{"id":1410,"date":"2015-09-29T01:14:38","date_gmt":"2015-09-28T23:14:38","guid":{"rendered":"https:\/\/0x90r00t.com\/fr\/?p=1410"},"modified":"2015-09-29T01:35:06","modified_gmt":"2015-09-28T23:35:06","slug":"trend-micro-2015-programming-200-write-up","status":"publish","type":"post","link":"https:\/\/0x90r00t.com\/fr\/2015\/09\/29\/trend-micro-2015-programming-200-write-up\/","title":{"rendered":"[Trend Micro 2015] [Programming 200] Write-Up"},"content":{"rendered":"

Description<\/h2>\n

Calculate it.
\nnc ctfquest.trendmicro.co.jp 51740<\/p><\/blockquote>\n

<\/p>\n

Resolution<\/h2>\n

La r\u00e8gle est simple, il faut calculer ce que le serveur nous donne comme calculs.<\/p>\n

Au d\u00e9but \u00e7a commence par de simples op\u00e9rations, puis avec des nombres n\u00e9gatifs, puis des virgules pour s\u00e9parer les centaines des milliers, puis des grands nombres, puis .. DES NOMBRES ROMAINS ?! puis … DES NOMBRES ECRITS DE TOUTES LETTRES EN ANGLAIS ?! puis … LE TOUT m\u00e9lang\u00e9 ?!!! C’est presque du sadisme l\u00e0 \ud83d\ude09<\/p>\n

Alors on code :<\/p>\n

\r\n<?php\r\n\/\/ Pour convertir les nombres romains en INT\r\n\/\/ From http:\/\/stackoverflow.com\/questions\/1077600\/converting-words-to-numbers-in-php#answer-11219737\r\nfunction roman($roman) {\r\n$romans = array(\r\n    'M' => 1000,\r\n    'CM' => 900,\r\n    'D' => 500,\r\n    'CD' => 400,\r\n    'C' => 100,\r\n    'XC' => 90,\r\n    'L' => 50,\r\n    'XL' => 40,\r\n    'X' => 10,\r\n    'IX' => 9,\r\n    'V' => 5,\r\n    'IV' => 4,\r\n    'I' => 1,\r\n);\r\n\r\n$result = 0;\r\n\r\nforeach ($romans as $key => $value) {\r\n    while (strpos($roman, $key) === 0) {\r\n        $result += $value;\r\n        $roman = substr($roman, strlen($key));\r\n    }\r\n}\r\nreturn $result;\r\n}\r\n\r\n\/\/ Pour convertir les nombres anglais en INT\r\n\/\/ From http:\/\/stackoverflow.com\/questions\/6265596\/how-to-convert-a-roman-numeral-to-integer-in-php#answer-6266158\r\nfunction wordsToNumber($data) {\r\n    \/\/ Replace all number words with an equivalent numeric value\r\n    $data = strtr(\r\n        $data,\r\n        array(\r\n            'zero'      => '0',\r\n            'a'         => '1',\r\n            'one'       => '1',\r\n            'two'       => '2',\r\n            'three'     => '3',\r\n            'four'      => '4',\r\n            'five'      => '5',\r\n            'six'       => '6',\r\n            'seven'     => '7',\r\n            'eight'     => '8',\r\n            'nine'      => '9',\r\n            'ten'       => '10',\r\n            'eleven'    => '11',\r\n            'twelve'    => '12',\r\n            'thirteen'  => '13',\r\n            'fourteen'  => '14',\r\n            'fifteen'   => '15',\r\n            'sixteen'   => '16',\r\n            'seventeen' => '17',\r\n            'eighteen'  => '18',\r\n            'nineteen'  => '19',\r\n            'twenty'    => '20',\r\n            'thirty'    => '30',\r\n            'forty'     => '40',\r\n            'fourty'    => '40', \/\/ common misspelling\r\n            'fifty'     => '50',\r\n            'sixty'     => '60',\r\n            'seventy'   => '70',\r\n            'eighty'    => '80',\r\n            'ninety'    => '90',\r\n            'hundred'   => '100',\r\n            'thousand'  => '1000',\r\n            'million'   => '1000000',\r\n            'billion'   => '1000000000',\r\n            'and'       => '',\r\n        )\r\n    );\r\n\r\n    \/\/ Coerce all tokens to numbers\r\n    $parts = array_map(\r\n        function ($val) {\r\n            return floatval($val);\r\n        },\r\n        preg_split('\/[\\s-]+\/', $data)\r\n    );\r\n\r\n    $stack = new SplStack; \/\/ Current work stack\r\n    $sum   = 0; \/\/ Running total\r\n    $last  = null;\r\n\r\n    foreach ($parts as $part) {\r\n        if (!$stack->isEmpty()) {\r\n            \/\/ We're part way through a phrase\r\n            if ($stack->top() > $part) {\r\n                \/\/ Decreasing step, e.g. from hundreds to ones\r\n                if ($last >= 1000) {\r\n                    \/\/ If we drop from more than 1000 then we've finished the phrase\r\n                    $sum += $stack->pop();\r\n                    \/\/ This is the first element of a new phrase\r\n                    $stack->push($part);\r\n                } else {\r\n                    \/\/ Drop down from less than 1000, just addition\r\n                    \/\/ e.g. "seventy one" -> "70 1" -> "70 + 1"\r\n                    $stack->push($stack->pop() + $part);\r\n                }\r\n            } else {\r\n                \/\/ Increasing step, e.g ones to hundreds\r\n                $stack->push($stack->pop() * $part);\r\n            }\r\n        } else {\r\n            \/\/ This is the first element of a new phrase\r\n            $stack->push($part);\r\n        }\r\n\r\n        \/\/ Store the last processed part\r\n        $last = $part;\r\n    }\r\n\r\n    return $sum + $stack->pop();\r\n}\r\n\r\n \/\/ Finalement notre code ;)\r\n $socket = fsockopen('ctfquest.trendmicro.co.jp', 51740);\r\n \r\n while (!feof($socket)) { \/\/ Tant qu'il y a des choses \u00e0 lire\r\n  $line = '';\r\n  while (($char = fgetc($socket)) != '=') { \/\/ On r\u00e9cup\u00e8re chaque caract\u00e8re tant qu'on n'arrive pas au signe \u00e9gal\r\n   $line .= $char;\r\n   echo $char;\r\n  }\r\n  fgetc($socket); \/\/ L'espace apr\u00e8s le \u00e9gal\r\n  \r\n  $calc = str_replace(',', '', rtrim($line, ' =')); \/\/ On vire la b\u00eatise de s\u00e9paration entre les centaines et les milliers\r\n  $calc = preg_replace_callback('#([A-Z]+)#', function($regs){ return roman($regs[1]); }, $calc); \/\/ On remplace les nombres romains par leur valeur en int\r\n  $calc = preg_replace_callback('#([a-z][a-z ]+)#', function($regs){ return wordsToNumber(trim($regs[1])).' '; }, $calc); \/\/ On remplace les nombre en toutes lettres par leur valeur en int\r\n  \r\n  $result = trim(shell_exec('echo '.escapeshellarg($calc).' | bc')); \/\/ On utilise bc pour calculer\r\n  \r\n  if ($result !== false) {\r\n   echo "$line = '$result'\\n";\r\n  \r\n   fputs($socket, $result."\\r\\n");\r\n  }\r\n }\r\n<\/pre>\n
Le flag est : TMCTF{U D1D 17!}<\/p>\n","protected":false},"excerpt":{"rendered":"
Description Calculate it. nc ctfquest.trendmicro.co.jp 51740<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,35,95],"tags":[99,96,100,54,55],"class_list":["post-1410","post","type-post","status-publish","format-standard","hentry","category-2015-fr","category-ctf-fr","category-trend-micro-2015-fr","tag-bc","tag-programmation","tag-romains","tag-php","tag-regexp"],"_links":{"self":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/comments?post=1410"}],"version-history":[{"count":3,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1410\/revisions"}],"predecessor-version":[{"id":1415,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/posts\/1410\/revisions\/1415"}],"wp:attachment":[{"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/media?parent=1410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/categories?post=1410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/0x90r00t.com\/fr\/wp-json\/wp\/v2\/tags?post=1410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}