# 0xL4ugh CTF v5 2026

The [0xL4ugh CTF](https://ctftime.org/event/3024) took place between `23 Jan. 2026, 06:00 MST — Sun, 25 Jan. 2026, 06:00 MST`. It was my pleasure to work as an author of three challenges.

***

## Reduced Dimension (Crypto \~ Easy)

<figure><img src="/files/kNOxJXVH25g8i9hnRHpj" alt="" width="375"><figcaption></figcaption></figure>

{% file src="/files/nrDu1suQef1eFtRd8kQN" %}

### Big picture

The challenge wraps an RSA message inside **quaternion algebra**.\
Encryption is:

> build a quaternion from `m, m + kp, m + kq`, turn it into a 4×4 matrix, then raise it to `e mod n`.

The mistake: **structure leaks through the ciphertext**, and that structure lets you break RSA *and* recover `m`.

```
References:
1. Ahmed, W. E. (2022). New Formula for Computing Quaternion Powers. Applied Mathematics, 13, 282–294.
https://doi.org/10.4236/am.2022.133021

Full text: https://www.scirp.org/pdf/am_2022033014505665.pdf

2. 7rocky. (n.d.). SECCON CTF 2019 — RSA 4.0.
https://7rocky.github.io/en/ctf/other/seccon-ctf/rsa-4.0/

3. Wikipedia contributors. (n.d.). Quaternion. In Wikipedia, The Free Encyclopedia.
https://en.wikipedia.org/wiki/Quaternion
```

#### Solution Script

{% file src="/files/oPcuUvO8MjbZbws0ar8o" %}

```
Flag: 0xL4ugh{M4t_Qu4t3rn1on_By_Zwique}
```

***

## Bitcoin (Crypto \~ Medium)

<figure><img src="/files/4ZogV89MT48Tzxsja9nM" alt="" width="375"><figcaption></figcaption></figure>

{% hint style="warning" %}
**Source code below: It wasn't given to challengers.**
{% endhint %}

{% file src="/files/F4sXCgn6jGiaw5ZrDWPK" %}

#### Challenge summary

The server implements **EC-ElGamal** over **secp256k1** with secret key `d`.

* Public key: `Q = d·G` (hidden)
* Encryption:
  * `C1 = k·G`
  * `C2 = P + k·Q`
* Decryption:
  * `P = C2 − d·C1`

The service has **two phases**:

1. **Phase 1 (Oracle)**: We can query arbitrary `(C1, C2)` and get\
   `S = C2 − d·C1`
2. **Phase 2 (Challenge)**: We must decrypt 5 ciphertexts correctly.

### Phase 1 — Oracle abuse (core vulnerability)

#### Intended behavior

The server assumes `C1` and `C2` are **valid curve points**, but **never checks this**.

This allows us to send **invalid points** and force the elliptic-curve arithmetic to leak information about `d`.

***

#### Malicious query

We send:

```
C1 = Point(1, 1)        # NOT on the curve
C2 = Point(infinity)
```

The server computes:

```
S = C2 − d·C1
  = −d·C1
```

Because `C1 = (1, 1)`, scalar multiplication degenerates into:

```
d·(1,1) ≈ (d, d)
```

So the output is effectively:

```
S ≈ (−d, −d)
```

#### Recovering `d`

The server prints:

```
Output S > Point(Sx, Sy)
```

From this, we compute:

```python
d = (-S.x * inverse(S.y, p)) % p
```

This works because both coordinates are linear in `d`.

✅ **Secret key fully recovered in one query**

The remaining oracle queries are ignored (we send infinity points to burn them).

#### Solution Script

{% file src="/files/eGmJYQXtBBuxasFAlVQg" %}

```
Flag: 0xL4ugh{B1tc0in_Squiggl3_d3m0_By_Zwique_RANDOM_HEX}
```

<figure><img src="/files/E02GO7NyaRW6MTgKmFEC" alt="" width="375"><figcaption></figcaption></figure>

***

## Delicious Meeting (OSINT \~ Medium)

<figure><img src="/files/iU5VUTfd8nOEz6fMrXhn" alt="" width="375"><figcaption></figcaption></figure>

#### Given Image

<figure><img src="/files/8WNSxkKSjrzf7vniComT" alt="" width="375"><figcaption></figcaption></figure>

#### Blog

Running [sherlock](https://github.com/sherlock-project/sherlock) tool on the username **`Willow1124`** where you can find social accounts with their usernames.

**Output:**

[sherlock](attachment:52508eb5-910d-49ea-896a-505cca27dd13:sherlock.txt)

After checking every link one by one, there’s a blogging site that contains **suspicious information.**

<https://willow1124.blogspot.com/2025/12/14th-nov-2025-some-trips-dont-need.html>

From the blog post, several important clues are revealed by looking at the bolded text:

* Willow1124 mentions **meeting Ken to eat sushi**, which strongly hints that the destination is a **sushi restaurant**.
* The post narrates a **bus journey** through Stockholm.
* Willow1124 explicitly states that they **got off one stop too early**, which becomes a critical detail later.
* Willow1124 notes that his trip started from his **Hometown**.

***

#### Hometown of **Willow1124**

The file is an image showing `Willow1124`’s hometown.

The method I used to find the location was to take a screenshot of the building in the top left and search for it with Google Lens.

<figure><img src="/files/1WUkSe92oMa68RMRa0cA" alt="" width="375"><figcaption></figcaption></figure>

* **Wivalliusgatan, Stockholm**

This leads you to location of his hometown which can be confirmed via Google Maps:

<https://maps.app.goo.gl/RS83GM2tEBjNwydUA>

Nearest Bus Station is [**Wivalliusgatan station**](https://maps.app.goo.gl/TTiaAbzTHDMu5LVo7)

{% hint style="info" %}
The tricky thing about the image is that it clearly shows a parking sign, which was actually useless.
{% endhint %}

***

#### Public Transport Analysis

From the blog content and the provided transit link, we are guided toward Stockholm’s public transport system.

The key observation from the blog is that `Willow1124`:

* Started his journey from [**Wivalliusgatan station**](https://maps.app.goo.gl/Qdx6Hm2rxMZrdakc7)
* But accidentally got off one stop earlier at [**Cityterminalen**](https://maps.app.goo.gl/mG4dmqWn6uycR8Lm7)

Going from Wivalliusgatan to Cityterminalen shows the **Bus Line 1** in Stockholm, which can be found here:

<https://transitapp.com/en/region/stockholm/sl/buss-1>

[Screenshot 2025 12 15 at 03 51 31 — Postimages](https://postimg.cc/4nnC001r)

Additional confirmation:

* **Cityterminalen** is visible in an image embedded in the blog post.
* `Hötorget is the **next stop after Cityterminalen** on Bus Line 1.`

This confirms the exact route and intended destination where `Willow1124` hopped off. (`Hötorget`)

Complete `Willow1124`'s path

[Screenshot 2025 12 15 at 04 26 41 — Postimages](https://postimg.cc/RWjtf2ZJ)

{% hint style="info" %}
I chose Cityterminalen because it is a **large** station with buses going in many different **directions, leaving only option to find** `Willow1124`'s starting point of his journey.
{% endhint %}

***

#### Finding the Restaurant

Now that we know:

* The intended stop: **Hötorget**
* The food: **Sushi**
* The area: **City center of Stockholm**

We search for **sushi restaurants near Hötorget**. You’ll see so many sushi restaurants nearby there. The only thing you have to notice is that the **blog says** the name of the meeting place consists of **4 words**. (this part isn’t bolded)

Doing so reveals a restaurant that matches perfectly:

* **Soyokafe Sushi and Ramen**

Google Maps link:

<https://maps.app.goo.gl/X7D8Gs5UWGrFFPzn9>

The restaurant’s central location and dense surrounding eateries align with the challenge’s design choice to increase difficulty.

#### Extracting the Email Address

The final task is to find the **email address of the place where they met**.

By checking Soyokafe Sushi & Ramen’s official contact information, we find the email address:

<https://www.soyokaze.se/soyokafe>

```
kafe@soyokaze.se
```

***

**Final Flag**

Don’t forget to write a review and give a 5-star rating on Google Maps. 😊

```jsx
0xL4ugh{kafe@soyokaze.se}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://zwique.gitbook.io/zwique_notes/writeups/0xl4ugh-ctf-v5-2026.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.