hunter-crypto-7b

A local cryptography-attack specialist for authorized security work, by Naderu — a BytesBrains Pte. Ltd. venture.

hunter-crypto is a compact, specialised model for the cryptography corner of penetration testing and CTF work: given a challenge — a cipher, a weak-parameter RSA key, an oracle — it identifies the weakness and produces a runnable attack script (PyCryptodome / SageMath) that recovers the plaintext or flag. It runs fully offline on Apple Silicon, so engagement data never leaves the box. It is the first model of the Hunter family.

  • Fine-tuned from: Qwen/Qwen2.5-Coder-7B-Instruct (Apache-2.0)
  • Method: QLoRA (r=8, scale=20) on a 4-bit MLX quant, assistant-tokens-only, 1000 iters, MLX on Apple Silicon
  • This artifact: merged bf16 weights (adapter fused into the base, de-quantized)
  • Full provenance, recipe, and eval harness: github.com/nandal/naderu — models/hunter-crypto/

Intended use

A local specialist behind an authorized pentest / CTF workflow, handling the cryptography corner offline: recovering plaintext/flags from cryptographically weak or misconfigured constructions during authorized testing, CTF competition, and security education.

Authorized use only. This model is for authorized penetration testing, defensive security, and CTF/education. It is not for attacking systems you do not have explicit permission to test. It targets weak/misconfigured crypto for assessment; it is not a tool for defeating properly-deployed modern cryptography, and does not claim to.

Out of scope: general chat, factual Q&A, non-crypto exploitation, and any use requiring guaranteed correctness. Its output is a candidate attack to be run and verified, not an authority.

The task contract

Given a challenge (description + material: ciphertext, public parameters, an oracle interface, source), the model returns (1) a short identification of the weakness, and (2) a single runnable script that, when executed against the provided material, prints the recovered plaintext/flag.

Evaluation

Graded by end-to-end execution — the model's script must run and print the known secret (no partial credit) — over a frozen held-out set verified disjoint from training. Base = the 4-bit Qwen2.5-Coder base with no adapter; trained = this model.

Tier Metric Gate Base Trained
In-distribution (48, six trained categories) solve_rate ≥0.95 → PASS 0.333 1.000
In-distribution (48) valid_script_rate ≥0.95 → PASS 0.333 1.000
Independent-method (36, different generator) solve_rate reported 0.250 0.972
OOD-hard (24, untrained RSA attacks) solve_rate non-gating 0.000 0.125

Trained categories (all maxed on the in-distribution tier): xor1, xorK, caesar, affine, base_chain, rsa_low_e. The independent-method result (0.972 on a set built by a different generator with varied encodings/labels/parameters) is the signal that the model learned the attacks, not just the training generator's surface templates. Full breakdown: models/hunter-crypto/benchmarks.md.

Limitations, risks & safety

  • Small, narrow model. It proposes attacks for weak crypto; it is not a cryptanalysis engine and will be wrong on hard or out-of-distribution problems (see OOD tier). Always run and verify.
  • No guarantee of correctness or safety of generated code — run generated scripts in a sandbox.
  • Dual-use. Crypto-attack capability is inherently dual-use; scope is authorized assessment of weak/misconfigured crypto, shipped as one corner of a human-consent-gated workflow.

License

Apache-2.0, inheriting Qwen/Qwen2.5-Coder-7B-Instruct's upstream terms.

Downloads last month
-
Safetensors
Model size
8B params
Tensor type
F16
·
MLX
Hardware compatibility
Log In to add your hardware

Quantized

Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support

Model tree for bytesbrains/hunter-crypto-7b

Base model

Qwen/Qwen2.5-7B
Finetuned
(417)
this model