Basic Windows Reversing and Attacking Weak Crypto – FLARE-On 2018

Flareon is a series of reverse engineering challenges by fire I because they want to find and hire smart individuals interested in reverse engineering So if you need a job just contact me and I sell you the solutions. Just kidding I don’t know yet how far I will get as reverse engineering can be quite time-consuming And […]

Linear independence and GF(2) – 34C3 CTF software_update (crypto) part 2/2

We are going to solve a crypto challenge with some cool math. I think it’s an awesome example of linear algebra applied to some real world security problems. The story about this challenge is that we have a firmware update that will only be applied if verified, and works by hashing files and folders with sha256, and xoring […]

Recover RSA private key from public keys – rhme2 Key Server (crypto 200)

We are going to learn about a weakness of RSA, that allows us to recover the private key of an admin for a ctf challenge. This will be fun. It was also the next easy challenge after the ones I solved already. If you know what you have to do, you can quickly google and find solution scripts […]

Python code audit of a firmware update – 34C3 CTF software_update (crypto) part 1/2

Software Update was a crypto challenge from the 34c3 ctf, where you had a signed firmware update and your goal was it to find a flaw in the update process that would allow you to somehow exploit the process. In this first part I would like to go over the source code and tell you about the thoughts […]

Hardware Wallet Hack: Ledger Nano S – f00dbabe

The Ledger Nano S is a Cryptocurrency hardware wallet based on a secure element for storing cryptocurrencies, embedding a screen to check and secure digital payments. And also they have these information sheets where they proudly write: “Did you notice? There is no anti-tampering sticker on this box. A cryptographic mechanism checks the integrity of your Ledger device’s […]

SHA1 length extension attack on the Secure Filesystem – rhme2 Secure Filesystem (crypto 100)

in the previous videos of this series we havesetup everything. We flashed the challenge “Secure Filesystem”on to the board and figured out how to interact with it over a serial connection. We also learned about using pyserial to speakwith the embedded device via a python script. This means we are ready to solve some challenges So when you […]

Breaking ECDSA (Elliptic Curve Cryptography) – rhme2 Secure Filesystem v1.92r1 (crypto 150)

the first challenge I did from this competition was a secure file system which we exploited with a hash length extension attack and then we also solve this other cryptid challenge key server which was about breaking RSA signatures so let's continue the path and do the last crypto challenge I wonder what we will have to break […]

Searching for Bitcoins in GitHub repositories with Google BigQuery

Google offers a ton of services just Google search YouTube Gmail Drive but they also offer a cloud platform and one of the services there is big query big query is a fast fully managed enterprise data warehouse for large-scale data analytics bigquery can scan terabytes in seconds and petabytes and minutes a lot of buzzwords but what […]