To prevent the need to brute force submit what may seem to be multiple likely answers, I have provided the MD5 hash of the entire flag so you can verify that you have it right before submitting it online (lessening load on the server).
63b1424fa6fe8aa81d9ce4b5637f7acd
Solution
So given the stupid image I tried to come up with the most by myself which left me with byuctf{" + guess1 + "w1th_the" + guess2 + "of_1nfo_1" + guess3 + "_" + guess4 + "_1t}. And with a teammates help we narrowed it down and could use some code to brute force the word we didn't know to get the flag.
import hashlibtargetHash ="63b1424fa6fe8aa81d9ce4b5637f7acd"charSet ="abcdefghijklmnopqrstuvwxyz0123456789a"defget(guesses): ans =""for g in guesses: ans += charSet[g]return ansguess1 ="aaaaaa"myGuess ="byuctf{even_w1th_the_"+ guess1 +"_of_1nfo_1_can_reconstruct_1t}"guesses = []for i inrange(0, 6): guesses.append(0)cont =Truewhile cont: guesses[0]+=1 indChange =0while guesses[indChange]>len(charSet)-1: guesses[indChange]=0 indChange +=1 guesses[indChange]+=1 guess ="byuctf{even_w1th_the_"+get(guess1)+"_of_1nfo_1_can_reconstruct_1t}"if hashlib.md5(guess.encode()).hexdigest == targetHash:print("flag is", guess) cont =False
Makes [267 pts]
Description
Uhoh! I was learning how to make makefiles, and somehow I made all of my targets messed up... Which target will print the pattern 1111111l11lll1ll11l11111111l when called?
Flag format - byuctf{target_name} (ie byuctf{8585bc2f9})
Solution
Noticing it was jumping all over the place my mind went to nodes. I wrote a software that was going to try and jump each make type and see which one matches. That didn't work as well as I thought so I ended up writing it all to a file and searching for the string based on what each call did an output to find it.
import subprocessimport osclassnode:def__init__(self,cur): self.cur = cur self.val =-1 self.next ="main"defsetVal(self,val):if val =="1": self.val =1elif val =="l": self.val =0defsetNext(self,next): self.next =nextdefgetNext(self):return self.nextdefgetVal(self):return self.valdefgetName(self):return self.curdeffindNode(nodeList,myNode):for i inrange(0, len(nodeList)):if nodeList[i]== myNode:return ireturn0f =open("Makefile", "r")lines = f.readlines()entry = []nodeList = []nodeIndexs = []for i inrange(0, len(lines), 1):if":"in lines[i]: curNode =node(lines[i][:-2]) nodeIndexs.append(lines[i][:-2]) i +=1 value = lines[i].replace("echo","") curNode.setVal(value.strip()) i +=1 curNode.setNext(lines[i].replace("make","").strip()) i +=1 nodeList.append(curNode)g =open("nodes", "w")maxNumb =0for i inrange(0, len(nodeList)):# make the items lastInd =0 checkStr ="1111111011000100110111111110" curNode = nodeList[i] cont =True curResult ="" length =0while cont:if length >len(checkStr): cont =False curResult +=str(curNode.getVal()) newInd =findNode(nodeIndexs, curNode.getNext())print(newInd)if newInd ==0: cont =False length +=1 curNode = nodeList[newInd] g.write(nodeList[i].getName() +" "+str(curResult) +'\n')
Probably [338 pts]
Description
Is this challenge going to give you the flag? Um, probably. I don't know. Maybe not.
nc byuctf.xyz 40004
Solution
At first I tried reversing the pyfiglet by comparing the first value with a generated one and finding the best value. That didn't work too well so then I figured it would be faster to just input manually enough to be able to find a pattern. I did that and ran the code
defduplicate(values): ans =""# values.sort()for i inrange(0, len(values) -1):for o inrange(i +1, len(values)):if values[i]== values[o]: ans += values[i]# print(values[i])# return values[i]print(ans)return'?'myGuess ="byuctf{rhaz_are_the_chances_7e53fcs}"f =open("gotten.txt", "r")test = []lines = f.readlines()for line in lines: test.append(line)#test = ["0y8ayw0aga2ohge0tj89hhhn_g__meez3eosk","g37c80jc8askar5ynde91hz3a_e_7yq831gh1","byn_t9{duazmno0_tkp610ok3r6c7bgquffsj","_wwmf9wguapopr8kthe_e0un8efvps6p3fivk","jy_qozfl7a85258jtizkc6usck2dl8e84hjsf","b7umtferopu7k40hbhe5qltzgjrejebgbfa5}","3npctfijhat_ard_cxydwlaj_eg_ovt5dmcir","oyu1tpnwhx7wabb_dvekkha29iu_9e253ysm}", "uy9464{rcxz_hdeg25a_vsq6cxs_091qxecb}", "3w7h2t{ih2k_5e3k6gyee9a3mds231eycfl3z}","byuhyd{ndai_x0d0iojikh0nb1s1jme5bwks0"]
ind =0ans =""while ind <len(test[0]): values = []for i inrange(0, len(test)): values.append(test[i][ind]) ans +=duplicate(values) ind +=1
We didn't have something readable so me and another teammate ran it more times until we got something more definitive and with some luck and a few inputs we got the flag.
Cryptography
XQR [490 pts] [UNSOLVED]
Description
I love QR codes! But maybe it's true what they say about having too much of a good thing...
Hint: If my eyesight gets bad enough, i might think the chall title is XOR...
Solution
I started out with splitting up the image into the sub images, which the QR reader was not picking up. I was going to potentially enhance the image because it was blurry, but don't think that was the point so I dropped it. The code below is to split images.
from numpy import asarrayfrom PIL import Imageimport cv2defsplitImage(imageName): im = cv2.imread(imageName) M =27# Split x N =27# Split y tiles = [im[x:x+M,y:y+N]for x inrange(0,im.shape[0],M)for y inrange(0,im.shape[1],N)] det = cv2.QRCodeDetector()for i inrange(0, len(tiles)): val, pts, st_code = det.detectAndDecode(tiles[i])print(val) image2 = Image.fromarray(tiles[0])for i inrange(0, len(tiles)): cv2.imwrite("QR/"+str(i) +".png", tiles[i])import qrtoolsdefreadQR(imageName): det = cv2.QRCodeDetector() im = cv2.imread(imageName) val, pts, st_code = det.detectAndDecode(im)print(val)qr = qrtools.QR()readQR("QRcode.jpg")print(qr.data)
