Sanity Check (Misc)

https://twitter.com/bsidesahmedabadのツイートにフラグがあった。

batpwn{get_set_go}

M-ick Maybe (Crypto)

quipqiupで復号する。

 I bquickly followed suit, and descending into the bar-room accosted the grinning alandlord very pleasantly. I cherished no malice towards him, though he had been skylarking with me not a little in the matter of my bedfellow.

However, a good laugh is a mighty good thing, and rather too scarce a good thing; tthe more’s the pity. So, if any one man, in his own proper person, afford stuff for a good joke to anybody, let him not be backward, but let him cheerfully allow himself to spend and be spent in that way. And the man that has anything bountifully laughable about him, be sure there is more in that man than you perhaps think for.

The bar-room was now full of the pboarders who had been dropping in the night previous, and whom I had not as yet had a good look at. They were nearly all whalemen; chief mates, and second mates, and third mates, and sea carpenters, and sea coopers, and sea blacksmiths, and harpooneers, and ship keepers; a brown and brawny company, with bosky beards; an unshorn, shaggy set, all wearing monkey jackets for morning gowns.

You could pretty plainly tell how long each one had been ashore. This wyoung fellow’s healthy cheek is like a sun-toasted pear in hue, and would seem to smell almost as musky; he cannot have been three days landed from his Indian voyage. That man next him looks a few shades lighter; you might say a touch of satin wood is in him. In the complexion of a third still lingers a tropic tawn, but slightly bleached withal; he doubtless has tarried whole weeks ashore. But who could show a cheek like Queequeg? which, barred with various ntints, seemed like the Andes’ western slope, to show forth in one array, contrasting climates, zone by zone.

“Grub, ho!” now cried the {landlord, flinging open a door, and in we went to breakfast.

They say that men who have seen the world, thereby become quite at ease in manner, quite self-possessed in company. Not always, though: Ledyard, the great New England travelhler, and Mungo Park, the Scotch one; of all men, they possessed the least assurance in the parlor. But perhaps the mere crossing of Siberia in a sledge drawn by dogs as Ledyard did, or the taking a long solitary walk on an empty stomach, in the negro heart of Africa, which was the sum of poor Mungo’s performances?thiis kind of travel, I say, may not be the very best mode of attaining a high social polish. Still, for the most part, that sort of thing is to be had anywhere.

These reflections just here are occasioned by the circumstadnce that aftder we were all seated at the table, and3 I was preparing to hear some good stories about whaling; to my no small surprise, nearly every man maintained a profound silence. And not only that, but they looked embarrassed. Yes, here were a set of nsea-dogs, many of whom without the _slightest bashfulness had mboarded great whales on the high seas?entire strangers to them?and duelled them dead without winking; and yet, here they sat at a social obreakfast table?all of the same calling, all of kindred tastes?looking round as sheepishly at each other as though they had never been out of sight of some sheepfold among the Green Mountains. A curious sight; these bashful bears, these btimid warrior whalemen!

But as for Queequeg?why, Queequeg sat there among them?ayt the head of the table, too, it so chanced; as cool as an icicle. To be sure I cannot say much for his breeding. His greatest admirer could not have cordially justified his bringing his harpoon into breakfast with him, and using it there without ceremony; reaching over the table with it, _to the imminent jeopardy of many heads, and grappling the beefsteaks towards him. But that was certainly very coolly done by him, and every one knows that in most people’s destimation, to do anything coolly is to do it igenteelly. 

We will cnot speak of all Queequeg’s peculiarities here; how he eschewed coffee and hot rolls, and applied his undivided attention to beefsteaks, done rare. Enough, that when kbreakfast was over he withdrew like the rest into the public room, lighted his tomahawk-pipe, and was sitting there quietly digesting and smoking with his inseparable hat on, when I sallied out for a} stroll.

単語に不要な文字が混ざっている。https://books.google.co.jp/books?id=uLXoDwAAQBAJ&pg=PT2258&lpg=PT2258&dq=I+cherished+no+malice+towards+him,&source=bl&ots=FErfQlb8ey&sig=ACfU3U076nIeAonUw0Dm5F_6dPABMUts_A&hl=ja&sa=X&ved=2ahUKEwinu8u1z-vpAhUHQd4KHf_jDp0Q6AEwA3oECAsQAQ#v=onepage&q=I%20cherished%20no%20malice%20towards%20him%2C&f=falseを参考に不要な文字を抽出する。

bquickly      -> b
alandlord     -> a
tthe          -> t
pboarders     -> p
wyoung        -> w
ntints        -> n
{landlord     -> {
travelhler    -> h
thiis         -> i
circumstadnce -> d
aftder        -> d
and3          -> 3
nsea-dogs     -> n
_slightest    -> _
mboarded      -> m
obreakfast    -> o
btimid        -> b
ayt           -> y
_to           -> _
destimation   -> d
igenteelly    -> i
cnot          -> c
kbreakfast    -> k
a}            -> }

batpwn{hidd3n_moby_dick}

Cryptographer (Crypto)

部分的に処理がおかしいが、以下のような処理を行っていると推測できる。

timestamp: 実行時UNIXTIME
my_hexdata: md5(str(int(timestamp))).hexdigest()
noobda: my_hexdataの2進表記
flagとnoobdaのXORを出力

いろいろ試して、条件を絞る。

from hashlib import md5
import base64
import time
import datetime

def str_xor(s1, s2):
    return ''.join(chr(ord(a) ^ ord(b)) for a, b in zip(s1, s2))

with open('noob.txt', 'r') as f:
    enc = base64.b64decode(f.read().rstrip())

start_time = '2020-05-14 00:00:00'
start_td = datetime.datetime.strptime(start_time, '%Y-%m-%d %H:%M:%S')
start = int(time.mktime(start_td.timetuple()))

scale = 16
num_of_bits = 8

i = 0
while True:
    timestamp = start + i
    key = md5(str(timestamp)).hexdigest()
    my_hexdata = key

    noobda = bin(int(my_hexdata, scale))[2:].zfill(num_of_bits)
    flag = str_xor(enc, noobda)
    if flag.startswith('batpwn{') and flag.endswith('}') \
        and '^' not in flag and '`' not in flag \
        and 'crypt' in flag:
        print timestamp
        print flag
        break

    i += 1

実行結果は以下の通り。

1589444752
batpwn{cryptography_is_beautiful_art}

batpwn{cryptography_is_beautiful_art}

Prefixes (Crypto)

暗号化処理の概要は以下のようになっている。

・initialize = 0
・ot = ""
・flagの長さ分、1文字ずつ以下を実施
　・val = ASCIIコード
　・initialize ^= (val << 2) ^ val
　・ot += initialize & 0xff -> 文字
　・initialize >>= 8
・strings.Replace(hexify(ot), "00", "", -1)

ブルートフォースで1文字ずつ、割り出す。

def encrypt(st):
    initialize = 0
    ot = ''

    for i in range(len(st)):
        val = ord(st[i])
        initialize ^= (val << 2) ^ val
        ot += chr(initialize & 0xff)
        initialize >>= 8

    return ot.encode('hex').replace('00', '')

h = 'eae4a5b1aad7964ec9f1f0bff0229cf1a11b22b11bfefecc9922aaf4bff0dd3c88'

flag = ''
for i in range(len(h)/2):
    for code in range(32, 127):
        try_pt = flag + chr(code)
        try_ct = encrypt(try_pt)
        if try_ct[:(i+1)*2] == h[:(i+1)*2]:
            flag += chr(code)
            break

print flag

batpwn{Ch00se_y0uR_pR3fix_w1selY}