2015, CTF, Trend Micro

English [Trend Micro 2015] [Progamming 100] Write-Up

Leave a comment

Description

Click on the different color.

Resolution

As the description said, the goal was to click on the only square which had a different color than the others.

It started gently, with a 2×2 blocks, humanly resolvable.

Then, on every click and page loading, the grid grew and colors were becoming less and less distinguishable.

blocs 5As you can see, it became harder and harder, with many blocks:

blocs 12

After some manual tests, and seeing that the number of possibilities was fastly growing, we decided to create a script to solve this challenge:

<?php
 $page = 'http://ctfquest.trendmicro.co.jp:43210/click_on_the_different_color';
 $border = 3;

 while (true) {
  $data = file_get_contents($page);
  if (preg_match('#ocation\.href=\'/(.+?)\?#', $data, $regs)) {
   $dest = $regs[1];
   if (preg_match('#<img src="(.+?)"#', $data, $regs)) {
    $img = imagecreatefrompng('http://ctfquest.trendmicro.co.jp:43210'.$regs[1]);
    if ($img) {
     $bordercolor = imagecolorat($img, 0, 0); // Border color
     $colorref = imagecolorat($img, $border+1, $border+1); // Block color after the border

     for ($i = 1; true; ++$i) { // Check block size
      if (($color = imagecolorat($img, $border+$i, $border+1)) == $bordercolor) { // If the color is not the same as the border
       $blocksize = $i; // Block size
       $blocs = (imagesx($img)-$border)/($blocksize+$border); // Number of blocks
       echo &quot;Size: $i\nRef: $colorref\nColor: $color\nBorder: $bordercolor\nBlocs: $blocs\n&quot;; // Debug
       for ($x = 0; $x < $blocs; ++$x) { // Different block searching
        for ($y = 0; $y < $blocs; ++$y) {
         $rx = ($blocksize+$border)*$x+$border+1;
         $ry = ($blocksize+$border)*$y+$border+1;

         $test = imagecolorat($img, $rx, $ry); // Block color to test

         if ($test != $colorref) { // If the color is different as the reference color, bingo?
          echo "$rx / $ry : $test : $colorref\n"; // Debug
          $page = 'http://ctfquest.trendmicro.co.jp:43210/'.$dest.'?x='.$rx.'&amp;y='.$ry;
          continue 4;
         }
        }
       }

       break;
      }
     }
    } else {
     break;
    }
   }
  } else {
   echo $data;
   break;
  }
 }

A few seconds later, after a 80×80 grid, we finally got the flag!

Flag is: TMCTF{U must have R0807 3Y3s!}

Leave a Reply

Your email address will not be published. Required fields are marked *