**IngeHack 2021 CTF Write-ups**

Our team, Heaven’s Birds, got the 2nd place in the IngeHack CTF, organized by the club Ingeniums from esi-sba.

Here are write-ups for some of the challenges.

# Encryption Service

Category : Crypt-analysis

This challenge uses the Paillier cryptosystem to encrypt the flag.

One of the Homomorphic properties of this system is Homomorphic addition of plaintexts.

Homomorphic addition of plaintextsThe product of two ciphertexts will decrypt to the sum of their corresponding plaintexts.

So if the flag is small enough, and ‘n’ is big enough, we can easily decrypt the flag.

First we encrypt the number 0 :

Then we decrypt their product :

And we get the flag :

# Robin The Reaper

Category : Crypt-analysis

This challenge mixes Rabin cryptosystem with RSA.

So it generates 2 primes ‘p’ and ‘q’, meeting Rabin criteria, calculates n, and then encrypts m.

Now let’s look at the public key given to us

As we can see : e=1.

So if m is small enough, we simply need to calculate the root of the cipher.

and we get the flag : IngeHack{RAB1N_CRYPT0SYST3M_1S_V3RY_INT3REST1NG}

# Comparer

Category : pwn

This is the binary source code we are given :

Looking at the source code, the binary doesn’t seem to be vulnerable.

However, as the challenge description says, we run make.

Interesting. The return type of the main function is declared as int, but no return instruction or exit function is executed in the default flow.

The idea of this challenge is that, every process returns an exit value to the OS. In this case, there is no return instruction, so the process returns the value of the RAX register, which is generally used to store the return value of functions.

So let’s see where the RAX register was last modified.

This is the disassembly of last part of the main function

At * main + 233, the eax register is tested to see if its value is 0, which is the value returned by the long_cmp function if our input is correct. This is where our register is last modified, holding the return value of long_cmp.

The long_cmp compares our input with the flag(as long variables). So the eax register will hold 1 if our input is bigger than the flag, -1 the other way around, and 0 if they are equal.

We create a fake flag file locally to test. The **$?** variable in Linux represents the exit status of the previous command. We can see that if we try with an input bigger than our fake flag, the return value is 1, and if we try with a number that is smaller, the return value is 255 (because -1 is 0xffffffff, see more here). If the input is correct the return value changes, because the printf function is called.

So in the end, the binary is leaking information with its return value, and we can use that to get the flag.

After testing some inputs, we can see that the flag is very big( long type ), we can’t use a simple brute-force attack. So we will use a Binary search algorithm.

So here is our code :

We can upload this file somewhere is the server, or we can simply use the interactive python interpreter.

And we get the flag.

This challenge was very interesting as it showed that even with a small detail, a little bit of information leakage can be very harmful.