] BSides Noida - Virtual Edition

Introduction To Cryptography


Before staring , I’m assuming you have searched about these two questions at some point of time :

  1. “What is cryptography?”
  2. "Where do we use it and why?

I’m sure you’ve gone through some theory part while reading the answers of those so let’s move to the fun part rather than the usual theory here!

Have you heard the story of Doge, Isabelle and Karen? It’s something like this…

One day Isabelle sent a message to Doge asking him for some financial help. She clearly mentioned the amount to be $500 and she also mentioned that she would return the amount as soon as possible.

After recieving the message Doge was shocked to see the amount to be $5,000,000.

doge.png

Who changed the amount and how? Yes you're right! It was Karen. It's not a big deal to eavesdrop or use any other trick to know
the messages as they didn't use secure way to communicate. Here comes the use of Cryptography. Let's continue the story.

Now that they know about the importance of secure communication, they decided to encrypt their messages while sending and decrypt them while recieving. They have one key each for doing this job.

Doge asks Isabelle for some business papers and mentions the time to be exact 5 PM. Isabelle recieves the message and it was writted that she should meet him at 4 PM.

Who did this now? It's Karen again! She somehow managed to break the encryption and read the message and change it.
Here comes the use of strong and secure protocols so that we have an edge over the adversaries.

Why should you choose Cryptography in CTFs?

  1. You can guess ciphers very well.
  2. You were born to decrypt things.
  3. You think you know the Encryption.
  4. You are from a Mathematician Family/you love maths.
  5. You can cry a lot when the challenge is hard/your script fails everytime.
  6. Sometimes RE people ask for your help an you feel like a “Crypto God”.

• It’s fun to do.
• You learn something new when you fail.

Cryptography Challenges in Capture The Flag (CTF) Competitions

The difficulty level of the challenges in a good CTF varies from complete beginner to hard/insane which touches lots of domains in this category.

My advice for complete beginner would be:

  1. Look at every challenge because each one is unique in it’s own way. Then decide which you can solve fast and keep the heavy researching part for the hard challenges.
  2. Try to search the keywords related to the challenge to find the related resources.
  3. Go through the writeups of past CTFs and you might find something valuable if not, you just read a valuable writeup and learned something new.

Handy tools for Cryptography

  1. Smooth Brain.
  2. Enough Sleep.

There are many available tools to make your life easy while solving CTF Challenges. Some basics tools are:

  1. Any programing language which you prefer to write your scripts. ( I prefer python3 for availability of lots of modules and it’s easy to use)
  2. Some python3 packages:
    • pycryptodome
    • labmath
    • numpy
    • sympy
    • gmpy or gmpy2 ( install these first libgmp3-dev libmpc-dev )
    • pwntools (optional - for remote interaction only)
  3. Sagemath

1. Some Basics

Now, let’s jump to some basics and get our hands dirty with the implementation of everything we learn. I’ll be using python3 for most of them but you can choose anything you prefer.

Bases

Some theory part: https://en.wikipedia.org/wiki/Radix

Python3 implementations:

>>> n = 123                 # decimal form
>>> bin(n)                  # decimal to binary
'0b1111011'
>>> int('1111011', base=2)  # binary to decimal
123
>>> hex(n)                  # decimal to hexadecimal
'0x7b'
>>> int('0x7b', base=16)    # hexadecimal to decimal
123
>>> oct(n)                  # decimal to octal
'0o173'
>>> int('0o173',8)          # octal to decimal
123
>>>
>>> # Some miscellaneous handy tricks
>>>
>>> a = int.from_bytes(b'test', 'big')          # bytes to long integers
>>> a
1952805748
>>> a.to_bytes((a.bit_length()+7)//8, 'big')    # long integers to bytes
b'test'
>>> bytes.fromhex(hex(a)[2:])   # does the same
b'test'

Along with this, sometimes we might have to work with other base systems. Let’s take a look at them.

Python3 implementations:

>>> import base64
>>> base64.b64encode(b'secret in base64')
b'c2VjcmV0IGluIGJhc2U2NA=='
>>> base64.b64decode(b'c2VjcmV0IGluIGJhc2U2NA==')
b'secret in base64'
>>> base64.b32encode(b'secret in base32')
b'ONSWG4TFOQQGS3RAMJQXGZJTGI======'
>>> base64.b32decode(b'ONSWG4TFOQQGS3RAMJQXGZJTGI======')
b'secret in base32'
>>> base64.b85encode(b'secret in base85')
b'b7f<4Wpp5EZXjY|b7eR+'
>>> base64.b85decode(b'b7f<4Wpp5EZXjY|b7eR+')
b'secret in base85'

PS There are many other base systems we rarely use.


Thanks for reading! Feel free to reach out on any of the social platforms given below.

The next topic will be #Classical Cryptosystems

Stay tuned! Stay Safe!

Author - rey (CTF Player @DarkArmy)
Discord - rey#7813
Twitter - https://twitter.com/r3yc0n1c
Github - https://github.com/r3yc0n1c