Sanity Check (misc)

「アリスが483個のスイカを持ち、ボブが972個の羊を持っている場合、イブは何ペニーを持っていますか？ 」という問題で、「idk man just let me play the ctf」と「7」の選択になっている。
「idk man just let me play the ctf」をチェックしてSubmitしたら通った。

idk man just let me play the ctf

Discord Flag (misc)

Discordに入り、#generalチャネルのトピックを見ると、フラグが書いてあった。

UMDCTF{1_m155_1rc}

Legacy (pwn)

$ nc 0.cloud.chals.io 28964
I bet you can't guess my *secret* number!
I'll give you hint, its between 0 and 0,1000000000000000514!
1
2
3
3 chances left! 
2 chances left! 
1 chances left! 
Deprecated shmeprecated!
Python 2 will never die!

$ nc 0.cloud.chals.io 28964
I bet you can't guess my *secret* number!
I'll give you hint, its between 0 and 0,1000000000000000514!
a
3 chances left! 
Traceback (most recent call last):
  File "/home/ctf/legacy.py", line 15, in <module>
    if (input(str(3-i) + " chances left! \n") == secret):
  File "<string>", line 1, in <module>
NameError: name 'a' is not defined

指定した文字列が変数として指定できる。

$ nc 0.cloud.chals.io 28964
I bet you can't guess my *secret* number!
I'll give you hint, its between 0 and 0,1000000000000000514!
secret
3 chances left! 
No way!
UMDCTF{W3_H8_p7th0n2}

UMDCTF{W3_H8_p7th0n2}

Renzik's Case (forensics)

FTK Imagerで開き、削除ファイルをいろいろ見てみる。
[root]-[.Trash-1000]-[files]-[REALLY_personal_ducuments]配下にmost_secure_password.pngがあり、この画像にフラグが書いてあった。

UMDCTF-{Sn00p1N9_L1K3_4_Sl317h!}

Blue (forensics)

RGBで34 86 166がベースの色と推測できる。あとは行単位にRGBの各値の差の合計をASCIIコードとして文字にしていけばフラグになる。

#!/usr/bin/env python3
from PIL import Image

img = Image.open('bluer.png').convert('RGB')
w, h = img.size

flag = ''
for y in range(h):
    code = 0
    for x in range(w):
        r, g, b = img.getpixel((x, y))
        code += (r - 34) + (g - 86) + (b - 166)
    flag += chr(code)
    if flag[-1] == '}':
        break

print(flag)

UMDCTF{L4rry_L0v3s_h3r_st3g0nogr@phy_89320}

Xorua (forensics)

バイナリのXORが鍵になっていて、繰り返しがある。繰り返しを削除しファイルとして保存すると、PNGファイルになり、その画像にフラグが書いてあった。

#!/usr/bin/env python3
with open('Before.png', 'rb') as f:
    data1 = f.read()

with open('After.png', 'rb') as f:
    data2 = f.read()

flag = b''
for i in range(len(data1)):
    flag += bytes([data1[i] ^ data2[i]])

index = flag.index(b'IEND') + 8
flag = flag[:index]

with open('flag.png', 'wb') as f:
    f.write(flag)

UMDCTF{Sh4p3Sh1ft3R}

MTP (crypto)

同じ鍵で8つの平文がXORされている。https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.pyを使って、推測しながら解読する。

#!/usr/bin/env python 
import string
import collections
import sets
import hashlib

def strxor(a, b):
    return "".join([chr(ord(x) ^ ord(y)) for (x, y) in zip(a, b)])

c1 = "c909eb881127081823ecf53b383e8b6cd1a8b65e0b0c3bacef53d83f80fb"
c2 = "cf00ec8a5635095d33bfa12a317bc2789eabf95e090c29abe81dd4339ffb"
c3 = "c700ec851e72124b6afef52c3f37cf2bcda9f74202426fa2f54f9c3797fb"
c4 = "cd0ebe8718365b4f2bebb6277039c469dfecf05419586fb4f658dd2997fb"
c5 = "c341ff8b562114552ff0bb2a702cc3649ea0ff5a085f6fb0f51dd93b86f4"
c6 = "da13f1801321085738bf9e2e24218b7fdfb9f159190c22a1ba49d43381fb"
c7 = "cb0df2c63f721c573ebfba21702fc36e9ea9ee50000c38a5e91ddd7ab0fb"
c8 = "c913e796023d1c4a2befbd367032d82bdfecf55e02406fa7f548ce2997f4"
ciphers = [c1, c2, c3, c4, c5, c6, c7, c8]
# The target ciphertext we want to crack
target_cipher = "c909eb881127081823ecf53b383e8b6cd1a8b65e0b0c3bacef53d83f80fb"

# To store the final key
final_key = [None]*150
# To store the positions we know are broken
known_key_positions = set()

# For each ciphertext
for current_index, ciphertext in enumerate(ciphers):

    counter = collections.Counter()
    # for each other ciphertext
    for index, ciphertext2 in enumerate(ciphers):
        if current_index != index: # don't xor a ciphertext with itself
            for indexOfChar, char in enumerate(strxor(ciphertext.decode('hex'), ciphertext2.decode('hex'))): # Xor the two ciphertexts
                # If a character in the xored result is a alphanumeric character, it means there was probably a space character in one of the plaintexts (we don't know which one)
                if char in string.printable and char.isalpha(): counter[indexOfChar] += 1 # Increment the counter at this index
    knownSpaceIndexes = []

    # Loop through all positions where a space character was possible in the current_index cipher
    for ind, val in counter.items():
        # If a space was found at least 7 times at this index out of the 9 possible XORS, then the space character was likely from the current_index cipher!
        if val >= 7: knownSpaceIndexes.append(ind)
    #print knownSpaceIndexes # Shows all the positions where we now know the key!

    # Now Xor the current_index with spaces, and at the knownSpaceIndexes positions we get the key back!
    xor_with_spaces = strxor(ciphertext.decode('hex'),' '*150)
    for index in knownSpaceIndexes:
        # Store the key's value at the correct position
        final_key[index] = xor_with_spaces[index].encode('hex')
        # Record that we known the key at this position
        known_key_positions.add(index)

# Construct a hex key from the currently known key, adding in '00' hex chars where we do not know (to make a complete hex string)
final_key_hex = ''.join([val if val is not None else '00' for val in final_key])
# Xor the currently known key with the target cipher
output = strxor(target_cipher.decode('hex'),final_key_hex.decode('hex'))
# Print the output, printing a * if that character is not known yet
print ''.join([char if index in known_key_positions else '*' for index, char in enumerate(output)])

'''
Manual step
'''
# From the output this prints, we can manually complete the target plaintext from:
# The secuet-mes*age*is: Wh** usi|g **str*am cipher, nev***use th* k*y *ore than onc*
# to:
# The secret message is: When using a stream cipher, never use the key more than once

# We then confirm this is correct by producing the key from this, and decrpyting all the other messages to ensure they make grammatical sense
target_plaintext = "Chungus is the god of thunder."
####################cryptograp
print target_plaintext
key = strxor(target_cipher.decode('hex'),target_plaintext)

pt_str = ''
for cipher in ciphers:
    pt = strxor(cipher.decode('hex'), key)
    print pt
    pt_str += pt

flag = 'UMDCTF{' + hashlib.md5(pt_str.encode()).hexdigest() + '}'
print flag

最終的な実行結果は以下の通り。

*hun**s i****e**** *****u*de**
Chungus is the god of thunder.
Chungus is the god of thunder.
Earl grey tea is good for him.
March is a cold season for me.
Go and watch boba fett please.
I am someone who likes to eat!
Professor Katz taught me this.
All I got on the exam was a B.
Cryptography is a cool course!
UMDCTF{0a46e0b2b19dc21b5c15435653ffed67}

UMDCTF{0a46e0b2b19dc21b5c15435653ffed67}

Vigenère XOR (crypto)

XORで暗号化されている。XORキーの長さが不明。hexデコードしてファイルに保存し、XOR Crackerにかける。
キーの長さは29で、7a 38 82 20 09 02 33 34 96 21 81 fb 6d 57 6e 4a cd 3d 60 8e 3c 07 22 42 78 59 c6 3f a2 のときに復号できた。

okay, kid im done. i doubt you even have basic knowlege of hacking. i doul boot linux so i can run my scripts. you made a big mistake of replying to my comment without using a proxy, because i'm already tracking youre ip. since ur so hacking iliterate, that means internet protocol. once i find your ip i can easily install a backdoor trojan into your pc, not to mention your email will be in my hands. dont even bother turning off your pc, because i can rout malware into your power system so i can turn your excuse of a computer on at any time. it might be a good time to cancel your credit card since ill have that too. if i wanted i could release your home information onto my secure irc chat and maybe if your unlucky someone will come knocking at your door. id highly suggest you take your little comment about me back since i am no script kiddie. i know java and c++ fluently and make my own scripts and source code. because im a nice guy ill give you a chance to take it back (UMDCTF{d1d_y0u_use_k4s!sk1_0r_IoC???}). you have 4 hours in unix time, clock is ticking. ill let you know when the time is up by sending you an email to [redacted] which I aquired with a java program i just wrote. see you then :) You think it's funny to take screenshots of people's NFTs, huh? Property theft is a joke to you? I'll have you know that the blockchain doesn't lie. I own it. Even if you save it, it's my property. You are mad that you don't own the art that I own. Delete that screenshot.Identity theft is not a joke, Jim! Millions of families suffer every year! But I must explain to you how all this mistaken idea of denouncing pleasure and praising pain was born and I will give you a complete account of the system, and expound the actual teachings of the great explorer of the truth, the master-builder of human happiness. No one rejects, dislikes, or avoids pleasure itself, because it is pleasure, but because those who do not know how to pursue pleasure rationally encounter consequences that are extremely painful. Nor again is there anyone who loves or pursues or desires to obtain pain of itself, because it is pain, but because occasionally circumstances occur in which toil and pain can procure him some great pleasure. To take a trivial example, which of us ever undertakes laborious physical exercise, except to obtain some advantage from it? But who has any right to find fault with a man who chooses to enjoy a pleasure that has no annoying consequences, or one who avoids a pain that produces no resultant pleasure? On the other hand, we denounce with righteous indignation and dislike men who are so beguiled and demoralized by the charms of pleasure of the moment, so blinded by desire, that they cannot foresee the pain and trouble that are bound to ensue; and equal blame belongs to those who fail in their duty through weakness of will, which is the same as saying through shrinking from toil and pain. These cases are perfectly simple and easy to distinguish. In a free hour, when our power of choice is untrammelled and when nothing prevents our being able to do what we like best, every pleasure is to be welcomed and every pain avoided. But in certain circumstances and owing to the claims of duty or the obligations of business it will frequently occur that pleasures have to be repudiated and annoyances accepted. The wise man therefore always holds in these matters to this principle of selection: he rejects pleasures to secure other greater pleasures, or else he endures pains to avoid worse pains. Explaining that his gambling associate was otherwise a perfectly pleasant individual, local man Jim Hameroff, 49, told reporters Tuesday that his bookie could be a real jerk when he didn't get his money. "I tell you, my bookie gets a real bee in his bonnet anytime I don't pay him, or I come up short by a couple hundred bucks," said Hameroff, noting that the bookmaker would be his best friend one minute, when a boxing match was coming up, but a bit of a prick the next, when he didn't get his cash right away. "Everything can be peachy keen, but then I'm a few weeks late with a payment, and suddenly, he turns into a big, mean grump, dangling me over a balcony railing or threatening to break my ankles. Now, I admit that I can be a little emotional myself sometimes, but it's usually in response to him screaming while pointing a gun at my head and threatening to kill my family if he doesn't get paid." Hameroff added that despite the bookie's mercurial disposition, he was always full of encouragement when it came to betting on a 16-to-one underdog, for which Hameroff was appreciative, because that kind of support could be hard to find.

この長文の中にフラグが含まれていた。

UMDCTF{d1d_y0u_use_k4s!sk1_0r_IoC???}

snowden (crypto)

$ nc 0.cloud.chals.io 30279
Eddy Snowden setup a beacon constantly transmitting an encyrypted secret message, but he is always changing the public key for some reason. We've rigged up this intermediary to give you access to his encrypted transmissions. Would you like to capture a transmission? (y/n) y
{'n': 31578995398269433640053882563394175067381565894727947850684264063538040707738377657013683483735518954317354935192241155247229727482129288347078673821109760802587346191320837244779303708500604090695242517419051831656408023672472473799585772471176077552947674380247383535620169188235559312547376418691643151883333047230296476011581945666353516894200181350948544064654333675954744215722152503793486087272295134879562576920636023040509949618003749610751116330125123533262158245060038576650885372207733386071535655038269561224533671864350902529839018835877597423210314407418097746454591668067845600194682956081088475003381, 'e': 29, 'c': 25798247512948360118419107910540289855554829223404702433737380611679247944350715667481154573660360174847978932456362773335339481437345178254910599958085047419250734782618286625165232624167332706879830739588540459795320714766825675455226062609432526166604744359253356937335506459204636573742896233665060552497062601422222600766250090004246645924111111754402757174236384944943337480926962233828670107061648719935131377715863722871701839433515657145277203375543070778873802187982767196168008787088692274499487260222510979248448662013795771906982896173926408416339034962276077945056447003464972071937617854756612333675484}

Want another one? (y/n) y
{'n': 26527051439654547525168015668621188025691013808928138810428559957417106164220282401824166234574096031263625058733304004719141367901412977909760494978722237471684869159128122978432721344239493336518878354894665334420315607787556474681611219743497383348674232690146725801679596345075827371742281947699472711961382633305310470662545059026257400932208760876524244387864641685566243509549266279564327175860029628660769178733816751543504865651590938342681096264699799992940925502431689964616224664632347626606707846172552920037532299936610051581936484782147076064520976218774698561129981536577674066738369719065931178451731, 'e': 27, 'c': 25395253398186956989923119778881529948179277628815908800325922154114745557295470229742926719622597575551400096029543501278052190790428785690037885940478058368036859039563540692296869129826541579204792124974404794722683295200298377722416484650165057358661755944691783174877410672951019024344580374449578285865224803928449519970502507675178167676462246119648197285049374084930669421961546022593892688570963485197395465914721630993396147233326281218437155238058567591007376074630685448326477345063229157769524208256244011179239625138535948554923836680055431053367998981006112556112764431719411093117522403306792696643838}

Want another one? (y/n) y
{'n': 18847113507185532851649439919370325478885476058339310682672638704619144095123919495621463740982269084154647710267048773229965012060938783532475252748959491853497404898945330011008544998687145695238389149408019343585313602538219326651636055537647833051307832764331851460119473620313198451848791215797804853118209081860952012508263211774195601492428443305364054351399655933719741819168076396659359328602496142909342114157524558075306562156799395699930948473736411753645000078569662169414793534111865528694275859787285790077528599192202455569637766135108584294085860466654119769645492510429399605758627206583619660580557, 'e': 23, 'c': 1369402370225763592788094167668459211725637555985489898562983706680881573920834411790468344983809735557263744573576528764253517604772086562981821426225022666090491887320621229286654920451031162955096116359699993508159824500886598360319940414287997646446828718199933151642027864819231594563757487910496144786909088427476825491494293349962921151739902760033827744430307211385716604966808793669845776671938892390111176105404304335901153506122439115123108053032040708984434600303621151811162600303694386403585634739911274688392916633755774142670405694673819473620776791638121250901165379490123959976590510582547532373450}

Want another one? (y/n) y
{'n': 18427607530070086936722897227877002017586181423290831390478543561614353686834377332318905785556914724820158155308749001082824002663416419547354600907004934653079398528537235024728772141218486513721070705973863744229043210498179414089871451715522741255731641622267810782198284137609247151537406264788399956599973919613589245624211310762224151017837298758005642025678645643505710566754794402030190798606468051132327878639688047340068731771238508134525080331288644748684039212126321354308154439294155959069220976575382247295207451729906592347283505704019615239906159764340819510474639307439244871252819315928607867545961, 'e': 23, 'c': 3298433195039509737935590395295764171647610303581200641345884696468006807995607101411181713155037440398886815973176948494569746133885085340131034721543276625836514865553946966498486971226407610115214129286128485504327897959685654648279914754293994625647553364336419975502268785761782021620042830552291410258830266581330585443658001922364504540162676967654990853312350357458962457396014590112191514501315635020322319357541556288069574999484855631148236856949130295894957285157901735717811287770038264494291756401440578885848023203302724352684325114326418326240287646038482610029938167524280431068507915210484335699535}

Want another one? (y/n) y
{'n': 21552853810900494762669706709231842361197714955830847552033931419308119495431876376227260173173721612189272619056480024177472832076209898509921766366788404005576527150592339793763032601616066226552985253600899013957634109026476401769535905091634643137954703588549556267525115707996268428607410002285719989407887868865755004434132004031622960888353107960557375997695902330941423956242582407225388492178959881064335407188571979731029229744876738071133584293284231293481943150640582908818802210739774633141431388416842516178509414112153564710866183813035119646041285098128821470751985562790597143114664828024047188160579, 'e': 25, 'c': 413240260238305751139967570225198885667395792726259741630193656641005322958917961669428147607280027568184785201566858196409972820870161159439374304402822202828173098573232453973136987994777925011104742040508663680191308686201789574571826711984964403869644150602580832561184126228963645180757673506082993016619916868419476354637091597255723440052590310905395833318663353419315788946905824770321451025044152688307972975846536957275761384845717562912327480891912348654318816472094661019489208860446151272065376376369803078041801878402057784064878108802771731791801726912443865201236641158171098364257977624981306271990}

n, e, cの組み合わせで何回も取得できる。eの値が小さいので、特定のeの場合のパラメータをe個収集し、Hastad's Broadcast Attackで復号する。

#!/usr/bin/env python3
import socket
from Crypto.Util.number import *
import functools

def recvuntil(s, tail):
    data = b''
    while True:
        if tail in data:
            return data.decode()
        data += s.recv(1)

def chinese_remainder(n, a):
    sum = 0
    prod = functools.reduce(lambda a, b: a*b, n)
    for n_i, a_i in zip(n, a):
        p = prod // n_i
        sum += a_i * mul_inv(p, n_i) * p
    return sum % prod

def mul_inv(a, b):
    b0 = b
    x0, x1 = 0, 1
    if b == 1: return 1
    while a > 1:
        q = a // b
        a, b = b, a%b
        x0, x1 = x1 - q * x0, x0
    if x1 < 0: x1 += b0
    return x1

def inv_pow(c, e):
    low = -1
    high = c+1
    while low + 1 < high:
        m = (low + high) // 2
        p = pow(m, e)
        if p < c:
            low = m
        else:
            high = m
    m = high
    assert pow(m, e) == c
    return m

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('0.cloud.chals.io', 30279))

n23 = []
c23 = []

data = recvuntil(s, b') ')
print(data + 'y')
s.sendall(b'y\n')
data = recvuntil(s, b'\n').rstrip()
print(data)
n = eval(data)['n']
e = eval(data)['e']
c = eval(data)['c']
if e == 23:
    n23.append(n)
    c23.append(c)

while True:
    data = recvuntil(s, b') ')
    print(data + 'y')
    s.sendall(b'y\n')
    data = recvuntil(s, b'\n').rstrip()
    print(data)
    n = eval(data)['n']
    e = eval(data)['e']
    c = eval(data)['c']
    if e == 23:
        n23.append(n)
        c23.append(c)
        if len(n23) == 23:
            break

a = chinese_remainder(n23, c23)
for n, c in zip(n23, c23):
    assert a % n == c
m = inv_pow(a, e)
flag = long_to_bytes(m).decode()
print(flag)

実行結果は以下の通り。

Eddy Snowden setup a beacon constantly transmitting an encyrypted secret message, but he is always changing the public key for some reason. We've rigged up this intermediary to give you access to his encrypted transmissions. Would you like to capture a transmission? (y/n) y
{'n': 18329156438656966667679465405273082818848464163222132883413862562380934363125648051644616674585594910636110872077708662922169105967682996375659492361745061060263619992357663120601342332157078046661859171548412719759231164909210555182070963562360725253519970204848447254738660882306032611701711154602212463122913679548578262694785551550774325696113536193807102821816614141192616103714886813803728574888572510405970006507812734719245264788183044054026348189027786366095301945530878926414926214927786166952338477947590407568199410375753945172217950657621414194266170639071562791809260563149316024148755560227834256269479, 'e': 27, 'c': 13137935695520341407083736027874717049978812695213871256112733295585269517569256221296267823461013836109507882028250048598602315732212620053481226633209957659601046702000239155445593084166448194066703241783579535162416257514996608019240780046603021440481829356522935050421690425605720888850348654225942364337833369358803793652383344818217253310389079896740141337776219946758544492507723810267525959779886119465385970528366292697636936140638645447219390532535150831647650548206773731077385400316414549710893719195963142252540732222240345424640262155987110236148566579572249672651436282144398528017332370434609477727718}

Want another one? (y/n) y
{'n': 19018318704034229473635685926187352547450147244114326117906242087610381347489976461014906526537389547499002942106757187995825266542233844561155275651349521570585858507061022287733867384887131200708761268466212330962916718664713472899059767721753853296958441665611151954029354958665585582068378012824589590344500055295753874698836575879566920429787190804623146936473573069926784904412456809653728263066702547253721115362338160087492544404510864414357782940233614097525529563724103673208725353135938636702743030208284412668525030438586050657071389783813645057310582517393031254756794343681812848437716810988569378658131, 'e': 29, 'c': 13865066423326701184967814538006536303352727326144626769338756072904921068805079062319574979726952913923007531448961740030430143285872858860622148801464062030526907199178833787229649795077174828411820228567257972635741197778242195411114802607771284661025867522955775328513614810244978002404726810276007846929096882949007227691942998938213415401724571162523868620480602291535102188836819092990254168920826745355416076093652610506207810693461348047354259547980975339406608400658890001494434964035565042453355865419798633245734374634050583379880458474270079783185337387231268486778386572013335997912340967463254464459382}

Want another one? (y/n) y
{'n': 20536960863432950709872037534839277084648439505100308839377063324038004883851354245279692597849500987809659245656917130493516263083442919140786672929673171841156114392582849863188627594968294687383980650775612361889496084615499559286053903275160075551261835600825006201512365779350390732536990893498269772492644150461831233898278711367755989787474309439293681402667985834746711110346147957680731367657824248360075895358653690008734745457227955162607609613458178838001416967429596128544362480975208858952212113980449188661330450500263911722344486979623117271661332675895460641976889664396865529584657972932980473381113, 'e': 21, 'c': 1108458417432063020286870683200253691396232064881334737396498832568485591351363040232206599278395891053653914195531893264980132220736911336566811977865157998427202614318160635315266930949323995678527545550922820764233966962612502100694591974809417837318662792955946797400763156782851193322535865229180677605477421438104463050215467964401835617172316784491889604925886242513794880905671376979477474789101545620360614615929585743757254271058574374157140342128934291375829578314514893036070965795862630765205292010100706779352502337687464435291463288239387981616974910605835213503951275418166959393284487750864399530463}

Want another one? (y/n) y
{'n': 23266614432638010739452367848239134635409738251327662301006531381840871758371452716462385651139715503711351388197234634073625230249622980144002730482005424082475679779788575443726147465830230311994967945704644688560125789101804693604443874905321596886286686477348561969243510028907714239687541852030462471728953008435379508445480939079125699187241245229798090971538112426175353234896899497394302073102155529121726709130498671216643507283683867734798169745009678884908223578178720689636873182129190946220986427360780849318409093217286239071022839163333393234510527225840598795855258313155385627352207517176476850933327, 'e': 31, 'c': 3580710463973119031765313250540854009187680663982638857623845946024646733818061635451936466712184800085410426395018812646514212247984259023934907089329479443595109815717561715938230848065024171987793549751588353933199786235008428282697712569924921310353791605103241962661513317498223727804258421196760062558664598037227338188999896403114724231981898211314736215638988832971219607597448846321961144588477363464495919910689321042363717559139306797087315759758578242898042277393530423591795284455351392605291300897040763717575292065057120952323183115730248392416507145230280230205789413973414041859132392781153531318217}

Want another one? (y/n) y
{'n': 20301435323462871568696963181781955668701128621585065711963477871184458137129928699752865679215848136799745425664812742460142298944736718139662440801713823448085649012446308049486579399166527338771286645580642841229056088873740912276194861648179458226480357778002568075735255169365061020168453541380176794368042997574882109822223766350038696886587223069958395668410410751172627449684128636878073580943298184228711083845123489330288996627329292052334881453443756685551516351790104427967509988786590884661876201913829764127116029504983467973192884787410330908742346898378077672624659937688592028206912385050840456377663, 'e': 31, 'c': 19302445644196347086222122040934733851081267270859914729202455192845740144180488250721760369317780765864856088789345851015421990701875000036359146444176072774339052923323711727949514720336873740588552533826304986086772927311968262998363838906325838536187363375878382372466301068297399487774748853052017909086646643072244643729205476963610295299840184461953263708850305176290690418554193526422386295887986450196654828659262981731282050865016463779006519476780076824944593544393315668325459367963681550941130957141118907950305057884447943515471976098150243184710182552830253900697446758320415548211343389876322765383955}

　　　　　　　　　　　　　　　　：
　　　　　　　　　　　　　　　　：

Want another one? (y/n) y
{'n': 22562636167905567261215344389653162341354964161042997434510530886081160001954433186274721163210508336062227565490375371970339825130744756731624996982528321417106484777829428612390920209756896994643386513611024695471632679209895765123911320133886275927456709436602476574308205419262196980783924193561891682042684583749407377623230538550859704074346172214160214499681825285696694190101319212600771035415682597214814444732036638653375313794145978960061620620938808658018161922909457285962177599323277532777988023260866164133450860308618600637562251986721265744053326989868827546772984387846990765473051509765729742357357, 'e': 27, 'c': 11798345124486623823626509161440979471333593965785639272394266770782125635659035556807540922120468338395104566027659121547951458592080430726932415566204512535869260159243814113704896461542839824781771867357800395946973484983881822283148298092936493223860113759557499484208722655179340216935409627168363585435845290619940426727472833437126004520667394048293756252355695359948466212650065740716540387948207277682806037213412719172450297994657750157429918871975777156456962206761892264617155607307334618265135256237244815072100428740698197119143026074815123030054547968301595481462395873794371080004596305587434308132074}

Want another one? (y/n) y
{'n': 26571992729524699898639109589532243610511769243896419243828292324698652605660623867769147036936148403049916385444723619648559076651157880687781981003051603617106256217147776018301782666176532269843121644893877940083246601439722862491833437183014769507345382596698052536939908324028746419933932750575044943961883373953247254415416740530650396563021899824151480685835444937092435055535899712058959936894191853128262920086123603289984896008560970413754234372006872118131975826061080152946109634852183448761742671650763546096302167583511392372555176880698982076089592920043406541103136277936985605971811062792248246272139, 'e': 23, 'c': 25372230615136355242875092309613360182791080049864232677610411236640610222941847419905414709379814397270358118267062903389921704015539382558885797140424108496988236385154710105598483012714803221728481371625004685434816465203526934629584938960840530077796895854281488666375402169528944646713600865681265294204642266571057079727325312960931789351959138530932349189035897047701015880816719173996336884461919946869650226877056099887283268718085770414225282264522787428067932413918159924851795221697748258281396495088083873085449720312058729982164027122532106155451629296020142234527963857596845589885396881343516942845583}

Want another one? (y/n) y
{'n': 18233801657786927003277942864046205678518736672665600888799193277037091885104956320152228262159078234095280759218743457304444993341055918757927466692693100234052980148559649095782562371255552000980983111517980158715764007243805296273927802581174173615132827484070630151290314166014646493180451954125412954886291754483989215128903370308778236243672784040872938112259883317392625253873469576850760067585853577380241822628952466956401482073883953160653716855881302076726512019574447151861240342768250097128302225673817735883933025720592685545879319090845332536252291572043936361659552363448652137622893886039719371566411, 'e': 25, 'c': 855839762323664747543990677045733463480543685886086796110765365458223508319489946034518082018620571764293831298327683318522415252856745112393756762524015124388245050405688417364310768857662495451593350611654605688314112976266957740679878538718222185297711191728568025245101204242118863530653444944377244416099092389225003019176177424121286717758093350134959156092284487990835235753755638461613360718748524880165146495025118239057928690743748048667506331892215892220020147536311733614428019002192709977078982016548047298795970242556991936612978013710475541656942991362915627147340326968890152627626562242321667354633}

Want another one? (y/n) y
{'n': 24751510616910637438580304246692845351604883263249012522627636690528140033395187921504804279076487183461478724917451298705551183322293563521789490714811577344886618105754374814743272898951583298482190892958342624352979711202685268049886581604269431422825586857503389519190389862607881557445262017581309386850073354348747401962808693071231887928163869260593344432702162893546106146160556121638897695723433141202848420148817818714539458712876468037519945177247938601898163216680676938184159514676513793336531307851618423530136645322436462968450037049385266908096670589486225232284120517798250066191544599379298291765639, 'e': 23, 'c': 428383032790859386888045752334520392233558369626570387535524121274552818955706419061169039430308583295270897343882860070015154338072241864824164505714347384307390684302028547762638613103202887780742444837542458890308752971568397284620401142371423308799822771653212019585751903698255339920196544647057021724318499756482613546280651524441196955249518879258800613055471787997733262532187287872086342301859162017316649169268617598663746343240030025437245065933425095996725317269047537606114294900562501248666630049412519393189831933902840497665672228754949389506560052757588908987341787708404648221532737326811123023690}
I'm just patiently waiting for someone to finally be able to decrypt this message. UMDCTF{y0u_r3ally_kn0w_y0ur_br04dc45t_4tt4ck!}

UMDCTF{y0u_r3ally_kn0w_y0ur_br04dc45t_4tt4ck!}

UMDCTF2022 Closing Survey (misc)

アンケートに答えたら、フラグが表示された。

UMDCTF{th4nk_y0u_f0r_pl4y!ng_1n_UMDCTF2022}