B01lers CTF 2020 - Totem Writeup
Oct 3-4, 2020
Challenge Description
Is this a dream or not? Use your totem to find out. Flag format: ctf{}.
nc chal.ctf.b01lers.com 2008
Solution
the server provide us with a ciphertext and the encoding method, the idea is to decode the cipher text with the given cipher, then send it back to the server, in a continuous loop untill we get the flag
This was the server Flow :
nc -v chal.ctf.b01lers.com 2008
Ncat: Version 7.80 ( https://nmap.org/ncat )
Ncat: Connected to 104.197.187.199:2008.
Method: atbash
Ciphertext: kzirh
Input: paris
Method: Base64
Ciphertext: ZXh0cmFjdGluZw==
Input: extracting
Method: rot13
Ciphertext: chyyrq
Input: pulled
Method: Base64
Ciphertext: d2FyZWhvdXNl
Input: warehouse
Method: bacon
Ciphertext: AABBBABAAAAABBAAABBBAABAABAABABAABB
Input: highest
and this is the script to pull the flag out:
import socket import re import string import base64 from pwn import * # Baconian cipher def bacon2text(bacon): bacondict = {} plaintext = "" bacon = bacon.lower() bacon = re.sub("[\W\d]", "", bacon.strip()) for i in range(0,26): tmp = bin(i)[2:].zfill(5) tmp = tmp.replace('0', 'a') tmp = tmp.replace('1', 'b') bacondict[tmp] = chr(65+i) k = len(bacon)/5 k = int(k) for i in range(0, k): plaintext = plaintext + bacondict.get(bacon[i*5:i*5+5], ' ') return plaintext.lower() # Rot13 def rot13(s): result = "" for v in s: c = ord(v) if c >= ord('a') and c <= ord('z'): if c > ord('m'): c -= 13 else: c += 13 elif c >= ord('A') and c <= ord('Z'): if c > ord('M'): c -= 13 else: c += 13 result += chr(c) return result # Atbash ENCODE_TABLE = str.maketrans( string.ascii_letters, ''.join(reversed(string.ascii_lowercase + string.ascii_lowercase)), string.punctuation + string.whitespace) DECODE_TABLE = str.maketrans( string.ascii_lowercase, ''.join(reversed(string.ascii_lowercase)), string.whitespace) def atbash(encryptedstring): return encryptedstring.translate(DECODE_TABLE) #base64 def b64dcd(base64_message): base64_bytes = base64_message.encode('ascii') message_bytes = base64.b64decode(base64_bytes) message = message_bytes.decode('ascii') return message io = remote('chal.ctf.b01lers.com', 2008) txt = '' try: if "ctf{" not in txt: while True: #print("[+] Receiving Data.") cipher_ = io.recvline() data_ = io.recvline() #print("[+] Converting Data.") cipher = cipher_.decode('utf-8').split() # We only need to check for the cipher type nothing more. data = data_.decode('utf-8').split()[1] # we need the accurate cipher. if 'rot13' in cipher: print("Decoding rot13 : %s" %data) txt = rot13(data) print("Result : %s" %txt) print("[*] Sending Result.") io.sendline(txt) elif 'bacon' in cipher: print("Decoding bacon : %s" %data) txt = bacon2text(data) print("Result : %s" %txt) print("[*] Sending Result.") io.sendline(txt) elif 'atbash' in cipher: print("Decoding atbash : %s" %data) txt = atbash(data) print("Result : %s" %txt) print("[*] Sending Result.") io.sendline(txt) elif 'Base64' in cipher: print("Decoding base64 : %s" %data) txt = b64dcd(data) print("Result : %s" %txt) print("[*] Sending Result.") io.sendline(txt) else: # Just For Debugging purposes print(cipher_) print(data_) break else: print("\n\n[*] Flag Detected :") print(" %s"%txt) print(" %s"%cipher_) print(" %s"%data_) except EOFError: print(" %s"%txt) print(" %s"%cipher_) print(" %s"%data_)
The result :
m3dsec@local:~/b01lers.com/crypto/05_Totem_$ python3 totem2.py
[*] Opening connection to chal.ctf.b01lers.com on port 2008: Done
[*] Sending Result.
Decoding atbash : zggvmgrlm
Result : attention
[*] Sending Result.
Decoding base64 : YWx3YXlz
Result : always
...
[*] Sending Result.
always
b"Input: We must be dreaming, here's your flag: ctf{4n_313g4nt_s01ut10n_f0r_tr4cking_r341ity}\n"
b'Ciphertext: YWx3YXlz\n'