|Play & Learn With CryptoHack|
|Written by Nikos Vaggalis|
|Sunday, 19 April 2020|
CryptoHack is a fun way to learn cryptography and also acquire valuable CTF skills. Through a series of puzzles, it challenges you to break bad implementations of "modern" crypto, such as AES, RSA, and Elliptic-curves.
Although CryptoHack took its inspiration from Capture the Flag competitions, it focuses exclusively on their cryptography aspects, that is breaking ciphers, decrypting, encoding and converting between formats. Its challenges include:
Completing each challenge reveals a "flag", a string such as:
which you have to enter in order to gain points:
Several of the challenges are dynamic and require you to communicate using netcat or other tools to send raw data over a socket.For example the second introductory challenge requires us to connect on port 11111 netcat in order to receive the flag, which is a simple as:
or the next one where you establish bidrectional communication to the cryptohack server to send it a JSON object with key "buy" and value "flag":
But don't let these easy challenges fool you as to the level of difficulty you're going to encounter. As you progress they become harder and harder.
While you can use converters found online for your encoding/decoding needs, like CyberChef which we covered in CyberChef - The Developer's Ultimate Toolbox, it is suggested you use a programming language in coding your solution.The organizers prefer Python 3 and provide snippets of Python source code which you can adapt to your own purposes.
The challenges also involve math, a necessary part of a cryptographer's toolbox.The initial math required is not complicated; calculating the Greatest Common Divisor, modulo or finding the square root. It's also important to note that, at least for the exercises in the math section, the later ones build on the previous ones and the way to solve them is clearly described - you only have to apply the methodology to the challenge to solve it.
As said, the challenges get harder as you progress and after the Introductory and General challenges you get to solve real cryptography, starting with Block Ciphers, moving to RSA and Diffie-Hellman and ending up with Elliptic Curves and Misc - a category with interesting stuff that didn't fit anywhere else. It is from those categories on that you get down with the tough Math and Python code and not as much on breaking into remote systems. In any case, by going through the challenges you get acquainted with the concepts of Cryptography, learn the differences between the types of ciphers and have fun like playing a game.
While CryptoHack is a gamified environment with a Scoreboard where you compete with other players, I could certainly imagine it as part of a degree in CS or Cryptography where students can get practical experience in applying cryptography to fun challenges. It's free too!
or email your comment to: firstname.lastname@example.org
|Last Updated ( Sunday, 19 April 2020 )|