From 1eabc67732934683f0f66693f0b6c67ad8c343ac Mon Sep 17 00:00:00 2001
From: SI <si@local>
Date: Thu, 4 Apr 2024 02:21:47 +0200
Subject: [PATCH] don't take the raw flag string as the private key, process it
 through Keccak-256 for proper diffusion

this alleviates the need to manually write flags that are 64 characters long to protect against cryptanalysis

this changes the encoding -- players need to use the same encoding for submissions as the one used to post challenges
---
 flag_encoder/index.html | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/flag_encoder/index.html b/flag_encoder/index.html
index 6f2a92f..37d4e8c 100644
--- a/flag_encoder/index.html
+++ b/flag_encoder/index.html
@@ -25,19 +25,14 @@
 
 		function getPrivateKey() {
 			var s = inpFlag.value;
-			var k = new BN(0);
 			var h = "0x";
 			if (s.slice(0, 5) !== "CCTF{" || s.slice(-1) !== "}")
 				return null;
 			for (i in s) {
 				var c = s.charCodeAt(i);
-				k = k.muln(16).addn(c);
 				h += c.toString(16).padStart(2, "0");
 			}
-			if (k.mod(secp256k1n).eqn(0)) {
-				return null;
-			}
-			return h;
+			return "0x" + new BN(keccak256(h).slice(2), 16).mod(secp256k1n).toString(16).padStart(64, 0);
 		}
 
 		function updateOutputValues(ev) {