## DEFCON Gold Bug Puzzle 2021

We played the annual Gold Bug puzzle hosted by the DEFCON Crypto and Privacy Village - and we won! Although we were unable to ace the challenge before the game ends, we managed to solve the remaining challenge afterwards. We will be covering all of them in this walkthrough....

August 19, 2021 · hoifanrd, Mystiz, TWY

## 3kCTF-2021 Writeup

We are united to play 3kCTF-2021 and result in the second place. In this blog post, we will walk through our solutions on the challenges solved....

May 22, 2021 · bot_3310, Mystiz, ozetta, TWY

## Cyber Apocalypse 2021: Wii Phit & Hyper Metroid

We played Cyber Apocalypse 2021 and I have attempted several crypto challenges. I'll include the challenges Wii Phit and Hyper Metroid in this writeup....

April 25, 2021 · hoifanrd

## DiceCTF 2021: Lost in your Eyes

Lost in Your Eyes is a reverse engineering challenge in DiceCTF 2021 with ten solves (334 points). We are given a binary which takes an input and outputs either :) or :(. If you win a smiley face on the remote server, you are additionally given the flag....

February 11, 2021 · harrier, Mystiz

## TetCTF 2021: unevaluated

TetCTF is the first CTF I have played in 2021. I recalled from last year that they have cool challenges. This year, there are three crypto challenges. In particular, unevaluated is the hardest among them. Although I did not solve them, I dug into rabbit holes and had a lot of struggle, uh, fun. Challenge Summary There is a 128-bit prime $p$. Define $\cdot: \mathbb{Z}_{p^2}^2\times\mathbb{Z}_{p^2}^2\rightarrow\mathbb{Z}_{p^2}^2$ by $(x_1, y_1)\cdot(x_2, y_2) := \left(\left(x_1x_2-y_1y_2\right)\ \text{mod}\ p^2, \left(x_1y_2+y_1x_2\right)\ \text{mod}\ p^2\right),$...

January 3, 2021 · Mystiz

## hxp CTF 2020: Hyper

I was teamed up to play hxp CTF as @blackb6a last week. The hxp team had come up with a collection of hard challenges. In particular, there are two series of crypto challenges with a total of five parts. I will be writing on the hyper challenge and some follow-up and unanswered questions regarding to hyperelliptic curves. ⓘ 𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹 𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝘀𝘁𝗮𝘁𝗲𝗱 𝘁𝗵𝗮𝘁 𝘁𝗵𝗶𝘀 𝗶𝘀 𝗺𝗶𝘀𝗹𝗲𝗮𝗱𝗶𝗻𝗴 Seriously. I knew nothing on hyperelliptic curves prior to the CTF....

December 20, 2020 · Mystiz

## Dragon CTF 2020 Writeup

Dragon CTF 2020 is definitely had my best CTF moments. There are big brain moments and I have been mind-blown for multiple times during the game. This time we have teamed up with @blackb6a. I have solved all the crypto challenges and two challenges with my teammates. There are three challenges writeup in this post: Bit Flip (parts 2 and 3) Frying in motion babykok Bit Flip (Crypto, 155+324+343 points) Solved by Mystiz....

November 23, 2020 · Mystiz, GeoffreyY

## TokyoWesterns CTF 6th 2020 Writeup

urlcheck v1 (Web, 98 points) Solved by Ozetta. Objective: SSRF http://127.0.0.1/admin-status The input needs to fulfil the pattern '\A(\d+)\.(\d+)\.(\d+)\.(\d+)\Z' and the first octet cannot be 0 or 127, and some other patterns for internal IP addresses. For some reason, int("0177") is still 177 instead of 127 in Python, so we can use http://0177.0.0.1/admin-status urlcheck v2 (Web, 128 points) Solved by Ozetta. Objective: SSRF http://localhost/admin-status Standard TOCTOU bug, just use DNS rebinding to get access: http://23bbd91c....

October 9, 2020 · cire meat pop, harrier, Ozetta, Mystiz

## CONFidence 2020 CTF: Team Trees

This week, we have teamed up as @blackb6a to play CONFidence 2020 CTF. We end up ranked 15, but we are more proud of ourselves able to solve a reversing challenge called Team Trees (395 points, 5 solves). In particular, we are the first-to-solve to the challenge. It took us around two hours to win the flag. This writeup is written by @harrier_lcc and @mystiz613. Challenge Summary We wanted to plant a lot of trees, but it's going kinda slow....

September 8, 2020 · Mystiz, harrier