umdctf22.md
No OneTemporary
Actions

Size

37 KB

Subscribers

None

umdctf22.md
View Options

	### dragonPit

	dude i literally couldve got the flag without spending an entire hour on it

	i guess the chall is that they stored the string as register immediate values so strings cant show it but the string is lliterally there

	but i dont even need it since its literally just

	```c
	qmemcpy(v7, "UMDCTF{BluSt0lXdrXg}", 20);
	v7[17] = s[9];
	v7[14] = 51;
	printf("%.20s\n", v7);
	```

	yet i spent ages trying to debug glibc coz dragonPit requires glibc 2.34 which both the cs server and my server doesnt have and cannot install

	and `LD_PRELOAD` just crashes when i included all the libs i need through a space separated list

	finally i got `./glibc-2.34/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 --library-path ./glibc-2.34/lib/x86_64-linux-gnu/ ./dragonPit` and it worked

	so bad `UMDCTF{BluSt0l3dr4g}`


	### Gee. queue are ex?

	again setup took the majority of the time lmao

	its in .iq, which is signal data and after searching around i found universal radio hacker to be able to parse it so i went and grabbed it

	and then i started setting up but as usual with setting up python shit it ended up being convoluted af lmao

	i had to get msvc buildtools for cythonize after fixing import path for src module not found error for setup.py by adding in `sys.path.append("D:\Downloads\urh-master")``

	then after a while of installation it spew out `Python.h` not found, and after digging around for a while i found out my python3.7 installation somehow doesnt have cython stuff in it so i had to switch to python3.9

	then `io.h` not found happened

	https://stackoverflow.com/questions/40018405/cannot-open-include-file-io-h-no-such-file-or-directory, so i need win 10 sdk too so its another while of waiting and finally i can get it to run

	but then it loads the file for ages

	but then i also noticed it says i can disable a certain feature in urh when it was loading in so i wondered if it would help

	and it actually did

	i then went and grabbed the spectogram, and yep theres weird heads with the letters on it but its sideways and flipped

	so i just used irfanview to flip it and rotate it lmao

	and here it is `UMDCTF{D15RUP7_R4D10Z}`


	### trainfuck

	the train emojis map to a brainfuck opcode - i noticed it when theres a lot of repeating emojis along with exactly 8 different emojis

	so i wrote a bruteforcer to check which emoji maps to which opcode by doing all permutations and running each in a brainfuck interpreter

	```py
	import brainfuck, sys, itertools, multiprocessing

	emotes = ['🚅', '🚄', '🚂', '🚃', '🚆', '🚇', '🚈', '🚉']
	ops = ['>', '<', '+', '-', '.', ',', '[', ']']

	def intp(test):
	from io import StringIO
	import os
	sys.stderr = open(os.devnull)
	old_stdout = sys.stdout
	sys.stdout = mystdout = StringIO()
	try:
	brainfuck.evaluate(test)
	except Exception as e:
	print(e)
	out = mystdout.getvalue()
	sys.stdout = old_stdout
	if 'Hello' in out:
	print('got it ' + test)
	mystdout.close()


	if __name__ == '__main__':
	text = ''
	with open('trainfuck.tf', 'r', encoding="utf-8") as t:
	text = t.read()

	for shuffle in itertools.permutations(emotes, 8):
	test = text
	for i in range(len(shuffle)):
	test = test.replace(shuffle[i], ops[i])
	#print(test + "\n\n\n\n\n")
	try:
	p = multiprocessing.Process(target=intp, args=(test,))
	p.start()

	p.join(5)
	if p.is_alive():
	p.terminate()
	p.join()
	except Exception as e:
	print(e)
	continue
	```

	after i got the actual brainfuck code, i tried to decompile it into more normal languages like js but that didnt really help since its still wack af

	so i just tried to use the brainfuck code directly

	and i noticed all of the odd values and even values map to the same 2 mappings from how the output change from `EEEE...`

	so now i got both the length and the mapping i just need the obfuscated flag itself

	i noticed theres always the same string thats in the memory cells of the interpreter and it matches up with the stuff that gets returned when i put in `UMDCTF`

	so that should be the obfuscated string

	and after a while of messing around on string encodings i finally got a program that iterates through both of the mapping and store it into a dict

	and everything thats left is now getting the actual flag from the mapping

	and ey `UMDCTF{fr1ck_ch00_ch00_tw41ns}` took me way too long lmao

	```py
	text = ''
	with open('trainfuck.bf.txt') as t:
	text = t.read()

	expected = "127, 8, 110, 6, 126, 3, 81, 35, 88, 116, 73, 46, 117, 38, 66, 117, 26, 26, 73, 45, 26, 117, 117, 49, 93, 113, 27, 43, 89, 56".split(", ")

	alphanum = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMOPQRSTUVWXYZ1234567890'

	firstmapping = {'75': 'a', '72': 'b', '73': 'c', '78': 'd', '79': 'e', '76': 'f', '77': 'g', '66': 'h', '67': 'i', '64': 'j', '65': 'k', '70': 'l', '71': 'm', '68': 'n', '69': 'o', '90': 'p', '91': 'q', '88': 'r', '89': 's', '94': 't', '95': 'u', '92': 'v', '93': 'w', '82': 'x', '83': 'y', '80': 'z', '107': 'A', '104': 'B', '105': 'C', '110': 'D', '111': 'E', '108': 'F', '109': 'G', '98': 'H', '99': 'I', '96': 'J', '97': 'K', '102': 'L', '103': 'M', '101': 'O', '122': 'P', '123': 'Q', '120': 'R', '121': 'S', '126': 'T', '127': 'U', '124': 'V', '125': 'W', '114': 'X', '115': 'Y', '112': 'Z', '27': '1', '24': '2', '25': '3', '30': '4', '31': '5', '28': '6', '29': '7', '18': '8', '19': '9', '26': '0', '81': '{', '117': '_'}

	secondmapping = {'36': 'a', '39': 'b', '38': 'c', '33': 'd', '32': 'e', '35': 'f', '34': 'g', '45': 'h', '44': 'i', '47': 'j', '46': 'k', '41': 'l', '40': 'm', '43': 'n', '42': 'o', '53': 'p', '52': 'q', '55': 'r', '54': 's', '49': 't', '48': 'u', '51': 'v', '50': 'w', '61': 'x', '60': 'y', '63': 'z', '4': 'A', '7': 'B', '6': 'C', '1': 'D', '0': 'E', '3': 'F', '2': 'G', '13': 'H', '12': 'I', '15': 'J', '14': 'K', '9': 'L', '8': 'M', '10': 'O', '21': 'P', '20': 'Q', '23': 'R', '22': 'S', '17': 'T', '16': 'U', '19': 'V', '18': 'W', '29': 'X', '28': 'Y', '31': 'Z', '116': '1', '119': '2', '118': '3', '113': '4', '112': '5', '115': '6', '114': '7', '125': '8', '124': '9', '117': '0', '26': '_', '56': '}'}


	s = ''

	for n in range(len(expected)):
	if n % 2 == 0:
	s += firstmapping[expected[n]]
	else:
	s += secondmapping[expected[n]]

	print(s)
	```

	### snowden

	i originally thought its just a random rsa attack, so i tried using rsactftool but none of the attacks worked even though ppl said online that if i can supply n e and c i can crack it already

	but then i remembered i can obtain multiple n e c trios so there has to be a specific attack that works for that

	so i searched it up and yep its called hastad's broadcast attack

	so i tried grabbing a script for that but none of the scripts seem to work and they dont really ask for exponent which i thought should be critical

	so i looked around more and saw that practically everyone did e = 3 hardcoded

	but then i saw https://crypto.stackexchange.com/questions/81719/how-to-solve-high-exponent-attack-for-same-message-in-rsa

	so i went and tried to modify one of the scripts i found to compute 21 n c pairs for e = 21 which is the smallest exponent that the chall gives

	and then painfully added all 21 n c pairs by pressing a LOT of `y`s and getting good RNG since the exponent is random

	and voila `I'm just patiently waiting for someone to finally be able to decrypt this message. UMDCTF{y0u_r3ally_kn0w_y0ur_br04dc45t_4tt4ck!}`

	```py
	import gmpy2
	gmpy2.get_context().precision = 4096

	from binascii import unhexlify
	from functools import reduce
	from gmpy2 import root

	# Håstad's Broadcast Attack
	# https://id0-rsa.pub/problem/11/

	# Resources
	# https://en.wikipedia.org/wiki/Coppersmith%27s_Attack
	# https://github.com/sigh/Python-Math/blob/master/ntheory.py

	EXPONENT = 21

	C1 = 9436761854876433306627763597399692070238506205462150940115203418966762200502586203415737024150693247565846597374076985107078608067784434989425777057774373810506839154537112530446674195829983750513600738963717220154870317091717125245024129581346017108295620661468255509184119122584386951489946934299681562826659408456638909190212653273613441775667379335488571702007546238779715612293204337045838305905755002757932691766531752420604546166293923630269150924240414513531974433446091759930204860773047694390140880794899424705844066930926929018436526386336414229000147530877205767268453813558171251302911705929695813612010
	N1 = 28152734994061465956881372539101874027561990575500482757314894447153307218847609741543382823980739976236658916728997274893025631443277954565174850742332450645083408549368559160031034050230909564218506399818421114654953529271828367396640006892373250911371099282341234741924313888905935939638112780695689888780564279790602144087525195552892258728232529973473079156817662635400655477598522734106570320576041689930387190231483172072407702172114532347645763885068234565589440562913881539320125146332081515224186223652102679064725934864495853101655367885758757955311607715225919087709073311095132974431507498759180948903767

	C2 = 4593076058237274815529529568336761629133900659539287553894234259467093640361536324021847078003961706949243421935535149609292208178294757500579890086414979763257060158092596743214848122082574927823906565090843784551245682410249044472990856123166366375151498671304541636343515691142353831218949261299772411179393507937810450016231527818003258805556032921207923464858256774608172704770310554906924556972003670659933921112156537651788986402282461884767218012677445166337918434082299219287519407759410482296621043851341564154556420330500851642585185121909767465969736766741376422878805968575696379434075368272983304018014
	N2 = 21600063461879280196410870178375017076110712247034891626041940082151068684386887677457402957891261138942259276566830312901997784853835296670693034266666212925876349513172284079705194031755813580344297385062689437971603801148950165924900554550652237471371482145097819406987634645634018937896458429208395791434589621784211092816471949553892029066927996808073256052798796162896009834612893099377657528361225264269730419481507743910434843238801198952335774170762667335524430283186551699296552084132730977707772758779260479405788898236608233934067239782848658380856859175623243778723002308377258891820426770026877957061401

	C3 = 11245600133735016365117362829293667603191587730690285779974486645194882744424959213290227322450180662529076053315568995427207311553172148085682922097330773013327493607051129328886026736321277603962465666646709086973805717218896641815021424945902858582179414486473766319702477596700105896410653460076814398382127557878279909337585351500001129127485718821080491584036192356363384636132594993418070895169593657137136061712963281043619927809243389036946471889123504683281523510726002854253439116691279495108731059741869783594241043499774335141622179775010116351725837839832383406040330437437481167589840958372506426763254
	N3 = 22672702745282102663556208336143989832920298743789961776089760335080449379620160950639293014064557548407790426119208318440153482963395149100234235582839783903963665840950610122780566690961442780689303746083065866112924940439088172731161065970873525860696873562729354298204126808095117971036826339112028888876155705514257782096717394626339123979602505600788259754284111563415584026730227259110658536007293428688691459901051554344326419399658074516652677631335537639760903408228657982498911286910747180567639808982517842727582159907418003276234434155647821330026386363122808867597465894075076332347672555352316957100993

	C4 = 18516643095562398995668533803762774446304146229424940945397187349384298610823892359110958006228600001129102885152760663495347917628128193221417709116053363794455696791642339626510381267602451772319637851400678017312602323268221572284216402284304705562875118581157260529638868631863861924556744287077953642973308093561343164296718793593433291676412073150828602914715131796119179642959314558057344532783034444951882201466376837981878545737529151217710459244142612916832074425230905960356528448080973618288496325370377173564127464954875032695133648932702793798320979455870673870976887781257549746942625941429579741010270
	N4 = 26988607173741115933900822256923659444302125122539278430950988871555189138247392039290413221765360905370227302279189271911132246582152793866517857202617458789817472738485175676870972584407890759810753559735942064886741815093704840217272282510461163773907497740961718806912782824716769167041001551156131343325890477188212317519320453198262687827336271225804969710090921124961291275071394125333805468634112401639488794709795347035536588817682860025551568208767946402532180015525450592932248190526365314570645557370916761103163654280385178751212138486361151092723464915053285719425891702684067432346851328424885796389817

	C5 = 16234930623218138889526518684550303290091429047673271100215829299347705159552616967052457540686556330850257796531487862146892604233241424080405608322168764812446578135647890637181672523281252106514062225182856565128278422834768952509379755767925162776634061261454662769429539015566733927869639777645591135295724109869149315426407494359252458531359258056538896278380487304943301542518411797193671715244796859595170742003421150573548870249260161780049891845926846370393594256147945196460649806539640794807782473511385208111394606662824268595484598223352000639552739314295731600740144863280284774776364915234378532422109
	N5 = 18612498743007276209546659493407131112236240051060893514783996455601840351697829503889757154552092494969733915079189711091167795711020740880120207438328847016435155873155857986684744304472967291993895316188192205606445873849160210239995838100938173996319911827659211405805740332805840562570477020150887880129004051963216423159236730553725303666254766270936155373170585740388539125357922443860032040325558399663562779860026651798265127930579618176579884945791041434637848074032887703078457700685426810977516538529902945957950332460953595711713649670206742866746312836087704683684172639327711384532163917122017043475877

	C6 = 662361597004020323701782712405629134497010934935046713820429474087392882151870881580269779655698349077203809779834079610728094208893526514469953878670382023229154398085158420666392458179409076383454051041090065773823342912134394708821426714606725112066614260018104153712414116584976232099178568108923522677243234876392689552224408448854800342693033158352943933707091540142502858273208447362609300610091623736823554566960365496106195585769649933179365087607330651718136517113372689366474528058274490861762901541810571069745503528148677073263197470087641720546960911860537081684666026163064116784227765962684665435982
	N6 = 30060404850981989356325653856062348383713756193049571982180795115405758572066328866157252457185638475358328443402740580231814789935012941678556742646678509473798348783295975798487516948831274145735500413531609114605882806722555801771061437094444324945960298131631787678270453694949716791522344155064835483770979442054736387540607992977313870622344699584492690886555863274012457862969426035109179398123735387873871402552561801825285349152182929097359460801146097907568032122298857009062229978627745650515256704780201968309142333073419629521382227437107434807142577040991888257016958386152315628986290816879489282413133

	C7 = 16877189941536807680624937491006982389364984630123292991510640852509819950687059857655547882049005691800626523214145336183267178574217107392144208277863207494692576988568388815380109406084674912267381852493041645597743969937001313790953152249672062867424898436689020008649473773734446552936419072324732099093984372784427497361243383748613918125612010160696451170069748277309591783221231376502949560734965565539411991104992650056627499757222765334257768498483120958391408256478739695472783605393727520270518230169573690364163637454017971721446010546561291176925708657955182715705681641592645227715405440345054381766804
	N7 = 23890472526968430781643649369422511096477048017850812199785212846851079971948160327212190956639397428009334690623468952000746298906394075083824476555283992873854805156427247831047078254936356628997857934328952353862056756034901935880639811850074062972819577675616917014397779935280900673822595391689835150987972299140155626876370254348245865807662661459825994105582491086602807655100691252156264648474840756557482803856498880297700589020875287210357401801768179699377323832055287904240286843377972074616307825831398112600358548373313648461163125034061360713897312664213808659399357817506657513131747316086923862575921

	C8 = 1094004533854571080682481911793872775456831862550751453541585525253550848162878628310075369324016013220755363164488810710986682785732536797402227273635436446326895878828135116384310032410115827815366779577012065584756031151545392420626912356067176078051191500667340289066744738841757008227521550461322879463361883579735662821947790901950956299841908452059735572739519446351759187345595324422124904221779727916615716604180111041938928762500533408492643293551294999986890648571964781055072998989474184668803962567049434698764770410243212576618191749257018943943064370139007581131742011409237697415678239481570866287856
	N8 = 23380350886751802164855055509767690587110532513263747329112120555656644434780631040110038642188151592059929588044414948325211672918053984491507898579097389469206795350731321096122528877702956312243099965033821787352579527297287595471670265642034590044693594308949001846577959893059711155887065700545875905878325946348597308141335309729521701292624206630814051016365852513617153226148240768160609527482624819836390706106701107817845611955696030975432989831656112917337047183328080653349006022409482766999575307249660411151068963350799235192503437567887115119096973492021233078803118656184604578429814105099886663594693

	C9 = 16246636901773138996814290343353020151457346162998998307405405181601474102892689154884824109748122320746251675232569782773999745712675571041960024418214494332379018131875195778074924128659254816882971443065257997201886303313629437038985747908702444484272461777188521309080387918561819965845652703652896000140332806309467868342173096743522054626380575227900410896175684041018594046730293277704896351684813603954564513450331273930079508805816621325775966947493373833003600147888965694698626738744232709953548700496846363458883560114005451843752399292262623867664649431421570137967781543444221586067817974021120109598921
	N9 = 24030804860101977933476957347819462169894929710541377289906765400595334129288313839541119744743210209415594591444692274924240300327170149009349292674176575089132496112901223906361134689434742740353952863321380465214274744493891860489069840869122541288948326090184993484310060272272740249607426150694223953704293886796662844940040254807059301097413348456402284888962872847705918491916163217571677078719769045989833160857383002167626927308715373093867166535593269035197746899806338542387420584847818088786425143436067234973171215748235370710734803884280088629472846773087477307891755390989172053178851178575250298820231

	C10 = 15829031034984894323992128834767517105268461988253457682374812623673027379167302368117069435938024253238736977450902258870142461658500448838399131912142418564511589745072992615964601706344887032367962344858971338727451651491855667418347980278696643469308608038951291076607701874519666731715763462323629587003874458565108231781528953352421959421420283784328068711854299008678129337565552708623593606137355854951816336801002428235478295589097771226955476895928987923919036155754408604704446652902092198621246454325920997908044782726666074364774188498010929424209712246401618592597043438325782597704909235885721780938585
	N10 = 29599537988011368844212192807590374714698164905750839331460749915852536597430125629336669800553956214798026782260461278467917464100560938551182795389765460311314334574516888192351951865688138371377605547887686773668293607699325379118605941688095878257558621432317525450992974107005325947018100512684323886977504634164489389759529097967289990281971478014840524344212478178662847560300394278111562185567862459126701109936994197318497527887033886642967402029113278823635743801575598058745194338530662846513386309057705053897618494797627653311712150802667309285170521937793536794113639533431268941243329554139815742737677

	C11 = 7726447580767850051395947393232957015871261186914935521204941226539403279946836987104987106713538681923679247877609039171452455217280283628257627686094181836565664018167980047361880700563985143808156427571796588019612787485032936095796366297045073487988914217440935409989324071195449332090411594212638071771269875328594616338913923990561081990832918093028204931030723148405335629173144560000101241766110262305574038393183868548669632110581118115668313348766084182632885622250986716312738557635935992351275564122683740688789347070593060029886828754962524559819979014597410645051681579721449730393478838386828782756193
	N11 = 23160408911716067048449307831783899188316884967834642592541006181192104782985076674059719106847459208481873305300285563963876715315002734481314802130066449213720561944302819360619320391084840967517304916250844947272252382402813481440225581938218963811553331757013501777923958744439389304485465487472480664604895423335385581233661672353610925316294720156515188301900654780553045533399970890012708143589417361193460252158297177085454274695930069544409391039578026160939026367678826762268168026574927870114419979476937292129457170700960815344235886278427627323129144277489719511835146521693191800857992683681906057060463

	C12 = 3110421392685842505144846266631282268053295098925521960856401799081635187244620627511962317103092692861797769711740862146809441701082968199655346148114785353044960204261706156704477680280525335517413885300283681356768732364776678814787653331279774398059985135419606293501757876026564697032592563116607419345000799680180072747731505355792857317756934495355312915963856654485292417587150562503456652804962547527833571408329196111241161902672358558934016819909218544544100308759330697439043043961658962269669936218373997430723761108219918919158999819777410680131038212610058047365690513126420343270070930182951213332361
	N12 = 20826297766792773991432042813957670431345223817606452211375010495765041374773238466489989083679958068411924848929945096975468526050576210955933117642051017166258252165022313640051187458468482381713721607639558251611068325931610690091224091898829025647386335265036210147942677813912859329539094308542499621989928153616794269925652820267880787642652492412537574637386965804834512590032082215626304818892329476095010909105633146962840106301442129458323046886186347065307762199145578311997003927515199164882245718446162723535482644159946917048704065734475134191119967004253241833356928158591978706976978808609605160114343

	C13 = 8390943140508389256739814272645102341799462269626284302274243524390297822726122608887716845501426604137499661741356123432756804763372800866348993114450495304503724149486726336202074674991507756785723195511191837112079687429825513520969764809403654448946502400253852421512101527273709585678310705642384424427234494842591600578979210455452817994169739275900884192911807766246039233697855664913347196233200995685731101578801234372938715847732368565340345450241464656430162612109852884836710306552016784959142560436674650536312526917952551119250575865330056001997494585696472390087856263437052079823194603093258218032315
	N13 = 24142513829399203744337032082278529892149392333374734878785387788116342156775650901679032814195636034097581073863444071056730682142863541201304448060463918947238444326160167807584244855252210907051224532785395284134047710869100549668551694105592119152615807348056705324432085171908982988460447349047870256487532784630007089096759775748738275809739775471191319754191959489137988544960417032640397233885230232821252220460324764297987308599406706549157002201813624656387142554704561393872767959439334878321277005370025137475432900741289259108489812637314335891018332650784971177022688814839017504940088023479087752366657

	C14 = 6209081282547983870368051219282171245549364960861980675633382355540769169105793197347236477762961059637300269565381147237616034193917430108795139925967636364383380190218459610550287856068125307199978266267967306356027718053708091670649844345516448912193666974000685902016845576993623261695489523746492319149006152800021134532541792296730229054128919052707148533782171446696406715397779892047722565033779292699150409084533616345278231409758331138621001117036731170918692177643870360655520742622389547453562622623077681239129079868779602064151854979000448541706843536628794597972233343680963444074945624062663929354004
	N14 = 23776181882513550690601531634743164073284453342166345704519844801141073142618240660467120360079075284262721515707988652630867719181782773695754111361600880610207923490423526941874496413059917366031888830927716478633613770796695054249092460649856106415131383725130352773643545477655861692045753819942893450690013582987777725787242527112261270197746283397694168384085877410900827624094441147468840253544884974394282960766934131475386784850857350924290725098436185365628070502054366757627658597326593559426992301840391385263108434216394213417125518102784785342945087361199146728272848144016770827756511774807692384510539

	C15 = 5221916689882794974968454162648434549352799290703571725132878430184047377788007272592188734863427743538951765405786374395023903677906475772767672866316162112727902124224623419852260456281202870089025838609946275929676723097804620294999060697823067759186878272766619189148120963506709414320655338019391957004477823941246511183201008480433900479842202983116849583441794332842486490635807334219910185335763137052611119516298685935538101593763494427058139474584019699702723783182597913065852418397043122292252986177030963881663178810584856067794681209999945202785490162148784316280203283453254841227209037134306819677190
	N15 = 24012638740159129939481929571517919244193482102926657423549586977800986707566912983228470063462748609708802397606197501129657999242915323054179924194939501230630455236894784362694569222663459637812736515880578615292821397509542756502616448665756388005089798388202261111487003191066639274341662886944057618764840339796913961508758227027133935594471121390932094814732497255104968753334880825784962127128811342508353534374213324121950149762437615254435111683311613585559264982277008709473775380364248318079408235923522973164231043662942280911918791615086422361043374101119966764576351164135236209252955975527220921330643

	C16 = 1375535819425091520984514312568512177668686493045590476680606897424475697200281314861466675010193552082652074060303700892562278437529863610959170836174377306284764920334362203561850023438995673567796140162888432574493247667044114972944272645404893369815902386090726648159188796152635136091769262801831054754052400935694009077869397350548866318648428388058307017448584443930684506845203763504533880184823693392613533285234752452979679675501143133731300588619315538481057537312603608270842452813537222489841269804142772234481176024467424576429074422173383709337504980075281164764054808013370705416631967205813872287662
	N16 = 26197282883895601445589583453400096292659773869436855122182183673348374665043203695947023933699825914470903397912240958889784238740242660640371455779845984352564743752276719808622258793089780058812165761077914786131545926863093293371095509042010507538066085289915579361944642597749586479487699960047577588584485028527450245395128760261535565455865082515530809728695514453351594706201389691959083955273714218122597670632308130389166059922751573681854747155603879023281343235489071856534763445491836519024465670500669135362767672132299237920012944994268932906903286234242217263758307840505829716040510362506838106182959

	C17 = 10592334816343085761503848812062568466357112376396205592987527425511397198830546899992815586800091560659524054880247916875551319041954979981251002285250655051566028892610983357050174789916123449596217763370209413469549342580863984878422934423102025473892847578143012589396577843096738843936490809763734987619253708508804449267253235818614588329601759465846637941086706977909172789919432621441108301354202806225408436715559001725625670887575736334600503460576933103638916526789981801262705324700313736379543862358030987556260634241901029238420867333256695415784889983144835477515156951994642577307691514725467214568406
	N17 = 27681698904637578237884734633506568458497694964747581800063953942563466231028688814555875213877549137399347075806146923038464984230501426397157407237404557611465054580474996457321316572841720902697417522886490729877251092972948022293174319291920679796610002883516049669001955904312762452367265809801177813839469552278842008652862426899995020094394188752850201800484655930235664830211283198362892323945649667916209622455803679780525856782193886759064800291886137086642769535355243146943698132913929918760233346840615706144065618130204936679546589196703740966382877899499703491248842134180851349709635330920182429331627

	C18 = 22529456961902654770399177249358749495827219579008010296418451079568955526535408303587263717112950451538854343798580126595505986134705603978908734118227643123234972906040723803380996813524577395386737831760654970147940604714185248140393568743685047004330527969232913813427076010317775528581246706605912288607142170078866340909101596605707507036289096187550671005524545171162956226749595751016897578242412898009935617099967941350482209554813186859237075016041137191675779941498194827137994045023493326979205590088635876857011293726486992103791422136469572666591203203681865897410156849389410595781948643871038443493160
	N18 = 25994854533114339581577017985330774831732395851486549048522051119474323101656463635661319066580803770611797846429140339911624755800199642304671646276055511130618346609942490462965646329794349515289725839614705529032356572557547999920939735219976346716096422247314537077796030814529837519084320534539684454003795161784803121046876481877555939777497035782992506293096942807035919751266736219546660978873903119929643354834372085890250889872517346751262423893830722423838910847251645600417123399325150121387932803523739475111591257652840696646178722074104182268279651800055597553746550029462485575124269973334103487599541

	C19 = 5990615864825276990977395066109822405539633680216389626230935330695142627837305503159389328760979853452492200766136041027479325474598745515876806679241535151252048551602203250063337430404045319510633579325443553363381495902986186508818680853693940057245627122038086521362372863900249501567571611749304756450663266989871867323317228351290655447007849504653616655128153114305369225728803259141235704561634764662903043156510976239225406218650411604533182704239036305886697659520049582973044875903250650608032330106631678246613133191755446607148209498512804171927882497791337619029645305965989564544069343326561543483302
	N19 = 22893102514602182481751537220293608110153624062056594483099902253976321847451325943514706715707893891952721749321559110039626880334900231867780557830682578285735092696602292847925086841295031756606719998377561702783561468740480355947248642841379682546475352671584039579696167569783148367648076619574228931217163914637266271554777201652737127593050290385138871337455964461152671167397097184952313601034907450770162236362708726362343130157175332743262164203353213652366899727589724882779991841371963116533403662975436691137493406616408558205292492940878248789584041200573445367200708167911940843899604463070503708437951

	C20 = 354730322179992569351057392072570155842559988556076760133594481799078063862500700338377205726342041219841852163309654563743316120016334985713689806271704485917876711404372766633019118693043742400220556896485874204258071611965398849084542485006486786226551048885930100522074313289822698415005773468392852665094708691540466213557804187272678046243190015873686490729663924054319308547453785553205785912190676118225920105653577320022469669332532845772113177852800811690261114638168208181169749575480381900672368382355275447464918075092386846579470423607555990095134935514925912622722217960272846321784910875130364709414
	N20 = 18253274074274117116540455011345578423286982966969579717654582859328045161310074319265986538007934226831345699458914289534190421987215620738581623436882089146574777579740398728239620643427700153356425526142005586206594874976734295146295439226280104018077982989041608761886424306740668495785914447834936841183499824037706298774834975984111294477014111460031941070985013519856601410835455861032151505775831019530143841871958264106543332844640591837772600929350851377557407245895611528398531701215173763854360619568503476441120097171646244644812646763527214458027829152541565168934731486914867428429396866974372820881281

	C21 = 791858034355038282032949913702864439192321699736201364625463338369583896157090094221650849975220136019836808541572939196707741920755693548373387400053110603690255860149144655664937868763525503601945850363504652933481660180909819719359770836971204991855786354983505861446659514915485247816172531481087432992585701448240474614748787781934396549849886223462744221961559551814360848233536683299452678943779633908086234804295895415382117626335026547993578819820873362967333865400308223693690288024398537360213697596507394292060315779141413902392052324253098740607828365773698400280547630756810131339503326974421013047111
	N21 = 18672087913343954860440263116798686154347332037159112449942380500765716982980021070344074084527963310014890434822991693433405944123637343993934120893377694636325771786202785171843371770951353384595365905872878098268657661780978241750736768975001672578522289409444613113285272613829443497225027547276794074752321244614963490511497616746231749610118421385774448036776629195808065326102977707309082482423106422900766563444231920255370850250130753579125265207093895090423737367037798115250051532091484966171495746751084979189916463994548360317125757162903873133088507306407708467583740283191323198210995589235186833903621




	def chinese_remainder_theorem(items):
	# Determine N, the product of all n_i
	N = 1
	for a, n in items:
	N *= n

	# Find the solution (mod N)
	result = 0
	for a, n in items:
	m = N // n
	r, s, d = extended_gcd(n, m)
	if d != 1:
	raise "Input not pairwise co-prime"
	result += a * s * m

	# Make sure we return the canonical solution.
	return result % N


	def extended_gcd(a, b):
	x, y = 0, 1
	lastx, lasty = 1, 0

	while b:
	a, (q, b) = b, divmod(a, b)
	x, lastx = lastx - q * x, x
	y, lasty = lasty - q * y, y

	return (lastx, lasty, a)


	def mul_inv(a, b):
	b0 = b
	x0, x1 = 0, 1
	if b == 1:
	return 1
	while a > 1:
	q = a // b
	a, b = b, a % b
	x0, x1 = x1 - q * x0, x0
	if x1 < 0:
	x1 += b0
	return x1


	def get_value(filename):
	with open(filename) as f:
	value = f.readline()
	return int(value, 16)

	if __name__ == '__main__':

	ciphertexts = [C1, C2, C3, C4, C5, C6, C7, C8, C9, C10, C11, C12, C13, C14, C15, C16, C17, C18, C19, C20, C21]

	modulus = [N1, N2, N3, N4, N5, N6, N7, N8, N9, N10, N11, N12, N13, N14, N15, N16, N17, N18, N19, N20, N21]

	C = chinese_remainder_theorem(list(zip(ciphertexts, modulus)))
	M = int(root(C, EXPONENT))

	M = hex(M)[2:]
	print(unhexlify(M).decode('utf-8'))
	```


	### vigenere xor

	i searched everywhere for all kinds of vigenere attacks, but none of them really work with how this chall is designed

	so i had to merge the 2 tools together

	the bulk of the chall pretty much match exactly https://osandamalith.com/2015/05/02/breaking-the-vigenere-cipher/ aside from determining the key length which used IC analysis from modified https://github.com/ichantzaras/creamcrackerz (see UMD CTF folder on laptop) after editing consts to a reasonable length (40 since the next key length seems to be 58 which sounds way too long)

	but i couldnt figure out how tf the first tool worked with excel being an ass to use so i just used the excel column splitting macro just in case its different from creamcrackerz and then exported it to csv for me to sort the columns in python

	then i just followed how the blog did the cracking - grab the most frequent bytes, use its HEXor function to grab the key bytes, and finally decrypt

	ey it worked - but only partially since i assume some of the columns have same frequency for multiple bytes and python chose the wrong one when sorting

	either way i can just use plain english knowledge now that we have enough context for it and then xor the ciphertext to get the key that way and then decrypt it again

	and voila `UMDCTF{d1d_y0u_use_k4s!sk1_0r_IoC???}`

	```py
	import collections

	columns = []
	with open('Book1.csv') as c:
	lines = c.readlines()
	columns = [[]] * len(lines[0].split(","))
	for line in lines:
	for index, val in enumerate(line.replace('\n', '').split(",")):
	if val != '':
	columns[index] = columns[index] + [val]

	sortedcolumns = []
	for column in columns:
	new_list = [item for items, c in collections.Counter(column).most_common() for item in [items] * c]
	sortedcolumns.append(new_list)

	Bytes = []
	for column in sortedcolumns:
	Bytes.append(column[0])

	print(Bytes)

	def HeXOR(a, b):
	return "".join(["%x" % (int(x,16) ^ int(y,16)) for (x, y) in zip(a, b)])

	print("Key of length " + str(len(Bytes)) + ". Key bytes are:\n")
	key = b''
	for i in Bytes:
	key += bytes([int(HeXOR(i,'20'), 16)]) # Assuming space '0x20' as the most occuring letter

	print(key)

	def decrypt(key, Str):
	a = kIdx = 0
	b = 2
	decryptStr = ''
	for x in range(len(Str)):
	if not b == len(Str):
	decryptStr += chr(int('0x'+Str[a:b],0) ^ key[kIdx])
	kIdx = (kIdx + 1) % len(key)
	a += 2
	b += 2

	return decryptStr

	with open('ciphertext.txt') as c:
	ct = c.readlines()
	pt = decrypt(key, ct[0].replace('\n', ''))
	print(pt)
	print(pt[29:59])

	#probably coz theres multiple same frequencies and python picked the wrong one so we use common english knowledge to break it
	expstr = 'u even have basic knowlege of'
	realkey = b''
	assert len(expstr) == 29
	for index, i in enumerate(bytes.fromhex(ct[0][292:294])):
	realkey += bytes([i ^ ord(expstr[index])])
	print(realkey)
	pt = decrypt(realkey, ct[0].replace('\n', ''))
	print(pt)
	```

File Metadata

Mime Type: text/x-python
Expires: Thu, Oct 9, 7:23 AM (8 h, 39 m)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: 4d/96/dec6d806dc231e39e303413c0dad

umdctf22.mdNo OneTemporaryActions

umdctf22.mdView Options

File Metadata

Event Timeline

umdctf22.md
No OneTemporary
Actions

umdctf22.md
View Options