LKS Crypto Toolkit

🔤 Caesar / ROT Cipher

Shift:

🔑 Vigenère Cipher

📐 Affine Cipher

a: b:

🔄 Substitution Cipher

📡 Morse Code

⬛ Atbash Cipher

🔢 RSA Calculator

n (modulus)

e (public exponent)

c (ciphertext)

p (prime)

q (prime)

d (private key)

dp (d mod p-1)

⚔️ RSA Attacks

Auto Attack v2 supports single input above + batch lines for multi-sample attacks.

📡 Hastad's Broadcast Attack

Untuk e=3 dengan 3 ciphertext berbeda dan modulus berbeda

🔗 Common Modulus Attack

Ketika 2 ciphertext pakai n sama tapi e berbeda (e1, e2 coprime)

n (shared)

🔢 Multi-prime RSA

RSA dengan lebih dari 2 prime factor

Primes (comma separated)

RSA Partial Key (Known Bits)

Recover p from known MSB/LSB bits. Brute small unknown bits, and generate Sage Coppersmith template for larger cases.

e (optional)

c (optional)

Known part (dec or 0x)

Known type

Unknown bits

Known bits (suffix mode)

Brute-force max bits

🧠 Baby ECC (CTF)

Curve: y² = x³ + ax + b (mod p). Computes S = k * point, then tries common XOR key derivations.

p (modulus)

k (scalar)

point (x,y)

ciphertext (hex)

ECC Discrete Log Attack (BSGS)

Solve d from Q = dG on small/weak curves with bounded search.

G (x,y)

Q (x,y)

Max d

DSA/ECDSA Nonce Reuse Attack

Recover k and private key x when two signatures share the same nonce (same r).

q / n (group order)

r (same in both signatures)

h1 (hash of msg1)

h2 (hash of msg2)

DSA/ECDSA Partial Nonce Leak (Known Bits)

Recover private key x when some nonce bits are known. Brute-force for small unknown bits, with HNP/Sage template for larger cases.

q / n (group order)

Known k1 part (dec/0x)

Known k1 type

Known k1 bits (suffix mode)

Unknown k1 bits

Brute-force max bits

Optional filter with second signature + known k2 bits.

r2 (optional)

s2 (optional)

h2 (optional)

Known k2 part (optional)

Known k2 type

Known k2 bits (suffix mode)

Unknown k2 bits (hint)

🎲 LCG Predictor

Linear Congruential Generator: X_{n+1} = (a*X_n + c) mod m

Known Outputs (comma separated)

Modulus m (optional)

🌀 Mersenne Twister (MT19937)

Butuh 624 output berturut-turut untuk recover state

📊 LFSR Helper

Linear Feedback Shift Register analysis

🔒 AES Mode Detector

Paste hex ciphertext untuk detect mode

🎭 ECB Cut & Paste

ECB mode encrypts identical blocks to identical ciphertext

🔀 CBC Bit-Flipping Calculator

Modify ciphertext to change plaintext after decryption

Original plaintext block (hex)

Target plaintext block (hex)

Previous ciphertext block (hex)

CBC Padding Oracle Attack Helper

Manual helper after oracle phase: use recovered intermediate state to decrypt/forge blocks.

Previous block C(i-1) (hex, 16 bytes)

Intermediate I(i) (hex, 16 bytes)

Target plaintext (ASCII, optional)

Target plaintext (hex, optional)

CTR/OFB Nonce Reuse Attack

Same nonce + key reuses keystream. XOR ciphertexts to get XOR plaintexts.

C1 (hex)

C2 (hex)

Known P1 (ASCII, optional)

Known P1 (hex, optional)

GCM Nonce Reuse - Recover Auth Key

One-block, no-AAD case: derive GHASH key H from (C1,T1) and (C2,T2) under same nonce.

C1 (hex, 16 bytes)

T1 (hex, 16 bytes)

C2 (hex, 16 bytes)

T2 (hex, 16 bytes)

Forge C* (hex, 16 bytes, optional)

📚 AES Mode Cheatsheet

Mode	Vulnerability	Attack
`ECB`	Same plaintext → same ciphertext	Block swapping, pattern analysis
`CBC`	IV reuse, bit-flipping	Padding oracle, bit-flip to modify plaintext
`CTR`	Nonce reuse	XOR ciphertexts to get XOR of plaintexts
`GCM`	Nonce reuse	Authentication bypass, forgery

🔑 Hash Identifier

📏 Length Extension Attack

Untuk MD5, SHA1, SHA256 (Merkle-Damgård construction)

Known Hash (hex)

Original Message Length (bytes)

Data to Append

Hash Type

🔍 Hash Lookup

🔓 CrackStation 🔎 Hashes.com 🔐 MD5Decrypt

⊕ XOR Tool

Input Input is Hex

Key Key is Hex

📦 Multi-Encoder

🔢 Number Converter

🔤 ASCII Table

🚩 Flag Formats

flag{...} | FLAG{...} | CTF{...} | LKS{...} | picoCTF{...} | HTB{...}

🔗 External Tools

🍳 CyberChef 🔢 FactorDB 🔐 dCode 🔤 quipqiup 🧮 Alpertron ECM 🔓 CrackStation