📚 Add boston-key-party skeletons, see ctfs#345 .

boston-key-party-2014/README.md

@@ -0,0 +1,16 @@
+# Boston Key Party CTF 2014 write-ups
+
+* <http://bostonkeyparty.net/>
+* [Scoreboard](scoreboard.png)
+
+## Completed write-ups
+
+* none yet
+
+## External write-ups only
+
+* none yet
+
+## Missing write-ups
+
+* none yet

boston-key-party-2014/crypto/differential_power/README.md

@@ -0,0 +1,17 @@
+# Boston Key Party CTF 2014: Differential Power
+
+**Category:** Crypto
+**Points:** 400
+**Description:**
+
+> we hooked up a power meter to this encryption box. we don't know the key. that's what we want to know. you can encrypt any string of 8 characters on the service http://54.218.22.41:6969/string_to_encrypt
+>
+> [http://bostonkeyparty.net/challenges/encrypt.asm-63541b9c26815fc4d16c7933efe5dd41](encrypt.asm-63541b9c26815fc4d16c7933efe5dd41)
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

boston-key-party-2014/crypto/differential_power/encrypt.asm-63541b9c26815fc4d16c7933efe5dd41

@@ -0,0 +1,79 @@
+add $t1, $zero, $zero# clear out $t1 ; 00004820
+addi $t1, $t1, 0x9e# TEA magic is 0x9e3779b7 ; 2129009E
+sll $t1, $t1, 8# shift out making room in the bottom 4; 00094a00
+addi $t1, $t1, 0x37 ; 21290037
+sll $t1, $t1, 8 ; 00094a00
+addi $t1, $t1, 0x79 ; 21290079
+sll $t1, $t1, 8 ; 00094a00
+addi $t1, $t1, 0xb9 # now $t1 holds the magic 0x9e3779b9 ; 212900b9
+add $t2, $zero, $zero# $t2 is the counter ; 00005020    
+add $t0, $zero, $zero# $t0 is the sum ; 00004020        
+lw $t8, $zero, 8# k0 mem[8-23] = k ; 8c180008   
+lw $s7, $zero, 12# k1 ; 8C17000C
+lw $s6, $zero, 16# k2 ; 8C160010
+lw $t3, $zero, 20# k3 now our keys are in registers ;  8c0b0014 
+lw $t7, $zero, 0# v0 mem[0-7] = v ; 8c0f0000
+lw $t6, $zero, 4# v1, our plaintext is in the registers ; 8c0e0004
+loop: add $t0, $t0, $t1# sum+=delta ; 01094020
+sll $s4, $t6, 4# (v1 << 4) ; 000ea100   
+add $s4, $s4, $t8# +k0  part 1 is in s4 ; 0298a020  
+add $s3, $t6, $t0# (v1 + sum) part 2 is in s3 ; 01c89820    
+srl $s2, $t6, 5# (v1 >> 5) ; 000e9142   
+add $s2, $s2, $s7# +k1, now do the xors part 3 in s2 ; 02579020 
+xor $s1, $s2, $s3# xor 2 and 3 parts ; 02728826
+xor $s1, $s1, $s4# xor 1(2,3) ; 2348826
+add $t7, $t7, $s1# done with line 2 of the tea loop ; 01f17820  
+sll $s4, $t7, 4# (v0 << 4) ; 000fa100
+add $s4, $s4, $s6# +k2 part 1 in s4 ; 0296a020  
+add $s3, $t7, $t0# (v0 + sum) part 2 in s3  ; 01e89820  
+srl $s2, $t7, 5# (v0 >> 5) ; 000f9142   
+add $s2, $s2, $t3# +k3 part 2 in s2 ; 024b9020  
+xor $s1, $s2, $s3# xor 2 and 3 parts ; 2728826
+xor $s1, $s1, $s4# xor 1(2,3) ; 2348826
+add $t6, $t6, $s1# done with line 2! ; 01d17020 
+addi $s0, $zero, 32# for compare ; 20100020 
+addi $t2, $t2, 1# the counter ; 214a0001    
+bne $t2, $s0, 17# bne loop, now save back to the memory ; 15500010  
+; here t6 and t7 are the two values we need :-)
+
+
+
+00004820
+2129009E
+00094a00
+21290037
+00094a00
+21290079
+00094a00
+212900b9
+00005020
+00004020
+8c180008    
+8C17000C
+8C160010
+8c0b0014
+8c0f0000
+8c0e0004
+01094020
+000ea100
+0298a020
+01c89820
+000e9142
+02579020
+02728826
+02348826
+01f17820
+000fa100
+0296a020
+01e89820
+000f9142
+024b9020
+02728826
+02348826
+01d17020
+20100020
+214a0001
+15500010
+
+000048202129009E00094a002129003700094a002129007900094a00212900b900005020000040208c1800088C17000C8C1600108c0b00148c0f00008c0e000401094020000ea1000298a02001c89820000e914202579020027288260234882601f17820000fa1000296a02001e89820000f9142024b9020027288260234882601d1702020100020214a000115500010
+

boston-key-party-2014/crypto/door_1/README.md

@@ -0,0 +1,17 @@
+# Boston Key Party CTF 2014: Door 1
+
+**Category:** Crypto
+**Points:** 500
+**Description:**
+
+> You need to open door no 5 in a secret facility. We have been trying to brute-force the door without success. One of our agents was able to infiltrate the control room and take a picture. The server is known to use some kind of problematic random number generator for the authentication. Open the door. The service is accessible on 54.186.6.201:8901, good luck with your mission.
+>
+> [http://bostonkeyparty.net/challenges/door1-2cf3f7c1a85d3a5eb2c922c5426435a3.jpg](door1-2cf3f7c1a85d3a5eb2c922c5426435a3.jpg)
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

boston-key-party-2014/crypto/mind_your_ps_and_qs/README.md

@@ -0,0 +1,17 @@
+# Boston Key Party CTF 2014: Mind your P's and Q's!
+
+**Category:** Crypto
+**Points:** 100
+**Description:**
+
+> The flag has been split into several files, and encrypted under RSA-OAEP. Can you break ALL of the ciphertexts, and reassemble the key?
+>
+> [http://bostonkeyparty.net/challenges/challenge-cd6d19866c42e274cd09604adaf4077b.tar.gz](challenge-cd6d19866c42e274cd09604adaf4077b.tar.gz)
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

boston-key-party-2014/crypto/mitm_ii/README.md

@@ -0,0 +1,17 @@
+# Boston Key Party CTF 2014: MITM II: Electric Boogaloo
+
+**Category:** Crypto
+**Points:** 200
+**Description:**
+
+> Chisa and Arisu are trying to tell each other two halves of a very important secret! They think they're safe, because they know how cryptography works---but can you learn their terrible, terrible secret? They're available as services at 54.186.6.201:12346 and 54.186.6.201:12345 respectively.
+>
+> [http://bostonkeyparty.net/challenges/mitm2-632e4ecc332baba0943a0c6471dec2c6.tar.bz2](mitm2-632e4ecc332baba0943a0c6471dec2c6.tar.bz2)
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

boston-key-party-2014/crypto/xorxes/README.md

@@ -0,0 +1,17 @@
+# Boston Key Party CTF 2014: Xorxes the Hash
+
+**Category:** Crypto
+**Points:** 200
+**Description:**
+
+> Xorxes is a hash collision challenge. The goal is to find a second preimage for the input string "Klaatubaradanikto". Submit it as the flag.
+>
+> [http://bostonkeyparty.net/challenges/xorxes-ad7b52380d3ec704b28954c80119789a.py](xorxes-ad7b52380d3ec704b28954c80119789a.py)
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet

boston-key-party-2014/crypto/xorxes/xorxes-ad7b52380d3ec704b28954c80119789a.py

@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+import hashlib, struct, sys
+
+def RROT(b, n, wsize):
+	# eq to >>>, borrowed from bonsaiviking
+    return ((b << (wsize-n)) & (2**wsize-1)) | (b >> n)
+
+def SHA224(m):
+	sha224 = hashlib.sha224() 
+	sha224.update(m)
+	return int(sha224.hexdigest(), 16)
+
+def compress(m, c):
+	assert len(m) == 1
+
+	# calc sha224 on m
+	x = SHA224(m)
+
+	# rotate c by 28 bits xor with x
+	return x ^ RROT(c, 56, 224)
+
+# Xorxes Hash uses message blocks of 8-bits, with a 224-bit chaining variable.
+#
+#   (m_0)       (m_1)         ... (m_n)  = input message blocks
+#     |           |                 |
+#   SHA224      SHA224        ... SHA224    
+#     |           |                 |
+#  V-(+)-[>>>56]-(+)-[>>>56]- ... --+--- = chaining variable 
+#
+#  chaining variable + (message length mod 24) = hash output
+#
+def xorxes_hash(m):
+	IV = ord('M') ^ ord('i') ^ ord('t') ^ ord('h') ^ ord('r') ^ ord('a')
+
+	c = IV
+	for mb in m:
+		c = compress(mb, c)
+	out = c + ( len(m) % 24 )
+	return hex(out)[2:-1]
+
+if  __name__ =='__main__':
+	if not len(sys.argv) == 2:
+		print "python xorxes.py [message]"
+	else:
+		print xorxes_hash(sys.argv[1])

boston-key-party-2014/other/dantes_inferno/README.md

@@ -0,0 +1,17 @@
+# Boston Key Party CTF 2014: Dante's Inferno
+
+**Category:** Other
+**Points:** 50
+**Description:**
+
+> I am an evil man
+>
+> [http://bostonkeyparty.net/challenges/divine_comedy-0a7ab7132c24a772d52c124a7a5ee733.txt.torrent](divine_comedy-0a7ab7132c24a772d52c124a7a5ee733.txt.torrent)
+
+## Write-up
+
+(TODO)
+
+## Other write-ups and resources
+
+* none yet