{"id":1395,"date":"2015-09-29T00:15:44","date_gmt":"2015-09-28T22:15:44","guid":{"rendered":"https:\/\/0x90r00t.com\/fr\/?p=1395"},"modified":"2015-09-29T18:59:54","modified_gmt":"2015-09-29T16:59:54","slug":"trend-micro-2015-progamming-100-write-up","status":"publish","type":"post","link":"https:\/\/0x90r00t.com\/fr\/2015\/09\/29\/trend-micro-2015-progamming-100-write-up\/","title":{"rendered":"[Trend Micro 2015] [Progamming 100] Write-Up"},"content":{"rendered":"

Description<\/h2>\n

Click on the different color.<\/p><\/blockquote>\n

<\/p>\n

Resolution<\/h2>\n

Comme la description l’indiquait, il fallait cliquer sur le carr\u00e9 qui avait une couleur diff\u00e9rente des autres.<\/p>\n

Ca a commenc\u00e9 doucement avec 2×2 blocs, r\u00e9solvable humainement.<\/p>\n

Et \u00e0 chaque clic, la grille s’agrandissait et les couleurs devenaient de moins en moins distinguables.<\/p>\n

\"blocs<\/a> Puis (\u00e7a commence \u00e0 \u00eatre tendu) :<\/p>\n

\"blocs<\/a><\/p>\n

Voyant le nombre de possibilit\u00e9s s’accroitre, nous avons alors cod\u00e9 un outil pour r\u00e9soudre ce challenge :<\/p>\n

\r\n<?php\r\n $page = 'http:\/\/ctfquest.trendmicro.co.jp:43210\/click_on_the_different_color';\r\n $border = 3;\r\n \r\n while (true) {\r\n  $data = file_get_contents($page);\r\n  if (preg_match('#ocation\\.href=\\'\/(.+?)\\?#', $data, $regs)) {\r\n   $dest = $regs[1];\r\n   if (preg_match('#<img src="(.+?)"#', $data, $regs)) {\r\n    $img = imagecreatefrompng('http:\/\/ctfquest.trendmicro.co.jp:43210'.$regs[1]);\r\n    if ($img) {\r\n     $bordercolor = imagecolorat($img, 0, 0); \/\/ Couleur de la bordure\r\n     $colorref = imagecolorat($img, $border+1, $border+1); \/\/ Couleur du bloc apr\u00e8s la bordure\r\n\r\n     for ($i = 1; true; ++$i) { \/\/ Check de la taille du bloc\r\n      if (($color = imagecolorat($img, $border+$i, $border+1)) == $bordercolor) { \/\/ Si la couleur n'est pas celle de la bordure\r\n       $blocksize = $i; \/\/ Taille d'un bloc\r\n       $blocs = (imagesx($img)-$border)\/($blocksize+$border); \/\/ Nombre de blocs\r\n       echo "Size: $i\\nRef: $colorref\\nColor: $color\\nBorder: $bordercolor\\nBlocs: $blocs\\n"; \/\/ Debug\r\n       for ($x = 0; $x < $blocs; ++$x) { \/\/ Recherche du bloc diff\u00e9rent\r\n        for ($y = 0; $y < $blocs; ++$y) {\r\n         $rx = ($blocksize+$border)*$x+$border+1;\r\n         $ry = ($blocksize+$border)*$y+$border+1;\r\n         \r\n         $test = imagecolorat($img, $rx, $ry); \/\/ Couleur du bloc \u00e0 tester\r\n         \r\n         if ($test != $colorref) { \/\/ Si couleur diff\u00e9rente de la r\u00e9f\u00e9rence, bingo ?\r\n          echo "$rx \/ $ry : $test : $colorref\\n"; \/\/ Debug\r\n          $page = 'http:\/\/ctfquest.trendmicro.co.jp:43210\/'.$dest.'?x='.$rx.'&y='.$ry;\r\n          continue 4;\r\n         }\r\n        }\r\n       }\r\n       \r\n       break;\r\n      }\r\n     }\r\n    } else {\r\n     break;\r\n    }\r\n   }\r\n  } else {\r\n   echo $data;\r\n   break;\r\n  }\r\n }\r\n<\/pre>\n
Au bout de quelques secondes, jusqu’\u00e0 arriver \u00e0 80×80 blocs \u00e0 analyser, nous obtenons le flag !<\/p>\n
Le flag est : TMCTF{U must have R0807 3Y3s!}<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"
Description Click on the different color.<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,35,95],"tags":[98,97,96,54],"class_list":["post-1395","post","type-post","status-publish","format-standard","hentry","category-2015-fr","category-ctf-fr","category-trend-micro-2015-fr","tag-couleurs","tag-gd","tag-programmation","tag-php"],"_links":{"self":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/comments?post=1395"}],"version-history":[{"count":4,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1395\/revisions"}],"predecessor-version":[{"id":1434,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1395\/revisions\/1434"}],"wp:attachment":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/media?parent=1395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/categories?post=1395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/tags?post=1395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}