[HackIM 2016] [Misc 400 – Lol] Write UpDescription
52.91.163.151:30303
===Win this simple text decoder and take your flag !===
Resolution
This appears to be successing rounds that we must solve before receiving the flag. We first thought that there is 25 rounds, but the “Lol” title indicates that it wasn’t the case. So we automatized the resolution of rounds with following code (there is even some brainfuck code to interprete).
def set_search(set, num): #returns whether num is in set or sets within set
for c in set:
if num in c:
return True
return False
def del_incompat(program):
counter = 0
for i in range(0,len(program)):
if not program[i-counter] in "+-><.,[]":
program = removeFromString(program,i-counter)
counter += 1
return program
def removeFromString(text, index): #simply remove the character at index
return text[0:index] + text[index+1:]
def pair_brackets(program,pairs):
#do it recursively:
i = 0
flag = False
while i < len(program):
if program[i] == "[" and not set_search(pairs,i):
tmp = i
flag = True
elif program[i] == "]" and not set_search(pairs,i):
pairs.append((tmp,i))
i = len(program)
i+=1
if flag:
return pair_brackets(program, pairs)
else:
return pairs
def get_cb(pairs,index): #get corresponding bracket, given an index. returns -1 if no such corresponding bracket exists
for c in pairs:
if c[0] == index:
return c[1]
elif c[1] == index:
return c[0]
return -1
def bfuk(program):
pairs = []
program = del_incompat(program)
pairs = pair_brackets(program,[])
p = 0 #pointer in cell of integers
i = 0 #interpreter pointer
li = [0]*30000
ret = ''
while i < len(program):
if program[i] == "+":
li[p] += 1
elif program[i] == "-":
li[p] -= 1
elif program[i] == ">":
p += 1
elif program[i] == "<":
p -= 1
elif program[i] == ".":
ret = ret+(chr(li[p]))
elif program[i] == ",":
li[p] = ord(input())
elif program[i] == "[":
if li[p] == 0:
i=get_cb(pairs,i)
elif program[i] == "]":
if li[p] != 0:
i=get_cb(pairs,i)
i+=1
return ret
import binascii
import base64
import socket
import zlib
import bz2
dict = {'tedejmyixyj':'Do not wish it','oekhicybu':'Your smile','yqcqwhuqjuh':'I am a greater','yjyirujjuh':'It is better','ikssuiiyi':'Success is',
'jxqdaoek':'Thank you'}
def analyse(msg):
global curIndex
toRegexOn = ''
i = 0
while i<len(msg) and msg[i]<127:
toRegexOn = toRegexOn+chr(msg[i])
i = i+1
m = re.search("(.*)\n([^-]*)-",toRegexOn)
if m is not None:
type = m.group(2)
data = msg[len(m.group(1))+len(type)+2:-1]
print(data)
if type=='bina':
toWorkOn = data.decode('ascii')
groups = re.findall('[01]{8}',toWorkOn)
ret = ''
for i in groups:
ret = ret+chr(int(i,2))
return ret.encode('ascii')
elif type=='ba16':
return base64.b16decode(data)
elif type=='ba32':
return base64.b32decode(data)
elif type=='ba64':
return base64.b64decode(data)
elif type=='ebcd':
return data.decode('cp500').encode('ascii')
elif type=='revs':
return data.decode('ascii')[::-1].encode('ascii')
elif type=='roti':
tmp = data.decode('ascii')
res = ''
for i in tmp:
if i>='a':
res = res+chr(ord('a')+((ord(i)-ord('a')+13)%26))
elif i>='A' and i<='Z':
res = res+chr(ord('A')+((ord(i)-ord('A')+13)%26))
else:
res = res+i
return res.encode('ascii')
elif type=='ro42':
if data.decode('ascii') in dict:
res = dict[data.decode('ascii')]
else:
res = input()
return res.encode('ascii')
elif type=='zlib':
return zlib.decompress(data)
elif type=='bz2c':
return bz2.decompress(data)
elif type=='bfuk':
return bfuk(data.decode('ascii')).encode('ascii')
elif type=='hexa':
return binascii.unhexlify(data)
return '\n'.encode('ascii')
TCP_IP = '52.91.163.151'
TCP_PORT = 30303
BUFFER_SIZE = 1024
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((TCP_IP, TCP_PORT))
buf = s.recv(BUFFER_SIZE)
print(buf)
j=0
buf = '0'.encode('ascii')
while buf != ''.encode('ascii'):
buf = s.recv(BUFFER_SIZE)
print(buf)
buf = s.recv(BUFFER_SIZE)
print(buf)
s.send(analyse(buf))
j = j+1
The server gave us the string “666p61677o6433633064696r675s69735s656173795s4p4s4p7q20”.
Using a rot13: “666c61677b6433633064696e675f69735f656173795f4c4f4c7d20”.
De-hexed : “flag{d3c0ding_is_easy_LOL}”.
Flag was “flag{d3c0ding_is_easy_LOL}“.