Diffie-Helman Key Exchange (PicoCTF 2022 #32 'diffie-helman')

Рет қаралды 21,130

2 жыл бұрын

Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻‍💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc

Пікірлер: 42

@pike4978 2 жыл бұрын

I'm taking a cryptography class right now so this was fun for me. I actually decided to crack the message with pen and paper to test what I've learned, only took about 10 minutes. One thing I've learned about cybersecurity is that adversaries won't necessarily approach your security in the same way you designed it. In the case of a DH with p=13, there are only 12 possible shift values that Alice and Bob could have landed on. So if you wanted to approach this like a hacker then trying to decrypt their message through brute force would make it a lot easier.

@Lodinn 2 жыл бұрын

If you wanted to approach it like a hacker, you wouldn't care about the shift value at all. Brute forcing 13 values is no different from brute forcing 35.

@OfficialSlippedHalo Жыл бұрын

Just following along casually, reached the stuck part and I want to just write down my guess on the issue before he solves it: Im guessing the fault is that the cypher is relying on a single alphanumeric alphabet with a shift of 5, rather than separate alphabets for ascii and digits, i.e Z shifts to 0, 9 shifts to A etc Edit: feels nice that i was on the right track

@passerby184 2 жыл бұрын

this kinda feels like it'd be faster to broteforce Ciser ciper

@seanvinsick5271 2 жыл бұрын

A deque (deck) is a double ended queue. You can search, push and pop from both sides.

@ecjb1969 2 жыл бұрын

If the rotation is letters and numbers, the rotation space is 26 + 10 or 36. Rotating by -5 would then be 31 I think. Maybe use ABC…Z01…9 or something similar to wrap around, not just A-Z 0-9?

@Lodinn 2 жыл бұрын

That's what half of this video was spent on. Apparently for modern people rotating 26 and 10 separately is more intuitive than lumping them together :)

@allurbase 2 жыл бұрын

@MorningStarChrist 2 жыл бұрын

You may be able to find the answer using letter frequency analysis. and some leetspeech permutations

@franckchiron9848 2 жыл бұрын

Took me an awful lot of time to get that one. You shouldn't feel bad, though : I think it's kind of a tunnel effect. We are so used to work on alphabet and digits separately at ASCII level that considering them as a whole is counter-intuitive. I guess that was a good one to help up keep our brain elasticity :)

@Lodinn 2 жыл бұрын

Funny how modern cryptography experts get puzzled by what people did historically ;)

@poprivest4715 2 жыл бұрын

Paused it at around 23:00 and did it by hand and quickly realized how the numbers were integrated to the rotation ;) (...X,Y,Z,1,...,9,A,B,C...)

@FunkadelicFeed Жыл бұрын

Why can't I find this? After “buffer-overflow1" it shows “forbidden paths" as the next challenge for me :/

@mehrzaden359 2 жыл бұрын

it was one of best thanks

@lordspacecake5565 2 жыл бұрын

Very informative video

@bladesvlogs4965 Жыл бұрын

So they ended up being 1 long string and shifted across? 👍 Glad it was you working it out 😂

@verolyn8459 2 жыл бұрын

I literally did what you do when decrypting it.

@JackTheDev 2 жыл бұрын

i was just saying, no, no, when i saw only letters and no numbers in the shift :(

@mahkhi7154 2 жыл бұрын

Windows Mobile uses the Edge browser which uses Webkit/Blink.

@mohamadyakteen8710 Жыл бұрын

At 9:40 , if you continued scrolling down to ROT31 you would have found the correct Flag...

@adityavikramsinha408 2 жыл бұрын

Smartie

@tylercoombs1 2 жыл бұрын

Cyber Chef is a good place to tinker with encryption

@Joel-gf4zl Жыл бұрын

Exactly what I was going to suggest. Cyber Chef is great.

@bhagyalakshmi1053 11 ай бұрын

How to management which one project

@bhagyalakshmi1053 11 ай бұрын

Other examples rock ,sys admin moor explain deep class

@bhagyalakshmi1053 11 ай бұрын

Scissor cyber also in farming in the class what the video

@bhagyalakshmi1053 11 ай бұрын

Terminal open how to open

@sandeepd6104 Жыл бұрын

Can you please make a video on RSA decryption with python

@bhagyalakshmi1053 11 ай бұрын

How to dissolution in the 🗝️

@mahkhi7154 2 жыл бұрын

Android uses Chrome which uses Webkit/Blink.

@flyingtiger123 Жыл бұрын

the challenge has disappeared!!: (

@bhagyalakshmi1053 11 ай бұрын

Video rept explain. Cvr

@Colaholiker 2 жыл бұрын

Thumbs down for not using an f-string in the end! :-P (Just kidding, I would never do that)

@mahkhi7154 2 жыл бұрын

The Reason the PS5 Hack worked is because the Playstation Engineers thought We couldn't Unravel their Operating system Encryption. If they thought we Could Unravel their Operating System Encryption, then they would have Blocked the Webkit Exploit. That would have made Chrome Slower and not Work on Low Powered smartphones. The Windows / Internet explorer Guys gained More of Our Windows Architecture. Internet Explorer is Faster cause of this. Chrome is Faster because of the Unchecked buffer overflow vulnerability. If they Closed that Vulnerability, Chrome would have gone slower than Internet Explorer and Not work on low end Phones. They didn't Close the hole as they Thought We Couldn't Unravel their Operating System Encryption.

@brennenmcminn2387 2 жыл бұрын

Hey I just learned about DH on CBTnuggets

@bhagyalakshmi1053 11 ай бұрын

Password 🔑

@ac1d8urn 2 жыл бұрын

Literally shouting at the screen for 10 minutes ;-)

@ShootingUtah 2 жыл бұрын

Pretty sure they intended you to use a reference alphabet of a-z1-9 all as one. I haven't worked the problem personally but that's my idea while watching you struggle.

@bhagyalakshmi1053 11 ай бұрын

Repeating repeating coming for you videos

@vdk996 Жыл бұрын

WTF?????? are u a human ?

@MikeDSutton 2 жыл бұрын

translate is your friend: key = string.ascii_uppercase + string.digits message = "H98A9W_H6UM8W_6A_9_D6C_5ZCI9C8I_D9FF6IFD" print(message.translate(string.maketrans(key, key[-5:] + key[:-5])))