Play & Learn With CryptoHack
Written by Nikos Vaggalis   
Sunday, 19 April 2020

CryptoHack is a fun way to learn cryptography and also acquire valuable CTF skills. Through a series of puzzles, it challenges you to break bad implementations of "modern" crypto, such as AES, RSA, and Elliptic-curves. 

Although CryptoHack took its inspiration from Capture the Flag competitions, it focuses exclusively on their cryptography aspects, that is breaking ciphers, decrypting, encoding and converting between formats. Its challenges include: 

  • Downloading vulnerable source code and determining how to crack the output.
  • Making web requests to a server and slowly extracting confidential data.
  • Connecting to a port and performing a man-in-the-middle attack on two parties trying to communicate. 

Completing each challenge reveals a "flag", a string such as:

 "crypto{th15_1s_4_fl4g}" 

which you have to enter in order to gain points: 

Several of the challenges are dynamic and require you to communicate using netcat or other tools to send raw data over a socket.For example the second introductory challenge requires us to connect on port 11111 netcat in order to receive the flag, which is a simple as:

$ nc socket.cryptohack.org 11111

or the next one where you establish bidrectional communication to the cryptohack server to send it a JSON object with key "buy" and value "flag":

$ nc socket.cryptohack.org 11112

Welcome to netcat's flag shop!
What would you like to buy?
I only speak JSON, I hope that's ok.

#sent:
{"buy":"flag"}

#received:
{"flag": "crypto{sh0pp1ng_f0r_fl4g5}"}

But don't let these easy challenges fool you as to the level of difficulty you're going to encounter. As you progress they become harder and harder.

While you can use converters found online for your encoding/decoding needs, like CyberChef which we covered in CyberChef - The Developer's Ultimate Toolbox, it is suggested you use a programming language in coding your solution.The organizers prefer Python 3 and provide snippets of Python source code which you can adapt to your own purposes.

The challenges also involve math, a necessary part of a cryptographer's toolbox.The initial math required is not complicated; calculating the Greatest Common Divisor, modulo or finding the square root. It's also important to note that, at least for the exercises in the math section, the later ones build on the previous ones and the way to solve them is clearly described - you only have to apply the methodology to the challenge to solve it.

As said, the challenges get harder as you progress and after the Introductory and General challenges you get to solve real cryptography, starting with Block Ciphers, moving to RSA and Diffie-Hellman and ending up with Elliptic Curves and Misc - a category with interesting stuff that didn't fit anywhere else. It is from those categories on that you get down with the tough Math and Python code and not as much on breaking into remote systems. In any case, by going through the challenges you get acquainted with the concepts of Cryptography, learn the differences between the types of ciphers and have fun like playing a game.

While CryptoHack is a gamified environment with a Scoreboard where you compete with other players, I could certainly imagine it as part of a degree in CS or Cryptography where students can get practical experience in applying cryptography to fun challenges. It's free too!

If you want to also freshen up your general Crypto knowledge, we previously recommended the excellent, free, Crypto 101 ebook.

 

More Information

CryptoHack

Related Articles

CyberChef - The Developer's Ultimate Toolbox 

Crypto 101 - A Free eBook

A MIT Crash Course On Hacker Tools

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook or Linkedin.

Banner


Angular 11 Released With Byelog Goal Complete
17/11/2020

Angular 11 has been released with updates across the platform including the framework, the CLI and components. More specifically, the new version enforces stricter types and has automatic inlining of  [ ... ]



MongoDB Trends
09/11/2020

A report that looks at trends in the usage of MongoDB alongside  SQL and other NoSQL database technologies, reveals a decline in SQL-only technologies at the same time as the adoption of&nbs [ ... ]


More News

square

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Sunday, 19 April 2020 )