There was once a guy, who hadn't anything to do. So he made haiku.
CTF question, related to cryptography, he presents to you.
Solve you can or not, you must at least try or else, you disappoint him.
- Flag Format : /FLAG[A-Z]+/
Provided boring-assignment
Hint: Cipher used is a really popular cipher.
Solution
Starting this with the usual.
$ file boring-assignment
boring-assignment: data
Huh… Nothing. Ok… Let us open this file and see what it is.
$ cat boring-assignment
<Redacted Binary>
./a.py
<listcomp>s
dSdS)Nr)
plain_textarr<module>
<Redacted Binary>
Ok… So now we are getting somewhere. This has some interesting characters. The ./a.py catches my eye. As does the
$ cp boring-assignment boring-assignment.pyc
$ uncompyle6 boring-assignment.pyc
# uncompyle6 version 2.9.10
# Python bytecode 3.5 (3350)
# Decompiled from: Python 3.5.2 (default, Nov 17 2016, 17:05:23)
# [GCC 5.4.0 20160609]
# Embedded file name: ./a.py
# Compiled at: 2017-03-26 02:56:19
# Size of source mod 2**32: 298 bytes
cipher_text = ''.join([chr(x) for x in [80, 80, 89, 81, 71, 80, 73, 84, 82, 89, 86, 67, 65, 89, 71, 66, 73, 81, 68, 76, 67, 69, 87, 67, 89, 74, 75, 75, 88, 70, 79, 81, 89, 68, 77, 65, 67]])
def decrypt(cipher_text=None):
if not cipher_text:
return
plain_text = decrypt(cipher_text)
# okay decompiling boring-assignment.pyc
Woohoo! We now have a source. And there seems to be a python function here. That gives us a cipher text. And a template for a decrypt function, which gives us a nothing.
Let's see what the cipher text is. The program seems kind enough to join it into a string for us.
In [1]: cipher_text
Out[1]: 'PPYQGPITRYVCAYGBIQDLCEWCYJKKXFOQYDMAC'
So… Weird cipher_text. It is too readable. Seems like a simple shift cipher or a substitution cipher. Substitution ciphers generally provide more text for frequency analysis, so we can try a shift cipher.
I quickly whip up a code for shift cipher, and fire it up.
In [9]: def shift_cipher(n, cipher):
...: d = {}
...: for i in range(0, len(string.ascii_uppercase)):
...: d[string.ascii_uppercase[i]] = string.ascii_uppercase[(i + n) % len(string.ascii_uppercase)]
...: print("".join([d[x] for x in cipher]))
...:
...:
...:
In [10]: for i in range(26):
...: shift_cipher(i, cipher_text)
...:
PPYQGPITRYVCAYGBIQDLCEWCYJKKXFOQYDMAC
QQZRHQJUSZWDBZHCJREMDFXDZKLLYGPRZENBD
RRASIRKVTAXECAIDKSFNEGYEALMMZHQSAFOCE
SSBTJSLWUBYFDBJELTGOFHZFBMNNAIRTBGPDF
TTCUKTMXVCZGECKFMUHPGIAGCNOOBJSUCHQEG
UUDVLUNYWDAHFDLGNVIQHJBHDOPPCKTVDIRFH
VVEWMVOZXEBIGEMHOWJRIKCIEPQQDLUWEJSGI
WWFXNWPAYFCJHFNIPXKSJLDJFQRREMVXFKTHJ
XXGYOXQBZGDKIGOJQYLTKMEKGRSSFNWYGLUIK
YYHZPYRCAHELJHPKRZMULNFLHSTTGOXZHMVJL
ZZIAQZSDBIFMKIQLSANVMOGMITUUHPYAINWKM
AAJBRATECJGNLJRMTBOWNPHNJUVVIQZBJOXLN
BBKCSBUFDKHOMKSNUCPXOQIOKVWWJRACKPYMO
CCLDTCVGELIPNLTOVDQYPRJPLWXXKSBDLQZNP
DDMEUDWHFMJQOMUPWERZQSKQMXYYLTCEMRAOQ
EENFVEXIGNKRPNVQXFSARTLRNYZZMUDFNSBPR
FFOGWFYJHOLSQOWRYGTBSUMSOZAANVEGOTCQS
GGPHXGZKIPMTRPXSZHUCTVNTPABBOWFHPUDRT
HHQIYHALJQNUSQYTAIVDUWOUQBCCPXGIQVESU
IIRJZIBMKROVTRZUBJWEVXPVRCDDQYHJRWFTV
JJSKAJCNLSPWUSAVCKXFWYQWSDEERZIKSXGUW
KKTLBKDOMTQXVTBWDLYGXZRXTEFFSAJLTYHVX
LLUMCLEPNURYWUCXEMZHYASYUFGGTBKMUZIWY
MMVNDMFQOVSZXVDYFNAIZBTZVGHHUCLNVAJXZ
NNWOENGRPWTAYWEZGOBJACUAWHIIVDMOWBKYA
OOXPFOHSQXUBZXFAHPCKBDVBXIJJWENPXCLZB
So… Nothing. However if we now see the flag format, and take a look at the hint provided, two things become clear.
- It is a historically used cipher
- The plaintext begins with FLAG
This rules out mono-aliphatic substitution ciphers (because cipher text begins with two P's). And also reduces the chance of a poly-aliphatic substitution cipher. Because we don't have any more information, and this given information is incomplete.
One cipher comes to mind which maps each character to different characters. It is also quite well known. The Vigenère cipher. A pretty nice website for decoding such a cipher is here.
It even gives us an exact solution for our case, where we presumably know the first word of the series. We feed it the values, and it spits out the following.
Plain Text: FLAGCRYPTOREQUIRESTHEUSEOFMATHEMATICS
Cipher Key : KEY
Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ
The flag is CRYPTOREQUIRESTHEUSEOFMATHEMATICS
Flag
CRYPTOREQUIRESTHEUSEOFMATHEMATICS
Recommended Reading
Foren-Steg
#ctf #forensics #stegno #zipFind the flag, flag finder.
- Flag Format: /flag{.+}/
Provided foren-steg.docx
Solution
The file provided to us appears to be a docx file. Let us see what happens when we try to open it.
There appears to be nothing in the file but gibberish...
...Recommended Reading
Macbeth
#ctf #docx #forensics #stegno #zipFind the flag.
- Flag Format /flag:[a-zA-Z]+/
Provided Macbeth.docx
Hint : Not all characters are created equal.
Solution
Opening the file we can quickly tell that the entire file has been written in two fonts. We unzip the docx file, and grep...
...