CryptoHack Brain
  • New Challenges 12/2022

    Hello CryptoHackers! It’s been a quieter Autumn/Fall for CryptoHack, but we’ve still had a few things going on. And here’s an exciting challenge release.

  • Cryptography CTF Archive

    Jack and I met up this weekend to build a feature which a lot of players have requested: a cryptography CTF archive.

  • New Challenges 06/2022

    Hello CryptoHackers! I’m currently writing this post from Athens, Greece, where we are helping out with the International Cybersecurity Challenge.

  • Announcing Matrix Bridge For CryptoHack Discord Chat

    CryptoHack chat is based on Discord, which has worked well for us so far. Discord is free, has a great UI, and has enabled the creation of the awesome CryptoHacker bot which links CryptoHack accounts to Discord profiles.

  • Real-World Cryptography by David Wong Book Review

    Best practices in applied cryptography have changed drastically over the last few decades. We know that if a cryptosystem can go wrong, in practice it will go wrong. A classic example is nonce reuse, which a wide number of symmetric ciphers, signature schemes, and authentication protocols are susceptible to (see CryptoHack challenges “ProSign 3” and “Forbidden Fruit”). In response, cryptographers have come up with algorithms such as EdDSA and AES-GCM-SIV which are designed to thwart such common and catastrophic usage errors. Further, in a perfect world developers wouldn’t be touching primitives at all, but would instead be making use of modern high-level libraries with well-documented APIs and a strong set of algorithms under the hood (libsodium, pyca/cryptography, Tink).

  • CSAW Quals 2021 | Bits

    CryptoHack was asked to make some challenges for CSAW 2021 and Bits was our submission for the qualifiers, written by Robin and Jack. For those who qualified for the finals, you’ll have the chance to solve a few more CryptoHack challenges, but for now, we wanted to go through Bits, explain some potential solutions and some cover a few interesting things we learnt when building the challenge itself.

  • CryptoCTF 2021 - Easy

    Last week, CryptoHackers got together to play CryptoCTF for the second time as a team. We solved 26/29 of the challenges during the 24 hour window and came third overall. First and second places went to Super Guessers (Rkm and Rbtree are very friendly faces from CryptoHack) and a Vietnamese team working together to support the spirit of Ho Chi Minh city and nearby provinces. Congratulations to them both.

  • CryptoCTF 2021 - Medium

    Last week, CryptoHackers got together to play CryptoCTF for the second time as a team. We solved 26/29 of the challenges during the 24 hour window and came third overall. First and second places went to Super Guessers (Rkm and Rbtree are very friendly faces from CryptoHack) and a Vietnamese team working together to support the spirit of Ho Chi Minh city and nearby provinces. Congratulations to them both.

  • CryptoCTF 2021 - Hard

    Last week, CryptoHackers got together to play CryptoCTF for the second time as a team. We solved 26/29 of the challenges during the 24 hour window and came third overall. First and second places went to Super Guessers (Rkm and Rbtree are very friendly faces from CryptoHack) and a Vietnamese team working together to support the spirit of Ho Chi Minh city and nearby provinces. Congratulations to them both.

  • New Challenges 06/2021

    Hello CryptoHackers! This week we’ll be releasing a new set of challenges, mostly made up of great community submissions. But first, a quick recap of what we’ve been up to in our mission to spread cryptography knowledge.

  • Crypto Spammers Are Attacking Our Discord Community

    Recently our Discord community has come under attack by spammers advertising “cryptocurrency giveaways”. We have taken several steps to try to prevent spam but they have not been effective. This post explores how we think the spammers are automatically obtaining the member list and bypassing the verification and anti-abuse protections on Discord. At the end we consider some possible solutions.

  • Cyber Apocalypse CTF 2021 | Part 1

    This week possibly the biggest cybersecurity Capture The Flag (CTF) ever was held as a joint event between HackTheBox and CryptoHack. With 9900 players participating in 4740 teams; plentiful prizes including cash and swag; and donations to charity for each challenge solved, this was a fantastic event to be part of.

  • Cyber Apocalypse CTF 2021 | Part 2

    In the second part of our wrap-up after the success of Cyber Apocalypse CTF 2021, we break down the four hardest challenges we included. RuneScape was a challenge based on the Imai-Matsumoto cryptosystem. Tetris 3D built on the classic cipher given in Tetris. Hyper Metroid required computing the order of the Jacobian of a special class of hyperelliptic curves and SpongeBob SquarePants was a backdoored sponge hash collision. We loved making these challenges and hope you enjoy the write-up.

  • Recovering a full PEM Private Key when half of it is redacted

    The @CryptoHack__ account was pinged today by ENOENT, with a CTF-like challenge found in the wild: Source tweet. Here’s a write-up covering how given a partially redacted PEM, the whole private key can be recovered.

  • New Challenges 01/2021 and T-shirts

    Happy new year CryptoHackers! It’s almost time for us to release our next set of challenges, once again dominated by great community submissions.

  • Factoring in logarithmic time: a mathemagic trick

    When you have an interest in cryptography, and you occasionally browse reddit, you’ve probably seen something like this before. Someone creates a new post on r/crypto or r/cryptography, claiming to be able to efficiently factor integers or RSA moduli. This then usually goes hand in hand with a serious lack of context and explanation, notation that is questionable at best, often just plain unreadable, and an aversion to providing even minimal proof by factoring an actual, cryptographically big modulus. Yet because it’s hard to understand, and sometimes there’s math involved that at first glance seems like it might have some deeper meaning, you’re left wondering, is there some insight to be found here.

    Spoiler alert: nope…

  • Cracking a Chinese Proxy Tunnel: Real World CTF Personal Proxy Writeup

    Real World CTF is a Chinese CTF focussing on realistic vulnerabilities. It’s one of the hardest, if not the hardest yearly CTF competition. LiveOverflow has a great video from the 2018 finals showing the impressive prizes, cyberpunk environment, and physical security at the event. This time an in-person finals could obviously not be held; the organisers donated money to charity instead.

  • Finite Groups, Gaussian Integers & TetCTF 2021

    Last weekend TetCTF held their new year CTF competition. I felt particularly nostalgic playing this, as it was the TetCTF 2020 CTF where Hyper and I played the crypto challenges and soon after decided to make CryptoHack together. Something about Ndh’s crypto challenges really make me want to keep learning.

  • ECDSA Side Channel Attack: Projective Signatures Ledger Donjon CTF Writeup

    This challenge involved a special side channel attack on elliptic curve cryptography. It was one of the hardest challenges in the Ledger Donjon CTF. Writeup by esrever and joachim.

  • Bruteforcing Bitcoin BIP39 Seeds: Scissors Secret Sharing Ledger Donjon CTF Writeup

    This challenge was one of the most straightforward to understand in the Ledger Donjon CTF. It involved bruteforcing a 12-word Bitcoin seed passphrase by starting off with partial information about it. Writeup by joachim.

  • Side Channels: Remote Lab and Glitching AES Ledger Donjon CTF Writeup

    These two challenges were part of the side channels category of Ledger Donjon CTF, and involved exploiting fault attacks. Writeups by joachim and esrever respectively.

  • BLS Signatures and Secret RNG Donjon CTF Writeup

    Following on from our Fast Multisignatures and One Time-Based Signature writeups for Ledger Donjon CTF, here are two more for vulnerable signatures schemes from the pure cryptography category. Writeups by Robin_Jadoul.

  • Hardware Wallet Sudoku: Elliptic Relations Ledger Donjon CTF Writeup

    This challenge was the only one in the reverse engineering category of Ledger Donjon CTF. Writeup by rbtree.

  • Atmega Pwn: PicoHSM Challenges Donjon CTF Writeup

    This was a series of three hardware exploitation challenges in Ledger Donjon CTF. All three challenges built on each other and ran on the same physical hardware hosted by the organizers. Writeup by Robin_Jadoul.

  • Hacking EOS: Modern Cryptocomputer Ledger Donjon CTF Writeup

    These two challenges in the Hardware/Pwn category of Ledger Donjon CTF saw us exploit an EOS node with smart contracts.

  • Fast Multisignatures and One Time-Based Signature Ledger Donjon CTF Writeup

    These two challenges in the Crypto category of Ledger Donjon CTF involved exploiting vulnerable signature schemes. Writeup by josephsurin.

  • Can't open apps on macOS: an OCSP disaster waiting to happen

    Two days ago, macOS users experienced worrying hangs when opening applications not downloaded from the Mac App Store. Many users suspected hardware issues with their devices, but as they took to social media, they found it was a widespread problem. And it was no coincidence that it was happening so soon after the launch of macOS “Big Sur”.

  • New Challenges 11/2020

    We’re really excited to be sharing a new set of challenges with you all, with puzzles contributed by CryptoHack as well as the community. One of our motivations for CryptoHack was to create an excuse to learn as much as we could, and we love having the opportunity to play your puzzles and learn new areas of maths and cryptography.

  • New Challenges 09/2020

    As CryptoHack has grown, we’ve released more and more challenges submitted by the community. We love receiving new challenges especially in those areas which are currently not well-covered on the site.

  • Open Band, Open Problem

    Last week, CryptoHack played in CryptoCTF as a big team and managed to grab second place. We shared a write up of the challenges we solved soon after the competition ended. Of all the challenges we saw, two of them managed to stump us during the 24 hours that the CTF was running for.

  • CryptoCTF 2020

    Here are our challenge writeups from the CryptoCTF 2020 competition. Members of the CryptoHack community played under the team “CryptoHackers” and came second overall, solving 18 of the 20 challenges during the 24 hour competition. This was the first time we all played a CTF together, and we will definitely be doing it again in the future. It was truly a pleasure to get so many cryptographic brains together in one chatroom and collaborate on cracking some mindbending puzzles.