CTF 313 2019 WriteUps(1)
I solved 21 issues at this competition, but I got only 91 points.
Each issues had low score...
Encryption&Encoding
[Not Encryption] - 3pts
I think it is the hex values of the ASCII characters.
I used the Cyber Chef - https://gchq.github.io/CyberChef/
I choose the operation "From Hex"
->The result is, "encoding is not encryption the flag=simple"
The flag is : simple
[Adapt] - 3pts
I guess, it is ROT encrypted text.
So I used the CyberChef, operation "ROT 13".
But I couldn't get the readable text. I change the value of "Amount"
->When I specified "6" as the value of "Amount", I got the readable test.
“The measure of intelligence is the ability to change.”
According to the statements of the issue, the flag is the last name of the person who said as above. -> It is Albert Einstein.
The flag is : Einstein
[Lucky Number] - 3pts
I guess, it is ROT encrypted text.
So I used the CyberChef, operation "ROT 13".
->I got readable text : around and around we go the flag is nobodyknows
The flag is : nobodyknows
[Phonemes] - 3pts
I looked at these numbers for a while...
All numbers within 26, so I guess these are number of alphabets.
I translate as following.
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
->NOW I KNOW MY A B CS NEXT TIME WONT YOU SING WITH ME THE FLAG IS ALPHABET
The flag is : ALPHABET
[BOTW] - 3pts
botw.png
According to the name of the issue "BOTW", maybe it is related to the
The Legend of Zelda: Breath of the Wild
It is the Hylian language.
https://www.pinterest.jp/pin/379076493621633216/
I can translate it !!
->MASTER USING IT AND YOU CAN HAVE THIS THE FLAG IS SHEIKAH
The flag is : SHEIKAH
[A Long-Expected Party] - 3pts
It looks like base64 encoded text, but it is not contain the lower case characters.
So I guess it is base32 encoded text.
I decode it by using CyberChef.
->What character said, "I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve."
I don't know it , so I found it by googling.
The flag is : Bilbo
[Dolor Sit Amet] - 3pts
Clearly, it is base64-encoded string.
So I decode it by using CyberCheff
->Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. flag is lorem ipsum. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
The flag is : lorem ipsum
[Mouth of the Guru] - 12pts
I don' know these characters.
So I used online-language detecting service.
http://aztekium.pl/languages.py
-> Detected it as Punjabi.
I used the Google translate by specifying the source language as Punjabi.
->102 108 97 103 32 105 115 32 112 117 110 106 97 98
These are values of the ASCII characters.
I use the CyberChef -> The result is "flag is punjab"
The flag is : punjab
[Perpendicular] - 12pts
QSVEHHGOT
BPEVIEZRA
GEZENZIIL
PCIRGFSZQ
ETSYZLZOB
RIZTTAHNG
According to the title, read the problem sentences vertically.
->QBGPERSPECTIVEZISZEVERYTHINGZTHEZFLAGZISZHORIZONTALQBG
Delete the "QBG", replace the "Z" as the space.
->PERSPECTIVE IS EVERYTHING THE FLAG IS HORIZONTAL
The flag is : HORIZONTAL
Forensics
[Name that File] - 3pts
Open the challenge.docx, it contains the following image.
Maybe it is the dump image of the some file, and the flag is the extension of this file.
It contains these strings : OTTO,CFF,head...
I googled these keywords, so I found following page.
https://nixeneko.hatenablog.com/entry/2018/06/20/000000
It seems to the OpenType(OTF) file.
The flag is : otf
[Seeing is Believing] - 3pts
seeing.png is the corrupted PNG image.
I used the TweakPNG to analyze the seeing.png.
->The structure of this file is not the PNG, maybe it is other format file just contains header of the PNG format.
I used TrID to detect the format of the seeing.png.
--------------------- TrID ---------------------
99.6% (.PNG) Portable Network Graphics (16000/1)
Related URL: http://en.wikipedia.org/wiki/Portable_Network_Graphics
0.3% (.GBC) GameBoy Color ROM File (50/2)
Related URL: http://en.wikipedia.org/wiki/Gameboy
So I guess it is the GameBoy Color ROM File(.GBC)
I found the other GBC file from the internet, and copy the header of it to the seeint.png
->seeing_repair.png
First, I used the "TGB Dual" as the emulator.
http://www.emusite.com/pc/tgbdual.php
The ROM launched, but it never show the flag...
So I used the other emulator : BGB
http://www.angelfire.com/crazy4/timespotdownload/bgb-j.html
http://bgb.bircd.org/#downloads
It shown the checksum error when launch the ROM, but it succeed to run the ROM.
The flag is : PlayItLoud!
[Ni Wom] - 4pts
niWom.jpg
I got the strings of the niWom.jpg.
It contains many base64-encoded strings.
But it seems not associate to the flag.
Then I found, the list of numbers.
********************************************
48 104 44 32 55 104 51 115 101 32 110 49 103 104 116 53 32 111 102 32 78 49 32 119 111 117 108 100 32 108 49 107 101 32 116 111 32 98 49 100 32 121 48 117 32 119 51 108 99 111 109 51 44 32 104 52 99 107 32 111 110 32 121 111 117 32 108 51 51 116 32 121 51 51 55 32 104 97 99 107 51 114 115 32 116 104 101 32 102 108 52 103 32 49 115 32 116 104 51 32 119 48 114 100 32 49 110 32 55 104 105 53 32 53 101 110 55 97 110 99 101 32 119 49 116 104 32 116 104 51 32 109 111 53 116 32 108 51 51 116 32 55 114 97 110 53 102 101 114 115 44 32 49 110 32 49 116 39 53 32 110 48 110 51 32 108 51 51 116 32 102 48 114 109 13 10 13 10 13 10
********************************************
These are the values of the code of the ASCII characters.
I translate it to the ASCII characters by using CyberChef.
->0h, 7h3se n1ght5 of N1 would l1ke to b1d y0u w3lcom3, h4ck on you l33t y337 hack3rs the fl4g 1s th3 w0rd 1n 7hi5 5en7ance w1th th3 mo5t l33t 7ran5fers, 1n 1t'5 n0n3 l33t f0rm
I think, most leet translated word in above sentence is "y337".
y337 is not the flag.So...
The flag is : yeet
