この大会は2017/3/25 9:00(JST)~2017/3/26 21:00(JST)に開催されました。
今回もチームで参戦。結果は351点で249チーム中17位でした。
自分で解けた問題をWriteupとして書いておきます。
Mic Check (Misc 1)
問題に記載してあるフラグを解凍するだけ。"flag{" と"}"は不要。
W3lc0me_T0_DoubleS1405_CTF!
Easy_Crypt (Crypto 50)
Vigenere暗号の問題。
オンラインツールhttps://www.guballa.de/vigenere-solverで復号してみると、次のような文章になっていた。
the vigenere cipher is a method of encrypting alphabetic text by using a series of interwoven caesar ciphers based on the letters of a keyword. it is a form of polyalphabetic substitution. flag is hello_vigenere
hello_vigenere
RSA (Crypto 150)
RSA暗号の問題。
$ nc 203.251.182.94 4000 enc : 524088215288945245117812840274234074214259867311424793488872316310812706883024313867933264975831745029054523235181695352586709977208196363681301896057064415274078567043967757970801714625738226262293721554006107104236101335115913713660091583447557282002619134700442555482433678036710317021694260495168589479860504255753735295684993178728329372305366606635533145127946686273344730509844775300122864925154558295745613688004661516962622482022264505375004460809348994246393125753388290161988082612174365368309952527753924526213766797054879514133711596108047008600960292092135854237304270147666380464744930028252443649819646184914979910712331358503515497366868391163434331196745240129334051449430357442795848755908012895351467558418431211464970160313835649205450891868176931866059746834981469604038607844868902540578729908708475089242253961021291237310436998767128596611554846948529983930986516799540905413759161964474942642639146239239417647305400198714676910394008062192060561130474884192131791415273201113911520884357202482483443690793539529640607301455522584558165763889673353291204724196936406524674532675658355516720800608675712275967358182807215410869264526079077702286496666298128451842286840129878459991344435756626173655145826593 e : 65537 p : 32317006071311007300714876688669951960444102669715484032130345427524655138867890893197201411522913463688717960921898019494119559150490921095088152386448283120630877367300996091750197750389652106796057638384067568276792218642619756161838094338476170470581645852036305042887575891541065808607552399123930385521954285833276606292740174507176908054077273016103644389803261062635470374515595892199454891155463898488297024308700957247533881208055894474582694028535079545281620566442541400114261729854235365927395115457109476960042332821732358509197923144094801013581965651112146928918286923938064987973879624251895591220179 q : 32317006071311007300714876688669951960444102669715484032130345427524655138867890893197201411522913463688717960921898019494119559150490921095088152386448283120630877367300996091750197750389652106796057638384067568276792218642619756161838094338476170470581645852036305042887575891541065808607552399123930385521990685772174514834944123086486002362345153147580453526134037171595087108668773961917317502849945855689432886442889958513294157709640362363734479327004391952407569596153273880472331909250263593691635107321048666489395316204775782962517724272901158130972610802371589601746375325078943967095960733617174538141999
enc, e, p, qがわかり、enc以外は固定になっている。そのまま復号処理をし、hexデコードやbase64デコードで正しい答えになるよう調整する。
import socket import re s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('203.251.182.94', 4000)) data = s.recv(4096) print data pattern = 'enc : (.+)\ne : (.+)\np : (.+)\nq : (.+)' m = re.search(pattern, data) c = int(m.group(1)) e = int(m.group(2)) p = int(m.group(3)) q = int(m.group(4)) n = p * q a = (p - 1) * (q - 1) x = 0 while True: if (a * x + 1) % e == 0: d = (a * x + 1) / e break x = x + 1 m = pow(c, d, n) ans = ('%x' % m).decode('hex').decode('base64') ans = ('%x' % int(ans)).decode('hex') print ans s.sendall(ans) data = s.recv(4096) print data
実行結果は以下の通り。
enc : 943323076663715024141647584331931588504059538634678245280425831973796289347224969397647303454937690940952859232063793733404967720884450831759307523716676374906805977677219485079131899110251690387052195431428481983362303508265715568364926129160708402287993207521665278959090563863929142276264132832262357813131882224629836702376792898930239886372171786808974048556564459127393421203100595023420176207941095860228262228123206815043761469110111545721812944012788553149575087398528786583978437383550919700413294635921293905268700691986832657511626585629156289537911662116698677989724589794181878086199351516800977257909086655330248139060177962291764419430342443557667861917686953473395731524558266643177815366887860803117307072934899459045728454706856296407965798284164935167469656739110378295698864119610217189620023320017254576611161419886036093861180781769495008397890178322624327006809008967677442747797792584907829610673111299004805651549603121773706860385941777176103149272425054779791817810966316678169201560717394130219015631420356160614120412760419002013131762642338218434316378193883589201195199752227857462248942614326911643627127945748100365516522106686625206332033784564337959925495322684860188773445710912068399610295000708 e : 65537 p : 32317006071311007300714876688669951960444102669715484032130345427524655138867890893197201411522913463688717960921898019494119559150490921095088152386448283120630877367300996091750197750389652106796057638384067568276792218642619756161838094338476170470581645852036305042887575891541065808607552399123930385521954285833276606292740174507176908054077273016103644389803261062635470374515595892199454891155463898488297024308700957247533881208055894474582694028535079545281620566442541400114261729854235365927395115457109476960042332821732358509197923144094801013581965651112146928918286923938064987973879624251895591220179 q : 32317006071311007300714876688669951960444102669715484032130345427524655138867890893197201411522913463688717960921898019494119559150490921095088152386448283120630877367300996091750197750389652106796057638384067568276792218642619756161838094338476170470581645852036305042887575891541065808607552399123930385521990685772174514834944123086486002362345153147580453526134037171595087108668773961917317502849945855689432886442889958513294157709640362363734479327004391952407569596153273880472331909250263593691635107321048666489395316204775782962517724272901158130972610802371589601746375325078943967095960733617174538141999 49U6KMTW0P2m3baysLHcH4WKUjS4WBrk flag{Y34hh_RSA_1S_S0_E4sy}
Y34hh_RSA_1S_S0_E4sy
Cute(Forensic 50)
$ file file file: Matroska data
字幕が隠れていそうなので、ffmpegでテキスト化する。
$ ffmpeg -i file -map 0:s:0 file-subs.srt : (省略)
file-subs.srtの内容は以下の通り。
: 80 00:00:10,517 --> 00:00:10,538 eh~!@#~!!#! 81 00:00:10,539 --> 00:00:10,539 f 82 00:00:10,539 --> 00:00:10,539 l 83 00:00:10,539 --> 00:00:10,539 a 84 00:00:10,539 --> 00:00:10,539 g 85 00:00:10,539 --> 00:00:10,539 { 86 00:00:10,539 --> 00:00:10,539 v 87 00:00:10,539 --> 00:00:10,539 3 88 00:00:10,539 --> 00:00:10,539 r 89 00:00:10,539 --> 00:00:10,539 _ 90 00:00:10,539 --> 00:00:10,539 c 91 00:00:10,539 --> 00:00:10,539 u 92 00:00:10,539 --> 00:00:10,539 t 93 00:00:10,539 --> 00:00:10,539 3 94 00:00:10,539 --> 00:00:10,539 _ 95 00:00:10,539 --> 00:00:10,539 p 96 00:00:10,539 --> 00:00:10,539 4 97 00:00:10,539 --> 00:00:10,539 R 98 00:00:10,539 --> 00:00:10,539 r 99 00:00:10,539 --> 00:00:10,539 0 100 00:00:10,539 --> 00:00:10,539 t 101 00:00:10,539 --> 00:00:10,539 _ 102 00:00:10,539 --> 00:00:10,539 1 103 00:00:10,539 --> 00:00:10,539 2 104 00:00:10,539 --> 00:00:10,539 n 105 00:00:10,539 --> 00:00:10,539 t 106 00:00:10,539 --> 00:00:10,539 _ 107 00:00:10,539 --> 00:00:10,539 ! 108 00:00:10,539 --> 00:00:10,539 t 109 00:00:10,539 --> 00:00:10,539 ? 110 00:00:10,539 --> 00:00:10,539 } 111 00:00:10,539 --> 00:00:10,560 eh~!@#~!!#!@ :
これを見ると、最後の方にフラグが隠れている。
flag{v3r_cut3_p4Rr0t_12nt_!t?}
v3r_cut3_p4Rr0t_12nt_!t?