Press "Enter" to skip to content

Tag: CTF-Crypto

CTF question type – Crypto.

[CSAW2017] baby_crypt

Solution In this question, the socket service will be based on our input and append the flag in the end to do aes cbc encryption.   In AES ecb mod encryption, each block is 16bytes (32 hex). For example: Block1 Block2 Block3 aaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbb cccccccccccccccc   If there are not 16 bytes, it will use the padding to fill in. For example: Block1 Block2 Block3 aaaaaaaaaaaaaaaa bbbbbbbbbbbbbbbb ccccccccc0000000   In this question, the blocks will be like this: Block1 Block2 Block3 inputinputinputi flag{xxxxxxxxxx xxxxxxxxxxxxxxx}   So we can control the value of block1. What if we just input 15 character as out input? The first character of flag will be stored in Block1: Block1 Block2 Block3 inputinputinputf lag{xxxxxxxxxxx xxxxxxxxxxxxxx}0   So, we can make the block like this to brute force the flag: Block1 Block2 Block3 … aaaaaaaaaaaaaaaX aaaaaaaaaaaaaaaf lag{xxxxxxxxxxx … Block1 Block2 Block3 … aaaaaaaaaaaaaafX aaaaaaaaaaaaaafl ag{xxxxxxxxxxxx … Block1 Block2 Block3 … aaaaaaaaaaaaaflX aaaaaaaaaaaaafla g{xxxxxxxxxxxxx …   To test all printable value in X. If Block1 equals to Block2. Which means the first characters are correct. Based on this concept, i wrote a script to test it automatically.

Leave a Comment

[CTF(x)]λ – 50pts

Description: I used this program to encrypt a flag. The output was: n1s4_t1An([email protected]_h3)m3lp3y__Eas λ.py: print (lambda j,m:(lambda f,t:t if len(t) <= 1 elsej([f(f,x)for x in m(j,m(reversed,(lambdas:zip(*[iter(s)]*(len(s)/2)))(t+”x01″*(len(t)%2))))]))(lambdaf,t:t if len(t) <= 1 else j([f(f,x)for x inm(j,m(reversed,(lambda s:zip(*[iter(s)]*(len(s)/2)))(t+”x01″*(len(t)%2))))]),raw_input(“Plaintext:”)))(”.join,map).replace(“x01″,””) Solution: 我看到這麼一堆東西是完全不想追算法的 , 那就不追好了 , 直接暴力破之 首先我使用以上的算法加密: 1234567890abcdfghijklmnopqrstuvwxyz 結果得出 cbd0aihfg435129867vuwstzxymlnjkrqop 看來只是把次序調了 , 所以得出以下算法 運行後得出 ctf([email protected]_1nsAn1ty_pl3asE_h3lp_m3)

Comments closed

[IceCTF2016]Substituted – 30pt

Question: Lw! Gyzvecy ke WvyVKT! W’zz by reso dsbdkwksky tzjq teo kly ujr. Teo keujr, gyjoy dksurwmq bjdwv vorakeqojalr jmu wkd jaazwvjkwemd. Vorakeqojalrljd j zemq lwdkeor, jzklesql gwkl kly juxymk et vecaskyod wk ljdqekkym oyjzzr vecazwvjkyu. Decy dwcazy ezu vwalyod joy kly Vjydjovwalyo, kly Xwqymyoy vwalyo, kly dsbdkwkskwem vwalyo, glwvl wd klwdemy, jmu de em. Jzcedk jzz et klydy vwalyod joy yjdwzr boeiym keujrgwkl kly lyza et vecaskyod. Decy myg ymvorakwem cykleud joy JYD,kly vsooymk dkjmujou teo ymvorakwem, jzemq gwkl ODJ. Vorakeqojalrwd j xjdk twyzu jmu wd xyor wmkyoydkwmq klesql. De iwvi bjvi, oyjusa em decy veez vwalyod jmu ljxy tsm! El jmu teo reso oyveoud cr mjcy wd WvyVKT{jzgjrd_zwdkym_ke_reso_dsbdkwksky_tzjqd}. Solution: 這明顯是要考我的解密能力 首先看到的是 WvyVKT{jzgjrd_zwdkym_ke_reso_dsbdkwksky_tzjqd} 這是Flag的格式 , 第一步很明顯得出 w = i , v =c , y =e , V = C , 咦原來大細楷所對應的是一樣的 , 所以 w = i , v =c , y = e, k = t , t = f 然後根據上面資料 , 我們可以開始猜第一行 Lw! = _ _! Gyzvecy ke WvyVKT! = _e_c__et_ IceCTF 根據前文後理可以得出 這句是 Welcome to IceCTF, 所以 g = w , z = l , e = o , c = m 然後我繼續看 , 解不下去了 , 先看看整篇文章再說 發現j會單獨出現 , 經常單獨出現的只有a , 所以推論 j =a , 先找找有a的字再說 找到joy , 跟據上面得出 , a_e , 估計o = r 找到 gwkl , 得出 wit_ , 推論 l = h 找到ljd , 得出ha_ , 推論 d = s 找到 de em , 得出 so o_ , 推論 m = n(so on) jzklesql = altho_ _h , 推論 s = u ,q =…

Comments closed

[IceCTF2016]Alien Message – 40pt

Question: Solution: 一開始看到這圖片時 , 以為是跟第一條那樣慢慢猜 可是猜了半個多小時開始覺得有點不對勁 , 所以就在網上查了一下資料 找到了原來是乃出個未來中的密碼加密方式 所以答案就是 IceCTF{gOOd_n3wZ_3vERYoN3_1_L1k3_fU7ur4Ma_4nd_tH3iR_4MaZ1ng_3As7eR_39G5}

Comments closed

[IceCTF2016]RSA? – 60pt

Question: N=0x180be86dc898a3c3a710e52b31de460f8f350610bf63e6b2203c08fddad44601d96eb454a34dab7684589bc32b19eb27cffff8c07179e349ddb62898ae896f8c681796052ae1598bd41f35491175c9b60ae2260d0d4ebac05b4b6f2677a7609c2fe6194fe7b63841cec632e3a2f55d0cb09df08eacea34394ad473577dea5131552b0b30efac31c59087bfe603d2b13bed7d14967bfd489157aa01b14b4e1bd08d9b92ec0c319aeb8fedd535c56770aac95247d116d59cae2f99c3b51f43093fd39c10f93830c1ece75ee37e5fcdc5b174052eccadcadeda2f1b3a4a87184041d5c1a6a0b2eeaa3c3a1227bc27e130e67ac397b375ffe7c873e9b1c649812edcd c=0x4963654354467b66616c6c735f61706172745f736f5f656173696c795f616e645f7265617373656d626c65645f736f5f63727564656c797d Solution: 郁悶得很 , 計算了數小時.. 然後直接拿著c 由hex 轉換成文字.. flag出來了我草

Comments closed

[IceCTF2016]RSA2 – 90pt

Question: N=0xee290c7a603fc23300eb3f0e5868d056b7deb1af33b5112a6da1edc9612c5eeb4ab07d838a3b4397d8e6b6844065d98543a977ed40ccd8f57ac5bc2daee2dec301aac508f9befc27fae4a2665e82f13b1ddd17d3a0c85740bed8d53eeda665a5fc1bed35fbbcedd4279d04aa747ac1f996f724b14f0228366aeae34305152e1f430221f9594497686c9f49021d833144962c2a53dbb47bdbfd19785ad8da6e7b59be24d34ed201384d3b0f34267df4ba8b53f0f4481f9bd2e26c4a3e95cd1a47f806a1f16b86a9fc5e8a0756898f63f5c9144f51b401ba0dd5ad58fb0e97ebac9a41dc3fb4a378707f7210e64c131bca19bd54e39bbfa0d7a0e7c89d955b1c9f e=0x10001 c=0x3dbf00a02f924a70f44bdd69e73c46241e9f036bfa49a0c92659d8eb0fe47e42068eaf156a9b3ee81651bc0576a91ffed48610c158dc8d2fb1719c7242704f0d965f8798304925a322c121904b91e5fc5eb3dc960b03eb8635be53b995217d4c317126e0ec6e9a9acfd5d915265634a22a612de962cfaa2e0443b78bdf841ff901423ef765e3d98b38bcce114fede1f13e223b9bd8155e913c8670d8b85b1f3bcb99353053cdb4aef1bf16fa74fd81e42325209c0953a694636c0ce0a19949f343dc229b2b7d80c3c43ebe80e89cbe3a3f7c867fd7cee06943886b0718a4a3584c9d9f9a66c9de29fda7cfee30ad3db061981855555eeac01940b1924eb4c301 Solution: 1.首先找出N 10進制的值 code: print int(‘180be86dc898a3c3a710e52b31de460f8f350610bf63e6b2203c08fddad44601d96eb454a34dab7684589bc32b19eb27cffff8c07179e349ddb62898ae896f8c681796052ae1598bd41f35491175c9b60ae2260d0d4ebac05b4b6f2677a7609c2fe6194fe7b63841cec632e3a2f55d0cb09df08eacea34394ad473577dea5131552b0b30efac31c59087bfe603d2b13bed7d14967bfd489157aa01b14b4e1bd08d9b92ec0c319aeb8fedd535c56770aac95247d116d59cae2f99c3b51f43093fd39c10f93830c1ece75ee37e5fcdc5b174052eccadcadeda2f1b3a4a87184041d5c1a6a0b2eeaa3c3a1227bc27e130e67ac397b375ffe7c873e9b1c649812edcd’,16) output: 30064958471180141352963255964320727764941087854957385562672821662319854021395100968823341108075020928542437446993994119863902565874355296188498304761389336438421889636409561936141985786801002923752627293790265351723795968412774268086467114263767947693310444934316205390814185802517514694528501333851255084653925181726978734804806707740444755908398751964899143494522781405457103697373868972836201511424363601490903086488506985489526910314474245106338585623571369549388434865567951986866445306840505397268281889886738015891982162371413136885989746931929787765617838750381226036784122498143172854419447324975505933540511 2.找出p , q 根據公式 , ϕ(N)=ϕ(p)ϕ(q)=(p−1)(q−1) 故使用此網站進行分解找出pq Factordb , 得出 p = 57970027 q=518629368090170828331048663550229634444384299751272939077168648935075604180676006392464524953128293842996441022771890719 731811852948684950388211907532651941639114462313594608747413310447500790775078081191686616804987790818396104388332734677 935684723647108960882771460341293023764117182393730838418468480006985768382115446225422781116531906323045161803441960506 496275763429558238732127362521949515590606221409745127192859630468854653290302491063292735496286233738504010613373838035 073995140744724948933839238851600638652315655508861728439180988253324943039367876070687033249730660337593825389358874152 757864093 3.生成private key(d) 根據公式 e⋅d≡1(modlcm(p−1,q−1)) 我們可以使用rsatool透過 p 和 q找出 d python rsatool.py -p 57970027 -q 518629368090170828331048663550229634444384299751272939077168648935075604180676006392464524953128293842996441022771890719731811852948684950388211907532651941639114462313594608747413310447500790775078081191686616804987790818396104388332734677935684723647108960882771460341293023764117182393730838418468480006985768382115446225422781116531906323045161803441960506496275763429558238732127362521949515590606221409745127192859630468854653290302491063292735496286233738504010613373838035073995140744724948933839238851600638652315655508861728439180988253324943039367876070687033249730660337593825389358874152757864093 -o priv.key 最後找出 n = ee290c7a603fc23300eb3f0e5868d056b7deb1af33b5112a6da1edc9612c5eeb4ab07d838a3b4397 d8e6b6844065d98543a977ed40ccd8f57ac5bc2daee2dec301aac508f9befc27fae4a2665e82f13b 1ddd17d3a0c85740bed8d53eeda665a5fc1bed35fbbcedd4279d04aa747ac1f996f724b14f022836 6aeae34305152e1f430221f9594497686c9f49021d833144962c2a53dbb47bdbfd19785ad8da6e7b 59be24d34ed201384d3b0f34267df4ba8b53f0f4481f9bd2e26c4a3e95cd1a47f806a1f16b86a9fc 5e8a0756898f63f5c9144f51b401ba0dd5ad58fb0e97ebac9a41dc3fb4a378707f7210e64c131bca 19bd54e39bbfa0d7a0e7c89d955b1c9f e = 65537 (0x10001) d = 9186c78d098af6815622ea9901cf84a89ead578a6dbdded7d7fc63531756239dc586501216fc2e4b d1a8cee7e62284d16d91195f356d733a52dff011ebc3bf1e5d62af54d0455ea2f6ec948f45f34931 f5b0b4478b16c66951a95d2f069a6c8867a6bc673c8e40052a54dbc5c1aeacbbfae7cad150a4f41e f4a02b1c97d70636ae187ed3c45f2551696a6a1172ae4089e033fb4853057c0f1e227d71ccf24fb2 7073ca4fe4ac3744dfed2cd7763c47ac4ae4d42820a19d68961bc103bb9016197463875169d062b4 5807e2e86aa17fa65e3088cc75ef35f984d0ca92d4c9270c2e694eb1f5df16b7ebe32b5c1d26086d 6aac5fe327288f2904cb54164db39151 p = 57970027 (0x3748d6b) q = 44ed2b294274f82e2aca3f111bb159821c9c403162f25e35a4b1c04da8d6daa560351af288cc9c4c 85a02ec072ed7f9dbe63d09d6e98131b0bd76e3622c09bd83a9f98821b0806c986195a2ceae21d1b f7afc717502376823731cfda3eb77ef2c91272ae5dc2b973ba4fefb706cc99e6e4e9dcbac8a6ae7d de9919be822429a56b009897c3282876419d74f4622e09853deaad858f3cbf490c2367524913ebb7 f2a6b16712cb75a98b32d4dbb4469ccf8a46179e1c6db775dbc049b291da1a1e879d4cec1b515b26 da134f38220951d6d2fbbf44f62d4468e69ac8c97d9830771bea7bc7f866d3afc2f14c500be64128 3ef09b3d42a44a91ec1fc7a69d 4.直接解出c 有了n , d , c 我們可以直接解密了 import sys import binascii if __name__ == “__main__”: flag = 0x3dbf00a02f924a70f44bdd69e73c46241e9f036bfa49a0c92659d8eb0fe47e42068eaf156a9b3ee81651bc0576a91ffed48610c158dc8d2fb1719c7242704f0d965f8798304925a322c121904b91e5fc5eb3dc960b03eb8635be53b995217d4c317126e0ec6e9a9acfd5d915265634a22a612de962cfaa2e0443b78bdf841ff901423ef765e3d98b38bcce114fede1f13e223b9bd8155e913c8670d8b85b1f3bcb99353053cdb4aef1bf16fa74fd81e42325209c0953a694636c0ce0a19949f343dc229b2b7d80c3c43ebe80e89cbe3a3f7c867fd7cee06943886b0718a4a3584c9d9f9a66c9de29fda7cfee30ad3db061981855555eeac01940b1924eb4c301 n = 0xee290c7a603fc23300eb3f0e5868d056b7deb1af33b5112a6da1edc9612c5eeb4ab07d838a3b4397d8e6b6844065d98543a977ed40ccd8f57ac5bc2daee2dec301aac508f9befc27fae4a2665e82f13b1ddd17d3a0c85740bed8d53eeda665a5fc1bed35fbbcedd4279d04aa747ac1f996f724b14f0228366aeae34305152e1f430221f9594497686c9f49021d833144962c2a53dbb47bdbfd19785ad8da6e7b59be24d34ed201384d3b0f34267df4ba8b53f0f4481f9bd2e26c4a3e95cd1a47f806a1f16b86a9fc5e8a0756898f63f5c9144f51b401ba0dd5ad58fb0e97ebac9a41dc3fb4a378707f7210e64c131bca19bd54e39bbfa0d7a0e7c89d955b1c9f d = 0x9186c78d098af6815622ea9901cf84a89ead578a6dbdded7d7fc63531756239dc586501216fc2e4bd1a8cee7e62284d16d91195f356d733a52dff011ebc3bf1e5d62af54d0455ea2f6ec948f45f34931f5b0b4478b16c66951a95d2f069a6c8867a6bc673c8e40052a54dbc5c1aeacbbfae7cad150a4f41ef4a02b1c97d70636ae187ed3c45f2551696a6a1172ae4089e033fb4853057c0f1e227d71ccf24fb27073ca4fe4ac3744dfed2cd7763c47ac4ae4d42820a19d68961bc103bb9016197463875169d062b45807e2e86aa17fa65e3088cc75ef35f984d0ca92d4c9270c2e694eb1f5df16b7ebe32b5c1d26086d6aac5fe327288f2904cb54164db39151 c = 0x3dbf00a02f924a70f44bdd69e73c46241e9f036bfa49a0c92659d8eb0fe47e42068eaf156a9b3ee81651bc0576a91ffed48610c158dc8d2fb1719c7242704f0d965f8798304925a322c121904b91e5fc5eb3dc960b03eb8635be53b995217d4c317126e0ec6e9a9acfd5d915265634a22a612de962cfaa2e0443b78bdf841ff901423ef765e3d98b38bcce114fede1f13e223b9bd8155e913c8670d8b85b1f3bcb99353053cdb4aef1bf16fa74fd81e42325209c0953a694636c0ce0a19949f343dc229b2b7d80c3c43ebe80e89cbe3a3f7c867fd7cee06943886b0718a4a3584c9d9f9a66c9de29fda7cfee30ad3db061981855555eeac01940b1924eb4c301 m = hex(pow(c,d,n)).rstrip(“L”) print m print binascii.unhexlify(m[2:]) IceCTF{next_time_check_your_keys_arent_factorable} 參考: http://crypto.stackexchange.com/questions/1713/calculating-private-keys-in-the-rsa-cryptosystem https://tenshine.gitbooks.io/topctf/content/chapter5/crypto/rsa.html https://0x90r00t.com/2015/09/20/ekoparty-pre-ctf-2015-cry100-rsa-2070-write-up/

Comments closed

[IceCTF2016]RSA – 60pt

Question: N=0x1564aade6f1b9f169dcc94c9787411984cd3878bcd6236c5ce00b4aad6ca7cb0ca8a0334d9fe0726f8b057c4412cfbff75967a91a370a1c1bd185212d46b581676cf750c05bbd349d3586e78b33477a9254f6155576573911d2356931b98fe4fec387da3e9680053e95a4709934289dc0bc5cdc2aa97ce62a6ca6ba25fca6ae38c0b9b55c16be0982b596ef929b7c71da3783c1f20557e4803de7d2a91b5a6e85df64249f48b4cf32aec01c12d3e88e014579982ecd046042af370045f09678c9029f8fc38ebaea564c29115e19c7030f245ebb2130cbf9dc1c340e2cf17a625376ca52ad8163cfb2e33b6ecaf55353bc1ff19f8f4dc7551dc5ba36235af9758b e=0x10001 phi=0x1564aade6f1b9f169dcc94c9787411984cd3878bcd6236c5ce00b4aad6ca7cb0ca8a0334d9fe0726f8b057c4412cfbff75967a91a370a1c1bd185212d46b581676cf750c05bbd349d3586e78b33477a9254f6155576573911d2356931b98fe4fec387da3e9680053e95a4709934289dc0bc5cdc2aa97ce62a6ca6ba25fca6ae366e86eed95d330ffad22705d24e20f9806ce501dda9768d860c8da465370fc70757227e729b9171b9402ead8275bf55d42000d51e16133fec3ba7393b1ced5024ab3e86b79b95ad061828861ebb71d35309559a179c6be8697f8a4f314c9e94c37cbbb46cef5879131958333897532fea4c4ecd24234d4260f54c4e37cb2db1a0 d=0x12314d6d6327261ee18a7c6ce8562c304c05069bc8c8e0b34e0023a3b48cf5849278d3493aa86004b02fa6336b098a3330180b9b9655cdf927896b22402a18fae186828efac14368e0a5af2c4d992cb956d52e7c9899d9b16a0a07318aa28c8202ebf74c50ccf49a6733327dde111393611f915f1e1b82933a2ba164aff93ef4ab2ab64aacc2b0447d437032858f089bcc0ddeebc45c45f8dc357209a423cd49055752bfae278c93134777d6e181be22d4619ef226abb6bfcc4adec696cac131f5bd10c574fa3f543dd7f78aee1d0665992f28cdbcf55a48b32beb7a1c0fa8a9fc38f0c5c271e21b83031653d96d25348f8237b28642ceb69f0b0374413308481 c=0x126c24e146ae36d203bef21fcd88fdeefff50375434f64052c5473ed2d5d2e7ac376707d76601840c6aa9af27df6845733b9e53982a8f8119c455c9c3d5df1488721194a8392b8a97ce6e783e4ca3b715918041465bb2132a1d22f5ae29dd2526093aa505fcb689d8df5780fa1748ea4d632caed82ca923758eb60c3947d2261c17f3a19d276c2054b6bf87dcd0c46acf79bff2947e1294a6131a7d8c786bed4a1c0b92a4dd457e54df577fb625ee394ea92b992a2c22e3603bf4568b53cceb451e5daca52c4e7bea7f20dd9075ccfd0af97f931c0703ba8d1a7e00bb010437bb4397ae802750875ae19297a7d8e1a0a367a2d6d9dd03a47d404b36d7defe8469 Solution: 沒東西需要做 import sys import binascii if __name__ == “__main__”: n =0x1564aade6f1b9f169dcc94c9787411984cd3878bcd6236c5ce00b4aad6ca7cb0ca8a0334d9fe0726f8b057c4412cfbff75967a91a370a1c1bd185212d46b581676cf750c05bbd349d3586e78b33477a9254f6155576573911d2356931b98fe4fec387da3e9680053e95a4709934289dc0bc5cdc2aa97ce62a6ca6ba25fca6ae38c0b9b55c16be0982b596ef929b7c71da3783c1f20557e4803de7d2a91b5a6e85df64249f48b4cf32aec01c12d3e88e014579982ecd046042af370045f09678c9029f8fc38ebaea564c29115e19c7030f245ebb2130cbf9dc1c340e2cf17a625376ca52ad8163cfb2e33b6ecaf55353bc1ff19f8f4dc7551dc5ba36235af9758b d =0x12314d6d6327261ee18a7c6ce8562c304c05069bc8c8e0b34e0023a3b48cf5849278d3493aa86004b02fa6336b098a3330180b9b9655cdf927896b22402a18fae186828efac14368e0a5af2c4d992cb956d52e7c9899d9b16a0a07318aa28c8202ebf74c50ccf49a6733327dde111393611f915f1e1b82933a2ba164aff93ef4ab2ab64aacc2b0447d437032858f089bcc0ddeebc45c45f8dc357209a423cd49055752bfae278c93134777d6e181be22d4619ef226abb6bfcc4adec696cac131f5bd10c574fa3f543dd7f78aee1d0665992f28cdbcf55a48b32beb7a1c0fa8a9fc38f0c5c271e21b83031653d96d25348f8237b28642ceb69f0b0374413308481 c =0x126c24e146ae36d203bef21fcd88fdeefff50375434f64052c5473ed2d5d2e7ac376707d76601840c6aa9af27df6845733b9e53982a8f8119c455c9c3d5df1488721194a8392b8a97ce6e783e4ca3b715918041465bb2132a1d22f5ae29dd2526093aa505fcb689d8df5780fa1748ea4d632caed82ca923758eb60c3947d2261c17f3a19d276c2054b6bf87dcd0c46acf79bff2947e1294a6131a7d8c786bed4a1c0b92a4dd457e54df577fb625ee394ea92b992a2c22e3603bf4568b53cceb451e5daca52c4e7bea7f20dd9075ccfd0af97f931c0703ba8d1a7e00bb010437bb4397ae802750875ae19297a7d8e1a0a367a2d6d9dd03a47d404b36d7defe8469 m =hex(pow(c,d,n)).rstrip(“L”) print m printbinascii.unhexlify(m[2:]) IceCTF{rsa_is_awesome_when_used_correctly_but_horrible_when_not}

Comments closed

[SCTF]Verticode – 90

題目: Welcome to Verticode,the new method of translating text into verticalcodes.Each verticode has twoparts:the color shift andthe code.The code takes the inputted character and translates it into anASCII code, and then into binary, then puts that into an image inwhich each black pixel representsa 1 andeach white pixel represents a 0.For example, A is 65 whichis 1000001 inbinary, B is 66 whichis 1000010,and C is 67 whichis 1000011,so the corresponding verticode would looklike this.Except, it isn’t that simple.A color shift is also integrated, which means that the color beforeeach verticode shifts the ASCII code, by adding the number that thecolor corresponds to, before translating it into binary. In thatcase, the previous verticode could also looklike this.The table for the color codes is:0 = Red1 = Purple2 = Blue3 = Green4 = Yellow5 = OrangeThis means that a red color shift for theletter A,which is 65 + 0 = 65,would translate into 1000001 inbinary; however, a green color shift for theletter A,which is 65 + 3 = 68,would translate into 1000100 inbinary.Given thisverticode,read the verticode into text and find the flag.Note that the flag will not be in thetypical sctf{flag} format,but will be painfully obvious text. Once you find this text, youwill submit it in the sctf{text} format.So, if the text you find is adunnaisawesome,you will submit it as sctf{adunnaisawesome}. https://compete.sctf.io/2016q1/problemfiles/26/code1.png 解法: 跟據以上規則 , 我得出以下算法

Comments closed

[TJCTF2016]One-Time Subtraction – 20

問題: I encrypted this flag with a one time subtraction, but myfriend says it’s not secure because my key is only one byte. Canyou check if this is secure? Cipher.txt: 241 231 224 241 227 248 173 235 176 220 223 246241 176 220 174 240 220 235 173 241 220 176 235 173 242 228 229 250135 解法: 數字堆中有2個241, 正好對應 tjctf 中的t 所以可以得出 241 = t 而以數字加減加密文字的很可能是使用ascii 在ascii中, t的值為116 241 – 116 = 125 跟據這 , 我得出以下算法 tjctf{0n3_byt3_1s_n0t_3n0ugh}

Comments closed

[TJCTF2016]Znzarmt Mvd Hproo – 10

題目: gqxgu{m0g_z_xz3h4i_x1ks3i} 解法: Youtube的影片中有了很大的提示 , 裡面的人把字母歌倒轉唱了 所以我要解的是 gqxgu{m0g_z_xz3h4i_x1ks3i} 這段文字 Flag的格式是 tjctf{flag} , 而密文中 g 正好是t的位置 所以我們可以推斷出 t = g abcdefghijklmnopqrstuvwxyz 順序數的時候g的位置是7 , 而t正好是反過來數的第7個位 所以我得出以下算法 tjctf{n0t_a_ca3s4r_c1ph3r}

Comments closed