Crypto CTF Workflow

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ

Triage checklist

  1. ์–ด๋–ค ๊ฒƒ์ด ์žˆ๋Š”์ง€ ํŒŒ์•…: ์ธ์ฝ”๋”ฉ vs ์•”ํ˜ธํ™” vs ํ•ด์‹œ vs ์„œ๋ช… vs MAC.
  2. ์–ด๋–ค ํ•ญ๋ชฉ์ด ์ œ์–ด๋˜๋Š”์ง€ ํŒ๋‹จ: plaintext/ciphertext, IV/nonce, key, oracle (padding/error/timing), partial leakage.
  3. ๋ถ„๋ฅ˜: symmetric (AES/CTR/GCM), public-key (RSA/ECC), hash/MAC (SHA/MD5/HMAC), classical (Vigenere/XOR).
  4. ๊ฐ€๋Šฅ์„ฑ์ด ๋†’์€ ๊ฒ€์‚ฌ๋ถ€ํ„ฐ ๋จผ์ € ์ ์šฉ: decode layers, known-plaintext XOR, nonce reuse, mode misuse, oracle behavior.
  5. ํ•„์š”ํ•œ ๊ฒฝ์šฐ์—๋งŒ ๊ณ ๊ธ‰ ๊ธฐ๋ฒ•์œผ๋กœ ํ™•๋Œ€: lattices (LLL/Coppersmith), SMT/Z3, side-channels.

Online resources & utilities

์ด ๋ฆฌ์†Œ์Šค๋“ค์€ ์‹๋ณ„ ๋ฐ ๋ ˆ์ด์–ด ๋ฒ—๊ธฐ๊ธฐ(layer peeling)๋ฅผ ํ•˜๊ฑฐ๋‚˜ ๊ฐ€์„ค์„ ๋น ๋ฅด๊ฒŒ ๊ฒ€์ฆํ•  ๋•Œ ์œ ์šฉํ•˜๋‹ค.

Hash lookups

Identification helpers

  • CyberChef (Magic, decode, convert): https://gchq.github.io/CyberChef/
  • dCode (ciphers/encodings playground): https://www.dcode.fr/tools-list
  • Boxentriq (substitution solvers): https://www.boxentriq.com/code-breaking

Practice platforms / references

  • CryptoHack (hands-on crypto challenges): https://cryptohack.org/
  • Cryptopals (classic modern crypto pitfalls): https://cryptopals.com/

Automated decoding

  • Ciphey: https://github.com/Ciphey/Ciphey
  • python-codext (tries many bases/encodings): https://github.com/dhondta/python-codext

Encodings & classical ciphers

Technique

๋งŽ์€ CTF crypto ๋ฌธ์ œ๋Š” base encoding + simple substitution + compression ๊ฐ™์€ ๋ ˆ์ด์–ดํ˜• ๋ณ€ํ™˜์ด๋‹ค. ๋ชฉํ‘œ๋Š” ๋ ˆ์ด์–ด๋ฅผ ์‹๋ณ„ํ•˜๊ณ  ์•ˆ์ „ํ•˜๊ฒŒ ๋ฒ—๊ธฐ๋Š” ๊ฒƒ์ด๋‹ค.

Encodings: try many bases

๋ ˆ์ด์–ด ์ธ์ฝ”๋”ฉ์ด ์˜์‹ฌ๋˜๋ฉด (base64 โ†’ base32 โ†’ โ€ฆ) ๋‹ค์Œ์„ ์‹œ๋„ํ•˜๋ผ:

  • CyberChef โ€œMagicโ€
  • codext (python-codext): codext <string>

Common tells:

  • Base64: A-Za-z0-9+/= (ํŒจ๋”ฉ =๊ฐ€ ํ”ํ•จ)
  • Base32: A-Z2-7= (์ข…์ข… ๋งŽ์€ = ํŒจ๋”ฉ)
  • Ascii85/Base85: ๊ตฌ๋‘์ ์ด ๋นฝ๋นฝํ•จ; ๋•Œ๋•Œ๋กœ <~ ~>๋กœ ๊ฐ์‹ธ์ง

Substitution / monoalphabetic

  • Boxentriq cryptogram solver: https://www.boxentriq.com/code-breaking/cryptogram
  • quipqiup: https://quipqiup.com/

Caesar / ROT / Atbash

  • Nayuki auto breaker: https://www.nayuki.io/page/automatic-caesar-cipher-breaker-javascript
  • Atbash: http://rumkin.com/tools/cipher/atbash.php

Vigenรจre

Bacon cipher

์ข…์ข… 5๋น„ํŠธ ๋˜๋Š” 5๊ธ€์ž ๊ทธ๋ฃน์œผ๋กœ ๋‚˜ํƒ€๋‚œ๋‹ค:

00111 01101 01010 00000 ...
AABBB ABBAB ABABA AAAAA ...

Morse

.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-

Runes

Runes๋Š” ์ž์ฃผ ์น˜ํ™˜ ์•ŒํŒŒ๋ฒณ์ž…๋‹ˆ๋‹ค; โ€œfuthark cipherโ€œ๋ฅผ ๊ฒ€์ƒ‰ํ•˜๊ณ  ๋งคํ•‘ ํ…Œ์ด๋ธ”์„ ์‹œ๋„ํ•ด๋ณด์„ธ์š”.

์ฑŒ๋ฆฐ์ง€์—์„œ์˜ ์••์ถ•

Technique

์••์ถ•์€ ์ถ”๊ฐ€ ๋ ˆ์ด์–ด๋กœ ์ž์ฃผ ๋“ฑ์žฅํ•ฉ๋‹ˆ๋‹ค (zlib/deflate/gzip/xz/zstd), ๋•Œ๋กœ๋Š” ์ค‘์ฒฉ๋˜๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค. ์ถœ๋ ฅ์ด ๊ฑฐ์˜ ํŒŒ์‹ฑ๋˜์ง€๋งŒ ์—‰๋ง์œผ๋กœ ๋ณด์ธ๋‹ค๋ฉด ์••์ถ•์„ ์˜์‹ฌํ•˜์„ธ์š”.

Quick identification

  • file <blob>
  • ๋งค์ง ๋ฐ”์ดํŠธ๋ฅผ ์ฐพ์•„๋ณด์„ธ์š”:
  • gzip: 1f 8b
  • zlib: often 78 01/9c/da
  • zip: 50 4b 03 04
  • bzip2: 42 5a 68 (BZh)
  • xz: fd 37 7a 58 5a 00
  • zstd: 28 b5 2f fd

Raw DEFLATE

CyberChef has Raw Deflate/Raw Inflate, which is often the fastest path when the blob looks compressed but zlib fails.

์œ ์šฉํ•œ CLI

python3 - <<'PY'
import sys, zlib
data = sys.stdin.buffer.read()
for wbits in [zlib.MAX_WBITS, -zlib.MAX_WBITS]:
try:
print(zlib.decompress(data, wbits=wbits)[:200])
except Exception:
pass
PY

์ผ๋ฐ˜์ ์ธ CTF crypto ๊ตฌ์„ฑ

๊ธฐ๋ฒ•

์ด๊ฒƒ๋“ค์€ ํ˜„์‹ค์ ์ธ ๊ฐœ๋ฐœ์ž ์‹ค์ˆ˜์ด๊ฑฐ๋‚˜ ์ž˜๋ชป ์‚ฌ์šฉ๋œ ์ผ๋ฐ˜์ ์ธ ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ์ด๊ธฐ ๋•Œ๋ฌธ์— ์ž์ฃผ ๋“ฑ์žฅํ•ฉ๋‹ˆ๋‹ค. ๋ชฉํ‘œ๋Š” ๋ณดํ†ต ์ด๋ฅผ ์‹๋ณ„ํ•˜๊ณ  ์•Œ๋ ค์ง„ ์ถ”์ถœ ๋˜๋Š” ์žฌ๊ตฌ์„ฑ ์›Œํฌํ”Œ๋กœ์šฐ๋ฅผ ์ ์šฉํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.

Fernet

์ผ๋ฐ˜์ ์ธ ํžŒํŠธ: ๋‘ ๊ฐœ์˜ Base64 ๋ฌธ์ž์—ด (token + key).

  • Decoder/notes: https://asecuritysite.com/encryption/ferdecode
  • In Python: from cryptography.fernet import Fernet

Shamir Secret Sharing

์—ฌ๋Ÿฌ shares๊ฐ€ ๋ณด์ด๊ณ  ์ž„๊ณ„๊ฐ’ t๊ฐ€ ์–ธ๊ธ‰๋˜์–ด ์žˆ๋‹ค๋ฉด, ์ด๋Š” Shamir์ผ ๊ฐ€๋Šฅ์„ฑ์ด ๋†’์Šต๋‹ˆ๋‹ค.

  • Online reconstructor (handy for CTFs): http://christian.gen.co/secrets/

OpenSSL salted formats

CTF์—์„œ๋Š” ๋•Œ๋•Œ๋กœ openssl enc ์ถœ๋ ฅ(ํ—ค๋”๊ฐ€ ์ข…์ข… Salted__๋กœ ์‹œ์ž‘)์„ ์ œ๊ณตํ•ฉ๋‹ˆ๋‹ค.

Bruteforce helpers:

์ผ๋ฐ˜ ๋„๊ตฌ ๋ชจ์Œ

  • RsaCtfTool: https://github.com/Ganapati/RsaCtfTool
  • featherduster: https://github.com/nccgroup/featherduster
  • cryptovenom: https://github.com/lockedbyte/cryptovenom

๊ถŒ์žฅ ๋กœ์ปฌ ์„ค์ •

์‹ค์šฉ์ ์ธ CTF ์Šคํƒ:

  • Python + pycryptodome for symmetric primitives and fast prototyping
  • SageMath for modular arithmetic, CRT, lattices, and RSA/ECC work
  • Z3 for constraint-based challenges (when the crypto reduces to constraints)

๊ถŒ์žฅ Python ํŒจํ‚ค์ง€:

pip install pycryptodome gmpy2 sympy pwntools z3-solver

Tip

AWS ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ:HackTricks Training AWS Red Team Expert (ARTE)
GCP ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training GCP Red Team Expert (GRTE) Azure ํ•ดํ‚น ๋ฐฐ์šฐ๊ธฐ ๋ฐ ์—ฐ์Šตํ•˜๊ธฐ: HackTricks Training Azure Red Team Expert (AzRTE)

HackTricks ์ง€์›ํ•˜๊ธฐ