Archived Challenges - April 2025

This is an april fools challenge, as far I am aware there are no efficient attacks on RSA given this partial information, the actual flag is template flag written in the chal.py file

ictf{This_is_not_the_flag}

encode as ascii → G'HrX-c(@^t.o9MFHMvZMvWR4{h3B]1J%Q decode as base92 → ictf

ictf{less_common_90s_base}

https://cybersharing.net/s/8aff0fdad46b51180b851df1e650e90a

ictf{ju57_74k3_7h3_r007_br0}

This is a classic branch and prune factoring problem see https://github.com/jvdsn/crypto-attacks/blob/master/attacks/factorization/branch_and_prune.py for implementation

ictf{4_p4r714l_1nf0rm4710n_r54_w17h0u7_l4771c35}

Notice that k ^= k >> 33 cancels each other, so it's just a 33-bit brute force.

for (uint64_t i = 1; i < (1UL << 33); i++) {
    uint64_t j = (i ^ (i * 0xc4ceb9fe1a85ec53 * 0xff51afd7ed558ccd)) << 33 | i;
    if ((j ^ (j  * 0xc4ceb9fe1a85ec53 * 0xff51afd7ed558ccd)) == j >> 33)
    {
        uint64_t k = j * 0xc4ceb9fe1a85ec53;
        printf("ictf{%lu}\n", k ^ (k >> 33));
    }
}

ictf{13621417624426829092}

solution is x = 0x77140a2f515f7d36838035cbd1a4412c; reduce the problem to A*x_hi + B*x_lo = 2*(x_hi&x_lo) → solve with hensel lifting + fast lattice enumeration (brute force takes ~1hr on a decent cpu) https://cybersharing.net/s/13bb2797db22f55736160614dbc17042

ictf{d1d_y0u_u53_l4tt1c3_3num3r4t10n_0r_s0m3th1ng_else?}

https://cybersharing.net/s/4e6c1baf31460a856e4f3ce91d180fdd

ictf{x0r_15_4lm057_3qu4l_70_4dd1710n}

basic xor chall with known plaintext pretty easy to decrypt source: https://cybersharing.net/s/c37708c9f4d30d55e2305e76ae39b1d5

ictf{heres_a_basic_xor_cracking_chall_to_start_the_month_off}

uhhhh idk exactly i just wanted to cause some quirkiness but basically lisp randomness is deterministic (does same thing every time u run lisp) so once u figure out what's going on u should be able to wild out the flag src: https://cybersharing.net/s/21af6b8b651985a9ee504210a007a0d5 (first time programming in lisp don't murder me over indentation pls)

ictf{lisp_wildity_9a2630268b069154}

This function builds an easily invertible hash at runtime using asmjit, either isolate the binary at runtime or statically then break the hash, source : https://cybersharing.net/s/60b46131844ef151d740f663a7564a12

ictf{a_code_in_code_is_usually_bad_code}

This challenge is based around error correcting codes, the intended solve is for you to implement a (4,3) hamming code, also makes a good golfing challenge try to beat my implementation: https://cybersharing.net/s/21556a2d292cbf621444fe5ac4280d30

ictf{error_correcting_ham_sandwich}

Python performs NFKC normalization on identifiers before parsing them. Use this to write flag in three chars via the fl ligature. Empty dictionary leaks the flag through stderr: {}[flag]

ictf{h4ve_y0u_h3ard_Of_D1cTi0n@ry??}

NFKC normalization on flag and a novel way to leak through stderr: flag(*1)

ictf{pygolfing_without_going_to_the_library}

This works like 10% of the time C*19/128 a bunch of values also work but this one seemed the most consistent

ictf{Kellys_Criteria_is_for_nerds}

The docker image is actually for python:2.7-slim, not python:3.13-slim. In 2.7 the input function evals any code you give it, so just do something like __import__('os').system('cat flag.txt') to get the flag. I'm sorry for letting down the gambling enthusiasts with this one 💔

ictf{crazy_that_python_3.13_would_allow_that}

The text is riddled with spelling mistakes, if you map the positions of the spelling mistakes you'll see they occur at multiples of 23, takes the lsb of every 23rd value and you'll get the flag, see solve https://cybersharing.net/s/90a05dba9ca4f0b63d90a78dfdf8dcb0

ictf{50m3h0w_n07_7h3_w0r57_4u70c0rr3c7_1v3_u53d}