この大会は2018/8/7 10:00(JST)~2018/8/13 10:00(JST)に開催されました。
今回もチームで参戦。結果は2315点(満点)で542チーム中3位でした。
自分で解けた問題をWriteupとして書いておきます。
Blank (Web 5)
HTMLソースを見ると、コメントにフラグが書いてある。
tjctf{50urc3_c0d3_n3v3r_l0535}
Trippy (Miscellaneous 5)
GIFファイルが与えられている。
$ strings be37fef78cfd6c7deda71154f567e6d0cfefbda1f80698c064bab469d3a54c58_trippy.gif | grep tjctf tjctf{w0w}
tjctf{w0w}
Discord! (MIscellaneous 5)
Discordにjoinする。#flagチャネルのメッセージにフラグが書いてある。
tjctf{d1sc0rd_1s_pr3tty_c0ol}
Cookie Monster (Web 10)
クッキーのflagパラメータにフラグが設定されている。
>
tjctf{c00ki3s_over_h0rs3s}
Central Savings Account (Web 10)
HTMLソースを見る。https://central_savings_account.tjctf.org/static/main.jsを見ると、パスワードはmd5が698967f805dea9ea073d188d73ab7390になるものとわかる。Googleで逆変換したデータを検索する。
avalon
Vinegar (Cryptography 15)
Vigenere暗号。キーの長さは9。先頭5文字はtjctfに復号されることから、キーの前半5文字だけ決定できる。残り4文字はブルートフォースでハッシュ値が一致するものを探す。
import string import hashlib import itertools def get_flag(s): flag = s[:5] flag += '{' flag += s[5:] flag += '}' return flag target = '8304c5fa4186bbce7ac030d068fdd485040e65bf824ee70b0bdbac03862bec93' al_l = string.lowercase c = 'uucbxsimbjyaqyvzbzfdatshktkbde' p_head = 'tjctf' k_size = 9 k = '' for i in range(len(p_head)): index = al_l.index(c[i]) - al_l.index(p_head[i]) if index < 0: index += len(al_l) k += al_l[index] for s in itertools.product(al_l, repeat=4): key = k + ''.join(s) p = '' for i in range(len(c)): index = al_l.index(c[i]) - al_l.index(key[i%k_size]) if index < 0: index += 26 p += al_l[index] flag = get_flag(p) if hashlib.sha256(flag).hexdigest() == target: print 'key =', key print 'flag =', flag break
実行結果は以下の通り。
key = blaisevig flag = tjctf{onevinaigrettesaladplease}
tjctf{onevinaigrettesaladplease}
Caesar's Complication (Cryptography 20)
縦横斜めでtjctf{のシフト暗号を探す。見つけたらその部分を復号する。
import string def ceaser(s, shift): chars = string.lowercase enc = '' for i in range(len(s)): if s[i] in chars: idx = chars.index(s[i]) + shift if idx >= 26: idx -= 26 enc += chars[idx] else: enc += s[i] return enc def get_enc_flag(tbl, x0, y0, x_vec, y_vec): enc_flag = '' x = x0 y = y0 while True: if x < -1 or x > 99 or y < 0 or y > 99: break enc_flag += tbl[x][y] x += x_vec y += y_vec enc_flag = enc_flag[:enc_flag.find('}') + 1] return enc_flag def decrypt_flag(s): for i in range(26): flag = ceaser(s, i) if flag.startswith(pre_flag): return flag return '' pre_flag = 'tjctf{' l = len(pre_flag) words = [] for i in range(26): words.append(ceaser(pre_flag, i)) with open('puzzle', 'r') as f: lines = f.readlines() tbl = [] for line in lines: tbl.append(list(line.strip())) ## across ## for i in range(100): for j in range(101 - len(pre_flag)): parts = ''.join(tbl[i][j:j+l]) for word in words: if parts == word: print 'across' enc_flag = get_enc_flag(tbl, i, j, 0, 1) ## down ## for i in range(101 - len(pre_flag)): for j in range(100): parts = '' for k in range(len(pre_flag)): parts += tbl[i+k][j] for word in words: if parts == word: print 'down' enc_flag = get_enc_flag(tbl, i, j, 1, 0) ## right down ## for i in range(101 - len(pre_flag)): for j in range(101 - len(pre_flag)): parts = '' for k in range(len(pre_flag)): parts += tbl[i+k][j+k] for word in words: if parts == word: print 'right down' enc_flag = get_enc_flag(tbl, i, j, 1, 1) ## left down ## for i in range(101 - len(pre_flag)): for j in range(len(pre_flag), 100): parts = '' for k in range(len(pre_flag)): parts += tbl[i+k][j-k] for word in words: if parts == word: print 'left down' enc_flag = get_enc_flag(tbl, i, j, 1, -1) ## right up ## for i in range(len(pre_flag), 100): for j in range(101 - len(pre_flag)): parts = '' for k in range(len(pre_flag)): parts += tbl[i-k][j+k] for word in words: if parts == word: print 'right up' enc_flag = get_enc_flag(tbl, i, j, -1, 1) ## left up ## for i in range(len(pre_flag), 100): for j in range(len(pre_flag), 100): parts = '' for k in range(len(pre_flag)): parts += tbl[i-k][j-k] for word in words: if parts == word: print 'left up' enc_flag = get_enc_flag(tbl, i, j, -1, -1) flag = decrypt_flag(enc_flag) print flag
実行結果は以下の通り。
right up tjctf{idesofmarch}
tjctf{idesofmarch}
Classic (Cryptography 40)
from Crypto.Util.number import inverse def isqrt(n): x = n y = (x + n // x) // 2 while y < x: x = y y = (x + n // x) // 2 return x def fermat(n): x = isqrt(n) + 1 y = isqrt(x * x - n) while True: w = x * x - n - y * y if w == 0: break elif w > 0: y += 1 else: x += 1 return x - y, x + y e = 65537 n = 128299637852747781491257187842028484364103855748297296704808405762229741626342194440837748106022068295635777844830831811978557490708404900063082674039252789841829590381008343327258960595508204744589399243877556198799438322881052857422197506822302290812621883700357890208069551876513290323124813780520689585503 c = 43160414063424128744492209010823042660025171642991046645158489731385945722740307002278661617111192557638773493117905684302084789590107080892369738949935010170735247383608959796206619491522997896941432858113478736544386518678449541064813172833593755715667806740002726487780692635238838746604939551393627585159 p, q = fermat(n) phi = (p - 1) * (q - 1) d = inverse(e, phi) m = pow(c, d, n) flag = ('%x' % m).decode('hex') print flag
tjctf{1_l1ke_squares}
RC4 took an L (Cryptography 40)
いろいろ調べたら、RC4ならぬLC4というのがあるらしい。
https://eprint.iacr.org/2017/339.pdf
alphabetは#_23456789abcdefghijklmnopqrstuvwxyzで問題と一致する。pythonでlc4ライブラリがあるので、それを使えば簡単に復号できる。
from lc4 import decrypt key = 'pq_xc589r3nb#mgjtkh7w2dlfvy4eaoi6uzs' ciphertext = 'wpwt#5ng4_qbitp#8mq59r_g866c4t59c6vy6tisj4af6bprfnbd_wrq2wjmr4ld_s26a7i#biiyqjolq8lus_wfusfkj8xv2qrrv3etab_marovc#uuoueyl' flag = decrypt(key, ciphertext) print flag
復号すると、以下の文字列。
i_hope_that_by_making_this_long_you_will_assume_substitution_cipher_and_go_to_quip_qiup_the_flag_is#elsie_four_is_not_rc4
tjctf{elsie_four_is_not_rc4}
Grid Parser (Forensics 45)
ZIP解凍し、xl/media/password.pngを取り出す。ファイルの後半がZIPになっているが、パスワードがかかっている。
$ fcrackzip -u -l 1-4 flag.zip PASSWORD FOUND!!!!: pw == px
このパスワードで解凍したflag.txtにフラグが書いてある。
tjctf{n0t_5u5_4t_4LL_r1gHt?}
Bad Cipher (Reverse Engineering 50)
コードを読む。sはmessageをkeyの長さに振り分けたもの。
例) message = "ABCDEFGHI" key = "aaaa" ['AEI', 'BF', 'CG', 'DH'] ■変換 [0] 0: ord('A') ^ ord(k[0]) ^ (a00>>2) -> (sp) 1: ord('E') ^ ord(k[0]) ^ (a01>>2) -> , 2: ord('I') ^ ord(k[0]) ^ (a02>>2) -> # [1] 0: ord('B') ^ ord(k[1]) ^ (a10>>2) -> # 1: ord('F') ^ ord(k[1]) ^ (a11>>2) -> / [2] 0: ord('C') ^ ord(k[2]) ^ (a20>>2) -> " 1: ord('G') ^ ord(k[2]) ^ (a21>>2) -> . [3] 0: ord('D') ^ ord(k[3]) ^ (a30>>2) -> % 1: ord('H') ^ ord(k[3]) ^ (a31>>2) -> (sp)
変換した後、組ごとに配列にするため、上記の例だとAEIのIは切り落とされる。あとはその順番で16進数表記でASCIIコードを表示する。
202322252c2f2e20 # " % , / .
暗号の長さは112。56バイト。keyの長さはその約数になる。
1, 2, 4, 7, 8, 14, 28, 56
keyの長さは7バイトか8バイトあたりと考えられる。調整しながら確認していく。
7バイトだと、printableなフラグにならない。8バイトで復号した文字列がフラグになりそう。
keyの末尾2バイトはブルートフォースで復号を試し、フラグになるものを探す。
import itertools import string def d(c, k, skip): s = [''] * skip for i in range(skip): for j in range(len(c)/skip): s[i] += c[i+j*skip] for i in range(skip): a, d = 0, '' for j in range(len(s[i])): b = ord(s[i][j]) ^ ord(k[i]) ^ (a>>2) d += chr(b) a = ord(s[i][j]) s[i] = d dec = '' for j in range(len(c)/skip): for i in range(skip): dec += s[i][j] return dec def is_flag(s): if s[-1] != '}': return False for i in range(len(s)): code = ord(s[i]) if code < 32 or code > 126: return False if s.count('}') > 1 or s.count('{') > 1: return False return True enc = '473c23192d4737025b3b2d34175f66421631250711461a7905342a3e365d08190215152f1f1e3d5c550c12521f55217e500a3714787b6554' for c in itertools.product(string.printable, repeat=2): known = 'tjctf{' + ''.join(c) key = '' for i in range(len(known)): code = int(enc[i*2:i*2+2], 16) ^ ord(known[i]) ^ (0>>2) key += chr(code) flag = d(enc.decode('hex'), key, len(key)) if is_flag(flag): print flag
結果は以下の通りで、一つに定まらない。
tjctf{a4ybe_Wr=t3ing_mU_3ncRypX10N_MY5ilf_W4Snx_v_sm4R;} tjctf{c4ybe_Wr?t3ing_mW_3ncRypZ10N_MY5klf_W4Snz_v_sm4R9} tjctf{e4ybe_Wr9t3ing_mQ_3ncRyp\10N_MY5mlf_W4Sn|_v_sm4R?} tjctf{g4ybe_Wr;t3ing_mS_3ncRyp^10N_MY5olf_W4Sn~_v_sm4R=} tjctf{h4ybe_Wr4t3ing_m\_3ncRypQ10N_MY5`lf_W4Snq_v_sm4R2} tjctf{i4ybe_Wr5t3ing_m]_3ncRypP10N_MY5alf_W4Snp_v_sm4R3} tjctf{j4ybe_Wr6t3ing_m^_3ncRypS10N_MY5blf_W4Sns_v_sm4R0} tjctf{k4ybe_Wr7t3ing_m__3ncRypR10N_MY5clf_W4Snr_v_sm4R1} tjctf{l4ybe_Wr0t3ing_mX_3ncRypU10N_MY5dlf_W4Snu_v_sm4R6} tjctf{m4ybe_Wr1t3ing_mY_3ncRypT10N_MY5elf_W4Snt_v_sm4R7} tjctf{n4ybe_Wr2t3ing_mZ_3ncRypW10N_MY5flf_W4Snw_v_sm4R4} tjctf{o4ybe_Wr3t3ing_m[_3ncRypV10N_MY5glf_W4Snv_v_sm4R5} tjctf{p4ybe_Wr,t3ing_mD_3ncRypI10N_MY5xlf_W4Sni_v_sm4R*} tjctf{q4ybe_Wr-t3ing_mE_3ncRypH10N_MY5ylf_W4Snh_v_sm4R+} tjctf{r4ybe_Wr.t3ing_mF_3ncRypK10N_MY5zlf_W4Snk_v_sm4R(} tjctf{t4ybe_Wr(t3ing_m@_3ncRypM10N_MY5|lf_W4Snm_v_sm4R.} tjctf{v4ybe_Wr*t3ing_mB_3ncRypO10N_MY5~lf_W4Sno_v_sm4R,} tjctf{x4ybe_Wr$t3ing_mL_3ncRypA10N_MY5plf_W4Sna_v_sm4R"} tjctf{y4ybe_Wr%t3ing_mM_3ncRyp@10N_MY5qlf_W4Sn`_v_sm4R#} tjctf{z4ybe_Wr&t3ing_mN_3ncRypC10N_MY5rlf_W4Snc_v_sm4R } tjctf{`4ybe_Wr
英文として意味が通りそうなフラグを選んだら通った。
tjctf{m4ybe_Wr1t3ing_mY_3ncRypT10N_MY5elf_W4Snt_v_sm4R7}
Sarah's Cryptosystem (Cryptography 60)
問題のタイトルから暗号の種類を特定する。Cayley–Purser algorithmのようだ。以下を参考に復号する。
https://en.wikipedia.org/wiki/Cayley%E2%80%93Purser_algorithm http://www.geocities.jp/midarekazu/matrix.html
以下が成り立つので、与えられたパラメータから復号する。
c * (gamma * beta - inv(alpha) * gamma) = inv(alpha) - beta kai = c * gamma + e lam = kai.inverse() * epsilon * kai mu = lam * mu_prime * lam ※mu: 復号結果
復号結果は2×2の行列なので、0行0列、0行1列、1行0列、1行1列の順に数値を文字に変換して、結合する。
# solve.sage n = 14678582949426387051583136040455803382111419934165976555967410717578108685173293909893707428060574534387147043662980233493070333867526564630646606195171973454732346210530445592981735448140608367433802310679262003264086048483330926831158965247002647763969506296491800206264566632210018217460947909473322948120728022781961264083482251077179808522571497366192225541800367737775624875274409378360680791167750022903325344080185661894498877429106792051549616294445505734756445036773060160075172879734624325424601794213946464848991659189822047433670420325360836239402912250660089868320598256013395839998681853749012528228581 alpha = matrix(Zmod(n), [[8775523445886632877189593855724016105923853238110388600944519847143895931293223855922653616887818042631073479198110684379321723227593601822918289162810287213179985843203577275519823312297337476543699814699295603780534270489652026567901889418668978700166470523932709861086261372827841681274942513882086473642725585135101230370081888674776607714279827857691943339921005145456087934796083827529605415734994951876822070091633768569949775791638494032484021726668931928950677970506977610850040146356447929936780822436403930820545470690234566354431325668976387986291875340697228987789945329449200068296170375614076050879785, 10914524698710595970321127027090232144165968780037471063432770955497704137163051702799686631313041237560141667848373235442103054608670912249269855896811394714345108278448088454633357108221934703236017373213591822419492870186573388565800341211631487277520861910315169726614530318669774452500398973789004100413146262726432287549267494369387541010183759368058060150046771812028618651061152940554853598757579002480497094323215709965636785996674504414081628163168221618141288158620642854534927045304055157302218392073869315722029506251754742712127700711498342611023211817174640260717060042688885087479683913557571909322741], [7157097076807988382820230716569936455045674994109312852250577929895736096519606523374055940413673063662855431457666708138113796135396777078373960733319810698100562529245781853196798527091875213512132913044623809323407761879224741043837559073372914528336917930561267239951428201709786511309170906978181350528532725746865810552547336005227276113230516321894984875520782802662233942788568094083797220677632043304323815963819260590985920987957137053105329635183018297003173809322151759301586528750262563904360082125151280110181914762714140881033279744601200352729150802483479611105828702510738590423345140053057578524340, 6713517055261601175137199194349037776884391949750887153570211478360609355102967635024812020436930124099492062499378568948225812905028941236992161990751892519351796091752765093957342028716103643486587421078902623905472869718701549301991454011667516034361143511456327353811233114869084210135013109411719670903088224240407539506990465851216587326439231276390112484389076650763830466007812636524179883923113881730406583476993810068817032731764701328227580833401955012377095618568561222016759038286127435444274370666887116694944714906875307424805468192270291152231535013278536905457590268616934245276058674669841799113000]]) beta = matrix(Zmod(n), [[12810735484592687475611067000733910475407959255726938964445865510797360682518042234111788624482348253873675205750379533519653600377466554571549725126735899237320794286392351216351163142150947930793285681157153739873680235151717822189508483187266968937840184927172004631125869801171730273839416495272679596762491128032081715204511086070136862783519124351766930742835431179567064478518796272613388247961834821952570326773065235010566961759660603378159648515475855652044014147336517739031539091701655351031055956799114677224875340483094077563775106615052814649767904459580694503137691824535465579841465656799088385158184, 5473642859795523867833744594642413120108472695987405903092128057784530587542920832212387191217752619328277772827610816009681072385077130472910935496153590538664127336809080066339982095054400770410661108644231317771694643744529400989304882179751725342517277312600577613299747065205530030840353840528208991751919855348274256156989437092383943692362355213688529247118405117679336493204906404070181358635721597885844629007865171487595667542012053680470870441869320997247103844383487375469966170305723116660050719640797029789529431834500103108427981321996630378373859429074160615524314703440598519278440916672490604153920], [13360817683734425907882869818387715917823570500779542648139881285594085839307884087170316732892285057644413961106686702548122776388566314151602576134967429938148568359628406913487102447957478975857422968377905367007255678006848155389204533214902608595212870988879519805436914172362269969647424235793945764717194382563938554317735619273113439313925766674058624269423418548409043902139520249198229905104623538910887468568657824562399052674509890480922031471957602349880575143764865589002518416822823718373354855636110399881258158604068094158661436001036363550606724638058264988946662672731808136009525669966413346830771, 11468410759599236635289052912588911752422573812150145093904993075149484717580340039481523574675433246733347559877762204982600910077123361122258919844601069472735734932609308953048318256198076234640234139592390905314780413453276360192939595448983886080692089673968929164049655081883685358729758224963749521058341303254696491886950891802778644958745186969893311825203619560214820869460365078215849849124479129495345651512821938654650764639191895571807669232427640112077550730446976794444904863440462011108462395868920803221927297239615558407269413543933560885245839360611664257149625120359949226340501748237522041814167]]) gamma = matrix(Zmod(n), [[8974468230919934099206660576279424449497301852364989153036761168858007344533698037386796827211384328629017837524968363275804995875927577734686609421586684272633348191411693574979321023787212983912221475247860537390362046603629961287235797201556980167513141941168597299233052362222944059064374704020090477871823209626756840704609536921524143960339208893818545992537157471214137960274837610171236744600814714862928730197678579742105704214054822862593357666332950197265426170385072044723785511598793270720596355301285113545159975155209975455186823617585677822352197860436786511800833967339913846225776224546725792541520, 9348474986948437407830611381930796417076181343543633204466467018618007961332994440548537170881111598282300398838403220784637434773325124478963236440587878188677991827315886822018947642220599876747471178815812118951916817010191177047705089048910549002617216646224139781669862185568251097552368622389943664551466943434989962245869206459898126080327957813064720085824151158276722547935648805466702908342289509228148396591724592467606473409258370670569095588764643480541155047718125969649815181530297399896574878462796500132797468732289756350942722963262157882852028757481193014591962402361412541547286212463585329356315], [6306347499602839310711897806816115365577798048588869401080589959551960579025882710953775758799196156090574498840338655413952106340930233167025430911291561146300436232756032168584609901161123027915957142144417373944831498112379530014743564725043850573029577893137274785944999828913842318958600038316305161651550987813123688899364506103198777508061052140024401991543826294645053810175935470329060181419638113822346335627126011428883634941577955928094830457687467602021018818112233819135752762796122449991940293951126794842445023346469946015215788444862522482934643865011428843298464296450568025153162421666513865829972, 10460558892626942486591136156075757543686422206929425172766487988979302284782458711707743391644192252658479654211588038112081380743223452728011518065689480909606243379075821247336392033167618986362705759995101660106860761650744887913049696267564350252223724264010048527822196072691569796251914527187015010584106518547809025845913716411807489385594922654444064967642748725710272671436875870600558952201656006726706186246198382807891707075834051796788676605755301264887244933074977001813150376143934759392995053660467071628525606350521290098742782796859849651804582344638795615115444324738258958494327221705047139386067]]) mu_prime = matrix(Zmod(n), [[9110140425150750491145178173245810683649850676433167642203918443227873747929200498497484988659356796565844607239572829879322347251589944478091113697792108086550736898839464575439745480624731810294886238002427135623698710042800014612820928298917430445137640355738788165343967441826643874136160621009753218683651627226187219386196831000264065035194030979035604667050555295409076871639269434935429836264844914788522151184701643589729070919260048693228620818713776827956449530727987176756766935883945609304801285829253475548773757845833684396147327615752864245759762697131554282702952182820064236136029154931285534920336, 3965680634933532371253173918575965512311075743978870329108827645259543845600676708465361739792712505100830375151369030591386585033111483748387572594721593780367638957423544648137126096616048548831526404791201118063342916940780558823392780847378257409456603871959593407713453397146511731920904022568991968961066446033963676957027561582191560877662951544766699653019054058615445793884586251692712331360647356139500007887786373834135022309564632684555593104495467262752494409415310095975103762605447355421569804147145717716270216276407829288807696993083792180120763011612628844075543633935302644043351200000415397765490], [11531027939277663954924629808580850615128112189088429194733892444735389287125194989846483062137239631428856897300952091045885111504233971340222047595797974590299676147530138095131682563465058026356505341896547427515760211337648937509712681168680093916223136691048129594400887163117578083595198924212238020929650571543544239651025512948151083606981283495326581076022774788713191375373448616247020080804624589709887909060660751012839089160151250018439586685425207828386848506215840120679779020276348065756876412067877471560174945643434266029362965328759176908923082695706418412446830824537449603065572349763237675405751, 920729326437589730826095157469278350649316030890671041698866840091079079560109369898686162156986131867647612585803281076434525638323194196281197301522301314276691124338087536821687420513860352733995693071965887098334916285637808557203009371600993398395622919226813090045525901909117810003835895044704787089673163783368582595086734902024400720579716370279086180005814810492044173344668033992612757135892010975432640563801946449146558990089998260694779271111218515320264883756992522656100346966776474372573294784374889012500155152418754863716677395313380366718512341128264823401715112635658331018694834964614709946974]]) epsilon = matrix(Zmod(n), [[7165571226081578603835883150774616488728231051550287925851522690184895637139822876962972947112432251543801438173797575868444468354880336070457468476668646627601203589691836971847199834387550427409515139148865668672460930793878765006885214789102699287706918802228358033100073207658646769916917956918825343988728574869415991085833912621668186850044268946624373249357696907897355173351832256550108577060760939032564672939219868381918863800411991549406942127512322082415984088851421306484618925402688553375021971356743060341861158734723134788643394112904978199797407328350398837621015931420540971820281023718934332599845, 5311927137961618089465719533669959680179138808868451304787316556962730054216658384560427124537238182468330318432740185730773011315312521714917801639551804882300325955312260236798444551041370383751633970374956257915677214485582117483657761988919505553702104281197415775417014673469569050740206878224979551841366120847702679675682180740324259166151472145699221113252321870669004434874193357913127321023174144885899598070482292843947693798831055666003932625354269654187369701819908413086086194211158098010905312163522905960656367473770480743567823177465080036681918250028808180971378615523862092243350157331116954510698], [5453403043375115387776266465045212861994650155363814552052041113915923817009277472100191728376696957972330437923466587434020093694118621324930290244063889644426827678183126312734629316012791372652267229717880892934548663470390609038951254084596015737291790063273550517220952776485662834693648438708321765082221299643494798339214081530177171662673636605795986063100859446521438876886565157432362462831922149860311355669958620420565847240178703164000319792911764660820039884624929685147146215415904174517092317941864314088161460161442692320572464940560312915345911620266153658276926959641065541429189055966572657819520, 8323469275066655448490909899298437394080014136310987828663208635319609649256368613984492690212315915186764103523691677459103067777742206989452982676893533104930578345264505397629965506625890692620772096629332559013546209414474810863008128641233795446820695233160679181797421280038279121493037666374980800557085234506092778791238441904325008190674790187457682574952384888322563227452064207503676722597347894574663980629407710256847944722991203811304660432558564858911789500224117526382180259239886812006033221746547987173629026862386738990593399748341700938726003025625367055626519666645593341751948026564983517392940]]) e = matrix(Zmod(n), [[1, 0], [0, 1]]) inv_alpha = alpha.inverse() c = (inv_alpha - beta) * (gamma * beta - inv_alpha * gamma).inverse() kai = c * gamma + e lam = kai.inverse() * epsilon * kai mu = lam * mu_prime * lam msg = '' for i in range(2): for j in range(2): msg += ('%x' % mu[i][j]).decode('hex') print msg
実行結果は以下の通り。
The Cayley-Purser algorithm was a public-key cryptography algorithm published in early 1999 by 16-year-old Irishwoman Sarah Flannery, based on an unpublished work by Michael Purser, founder of Baltimore Technologies, a Dublin data security company. Flannery named it for mathematician Arthur Cayley. It has since been found to be flawed as a public-key algorithm, but was the subject of considerable media attention. Nice job! Your flag is tjctf{c0uld_th1s_b3_tH3_n3Xt_RS4?}
tjctf{c0uld_th1s_b3_tH3_n3Xt_RS4?}
Programmable Hyperlinked Pasta (Web 60)
HTMLソースを見ると、コメントに以下のように書いてある。
<!-- <a href="flag.txt">Here's a flag!</a> -->
https://programmable_hyperlinked_pasta.tjctf.org/flag.txtにアクセスすると、Forbidden表示。
https://programmable_hyperlinked_pasta.tjctf.org/?lang=flag.txtにアクセスしても何も表示されない、
https://programmable_hyperlinked_pasta.tjctf.org/?lang=../flag.txtにアクセスすると、フラグが表示された。
tjctf{l0c4l_f1l3_wh4t?}
Permutations (Cryptography 70)
emはmessageの文字の順序が変わったもので、順序を指定できる。変わった文字列について、RC4の暗号処理と同じ処理をしている。
http://inaz2.hatenablog.com/entry/2013/11/30/233649 を参考にして、RC4暗号の脆弱性を使う。
RC4はランダムな鍵に対して、暗号の2バイト目に偏りがあるという性質があるらしい。
1文字に対して、2**16回データを取れば、ほぼ確実に復元できそうだが、途中でサーバから接続を拒否される。
以下のようなコードで何回もデータを取得して、統計を取りながらmessageを推測する。
import socket from collections import Counter CHARS = 'abcdefghij' def replace_2nd_str(pos): target = CHARS[pos] base = CHARS.replace(target, '') return base[0] + target + base[1:] def recvuntil(s, tail): data = '' while True: if tail in data: return data data += s.recv(1) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('problem1.tjctf.org', 8007)) ## index setting ## idx = 9 print 'index =', idx send_str = replace_2nd_str(idx) print 'send_str =', send_str ################### results = [0] * 256 for j in range(2**10): data = recvuntil(s, '\n') #print data #print send_str s.sendall(send_str + '\n') data = recvuntil(s, '\n') #print data second_value = int(data[2:4], 16) results[second_value] += 1 # Top 10 -> Guess freq_map = dict((chr(i), n) for i, n in enumerate(results)) top10_freq = Counter(freq_map).most_common(10) print top10_freq
10文字について統計を取る。意味がありそうな単語を考えながら、それぞれ回数が多いものを選択する。
ohbyteRC4!
tjctf{ohbyteRC4!}
Ssleepy (Forensics 70)
No.55パケットからkey.zipを抽出する。解凍すると、秘密鍵が入っている。WiresharkでSSLの秘密鍵を設定し、復号する。
IP address: 104.155.183.43 Port: 443 Protocol: http Key File: server_key.pem
No.91パケットでflag.jpgをGETしている。SSL Streamからヘッダ部分を除いて保存する。
JPG画像にフラグが書いてあった。
TJCTF{WIRESHARK_OR_SHARKWIRE?}
Affine (Cryptography 90)
RSA暗号。Linear Padding ありの Hastad's broadcast attack で復号する。
# solve.sage import binascii import hashlib def get_sha1_val(n): s = str(n) return int(hashlib.sha1(s).hexdigest(), 16) def hastads(cArray, nArray, e=3): if(len(cArray)==len(nArray)==e): for i in range(e): cArray[i] = Integer(cArray[i]) nArray[i] = Integer(nArray[i]) M = crt(cArray, nArray) return(Integer(M).nth_root(e, truncate_mode = 1)) else: print("CiphertextArray, ModulusArray, need to be of the same length, and the same size as the public exponent") def linearPaddingHastads(cArray, nArray, aArray, bArray, e=3, eps=1/8): if(len(cArray) == len(nArray) == len(aArray) == len(bArray) == e): for i in range(e): cArray[i] = Integer(cArray[i]) nArray[i] = Integer(nArray[i]) aArray[i] = Integer(aArray[i]) bArray[i] = Integer(bArray[i]) TArray = [-1] * e for i in range(e): arrayToCRT = [0] * e arrayToCRT[i] = 1 TArray[i] = crt(arrayToCRT, nArray) P.<x> = PolynomialRing(Zmod(prod(nArray))) gArray = [-1] * e for i in range(e): gArray[i] = TArray[i] * (pow(aArray[i] * x + bArray[i], e) - cArray[i]) g = sum(gArray) g = g.monic() roots = g.small_roots(epsilon=eps) if(len(roots) == 0): print("No Solutions found") return -1 return roots[0] else: print("CiphertextArray, ModulusArray, and the linear padding arrays need to be of the same length," + "and the same size as the public exponent") e = 7 c1 = 25675152793958719362334087721727391668448541269558474462058064394972159237000883064745181284990149430303994650254840808322285864424764662750758365258432516187277728432545121586632979071929720717372649852913892333751596445815629910986053617473309414117281508303864323015909729484176490149898837722699148713920 n1 = 54820850259230535713865762084053568598874165594889130921566357696567616458378223857125838179921247755779292651871389981326670333442531734034645787606469134086461755105756873542385262892705242036071092223909243076301288478970799478306200287979706335286360412748167842364774735931863312933459243303887522528391 c2 = 57308013526198545787982553948831809099851386105071990727531071444194085081579444566800636703889823370213270842463375590828873179217670044197203168310866488084951374039873986096323030668989182846970273681633505685451818817121768616521795719540659814758454867045257226628730810691032850312088913937303862882122 n2 = 67042885520113263257118582290915177726312067469305908421847091179458757706749309299748971618010292667467149507645154486731380778917902476712952533653072795121865441967660602104613553639256754364241221379654359806670189462881506603085709273149985124690193140730266494965592337203461719611664879731308442667263 c3 = 33110523123312260880081423555385443012303698172724771306631372977777151188742699147449635911533782126548764489332497744201412222554852174681172644368277681280915180074419448681945399626487120057542603151103185868489294327151872456579497138539267121640657739423771314684090862694233758364464062279576183369864 n3 = 89985903111062000750924862108702084890290895192415633459163185350709370560849833696152316610647261365568603949891418963071575903453535955968749606939308123918445104540664601366419086133203411546299071992836870605114904775854946592687074623268960160934703771624447420985649938872471694356563590766730197327403 c4 = 77165065219653079862788577409129548279406192392832794127838745876446556297639145098957541474822063761739525311525724748975610206392909917884098887559908520069178582499123002341170033386358914463615518679156743215944833734844115997551919528578190653678286086414529205023645066772036171138071616232877775605403 n4 = 144578302659584152347777465183436595903641766254529841392977311918530263082334666488588492466964216842999000372858566667614430156791250833413367447725549300629307438383795112436448806559178858641149273056506193797949883101855228392777056665762363186560765549679621056726762476210940818128164542265216341911939 c5 = 46271592501512251239515544795747628191312494429121209907428975357753036096630585200765478229722279396220792499619124493513510693983433382775572503427829128432022799757398620804968227918699155484285929229454795772848632082074482660485353695038777422951895467676109703028615278915540633833992415540610914983525 n5 = 81790853226916934420573308748178318312510297162048844558315472184092957619321358751015078340781526837894903889782215325030254199582839010410447598969896414596873084948080977190437730775429382394893464902480690706275903017575378639142460124842161392405763583944706204061213376653979366112584588092058682099417 c6 = 57972675706457917594665689255141579755155126009393865090298137419620210832764812601374723742797175858601067071946998126997761266747079093136254796588168914305806501548651843044824561414391997008162345918166144951125302582440652239957438322070733320483325829334015651431547367283983778089203231241439641536053 n6 = 73980671682765133866918944940688116769134506866614012447817086969352897977409302191352722713709039627538976182650104228953961415306661290440291237838436045597491167374142468246641210294363030243026142729058264151545938090328689572424665075464153066787542386012683130559707032305120020753104044623180909126389 c7 = 74509805178973331475079616531075721234040785222421585008716026412829278145513552037640729538030768473876697345668551073431575270064366725987077833033222424840594603003480258191710744801632493056419255044343812108962552981039079556936296909043802657927151112869685008200474696033705827864953556606633891316209 n7 = 101172221238421792469887500553169614463346581090545073620543862634624608075572127513912303221239410360993953141778328809955385117874857059456679461625991923555648318729750420461377497354534152316919725646852519813952867617919442629999348382422210047284124959833853082144643826524296782324540575133270263491143 nArr = [n1, n2, n3, n4, n5, n6, n7] cArr = [c1, c2, c3, c4, c5, c6, c7] aArr = [1] * 7 bArr = [] bArr.append(get_sha1_val(n1)) bArr.append(get_sha1_val(n2)) bArr.append(get_sha1_val(n3)) bArr.append(get_sha1_val(n4)) bArr.append(get_sha1_val(n5)) bArr.append(get_sha1_val(n6)) bArr.append(get_sha1_val(n7)) msg = linearPaddingHastads(cArr, nArr, aArr, bArr, e=e, eps=1/16) msg = hex(int(msg))[2:] if(msg[-1]=='L'): msg = msg[:-1] if(len(msg)%2 == 1): msg = '0' + msg flag = binascii.unhexlify(msg) print flag
tjctf{b3ware_of_th3_g3n3ralization}
Volatile Virus (Forensics 130)
メモリダンプファイルが与えられている。
volatilityでいろいろ調査する。
$ volatility -f file_patched.dmp imageinfo Volatility Foundation Volatility Framework 2.5 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : Win7SP0x86, Win7SP1x86 (Instantiated with WinXPSP2x86) AS Layer1 : IA32PagedMemoryPae (Kernel AS) AS Layer2 : WindowsCrashDumpSpace32 (Unnamed AS) AS Layer3 : FileAddressSpace (/mnt/hgfs/Shared/work/file_patched.dmp) PAE type : PAE DTB : 0x185000L KUSER_SHARED_DATA : 0xffdf0000L Image date and time : 2018-08-06 03:58:15 UTC+0000 Image local date and time : 2018-08-05 20:58:15 -0700 $ volatility -f file_patched.dmp --profile=Win7SP1x86 pstree Volatility Foundation Volatility Framework 2.5 Name Pid PPid Thds Hnds Time -------------------------------------------------- ------ ------ ------ ------ ---- 0x860b33a8:explorer.exe 2292 2276 48 1248 2018-08-06 03:13:12 UTC+0000 . 0x86139d20:chrome.exe 3968 2292 35 1264 2018-08-06 03:14:13 UTC+0000 .. 0x850d0d20:chrome.exe 3500 3968 6 143 2018-08-06 03:16:00 UTC+0000 .. 0x85106030:chrome.exe 3496 3968 6 127 2018-08-06 03:53:44 UTC+0000 .. 0x861c3d20:chrome.exe 2896 3968 6 173 2018-08-06 03:54:08 UTC+0000 .. 0x8507b3e0:chrome.exe 548 3968 6 155 2018-08-06 03:18:16 UTC+0000 .. 0x8617ab50:chrome.exe 1108 3968 6 134 2018-08-06 03:53:57 UTC+0000 . 0x8506b030:python.exe 2976 2292 1 58 2018-08-06 03:15:14 UTC+0000 . 0x861d6030:taskmgr.exe 3880 2292 5 110 2018-08-06 03:53:21 UTC+0000 . 0x856c9ac0:VBoxTray.exe 2436 2292 13 151 2018-08-06 03:13:16 UTC+0000 . 0x85115c00:DumpIt.exe 3172 2292 6 93 2018-08-06 03:58:14 UTC+0000 0x85d851d8:winlogon.exe 416 372 3 110 2018-08-06 06:11:22 UTC+0000 0x85d6f030:csrss.exe 380 372 8 310 2018-08-06 06:11:22 UTC+0000 . 0x861e7440:conhost.exe 3436 380 2 40 2018-08-06 03:58:14 UTC+0000 . 0x861eb030:conhost.exe 3108 380 2 34 2018-08-06 03:15:15 UTC+0000 0x85d79d20:wininit.exe 388 324 3 78 2018-08-06 06:11:22 UTC+0000 . 0x85da8398:services.exe 476 388 7 204 2018-08-06 06:11:23 UTC+0000 .. 0x85f00478:taskhost.exe 1416 476 9 204 2018-08-06 03:11:36 UTC+0000 .. 0x85dea030:VBoxService.ex 648 476 11 118 2018-08-06 06:11:27 UTC+0000 .. 0x85df2b00:svchost.exe 712 476 8 253 2018-08-06 03:11:29 UTC+0000 .. 0x84f41d20:svchost.exe 1040 476 5 90 2018-08-06 03:11:43 UTC+0000 .. 0x8603c030:sppsvc.exe 284 476 4 147 2018-08-06 03:11:42 UTC+0000 .. 0x84fb3030:wlms.exe 1840 476 4 46 2018-08-06 03:11:40 UTC+0000 .. 0x85e9a528:svchost.exe 1156 476 16 475 2018-08-06 03:11:33 UTC+0000 .. 0x85f4c178:svchost.exe 1576 476 11 312 2018-08-06 03:11:37 UTC+0000 .. 0x85e333c8:svchost.exe 892 476 32 1007 2018-08-06 03:11:30 UTC+0000 .. 0x85edb610:spoolsv.exe 1324 476 13 277 2018-08-06 03:11:35 UTC+0000 .. 0x85f08618:svchost.exe 1456 476 17 292 2018-08-06 03:11:36 UTC+0000 .. 0x85e29030:svchost.exe 840 476 15 362 2018-08-06 03:11:30 UTC+0000 ... 0x85df8878:dwm.exe 2284 840 3 68 2018-08-06 03:13:12 UTC+0000 .. 0x85f8b998:cygrunsrv.exe 1716 476 6 101 2018-08-06 03:11:39 UTC+0000 ... 0x84f99870:cygrunsrv.exe 1796 1716 0 ------ 2018-08-06 03:11:40 UTC+0000 .... 0x84fbfd20:sshd.exe 1876 1796 4 100 2018-08-06 03:11:40 UTC+0000 .. 0x85eba7c0:SearchIndexer. 2676 476 11 630 2018-08-06 03:13:21 UTC+0000 .. 0x85e1f460:svchost.exe 800 476 19 435 2018-08-06 03:11:30 UTC+0000 ... 0x851315c0:audiodg.exe 3832 800 4 121 2018-08-06 03:55:37 UTC+0000 .. 0x85f4e338:svchost.exe 1604 476 16 275 2018-08-06 03:11:37 UTC+0000 .. 0x85629890:svchost.exe 584 476 10 349 2018-08-06 06:11:26 UTC+0000 ... 0x8513f030:WmiPrvSE.exe 2140 584 7 121 2018-08-06 03:58:15 UTC+0000 .. 0x85e2eb68:svchost.exe 864 476 29 562 2018-08-06 03:11:30 UTC+0000 .. 0x85e6dd20:svchost.exe 1020 476 6 116 2018-08-06 03:11:32 UTC+0000 .. 0x85f86030:svchost.exe 3580 476 12 364 2018-08-06 03:13:43 UTC+0000 . 0x85daf030:lsass.exe 484 388 7 577 2018-08-06 06:11:23 UTC+0000 . 0x85db0b90:lsm.exe 492 388 10 152 2018-08-06 06:11:23 UTC+0000 0x84f4e248:csrss.exe 332 324 10 401 2018-08-06 06:11:21 UTC+0000 . 0x84fb1d20:conhost.exe 1832 332 2 33 2018-08-06 03:11:40 UTC+0000 0x84ed1b90:System 4 0 83 530 2018-08-06 06:11:13 UTC+0000 . 0x8561b718:smss.exe 252 4 2 29 2018-08-06 06:11:13 UTC+0000
この後、チームメンバがkeyloggerの分析をし、フラグの前半を割り出すことができた。
tjctf{th1s_1s_n0t_a_v1ru5_
Chromeを使っていることが分かっているので、volatilityのchromeプラグインで調べてみる。
$ volatility -f file_patched.dmp --profile=Win7SP1x86 chromedownloads --output-file=chromedownloads.txt $ cat chromedownloads.txt Row Id Current Path Target Path Start Time Received Total Bytes State Danger Interrupt End Time Opened Referer By Ext ID By Ext Name ETag Last Modified MIME Type Original MIME Type ------ -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------- ------------ ------------ ----- ------ --------- -------------------------- ------ ---------------------------------------------------------------- --------- ----------- ------------------------ ------------------------------ -------------------------------- -------------------------------- 16 C:\Users\IEUser\Downloads\1FA71 C:\Users\IEUser\Downloads\1FA71 2018-08-06 03:20:29.210581 1023 1023 1 0 0 2018-08-06 03:20:29.466552 0 https://github.com/kakbkc/literate-sniffle/blob/master/1FA71 "764c4bbf98...ae31efc16" application/octet-stream application/octet-stream 15 C:\Users\IEUser\Downloads\1D218 C:\Users\IEUser\Downloads\1D218 2018-08-06 03:20:14.625735 1047 1047 1 0 0 2018-08-06 03:20:14.859907 0 https://github.com/kakbkc/literate-sniffle/blob/master/1D218 "7ffee2ea0a...c9f5321eb" application/octet-stream application/octet-stream 14 C:\Users\IEUser\Downloads\1CB1C C:\Users\IEUser\Downloads\1CB1C 2018-08-06 03:20:10.236260 1057 1057 1 0 0 2018-08-06 03:20:10.472951 0 https://github.com/kakbkc/literate-sniffle/blob/master/1CB1C "d4b88cb6bf...476d36f43" application/octet-stream application/octet-stream 13 C:\Users\IEUser\Downloads\1867D C:\Users\IEUser\Downloads\1867D 2018-08-06 03:19:59.895695 1068 1068 1 0 0 2018-08-06 03:20:00.128268 0 https://github.com/kakbkc/literate-sniffle/blob/master/1867D "604922a225...d51e9633d" application/octet-stream application/octet-stream 12 C:\Users\IEUser\Downloads\181F0 C:\Users\IEUser\Downloads\181F0 2018-08-06 03:19:53.215465 1080 1080 1 0 0 2018-08-06 03:19:53.543034 0 https://github.com/kakbkc/literate-sniffle/blob/master/181F0 "2502cc1653...97cb5eab0" application/octet-stream application/octet-stream 11 C:\Users\IEUser\Downloads\1568E C:\Users\IEUser\Downloads\1568E 2018-08-06 03:19:23.810158 1017 1017 1 0 0 2018-08-06 03:19:24.096658 0 https://github.com/kakbkc/literate-sniffle/blob/master/1568E "5c2a1f0d58...9d05baa91" application/octet-stream application/octet-stream 10 C:\Users\IEUser\Downloads\11B53 C:\Users\IEUser\Downloads\11B53 2018-08-06 03:19:18.350220 1096 1096 1 0 0 2018-08-06 03:19:18.605699 0 https://github.com/kakbkc/literate-sniffle/blob/master/11B53 "a8761d8ac6...f2882d0e5" application/octet-stream application/octet-stream 9 C:\Users\IEUser\Downloads\112E8 C:\Users\IEUser\Downloads\112E8 2018-08-06 03:19:12.694478 1044 1044 1 0 0 2018-08-06 03:19:12.999087 0 https://github.com/kakbkc/literate-sniffle/blob/master/112E8 "5e4b476fe5...083dc87cd" application/octet-stream application/octet-stream 8 C:\Users\IEUser\Downloads\0FB71 C:\Users\IEUser\Downloads\0FB71 2018-08-06 03:19:06.661971 1075 1075 1 0 0 2018-08-06 03:19:06.903977 0 https://github.com/kakbkc/literate-sniffle/blob/master/0FB71 "cd9bd42dd9...eab91c4c1" application/octet-stream application/octet-stream 7 C:\Users\IEUser\Downloads\0F32D C:\Users\IEUser\Downloads\0F32D 2018-08-06 03:18:56.779744 1082 1082 1 0 0 2018-08-06 03:18:57.017832 0 https://github.com/kakbkc/literate-sniffle/blob/master/0F32D "2076f61c97...f6a944e10" application/octet-stream application/octet-stream 6 C:\Users\IEUser\Downloads\0EDD0 C:\Users\IEUser\Downloads\0EDD0 2018-08-06 03:18:50.562136 1003 1003 1 0 0 2018-08-06 03:18:50.814568 0 https://github.com/kakbkc/literate-sniffle/blob/master/0EDD0 "e9f58e519e...a62dbb302" application/octet-stream application/octet-stream 5 C:\Users\IEUser\Downloads\0A314 C:\Users\IEUser\Downloads\0A314 2018-08-06 03:18:45.463460 1058 1058 1 0 0 2018-08-06 03:18:45.703668 0 https://github.com/kakbkc/literate-sniffle/blob/master/0A314 "6a2f51de25...c01cabfa5" application/octet-stream application/octet-stream 4 C:\Users\IEUser\Downloads\06910 C:\Users\IEUser\Downloads\06910 2018-08-06 03:18:41.046386 1034 1034 1 0 0 2018-08-06 03:18:41.295901 0 https://github.com/kakbkc/literate-sniffle/blob/master/06910 "b53cc3a9e3...e291a6f00" application/octet-stream application/octet-stream 3 C:\Users\IEUser\Downloads\02F60 C:\Users\IEUser\Downloads\02F60 2018-08-06 03:18:35.856466 1046 1046 1 0 0 2018-08-06 03:18:36.134028 0 https://github.com/kakbkc/literate-sniffle/blob/master/02F60 "8e21943e7b...29abd624d" application/octet-stream application/octet-stream 2 C:\Users\IEUser\Downloads\01F57 C:\Users\IEUser\Downloads\01F57 2018-08-06 03:18:29.093970 1073 1073 1 0 0 2018-08-06 03:18:29.530521 0 https://github.com/kakbkc/literate-sniffle/blob/master/01F57 "fa35a6344f...c45d813c6" application/octet-stream application/octet-stream 32 C:\Users\IEUser\Downloads\40131 C:\Users\IEUser\Downloads\40131 2018-08-06 03:23:26.140672 1070 1070 1 0 0 2018-08-06 03:23:26.439527 0 https://github.com/kakbkc/literate-sniffle/blob/master/40131 "653e30b372...3f6961ac3" application/octet-stream application/octet-stream 31 C:\Users\IEUser\Downloads\3F6A6 C:\Users\IEUser\Downloads\3F6A6 2018-08-06 03:23:02.705559 1054 1054 1 0 0 2018-08-06 03:23:02.990172 0 https://github.com/kakbkc/literate-sniffle/blob/master/3F6A6 "34f6f31820...48e77c4fa" application/octet-stream application/octet-stream 30 C:\Users\IEUser\Downloads\3F695 C:\Users\IEUser\Downloads\3F695 2018-08-06 03:22:49.613426 1022 1022 1 0 0 2018-08-06 03:22:49.930528 0 https://github.com/kakbkc/literate-sniffle/blob/master/3F695 "7b3e698387...459760fb7" application/octet-stream application/octet-stream 29 C:\Users\IEUser\Downloads\3F47B C:\Users\IEUser\Downloads\3F47B 2018-08-06 03:22:44.468808 1030 1030 1 0 0 2018-08-06 03:22:44.710531 0 https://github.com/kakbkc/literate-sniffle/blob/master/3F47B "dc1ce400d0...c374645f2" application/octet-stream application/octet-stream 28 C:\Users\IEUser\Downloads\3D0E8 C:\Users\IEUser\Downloads\3D0E8 2018-08-06 03:22:39.871725 1069 1069 1 0 0 2018-08-06 03:22:40.178677 0 https://github.com/kakbkc/literate-sniffle/blob/master/3D0E8 "3f75b94b2b...7d4e73577" application/octet-stream application/octet-stream 27 C:\Users\IEUser\Downloads\3ACBB C:\Users\IEUser\Downloads\3ACBB 2018-08-06 03:22:33.382970 1078 1078 1 0 0 2018-08-06 03:22:33.624826 0 https://github.com/kakbkc/literate-sniffle/blob/master/3ACBB "86d55f0889...d1b595906" application/octet-stream application/octet-stream 26 C:\Users\IEUser\Downloads\39617 C:\Users\IEUser\Downloads\39617 2018-08-06 03:22:24.349366 1052 1052 1 0 0 2018-08-06 03:22:24.606099 0 https://github.com/kakbkc/literate-sniffle/blob/master/39617 "ca03142de0...6dfc3eaa0" application/octet-stream application/octet-stream 25 C:\Users\IEUser\Downloads\3864C C:\Users\IEUser\Downloads\3864C 2018-08-06 03:22:11.063842 1089 1089 1 0 0 2018-08-06 03:22:11.376036 0 https://github.com/kakbkc/literate-sniffle/blob/master/3864C "dcbf668df3...24240dbc7" application/octet-stream application/octet-stream 24 C:\Users\IEUser\Downloads\2EEA8 C:\Users\IEUser\Downloads\2EEA8 2018-08-06 03:22:05.007278 1024 1024 1 0 0 2018-08-06 03:22:05.312084 0 https://github.com/kakbkc/literate-sniffle/blob/master/2EEA8 "9020a6c4e8...0b871ad9b" application/octet-stream application/octet-stream 23 C:\Users\IEUser\Downloads\2E887 C:\Users\IEUser\Downloads\2E887 2018-08-06 03:21:47.929673 1079 1079 1 0 0 2018-08-06 03:21:48.185013 0 https://github.com/kakbkc/literate-sniffle/blob/master/2E887 "9fbaff54a7...673f956fc" application/octet-stream application/octet-stream 22 C:\Users\IEUser\Downloads\2DD80 C:\Users\IEUser\Downloads\2DD80 2018-08-06 03:21:40.066016 1032 1032 1 0 0 2018-08-06 03:21:40.308089 0 https://github.com/kakbkc/literate-sniffle/blob/master/2DD80 "4b0410585d...7389b6f3a" application/octet-stream application/octet-stream 21 C:\Users\IEUser\Downloads\2BEA7.txt C:\Users\IEUser\Downloads\2BEA7.txt 2018-08-06 03:21:30.449428 1 1 1 0 0 2018-08-06 03:21:30.471285 0 text/html text/html 20 C:\Users\IEUser\Downloads\2B8A8 C:\Users\IEUser\Downloads\2B8A8 2018-08-06 03:20:58.119470 1100 1100 1 0 0 2018-08-06 03:20:58.360639 0 https://github.com/kakbkc/literate-sniffle/blob/master/2B8A8 "059ee2729d...cf33d7ff0" application/octet-stream application/octet-stream 19 C:\Users\IEUser\Downloads\2AC88 C:\Users\IEUser\Downloads\2AC88 2018-08-06 03:20:50.566815 1043 1043 1 0 0 2018-08-06 03:20:50.826217 0 https://github.com/kakbkc/literate-sniffle/blob/master/2AC88 "05b222d677...996c5bd93" applicatio 18 C:\Users\IEUser\Downloads\2757E C:\Users\IEUser\Downloads\2757E 2018-08-06 03:20:41.000335 1053 1053 1 0 0 2018-08-06 03:20:41.286984 0 https://github.com/kakbkc/literate-sniffle/blob/master/2757E "e23853a2d6...76824c280" application/octet-stream application/octet-stream 17 C:\Users\IEUser\Downloads\23882 C:\Users\IEUser\Downloads\23882 2018-08-06 03:20:34.361326 1021 1021 1 0 0 2018-08-06 03:20:34.644559 0 https://github.com/kakbkc/literate-sniffle/blob/master/23882 "896c1142f0...edd78eccd" application/octet-stream application/octet-stream 2 C:\Users\IEUser\Downloads\01F57 C:\Users\IEUser\Downloads\01F57 2018-08-06 03:18:29.093970 1073 1073 1 0 0 2018-08-06 03:18:29.530521 0 https://github.com/kakbkc/literate-sniffle/blob/master/01F57 "fa35a6344f...c45d813c6" appl 84 C:\Users\IEUser\Downloads\CEECF C:\Users\IEUser\Downloads\CEECF 2018-08-06 03:29:43.146420 1087 1087 1 0 0 2018-08-06 03:29:43.479690 0 https://github.com/kakbkc/literate-sniffle/blob/master/CEECF "e9581fc02d...5a926cdbd" application/octet-stream application/octet-stream 83 C:\Users\IEUser\Downloads\C9449 C:\Users\IEUser\Downloads\C9449 2018-08-06 03:29:38.767424 1056 1056 1 0 0 2018-08-06 03:29:39.013612 0 https://github.com/kakbkc/literate-sniffle/blob/master/C9449 "30b6737b8d...ca10f5a50" application/octet-stream application/octet-stream 82 C:\Users\IEUser\Downloads\C8B91 C:\Users\IEUser\Downloads\C8B91 2018-08-06 03:29:32.343223 1064 1064 1 0 0 2018-08-06 03:29:32.683042 0 https://github.com/kakbkc/literate-sniffle/blob/master/C8B91 "38963bd2b3...cb71243c3" application/octet-stream application/octet-stream 81 C:\Users\IEUser\Downloads\C6F9F C:\Users\IEUser\Downloads\C6F9F 2018-08-06 03:29:24.047784 1004 1004 1 0 0 2018-08-06 03:29:24.337354 0 https://github.com/kakbkc/literate-sniffle/blob/master/C6F9F "f720daae37...a9a9ea1ac" application/octet-stream application/octet-stream 80 C:\Users\IEUser\Downloads\C65BC C:\Users\IEUser\Downloads\C65BC 2018-08-06 03:29:12.965569 1083 1083 1 0 0 2018-08-06 03:29:13.258249 0 https://github.com/kakbkc/literate-sniffle/blob/master/C65BC "693614e82e...578e3c5a5" application/octet-stream application/octet-stream 79 C:\Users\IEUser\Downloads\C27CC C:\Users\IEUser\Downloads\C27CC 2018-08-06 03:29:02.171294 1095 1095 1 0 0 2018-08-06 03:29:02.467588 0 https://github.com/kakbkc/literate-sniffle/blob/master/C27CC "c64750012f...be5764d82" application/octet-stream application/octet-stream 101 C:\Users\IEUser\Downloads\FE6B8 C:\Users\IEUser\Downloads\FE6B8 2018-08-06 03:31:16.357418 1039 1039 1 0 0 2018-08-06 03:31:16.592000 0 https://github.com/kakbkc/literate-sniffle/blob/master/FE6B8 "25f94491b9...29dca12df" application/octet-stream application/octet-stream 100 C:\Users\IEUser\Downloads\FBA83 C:\Users\IEUser\Downloads\FBA83 2018-08-06 03:31:11.700473 1029 1029 1 0 0 2018-08-06 03:31:11.950191 0 https://github.com/kakbkc/literate-sniffle/blob/master/FBA83 "bb4ae18417...1fef30a2c" application/octet-stream application/octet-stream 99 C:\Users\IEUser\Downloads\FB986 C:\Users\IEUser\Downloads\FB986 2018-08-06 03:31:05.681886 1097 1097 1 0 0 2018-08-06 03:31:05.928082 0 https://github.com/kakbkc/literate-sniffle/blob/master/FB986 "3725def745...9d69b8dd5" application/octet-stream application/octet-stream 98 C:\Users\IEUser\Downloads\F425A C:\Users\IEUser\Downloads\F425A 2018-08-06 03:31:01.555487 1020 1020 1 0 0 2018-08-06 03:31:01.854499 0 https://github.com/kakbkc/literate-sniffle/blob/master/F425A "b8e7f63ee7...48fa6b91d" application/octet-stream application/octet-stream 97 C:\Users\IEUser\Downloads\F3FBC C:\Users\IEUser\Downloads\F3FBC 2018-08-06 03:30:57.149637 1049 1049 1 0 0 2018-08-06 03:30:57.397036 0 https://github.com/kakbkc/literate-sniffle/blob/master/F3FBC "661b0e7646...1e942ac8f" application/octet-stream application/octet-stream 96 C:\Users\IEUser\Downloads\ED80D C:\Users\IEUser\Downloads\ED80D 2018-08-06 03:30:52.983809 1045 1045 1 0 0 2018-08-06 03:30:53.237701 0 https://github.com/kakbkc/literate-sniffle/blob/master/ED80D "a25c27c64d...f231556ef" application/octet-stream application/octet-stream 95 C:\Users\IEUser\Downloads\E71C2 C:\Users\IEUser\Downloads\E71C2 2018-08-06 03:30:47.271597 1081 1081 1 0 0 2018-08-06 03:30:47.599151 0 https://github.com/kakbkc/literate-sniffle/blob/master/E71C2 "c8a8a10cfa...009bbd2fc" application/octet-stream application/octet-stream 94 C:\Users\IEUser\Downloads\E3CCD C:\Users\IEUser\Downloads\E3CCD 2018-08-06 03:30:37.715785 1074 1074 1 0 0 2018-08-06 03:30:37.962243 0 https://github.com/kakbkc/literate-sniffle/blob/master/E3CCD "9d8a568280...0c2a4cc25" application/octet-stream application/octet-stream 48 C:\Users\IEUser\Downloads\73830 C:\Users\IEUser\Downloads\73830 2018-08-06 03:25:45.761337 1026 1026 1 0 0 2018-08-06 03:25:46.059248 0 https://github.com/kakbkc/literate-sniffle/blob/master/73830 "0da7c24dbb...a196d955c" application/octet-stream application/octet-stream 47 C:\Users\IEUser\Downloads\730A4 C:\Users\IEUser\Downloads\730A4 2018-08-06 03:25:34.622880 1099 1099 1 0 0 2018-08-06 03:25:34.931338 0 https://github.com/kakbkc/literate-sniffle/blob/master/730A4 "7ee1392079...1f82b7113" application/octet-stream application/octet-stream 46 C:\Users\IEUser\Downloads\7139D C:\Users\IEUser\Downloads\7139D 2018-08-06 03:25:27.377092 1011 1011 1 0 0 2018-08-06 03:25:27.668195 0 https://github.com/kakbkc/literate-sniffle/blob/master/7139D "7c43aca2a4...585268e68" application/octet-stream application/octet-stream 45 C:\Users\IEUser\Downloads\6C45A C:\Users\IEUser\Downloads\6C45A 2018-08-06 03:25:21.715661 1059 1059 1 0 0 2018-08-06 03:25:22.082701 0 https://github.com/kakbkc/literate-sniffle/blob/master/6C45A "15535de309...96a3f928c" application/octet-stream application/octet-stream 44 C:\Users\IEUser\Downloads\69F38 C:\Users\IEUser\Downloads\69F38 2018-08-06 03:25:13.401479 1061 1061 1 0 0 2018-08-06 03:25:13.632098 0 https://github.com/kakbkc/literate-sniffle/blob/master/69F38 "fbb89ac943...7e970c482" application/octet-stream application/octet-stream 43 C:\Users\IEUser\Downloads\61923.txt C:\Users\IEUser\Downloads\61923.txt 2018-08-06 03:25:02.828426 1 1 1 0 0 2018-08-06 03:25:02.887902 0 text/html text/html 42 C:\Users\IEUser\Downloads\60291 C:\Users\IEUser\Downloads\60291 2018-08-06 03:24:33.913193 1041 1041 1 0 0 2018-08-06 03:24:34.160232 0 https://github.com/kakbkc/literate-sniffle/blob/master/60291 "85dedde7e6...7d55e2e6f" application/octet-stream application/octet-stream 41 C:\Users\IEUser\Downloads\5F5EC C:\Users\IEUser\Downloads\5F5EC 2018-08-06 03:24:24.018538 1091 1091 1 0 0 2018-08-06 03:24:24.331415 0 https://github.com/kakbkc/literate-sniffle/blob/master/5F5EC "4eec83b7eb...49a55dcf3" application/octet-stream application/octet-stream 40 C:\Users\IEUser\Downloads\5E7D2 C:\Users\IEUser\Downloads\5E7D2 2018-08-06 03:24:19.496683 1098 1098 1 0 0 2018-08-06 03:24:19.753267 0 https://github.com/kakbkc/literate-sniffle/blob/master/5E7D2 "1953c35270...f9846fad3" application/octet-stream application/octet-stream 39 C:\Users\IEUser\Downloads\5CD90 C:\Users\IEUser\Downloads\5CD90 2018-08-06 03:24:12.849979 1050 1050 1 0 0 2018-08-06 03:24:13.099006 0 https://github.com/kakbkc/literate-sniffle/blob/master/5CD90 "3b57062764...c47b22ce0" application/octet-stream application/octet-stream 38 C:\Users\IEUser\Downloads\5BEC8 C:\Users\IEUser\Downloads\5BEC8 2018-08-06 03:23:55.763479 1084 1084 1 0 0 2018-08-06 03:23:56.023106 0 https://github.com/kakbkc/literate-sniffle/blob/master/5BEC8 "0c7c3138aa...ae5f96a54" application/octet-stream application/octet-stream 37 C:\Users\IEUser\Downloads\5603A C:\Users\IEUser\Downloads\5603A 2018-08-06 03:23:50.360605 1019 1019 1 0 0 2018-08-06 03:23:50.599211 0 https://github.com/kakbkc/literate-sniffle/blob/master/5603A "82d6d4bef3...acab55eef" application/octet-stream application/octet-stream 36 C:\Users\IEUser\Downloads\521B6 C:\Users\IEUser\Downloads\521B6 2018-08-06 03:23:45.378551 1076 1076 1 0 0 2018-08-06 03:23:45.649116 0 https://github.com/kakbkc/literate-sniffle/blob/master/521B6 "00b6a654e7...234e99e18" application/octet-stream application/octet-stream 35 C:\Users\IEUser\Downloads\50D6C C:\Users\IEUser\Downloads\50D6C 2018-08-06 03:23:40.875112 1048 1048 1 0 0 2018-08-06 03:23:41.112743 0 https://github.com/kakbkc/literate-sniffle/blob/master/50D6C "7d8c0a54d4...2af649c72" application/octet-stream application/octet-stream 34 C:\Users\IEUser\Downloads\4581C C:\Users\IEUser\Downloads\4581C 2018-08-06 03:23:36.767541 1013 1013 1 0 0 2018-08-06 03:23:37.049725 0 https://github.com/kakbkc/literate-sniffle/blob/master/4581C "d620bc6e86...44128f4db" application/octet-stream application/octet-stream 33 C:\Users\IEUser\Downloads\445CD C:\Users\IEUser\Downloads\445CD 2018-08-06 03:23:31.638008 1035 1035 1 0 0 2018-08-06 03:23:31.946005 0 https://github.com/kakbkc/literate-sniffle/blob/master/445CD "9129c5d34c...1cea4d942" application/octet-stream application/octet-stream 63 C:\Users\IEUser\Downloads\9E87A C:\Users\IEUser\Downloads\9E87A 2018-08-06 03:27:26.224723 1009 1009 1 0 0 2018-08-06 03:27:26.515086 0 https://github.com/kakbkc/literate-sniffle/blob/master/9E87A "30488dc0c0...f61f135cd" application/octet-stream application/octet-stream 62 C:\Users\IEUser\Downloads\968C5 C:\Users\IEUser\Downloads\968C5 2018-08-06 03:27:19.748446 1015 1015 1 0 0 2018-08-06 03:27:20.018040 0 https://github.com/kakbkc/literate-sniffle/blob/master/968C5 "0cca9be69d...e2c98cc33" application/octet-stream application/octet-stream 61 C:\Users\IEUser\Downloads\94A69 C:\Users\IEUser\Downloads\94A69 2018-08-06 03:27:13.542001 1008 1008 1 0 0 2018-08-06 03:27:13.783899 0 https://github.com/kakbkc/literate-sniffle/blob/master/94A69 "168e2ee061...947d2ac68" application/octet-stream application/octet-stream 60 C:\Users\IEUser\Downloads\941F9 C:\Users\IEUser\Downloads\941F9 2018-08-06 03:27:08.781601 1093 1093 1 0 0 2018-08-06 03:27:09.037411 0 https://github.com/kakbkc/literate-sniffle/blob/master/941F9 "416c390271...08c9a49bd" application/octet-stream application/octet-stream 59 C:\Users\IEUser\Downloads\8C4F4 C:\Users\IEUser\Downloads\8C4F4 2018-08-06 03:27:01.298806 1038 1038 1 0 0 2018-08-06 03:27:01.560604 0 https://github.com/kakbkc/literate-sniffle/blob/master/8C4F4 "1ff6c22b34...193a3cbf2" application/octet-stream application/octet-stream 58 C:\Users\IEUser\Downloads\89A92 C:\Users\IEUser\Downloads\89A92 2018-08-06 03:26:55.237782 1033 1033 1 0 0 2018-08-06 03:26:55.561439 0 https://github.com/kakbkc/literate-sniffle/blob/master/89A92 "fb649a8d80...9b0b3957c" application/octet-stream application/octet-stream 57 C:\Users\IEUser\Downloads\86B54 C:\Users\IEUser\Downloads\86B54 2018-08-06 03:26:50.198751 1090 1090 1 0 0 2018-08-06 03:26:50.607796 0 https://github.com/kakbkc/literate-sniffle/blob/master/86B54 "7e2c62612f...26674de41" application/octet-stream application/octet-stream 56 C:\Users\IEUser\Downloads\8530A C:\Users\IEUser\Downloads\8530A 2018-08-06 03:26:44.057507 1088 1088 1 0 0 2018-08-06 03:26:44.452215 0 https://github.com/kakbkc/literate-sniffle/blob/master/8530A "2489265ebc...d60bf991e" application/octet-stream application/octet-stream 55 C:\Users\IEUser\Downloads\812F5 C:\Users\IEUser\Downloads\812F5 2018-08-06 03:26:38.362641 1072 1072 1 0 0 2018-08-06 03:26:38.646574 0 https://github.com/kakbkc/literate-sniffle/blob/master/812F5 "51b3e8ac91...ae6c3505f" application/octet-stream application/octet-stream 54 C:\Users\IEUser\Downloads\80CBD C:\Users\IEUser\Downloads\80CBD 2018-08-06 03:26:31.951385 1006 1006 1 0 0 2018-08-06 03:26:32.314204 0 https://github.com/kakbkc/literate-sniffle/blob/master/80CBD "91b43321cd...8344c55aa" application/octet-stream application/octet-stream 53 C:\Users\IEUser\Downloads\8042C C:\Users\IEUser\Downloads\8042C 2018-08-06 03:26:26.076986 1014 1014 1 0 0 2018-08-06 03:26:26.368192 0 https://github.com/kakbkc/literate-sniffle/blob/master/8042C "55a605bb5d...8f165c4f4" application/octet-stream application/octet-stream 52 C:\Users\IEUser\Downloads\792F1 C:\Users\IEUser\Downloads\792F1 2018-08-06 03:26:16.149983 1065 1065 1 0 0 2018-08-06 03:26:16.444677 0 https://github.com/kakbkc/literate-sniffle/blob/master/792F1 "2dd7cf2bc1...e971704b8" application/octet-stream application/octet-stream 51 C:\Users\IEUser\Downloads\792C1 C:\Users\IEUser\Downloads\792C1 2018-08-06 03:26:08.505413 1037 1037 1 0 0 2018-08-06 03:26:08.803285 0 https://github.com/kakbkc/literate-sniffle/blob/master/792C1 "130be2e97a...cd070283d" application/octet-stream application/octet-stream 50 C:\Users\IEUser\Downloads\7854} C:\Users\IEUser\Downloads\7854} 2018-08-06 03:26:03.231024 1101 1101 1 0 0 2018-08-06 03:26:03.530371 0 https://github.com/kakbkc/literate-sniffle/blob/master/7854%7D "bd4a9a6fdf...1032aa4dc" application/octet-stream application/octet-stream 49 C:\Users\IEUser\Downloads\76E08 C:\Users\IEUser\Downloads\76E08 2018-08-06 03:25:56.007012 1028 1028 1 0 0 2018-08-06 03:25:56.375122 0 https://github.com/kakbkc/literate-sniffle/blob/master/76E08 "deefa3ea35...1a2473427" application/octet-stream application/octet-stream 19 C:\Users\IEUser\Downloads\2AC88 C:\Users\IEUser\Downloads\2AC88 2018-08-06 03:20:50.566815 1043 1043 1 0 0 2018-08-06 03:20:50.826217 0 https://github.com/kakbkc/literate-sniffle/blob/master/2AC88 "05b222d677...996c5bd93" application/octet-stream application/octet-stream 78 C:\Users\IEUser\Downloads\C1728 C:\Users\IEUser\Downloads\C1728 2018-08-06 03:28:55.999586 1085 1085 1 0 0 2018-08-06 03:28:56.244801 0 https://github.com/kakbkc/literate-sniffle/blob/master/C1728 "cd3182fd0f...80c8072bd" application/octet-stream application/octet-stream 77 C:\Users\IEUser\Downloads\C113E C:\Users\IEUser\Downloads\C113E 2018-08-06 03:28:50.989559 1027 1027 1 0 0 2018-08-06 03:28:51.288581 0 https://github.com/kakbkc/literate-sniffle/blob/master/C113E "d977db7243...ee9f7eb5c" application/octet-stream application/octet-stream 76 C:\Users\IEUser\Downloads\BE1C4 C:\Users\IEUser\Downloads\BE1C4 2018-08-06 03:28:44.772122 1007 1007 1 0 0 2018-08-06 03:28:45.042258 0 https://github.com/kakbkc/literate-sniffle/blob/master/BE1C4 "71bcb9b176...cbf591378" application/octet-stream application/octet-stream 75 C:\Users\IEUser\Downloads\BD86F C:\Users\IEUser\Downloads\BD86F 2018-08-06 03:28:38.858287 1077 1077 1 0 0 2018-08-06 03:28:39.088544 0 https://github.com/kakbkc/literate-sniffle/blob/master/BD86F "1f80c8c5b7...b4189d56c" application/octet-stream application/octet-stream 74 C:\Users\IEUser\Downloads\BC391 C:\Users\IEUser\Downloads\BC391 2018-08-06 03:28:33.952930 1086 1086 1 0 0 2018-08-06 03:28:34.190035 0 https://github.com/kakbkc/literate-sniffle/blob/master/BC391 "fe76cfc003...387ee9bdd" application/octet-stream application/octet-stream 73 C:\Users\IEUser\Downloads\BA58C C:\Users\IEUser\Downloads\BA58C 2018-08-06 03:28:28.281751 1063 1063 1 0 0 2018-08-06 03:28:28.530953 0 https://github.com/kakbkc/literate-sniffle/blob/master/BA58C "07f1bf0d2c...33a752530" application/octet-stream application/octet-stream 72 C:\Users\IEUser\Downloads\BA557 C:\Users\IEUser\Downloads\BA557 2018-08-06 03:28:22.439906 1016 1016 1 0 0 2018-08-06 03:28:22.678121 0 https://github.com/kakbkc/literate-sniffle/blob/master/BA557 "19c2c14c13...91ffc1a05" application/octet-stream application/octet-stream 71 C:\Users\IEUser\Downloads\B85B6 C:\Users\IEUser\Downloads\B85B6 2018-08-06 03:28:18.238660 1060 1060 1 0 0 2018-08-06 03:28:18.480740 0 https://github.com/kakbkc/literate-sniffle/blob/master/B85B6 "ad21aafe76...eda94936e" application/octet-stream application/octet-stream 70 C:\Users\IEUser\Downloads\B0A91 C:\Users\IEUser\Downloads\B0A91 2018-08-06 03:28:11.556215 1025 1025 1 0 0 2018-08-06 03:28:11.826752 0 https://github.com/kakbkc/literate-sniffle/blob/master/B0A91 "fd1c36b6f9...5b2e74bd5" application/octet-stream application/octet-stream 69 C:\Users\IEUser\Downloads\AF4A5 C:\Users\IEUser\Downloads\AF4A5 2018-08-06 03:28:06.910125 1040 1040 1 0 0 2018-08-06 03:28:07.142490 0 https://github.com/kakbkc/literate-sniffle/blob/master/AF4A5 "88cbeaab94...f5c8fc0d3" application/octet-stream application/octet-stream 68 C:\Users\IEUser\Downloads\AB38B C:\Users\IEUser\Downloads\AB38B 2018-08-06 03:28:00.475619 1010 1010 1 0 0 2018-08-06 03:28:00.721414 0 https://github.com/kakbkc/literate-sniffle/blob/master/AB38B "7d4577c52b...e3d9cce37" application/octet-stream application/octet-stream 67 C:\Users\IEUser\Downloads\A7DFE C:\Users\IEUser\Downloads\A7DFE 2018-08-06 03:27:49.789232 1036 1036 1 0 0 2018-08-06 03:27:50.054038 0 https://github.com/kakbkc/literate-sniffle/blob/master/A7DFE "7e4bb27c44...55c1d3c70" application/octet-stream application/octet-stream 66 C:\Users\IEUser\Downloads\A7037 C:\Users\IEUser\Downloads\A7037 2018-08-06 03:27:44.603181 1018 1018 1 0 0 2018-08-06 03:27:44.946018 0 https://github.com/kakbkc/literate-sniffle/blob/master/A7037 "b31939551b...56206d5d7" application/octet-stream application/octet-stream 65 C:\Users\IEUser\Downloads\A5149 C:\Users\IEUser\Downloads\A5149 2018-08-06 03:27:37.921109 1066 1066 1 0 0 2018-08-06 03:27:38.186869 0 https://github.com/kakbkc/literate-sniffle/blob/master/A5149 "9725eb77f3...9fe4e6b35" application/octet-stream application/octet-stream 64 C:\Users\IEUser\Downloads\9E8A4 C:\Users\IEUser\Downloads\9E8A4 2018-08-06 03:27:32.321791 1071 1071 1 0 0 2018-08-06 03:27:32.566072 0 https://github.com/kakbkc/literate-sniffle/blob/master/9E8A4 "95f0420248...0f7a97e67" application/octet-stream application/octet-stream 53 C:\Users\IEUser\Downloads\8042C C:\Users\IEUser\Downloads\8042C 2018-08-06 03:26:26.076986 1014 1014 1 0 0 2018-08-06 03:26:26.368192 0 https://github.com/kakbkc/literate-sniffle/blob/master/8042C "55a605bb5d...8f165c4f4" application/octet- 93 C:\Users\IEUser\Downloads\E2CDB C:\Users\IEUser\Downloads\E2CDB 2018-08-06 03:30:31.606693 1031 1031 1 0 0 2018-08-06 03:30:31.842920 0 https://github.com/kakbkc/literate-sniffle/blob/master/E2CDB "8b9f5d8137...17cb4913c" application/octet-stream application/octet-stream 92 C:\Users\IEUser\Downloads\E0B28 C:\Users\IEUser\Downloads\E0B28 2018-08-06 03:30:23.779289 1012 1012 1 0 0 2018-08-06 03:30:24.094131 0 https://github.com/kakbkc/literate-sniffle/blob/master/E0B28 "3c2b64abce...6a69371c0" application/octet-stream application/octet-stream 91 C:\Users\IEUser\Downloads\E0983 C:\Users\IEUser\Downloads\E0983 2018-08-06 03:30:18.161954 1042 1042 1 0 0 2018-08-06 03:30:18.419321 0 https://github.com/kakbkc/literate-sniffle/blob/master/E0983 "4aab43dce2...0438bff0e" application/octet-stream application/octet-stream 90 C:\Users\IEUser\Downloads\DE516 C:\Users\IEUser\Downloads\DE516 2018-08-06 03:30:13.547867 1055 1055 1 0 0 2018-08-06 03:30:13.796791 0 https://github.com/kakbkc/literate-sniffle/blob/master/DE516 "f0a0e6827d...fd5259135" application/octet-stream application/octet-stream 89 C:\Users\IEUser\Downloads\DA182 C:\Users\IEUser\Downloads\DA182 2018-08-06 03:30:06.105575 1092 1092 1 0 0 2018-08-06 03:30:06.407949 0 https://github.com/kakbkc/literate-sniffle/blob/master/DA182 "82f7c3153f...f869f4229" application/octet-stream application/octet-stream 88 C:\Users\IEUser\Downloads\D73C0 C:\Users\IEUser\Downloads\D73C0 2018-08-06 03:30:01.211194 1002 1002 1 0 0 2018-08-06 03:30:01.519693 0 https://github.com/kakbkc/literate-sniffle/blob/master/D73C0 "acee12264b...e680834dd" application/octet-stream application/octet-stream 87 C:\Users\IEUser\Downloads\D6A89 C:\Users\IEUser\Downloads\D6A89 2018-08-06 03:29:57.032125 1051 1051 1 0 0 2018-08-06 03:29:57.309602 0 https://github.com/kakbkc/literate-sniffle/blob/master/D6A89 "0bcaade519...08a5adfd3" application/octet-stream application/octet-stream 86 C:\Users\IEUser\Downloads\D4297 C:\Users\IEUser\Downloads\D4297 2018-08-06 03:29:52.690294 1062 1062 1 0 0 2018-08-06 03:29:52.935694 0 https://github.com/kakbkc/literate-sniffle/blob/master/D4297 "a476df257e...c729cfcae" application/octet-stream application/octet-stream 85 C:\Users\IEUser\Downloads\D2D9E C:\Users\IEUser\Downloads\D2D9E 2018-08-06 03:29:47.513258 1005 1005 1 0 0 2018-08-06 03:29:47.814073 0 https://github.com/kakbkc/literate-sniffle/blob/master/D2D9E "5f76f11816...ebfc629d6" application/octet-stre 66 C:\Users\IEUser\Downloads\A7037 C:\Users\IEUser\Downloads\A7037 2018-08-06 03:27:44.603181 1018 1018 1 0 0 2018-08-06 03:27:44.946018 0 https://github.com/kakbkc/literate-sniffle/blob/master/A7037 "b31939551b...56206d5d7" applicatio 96 C:\Users\IEUser\Downloads\ED80D C:\Users\IEUser\Downloads\ED80D 2018-08-06 03:30:52.983809 1045 1045 1 0 0 2018-08-06 03:30:53.237701 0 https://github.com/kakbkc/literate-sniffle/blob/master/ED80D "a25c27c64d...f231556ef" applicatio 85 C:\Users\IEUser\Downloads\D2D9E C:\Users\IEUser\Downloads\D2D9E 2018-08-06 03:29:47.513258 1005 1005 1 0 0 2018-08-06 03:29:47.814073 0 https://github.com/kakbkc/literate-sniffle/blob/master/D2D9E "5f76f11816...ebfc629d6" application/octet-stream application/octet-stream 33 C:\Users\IEUser\Downloads\445CD C:\Users\IEUser\Downloads\445CD 2018-08-06 03:23:31.638008 1035 1035 1 0 0 2018-08-06 03:23:31.946005 0 https://github.com/kakbkc/literate-sniffle/blob/master/445CD "9129c5d34c...1cea4d942" appl 33 C:\Users\IEUser\Downloads\445CD C:\Users\IEUser\Downloads\445CD 2018-08-06 03:23:31.638008 1035 1035 1 0 0 2018-08-06 03:23:31.946005 0 https://github.com/kakbkc/literate-sniffle/blob/master/445CD "9129c5d34c...1cea4d942" appl? €? €? €? 66 C:\Users\IEUser\Downloads\A7037 C:\Users\IEUser\Downloads\A7037 2018-08-06 03:27:44.603181 1018 1018 1 0 0 2018-08-06 03:27:44.946018 0 https://github.com/kakbkc/literate-sniffle/blob/master/A7037 "b31939551b...56206d5d7" applicatioタ ・・タ ・ ・タ ・・タ ・・タ ・ 96 C:\Users\IEUser\Downloads\ED80D C:\Users\IEUser\Downloads\ED80D 2018-08-06 03:30:52.983809 1045 1045 1 0 0 2018-08-06 03:30:53.237701 0 https://github.com/kakbkc/literate-sniffle/blob/master/ED80D "a25c27c64d...f231556ef" applicatioa.$.length-1?a .Uw(a.$[b].Wr):a.Uw(a.$[ $ volatility -f file_patched.dmp --profile=Win7SP1x86 chromedownloads --output=csv --output-file=chromedownloads.csv
Total Bytesは一部が1になっているのを除いて連番になっている。連番最終の1101のときにTarget Pathが7854}になっている。それぞれ順番につなげていけばいいのかもしれない。
重複しているものは1つのものとして結合し、2回結合することはしない。この連結させた結果を前に出てきたフラグの前半に結合させる。
def get_fname(s): return s[s.rfind('\\') + 1:] with open('chromedownloads.csv', 'r') as f: lines = f.readlines()[1:] d = {} for line in lines: line = line.replace('\"', '').strip() target_path = line.split(',')[2] total_bytes = line.split(',')[5] #print get_fname(target_path), total_bytes if total_bytes != '1': d[total_bytes] = get_fname(target_path) flag = 'tjctf{th1s_1s_n0t_a_v1ru5_' for key, val in sorted(d.items()): flag += val print flag
この結果は以下の通り。
tjctf{th1s_1s_n0t_a_v1ru5_D73C00EDD0C6F9FD2D9E80CBDBE1C494A699E87AAB38B7139DE0B284581C8042C968C5BA5571568EA70375603AF425A238823F6951FA712EEA8B0A9173830C113E76E08FBA833F47BE2CDB2DD8089A9206910445CDA7DFE792C18C4F4FE6B8AF4A560291E09832AC88112E8ED80D02F601D21850D6CF3FBC5CD90D6A89396172757E3F6A6DE516C94491CB1C0A3146C45AB85B669F38D4297BA58CC8B91792F1A51491867D3D0E8401319E8A4812F501F57E3CCD0FB71521B6BD86F3ACBB2E887181F0E71C20F32DC65BC5BEC8C1728BC391CEECF8530A3864C86B545F5ECDA182941F9C27CC11B53FB9865E7D2730A42B8A87854}
$ echo -n tjctf{th1s_1s_n0t_a_v1ru5_D73C00EDD0C6F9FD2D9E80CBDBE1C494A699E87AAB38B7139DE0B284581C8042C968C5BA5571568EA70375603AF425A238823F6951FA712EEA8B0A9173830C113E76E08FBA833F47BE2CDB2DD8089A9206910445CDA7DFE792C18C4F4FE6B8AF4A560291E09832AC88112E8ED80D02F601D21850D6CF3FBC5CD90D6A89396172757E3F6A6DE516C94491CB1C0A3146C45AB85B669F38D4297BA58CC8B91792F1A51491867D3D0E8401319E8A4812F501F57E3CCD0FB71521B6BD86F3ACBB2E887181F0E71C20F32DC65BC5BEC8C1728BC391CEECF8530A3864C86B545F5ECDA182941F9C27CC11B53FB9865E7D2730A42B8A87854} | md5sum 5f3edc3cc39b4771d3448fe20b5d6651 -
5f3edc3cc39b4771d3448fe20b5d6651