본문 바로가기
CTF

[ISITDTU CTF 2018] write up

Gyeongje 2018. 7. 29. 22:08

ISITDTU CTF 2018 Quals Write up 


[Reversing] cool

import hashlib

def hash():
    s = ['ECFD4245812B86AB2A878CA8CB1200F9'.lower(), '88E3E2EDB64D39698A2CC0A08588B5FD'.lower(),
         'BBC86F9D0B90B9B08D1256B4EF76354B'.lower()]
    bf_table = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#$^*():_-<>?{}"
    tmp = [0, 0, 0]
    for a in bf_table:
        for b in bf_table:
            for c in bf_table:
                for d in bf_table:
                    md = hashlib.md5(a + b + c + d).hexdigest()
                    for i in range(3):
                        if s[i] == md:
                            tmp[i] = a + b + c + d
                        if 0 not in tmp:
                            return tmp

tmp = hash()
flag = bytearray(tmp[0] + tmp[1] + tmp[2] + '!')
a = [125, 77, 35, 68, 54, 2, 118, 3, 111, 91, 47, 70, 118, 24, 57]

for bf in a:
    tmp = 0
    for i in flag:
        tmp ^= i
    tmp ^= bf
    flag.append(tmp)

print flag
#ISITDTU{fl4g_i5_h3r3!C0ngr4tul4ti0n!}


[Reversing] embedding

extract zip format ↓



[Crypto] XOR

a = '1d14273b1c27274b1f10273b05380c295f5f0b03015e301b1b5a293d063c62333e383a20213439162e0037243a72731c22311c2d261727172d5c050b131c433113706b6047556b6b6b6b5f72045c371727173c2b1602503c3c0d3702241f6a78247b253d7a393f143e3224321b1d14090c03185e437a7a607b52566c6c5b6c034047'
c = []

tmp = ''
for i in range(len(a)):
    if i % 2 == 0 and i != 0:
        c.append(tmp)
        tmp = ''
    tmp += a[i]
c.append(tmp)

key = bytearray('xoRCr4cKm3')
flag = 'GyeongjeHappy' * 10

f = [0 for i in range(130)]
idx = 0
m = []

for a in range(len(key)):
    i = a
    for b in range(len(flag) / len(key)):
        if b % 2 != 0:
            f[i] = chr(int(c[idx], 16) ^ key[a])
        else:
            f[i + len(key) - (a + 1 + a)] = chr(int(c[idx], 16) ^ key[a])
        i += len(key)
        idx += 1

flag = ''
for a in f:
    flag += a

print flag
#ISITDTU{Welcome_to_ISITDTUCTF_C0ntest!_Hav3_a_g00d_day._Hope_y0u_w1ll_3nj0y_and_hav3_a_h1gh_rank_1n_0ur_F1rst_Ctf_C0nt3st._Thank5}

key는 ISITDTU{} flag format을 통해 x와 RCr4Km3 문자열을 구할 수 있었고 o는 게싱해서 key를 구했다.


[Crypto] Baby

from pwn import *
from hashlib import *

p = remote('35.185.178.212', 33337)

p.sendlineafter('Number: ', str(0))
std = p.recvuntil('\n*').split('\n')[1]
print 'Standard : ' + std

bf = "_}zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA!0123456789"
flag = 'ISITDTU{'

for a in range(19):
    t = ''
    for i in bf:
        string = flag + i
        tmp = (int(string.encode('hex'), 16) << ((28 - len(string)) * 8)) | ord('}')

        p.sendlineafter('Number: ', str(tmp))
        n = p.recvuntil('\n*').split('\n')[1]
        if n == std:
            print string
            #print sha512(str(int(string.encode('hex'), 16))).hexdigest()
            flag += i
            break

flag += '}'
print flag
#ISITDTU{bit_flipping_is_fun}

문자열을 뒤쪽부터 뒤집어서 brute force를 했더니 정상적인 Flag가 추출됐다. 

저작자표시

'CTF' 카테고리의 다른 글

YISF 2018 final  (0) 2018.08.23
YISF 2018 예선 Write up  (1) 2018.08.16
[SCTF 2018] dingJMax  (0) 2018.07.14
[RCTF 2018] cpushop  (2) 2018.05.22
[RCTF 2018] simple vm  (4) 2018.05.21

'CTF' Related Articles

티스토리툴바