JerseyCTF 2026

Operation Dark Side

1
2
3
4
a382223e6e58c51ae1da88aef21bd9eac95e9179b1122e495035e489edccebaff829d8e85118d7f5c0b87368a158fea60836c8f415488a1b994565ee15099ef79cfd46ea6757bb19444e69d1013a2b1447546bf4bec10e2fdb72d8fdd718d484b005d603aa19f2e5dcb7029662603c0e1cb4b8471dae565ea06d8d08c518e05e8396c18ba71749afb0cf4855437ef898ab9eb578326198d0865527053d1eceadfc63eb29e258c80e5fae7493d79f80dc0bc8fc9a2a62d10fb271b8d6d977c0bceefde66246883c8161c99e4031ba5bc710c910e6ac3b84d874bc227076c330e4868f5daf9d2df4cc5dd51498e1bc59070b66c07009b82d771557ab884044e3ca6644ec240848b94591cde78a0bdb4ecd595db0a634457b20a6be9897e1e36f83b262c055feb66bbb7a53194b399623d015030efd9d9f377cfb227a99fc2b0f9e3dd437c09bdb4d95a27ab1caad6ffbfb571701eb2ef84879d1ae6344a8a21fafc10124735d3d1406d54583f8482d45b53f67e2135814882d4511dd70b93f6c41e9798f1e4175445c08444a52eaeebf0fa40c63ac7bf6e501004947d71930648757e152a72823c4f4d0ccec1dcf3a082aa1584693ff62fa3c27dba5e88ebd1384a0830eda4b1a94dfc1300478354b723d2a231ae7f8cfcddaab7f5a9376b08c035a2ddfb16550fa61108166a0034534c6bd33176c62ac2c9fabdb9db7917a7e5fe6694b9c14ce9f83f70ff8b22efa4d2b3f2b9973593a88afacc158fd0efa1ac52887c4ca2fb335a8b104e198b89ea063a785fefbbed4deaae0b383dda0464e76b5708c6642598fff6f779a5309633d0cc2f088a2c6edde945ba385e9f405352b1416455393139d98330a01af6ff39cba4556a66212c7b9789cdb6ffc5d735435fb2ea78273dc0cb8526d44d1a2fbe41c77b38753522f74f964efb5c675f5e06190be2b3d22fde8e49f9a29a089f9826b8cd6de4b9987cab8b2290eb06e37326b7201316dc80c930906b7280ad80d770fd6173ef83acf7041b9925ca2177e90f3708b5cadd6e44a2049d4c151910cf54f33d21937ecb208f613112f851cd2a1d1d67b206bf33da6b6f92beb5e6a9d13b7edf404b10a37bf55bdecf0d303686c185b1fea2855cf895ce18b80b3ed2c25dd04fa35a85a2e1d0d97f18b50b4df02f6d6c4859873557c24b8228fe9267f4707626b5b48609b0422b7c58fd55346e5f874d0ce62b04ca8133d387d00143346d155eda652b8d0658bd0a8d297fc0c74ea208db7b005b8509e624bf27aa658ce7e566a9f94decb75fb13d3521992387dee3f6b2d1f78f3511e79661b91a1c2622ca725e9a3e9a6fe386b32ffe52b1daa4c70692843e745906ba74eb60786e04b13101d123bd1b5e872376dcd97171b0dad20909072d3ea6d9d95e612f60e97eb25a32377b37556ef1d9bfdc53c22f926f56c9078c2ec63a09c43f296d5c9f88d52d8d495f971779b816fa702c808ad7cb113e0a072b156649ba50a3290c29f58503ff2fd75ba5c0e3eb2d891259b0d61855bb6fb4c700dc631170507db269805b6604ba6b5bbd9cbeb4d45ac78bdb30639b2ca5b3be004023c49158905fc1889ed72d4a6ca9ad701f3507ca2fcf335933e10bb24531ca526702402975ec9225f2a4f4431d980466554673499280122f0e9bc410b426724cf853d1b908b0c411b0c565e345ba0f36e3155fb751697e2ee876a3bf3da0ff98aeb97ea92bb2f7e8101

Secret Key: ecf2584110823e9d31c049207f8034b923f213b52c1ea9a2a18661dc6063a400
IV: 91e94784686346258e6acc81009edd65

AES-ECB解密

1
2
3
4
5
6
7
8
9
10
11
12
[2026-042T14:17:55.001Z] [SEC_ALARM]: Invalid authentication on Port 8022 (SSH-Internal).
[2026-042T14:18:02.442Z] [SEC_LOG]: CRITICAL: Threat actor tried to hijack the Orion Spacecraft's cmdline linked to the Artemis Program via Port 23.
[2026-042T14:18:03.110Z] [SYS_AUDIT]: Integrity check initiated: SHA-512 mismatch on /bin/flight_core.
[2026-042T14:18:03.115Z] [SEC_LOG]: Integrity check FAILED. Potential binary injection detected.
[2026-042T14:18:04.000Z] [FSW_ALERT]: CSA-09 - Unauthorized privilege escalation on FSW bus.
[2026-042T14:18:04.500Z] [AUTO_CMD]: Security Response "TITAN-SHIELD" triggered. Initiating lock-down.
[2026-042T14:18:05.120Z] [SEC_LOG]: Executing Command: SHUTDOWN_NON_ESSENTIAL_BUS. Power cut.
[2026-042T14:18:05.150Z] [SEC_LOG]: NV_MEM_DUMP: amN0ZntyZWxheV9zYWZlX21vZGVfYWN0aXZhdGVkXzIwMjZ9
[2026-042T14:18:06.880Z] [ACS_CMD]: Reorienting to Sun-Pointed Safe Attitude. Inhibiting manual thrusters.
[2026-042T14:18:08.225Z] [RF_CMD]: Switching to Low-Gain Antenna. Ka-Band downlink disabled.
[2026-042T14:18:09.442Z] [SEC_LOG]: SAFE_MODE_V3.1 initialized. "Golden Image" boot confirmed.
[2026-042T14:18:10.001Z] [SEC_LOG]: Handshake verified via key G-882. State: READ_ONLY.

amN0ZntyZWxheV9zYWZlX21vZGVfYWN0aXZhdGVkXzIwMjZ9 这看起来是是base64

解码得:jctf{relay_safe_mode_activated_2026}

CryptoVisor

1
*@F 92G6 7@F?5 :E] ~FC DFCG6:==2?46 E62> :?E6C46AE65 2 EC2?D>:DD:@? 7C@> :?D:56 E96 %C256':D@C ?6EH@C<] %96 286?E FD65 2 4:A96C E@ AC@E64E E96 >6DD286] qFE 42? J@F 564CJAE E96 D64@?5 >6DD286n |2J36 ECJ FD:?8 D@>6 D@CE @7 #~% 564CJAE:@? 2D H6==] {39 F?:C @63IC2 G283 8FC v6?BCxG736 2C8;36I ?2B F?:C 6CACG:CB 8FC DJ?E] vFC DJ?E G7 HA8DLcA@BA!_"Al$#@B_(0$N

ROT47:

1
You have found it. Our surveillance team intercepted a transmission from inside the TradeVisor network. The agent used a cipher to protect the message. But can you decrypt the second message? Maybe try using some sort of ROT decryption as well. Lbh unir oebxra vagb gur GenqrIvfbe argjbex naq unir erprvirq gur synt. Gur synt vf wpgs{4poqpP0Qp=SRoq0W_S}

Maybe try using some sort of ROT decryption as well,考虑使用ROT13:

1
2
Lbh unir sbhaq vg. Bhe fheirvyynapr grnz vagreprcgrq n genafzvffvba sebz vafvqr gur GenqrIvfbe argjbex. Gur ntrag hfrq n pvcure gb cebgrpg gur zrffntr. Ohg pna lbh qrpelcg gur frpbaq zrffntr? Znlor gel hfvat fbzr fbeg bs EBG qrpelcgvba nf jryy. You have broken into the TradeVisor network and have received the flag. The flag is jctf{4cbdcC0Dc=FEbd0J_F}
#jctf{4cbdcC0Dc=FEbd0J_F}

Bright Night Sky

1
2
3
4
5
6
7
8
9
Chatting with Borya Ivanov  
You: Генерал, вы здесь            
General: Да, что это             
You: У меня мало времени, но не забудь чипсы с солью и        
уксусом — те, которые я так люблю. Lay's, если быть точным   
General: Вы в опасности            
General: У вас есть пять минут на ответ, прежде чем мы       
задействуем наши вооружённые силы      
Text: ucrx{ARMBPCR GCIMF}

Vigenere: key=Lays

jctf{PROJECT ORION}

CTF@CIT 2026

Brainiac

1
++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>---.++++++.+++++++++++.>+++++++++++++++++++++++.<+++.+++++++++++++++++.<++++++++++++++++++++++++++++++++++.>>-------.<---------.++++++++++.+++++.---------------.>.<+++++++++.<-------------.>---------.>+++.<<---.>>-----.------.<+++++.-----.>---.<<------------.>.>+++++++++++.<+++++++++.<+++++++++++++.>>-.<---------.>-------.<<+++++++++++++++.>>++.-------.++++++++++++++.<<.>++++++++.<-------------.>>++++++++.

1f861e908a9a75cb08f2461118869b4b.png

Silly CTF 2026

Only in ohio

题目

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
+++++++++++++++++++++++++++++++++++++***************######+++**++++=+++*@@@@@@@@%++=============++*===+++++++==***********+*******************+****++*
=====++++=====+++====+++===++===++==+++*****************##*=======+#@@@@@@@@@@@@@@@@@*===========+====+*===+==++++++***++++++*+++*****+++**+++++******
======================================+++*++**+**+*******##*=====#@@@@@@@@@%@%@@@@@@@@@+=====-=*=------=++=--++++++**++++++++++++*+*++++++++++++****++
======================================++++*++*++*+********##+===@@@@@@@@@%%@%%@%%%%%@@@@*==++=======-------=**+++++*++=+++**++++***++++++++++++***++++
======================================++++++++*+*************==#@@#*++++++*####*+===++*%@+===============--*+++**+*++++++***++++**++++++++++++***+++++
===============================+=======++++*++*+*************+=%@*+++=====----=----====+%%==============-=**++*++*++++++***++++**+++++++*++++***+++++*
====================================+==+++++++**+**%%%%%######*@#**++==-------------====##==============+%%##*++++++++++***+++**++++++**++++****+++***
=====================+==========+====+==++++*++***%%%%%%%%%%@%%%**+++===-----------=====*#+============+*****+++++++++++++++++*+++++****+++****+++****
================================+====+==+*++**+**%%%%%%%%%%%%%*#***@@@@@%+=----+%@@%+#+++#============******+++++++++++++++++++++++****+++****+++****#
==================================+===+==+*+***#%%%%@@@@@@@@+++#*%%%%@@@@@%#+#%%%%%####*+#**+++++=====*%%%%%######****++++++++++********************##
==================================+===++=+*++*#%%%%%%####%*+===###%%+=#@@@@#+#%%%#=+###**#=++++++======%%%%%%%%%%%%%%%%%%%%%%%%%####***************###
==============================+===++===+==+**#%%%%%%#**#*+++=+###%%++#=+%%#*+*#%+=#=+%#**#*---------=--+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%####
==================================+++==++=+*#%%%%%%***#++++===*#*++*****#**+=+***++++++++**:::----------#@@@@%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%######
=========================++====+===++===+++#%%%%%%***++++==-=+##*++++++*#**+=+*++=======+****+=---------=+*####%%%%%%%%%%%%%%@%%%%%%%%%%%%%%%%%@%#####
==========================++========++==++#%%%%%%***++===-=***##***++++*#**+==***++**+++**######+--------======+======+***####%%%%%%%%%%%%%@@@@@@#####
=============+============++====++===++=+#%%%%%%***+====-+*######***%%##****==+*###%%%*+*########*=::-----++===++=====++++**++****+*++****###@@@@%####
====================+++====++====++==+++#%%%%%%##*+====-+######*#**%%%%%%#%%#%%#######***##########+-:----=+===+=-=====++**++++++++++++++****#@@@@####
=====================+++====++===+++==+#%%%%%%#**+=====*#######***#%#%@#***+++**#%@%#****###########+------====++======++++++++++++++++*+++***%@@@####
===============+======+++====++===+++=#%%%%%%##**=====*##########**####%*==:-:-=#@**#****###########*------====++======+**+++++++++++++++++++*#@@@@###
===============+++=====+++===+++==+**%%%%%%%##**=====*###########**#####%+=----+#**#*****##########%*-----:====+==-====+++++++++++++++++++++++*@@@@%##
=========+======+++=====+++===++++**%%%%%%%####*=====*%##########**#####*##%@@%#***###***##########%#-----:====+=-=====++++++++++++++++++++++++#@@@@##
=================+++=====+++===++**%%%%%%%##***======#%###########**#%%#######***##%#*****#########%#------====+==--===++++++++++++++++++++++++*@@@@%#
===========+======++++====+++===**%%%%%%%###***=====+#%###########**##%%%%%#%##%%%###*****#########%#----:-====+=----==+++++++++++++++++++++++++%@@@@#
==========++++=====++++====+++++*%%%%%%%*******=-===+#%%#################%@@@@@@@%##*#****#######%%%=----:-====+=---====++++++++++++++++++++++++*@@@@%
++++=======+++++====+++++==++++*%%%%%%%********=--===#%%%##################%%%%%%###*###*#######%%%+-----:++++===---====+++++++++++++++++++++++++%@@@@
++++++======++++++++++++++++++*%%%%%%%*********=---==*%%%%###################%%%%##############%%%*=-----======+++=+++++****+++++++++++++++++++++#@@@@
=++++++++====++++++++++++++++*%%%%%%%#*********=-----=%%%%%%###################%###############%%*=----:=======++=======+++++************+++++++++@@@@
==++++++++++++++++++++++++++*%%%%%%%***********+=-==-=+%%%%%%#############%%##################%%+==---:-+======++=======+++++++++++++++++++++++****@@@
++++++++++++++++++++++++++*#%%%%%%%#***#********+-=====#%%%%%%%%%%%####%%%%%#####%%##########%*===---:=+=======++=======+++++++++++++++++++++++++++%@@
++++++++++++++++++++++++++#%%%%%%%*********+***++=--====#%%%%%%%%%%%%%##%%%%##%%%%#########%#+===----=+=====+=++*=======+++++++++++++++++++++++++++#@@
++++++++++++++++++++++++*#%%%%%@%***********++***+======+*%%%%%%%%%%%%%%%%%%%%@%######%%%%%+====----=+=========++=======+=+++++++++++++++++++++++++*@@
++++++++++++**+++++++***%%%%%%%%#********+********+==-====+%%%%%%##################%%%%%%+=====---=++=+=++++==+++==+=====+============++++++++++++++#@
++**++++++++****+++++**%%%%%%%%********++++++++++**+========*#%%%%%%%%%%%%%%%%%%%%%%%%#+=====---==++=+++++++===++====+========+=+==========+++++++++*@
*******++++++*****++**%%%%%%%%######***++++++*++****+========++*#%%%%%%%%%%%%%%%%%%*+=======--=+++++++++++++===++++++++=====+==============++===++++**
+*********++++*******%%%%%%%%#******#***#********+****+=======++++++*#######**+++++=====----=+++++++++++++++===+++++++++===+++++============+===+==+++
++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>>+++++++++++++++.----------.+++..+++++++++++++.<---.+++++++++++++++++.--------------.>++.-------.-----.--
----.+++.-------.+++++++++++++++.---------------------.++++++++++.+++++.---------------.++++++++++++++++.-------.+.++++++.++++++++++++++.***********+*

解答

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
code = "++++++++++[>+>+++>+++++++>++++++++++<<<<-]>>>>+++++++++++++++.----------.+++..+++++++++++++.<---.+++++++++++++++++.--------------.>++.-------.-----.------.+++.-------.+++++++++++++++.---------------------.++++++++++.+++++.---------------.++++++++++++++++.-------.+.++++++.++++++++++++++."

def bf(code):
    tape = [0] * 1000
    ptr = 0
    pc = 0
    out = []
    stack = []
    mp = {}

    for i, c in enumerate(code):
        if c == "[":
            stack.append(i)
        elif c == "]":
            j = stack.pop()
            mp[i] = j
            mp[j] = i

    while pc < len(code):
        c = code[pc]
        if c == ">":
            ptr += 1
        elif c == "<":
            ptr -= 1
        elif c == "+":
            tape[ptr] = (tape[ptr] + 1) % 256
        elif c == "-":
            tape[ptr] = (tape[ptr] - 1) % 256
        elif c == ".":
            out.append(chr(tape[ptr]))
        elif c == "[" and tape[ptr] == 0:
            pc = mp[pc]
        elif c == "]" and tape[ptr] != 0:
            pc = mp[pc]
        pc += 1

    return "".join(out)

print(bf(code))
#sillyCTF{toilet_in_ohio}

思路

看到题目分类为Stego,又末尾有很多<>+=[]. 想到Brainfuck隐写,将其他干扰字符删掉解码,即可。也可以直接使用在线工具

b9b449cd1037bbb4b7bc2e65dd340314.png

Really Small Adversity(pem)

题目

1
2
3
-----BEGIN PUBLIC KEY-----
MCkwDQYJKoZIhvcNAQEBBQADGAAwFQIOAP///////l///////CUCAwEAAQ==
-----END PUBLIC KEY-----

解答

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
openssl pkey -pubin -in challenge.pub -text -noout
Public-Key: (104 bit)
Modulus:
    00:ff:ff:ff:ff:ff:fe:5f:ff:ff:ff:ff:fc:25
Exponent: 65537 (0x10001)

openssl rsa -pubin -in challenge.pub -modulus -noout
Modulus=FFFFFFFFFFFE5FFFFFFFFFFC25
from Crypto.Util.number import *
import gmpy2
print(int('FFFFFFFFFFFE5FFFFFFFFFFC25',16))
n=20282409603651553330356939652133
e=65537
p=4503599627370449
q=4503599627370517
phi=(p-1)*(q-1)
c=16180705626253079377831812490700
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
flag=long_to_bytes(m)
print(flag)
#sillyCTF{R$A_FunNy_HA!}

思路

首先拿到一个pub文件,类似pem的公钥证书,用oppenssl提取出n和e

用在线工具分解n即可进行RSA解密

Excellent Crypto Challenge(ECC)

题目

1
2
3
4
5
6
7
8
9
cCA9IDIzMDU4NDMwMDkyMTM2OTM5NTEKYSA9IDIKYiA9IDMKRyA9ICg1LCAxKQpRID0gKDE4OTY2NjI4MjY2MDI5Nzk5OTAsIDE0MjU1NjA2ODcwNzMxODA0NDApClIgPSAoMzIwNzYxNjkxMTkyOTI2NzE2LCAzMDA1MDcyMTY2NjIwOTczNjcpCmNpcGhlcl8xID0gZGNiOWU3ODg3MzU4Zjg4ZTViYTVjMzY2YjQ1OWY5Mzg4OWVkNzdhNgpjaXBoZXJfMiA9IGVlYTBmYjk2NjU2ZGM5YWMwMDkyZDA2OWZkNWVjNzE5OThkYjRhYWQ2MDc2NGZlZGYzYjc1NTExZWEzNGUxNTE=
p = 2305843009213693951
a = 2
b = 3
G = (5, 1)
Q = (1896662826602979990, 1425560687073180440)
R = (320761691192926716, 300507216662097367)
cipher_1 = dcb9e7887358f88e5ba5c366b459f93889ed77a6
cipher_2 = eea0fb96656dc9ac0092d069fd5ec71998db4aad60764fedf3b75511ea34e151

解答

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
from Crypto.Util.number import *
import hashlib
p = 2305843009213693951
a = 2
b = (-134) % p
E=EllipticCurve(GF(p),[a,b])
G =E(5, 1)
Q =E(1896662826602979990, 1425560687073180440)
R =E(320761691192926716, 300507216662097367)

cipher_1 = bytes.fromhex("dcb9e7887358f88e5ba5c366b459f93889ed77a6")
cipher_2 = bytes.fromhex("eea0fb96656dc9ac0092d069fd5ec71998db4aad60764fedf3b75511ea34e151")

k=discrete_log(R,G,operation='+')
print(k)
#k=247439
S=k*Q
xs,ys=S[0],S[1]
print(xs)
print(ys)
#xs=2199468938808738143
#ys=791263125865558851
key=hashlib.sha256(str(xs).encode()).digest()
m1 = bytes([c ^^ k for c, k in zip(cipher_1, key[:len(cipher_1)])])
m2 = bytes([c ^^ k for c, k in zip(cipher_2, key[:len(cipher_2)])])
#用^^
print(m1)
print(m2)
#b'Approved transaction'
#b"sillyCTF{Can't_Be_Reusing_NONCE}"

思路

首先观察到题目给的是a-z,A-Z,0-9,=用在线工具解一下base64编码,得到一个椭圆曲线加密问题

$$y^2=x^3+2x+3 \pmod p$$

将点代入后发现,b有问题,实际方程应该是

$$y^2=x^3+2x-134 \pmod p$$

已知公钥Q=nG,点R=kG,用discete_log求到k,即可求到密文点S=kQ

注意到点S坐标为(2199468938808738143,791263125865558851)

对于椭圆曲线,通常用密文点的横坐标作为密钥流,通常需要hash(因为x转换为bytes的长度不稳定)

最后将其和密文逐字节异或即可

Six to Seven

题目

https://hnusec-team.feishu.cn/wiki/YJAFw6hZ6igvYtkaNu7chdIxnEb?larkTabName=space#share-Dt0kdaBICoYAWKx8N95cdkOjnza

解答

观察到题目有三种元素:6、7、无,每8个数字有一个无,联想到8位二进制字节,也就是一个ASCII字符

考虑两种映射:

  1. 6-0 7-1
  2. 6-1 7-0

第二种解出来是乱码,第一种是SILLYctf{haha_six_seven}

留一下,好像有个挺特别的格

打国外的比赛见到了好多奇奇怪怪的题