# pretty-linear

Writeup from Junior 35c3CTF’18

# Junior 35c3CTF 2018: pretty-linear

Category: Crypto
Challenge Points: 158
Solves: 28

Description:

This challenge objective was pretty clear - Solve Linear Equation with 40 unknowns

Now starting with *server.py*, we have three sets of variables,

1. key
• unknown, find 40 of them to get flag
1. challenge
• 40 integers per stream, we have 40 of them
1. response
• 1 response per stream, again 40 of them

## Analysing surveilance.pcap with Wireshark

Open the packet capture file with Wireshark. We see mostly TCP packets, and to analyse the TCP packets, click

Analyse > Follow > TCP stream

We have 40 such streams of which, the blue ones are the challenge, and the red ones are response.

### Extracting data using tshark

The following bash script will extract the data from surveilance.pcap

extract.sh

## Solving Linear Equations using Matrices

Again, from *server.py*, we get

response = sum(x*y%p for x, y in zip(challenge, key))

So, finally with all the 40 files, we get 40 such equations (where i=range(40) )

response[i] = sum(x*y%p for x, y in zip(challenge[i], key))

Solving linear equation of 40 unknowns can be done easily with Matrices.
,reference

Thus, the key will be

## Solving for key using Sage

To calculate the InverseMod(p) of the Matrix challenge, sage provides an easy way to this:

challenge_inv = Matrix(IntegerModRing(p),challenge).inverse()

Matrix multiplication of challenge_inv and response yeilds the key

key = challenge_inv * response

All we have to do next is, create the AES instance using the AES_key = sha256(key)

## FLAG

35C3_G4uss_w0uld_b3_so_pr0ud_of_y0u_r1ght_n0w

## Complete Script

P.S you need to install sage to run the script

\$sage exploit.sage