HEX Warm Up (Junior 1)

コードを見ながら、lock.isoをバイナリエディタで見ると、0x70バイト目から0x22Dバイト目までがbackup.zipであることがわかる。このzipを展開すると、index.txtに次のメッセージが書いてあった。

Hi man!

This is your flag!

DCTF{474dac08d29d013515a312d1a8460050634f9b3cb6a696a4c73652d1802a1872}

You could do that as:
buf = ""
g = open("lock.iso", "r")
buf += g.read()
print buf
buf = buf.encode('hex')
print buf
n = 7 * 32
buf = buf[n:]
n = 31 * 32
n = n + 8
buf = buf[:n]
print buf
buf = buf.decode('hex')
print buf
f = open("sol.zip", "w")
f.write(buf)
f.close()
g.close()

Or my simple you could change the extension.

DCTF{474dac08d29d013515a312d1a8460050634f9b3cb6a696a4c73652d1802a1872}

Loyal book (Junior 2)

各ファイルの差分をつなげていく。

$ diff 0001.txt 0002.txt
2217c2217
< glimpse last summer at the Palais-Royal. Some of 
---
> glimpse last summer DC at the Palais-Royal. Some of 

$ diff 0001.txt 0003.txt
3745c3745
< benches ranged along the walls, and in the centre of 
---
> benches ranged along TFthe walls, and in the centre of

$ diff 0001.txt 0004.txt
27559c27559
< And it must have been very strong to endure after 
---
> And it must h{ave been very strong to endure after

$ diff 0001.txt 0005.txt
27559c27559
< And it must have been very strong to endure after 
---
> And it must have been 7ba61 very strong to endure after

$ diff 0001.txt 0006.txt
5933c5933
< and Frederick, feeling sleepy, was in no great haste 
---
> and Frederick, feeling sleepy, wa0cc5ds in no great haste

$ diff 0001.txt 0007.txt
18816c18816
< communicated to him ; and he had only two phrases : 
---
> communicated to him ; aa3966nd he had only two phrases :

$ diff 0001.txt 0008.txt
25872c25872
< derstand. She longed for wealth, in order to crush 
---
> derstand. She longed fob7c64r wealth, in order to crush

$ diff 0001.txt 0009.txt
24835c24835
< They all took advantage of the occasion to denounce 
---
> They all took advantage a81c3 of the occasion to denounce

$ diff 0001.txt 0010.txt
749c749
< " Ha ! your chum ! " said Madame Moreau, with a 
---
> " Ha ! your chum ! " said Madame Morcfcdbeau, with a 
769c769
< barely maintained him. Made bitter by continuous 
---
> barely maintained him. 1b1d0 Made bitter by continuous 
3854c3854
< 82 GUSTAVE FLAUBERT 
---
> 82 GUSTAVE FLAUBERT 9e3de
7419c7419
< and the 'longshore-woman exclaimed : 
---
> and the 'longshore-woman exclaimed : 5ad11
9279c9279
< The advocate went on : 
---
> The advocate 89268 went on : 
11727c11727
< ceive either. 
---
> ceive either. bf0e6
14277c14277
< places at which the principals in the duel were to 
---
> places at 18ff7 which the principals in the duel were to 
20565c20565
< deur. 
---
> deur. 1f08}

DCTF{7ba610cc5da3966b7c64a81c3cfcdb1b1d09e3de5ad1189268bf0e618ff71f08}

Forgot my Key (Misc 400)

messageの一部のkeyの部分に注目して計算し、すべて16進数表記の文字になる鍵を探し、復号する。

$encrypted[72] = (($key[0] + $key[7] + $encrypted[71]) % 126)
$encrypted[73] = (($key[1] + $key[8] + $encrypted[72]) % 126)
$encrypted[74] = (($key[2] + $key[9] + $encrypted[73]) % 126)
　　　　：
$encrypted[101] = (($key[29] + $key[4] + $encrypted[100] ) % 126)
$encrypted[102] = (($key[30] + $key[5] + $encrypted[101] ) % 126)
$encrypted[103] = (($key[31] + $key[6] + $encrypted[102] ) % 126)

import string

def decrypt(enc, key):
    dec = ''
    for i in range(1, len(enc)/2):
        dec += chr((int(enc[i*2:(i+1)*2], 16)
               - ord(key[(i-1)%len(key)])
               - int(enc[(i-1)*2:i*2], 16)) % 126)
    return dec

e = '5616f5962674d26741d2810600a6c5647620c4e3d2870177f09716b2379012c342d3b584c5672195d653722443f1c39254360007010381b721c741a532b03504d2849382d375c0d6806251a2946335a67365020100f160f17640c6a05583f49645d3b557856221b2'

enc = ''
for i in range(0, len(e), 2):
    e_part = e[i:i+2]
    enc += e_part[::-1]

def decrypt(enc, key):
    dec = ''
    for i in range(1, len(enc)/2):
        dec += chr((int(enc[i*2:(i+1)*2], 16)
               - ord(key[(i-1)%len(key)])
               - int(enc[(i-1)*2:i*2], 16)) % 126)
    return dec

key_str = ''
for h in string.hexdigits:
    key = [0] * 32
    key[0] = ord(h)
    for i in range(32):
        ecode1 = int(enc[(72+((i*7)%32))*2:(73+((i*7)%32))*2], 16)
        ecode0 = int(enc[(71+((i*7)%32))*2:(72+((i*7)%32))*2], 16)
        key[((i+1)*7)%32] = (ecode1 - key[(i*7)%32] - ecode0) % 126
    success = True
    for i in range(32):
        if chr(key[i]) not in string.hexdigits:
            success = False
            break
    if success:
        for i in range(len(key)):
            key_str += chr(key[i])

flag = decrypt(enc, key_str)
print flag

DCTF{0d940de38493d96dc6255cbb2c2ac7a2db1a7792c74859e95215caa6b57c69b2}

Survey(Junior 3)

アンケートに答えたら、フラグが表示された。

DCTF{a6a2729cbf6bcadce577a31f7f76201d5ce63c57d6c53318000d67714bb354ef}