Jay Bosamiya Software Security Researcher

CTF-Writeups


Mixed (Google CTF 2022)

A byte-compiled Python file, with a patch to the cpython source showing that the opcodes have been scrambled. Let's go! Read more...

crypto🔨 (pbctf 2020)

We need to recover the flag from a file that has been encrypted using a random 40000 byte long key using a custom encryption routine, using only the 1 known ciphertext. Overall I found this challenge to be quite interesting and well designed. Only 3 teams solved it over the course of the 48 hour contest (organized by Perfect Blue), and it had a final score of 443 points. This post describes how I solved... Read more...

RSA Chained (Dragon CTF Teaser 2019)

In this challenge, we need to recover a message that is encrypted through 4 different RSA keys, while knowing some of the bits of the private keys. In particular, we are given code that generates 4 different RSA keys (of ~2100 bits each), permutes them, encrypts the flag by each of them in succession, and then provides us the encrypted flag. Additionally, we are given the moduli of the keys, as well as the lower... Read more...

Exploiting Chrome V8: Krautflare (35C3 CTF 2018)

In this challenge, we had to obtain remote code execution, simply by exploiting a 1-day bug that forgot the difference between -0 and +0. This has probably been one of the most difficult, fun, and frustrating bugs I have ever exploited. Read more...

HITCON CTF 2018 - Lost Modulus

Last weekend was HITCON CTF 2018, and it was really awesome! I personally spent time on various super interesting challenges. Below is just one of them that I happened to solve on the first day. I found to be particularly interesting to solve since I never have had a chance to dive into any homomorphic encryption systems before. Read more...