Xiomara 2018 Writeup

この大会は2018/2/24 2:00(JST)~2018/2/25 2:00(JST)に開催されました。
今回もチームで参戦。結果は2051点で240チーム中8位でした。
自分で解けた問題をWriteupとして書いておきます。

Giveaway (Cryptography 150)

eが小さいのでcのe乗根で復号する。

import gmpy

e = 3
c = 2039130155866184490894181588949291569587424373754875837330412835527276040280846677481047284126316137541961805207979583672570357348995401556991229785828117383170279052532972654304372432603436204862621797

m = gmpy.root(c, e)[0]
flag = ('%x' % m).decode('hex')
print flag
xiomara{4y3_4y3_cryp70_6uy!}

He Moron (Cryptography 200)

AES ECBモードで、16バイトごろにmb配列にセット。

平文1ブロック目暗号化
平文2ブロック目と暗号1ブロック目とのxorを暗号化
:
CBC-MACと同様

2つの異なる平文から同じ値のCBC-MACが得られれば良さそう。

[平文1ブロック目]                       --(暗号化)--> [暗号文1ブロック目]
[平文2ブロック目] ^ [暗号文1ブロック目] --(暗号化)--> [暗号文2ブロック目]
[平文3ブロック目] ^ [暗号文2ブロック目] --(暗号化)--> [暗号文3ブロック目]
・平文16バイト(P1)の暗号(C1)
・平文16バイト(P1)+(C1)と平文16バイト(P1)のXOR

上記の2つは同じになることを使って、プログラムにする。

import socket

def hex_xor(h1, h2):
    i_xor = int(h1, 16) ^ int(h2, 16)
    h_xor = '%032x' % i_xor
    return h_xor

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('103.5.112.91', 8912))

data = s.recv(256)
print data + '0'
s.sendall('0\n')
data = s.recv(256)
print data

plain1 = '1234567890abcdef1234567890abcdef'
print plain1
s.sendall(plain1 + '\n')
data = s.recv(256)
print data

cipher1 = data.split('\n')[2].strip()
plain2 = plain1 + hex_xor(cipher1, plain1)
s.sendall('\n')
data = s.recv(256)
print data

print plain1
s.sendall(plain1 + '\n')
data = s.recv(256)
print data

print plain2
s.sendall(plain2 + '\n')
data = s.recv(256)
print data
xiomara{1_b0w_d0wn_70_y0u!}

xiomara captcha (Misc 100)

$ nc 103.5.112.91 1340
  Human or Not??
We are giving you 20 base64 encodings of jpg images.
You just need to tell me if it is a human or not.
print 1 if there is a human and 0 if there is no human!

/9j/4AAQSkZJRgABAQEASABIAAD/4gIcSUNDX1BST0ZJTEUAAQEAAAIMbGNtcwIQAABtbnRyUkdC
IFhZWiAH3AABABkAAwApADlhY3NwQVBQTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAA
AADTLWxjbXMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApk
ZXNjAAAA/AAAAF5jcHJ0AAABXAAAAAt3dHB0AAABaAAAABRia3B0AAABfAAAABRyWFlaAAABkAAA
ABRnWFlaAAABpAAAABRiWFlaAAABuAAAABRyVFJDAAABzAAAAEBnVFJDAAABzAAAAEBiVFJDAAAB
zAAAAEBkZXNjAAAAAAAAAANjMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0ZXh0AAAAAElYAABY
WVogAAAAAAAA9tYAAQAAAADTLVhZWiAAAAAAAAADFgAAAzMAAAKkWFlaIAAAAAAAAG+iAAA49QAA
A5BYWVogAAAAAAAAYpkAALeFAAAY2lhZWiAAAAAAAAAkoAAAD4QAALbPY3VydgAAAAAAAAAaAAAA
ywHJA2MFkghrC/YQPxVRGzQh8SmQMhg7kkYFUXdd7WtwegWJsZp8rGm/fdPD6TD////bAIQABQYG
BwkHCgsLCg0ODQ4NExIQEBITHRUWFRYVHSsbIBsbIBsrJi4mIyYuJkQ2MDA2RE9CP0JPX1VVX3hy
eJyc0gEFBgYHCQcKCwsKDQ4NDg0TEhAQEhMdFRYVFhUdKxsgGxsgGysmLiYjJi4mRDYwMDZET0I/
Qk9fVVVfeHJ4nJzS/8IAEQgBXgGNAwEiAAIRAQMRAf/EABwAAAICAwEBAAAAAAAAAAAAAAECBAUA
AwYHCP/aAAgBAQAAAAD0wszHFAOYcOEhFSFWyLdy+12YqGOIXxAi5kJnbCwUYcwnDlD5V53x9YvQ
eh+l+ivt2uxU42LjYFXFEMtjF8UZmYWzR4d4LH2TrLTC36+z907iRucDMbFJOIoURQcdmIBzATo+
c/FN97fbl0VEMTJnvnpUjcQMYA4wUKgjLjO2MQcwYPnDxid1l3vlUnKVHS2XOz43072u/ZgbAAWA
zWuRMxnIOzARmeXfMO/sLiVFg1Vf2Mzik0ROs+o7HecJGBsGa9ZMJsxiS7DAdfyRz1/ey66TTy/R
InExdsbn6H6S9ckscOAOVxFwQzilnZiRmc18sPe2dTcTO07265jy2BVc1QQOx+tpjnMIDHFXFEPC
MdySTg8X8VuX2zuw9e6edsHCec8LyXNx9/2J1G3ARhwlVCiFjHCzEk4vzbxdbPt+1926abukpVc9
5j5DylZM+nPRduZgwB8CqohMSQXZswxPlSmrb+2919XtN+7bq0V3Oec+N8Y30J6rtzMGINgxUBrt
hOBm2MWWq+Z+O23vV++dpf7ymuFAq6nznw2B7760cxcxSVCI2V7gkuXYkUPy5CtDbPu9e9mn8p4D
W2s+56HxXgvbPawFOANihFIr2wl3JJw8p8ydDA2+h9xabOwu+YpdG+PNrPK/M/ZPagi5mHMCLgFc
SxdiSwzjvn285mbLXr/Yei6zkeA8n1SvVuh8e5H0v2ga0GYcK6xgWvJYszYWBovAK+P61ou+w6Wv
7qo5jlxs7iu8JzvvS2RFGEMi4FytObCS2NmLzvi3A9X9LdVslQKXr4/SQY2uFyvhMT3TpSupACrA
BQapsdiSTgi8B88J6V9JdXYpyOnqYPVydMGi4rx2J7R1DJq1hSCpVSalsL4SzBPEPMLyt6P6K7a2
HB3HQ0fQ2q13Nef8HY9X2m9detRgxSA2UztmYSWaP895Y19D7z3vRS/MrjreY7l40HmeaO/ne+sx
pRVK4rLjCl2NmZmFhB8I5j12ln3Pd30+n5TprzoI0GJRxYkyDE7nNaJgGAKxWmZycIDGs+b+i77q
aqF19jTWFje1u2l6BqNea7TVwvozIiYBigErTMzlcCM0DxLo+6lReB6nt6fh769SR6HX1nIXEHq+
Qu7wrrULgAGYtOx2MqBARwMTtC3gMr2jtKOJNtOuk0PF+B+y3tjKsHI1qEwDFAWnZnZVxVDR6fTs
6L43576G9Y7q3n79FLwnLfPP1LG6iaWKqFzFAChahsdlXBmDItfA6j4643uvZfcO2tM5/wA+qdfj
P0hR2F84BwKcUKgAqDhIADYAtG5+aeM7OZ2ntfRReM2dVEoet2xtNpJJXAQEVVAqBjHFXCVEaPPq
/n/lu/sOQTpez7brbKqqLWQ6Vt4TgwqqKoApScGBQRp1mRmnxTyP36+jVHS9lf2611LvkoktnYYc
Ca1GYKMllVQAAuHM4viu+6G132FnYboumBVpull9mZmKoTCBlExwKihAgBaIkG7tJ9vPkbtUbZG0
1tTImu4wqAgJUCkw4qa1Koi5p3X0zl+unw7OZu2Js21h2aKznkkTpAwKpIAWizMVNKOE0ad1vcaa
ST0N3HtdqbFi0kJWOiBI0UNhtn2Bw4FUUGYUCJDjrUegSFbfLnzV3y5eqG2o7Sm3H18v5r1GjRpu
bvEQZlCMASFQTLyw4r2uRAg7LWw2YsmDEmS9sgaIeneeepfM/Tt6RaqXcKMGc/iqsTkekurLfxHp
NhHr99hK3y5UXSd22SV06oMeFDfzL1zcVpudt9xC5zeKF5Gf1ltNleb+hrG0yZUiRPkKklgF0ppj
w9O3d5n6s+7ZW8zGsSoXmxg0cV2vUWcnZ5T6OIxks23du2bszXqZlKaF2Hzn05pG6Fz9JahQObAy
hg9n0djsHm3dvr27tgXGfeFUbmcnUG0+eejbZe+JS8zaYq5zoVeTndffWGaPO+6lNsdm2bdm3Yjn
BqUhTrg+eehS50iNT8rYFEFEETjOj6m8mCH533VnKYps3bpe/dobMWNqR9i6KXgu6tJ8jTUcu24K
KJU18T2fTXExKziuuuZ2zEL7pUltOklRrZ3SLx/F9j0VjJ11nNxZagc+qxuL77prWUvLeU+xdBL3
DFO3fJNdqZ3bZs2trhedczddnbyxWc7W2AVeaC1nOd70tpITieG9WvZe9yMc7XrNe3Zu27tuxVr+
Y81f0W9m5CoKOyCL/8QAGwEAAwADAQEAAAAAAAAAAAAAAQIDAAQFBgf/2gAIAQIQAAAA+J0q4wEv
0+g3K0IqwIKzMna+YDs+46VA/E8RrKGBKJPK0pmU99v4Szef8TNcBM1mxpY53PYOcOMvguOMwhMi
TWjH2faE9uko55nyyjCVSDlqufoe7PasyaU/PeVAAM8gWqz1+jbFhi1hrcPykcOKh1WehOx9Grt0
kHhLznmIKSAuoaMWv9C3NorWmrp+V48Ig4M1CS59d3NvZLCurwuLzJQXMx9Iglvcczf9TdjLX8Lp
zSAwBtVsVKel0d/3ewcTieOSGSQLi67sAOhud31jbI5/L8drAKuLNZM2M9Nvq+3i4XzfkdlMBEUT
Woxx6S6P0di7afhubOpxJZmjRgFzsez7DUbMjw/Oc7XCYU5blel6Hv8AXatHxZqqx5/A4EUXnNT6
F3tyoexRbPOEmROL8+xNA+r95XYgaM5dFEkvjavzXlz12+kd6hR3IwnAFZLw8J5CVH+tbbDL4Xou
KuIk9mfkfnMuhsfWXc5sYppIMzSjPYHnvl0f/8QAGgEAAwEBAQEAAAAAAAAAAAAAAAECAwQFBv/a
AAgBAxAAAAD6RKqQkTmakQCqW3sgYI5MAz6umEDQ61JYBxRZnD6toQ0x7IQE8dWCMusQIb2EgMMd
d+bPZ4dDQxOtkkiuTPq5sVr150gYx7pJFcS1rDojcyQNNvcmUa8d42tsOir5WMbe5KRrx9PGXz59
fYcTbYPpSQTnpgkc/d1PgmhsOtIKw6IyrfHDW5jChsOxJjNcOf1Pc4PmuojCKbYdgqZRxcnRynbR
nmihs7QpsObzujSo3zWeY22dpVDaz87QiNdVlINs7XTG45cFMBrs84bGdrYYrJZxJWjKungm+seU
YRpOUXeMXtpF3rgPtWWMYb0lmppu6wc73J2nLEToIJaGCeWnRB2VwEzcBnlTupqqwvqzO088UaZz
U57EzOlbYPqh/wD/xAAkEAACAgICAgIDAQEAAAAAAAABAgMEAAUREhATMEAGFCBQFf/aAAgBAQAB
AgH63ZrP/Tjug/5Vi9c/KZPyKa/3OVdjD+S1fyAH/Gd9tv5psULEKzVkhbFWre123BH+GzbjellS
OutT1+to38GJWSbVbUH/AAt/uAoENbFi4kllYLHXlMYbI31l8Ef4H5BsRixxxIhz2euRgtWlKzlU
fO2svRSfKfpE7WRxDEilwOHEdOjrbYkIjXGeWLt+P2x9/YT9oY8YqOy1a2li14ht0pKnV8nHskGk
srg+9+RWOndW7plSnBWSPr0aO1UngnjdpAMXNc4+6c3EvIZfFGvXronUKFKuk1a5StV2UrxonH3Z
TPlkg1kQauFFVOgHHBV1mit07NZxGNDg+7ZbGxY0yqld4pVbOexm97zOXF6pPEmaPOPuXjM8cYSP
P1nhjl1mwikLXZp5cSv+pXtPmxjXNG/3dkzBI3aMQXq+w4FODDk4MH7TbFdgSV2wKacfd2gRWIBW
hV2cWoiqy1mkDZcm3EWtiZaeMNySmoH3Z16WZIhWpHWCCGBYoMmyIWaksMcUeuWKUbXKC0oR92yL
js9JakfqEAinMOS5FnQ1/wBcxOLGXc156gfbObG3NY41K18TAGydqwkxDGcONkmWmlWukJ+2cvbU
1P1fVqpqsiMC2WDUWRRkTBiXMrWWZf16bI32myVTNFDbjppWkilRy1q1rr0thLcIJMjyTP0FXrJk
L/afNvJVX3Q1bNasYir95qv/ABYaP6HcyktjiNWmiF+Og/2pDsY0irwOkqgRN2TYf9KHZtb/AOob
62kZjIy5YHDnWoPkHx888yjbrrnMaZLl+zXsRNsaEdNdRFqJdfBR6ESPLZjeRctTVq/2jmwgq10c
CTN/Y1d2tMrT01HsiqpEclaxLJsNJJcIeGD7kiQxzCtJmwaKfX3a8kYWEQ+tskeeeUwLrqu1MUf3
nWYVcGbCNs1z0b9adHDFpprNpEsx6apHmzSrZ+8QpqpaNzJ49dG60dtX2gvy7KW7DEscq04M4eAz
JJ9x3SMCwltJFowy15K6ZFkEEMEcXWRVA8s1dfsnwQF8HN3GBBGInqChDTjrpGFOMGVThYp/g7Gn
V1sKKixiBIQirhzh0ZBIi/b558c8tL6ekMXRMUAcYc46sOkkHVZfq8888+Oeee4iiquCIY2jCgDy
cVeCfBSSIr7xaWX5Oc555w+OecZuwWPBK1trEZicuAF6cYSZpLPv93v97P6vQ0VjJXFpbQP0Gm9v
FWZaxqfqfqCqtZYBD0AGK0jBuPX6f1/R6uvAWQSNtJTnQxjIrPyyTF0jVAAqYQQSpXB5C4fCjgLx
hYnBheWRsvqI/V6mheKCT45JBkcaxqnTYYh7sxxcGAgjw3gKABnPOHCS7Nx1kAXjqUkR1VvisvCk
aBVXrv3GEk4MB7Aqe3ODCOe3bt25OHwBldfAziQSrCfhdohCqADx+T4mHwB5B79+3bv7PZ37c8+C
OBhzV+R4bJQvxXWgEQTB5/IFHjgADOOOOP44444/jjDmlwEYPDZJjfFcMAjxPJO7cHOP44A6hOnX
p06dePPGHGOjwEYPByTJMB8c/wAzZCI8XBhw5tZEwZxxxg8DBg/o4f44w5YbSYrLg8HJMlEZ/s4p
hCYvg4xuRJi4PPHGDBg8E9ueefHHHHBzZNrGiZSPBx8lyL4JDXyLEwYMOWH2MkWLg88eRgJxjzz/
AABnBxs3WFK7oV8HHyQJ8Fk18ixMHg5eIgixfA/rkYcbB4GDwP5bLUlyWo0RXBhxslC/z//EAD4Q
AAEDAgIHBgMFBwQDAAAAAAEAAhEDIRIxBBAgQVFhcRMiMECBkSMyUhRCUGKhBSQzcrHB0WNzguE0
Q1P/2gAIAQEAAz8B8sFQbnUaOpWg/wD3p+6oP+V0oH8L0aj/ABKjQqTbUW4jxOS/aDh/EA6BaZU+
as8+qe75pPqnNIglPpkHCDCrg3YCFolWzjhPNAiR+DhokrCTTp3PLd1Vao6XFQpzK4A+q5q25Rmh
AVx0WlUI7N9vpzCp6T3SMNTh/j8Fa0STAWNxZRPdyxLhqe7kE3f/ANpu4eq5Eo8QFT4qU8ZIgfdR
a7EDdCuML/n/AK/gheTRpnu7+fJbypIgIC5N0UZuUxm9cE4/fCdNk6Oapml8hkLvZFNOdz+qqUnh
wPqhpFGfvDP8C7Chgae879Ai44j6Ik8zkFgj6lBE3Kjqju9065Kpi0ysWTU525NZungjisqidvCh
GhWB3HNBwBH4BAX2jTH8AYUdVhE5lXt7oMH905+6AoyF0Sf8rEmzJRY6BkEXOus1aQUCINioyyWE
rtKOA5t/p+AdnQceSAklT33ei9F2bUXOkqBf2Vet+VvJNCY3cgEHyYWFYUM/fUckDdGjpLZyNlbz
/wAlMIvcGhNnkMlvO5b/AGXuUXukhQFGsQpmE4bkVl7I6iCi7RqZPDz1li0x3Btlgpk7yrIkhqBP
Jdo6UGjLbDty90QTZHeoKsp0NnK3noaVie48XLvgbgs13S4rLmgGjwQQgRksOv4BHPz0UnHkodPA
KSVl0UU2jiZTS9skBUWgAPamcUNYVPiqRycPdU/qHuggQgZRaVcFfDPXz3wH9FaFMrM/lKxO/RaQ
5+IUnkclpIbem8LSWus5wsqtg8qRqc1hhaQ6o4glPyvK0s/cK0sCRIVZpw1QeqxNUOXeIXeLfXz0
UH9FNQrDK+YDp7KITWZlMf8AdJWi1TGESqTXSBqssVoVIfdC0en/ANKkBcOHoqbjYpjxqgt6r4w5
r4o6eemg7opKhsqSnRYKrpNdrJwtlO0PTIa1zmh2Rcbj0WmaQXlgwtAkNN45SnVKRxCHNsQrqGIk
qq5/Zsz48FpGj1BiLnDCDAtN1U07SSxhqUqZJgF2KLLSaGkGme9BzG9VCLjV3mo9qxyPbO5eeDsQ
O9qh3JWgKSsbPRVaTpp2T6xBrNxQsIhjcI4IMaTGYXxF8MK5TuATnQH0mvjKVgJ7Klgngi5+J2aD
QrKarUHPwnd/ZGnVDvqJ893XZprXLE5BxhANCBQQGr4i7uoFN4JqA1WU1F8dQGfzedKp0mkk33SU
6s8lGQF8RWGz3lbVbZspLlg0mTvWJzeXna7i/sRYWxGwlaRVcDUJJKa2Gt91NToh2juuz3oVlZXV
tqxRud4M/orXzHnJCbo+kvxiZkt9UGg/WU99hmU2lLG3OSdTrQdiyp03OL3RCo1W9xwI5IYblaPU
PdqNPQr4YUbGJ6oit8u6UDVf7I0Kk/T/AEQcwHzZyTTVIjJOe4HcmsZFPPinVK0lYtLpceyd7hWG
xRq/M0Eotfj0d2A7xuKdVtXMx90ZLRg4EMbbK21clOGlBkWwTKti4r4eP6c+ihvKY/x5uJ5lH7a5
rpzROCbW7o/ygLu9UAWx0X73QdycP0WCqR6qygKkXluK4VAb5VKb2VJl5m25UuBWjR/EA6o1Hd1r
i36tytrsFOmUgN7SF+iAbdEMd/OQPRW813mngUftHacLKmbOzO8ohYmRwXepO4Oj9F2ekM5qQECq
VZsubcZHeqOUvH/JOcJZXcOsFV5LXaQMui0dhgku/wCRVFxHcEe6EKNQxjqi5tlGk0XbzI1VC7sq
V6hHo0cU2lTawXgZ+blSHdFa6w9x3oVDysLZ/O1DtwBuCxtjeM9WIKTibYrSWZN/VaW77n6qo75r
LCNh7nVBzWPRuhUVKB/1EXOIHqeCZTED14nzocLrBLOGXRYgRvCNRoJzyKaWPBywz7FO7Z5PEp1N
4c0ptRgcFKBTU3ghqgaoY4ngseW9Cho7We6cKdMjPtAgxgaPP3DuChzXBRXqRkU3FDnQ0tcCURpF
SMp1ObSkcShvQKCGoBSYCJzXwX/ylF9YOcO63UXUWgZ4xC7RsEQ4Zjz9liwDhmszxUNngsTz1UFf
u/qU5hkIss5UnD5kzimAfMn1DZEqysm0yY1TmmudiyPFOp/OLcU14kHzvC5Vo90AsQhBlV3VNiVF
Bo5KQnAp4VU/eKOzfYAF8l3nOAhpyH9/NhTsw4HnKdUqtYN5UDUDuV9QGzGsBAmT7fgXbN+aITaT
sWbtmNsjJbsio6/gQyFynOu7xgVUZlcIHO3n+F096AQAV1bVfwL6ggmotyKeNwKbvBCY7I+YDc0T
kuJVMKmN6YN6BQWHohtwnmwCfEYFV+lVPpVX6VXO5VzmnasDCVVFTumwEKoMwEw52U+RYE85BVTv
Xb6XXaWYXNj15o6mpqZwTeCHDVHTbnYCamoIAIKOxHGq1Sdb2mxU2d4zWBPf02Oy/bDHbqtMj1CC
HgRrJ1W2TrACJ1YtP0VnOdo/KfTxAxpJTnuk7LadXRnkf+2Ok+GQp1DZG3i/btMfTT2oUifDxVMP
Da7PR6b4H8Qeit4kMmJuoJHPxMX7bru+mnG3mPCwtJ4IkztfuTf9wLuN6eJnz8WdO05/5wNuH+FF
OOJ28Whgf6rFbwT5D/yXca52+8OvhS9g2/gM/wB1n9fNfupPGo4+BbwZrnbogUhUEgv9j5mKbz+U
qNApc5Pgd3wZqOPPbp1XgO4SPM4dErH8hWHQqP8AIp28/Ahp6beGCnfbtHg7/Mu+xVg0SSIA6p2j
6O1hzawA9Vlt94+B8J3Tb7pTa1ZtSbscPMtpw8iQ04va6NSgx5zcQfe6O339n//EACkQAQACAQMD
AwQDAQEAAAAAAAEAESEQMUFRYXEggZEwobHB0eHw8UD/2gAIAQEAAT8QhD019RYrLIjuz7TARFq5
6F37RZEpzUMs0GDBhoaX6jR0Ykr0H/hWErS8Ln4JaezH4bx1VntfmKX8Oir7tL8xKVH7doWUXtML
3s5IPcUztiJCG9nzDCCJYmRgwYOh630vqNL1Ppp0wTsUkePIc9iKh2u149ghYwW9am7EP9tLEwL3
w+0ud5v/ALBCwFO+9/3BDkPs17zLU7o4q3aLdj2W4xvMmAtqbPaJtWLW2J1WgoQ9Fwj6nR1YMuXD
6jkwFqsVlPkda/mO42dYxS7vusMLLHltfAQWaFHn+ATdoA3w/MumPI2hSknQP+QinJ7sAdAdN8RI
xRLePmBqKHQ/cK4RHDSPZgNAHtT+ZdBg+gPRcvRdKj6iB9NQFdiVcxhnL/Mw+RXv/sRwWLtjHsQi
k9TtcDcCHLWfaNtwbXgiZUD1cvsS8QuTdqAbHYa+ajqfK7nAe393CgBcN8J4lGDFbfuEMCis4EcR
hEHEDKjAf34dJeg9J6GL6iXL0PoWtQ6v5GDcF7IZxaUHNfgJjClXt+uh3lgy7rodg/cskfLt/cps
8bRaw09Y/RKshsS/hXuspGgGem3WWhWlmRtMxguD+oVtBvZIXd1nMFRXEQ3S6EYhAiWMGH0CMfQr
0MJepD1XDFUucPaLtMmq48TcQplmYYruz8Su2jzyiF24SKqAo3c/BFYtvd+jaX+xwAEUQKHaZlHB
yeJQlfRTc9oqCrOkCbgYSue8pR2PyQEtrZIr8sypex5bRw+gehlel1IaHqqxptXmW0XVq9XrGeQ6
Okqu5wVwdPMGlq62u6lZV5BlCbN7CV9lmx0d3mBC9dpnsIfQVDUg0lIX8TexSc/uVrSiqHTz/MMW
nmvCQJt39yUAgsqS3cYxD6RL9T6b9JD6G4MuWIu3S8f7aIKnj9n9yn3h5YWz+XL/AAStBuFr0Ovl
gbE4O0MysShtCCGbIaQ3uWlZHDzMit6cfqAltnLsmzDeRsY807Lt0lE9GKxbXP0ho6P0D6DpPaVw
2R1ym8H2MPeU13r7syZtn36sqjWGA7SpRef6IdgaxCjLOJ2Zigtw5uFzRQyPWW9S9zvNkPeO18QK
TpEM72+D9BcuDF1dTU1GEJUrUVRrTls+XLDq1yzAr/208CWvmX7srPjiKFcS0KiGhR0MhAjYSIry
mbjZr+I7nnaFf+2iroHNulSvQw9DF1GHpIQ1qM7VJ+0QRf3f9l3uVcRLDzb4biO4TwQOuEu8SyAr
AJHNAfeLgmhCDKRfTzKorvs4mw+2iNkfEqEFQbkanMFdxn3hKv8AcQoavpDVjpWlQ9JoS4aMo82K
dzLH90+8qsPB8ECobFCPgEGZWOSFK27weq0EVvEa7oYe8UJgloMkrQEoztiGILUCgWg8RHNVYu2U
QucC4g5jojPvGeSCWM3XzMKE84CDb1V6mV6L1IQPX58yITegX2hnqefEIesB43QiOV/6woPYIAgY
32IXzsEL+0wJeIqAiYHMEgJfwQTQFnRcNoFYcvwzAlPvL3hhhgqAvqPzGPMT5lacP3Somj62Pqv0
Go+lkmat7bTGlCtr2uC3Yp80S4em3mBurjEbhaimXxHBPWDh2vIvqQS91aLuLs7cyxxdrcevcZbR
hgyxrYgEcqtYA9WAlh6VvRpNqI5iRRAGVQvMEfYBfKpQWEQJge/4zHiwBS+G5QHurpcGOj61j9Ag
wZfoHRcTBSlINmsD/kwCwofEqegSjs3i1zldmZdyihd8d5Vk5QoX1lVlgPetpcrGUdoaCbkYFb2W
sveAFbsWK7HaYeZhswBntcGgQhRtDoxsI0un3E4zBffJNpGJH0Lq6ut6XDQ9FwlmlDWOmepFlLV3
bvFvrt4ikctQQrYJQ2nRaYFVDdorHiUEiPJHw9CcBKCKlHe9CCZpRh8MQYaav7gUeNGPofUvqNL9
WI9l371DNUKFlvYJu1VXGxA+qSEi9hv3lYDECDEquX2hxlDLBoZtjxCHCb2jtRRT3A/mUVbBZ3/5
C5UY6P0GVoPrv0IBb2IHZe7gdAZVlJA6Fz5SXhXSX1VMFDFg/ERwVQgoTGabsYzRMJj7iKoSksgQ
6hUx2yUXoYXL1axEGjArthpmAsVZCuDa5aU79TmXKjGPqI+k1uXLly5cGMUvc4iY2QVgVkY0bjV7
0dP5ZS7Jv0vllyaTKtljcKumUhmXBLYEBYKyvEsFuwqyGTjDd2CML/kF/EyjzmJocEsuUISzmEUJ
sGXngZUKsQp7SlHLPfwgN52OnaDiMYx0fRxFh6B9Vy4Mdo1g8Z4xNkiwPK9Y1ORb27Rt4Vy3e7Bh
pbeeel+8xQCy0bpcuggEqqZEYukVacSzJXsX5iFYbLkeYA64gH4iaqA2SyWl0Kx4IyhZZPJUuxZd
7cLiOkGch15Su/4+UOYxjq+oj6B9ZHMEW6Hxx7xKotrjccxAjKtG3akfNhovuP6IhAD9pzjlcW2/
UDhlp7wUS9kWwN0cJ7M2Q12mICHF7x7EnA/bpM9JHzH390r8x43nFaT25YjZh1ABYaCPuBzsZtgA
AwDEQbhKSFLkeZwquO7dYxj6XR9YYaMuLoII7Dye+LikTeHF4Afyx2t2rr24vocR15Kq+p0Y7G3w
fxMqmV8LUrfAS4LBlbdQ9Y2RodrJftR6L93GNOrGZ42lwQA2GF91ZdSm7/BUoKs5XL73AiBQFBM2
UjBguOUJNEYbzkRYKRmm4JuuX66zj5FuXl94FGjGVH1kuXL0IaOrLgwAp5jDp2J3r9wE9QK8ZyPj
8RULV7j9oRvGTvDlNg3yp+4pbP3mVaeLu7ywMw6GLe9To+SOUK9qfmCM/Z/USug6G/zCACqiohlz
BRvMDEvT0DBDEbVhYHQqPvE7pCtw7PMWju2nKdV5YUasdH1PpIQdGXL9BKcLGyOLN+Xds/piH4B8
ncm3J+xm5QLsLO1TccgJ728zNTjqdGO5VmTo9ISMwAjNydElHEAEJG5kaicCT8EZVuWO6s5nBfky
s0AC7C4JxYGV3Xle7B0GXLl6PqZfrGLpcv0cwOosPhi7m288ygNgJ8xtEbDiy/1ERJbUy3Kg1dpO
QVdSHlNysRBDqAOZnO4je6Igbofac7BDa2KjtxKqbZ213i5YKx33Eht6mVKiStGJ9S/Q8S5HUSMC
eb7MRC/k144hr5IXF3iwKjpa3aWXRI8LXfiCKHzOg/M2Q+ZRL11iluVlWyFYqGwK4gEAAA02Wcwg
MPD9w34vJ7yuJO3qqVHR9V63qy5cuLLl1KxB0T+YQy3bn1vgglGCJU94aVQKvmMSd/3MFdXzLDEZ
IS5hTxiBS/lYqltmziEBiNDaYGKPxNkNEqg5LNvsDqV0cXBl+p0Y+m/RcuXFly4im4vAZQyvghHj
pLlwXfxFIHND25mdCo9uYYgYMQE2hsBwhlYhBiduGEOJfGVm5ATEIoC5djmC8oZOA9fMJcPTejF+
kkY63GXFly5cWGbyt8mY7WTnodpj99IUgrtOglfEpiVr7kyW78w3L3toNlbW67wdCEuXpcuXF+ga
XFjFlxYsdC5cNADR4ICcnQ4JtMZmLaYQzJDgCsQ05OjH3lII4lzLsMwVl0YMuXLgy5eixZelxZcu
LBly4sYdcsXUYRdBXab80dCBGJViUtduvSVl6zHGIao6g3CCYriIT2GJZ1lIiIwcEUzkN19hP7CT
aF7cy5cuXF0JcuXLi6L1GFi1MLHkVI1XM4j3YayXOEP2QjAjOG4hFg4f8xBUFYSS1S5AhE2oSwV3
ekQAWMEOo+ZTy+Z0HcPaJ5l/I+IGZI5PHdvLglDUFTheVm8bxiYKy7wRYielYsvS5cuXLlxjMDdv
QzHiPmN20eMRQVNm1catcdxLTMbNoW7E6JAbDQgOI/7badiFzANojFO8YBqggOkT0lfEC4IcBEO0
4ZLDUHHvMOoNw2PKrHsnagtMSwDTw8arF+izMMrsR/LXQTtTtQaySvsIO+WNhGEqNFLjjKlxLnt/
xKKjraNkIgFI52gEBLSL0iI3CczGmKVcCzzeZ4f6juh7J2JQOITL5fqLGVK1uXLly5xFfdlzvM7M
DQbkyAoC3XBcUhhLSIuUjJTLY5iokE25IhoaD1hEHGhlsxBMugrMnT0SZ+zDqVgIaQaiITcbIR9R
q6XLlxZcWOQ23+ZtzBrhFMMla8up3JmHqaCTNy8WGGmOirEIywMo3ZgrBXMLjBHxEGll79LKjWVo
1ULpF8qIGgjAs3JR2G/nS4suXpcuXDV4LGa3W2UBr4QYL7X74ijt/Gl30AlML0RQgnZBALapZ42i
t7zHulusG+iTUDRtjh+0uXpdptmGYPcSXLly5foueFR+5szYg20XFn+qLajoHQqVfoAEdC0IAwuI
xGKg4KWlSpUTRUUVnnvjQWlYIMRUnSBxFly5elxlztqK+8wEOgYujUPX9yXMNAaEIRh2hfjRDN0I
pKRBodHRWioXtF/r16Lj1mc5cHqRZcYuXLixYvHAmAg2g0KOOjGquDZimcNBioIaBBExEgy4ajCB
oSGA5wvwRW3+wssY49Ns2MyS49sfEYurFixYncxzAQ7QQIcQbqFPddwImSOGCBKjoBoei6leitxl
U4lQgm0dHsv+OUPoX5WVhmKOGk4gi2d/zEia3Lly09EwXTDtNpp2TbLncz7xxsY7d3MEONVaiBqF
cy6g3LhA0A0CCBtBybqgAld5VW1MP5mMS4ihBDh0ni7EqJE0GXFlD904EOCbJxhHjRnAhA6JyMwC
bIaK0SVCEJuPEcWoXA0BKlRMaRGrIG6FofENKlR9iISJRHg0bIdBUfDLixjP/8QANBEAAgECBAQE
BAYBBQAAAAAAAAECAxEEEBIhBTFBURMiYXEgMoGRBhRSocHRsSMzU2Jy/9oACAECAQE/ABCfxIUW
3ZJt+hR4Xi5q+jSv+2xDgVR/NVivZX/oq8Cko3hO5U4diqavKm7d1uNDRcvkkMvk1lYTExZWzw+H
q1p6YL3fRGDwFKhHZXl1b5ij3PIvU1+hGals0Y/hdKpdxSUu/wDZWozpycZKzRYeV8kMeVxCE/gp
U5VKkYR5t2RhMPChTUI8+r7sRfsbZXSJS8tjiWC8WGqK8y/ckrDWTySylIQhiYhZ8Hp3qyn2VkRV
kbmpF0Jssy9htPZnE6Hh4iVuT3Q83m1lfJCExPLhVNQw8X1e/wBxEpWIwcncjA0Di0atxu6OMK9O
Eu0rFvgT3GPJCGyInnho2pxRyNDbIRQrGxJbE1Zl73OKr/S+qGs2JZNiFkkJCEymrzj7ow68tyXM
g9rWJxE3YW7E0u5KSldEF57HEmlTkmSW4y/wWyQmJiZcuUpWkn2aKMloXsRldimtuXM2aIfKyMfK
mOa9LXJNPoQ+dHGJxULN7v8AgY8kxMbzuIQmIT7mHUpVElvcoQcYRi+aSI7OxFXJuysR+VlKW1hp
FQ1ea5xlaqkJelixJDyTybFfO4mJlzCvw1FUoLzJea27Kc4xai3d2uyE1JXTIyJia0lO75DlYqSM
Tj40puNm3a5Wq+LCSfzKzX1FLYmPNHXJfAnlhnGlh6aTXmje5jMXobhC7ut5PmzhGK3jTb500192
mREKnHmXS5Em+pUsk2OqquJqPo4yt9iU/M2PaclfqSH8Ce42XENG5qaIz3KNVVcNCHK2ya5laEo7
S5rdS7mBpuWJwzj/AMct/qynLvzXM59DydmK3RE3sY6U503CHN7P2KMHDEOLf6l+zGoxgm92+S/s
XO/cY0PLfJyEJjyauKJhZtPT35e5OeuEm10v7dGcD06IN221L90/5KqUUpLvYhJMjYk0irO+yKuI
VCFSb5pGFnKeJi3zcnf6ktepqXPK+VhrJ3HkmIsIsQg5O0UV2oRcerOA6fFl3sVG9EV6m65CqyJT
lI0nGIS8O65dRSZGs9Olq66d17Dtf4GMbGJiFfNSaPzFT9THJs4dX8LEwb5PZjlqa9EIsxRGitRU
4tNXTMZw2rRk2k3Hv2NaSsvuJiexdDkhyL3LFhNCZqPEQ5XHP1NSMJwzFVrPTpj3Zg+FUaFnbVLu
xLccbEcrDRKnFmK4PQqXa8r7orcJxMOVpL7MqUasF5oNGociUiI5Dka2RmzW3lQ4djKq8tN27vYw
v4blKEnVnurO0e3XmYbhVCjvCmr93uyKqLojTUZGM0NMjYdkeboOFR9R0p9zwpfrZ+WXNtioRlNL
1MTgqFV3lBdjEcG6wk16Mq0KlKVpqzL2NWaIQlOSjFXbdkjAcIpUYqUkpT6vt7EYlFWlbumiMlYb
7ES6ykiMWJZMckic2yjHzN9ov/B4Y6KMfgo1abVt+jJJqTT5plllYsfh7CKdWVVraCsvdiiKJRS8
SPuPmIuKQpo1odRWPERrHJksqbspe38lxFWJxSl4eKl67jkOWVjgdHRgYvrJt/wRypN+JH3QtxLK
xoZoZoZoZpsWGiwnaEvoJi5E0fiCnaUJe6JTHUQkJGGp6KFOPaKREaKdtavf6EUJFhCeWxcbLFiS
Jf7T/wDSICJn4gp3w1+0kSvlYoQ1VYLvJLJZUpJTu+z/AMEBFi2Sew2LJIsSWw76UumoXMiT5HGI
XwdX2v8AbcdiR//EADMRAAICAQIDBwEHBAMAAAAAAAABAhEDEiEQMUEEICIwUWFxEwUyM3KBkbEj
QEJDUsHh/9oACAEDAQE/APKc4Lmx5oejI54XuhSg+Uhj4LzbL4WkrfIyZnL2RbKkzQOLW6MeZ1T4
NeU+9tzfIyTcnfToJFIdjKIxpmOXT+xyOo/PDkV+5pfUcEKI0fBF3FMfn5X4q9CzHG2OSS2JTNe4
mmSR1MfUfmWWR5oyPdiINKJNstm/oRuyLtE40Y+vx58eZPdkUSxx/wCRH0ZKKsW0Uhxd/wDolVGS
tDILn58FY1uRx2h4JO93yIxcVV3yoyLxx9xSVtch4J6r1PlzIrSquzIv6bIR8F+fHa3ZOVsj+HZK
TRj3dmT76Myd2RnL1MVskvDRFVH4vvru0UJbklf3ny6DjavoY34aZkgYluySlrMqpKxQMUaLXU/7
Jqn5sRpym/YUeVklzfuPcx4Ms3UIt/BPsfbIyUfpu3yoy9h7VGteOX8/wfT07EDqa25Izc0+C8mi
hczTUr4ZGlGXyi00fZ/bY4ZaZxtPr1RPt0W3ozxSfrHdHa/tVLHphJyl1lyIttiailZKVuvUtQ+S
Tb8tIooXDPe/6MxSepr2GrRJyIJshGluSjqcUPaRNO3fnVx7TelGNeNv2E2mLQ+hsuSHIg1RJik+
TVk0k9u6u4u9Rljqg0QjX68E0iUhMjIq+Q3Wy/cfGvMc0ieW9huhStDGXsJsU2jXGXNDx+jHCS6e
XZPLUoquY8nuPS+otKJaRUOxK0JR6iljXQ+pD0PqR6RPr71Q8jUWyEVpSe48UehKLXPhXdc7+Bsy
Pw/DTGnYkSGhkWSkh8F8CTZGCRllsl7oUxZC1JDXdyukl6ljZk+5L4I8XEcDSLG7Pps0GlCGTW8f
njBkufdyO5v2QyicfBL4fC+Fms1o1o+ojVfBcGvEv1GuER8u4i7k37jEZvwpDLLGx8N2UIssTP8A
YvyskMgf49xukR5D4Z34K9Wv5JcLLGVuLhY2WRYn43+UfIZEi9uP/9k=

写真に写っているのが人なら1と答え、それ以外なら0と答える必要がある。
写真から人かどうか機械的に判別をするのが難しそうなので、
サンプル写真をできるだけ集め、その画像ファイルのハッシュ値と比較する方式をとることにする。
サンプルは何回か集めた結果、人と判別できるものが50種類あった。それを考慮して、プログラムにする。

import socket
import hashlib
import time

human_jpg_md5_list = [
'6863a9ade7e58f52c0747027b7c8d392',
'4afd4607850d0d2d267b4b547a8435e3',
'4d82e61e128b9ff9f993849fbd74c46d',
'a8393bfd69739a97fad157bf61d415b5',
'9a2a8533ce34336176e4140eba8fd381',
'6f84674ba94d0c8ab6010f7c62b35884',
'25cc0428cb8416d080f1a9fc18ccdb81',
'd72c0dfafd095139487500b629385299',
'6934fda5b2d1ff9f45e6240f2997265f',
'2e63782bafbea49855c774a739e238f3',
'e695646ffc9144b0f51d9092e10e9436',
'dffc3c055ee12724e01d752359c0bf09',
'df5e7dd4c3740fa50645611edb9fdbee',
'b19f7bbd9b3678f5ebb6c37211f5732c',
'72ca08509d53891eb99edcb2ac622fe2',
'20f402e662572b0a9c6420be7ee3e1e4',
'eb2a2f10d931e1cf3ad1ba0ab733853c',
'b38361beaab4684d478e2348716f9457',
'f010ccdec6c9b6e45893788023f692e6',
'42dbfdf829012d70c3ffd9a03ccceeea',
'a76b155a44af0d5583aa2097d9f3905c',
'1908d32ff5909ec1cf2d2cfe7a9cf516',
'6d8bd3db81c6d625fc56ce566fe42ef3',
'08870773d7240eb0b7498f0c49f0031e',
'f407d8193250e410640e97a7299d8409',
'167e3e339ef92beb526fa8cd15b9f5a6',
'7dcc93d5c4b71b47dde1868e21fc4da5',
'f24917dee99fedbf06f9887a399c42d0',
'cb528cb595c64c5fd17c7b93a822478e',
'55f1c073b1352dbb1e2c19a5ae8d5261',
'e24596a53799d4aab69844035bfd6a15',
'c559f9245e64688875182e12ac0c04c7',
'1ae5d052d9d4a0b346048858b2a71ba9',
'402e5ff5a56aa21f1d59981bc560f304',
'9f34362cf2f6be3437d4bbb8c45298e7',
'50c8fb9ef41ff37629fa08421d81add7',
'c0937d200114e99a4ecb4545eeb3b876',
'17994c526245fcd88e36661a1631fcfe',
'9635780e05a85d509aae0fb3224e3b32',
'fa38da5b696d754a1309d1ca5fe14a61',
'17ef7dc609a3b616710545e96420dd62',
'49f4a9d0cee09f11abae0d87ad22c472',
'61fad7f415af7e9894c3cab32c5bfab2',
'e40d00cfff549edf8fb8da014e642a20',
'daae5ec44284d5f887229c8680a2ac9c',
'7bd219ec3bca257e52aee398fbef8714',
'4972d90fd3cc967f10a6ebb57906108f',
'211d4285118b755d3f734a70e2703072',
'9a07cd24b7af6fb1a3cc49c6c6cc5064',
'ec8fe40b9f0f4f8a94abe8f9b58f433b'
]

def recvuntil(s, tail):
    data = ''
    while True:
        if data.endswith(tail):
            return data
        c = s.recv(1)
        data += c

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('103.5.112.91', 1340))

data = recvuntil(s, '\n\n')
print data

for i in range(64):
    print 'Round %d' % i

    data = recvuntil(s, '\n\n')

    jpg = data.decode('base64')
    if hashlib.md5(jpg).hexdigest() in human_jpg_md5_list:
        ans = '1'
    else:
        ans = '0'
    print ans
    s.sendall(ans + '\n')

data = recvuntil(s, '\n')
print data
xiomara{you_just_processed_an_image}

Freemasonry (Forensics 100)

IENDチャンクの後ろに以下のメッセージがある。

some one has changed the checksum and hidden the secret flag

IHDRチャンクにある画像の高さを高くすると、下の方にフラグが現れる。
f:id:satou-y:20180228222528p:plain

xiomara{480_is_the_new_4k_:P}

Dig_Deep (Forensics 150)

FTK Imagerで開く。

[root]
  - PxNc
    - TvNkzcm
      - UdfV
        - BVoAp
          - yHkWSGaL
            - bBYy
              - IxANKI
                - hgugRa
                  - fvgXjIbXg
                    - zz

上記パスの配下に.git, .git.zipが削除ファイルとしてあるので、エクスポートする。
オブジェクトの情報を確認しながら、フラグが記載されているものを探す。

$ cd .git
$ xxd -g 1 index
0000000: 44 49 52 43 00 00 00 02 00 00 00 02 5a 7c 5b d4  DIRC........Z|[.
0000010: 2e 40 89 30 5a 7c 5b d4 2e 40 89 30 00 00 08 01  .@.0Z|[..@.0....
0000020: 00 48 2e e9 00 00 81 a4 00 00 03 e8 00 00 03 e8  .H..............
0000030: 00 00 00 0a 5f 93 42 a6 7f 13 e2 65 75 02 20 f1  ...._.B....eu. .
0000040: ae 7b 66 4b 6d 5c 36 62 00 09 52 45 41 44 4d 45  .{fKm\6b..README
0000050: 2e 6d 64 00 5a 7c 5f db 29 71 0d 7e 5a 7c 5f db  .md.Z|_.)q.~Z|_.
0000060: 29 71 0d 7e 00 00 08 01 00 48 2e ed 00 00 81 a4  )q.~.....H......
0000070: 00 00 03 e8 00 00 03 e8 00 00 00 93 07 50 11 5e  .............P.^
0000080: f6 bc 6c 3e cd 58 3f 07 4a 7d 16 58 63 42 60 18  ..l>.X?.J}.XcB`.
0000090: 00 08 66 6c 61 67 2e 74 78 74 00 00 54 52 45 45  ..flag.txt..TREE
00000a0: 00 00 00 19 00 32 20 30 0a c0 35 17 cd e2 ec d6  .....2 0..5.....
00000b0: 73 47 c3 90 ae 29 a4 4b 4d f1 91 c8 1a 9f 24 ec  sG...).KM.....$.
00000c0: 74 37 8c da 94 d7 f6 90 5b 05 42 ad a7 f9 6e 3e  t7......[.B...n>
00000d0: cd                                               .

$ python -c 'import zlib; print zlib.decompress(open("objects/07/50115ef6bc6c3ecd583f074a7d165863426018").read())'
blob 147oh [REDACTED]

Well screw you !!!


probably u could try some cool tool to find flag

hahahahahahahhahah

sorry no flag for u !!!!!!!!!!!!!!!!!111

$ cat logs/refs/heads/master 
0000000000000000000000000000000000000000 75f9b8f5cd2efc6e9ec39f834542e9787d0c9930 SANS Forensics <sansforensics@siftworkstation.(none)> 1518099412 +0000	clone: from https://github.com/NaveenEzio/dig_deep.git
75f9b8f5cd2efc6e9ec39f834542e9787d0c9930 631728713203c7aea5515bfc7643ac90a09be2a2 lolzzz <fakemail@xiomara.com> 1518099964 +0000	commit: Intial commit
631728713203c7aea5515bfc7643ac90a09be2a2 dde06e5ce71936f03f751ec906f5223fb74fe43e lolzzz <fakemail@xiomara.com> 1518100110 +0000	commit: WIP creating the flag
dde06e5ce71936f03f751ec906f5223fb74fe43e 3505d2ddc47c53207331d54edd126f0a515f5ddc lolzzz <fakemail@xiomara.com> 1518100308 +0000	commit: Still 2 weeks left
3505d2ddc47c53207331d54edd126f0a515f5ddc 2c2196abb8a69cc74605a7f24cb8aafe59412968 lolzzz <fakemail@xiomara.com> 1518100365 +0000	commit: Still 1 week left
2c2196abb8a69cc74605a7f24cb8aafe59412968 1096fc8afd2b30c4b3318cc69f531f49b1f77441 lolzzz <fakemail@xiomara.com> 1518100447 +0000	commit: Still 1 week left

$ python -c 'import zlib; print zlib.decompress(open("objects/dd/e06e5ce71936f03f751ec906f5223fb74fe43e").read())'
commit 228tree b368768b6c7a63fae65df3f665842b6852efd7a9
parent 631728713203c7aea5515bfc7643ac90a09be2a2
author lolzzz <fakemail@xiomara.com> 1518100110 +0000
committer lolzzz <fakemail@xiomara.com> 1518100110 +0000

WIP creating the flag

$ python -c 'import zlib; print zlib.decompress(open("objects/b3/68768b6c7a63fae65df3f665842b6852efd7a9").read())' | xxd -g 1
0000000: 74 72 65 65 20 37 33 00 31 30 30 36 34 34 20 52  tree 73.100644 R
0000010: 45 41 44 4d 45 2e 6d 64 00 5f 93 42 a6 7f 13 e2  EADME.md._.B....
0000020: 65 75 02 20 f1 ae 7b 66 4b 6d 5c 36 62 31 30 30  eu. ..{fKm\6b100
0000030: 36 34 34 20 66 6c 61 67 2e 74 78 74 00 80 18 26  644 flag.txt...&
0000040: ed b4 11 74 7a 61 b3 d7 78 25 10 a9 f0 6c 24 6d  ...tza..x%...l$m
0000050: e0 0a                                            ..

$ python -c 'import zlib; print zlib.decompress(open("objects/80/1826edb411747a61b3d7782510a9f06c246de0").read())'
blob 81xiomara{} well this is our flag format

oh still only few days left !!!!!!!!!!!!

$ python -c 'import zlib; print zlib.decompress(open("objects/63/1728713203c7aea5515bfc7643ac90a09be2a2").read())'
commit 220tree 8d5cf9cbad1a828a1fc3b03d34e42097ebd31342
parent 75f9b8f5cd2efc6e9ec39f834542e9787d0c9930
author lolzzz <fakemail@xiomara.com> 1518099964 +0000
committer lolzzz <fakemail@xiomara.com> 1518099964 +0000

Intial commit

$ python -c 'import zlib; print zlib.decompress(open("objects/8d/5cf9cbad1a828a1fc3b03d34e42097ebd31342").read())' | xxd -g 1
0000000: 74 72 65 65 20 37 33 00 31 30 30 36 34 34 20 52  tree 73.100644 R
0000010: 45 41 44 4d 45 2e 6d 64 00 5f 93 42 a6 7f 13 e2  EADME.md._.B....
0000020: 65 75 02 20 f1 ae 7b 66 4b 6d 5c 36 62 31 30 30  eu. ..{fKm\6b100
0000030: 36 34 34 20 66 6c 61 67 2e 74 78 74 00 b7 6c 29  644 flag.txt..l)
0000040: 32 ff 8b 34 54 de d7 59 ed 44 1a 5a 91 1e 66 5c  2..4T..Y.D.Z..f\
0000050: 46 0a                                            F.

$ python -c 'import zlib; print zlib.decompress(open("objects/b7/6c2932ff8b3454ded759ed441a5a911e665c46").read())'
blob 76xiomara{} well this is our flag format

but have to frame some cool flag :)

$ python -c 'import zlib; print zlib.decompress(open("objects/35/05d2ddc47c53207331d54edd126f0a515f5ddc").read())'
commit 225tree df33643c65c175e109232b95284ec5c0fa7aab1a
parent dde06e5ce71936f03f751ec906f5223fb74fe43e
author lolzzz <fakemail@xiomara.com> 1518100308 +0000
committer lolzzz <fakemail@xiomara.com> 1518100308 +0000

Still 2 weeks left

$ python -c 'import zlib; print zlib.decompress(open("objects/df/33643c65c175e109232b95284ec5c0fa7aab1a").read())' | xxd -g 1
0000000: 74 72 65 65 20 37 33 00 31 30 30 36 34 34 20 52  tree 73.100644 R
0000010: 45 41 44 4d 45 2e 6d 64 00 5f 93 42 a6 7f 13 e2  EADME.md._.B....
0000020: 65 75 02 20 f1 ae 7b 66 4b 6d 5c 36 62 31 30 30  eu. ..{fKm\6b100
0000030: 36 34 34 20 66 6c 61 67 2e 74 78 74 00 ed c4 11  644 flag.txt....
0000040: b5 9e ad 90 8c ba 9b 34 0a b2 18 9a d1 86 94 45  .......4.......E
0000050: 92 0a                                            ..

$ python -c 'import zlib; print zlib.decompress(open("objects/ed/c411b59ead908cba9b340ab2189ad186944592").read())'
blob 61xiomara{wow_autopsy_&_git_is_cool}

Finally this is the flag
xiomara{wow_autopsy_&_git_is_cool}