ApoorvCTF 2026 - Tick Tock - Cryptography Writeup

Category: Cryptography Flag: apoorvctf{con5t4nt_tim3_or_di3}

Challenge Description#

Our engineers are obsessed with performance.Their main goal? Speed.

To keep things fast, the password verification service avoids doing more work than necessary. Every millisecond counts.

Correct password gives the flag

The password consists only of digits: 0-9 Can you recover it?

Analysis#

The service hint basically screams timing side channel, but I still verified behavior first. A quick wrong guess showed the server loops and immediately asks again, which is exactly what you want for repeated measurements over the network.

1
printf '0\n' | nc chals3.apoorvctf.xyz 9001

1
Welcome to the password checker!
2
Please enter the password: Incorrect password.
3
Please enter the password:

At that point I measured response time for one-digit guesses 0..9 over fresh TCP connections, timing from send to first verdict. One value was massively slower than the rest, so the checker was clearly doing early-exit comparison with a per-correct-digit delay.

wink

1
import socket, time, statistics
2

3
HOST = "chals3.apoorvctf.xyz"
4
PORT = 9001
5

6
def measure(guess: str) -> float:
7
    s = socket.create_connection((HOST, PORT), timeout=5)
8
    s.settimeout(8)
9
    s.recv(4096)
10
    t0 = time.perf_counter()
11
    s.sendall((guess + "\n").encode())
12
    data = b""
13
    while True:
14
        try:
15
            chunk = s.recv(4096)
16
        except Exception:
17
            break
18
        if not chunk:
19
            break
20
        data += chunk
21
        if b"Incorrect password." in data or b"{" in data:
22
            break
23
    dt = time.perf_counter() - t0
24
    s.close()
25
    return dt
26

27
for d in "0123456789":
28
    vals = [measure(d) for _ in range(3)]
29
    print(f"{d}: mean={statistics.mean(vals)*1000:.1f}ms min={min(vals)*1000:.1f}ms max={max(vals)*1000:.1f}ms")

1
0: mean=73.1ms min=71.5ms max=74.6ms
2
1: mean=72.3ms min=70.3ms max=75.5ms
3
2: mean=74.6ms min=70.5ms max=82.6ms
4
3: mean=76.2ms min=74.0ms max=79.8ms
5
4: mean=77.3ms min=74.7ms max=81.8ms
6
5: mean=85.3ms min=70.7ms max=113.2ms
7
6: mean=152.8ms min=73.5ms max=310.9ms
8
7: mean=72.9ms min=72.1ms max=73.4ms
9
8: mean=71.4ms min=70.2ms max=73.5ms
10
9: mean=901.7ms min=870.6ms max=958.9ms

From there the solve was just greedy prefix extension: test prefix + digit for all digits, pick the slowest candidate, and repeat. Each correct next digit added roughly ~0.8s to the response time, which made the signal very clean even with network jitter. I ran an adaptive extractor, then continued from the recovered prefix to avoid timeout issues from long waits. The continuation step returned the flag directly.

smile

1
import socket, time, re, statistics
2

3
HOST = "chals3.apoorvctf.xyz"
4
PORT = 9001
5
FLAG_RE = re.compile(rb"[A-Za-z0-9_]+\{[^}]+\}")
6
PROMPT = b"Please enter the password:"
7
START_PREFIX = "934780189"
8

9
def attempt(guess: str, timeout: int = 35):
10
    s = socket.create_connection((HOST, PORT), timeout=8)
11
    s.settimeout(timeout)
12
    data = b""
13
    end = time.perf_counter() + 8
14
    while PROMPT not in data and time.perf_counter() < end:
15
        chunk = s.recv(4096)
16
        if not chunk:
17
            break
18
        data += chunk
19

20
    t0 = time.perf_counter()
21
    s.sendall((guess + "\n").encode())
22
    out = b""
23
    end = time.perf_counter() + timeout
24
    while time.perf_counter() < end:
25
        try:
26
            chunk = s.recv(4096)
27
        except socket.timeout:
28
            break
29
        if not chunk:
30
            break
31
        out += chunk
32
        if FLAG_RE.search(out):
33
            break
34
        if b"Correct password" in out:
35
            try:
36
                s.settimeout(2)
37
                out += s.recv(4096)
38
            except Exception:
39
                pass
40
            break
41
        if b"Incorrect password." in out:
42
            break
43

44
    dt = time.perf_counter() - t0
45
    s.close()
46
    m = FLAG_RE.search(out)
47
    return dt, out.decode(errors="ignore"), (m.group().decode() if m else None)
48

49
prefix = START_PREFIX
50
print("Starting prefix:", prefix)
51

52
for pos in range(len(prefix), 22):
53
    scores = []
54
    for d in "0123456789":
55
        g = prefix + d
56
        dt, txt, flag = attempt(g)
57
        if flag:
58
            print("FLAG", flag)
59
            raise SystemExit
60
        scores.append((dt, d))
61
        print(f"  test {g} -> {dt*1000:.1f}ms")
62

63
    scores.sort(reverse=True)
64
    top = scores[:3]
65
    conf = []
66
    for _, d in top[:2]:
67
        vals = [attempt(prefix + d)[0] for _ in range(2)]
68
        conf.append((statistics.median(vals), d))
69
    conf.sort(reverse=True)
70

71
    best = conf[0][1]
72
    prefix += best
73
    print(f"pos={pos} choose={best} prefix={prefix}")
74

75
    _, txt, flag = attempt(prefix)
76
    if flag:
77
        print("FLAG", flag)
78
        raise SystemExit

1
Starting prefix: 934780189
2
  test 9347801890 -> 8118.8ms
3
  test 9347801891 -> 7292.8ms
4
  test 9347801892 -> 7277.2ms
5
  test 9347801893 -> 7284.1ms
6
  test 9347801894 -> 7322.4ms
7
  test 9347801895 -> 7325.7ms
8
  test 9347801896 -> 7281.2ms
9
  test 9347801897 -> 7275.2ms
10
  test 9347801898 -> 7277.5ms
11
  test 9347801899 -> 7326.1ms
12
pos=9 choose=0 prefix=9347801890
13
  test 93478018900 -> 8082.6ms
14
  test 93478018901 -> 8076.7ms
15
  test 93478018902 -> 8113.7ms
16
  test 93478018903 -> 8078.3ms
17
  test 93478018904 -> 8076.5ms
18
  test 93478018905 -> 8081.1ms
19
  test 93478018906 -> 8117.7ms
20
  test 93478018907 -> 8080.6ms
21
  test 93478018908 -> 8081.1ms
22
  test 93478018909 -> 8877.3ms
23
pos=10 choose=9 prefix=93478018909
24
FLAG apoorvctf{con5t4nt_tim3_or_di3}

Solution#

1
import socket, time, re, statistics
2

3
HOST = "chals3.apoorvctf.xyz"
4
PORT = 9001
5
FLAG_RE = re.compile(rb"[A-Za-z0-9_]+\{[^}]+\}")
6
PROMPT = b"Please enter the password:"
7

8
def attempt(guess: str, timeout: int = 35):
9
    s = socket.create_connection((HOST, PORT), timeout=8)
10
    s.settimeout(timeout)
11
    data = b""
12
    end = time.perf_counter() + 8
13
    while PROMPT not in data and time.perf_counter() < end:
14
        chunk = s.recv(4096)
15
        if not chunk:
16
            break
17
        data += chunk
18

19
    t0 = time.perf_counter()
20
    s.sendall((guess + "\n").encode())
21
    out = b""
22
    end = time.perf_counter() + timeout
23
    while time.perf_counter() < end:
24
        try:
25
            chunk = s.recv(4096)
26
        except socket.timeout:
27
            break
28
        if not chunk:
29
            break
30
        out += chunk
31
        m = FLAG_RE.search(out)
32
        if m:
33
            return time.perf_counter() - t0, m.group().decode()
34
        if b"Incorrect password." in out:
35
            break
36

37
    return time.perf_counter() - t0, None
38

39
prefix = ""
40
for _ in range(20):
41
    scores = []
42
    for d in "0123456789":
43
        dt, flag = attempt(prefix + d)
44
        if flag:
45
            print(flag)
46
            raise SystemExit
47
        scores.append((dt, d))
48

49
    scores.sort(reverse=True)
50
    top = scores[:2]
51
    confirm = []
52
    for _, d in top:
53
        vals = []
54
        for _ in range(2):
55
            dt, flag = attempt(prefix + d)
56
            if flag:
57
                print(flag)
58
                raise SystemExit
59
            vals.append(dt)
60
        confirm.append((statistics.median(vals), d))
61
    confirm.sort(reverse=True)
62
    prefix += confirm[0][1]

1
python solve_tick_tock.py

1
apoorvctf{con5t4nt_tim3_or_di3}