SECCON 2019 Online CTF Writeup
SECCON 2019 Online CTFに参加したので、解いた問題のwriteup.
Agenda (得点は競技終了時のもの)
- Welcome (misc 50pts)
- Thank you for playing! (misc 50pts)
- Beeeeeeeeeer (misc 110pts)
- Sandstorm (misc 279 pts)
- coffee_break (crypt 56pts)
Welcome (misc 50pts)
Q
Welcome to the SECCON CTF.
Read rules and check the IRC topic.
A
IRCに入ると書いてある.
FLAG
SECCON{Welcome to the SECCON 2019 Online CTF}
Thank you for playing! (misc 50pts)
Q
SECCON{We have done all the challenges. Thank you!}
A
そのまま
FLAG
SECCON{We have done all the challenges. Thank you!}
Beeeeeeeeeer (misc 110pts)
Q
Let's decode!
A
難読化されたシェルスクリプトを解読する.
難読化を解いて不要な部分を除いた最終的な状態は以下の通りである.
export S1="hogefuga" echo -ne '\a'; sleep 1; echo -ne '\a'; sleep 1; echo -ne '\a'; sleep 1; echo "How many beeps?"; read n </dev/tty; export n; echo 'Enter the password' : password is bash read PASSWORD </dev/tty; echo $(echo -n $PASSWORD|md5sum|cut -d" " -f1) | grep -q "d574d4bb40c84861791a694a999cce69"&& echo "Good Job!"&&printf "\n\033[?7l%1024s" " "&&echo SECCON{$S1$n$PASSWORD}; echo -e '\033[?7h';
実行し,問いにそれぞれ3,bashと答えるとFLAG.
FLAG
SECCON{hogefuga3bash}
Sandstorm (misc 279 pts)
Q
I've received a letter... Uh, Mr. Smith?
A
画像中の文章からAdam ->PNGのインターレース方式であるAdam7の連想をする.
以下のコード(Processing)を実行してQRコードを入手.デコードするとFLAG.
PImage img; int level = 1; void setup() { surface.setResizable(true); img = loadImage("sandstorm.png"); surface.setSize(img.width/8 * level, img.height/8 * level); } void draw() { for(int y=0; y<height; y++) { for(int x=0; x<width; x++) { color c = img.get(x*(9-level),y*(9-level)); set(x,y,c); } } save("result.png"); noLoop(); }
FLAG
SECCON{p0nlMpzlCQ5AHol6}
coffee_break (crypt 56pts)
Q
The program "encrypt.py" gets one string argument and outputs ciphertext.
Example:
$ python encrypt.py "test_text"
gYYpbhlXwuM59PtV1qctnQ==
The following text is ciphertext with "encrypt.py".FyRyZNBO2MG6ncd3hEkC/yeYKUseI/CxYoZiIeV2fe/Jmtwx+WbWmU1gtMX9m905
A
暗号化用のスクリプトと暗号が渡される.
逆向きに処理する関数を書いて復号すればFLAG.
import sys from Crypto.Cipher import AES import base64 def decrypt(key, text): s = '' for i in range(len(text)): c = ord(text[i]) - 0x20 if c < 0x33: c += 0x5f c -= (ord(key[i % 6]) - 0x20) c += 0x20 s += chr(c) return s key1 = "SECCON" key2 = "seccon2019" enc3 = "FyRyZNBO2MG6ncd3hEkC/yeYKUseI/CxYoZiIeV2fe/Jmtwx+WbWmU1gtMX9m905" cipher = AES.new(key2 + chr(0x00) * (16 - (len(key2) % 16)), AES.MODE_ECB) dec1 = base64.b64decode(enc3) dec2 = cipher.decrypt(dec1) dec3 = decrypt(key1, dec2[0:len(dec2) - ord(dec2[-1])]) print(dec3)
FLAG
SECCON{Success_Decryption_Yeah_Yeah_SECCON}