don't take the raw flag string as the private key, process it through Keccak-256 for proper diffusion

this alleviates the need to manually write flags that are 64 characters long to protect against cryptanalysis

this changes the encoding -- players need to use the same encoding for submissions as the one used to post challenges
main
SI 2024-04-04 02:21:47 +02:00
parent 0a7fca68dd
commit 1eabc67732
1 changed files with 1 additions and 6 deletions

View File

@ -25,19 +25,14 @@
function getPrivateKey() { function getPrivateKey() {
var s = inpFlag.value; var s = inpFlag.value;
var k = new BN(0);
var h = "0x"; var h = "0x";
if (s.slice(0, 5) !== "CCTF{" || s.slice(-1) !== "}") if (s.slice(0, 5) !== "CCTF{" || s.slice(-1) !== "}")
return null; return null;
for (i in s) { for (i in s) {
var c = s.charCodeAt(i); var c = s.charCodeAt(i);
k = k.muln(16).addn(c);
h += c.toString(16).padStart(2, "0"); h += c.toString(16).padStart(2, "0");
} }
if (k.mod(secp256k1n).eqn(0)) { return "0x" + new BN(keccak256(h).slice(2), 16).mod(secp256k1n).toString(16).padStart(64, 0);
return null;
}
return h;
} }
function updateOutputValues(ev) { function updateOutputValues(ev) {