Kudelski Security's 2018 pre-Black Hat crypto challenge
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


For this year's crypto challenge we have 3 stages, but it's on a server which is receiving a lot of empty UDP packets and it sometimes reboots without notice, very strange, but IT tells us they are working on it ... Here is how you access the API to query the oracle, good luck!

All challenges can be queried on the API under https://cryptochall.ks.kgc.io (N.B. it refuses insecure connection). Any submitted characters not in [a-zA-Z0-9 ] will generate an error.

To solve the first 2 challenges, you must write a program that creates valid signatures, in order to send the /win endpoint the message specified in the /flag one. That signed message must be successfully verified by the verification service. Obviously, your program should not just copy a signature received from the signing service, and we've thus blacklisted the winning messages.

The 3rd and final challenge is won by decrypting the flag.

Denial of Service and bypassing the API is prohibited and not part of the challenge.

Prizes have to be claimed at our "Kudelski Bash" party held at the Foundation Room Lounge in Mandalay Bay, Tuesday August 7th between (6-9pm) before the Black Hat briefings. We have five Ledger Nano S hardware wallets along with approximately $100 USD in ETH for you to win.

  • The first 5 people to complete all 3 challenges will receive a prize.

Can't complete all 3 challenges? That doesn't mean you shouldn't participate, in the event that there aren't 5 people able to complete all 3 challenges the remaining prizes will go to the first runners-up to complete 2 of the 3.

The ranking is established on the time of your submission to the email address provided.

Please include your code and scripts, as well as a (short) write-up explaining your attack. You must submit a response after each one of the challenges is completed. Please use the following subject lines for the email.

  • Challenge 1 Completed
  • Challenge 2 Completed
  • Challenge 3 Completed

Include in your message whether or not you'd like your name (or nick) to be published below in our ranking table.
Your submission can be sent to our email address cryptochallenge@kudelskisecurity.com.

You can encrypt your message, or attachments, using the following public key:



This is the ranking, classed by date. Name in bold have solved all 3 challenges, congratulations to them!

Challenge N° Validation date Name
1 2018-07-24 Joshua Roys
3 2018-07-24 Stefan Kölbl
1 2018-07-25 @mongobug
1 2018-07-25 Stefan Kölbl
1 2018-07-26 Donjon - Ledger
3 2018-07-26 Donjon - Ledger
2 2018-07-28 Donjon - Ledger
2 2018-07-28 Stefan Kölbl
3 2018-07-29 Adrien Guinet
3 2018-07-30 @doegox
1 2018-07-30 Adrien Guinet
3 2018-07-30 Jérémy Jean
1 2018-08-01 Lucille Tordella
1 2018-08-01 Kévin Szkudłapski
3 2018-08-04 Lucille Tordella
3 2018-08-04 Kévin Szkudłapski
3 2018-08-05 Zeta Two
2 2018-08-07 Adrien Guinet
1 2018-08-07 Zeta Two
1 2018-08-17 Nuno Humberto


Throughout the competition we may drop some hints, so keep your eyes peeled for those.

Hint 1: The challenges are based on fault attacks and the fault occurs automatically on the server.

Hint 2: The binaries are provided to help you figure out what algorithms are used by the server.

Challenge 1

So, we have a implemented one of the latest well-documented signature algorithm to authenticate our messages. It's really cool and secure, you should try it!

We've setup an API to allow you to authenticate the messages you send us.

This challenge has four endpoints available on the API:

  • /chall1/sign (POST) with one argument data
  • /chall1/verify (POST) with two arguments data and signature
  • /chall1/win (POST) sign the message returned by /flag to win
  • /chall1/flag (GET) get the winning message to sign

Challenge 2

Alright, our previous attempt had a flaw or maybe someone built a quantum computer to break it, we don't know. So we've decided to use post-quantum algorithms now. Attackers can't do anything now.

We've setup an API to allow you to authenticate the messages you send us.

This challenge has four endpoints available on the API:

  • /chall2/sign (POST) with one argument data
  • /chall2/verify (POST) with two arguments data and signature
  • /chall2/win (POST) sign the message returned by /flag to win
  • /chall2/flag (GET) get the winning message to sign

Challenge 3

That's awful, asymmetric crypto is completely broken. All our attempts failed, so we resorted to the safest crypto of all time: symmetric crypto. AES128 should be fine for our needs and since the attacker doesn't know the key, they can't do anything!

We've setup an API to allow you to encrypt the messages you want to send us, that should work. But since we don't trust whitebox crypto, we cannot give you the binaries, sorry. It's just plain AES128, with 16bytes blocks, don't worry.

Ah, and to avoid having problems with these strange faults that occur randomly, we've added a nice countermeasure. This time we did our homework. We give you, the unbreakable.

This challenge has two endpoints available on the API:

  • /chall3/encrypt (POST) with one argument data
  • /chall3/flag (GET) get the encrypted flag

Note that in this case, the challenge is won by decrypting the flag. Good luck!