Andrewli's Note

EOF CTF 2025 跟學弟一起去參加人生首次Attack & Defense，意外拿到第四名。 以此記錄一下crypto菜雞在別人解完兩題開打AD時我還在解半天。 PRSA 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889from Crypto.Util.number import getPrime, getRandomRange, bytes_to_longimport osdef keygen(sz): p = getPrime(sz // 2) q = getPrime(sz // 2) n = p * q phi = (p - 1) * (q - 1) e = 0x10001 d = pow(e, -1, phi) g = 1 + n ...

先看程式碼 Setup.sol 12345678910111213141516171819202122// SPDX-License-Identifier: UNLICENSEDpragma solidity ^0.7.0;import {SilverCoin} from "./SilverCoin.sol";import {Shop} from "./Shop.sol";contract Setup { Shop public immutable TARGET; constructor(address _player) payable { require(msg.value == 1 ether); SilverCoin silverCoin = new SilverCoin(); silverCoin.transfer(_player, 100); TARGET = new Shop(address(silver ...

Lockers.sol 先上程式 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122// SPDX-License-Identifier: UNLICENSEDpragma solidity ^0.8.13;contract Lockers { enum Rarity { Common, Rare, Epic, Mythic } struct Item { string name; s ...

Portal Nonsense Portal.sol 1234567891011121314151617181920212223242526272829303132333435// SPDX-License-Identifier: UNLICENSEDpragma solidity ^0.8.13;contract PortalStation { mapping(string => address) public destinations; mapping(string => bool) public isPortalActive; bool isExpertStandby; constructor() { destinations["orcKingdom"] = 0xFC31cde4aCbF2b1d2996a2C7f695E850918e4007; destinations["elfKingdom"] = 0x598136Fd1B89AeaA9D6825 ...

False Bidding Code 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677// SPDX-License-Identifier: UNLICENSEDpragma solidity ^0.7.0;pragma abicoder v2;contract AuctionHouse { struct Key { address owner; } struct Bidder { address addr; uint64 bid; } Key private phoenixKey = Key(address(0)); uint32 public timeout; Bidder[] public bidders; ...

Honor Among Thieves Code - Setup.sol 1234567891011121314151617// SPDX-License-Identifier: UNLICENSEDpragma solidity ^0.8.13;import {Rivals} from "./Rivals.sol";contract Setup { Rivals public immutable TARGET; constructor(bytes32 _encryptedFlag, bytes32 _hashed) payable { TARGET = new Rivals(_encryptedFlag, _hashed); } function isSolved(address _player) public view returns (bool) { return TARGET.solver() == _player; } ...

Smart Contract 偶然間找到之前的筆記，以此記錄一下 Background EIP 4337 UserOperation User 是 Signer 並不是 Account 使用者先建立一個以 UserOperation 這個 struct 的物件為基礎之合約呼叫 並且將其簽章之後傳遞給 Bundler ( 可以是一個合約或是 Relayer ) 使用者需要先以 EIP 1014 計算出 UserOperation.sender的地址，也就是透過 create2 所創建的 Wallet Contract 地址 (Account Absatraction 合約地址) Bundler https://github.com/eth-infinitism/bundler Bundler 有可能是礦工，或是能作為 User 和 Miner 之間的中介人 這邊是透過合約去實作 Bundler 其實應該算是EOA 自己運行的去中心化節點 可以視為 L2 Scale (Rollup ) 會去聆聽 UserOperation mempool 中新加入的 UserOperatio ...

Welcome to my blog. I’m a researcher major in cyber security and blockchain. Now I am still pursuing my PhD degree in NTUST. Publication A blockchain-enabled IoT auditing management system complying with ISO/IEC 15408-2 Trusting Computing as a Service for Blockchain Applications Trustworthiness Evaluation for Permissioned Blockchain-Enabled Applications Certificates Offensive Security Certified Professional Certified Information System Security Professioanl Certified Ethical Hacker Certified ...