この大会は2017/9/30 21:00(JST)~2017/10/1 21:00(JST)に開催されました。
今回もチームで参戦。結果は902点で1011チーム中19位でした。
自分で解けた問題をWriteupとして書いておきます。
HEX Warm Up (Junior 1)
コードを見ながら、lock.isoをバイナリエディタで見ると、0x70バイト目から0x22Dバイト目までがbackup.zipであることがわかる。このzipを展開すると、index.txtに次のメッセージが書いてあった。
Hi man! This is your flag! DCTF{474dac08d29d013515a312d1a8460050634f9b3cb6a696a4c73652d1802a1872} You could do that as: buf = "" g = open("lock.iso", "r") buf += g.read() print buf buf = buf.encode('hex') print buf n = 7 * 32 buf = buf[n:] n = 31 * 32 n = n + 8 buf = buf[:n] print buf buf = buf.decode('hex') print buf f = open("sol.zip", "w") f.write(buf) f.close() g.close() Or my simple you could change the extension.
DCTF{474dac08d29d013515a312d1a8460050634f9b3cb6a696a4c73652d1802a1872}
Loyal book (Junior 2)
各ファイルの差分をつなげていく。
$ diff 0001.txt 0002.txt 2217c2217 < glimpse last summer at the Palais-Royal. Some of --- > glimpse last summer DC at the Palais-Royal. Some of $ diff 0001.txt 0003.txt 3745c3745 < benches ranged along the walls, and in the centre of --- > benches ranged along TFthe walls, and in the centre of $ diff 0001.txt 0004.txt 27559c27559 < And it must have been very strong to endure after --- > And it must h{ave been very strong to endure after $ diff 0001.txt 0005.txt 27559c27559 < And it must have been very strong to endure after --- > And it must have been 7ba61 very strong to endure after $ diff 0001.txt 0006.txt 5933c5933 < and Frederick, feeling sleepy, was in no great haste --- > and Frederick, feeling sleepy, wa0cc5ds in no great haste $ diff 0001.txt 0007.txt 18816c18816 < communicated to him ; and he had only two phrases : --- > communicated to him ; aa3966nd he had only two phrases : $ diff 0001.txt 0008.txt 25872c25872 < derstand. She longed for wealth, in order to crush --- > derstand. She longed fob7c64r wealth, in order to crush $ diff 0001.txt 0009.txt 24835c24835 < They all took advantage of the occasion to denounce --- > They all took advantage a81c3 of the occasion to denounce $ diff 0001.txt 0010.txt 749c749 < " Ha ! your chum ! " said Madame Moreau, with a --- > " Ha ! your chum ! " said Madame Morcfcdbeau, with a 769c769 < barely maintained him. Made bitter by continuous --- > barely maintained him. 1b1d0 Made bitter by continuous 3854c3854 < 82 GUSTAVE FLAUBERT --- > 82 GUSTAVE FLAUBERT 9e3de 7419c7419 < and the 'longshore-woman exclaimed : --- > and the 'longshore-woman exclaimed : 5ad11 9279c9279 < The advocate went on : --- > The advocate 89268 went on : 11727c11727 < ceive either. --- > ceive either. bf0e6 14277c14277 < places at which the principals in the duel were to --- > places at 18ff7 which the principals in the duel were to 20565c20565 < deur. --- > deur. 1f08}
DCTF{7ba610cc5da3966b7c64a81c3cfcdb1b1d09e3de5ad1189268bf0e618ff71f08}
Forgot my Key (Misc 400)
messageの一部のkeyの部分に注目して計算し、すべて16進数表記の文字になる鍵を探し、復号する。
$encrypted[72] = (($key[0] + $key[7] + $encrypted[71]) % 126) $encrypted[73] = (($key[1] + $key[8] + $encrypted[72]) % 126) $encrypted[74] = (($key[2] + $key[9] + $encrypted[73]) % 126) : $encrypted[101] = (($key[29] + $key[4] + $encrypted[100] ) % 126) $encrypted[102] = (($key[30] + $key[5] + $encrypted[101] ) % 126) $encrypted[103] = (($key[31] + $key[6] + $encrypted[102] ) % 126)
import string def decrypt(enc, key): dec = '' for i in range(1, len(enc)/2): dec += chr((int(enc[i*2:(i+1)*2], 16) - ord(key[(i-1)%len(key)]) - int(enc[(i-1)*2:i*2], 16)) % 126) return dec e = '5616f5962674d26741d2810600a6c5647620c4e3d2870177f09716b2379012c342d3b584c5672195d653722443f1c39254360007010381b721c741a532b03504d2849382d375c0d6806251a2946335a67365020100f160f17640c6a05583f49645d3b557856221b2' enc = '' for i in range(0, len(e), 2): e_part = e[i:i+2] enc += e_part[::-1] def decrypt(enc, key): dec = '' for i in range(1, len(enc)/2): dec += chr((int(enc[i*2:(i+1)*2], 16) - ord(key[(i-1)%len(key)]) - int(enc[(i-1)*2:i*2], 16)) % 126) return dec key_str = '' for h in string.hexdigits: key = [0] * 32 key[0] = ord(h) for i in range(32): ecode1 = int(enc[(72+((i*7)%32))*2:(73+((i*7)%32))*2], 16) ecode0 = int(enc[(71+((i*7)%32))*2:(72+((i*7)%32))*2], 16) key[((i+1)*7)%32] = (ecode1 - key[(i*7)%32] - ecode0) % 126 success = True for i in range(32): if chr(key[i]) not in string.hexdigits: success = False break if success: for i in range(len(key)): key_str += chr(key[i]) flag = decrypt(enc, key_str) print flag
DCTF{0d940de38493d96dc6255cbb2c2ac7a2db1a7792c74859e95215caa6b57c69b2}
Survey(Junior 3)
アンケートに答えたら、フラグが表示された。
DCTF{a6a2729cbf6bcadce577a31f7f76201d5ce63c57d6c53318000d67714bb354ef}