for iKUN 1, already wrapped in flag format.
Hint: Please find me (CryptoverseCTF) on THE platform for code repositories hosting.
Note: The YouTube link is unrelated to solving the challenge.
THE platform seemed likely to be Github. I was quickly able to find the account, then found a repo with a cvctf{fake_flag_but_correct_repo}
bio. I checked the commit history and found the flag:
flag: cvctf{git_reveals_everything}
Not Georainbolt
37 solves / 451 points
Georainbolt is able to guess the location on Google Map in 0.1 seconds. Can you do it in a second?
Given an IP address or a coordinate, tell me which city it is in. All answers are case-insensitive. You will need a space between words, such as “new york city”.
For simplicity, I will make it easy. There are 50 questions and you only need to achieve an accuracy of more than 50% to get the flag!
nc 137.184.215.151 22606
After connecting, the challenge will prompt the user to guess the city based on IP or Coordinate (as shown below). If you answer in more than 1 second, it’s automatically “Wrong.”
$ nc 137.184.215.151 22606
...
IP: 2.145.91.238
City:
Coordinate (lat, lon): 45.3747, -75.5647
City:
We can script this to solve!
|
|
flag: cvctf{4r3_y0u_4_R34L_Ge@r41nB0L7?}