Jeff's LFSR (jeff)

cryptohack

Task: a Geffe generator — three Fibonacci LFSRs (19/27/23-bit, 69-bit key total) combined as out = LFSR1 if LFSR0 else LFSR2; 256 output bits given, flag AES-CBC encrypted under sha1(str(key))[:16]. Solution: a fast correlation attack. The output correlates with LFSR1 and LFSR2 at P=0.75 each; model each LFSR's 256 outputs as GF(2)-linear functionals of its initial state and use the Walsh-Hadamard transform to find the max-correlation states for the 27-bit and 23-bit registers, then exhaust the 19-bit LFSR0 to match all 256 bits exactly. Reassemble the 69-bit key, derive the AES key, and decrypt.

stream_cipher aes_cbc gf2 lfsr walsh_hadamard geffe_generator correlation_attack fast_correlation_attack

walsh_hadamard_transformgeffe_correlation_attacklfsr_generator_matrixfast_correlation_attackbruteforce_remaining_lfsr

$ ls tags/ techniques/

stream_cipher aes_cbc gf2 lfsr walsh_hadamard geffe_generator correlation_attack fast_correlation_attack

walsh_hadamard_transformgeffe_correlation_attacklfsr_generator_matrixfast_correlation_attackbruteforce_remaining_lfsr

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[crypto][Pro]LFSR Destroyer— cryptohack
[crypto][Pro]UofT LFSR Labyrinth— uoftctf2026
[crypto][Pro]Mental flow— duckerz
[crypto][Pro]Thousands of RNGs— kalmarctf
[crypto][free]Rhome— HackTheBox