0xL4ugh CTF v5 2026

The writeups of challenges I have created in 0xL4ugh CTF v5 2026

The 0xL4ugh CTF took place in between 23 Jan. 2026, 06:00 MST — Sun, 25 Jan. 2026, 06:00 MST It was my pleasure to work as an author of three challenges.

---

Reduced Dimension (Crypto ~ Easy)

4KB

chall.py

Open

Big picture

The challenge wraps an RSA message inside quaternion algebra. Encryption is:

build a quaternion from m, m + kp, m + kq, turn it into a 4×4 matrix, then raise it to e mod n.

The mistake: structure leaks through the ciphertext, and that structure lets you break RSA and recover m.

References:
1. Ahmed, W. E. (2022). New Formula for Computing Quaternion Powers. Applied Mathematics, 13, 282–294.
https://doi.org/10.4236/am.2022.133021

Full text: https://www.scirp.org/pdf/am_2022033014505665.pdf

2. 7rocky. (n.d.). SECCON CTF 2019 — RSA 4.0.
https://7rocky.github.io/en/ctf/other/seccon-ctf/rsa-4.0/

3. Wikipedia contributors. (n.d.). Quaternion. In Wikipedia, The Free Encyclopedia.
https://en.wikipedia.org/wiki/Quaternion

Solution Script

5KB

exp.py

Open

Flag: 0xL4ugh{M4t_Qu4t3rn1on_By_Zwique}

---

Bitcoin (Crypto ~ Medium)

Source code below: It wasn't given to challengers.

5KB

message.py

Open

Challenge summary

The server implements EC-ElGamal over secp256k1 with secret key d.

• Public key: Q = d·G (hidden)

• Encryption:

  • C1 = k·G

  • C2 = P + k·Q

• Decryption:

  • P = C2 − d·C1

The service has two phases:

1. Phase 1 (Oracle): We can query arbitrary (C1, C2) and get S = C2 − d·C1

2. Phase 2 (Challenge): We must decrypt 5 ciphertexts correctly.

Phase 1 — Oracle abuse (core vulnerability)

Intended behavior

The server assumes C1 and C2 are valid curve points, but never checks this.

This allows us to send invalid points and force the elliptic-curve arithmetic to leak information about d.

---

Malicious query

We send:

C1 = Point(1, 1)        # NOT on the curve
C2 = Point(infinity)

The server computes:

S = C2 − d·C1
  = −d·C1

Because C1 = (1, 1), scalar multiplication degenerates into:

d·(1,1) ≈ (d, d)

So the output is effectively:

S ≈ (−d, −d)

Recovering d

The server prints:

Output S > Point(Sx, Sy)

From this, we compute:

d = (-S.x * inverse(S.y, p)) % p

This works because both coordinates are linear in d.

✅ Secret key fully recovered in one query

The remaining oracle queries are ignored (we send infinity points to burn them).

Solution Script

3KB

bitcoin.py

Open

Flag: 0xL4ugh{B1tc0in_Squiggl3_d3m0_By_Zwique_RANDOM_HEX}

---

Delicious Meeting (OSINT ~ Medium)

Given Image

Blog

Running sherlock tool on the username Willow1124 where you can find social accounts with their usernames.

Output:

sherlock

After checking every link one by one, there’s a blogging site that contains suspicious information.

https://willow1124.blogspot.com/2025/12/14th-nov-2025-some-trips-dont-need.html

From the blog post, several important clues are revealed by looking at the bolded text:

• Willow1124 mentions meeting Ken to eat sushi, which strongly hints that the destination is a sushi restaurant.

• The post narrates a bus journey through Stockholm.

• Willow1124 explicitly states that they got off one stop too early, which becomes a critical detail later.

• Willow1124 notes that his trip started from his Hometown.

---

Hometown of Willow1124

The file is an image showing Willow1124’s hometown.

The method I used to find the location is taking a screenshot of building on the top left and search it on Google Lens.

• Wivalliusgatan, Stockholm

This leads you to location of his hometown which can be confirmed via Google Maps:

https://maps.app.goo.gl/RS83GM2tEBjNwydUA

Nearest Bus Station is Wivalliusgatan station

Tricky thing about the image is that it clearly shows sign of parking, which was actually useless.

---

Public Transport Analysis

From the blog content and the provided transit link, we are guided toward Stockholm’s public transport system.

The key observation from the blog is that Willow1124:

• Started his journey from Wivalliusgatan station

• But accidentally got off one stop earlier at Cityterminalen

Going from Wivalliusgatan to Cityterminalen shows the Bus Line 1 in Stockholm, which can be found here:

https://transitapp.com/en/region/stockholm/sl/buss-1

Screenshot 2025 12 15 at 03 51 31 — Postimages

Additional confirmation:

• Cityterminalen is visible in an image embedded in the blog post.

• Hötorget is the **next stop after Cityterminalen** on Bus Line 1.

This confirms the exact route and intended destination where Willow1124 hopped off. (Hötorget)

Complete Willow1124's path

Screenshot 2025 12 15 at 04 26 41 — Postimages

I chose Cityterminalen because it is a large station with buses going in many different directions, leaving only option to find Willow1124's starting point of his journey.

---

Finding the Restaurant

Now that we know:

• The intended stop: Hötorget

• The food: Sushi

• The area: City center of Stockholm

We search for sushi restaurants near Hötorget. You’ll see so many sushi restaurants nearby there. The only thing you have to notice is that the blog says the name of the meeting place consists of 4 words. (this part isn’t bolded)

Doing so reveals a restaurant that perfectly matches this restaurant:

• Soyokafe Sushi and Ramen

Google Maps link:

https://maps.app.goo.gl/X7D8Gs5UWGrFFPzn9

The restaurant’s central location and dense surrounding eateries align with the challenge’s design choice to increase difficulty.

Extracting the Email Address

The final task is to find the email address of the place where they met.

By checking Soyokafe Sushi & Ramen’s official contact information, we find the email address:

https://www.soyokaze.se/soyokafe

kafe@soyokaze.se

---

Final Flag

Don’t forget to write a review and give a 5-star rating on Google Maps. 😊

0xL4ugh{kafe@soyokaze.se}