# UIUCTF 2021 ## phpfuck - Jail > **Description** > > i hate php > > > > author: arxenix **Solution** Going to the website at the top it says // Flag is inside ./flag.php :). When you go to that page it says no flag for you, but I don't believe that, so I view the source code and the flag is in the comments. **Flag: uiuctf{pl3as3\_n0\_m0rE\_pHpee}** ## baby\_python - Jail > **Description** > > here's a warmup jail for you :) Python version is 3.8.10 and flag is at `/flag` > > Note: this chal is not actually broken, just thought it would be a funny joke > > `nc baby-python.chal.uiuc.tf 1337` > > **author**: tow\_nater **Challange.py File** ```python import re bad = bool(re.search(r'[^a-z\s]', (input := input()))) exec(input) if not bad else print('Input contained bad characters') exit(bad) ``` **Solution** Looking at regex it is clear, all we can use is characters and everything that comes to mind is some sort of symbol. I left to go do some auctions to realize, an error can be redirected and that is when I got the solution. ```python from code import interact as exit ``` **Flag: uiuctf{just\_kidding\_about\_the\_chal\_being\_broken\_lol\_11a7b8}** ## back\_to\_basics **- Crypto** > **Description** > > Shoutout to those people who think that base64 is proper encryption > > author: epistemologist {% file src="" %} Files {% endfile %} **Solution** Looking at the code we are encoding and decoding and so I read in the file and try brute force to see if any keys would work. ```python for a in ALPHABET: key = long_to_bytes(a) try: str1 = decrypt(line,key) x = str1.decode() print("The key", a, "is valid") except: print("The key", a, "is invalid") ``` It said 87 was the first character of key but it was still a long amount of text which meant the process would continue until you get the flag as the final string. The key is 16 characters... During the challenge, I just used a for loop and ran it 16 times to create my keyset. \ Note it did give 2 outputs sometimes, where it always was the first result. ```python keySet = [87, 77, 53, 90, 56, 67, 82, 74,48,66,88,74,68,74,53,87] for k in keySet: line = decrypt(line, long_to_bytes(k)) ``` After I modified the code to skip this and run 1 to find the answer. ```python from Crypto.Util.number import long_to_bytes, bytes_to_long from gmpy2 import mpz, to_binary ALPHABET = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#") def base_n_decode(bytes_in, base): bytes_out = to_binary(mpz(bytes_in, base=base))[:1:-1] return bytes_out def decrypt(bytes_in, key): out = bytes_in for i in key: out = base_n_decode(out, ALPHABET.index(i)) return out f = open("flag_enc", "rb") line = f.read() #baseKey = b"Z" keyset = [] flagFound = False while not flagFound: for a in ALPHABET: key = long_to_bytes(a) try: str1 = decrypt(line, key) x = str1.decode() keyset.append(key) line = decrypt(line, key) if b'ctf' in line: print(line) flagFound = True break except: x = "Key doesn't exist" ``` **Flag: uiuctf{r4DixAL}**