English [Internetwache CTF 2016] [Misc 50 – The Hidden Message] Write Up

Description

My friend really can’t remember passwords. So he uses some kind of obfuscation. Can you restore the plaintext?

Attachment: misc50.zip

Resolution

The archive contains a README.txt file.

0000000 126 062 126 163 142 103 102 153
        142 062 065 154 111 121 157 113
0000020 122 155 170 150 132 172 157 147
        123 126 144 067 124 152 102 146
0000040 115 107 065 154 130 062 116 150
        142 154 071 172 144 104 102 167
0000060 130 063 153 167 144 130 060 113
        012
0000071

We can directly notice that the above file is an hexdump. The characteristic of this hexdump is that all the numbers shown are not exceeding 177, which is 0x7f, if we consider the numbers are octal. We can then guess these values correspond to printable ASCII characters.
After reversing the hexdump, we notice that the result seems like base64.

Here is the final script used to reverse this hexdump, and get the flag:

str="$(
for i in $(cat README.txt); do
	echo $i; # spaces to linefeeds
done | grep -E "^[0-7]{3}$" # we keep only octal values
)";
pass="$(
for i in $str; do
	python <<< "print chr(int('$i',8))"; # from octal to ascii char
done
)";
echo $pass | tr -d " " | base64 -d; # base64 decoding after removing spaces

What the script displays:

vic511@vic511:~/ctfs/internetwache2k16/misc50$ ./decode.sh 
Well done!

Flag: IW{N0_0ne_can_st0p_y0u}

Here we go !
IW{N0_0ne_can_st0p_y0u}

Leave a Reply

Your email address will not be published.