# UIUCTF 2021 ## phpfuck - Jail > **Description** > > i hate php > > > > author: arxenix **Solution** Going to the website at the top it says // Flag is inside ./flag.php :). When you go to that page it says no flag for you, but I don't believe that, so I view the source code and the flag is in the comments. **Flag: uiuctf{pl3as3\_n0\_m0rE\_pHpee}** ## baby\_python - Jail > **Description** > > here's a warmup jail for you :) Python version is 3.8.10 and flag is at `/flag` > > Note: this chal is not actually broken, just thought it would be a funny joke > > `nc baby-python.chal.uiuc.tf 1337` > > **author**: tow\_nater **Challange.py File** ```python import re bad = bool(re.search(r'[^a-z\s]', (input := input()))) exec(input) if not bad else print('Input contained bad characters') exit(bad) ``` **Solution** Looking at regex it is clear, all we can use is characters and everything that comes to mind is some sort of symbol. I left to go do some auctions to realize, an error can be redirected and that is when I got the solution. ```python from code import interact as exit ``` **Flag: uiuctf{just\_kidding\_about\_the\_chal\_being\_broken\_lol\_11a7b8}** ## back\_to\_basics **- Crypto** > **Description** > > Shoutout to those people who think that base64 is proper encryption > > author: epistemologist {% file src="/files/-Mg3J-w9MxHFJTQSUv8C" %} Files {% endfile %} **Solution** Looking at the code we are encoding and decoding and so I read in the file and try brute force to see if any keys would work. ```python for a in ALPHABET: key = long_to_bytes(a) try: str1 = decrypt(line,key) x = str1.decode() print("The key", a, "is valid") except: print("The key", a, "is invalid") ``` It said 87 was the first character of key but it was still a long amount of text which meant the process would continue until you get the flag as the final string. The key is 16 characters... During the challenge, I just used a for loop and ran it 16 times to create my keyset. \ Note it did give 2 outputs sometimes, where it always was the first result. ```python keySet = [87, 77, 53, 90, 56, 67, 82, 74,48,66,88,74,68,74,53,87] for k in keySet: line = decrypt(line, long_to_bytes(k)) ``` After I modified the code to skip this and run 1 to find the answer. ```python from Crypto.Util.number import long_to_bytes, bytes_to_long from gmpy2 import mpz, to_binary ALPHABET = bytearray(b"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ#") def base_n_decode(bytes_in, base): bytes_out = to_binary(mpz(bytes_in, base=base))[:1:-1] return bytes_out def decrypt(bytes_in, key): out = bytes_in for i in key: out = base_n_decode(out, ALPHABET.index(i)) return out f = open("flag_enc", "rb") line = f.read() #baseKey = b"Z" keyset = [] flagFound = False while not flagFound: for a in ALPHABET: key = long_to_bytes(a) try: str1 = decrypt(line, key) x = str1.decode() keyset.append(key) line = decrypt(line, key) if b'ctf' in line: print(line) flagFound = True break except: x = "Key doesn't exist" ``` **Flag: uiuctf{r4DixAL}** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://codingmace.gitbook.io/masterward/ctf/2021/uiuctf-2021.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.