[ECSC Quals 2019] [Misc 102 – qrcode] Write UpDescription
QR Codes everywhere!
nc challenges.ecsc-teamfrance.fr 3001
Resolution
When connecting to the challenge we got:
Programming challenge --------------------- I will send you a PNG image compressed by zlib encoded in base64 that contains 64 encoded numbers. The expected answer is the sum of all the numbers (in decimal). You have 2 seconds. Are you ready? [Y/N] >> y eJztvQtUU2e+PuxMW21ta8fT2qIxOvPZqRWrDqUYIWxoxxmo2EIpbJBApJ0UUwGDdJvEJFymWutM S/BURYokO7VR0R0S5E4SLqPThsolW9QkhFzAYtmQhAQMSbjnvzd2es6sb61vff/zTc466/+1a9m1 E17x3fv93Z7nfX7v/us78bFPr1y3ctmyZU/vefMP7y5b9sSviD+P/xL/pugPz763bNkXvXv+8Eby [...] R076zki+2JmVg12utolt+HO/gJ7ZmQWq22yvyGihg5feNpYiTLXvTPPeyjqSf7bPzb0LdRX8/V80 7/94AHh6aHv45bKXh0n/td/xL5vM/x9+0eKy+TA/0DKvTCA+7vlj/B8Uv3/v2P8CrWOHGw== What is you answer? >>
The image was 8×8 qrcodes:
All the solutions we’ve seen were to slit & scan each qrcode, what if you retrieve all the qrcodes in one pass? 🙂
It’s the default behavior of ZBarSymbol from pyzbar (doc).
#!/usr/bin/python3
from pwn import *
import base64
import zlib
from io import BytesIO
from pyzbar.pyzbar import decode, ZBarSymbol
from PIL import Image
conn = remote('challenges.ecsc-teamfrance.fr',3001)
conn.recvuntil('Are you ready? [Y/N]', drop=True)
conn.sendline('Y')
data = conn.recvuntil('What is you answer?', drop=True)
data = zlib.decompress(base64.b64decode(data))
qrcodes = decode(Image.open(BytesIO(data)), symbols=[ZBarSymbol.QRCODE])
qrsum = 0
for qrcode in qrcodes:
qrsum += int(qrcode[0])
conn.sendline(str(qrsum))
conn.interactive()
Flag was ECSC{e076963c132ec49bce13d47ea864324326d4cefa}