peaCTF 2019 Round 1 Write-up
はじめに
2019/07/22 ~ 2019/07/28に開催されたpeaCTF Round 1に個人で参加しました.
成績
150位(540チーム中)でした.
General Skills
Worth - Points: 50
This problem is worth 0o1454 points.
アプローチ:Octal to Decimal
flag{peactf_812}
Hide and Seek - Points: 100
Try to find to the flag file located somewhere in the folders located in: /problems/hide-and-seek_28_e5e549870631c4a82efc93c0630570bf
アプローチ:grep
指定されたフォルダを覗いてみると多数のフォルダが存在していることが分かるのでgrep
でflag
を探します.
satto1237@peactf-2019-shell-1:/problems/hide-and-seek_28_e5e549870631c4a82efc93c0630570bf$ ls 00ef4680df9a09b9377b8bc4911f023c 6a607e806de3a71f198d0a5289777b1f c9fe31d8b0acfd94ed33171a0a5dc2ff 0256e6db0ed0c52181d2b5aebb926ca4 72fa69a14478147c0e7072f0da6022aa cccdf9025e805f3dc4c142d6381703f9 0406278c5efdb169c5ee6039fbf4d5ae 75a736c898dfe0b64f72d3559473020a d029da976887fa3ac47aea412b6a77f4 0bf553aaf44527d74074ed7231f5244b 78e6723e7dbbf03ce74d54191827f72a d16cafd2033bc29c22b941ed82a1143d 0c016d7eaf9b7308492db63bfb1abc31 7a801ff27ab8e667746dc0179f4a1ce2 d6705198476c85fdc0c7685ac7a2f80e 0dd0453f32c0ebf7daf98e2359788af8 7c4e713381579bd9903ebd94a2ec1581 d7a373b7b05197d349c623d43da627ca 0e9ef8e2015ed4c9f53fa1780408e44e 7d45526b8fba594307a8a2e5b4464b2b d7ca477c142000738976440516230a0e 0fd396bf5aab7dcb688b5484629f6ba8 83a25df132f835cb7ef3e384229655a6 dad3db94141109304b14c74e6171f7ab 15960169b784e48392d75587d87c2d63 83fee6b9c2fda47a050575071648f80b dc30b7b52bc225d4b5273b4003a94e06 254ab5d75a8f09eaaaef016e0e583114 90b3b954693a878d1b1bc94dc4fd6a91 dd306d2db6d7854d4b7bf7be8a8f1d9e 2909a9c58d591e93021cd92a2d45c474 91443f0e7a5138cd0615e52ae4d89eb9 dd83aa9de84b5c8c8f0c0154dd8f18d5 2b25601046d1933091792dbff4236c42 9852f47d4c8f59c449f634c2de28976a dd86f67181f61d14a7b43df0dc6f9229 2ed1d0e8640b9ed69d7fe0147068336e 9b625797a48b1deb8c2c2c7900c7e408 df19ef43cb627647ba062a4595b2a02b 35b3e6a103a2f515e189a29a2b227dea a59cd36eb28c32e3fcdb509a90a6cceb e1cccc142e54daa1b9c944e5b2a880c2 39c2946318f9884d714e74b6d64d450b ac61d7f5e1c299c3b66053b52edb809e e37372a1c26223c1a6d18cf5a1c9f8fe 415610d493e787945ad043eed69d3465 ac97be330db79788553b0e2b8cc3fbdc ec9645d1bd751b57060f898b17257f96 43160c0249b4c011c15c1672562f58fc af5f662b9069469491f2debb2d1b61bf edd55758a50a426d9475e44b2a978987 44e49f811c02977719558b1503ce14d7 b0a0feb496e970cce94a254ed92444e0 ee7550d9294ac336eee66dd7f56d93df 4724ab2b151532286824d17166538e9f b3c3c9f7659fe6341b9ba444bda6bcc9 ef5a0bb515d66c33481769dac6a42b7a 536a4861fb7801ee2b607fdbfe84bf5d baacfcb9759ff86d548c70882bbb3fc8 f1bcf77f7d06c3acfc816ef7532010f8 5b03c379589439356689e18a5b4c6ce7 c2646431e0c6f5bbb0d9f99ad97467b9 f28f001ac87becef906218f6fcd3c6bc 6036e1656c0b0b36adc414f7f4367235 c47187be680f4e3347ca2c87cc97f0a9 f3ed13c57a1903313d8f29efb678fcc5 61d1e7d000523d81101d745ac04c6e4a c5a46882b4620e5f9139b0209779908f f9836b210710ed0525abb626e99da3a2 satto1237@peactf-2019-shell-1:/problems/hide-and-seek_28_e5e549870631c4a82efc93c0630570bf$ grep -r flag ./ ./c9fe31d8b0acfd94ed33171a0a5dc2ff/3361b9c2b222aa9f81186d5b36f82032/7ebd790c6e8eb1dbd1dcf1b244c589bf/5b073431762e613fe1a80b7fa479106a/31f3e448c58e17f225e21591b6170f88/flag.txt:flag{peactf_linux_is_fun_21e61d463e005e9bbc6aa1a208f74ed7}
flag{peactf_linux_is_fun_21e61d463e005e9bbc6aa1a208f74ed7}
Cryptography
Breakfast - Points: 50
Mmm I ate some nice bacon and eggs this morning. Find out what else I had for an easy flag. Don’t forget to capitalize CTF!
011100010000000000101001000101{00100001100011010100000000010100101010100010010001}
アプローチ:Baconian Cipher
011100010000000000101001000101 -> PEACTF 00100001100011010100000000010100101010100010010001 -> EGGWAFFLES
Don’t forget to capitalize CTF!
peaCTF{eggwaffles}
Broken Keyboard - Points: 50
Help! My keyboard only types numbers!
112 101 97 67 84 70 123 52 115 99 49 49 105 115 99 48 48 108 125
アプローチ:Decimal to ASCII
#!/usr/bin/env python # -*- coding: utf-8 -*- enc = [112, 101, 97, 67, 84, 70, 123, 52, 115, 99, 49, 49, 105, 115, 99, 48, 48, 108, 125] flag = ''.join(list(map(chr, enc))) print(flag)
peaCTF{4sc11isc00l}
School - Points: 100
My regular teacher was out sick so we had a substitute today.
Alphabet: WCGPSUHRAQYKFDLZOJNXMVEBTI zswGXU{ljwdhsqmags}
アプローチ:換字式暗号
#!/usr/bin/env python # -*- coding: utf-8 -*- import string upp = string.ascii_uppercase low = string.ascii_lowercase sub = 'WCGPSUHRAQYKFDLZOJNXMVEBTI' enc = 'zswGXU{ljwdhsqmags}' flag = '' for x in enc: if x in upp: flag += upp[sub.find(x)] elif x in low: flag += low[sub.find(chr(ord(x) - 32))] else: flag += x print(flag)
peaCTF{orangejuice}
Crack the Key - Points: 450
On one of my frequent walks through the woods, I stumbled upon this old French scroll with the title "le chiffre indéchiffrable." Remember to submit as peaCTF{plaintext_key}.
DVMDVRWOUISIERRRGNNVMWPOPGTOHSBUIHTCSSMJIVUWEXHTCTKZKFXIENWTDDOVMEOWDZRQEBQPVLFWKJBGL EEDALGCIVLQGLTWTCMFXSIAQTLTUGZQZZWOPVGIRCSLRUZRJUZBQSXSPXGJMGTPRPUGRSIVRGUDAFXHTNLVVBMF ZMQSFUWTWTFSWHIGXHTQLGCUSRGLEIWWXXWWCJDAIFXGAPDWGWFHTZSVOBISITRVUTTVRTWTDGMCPHGGNRDB POIZZWZPGHTTDQPHOYIUTUEWJDCPWORWDAZREDNHYSJZRJPAFSOCPDXZVPLVPGMNIWPFWUVRDUJINIDFXLYIUTE NWAHITVJZRJPVQEFAJEXWIMQVIYPTWGZYYYXKTNNVMQJTPVZRJHEBVDWPOKGEIUDCAHDJGTRYKLHSILXHPIZPVDE MDZGLEEGTDWDMGSTRAHXIPFGRVKPLUEDPHEVSEKHSZREMDCELWGVHKQBYSCXRLLRRGLQFLESIZGGDQXCQPETT XEXGKLHDBUIRPCTQSCWLIPNHBTTYEYIIHSBUETIWPCKYSXALNPLBTPXAEXKTJVKBPGYEKJSRCIFQRYDYIKNEVHISILN DFXGWXKTENCOASXEBFVVDPRAAHPWASPWFPTYIDIWZYYYXKTVNQEJCOIJNLLRPUIHPSMIWEIAWQOMTTSHEKNMOAQ AKDDCMISLXBLIFWOWXRLDPVHVIEHESDYXZVJDGUGLAITGIJPSQTENWQJXEIJVEGNBBPOHTLRZFYUHAYIEEXYSJUIUI WUIAGLSELYIKPLGSSPNLXGEIHCLBJTWTMMYSEUCWAESDGESXIELHMQTLPIQSJDQDYWEAAHPWVWRHBTVFGOCRPH GELLHJRHOUHEVSNYQSMEELPCEIJEAKXKULUCVQVGDEETIZLELPDXOVPYTGRERHDWHSEHKPLYETTAJKJFAQGIGLEG HESMKFXIPRAAHHEMDCEPPRRWTXRWSGBMQVXVKWXISEOZWHPVQFECTGSDVRWPXCIAGPYGWZRVEQGIOUISIXRG WIPNXHXHEYKYIVWIQREKTCFWVRFJBOIFDGPPGEKWWMBXHTGLRADEOHJRKACIZEJIMYTIAHMPZPXZVQVTTIISRDXJGI XDQTREFITCXZVMUSQSJEGTYXXRWKXWAWFXGDXURQHIPRXHGTPHGXWEACRFEAAUIKJMHPVQTICRSIJRRGIPRRTWT AMYJAKDARXTATOHGNRLCBUISIGLAADQHSQNXEANTRXISQIWSXHTEWELWSUBBUIHTCDTWIGKTLGLEBHPPNVWRCBU IWXCOSOJMOAAGLEEXRIGEWIACGXEGTOYHKSWWMEEFITCWLYIVWMRTACSNSOJPDNLBANQTSMFUXKTXVKSPCOFW XEQIWPLELISIULHWWMGAORPCXZFVVTAOSXTGLRVTPRKMEGABTTRLFKHIPRVWPAVMFXZHGGFPOLAJEFUWHIBVRGS DHRLYILGDNWTWPTVQYSRUAJMTWVCISKGDGMYISIISIJVWKDCYHBTHZQWJQDATNRIBPWGGEGHPTRHICISIKKVDLKYS VTGHEKRWWDCGQOIWPVDPQDGMNTPGDLGZZRJBQQHLTATJWNLRWIQREKTCUMZXHVWGLEGUTKMIIEPKXEFITCLWIJ RJZGLFDPWFGOIULIFENTCZVEFYVQMNWTCTLVDPILVPGIECWLRVJLLVPNRDPHDXJFRJPANRYILZSJUMQPZLLOGHPWH LXWDORXHTGLAZZXHHBEMPTSZAFYMVCWFIGPKPLADEVDURAHPIDXMGMGPXCIAGPYGWRRGXVSECIWPASJRRIWSJI GHEVSKILCBRPLXVPRUVFXIPRAAHJYMNVVVPTYCRTHAIUKIGUWELIHHEISUMQTAFSFRWLVSTXHGIAHTGTXIFUSXHXBA EGHZJOFVNPNGIRIWPLGIWHHKNQEBJCMWCXKTEUMTTVZELRRGQMANABXYXZVHRCSRCBTCUEEZRZPAGLEDAOIKKE QXUNPOCISIXRVPPVQXHTLZVKKXHBXRVESWPWWCHRBBNPKTSLRVNLHCPRHISXEASJYVJIYPYIDXECVWRBMPCNXRL PJVQDGSSSRXCDXSEGHWMJSUASDEQKLDIOBHHPSRMNVRKXUNXAXAESCVISIPRJLXTDSXWFXIBUETWTHSMCHVDWA IRWPGIZRHQDBNMLPCORGWPLTANPOCTLQGEKWWMNRIBPWWGEXKTNNVMWTYINVVOPCTLESXQEKBIGLPLLELDFPVJ EBIPNXHTHLAFFXKXVTXOAPFKZRXQTDRVTWTWIKJALIPBYTDEPRDPEGBQGXICVTXZVADHLRZOITOXGSSATZGLEILZSX KLHBCFYAAAJWHVRWIPRMRHJYHSPWWDORXHTGTRLYIVBIYPPPSOSUBFHNWAHTWTZVUYEUSOEEZXCRWAUIENAVH EPCORWMIUHXREKXCR
アプローチ:Vigenere Cipher
Vigenere Solverを使ってkey
を探索します.
peaCTF{redpineapples}
RSA - Points: 500
Can you help Bob retrieve the two messages for a flag?
Encrypted channel: n = 165481207658568424313022356820498512502867488746572300093793 e = 65537 c = 150635433712900935381157860417761227624682377134647578768653
Authenticated (unhashed) channel: n = 59883006898206291499785811163190956754007806709157091648869 e = 65537 c = 23731413167627600089782741107678182917228038671345300608183
アプローチ:公開鍵による暗号化 + 秘密鍵による暗号化
enc_channel
は公開鍵による暗号化を行っており(通常のRSA暗号),auth_channel
は秘密鍵による暗号化を行っています(電子署名).
そのため,enc_channel
は秘密鍵による復号を行い,auth_channel
は公開鍵による復号を行います.
#!/usr/bin/env python # -*- coding: utf-8 -*- from Crypto.Util.number import * e = 0x10001 # enc_channel p_1 = 404796306518120759733507156677 q_1 = 408801179738927870766525808109 n_1 = p_1 * q_1 c_1 = 150635433712900935381157860417761227624682377134647578768653 phi_1 = (p_1 - 1) * (q_1 - 1) d_1 = inverse(e, phi_1) m_1 = pow(c_1, d_1, n_1) print(long_to_bytes(m_1)) # auth_channel n_2 = 59883006898206291499785811163190956754007806709157091648869 c_2 = 23731413167627600089782741107678182917228038671345300608183 m_2 = pow(c_2, e, n_2) print(long_to_bytes(m_2)) # flag print(long_to_bytes(m_1) + long_to_bytes(m_2))
> python solve.py b'peaCTF{f4ct0r' b'1ng1sfun}' b'peaCTF{f4ct0r1ng1sfun}'
peaCTF{f4ct0r1ng1sfun}
Forensics
Choose your Pokemon - Points: 150
Just a simple type of recursive function.
アプローチ:rar -> zip -> pdf -> rtf
> file master-ball master-ball: RAR archive data, v5
> file roshambo roshambo: Zip archive data, at least v2.0 to extract
{wild_type}
We are E.xtr - Points: 350
E.xtr
アプローチ:ファイルシグネチャを書き換える
> file E.xtr E.xtr: data
89 58 54 52 -> 89 50 4E 47
{read_banned_it}
The Wonderful Wizard - Points: 750
TheWonderfulWizard.png
アプローチ:stegsolve
#!/usr/bin/env python # -*- coding: utf-8 -*- from Crypto.Util.number import * msg = 0x666c61677b7065616374665f77686572655f7468655f77696e645f626c6f77737d print(long_to_bytes(msg))
> python solve.py b'flag{peactf_where_the_wind_blows}'
Reversing
Coffee Time - Points: 250
Run this jar executable in a virtual machine and see what happens.
> file coffeetime.jar coffeetime.jar: Java archive data (JAR)
アプローチ:decompile
JD-GUIでdecompileします.
peaCTF{nice_cup_of_coffee}
まとめ
- 全完してるチームが結構いたのに3問解けず辛くなった…
- Web解けなかったので勉強します (毎回言っている)
- 難しすぎず簡単すぎないCrypto問が解きたいナ〜〜