Tags: cryptography discrete-log

Rating: 5.0

Hey guys back with another set of few writeups.

# **CRYPTO**

## Discrete Superlog-:
> description:

You've heard of discrete log...now get ready for the discrete superlog.

Server 1: nc crypto.2020.chall.actf.co 20603

Server 2: nc 3.234.224.95 20603

Server 3: nc 3.228.7.55 20603

Author: lamchcl

### Solution:

When we connect to the server,we were greeted with this

![image](assets/disc_log.png)

So from the description we know we need to do something with *discrete log* . But then analyzing this opertor **^^** , we found that this is something we known as [Tetration](https://en.wikipedia.org/wiki/Tetration).
So in [Discrete log](https://en.wikipedia.org/wiki/Discrete_logarithm) , for a function (a^x)=b mod p we need to find x by using baby-step giant-step method. But here the things are different and as they *Discrete superlog*.

So let's brute the value of x , in simple words we check for each value of x.
Having [Fermat's Little Theorem](https://en.wikipedia.org/wiki/Fermat%27s_little_theorem) in mind, I know pow(a,x,p)=pow(a,x mod(phi(p)),p ) where phi() is euler totient function.

So whenever the power raised is getting bigger we will make it smaller by taking modulo over phi(p).Using simple recursion will help it.

##### Termination:
The program will terminate when finally the power raised is getting modulo 1 or we would say phi(phi(phi....(p)....))=1.
After then the answer will be same for every x.


def tet(a,x,p):
if p==1 or x==0:
return 1
phi=totient(p)
return pow(a,tet(a,x-1,phi),p)


After testing over some values:

>>> tet(5,1,37)
5
>>> tet(5,2,37)
17
>>> tet(5,3,37)
35
>>> tet(5,4,37)
35
>>> tet(5,5,37)
35


Here is our final script:

python
from pwn import *
from sympy.ntheory import totient

def tet(a,x,p):
if p==1 or x==0:
return 1
phi=totient(p)
return pow(a,tet(a,x-1,phi),p)

r=remote("crypto.2020.chall.actf.co",20603)
level=1

while 1:
if level>10:
print(r.recv())
exit()
print(r.recvuntil("...\n"))
details=r.recv()
values=details.split("\n")[:-1]
print(values)
p=int(values[0].split()[-1])
a=int(values[1].split()[-1])
b=int(values[2].split()[-1])
x=0
while 1:
c=tet(a,x,p)
if c == b:
break
x+=1
print("x value : " + str( x ) )
r.sendline(str(x))
level+=1

r.close()


We got [this response](assets/discsuperlog_response.txt) for the above [script](assets/dec_disclog.py):

![image](assets/flag_disclog.png)

Here is our flag:actf{lets_stick_to_discrete_log_for_now...}

## Wacko Images-:
> description:

How to make hiding stuff a e s t h e t i c? And can you make it normal again? [enc.png](assets/enc.png) [image-encryption.py](assets/image-encryption.py)

Author: floorthfloor

### Solution:
So we are given a script which just encrypt the value of [r,g,b] values of each pixel in the image. And makes the image completely gibberish from outside.

![image](assets/enc.png)

The given script:
python
from numpy import *
from PIL import Image

flag = Image.open(r"flag.png")
img = array(flag)

key = [41, 37, 23]

a, b, c = img.shape

for x in range (0, a):
for y in range (0, b):
pixel = img[x, y]
for i in range(0,3):
pixel[i] = pixel[i] * key[i] % 251
img[x][y] = pixel

enc = Image.fromarray(img)
enc.save('enc.png')

So if we see the script we found that values are multiplied by key array. So we need to just divide it (*modular division*) :smiley: .

Here is our [script](assets/dec.py):

python
from numpy import *
from PIL import Image
from gmpy2 import *

flag = Image.open(r"enc.png")
img = array(flag)

key = [41, 37, 23]
invkey=[invert(k,251) for k in key]

a, b, c = img.shape

for x in range (0, a):
for y in range (0, b):
pixel = img[x, y]
for i in range(0,3):
pixel[i] = pixel[i] * invkey[i] % 251
img[x][y] = pixel

dec = Image.fromarray(img)
dec.save('flag.png')


Voila! we got the flag:
![image](assets/flag.png)

There is our flag : actf{m0dd1ng_sk1llz}