https://github.com/vghxv/mac_ctf

CTF challenge
https://github.com/vghxv/mac_ctf

cryptography ctf mac

Last synced: about 2 months ago
JSON representation

CTF challenge

• Host: GitHub
• URL: https://github.com/vghxv/mac_ctf
• Owner: Vghxv
• License: mit
• Created: 2024-11-27T15:40:41.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-12-28T18:16:55.000Z (over 1 year ago)
• Last Synced: 2025-02-08T05:24:50.229Z (over 1 year ago)
• Topics: cryptography, ctf, mac
• Language: Python
• Homepage:
• Size: 241 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# MAC Forgery Challenge

## Overview

This project implements a challenge to explore vulnerabilities in cryptographic Message Authentication Codes (MACs). Participants are tasked with forging a valid MAC for a given message. The challenge uses a Flask-based web application that provides two endpoints:

1. `/mac`: Generates a MAC for a provided message.

2. `/submit`: Allows submission of a forged MAC for validation.

---

## Setup and Execution

### Running Locally

Clone the repository and navigate to the project directory. 

```bash

docker compose up -d

```

### Docker

``` bash

docker pull vincent333/mac-ctf

docker run -d -t -p 5000:5000 --name mac-ctf vincent333/mac-ctf

```

---

## Endpoints

### `/mac` (POST)

Generates a MAC for the provided message.

#### Request Body

```json

{

    "message": "your_message_here"

}

```

#### Response

- **Success (200)**:

  ```json

  {

      "mac": ["r_hex", "t1_hex", ..., "td_hex"]

  }

  ```

- **Error (400)**:

  ```json

  {

      "error": "error_description"

  }

  ```

---

### `/submit` (POST)

Submits a forged MAC for validation. The goal is to construct a valid MAC for a message not previously queried.

#### Request Body

```json

{

    "mac": ["r_hex", "t1_hex", ..., "td_hex"],

    "message": "your_message_here"

}

```

#### Response

- **Success (200)**:

  ```json

  {

      "result": "Success! Here is your flag: FLAG{XXX}"

  }

  ```

- **Failure (400)**:

  ```json

  {

      "error": "error_description"

  }

  ```

- **Failure (200)**:

  ```json

  {

      "result": "Invalid MAC. Try again."

  }

  ```

---

### `/` (GET)

Provides instructions for the challenge in HTML format.

---