SShortSingh.
Back to feed

CTF Writeup: Reversing a Custom Polynomial Cipher Without Brute-Forcing Private Keys

0
·6 views

A BronoCTF challenge called pscheme.py presented a custom encryption scheme that encoded messages as polynomial roots and shuffled their order using a compact bitfield. Participants were given only an enc.txt file containing a public key polynomial and ciphertext chunks, with no direct execution path to the original script. The solution involved reconstructing the monic public key polynomial, then performing exact integer polynomial long division on each ciphertext chunk to isolate degree-4 quotients. Brute-force root search over the ASCII range recovered the original byte values, while decoding the shuffle order field restored correct character positions. The flag was retrieved without factoring large private keys or any heavy computational attack.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Cisco EEM: The On-Box Automation Engine Most Network Engineers Ignore

Embedded Event Manager (EEM) is an event-driven automation framework built into Cisco IOS, IOS-XE, and NX-OS that allows network devices to monitor and respond to events without any external server or orchestration platform. The framework operates on a simple model: when a defined event occurs, the device automatically executes one or more configured actions, packaged together as an 'applet.' EEM can respond to a wide range of triggers including syslog patterns, SNMP threshold breaches, CLI commands, timers, and interface counter changes. Its key advantage over external automation tools is independence — it continues to function even when the WAN is down, the network management system is offline, or remote access is unavailable. This article is the first in a five-part series aimed at helping network engineers move beyond basic port-recovery use cases and unlock the broader capabilities of on-box automation.

0
ProgrammingDEV Community ·

Fan Builds GeoGuessr-Style Browser Game for Super Mario Odyssey

A developer has created OdysseyGuessr, a browser-based game inspired by GeoGuessr that tests players' memory of Super Mario Odyssey's in-game worlds. Players are shown a screenshot from one of the game's Kingdoms and must pin the correct location on a map, with precision determining the score. The game supports both single-player modes with customizable rounds and real-time multiplayer featuring a 5,000 HP battle system. Community members can submit locations, which are reviewed through built-in admin moderation tools. OdysseyGuessr is an unofficial fan project with no affiliation to Nintendo and is currently available to play in the browser.

0
ProgrammingDEV Community ·

Developer Builds Real-Time Solana-Snowflake Pipeline to Score World Cup Fan Conviction

A developer created FERVOR, a real-time conviction oracle that tracks World Cup fandom by analyzing on-chain wallet behavior across 16 country tokens on Solana. The system ingests live swap and transfer data via Helius, processes it through a six-stage pipeline using Snowflake Dynamic Tables and Cortex ML, and writes computed scores back to a Solana devnet oracle account every five minutes. Conviction is measured by metrics such as how long wallets hold a team's token, with Argentina currently leading at an average hold time of 109 days. The project was built as a Weekend Hackathon submission targeting best use of both Snowflake and Solana, demonstrating a bidirectional data loop between the two platforms. A live Streamlit-in-Snowflake dashboard surfaces analytics including anomaly detection, forecasts, and AI-generated briefs without requiring external hosting.

0
ProgrammingDEV Community ·

BroncoCTF 'Lovely Login' Challenge Solved via robots.txt Leak, Not Injection

A Capture The Flag web challenge called 'Lovely Login' featured a login form backed by an Express API that appeared vulnerable to NoSQL operator injection, but server-side type-checking blocked all such attempts. The real vulnerability was discovered through standard web reconnaissance: the site's robots.txt file contained a disallowed path pointing to an internal documentation page at /security, along with a base64-encoded string that decoded to a list of valid usernames. The /security page revealed that user passwords were simply the reverse of their usernames — a predictable, non-random derivation scheme. Combining the decoded username list with this logic immediately produced valid credentials for the admin account. The root cause was twofold: sensitive internal notes were left publicly accessible in production, and robots.txt was mistakenly relied upon as an access control mechanism rather than a mere crawler directive.