From dc6284f487b3f95cf91061b9984608b8d36c4f1c Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 2 Sep 2024 20:19:47 +0200 Subject: [PATCH] rev: add a few more challenges --- rev/bloat_py/bloat.flag.py | 41 + rev/bloat_py/clean-bloat.flag.py | 39 + rev/bloat_py/flag.txt.enc | Bin 0 -> 35 bytes rev/bloat_py/output.txt | 4 + rev/file_run1/run | Bin 0 -> 16736 bytes rev/file_run2/output.txt | 2 + rev/file_run2/run | Bin 0 -> 16816 bytes rev/fresh_java/KeygenMe.class | Bin 0 -> 1883 bytes rev/fresh_java/decompiled.java | 152 +++ rev/fresh_java/flag.txt | 1 + rev/patchme_py/flag.txt.enc | 3 + rev/patchme_py/output.txt | 4 + rev/patchme_py/patchme.flag.py | 31 + rev/reverse/ret | Bin 0 -> 16888 bytes rev/reverse/solve.sh | 4 + rev/safe_opener/SafeOpener.java | 42 + rev/safe_opener/a.out | 0 rev/safe_opener/flag.txt | 3 + rev/safe_opener_2/SafeOpener.class | Bin 0 -> 2036 bytes rev/safe_opener_2/solve.sh | 4 + rev/speeds_and_feeds/flag.txt | 3 + rev/speeds_and_feeds/output.nc | 1099 +++++++++++++++++ rev/unpackme_py/unpackme.flag.py | 15 + .../VaultDoorTraining.java | 26 + rev/vault_door_training/flag.txt | 1 + 25 files changed, 1474 insertions(+) create mode 100755 rev/bloat_py/bloat.flag.py create mode 100755 rev/bloat_py/clean-bloat.flag.py create mode 100644 rev/bloat_py/flag.txt.enc create mode 100644 rev/bloat_py/output.txt create mode 100755 rev/file_run1/run create mode 100644 rev/file_run2/output.txt create mode 100755 rev/file_run2/run create mode 100644 rev/fresh_java/KeygenMe.class create mode 100644 rev/fresh_java/decompiled.java create mode 100644 rev/fresh_java/flag.txt create mode 100644 rev/patchme_py/flag.txt.enc create mode 100644 rev/patchme_py/output.txt create mode 100644 rev/patchme_py/patchme.flag.py create mode 100755 rev/reverse/ret create mode 100755 rev/reverse/solve.sh create mode 100644 rev/safe_opener/SafeOpener.java create mode 100644 rev/safe_opener/a.out create mode 100644 rev/safe_opener/flag.txt create mode 100644 rev/safe_opener_2/SafeOpener.class create mode 100755 rev/safe_opener_2/solve.sh create mode 100644 rev/speeds_and_feeds/flag.txt create mode 100644 rev/speeds_and_feeds/output.nc create mode 100755 rev/unpackme_py/unpackme.flag.py create mode 100644 rev/vault_door_training/VaultDoorTraining.java create mode 100644 rev/vault_door_training/flag.txt diff --git a/rev/bloat_py/bloat.flag.py b/rev/bloat_py/bloat.flag.py new file mode 100755 index 0000000..f4c9686 --- /dev/null +++ b/rev/bloat_py/bloat.flag.py @@ -0,0 +1,41 @@ +import sys +a = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ"+ \ + "[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ " +def arg133(arg432): + if arg432 == a[71]+a[64]+a[79]+a[79]+a[88]+a[66]+a[71]+a[64]+a[77]+a[66]+a[68]: + return True + else: + print(a[51]+a[71]+a[64]+a[83]+a[94]+a[79]+a[64]+a[82]+a[82]+a[86]+a[78]+\ +a[81]+a[67]+a[94]+a[72]+a[82]+a[94]+a[72]+a[77]+a[66]+a[78]+a[81]+\ +a[81]+a[68]+a[66]+a[83]) + sys.exit(0) + return False +def arg111(arg444): + return arg122(arg444.decode(), a[81]+a[64]+a[79]+a[82]+a[66]+a[64]+a[75]+\ +a[75]+a[72]+a[78]+a[77]) +def arg232(): + return input(a[47]+a[75]+a[68]+a[64]+a[82]+a[68]+a[94]+a[68]+a[77]+a[83]+\ +a[68]+a[81]+a[94]+a[66]+a[78]+a[81]+a[81]+a[68]+a[66]+a[83]+\ +a[94]+a[79]+a[64]+a[82]+a[82]+a[86]+a[78]+a[81]+a[67]+a[94]+\ +a[69]+a[78]+a[81]+a[94]+a[69]+a[75]+a[64]+a[70]+a[25]+a[94]) +def arg132(): + return open('flag.txt.enc', 'rb').read() +def arg112(): + print(a[54]+a[68]+a[75]+a[66]+a[78]+a[76]+a[68]+a[94]+a[65]+a[64]+a[66]+\ +a[74]+a[13]+a[13]+a[13]+a[94]+a[88]+a[78]+a[84]+a[81]+a[94]+a[69]+\ +a[75]+a[64]+a[70]+a[11]+a[94]+a[84]+a[82]+a[68]+a[81]+a[25]) +def arg122(arg432, arg423): + arg433 = arg423 + i = 0 + while len(arg433) < len(arg432): + arg433 = arg433 + arg423[i] + i = (i + 1) % len(arg423) + return "".join([chr(ord(arg422) ^ ord(arg442)) for (arg422,arg442) in zip(arg432,arg433)]) +arg444 = arg132() +arg432 = arg232() +arg133(arg432) +arg112() +arg423 = arg111(arg444) +print(arg423) +sys.exit(0) + diff --git a/rev/bloat_py/clean-bloat.flag.py b/rev/bloat_py/clean-bloat.flag.py new file mode 100755 index 0000000..072b867 --- /dev/null +++ b/rev/bloat_py/clean-bloat.flag.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +import sys + +def arg133(arg432): + if arg432 == "happychance": + return True + else: + print("That password is incorrect") + sys.exit(0) + return False + +def arg111(arg444): + return arg122(arg444.decode(), "rapscallion") + +def arg232(): + return input("Please enter correct password for flag:") + +def arg132(): + return open('flag.txt.enc', 'rb').read() + +def arg112(): + print("Welcome back... your flag, user:") + +def arg122(arg432, arg423): + arg433 = arg423 + i = 0 + while len(arg433) < len(arg432): + arg433 = arg433 + arg423[i] + i = (i + 1) % len(arg423) + return "".join([chr(ord(arg422) ^ ord(arg442)) for (arg422,arg442) in zip(arg432,arg433)]) + +arg444 = arg132() +arg432 = arg232() +arg133(arg432) +arg112() +arg423 = arg111(arg444) +print(arg423) +sys.exit(0) diff --git a/rev/bloat_py/flag.txt.enc b/rev/bloat_py/flag.txt.enc new file mode 100644 index 0000000000000000000000000000000000000000..d07cbabe3ccfa4999513f2452d0e747c1b8edcd7 GIT binary patch literal 35 qcmZSL5SCFe)e`58i4$OFbz=yPj*VnA6bWP331f+k;Es)Ul>q=^T?SzQ literal 0 HcmV?d00001 diff --git a/rev/bloat_py/output.txt b/rev/bloat_py/output.txt new file mode 100644 index 0000000..ec9de2a --- /dev/null +++ b/rev/bloat_py/output.txt @@ -0,0 +1,4 @@ +$ ./clean-bloat.flag.py +Please enter correct password for flag:happychance +Welcome back... your flag, user: +picoCTF{d30bfu5c4710n_f7w_5e14b257} diff --git a/rev/file_run1/run b/rev/file_run1/run new file mode 100755 index 0000000000000000000000000000000000000000..6a66b04afd1155745f0df9249082bc12dcc4c514 GIT binary patch literal 16736 zcmeHOeQX>@6`%9P@uf}9myi%ADe<;RrG(&(?bwbJWOC=P>{ZT36Pu=L)AiZ6wh!Hh zx!Y^)Ktn2r!l`k|KYR#K6@(B-P*ISO%pZsZLllHS34fqO5fCZ@DJsPYDGJbJd2jZ; z^X~ebO2A*$j&=8&_j~Wn%)Xi3oAJ(ks;95FDi9Eyg5o0rrNM~JL`iXG7i9pVqFt|VS^ws3c3#Tt40OM zUaY2eGP1s0pMuVi6!~4o(`W#R(dmaxnQ4$}G1KA3L8@Gu zc6^s_?&d>O-(vlsQT!PxykdJgHPqI!J)LYwr?SO~hKcsJhPD>9kW-sw&Dbui1IN_f z{R0AuIg1>HQTD}Zl2O0!K9#{=5f z*Z%_2lo#TX@vDp^7Wvu(yi!5;AaJWH@DDG-KLxx}!Tw{5@L2XE73>AXbr{3gCdTur ztT`fdeRv|FkEF7Rbn2J^B3kGLGm$s-Od^#Pd;8*@U3#223Bj88C zkANQmKLUOP{0O{9BM_jsKI5t3TvvbZCk9%Z_P6OzHV)+V-llx(PWW!xp||WD9%&xh zIrO~fA2XDZbYfIV6?Q9+7DQk}@WZg27Wn??+TSc|0^>AiS!VzufVj|A00#k=-L$NW zfKk9Xz}EoV>17wbE5#Hzc1Q#!B7qIdYeM)=9eLaXFau@dB3*RX$XC0YA=?6mI9p@VU?lv1k465AN73Uq7P%)9^V0cG3}TAt7(V=b(qjx=z8T3EJEWD0;$? z7puBfEKNg$K*VeP4tzAw8-SuW9Qj;TJY4s3uqUicFX;(yIaS>qZhUd67H*%a*&B{# z!|kzfV=TO-Gpuxm>pH`c&TvS+JH8F><4}(CJslS5CqDvy1pEm25%446N5GGO9|1oC zegymoI3vLO4|%^KEu+eN2bZ%kEqYdve24ZYt|OWEHEtl8_baX^nfEv1x(E~N-@a$% zP(DMO5_t_Xz69C%{izp7|A0-4lZ3ec6jPlIVhte!xrrItpU8U?*&f$#m~h>RX{`NDHE5skz}^}w`E@+#8p!8=2c#Ah{}UEzEbA6!!l0Fx9R%-NivC4 z`u`7jKe)HVM&}~etGtiQ`%^=TZM3(mYqzpxV5pcii^?vwMQvPgX3ax;zfu_DcniKQ~_^c$~WV zkl_Av^UDPHyPJPN@c44`FuI+aY)Kgua9397pCFv3P%83a5v|DAih~vTNcr4`yFDuf z-}i1Fc4;e4#?A-D`^x+Bo!TJ$*W|Mm?bnpgH@NNJFZlW4=GTf!<2MLT1HRwg_VBcd zIvG136zfG@MV_B#^FDZ=E)h3z$B8T9bFvCL<+LZBuv;5Vt-Yl3!*qJme=FfBJW=0>z6CDLO&5_LMqv_mGBCRLQ zT)vqHOj3&$k%KgqfgYGtsE)Sd913j8~1G_Q@Ei z(tS)uPZo0eSR$LmBQ)^?V3kZ|^x?&; z(09^&EKwK}YH~6QRoH0eZOyYrzL3ggU4jm}ypc|z1LelkrcmXTtB_Skb0A`-U^At?nezs#g4mw=Bu*~yVMg^TAdE0NZLQF#jW6J(K z-(}?W6xZ*){x6b$Cl|fd;zcNyB44&e} zH$DDQGGJu;#r$9M`18D-@!kA?=>`b&+}zI-_7T^@&3cae%z1W1`aQg{ds*f zLlZa+og9h%8JB{y(_ci%xY0(w|F{VDV|h6^BggggyswV@z4lm_GvRz1IWjM+*neA@ zu`}%NL>@a%Q;iC2qzA(XK#3vY_V9Hr1CHD7^q;^VCP*Pq;asn+#kqH7{}b)D#d?o} HM-=}73(Qe^ literal 0 HcmV?d00001 diff --git a/rev/file_run2/output.txt b/rev/file_run2/output.txt new file mode 100644 index 0000000..9fb572f --- /dev/null +++ b/rev/file_run2/output.txt @@ -0,0 +1,2 @@ +$ ./run 'Hello!' +The flag is: picoCTF{F1r57_4rgum3n7_f65ed63e}% diff --git a/rev/file_run2/run b/rev/file_run2/run new file mode 100755 index 0000000000000000000000000000000000000000..c3c5a3dc2f4e09e82e15251636a98ed02633ca63 GIT binary patch literal 16816 zcmeHOeQZ=&6~8k>KY%hFSXc_|(ucAFl0K%;mV&9ww4L&*>a zX;)xNDjQ~@${%YqW@D;GZK8>o_y@){3*sW1-8Jxs8q>IeFjpn_yO zewEtE$ohPJ5;{YYjPE>NMFU8TRzGaYc#WYJ<4uJ)K=ln0vLA}*cbfc8lON+G)yK&3 z#F*fxk>Y7b33Qkw<68*3-(K>wV=LJ+VjY-vU(+M+r@o!!_kv^;BkaiaFmipL0zVpB z)A1qSJj}bOzL~~hFU6mc!YkIrqTLO3>td0bSTvCttQl-%cj+ zb$ge9V$L8(VKl~KA<3xseg4#ApKI;?U3E{Q_SHuZKi^b!;Tv2A)`>Ql(4VIS%9zKo zLL0OHM<6#fewVag#|>hJuTKIm717NFZb11iM&I|=e) z_T+t>e;%jHfQGCpwLzJ4h$t|U8?@`0MRT%ythir0_O|G}fwSQ~R zUV2K&{#hCM%jC|^j?t3yP@^(BZ-)U*XQ8^>q6Ogc?nz~|DF_*5v}7~Frn~wg=-N%$ z?Aq+y)ynE&Fc;?t!G6ABUq1(7%>yMnshqvJMLB!dqqxp1mmcT~p@3JYfb!hc-pXp| z2m53HhnwC2waBdPQbwA-jaemoO|MXnH+>I;iT57lauX2<#`%)(g6!G{z6Ji*4}cO2 z>H1B0VyGLJ)}{ZN~dJrAyFP#RtnCqVs91yK_TF6~uoe}a2DMw^bW6(acQ_UxO% zuJ-JmU}rFUuS*%NISBObjy3mj&P=>~KbKR^-uLL$wO1&f9ogF**_*A|w}ZKbe^f@! zxs*-6&-@kV(`WYupA7B`J{45Y_4dk@)nCG181n&V8g}29hxwUjsGTn-0!{>+2sjaN zBH%>8iGULUCjw3coCr7(_<$ndqPI2!(Vk>WXWJLsYE$(a)w)z)CcYuDQSEK0*CGuY zv_o9ou1rGG`=e>8HyYEV15v$SN+x1M@TEy%^wJW#EEFvkORf-|{hHJp3-?LU^k(Ua zG?uX^nOLPuL&=Pk4i8DIOv6=@o|NKX8%?G4EyA_T^RWQf;ya}if6wJ~z}Ep^1bhqd zCx8``x!jY0cK}}pJa{XYy8(Cuunzt$fbU*0xt`f2T!TK>vWl|ulf>hmf^jGZ7W_iA zmKm??RzkK8K0e?BfWqr*^HzPLa_)ihVXVRkJ`(VL zBq(8BC*ZRJ+Bu9|$m@H~-7>G#eE?bn)dTfI_#6YhhWa+I?7nLK{?KQH4LPaoCr7( za3bJDz=?np0Ve`Z1e^%`|3-lK3-bOzSjrfQv4Xosi;{UHAEQm1OGxH@$jeCPy?jea z=KYAcZo$O*I}dV6l*ec@AFnaSW+BUaQ-!!d`Z*>oP7>mNQ%qGRh(&}9xe<1HA zRLB6=SD1KDBJLN(6rjzE%=c5nxZRgcGXa}1jl}gYCz3Tzq4MAj zts!%~VVPyfe$u~3GKGUm|KNc4f7?s+(|896cM{s|9wzht(sIeP+}hHzSz6uIok{2! zX_H(h`)g`5hE#iayk0NAN!MLVlJw$P>k) z@W3u?o|hIH>MhOB$3nhL@VqVL%LR{TAwOI2JSgPn2%c|+{M`J!Eac%TEiyhHI87lH z<-KBmQNB_P6y<&Sa~p;A&KGQH19u0${tNBl?iH{yX5J%~imIYK-`%Es@VcEPZsn#JGl%z0Hw?-}TRdUI zgux5ikIjB7i0At-^BW=Kvb2Zq6Kw`RJr1~OAM54&I+rtK*iVn=*MTqA{%;!gON4!2 z_)Pu%j$yx0yoDXHrDEm(*sxhNZ5)3AybE^i+sE-Wvgh9!uHp|yX8OFkWt200+43m!4}>GNlUQI5rsvLWDoV#&05H6QKW)32kB8Oqr| z1OF_QZ=cU6X0RUvUYg!a@gv~pyO#*QZ?nlu$m2;3a^l~k*MP^k`6zB0Is6>Z2lG}6 z5J7O1?8oT3SV#O7;L+ZG-MvlrS-M_^$^HiL*iO6sUEn3MvBCoP4Cg?4QhHj?z|Nr_ zF?EJR)#GXpp5jQu364lo?TaP5!!b3YCsS!PoEa27$@oA_)3u1)=x?YkZiL53qG~vm z3JA6Y278%tsOg>gB|LQwzl1&PPH@G+!4Z3jT0_C>5S3p z|9Ykc&&vb?1t(y%NLUZk85*0)esspJMo;s644t;I8x$U(Q6uT3+8<6t@NiB04)Bab z6KW={K_I63fZ+tWJDsMYjYB)C3TJaTjCg3L=t-QyBS3|%5psGcu7|q;^^}SIoP+a2 zT53SZiKMQ{eTj@bkV+0{DSgO7b!Vb*@+%r4D%jj!qr(Ur=KbMxzmOwC38=zEJ!NX1 z)>7$cGEpF?pi617Fgj3fAf^l1=(!A8xi1MKX3|=ZkacYkM4XXeoiv6^*7|7<_D7&J zmdrBD$!L0T9;yn*qfnUX4$&1dTnPAT#(Jr}uRQ*;!leuMW;0dM^B5zq8%S-~avt%+ z@Ufm1;^#j`35_g?pU;_UfQ;3DFV)Yuk_`#@{>OB?&7Yqq86`F(wEOP?{-5xy&;94; zPDZYu&s5pl9|nJ13$Z`1ml%1yf_=m|vp=s}qQGI7*`J?d8Bc=Fny?IO`T_{JmSKN> z-eshp2RdswRS(-A27g=|vCPlKj1pC5Z$Hsu6fzi7_UGqkM()2oe%$}Bk$*E4$m>5w zg?RKwAA9`11sukN%ZDE`GZEUK9PQ)(qRn3-KgIwR$6za7eBb83p9~n;ekT7@Hh*3R zF#6e%kjrEIsm*_k6pYtw6Nde`*q3eoyslv6|2wd~J$|o{KaanV$dd2{5*c{>SbhUC z*hKc9>HIL;+v~q#^S>;amW<`L{@d%n2IjanpxaJ<-NWaL?e;7);`45$#h=$lr)q$N z#CE1MB{P2?6gYReet!Pu^WuCi9Iro2?8oEy1K_ZW?9c11aeBbpi%yor{*0yIZ1oob zGWMIu*C`jlek@mjGjd!%KNnV!zug||vL<{EM~=+%D)wKSXUq)yTao9E)l{JZ_tTBx saZqANxINr2{67-6-ReJ%KTMEhTj5-<=#R? z6iv{GE4U{bW#(pH<;R; zNouG5jO})ktvZtIXlG3uRpjY{F-@UUO+>%*^;d=NMfW+i=aF-IAQb3#ZU*KOppZFw ztfkpk$kGq$>L;ka39`m~_As!tO(G^pvhx=7U|p~zvIEikOv zX7deOW3x)bVm7NV%&}Sd47zzU_$xDPg>74E*lL@V7`Dr1a}67?S@8`1iVREIx;cg| zvss~GX`2-ow$EnyhE0n(V%W4fW*asw=2?af+Wztk^K2G2Y+8IF!xFYmr!*94vRPmT z<~MBGp85qD`DxpeBkTPfvk%Gs&Ul1nA`YxO>= z8Dk+2u$ZGP;c22gqp!G=)bTp?yg?IZ^_})H%bC<3zhD(#>uc;XYq?4bKeCRWxQ$=A zo!@EY5ANg|?UF->hki*Dlfw+iLk!9j?3Uxii#gL5S$r<+Piy$c%*{}CvRKDVXe8)lgoJ;y(ao$&Fm{1?^ xp}N3F>LTaWmt0Waa8Z5Br|JryQKU0h&%$fe`cOWK3;(ATWSYL)=4Mh~@(;CanMMEr literal 0 HcmV?d00001 diff --git a/rev/fresh_java/decompiled.java b/rev/fresh_java/decompiled.java new file mode 100644 index 0000000..6ab4c41 --- /dev/null +++ b/rev/fresh_java/decompiled.java @@ -0,0 +1,152 @@ +// NOTE: Decompiled with JD-GUI + +import java.util.Scanner; + +public class KeygenMe { + public static void main(String[] paramArrayOfString) { + Scanner scanner = new Scanner(System.in); + System.out.println("Enter key:"); + String str = scanner.nextLine(); + if (str.length() != 34) { + System.out.println("Invalid key"); + return; + } + if (str.charAt(33) != '}') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(32) != '9') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(31) != '8') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(30) != 'c') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(29) != 'a') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(28) != 'c') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(27) != '8') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(26) != '3') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(25) != '7') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(24) != '_') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(23) != 'd') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(22) != '3') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(21) != 'r') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(20) != '1') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(19) != 'u') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(18) != 'q') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(17) != '3') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(16) != 'r') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(15) != '_') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(14) != 'g') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(13) != 'n') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(12) != '1') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(11) != 'l') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(10) != '0') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(9) != '0') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(8) != '7') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(7) != '{') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(6) != 'F') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(5) != 'T') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(4) != 'C') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(3) != 'o') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(2) != 'c') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(1) != 'i') { + System.out.println("Invalid key"); + return; + } + if (str.charAt(0) != 'p') { + System.out.println("Invalid key"); + return; + } + System.out.println("Valid key"); + } +} \ No newline at end of file diff --git a/rev/fresh_java/flag.txt b/rev/fresh_java/flag.txt new file mode 100644 index 0000000..c789543 --- /dev/null +++ b/rev/fresh_java/flag.txt @@ -0,0 +1 @@ +picoCTF{700l1ng_r3qu1r3d_738cac89} \ No newline at end of file diff --git a/rev/patchme_py/flag.txt.enc b/rev/patchme_py/flag.txt.enc new file mode 100644 index 0000000..92dba38 --- /dev/null +++ b/rev/patchme_py/flag.txt.enc @@ -0,0 +1,3 @@ + +* ' UYX+ CR1@ +6U]WVM \ No newline at end of file diff --git a/rev/patchme_py/output.txt b/rev/patchme_py/output.txt new file mode 100644 index 0000000..e805493 --- /dev/null +++ b/rev/patchme_py/output.txt @@ -0,0 +1,4 @@ +$ python patchme.flag.py +Please enter correct password for flag: ak98-=90adfjhgj321sleuth9000 +Welcome back... your flag, user: +picoCTF{p47ch1ng_l1f3_h4ck_c4a4688b} diff --git a/rev/patchme_py/patchme.flag.py b/rev/patchme_py/patchme.flag.py new file mode 100644 index 0000000..38a930d --- /dev/null +++ b/rev/patchme_py/patchme.flag.py @@ -0,0 +1,31 @@ +### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ######################## +def str_xor(secret, key): + #extend key to secret length + new_key = key + i = 0 + while len(new_key) < len(secret): + new_key = new_key + key[i] + i = (i + 1) % len(key) + return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)]) +############################################################################### + + +flag_enc = open('flag.txt.enc', 'rb').read() + + + +def level_1_pw_check(): + user_pw = input("Please enter correct password for flag: ") + if( user_pw == "ak98" + \ + "-=90" + \ + "adfjhgj321" + \ + "sleuth9000"): + print("Welcome back... your flag, user:") + decryption = str_xor(flag_enc.decode(), "utilitarian") + print(decryption) + return + print("That password is incorrect") + + + +level_1_pw_check() diff --git a/rev/reverse/ret b/rev/reverse/ret new file mode 100755 index 0000000000000000000000000000000000000000..f017a50c762b236403e7da1d0afe6ae75906469c GIT binary patch literal 16888 zcmeHOeQXrR6`#AqU=lbR0>ObMY||h?5+61;#HOXWvwdbA*$E+blc*uf`EJiXe15FI3FTuVEf+g zd+Xixxv8T55mh_Z`OW*ikC}NhJ2!JX^JKiYI~WKEP9gDmf!uVxg+xivww*FSqM}VK zhyUxv4Pr6yi%iUtM=b(UE1e6vX)WO)plH{CnJV;C7A%-@4UwYVLTTd?OTtu8JJ7BM zMZ|mQ0M&yj%kAJ5F}T$&M+P z!<6HRF~Lt8wZls#kYSR{|3Y}}?jt)d?IL}qSO%th-qcecr@UQccT6(f2ruPwm~we{ zgB`}@zfIiDyQ#c|`eB&j&y>1TY|dr|x3zB0rW&)Ed}*|Cv~64Cw$_MNh-@*dfc3&M za7^vIb3lNbDa0s@W?!r#9_3%1Sa-bj^2+v>@W$mYHr_FN=-Frb*aw!0I+)O&hXnGN zzY0F6W3~Uwkh3tPXVu^4kS>&-1c6jVxE8RLRq*u-;7tqQeGA~-3*g@dT!N1`T@66B z`g|X7$*TexmWhh@bzd6&8M!<{8Gv39pS>a>kiIce{n-n8f;U zns(skd`p6g1E(q4l*~AAsHmMTIdB~RoK6sqJ~$>Qn{?p(3?e?|z5AJPM?4y+Hk8l+2$0vtbyAOdc12v**v+JTA;;&!4n;T#(J4|B=n(LTvW@ zGt7hcoawzwnEruZ?ctYu_!$FEhLPdnanTp@#Cr z^4~$l<%u09p*qIu--F3Jhk$(_GV(;tERyz1`f3Qx4>1p+S!ztztse(r*R^6C}CsH7lRr)%~AAJ_x7cKK+3ejf-iGXQqbnR`?6!9^Q3nttM!ny2K+ zkxa7C+28%B{9H>mtrS}xZjsCJGje(0oIF|Fn#m6-T1kE`nN+uKO_#DDn+91$o>aD^ zo0?mi6M)P>OaA~{jY)7TDkZ3sJP|)Cmrny;vGK=U_{%mPH}Qcpmdz`2`Nc{HKnJEu zYr+0`(5nP3Q>fL8mG>?i#^0BLziMr z{_HK!_Lkr3D*rWRta@GEe<~oi|Ecshd>+2IC-y*WPwc^%awJWIs7( zjr@Op1pEm25%446N5GGO9|1oCegymo_!0QTL?A$KQQ~=cT_x$msx*?&w0(tQO418b zDW5GQ9|Aa|N$E^h-7bj@nz+AEl2p`JQ`@Btn)!NW7h5F@#iE+jZ{2J)3vxad2=n=uF1`oOwnOKJ}hj%N(cfgkuy zL5Qv;=Bu@vAlr&O;CqpV>$}4Zchp_IuXbGAzIOY~EjQhWF#5%E+dz-s$uX`&rU~#} z2vEYZo`%oeP~Q&_i-+r<3U)4E9J~lMg5m*s7Cvpz4i)9y;rg!!d%_K03&q3I#G-h3 zk0*0Y3tM1pEkmvLe9e^7tGcY*oy}bQxEdHXZPu%uMn%7QK#mKJT}V zcs|pH=RYy=xj)>OU}E{ZSBwJkN9iyf?;*}CLX^*^!O|xmwyA{toJX&Y9GYYgy7|) z+1?Z658kMnJjWZhYbO5!JfzC`f&b>p>y`_+vv6+9l?_*H_(og2T}9-nR;p4KY; z5`tS4QdK-G#;f9W;!st*-oCHlE_a3C`M{0CNo&c8Sox5+#y*ell!o9}j!ISi)%JN} zxBj*EyyC{!h-%|H1hWLs18#ko#iCBc%7?^SQC}73S#Hh-pWj8|qA`b9Ih;R(&?)tF z&Y9(5!lNGi(}eSU%=&l^J>aMh&lh<9Js{@CAxD0AerG>prvChR9tONx{TFK2cT7L4 z#09LdCsp%PMJhPFY*X@4J;&-5l% zB+BzC!#y5*UY|0RSdpmL{$9Y}gFOVdpVzTWxqQBx~W99_Ph^cT8qJjgl)tu z+w*=X0~j`$?Rj0y^aYSP6S=dYFF_9XNNmsRXQtPZCfA?!m_7k=+;cI{>ujb`viH`X zU@-w1j49jmdYtJLDRTMV_J51)J4lcBl}tw+_82p-{WE}JOxQnsIa-ORcO~lW|05oI ziR_r}C3j3b?#1^!_T!|$l=T;~KjE?GeFf89Y)F*-G5x8>ewqYKRqhy%J-dD0W6%2( zru=&b>wDw(OR~3%kw}y1F=Cl;|1tj?$YB4m{V~asFzvEf`@gsR*FfU5=lu~=e*V~j zxBNFjfO`#^cI-OpITG75T@1!fdl4n&CW~@8?1Jr>$Mrg5Tt2TS>&f1$ zk7YU23M!w}Z4ukwVk1_D?VXgzj#D*C4o7KXxE_RXXy1+>&%a9nsPm5({5?3^%!_q@o!6kRkHv9 literal 0 HcmV?d00001 diff --git a/rev/reverse/solve.sh b/rev/reverse/solve.sh new file mode 100755 index 0000000..3b64b6b --- /dev/null +++ b/rev/reverse/solve.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p bash binutils + +strings ./ret | grep -o "picoCTF{.*}" diff --git a/rev/safe_opener/SafeOpener.java b/rev/safe_opener/SafeOpener.java new file mode 100644 index 0000000..fb96d16 --- /dev/null +++ b/rev/safe_opener/SafeOpener.java @@ -0,0 +1,42 @@ +import java.io.*; +import java.util.*; +public class SafeOpener { + public static void main(String args[]) throws IOException { + BufferedReader keyboard = new BufferedReader(new InputStreamReader(System.in)); + Base64.Encoder encoder = Base64.getEncoder(); + String encodedkey = ""; + String key = ""; + int i = 0; + boolean isOpen; + + + while (i < 3) { + System.out.print("Enter password for the safe: "); + key = keyboard.readLine(); + + encodedkey = encoder.encodeToString(key.getBytes()); + System.out.println(encodedkey); + + isOpen = openSafe(encodedkey); + if (!isOpen) { + System.out.println("You have " + (2 - i) + " attempt(s) left"); + i++; + continue; + } + break; + } + } + + public static boolean openSafe(String password) { + String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz"; + + if (password.equals(encodedkey)) { + System.out.println("Sesame open"); + return true; + } + else { + System.out.println("Password is incorrect\n"); + return false; + } + } +} \ No newline at end of file diff --git a/rev/safe_opener/a.out b/rev/safe_opener/a.out new file mode 100644 index 0000000..e69de29 diff --git a/rev/safe_opener/flag.txt b/rev/safe_opener/flag.txt new file mode 100644 index 0000000..20c9758 --- /dev/null +++ b/rev/safe_opener/flag.txt @@ -0,0 +1,3 @@ +# NOTE: password in source code is base64 encoded + +picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3} \ No newline at end of file diff --git a/rev/safe_opener_2/SafeOpener.class b/rev/safe_opener_2/SafeOpener.class new file mode 100644 index 0000000000000000000000000000000000000000..54025cdf3e8e3683ae2ea69b3db99840d52fcb55 GIT binary patch literal 2036 zcmaJ?U3U{z6x}ypGaaTBQc_xMWmMFpP>KdCwuq8iq!QXnYNb?-)8wWdNN2*#q)-v@ z!9SsozWBn6JftjH%OBuh(k1RYNz>M%Yt6bJ=bn4+-us?&=a0XC`yIe}d~aX`(;7a~ zFw=u8_}D-kR}I84Yv2=H(@|9B>pJEP%ws{Vd}`nZN(RniQQ1B-FpMP)pBp%eX&pCJ zzpR>DI#yKwg^n-Pp09M2b$qSC*03s&y6Cu0cu63h%`FKeroE~Z=qoy|oNI2ZN`KK_ zt<#b&dKJ6AWc!YqcZ`W}-3bKDV#%(_`G$0*KgAduw&My6WLJu}?M-{UZo6yarOJ4dEqw_TBR*2fy zP!Z5(+7qIhb%|%XZU=$n2`AbCnxRu4FW7;cIDe|+O2|e#M3v_$ss~_Go@hxpL_I6e zTMF&Uo$GcZ5<NE2NTMd1*fenu_f2dm^Cf&BaQxrW z6`D?+cSB;!Uej8)H>G8n_y!MD^R2)U%ML@i(Fn6a&Z^5=XyPG4fin%K;!Q7Jc~H7s z%a_kJ@^0Su%UkD~<-n_N=Bs5VEa$7Xyl{RZ|IoyDcqDMBBm;XxT1s%Lw9paNasta? zR`|ZGgocv1o2@*57x4V*Z8|X3BGU^JWuJFDp_#c|&F8xpzu$2yAVGncDvC@ujrUv; z6L7GT8NAfJ3#wfDcb7UTudHp{dq9%cnhd+yKb+0|U&6<|CYkP{SzvW`5{78Hoc5Rn zk`3kbA6ZODI@7JH9u9$HJE!lheR>dKVJlSSn8@Z<3Id1Qg}3PK$jMiu&_TX`uNIwN zr-muJ!3$=sjJ>Fw4pdkt14(N*J9{wn?y??sQKaPErd=n@eHGhIkg41)yu#OZgl{+a zPzzO*Y%R{l*|VUK9NmWam4g^vfmCFS<5iB$wgXq!JEi35}6@~ zQTA!naGG`&DONFtx2V7n%6J=jA{fC6qvw&}c{lM6CWz!+?ixnyIZY`I7c{)5VN$~s zKLPxSC0wLOf)U>*PCi8(S+q16ImZ5EdayW3rG|b)uM+MAStlN=(Mue~AJe5x{X_)x zWHdWO68*fW3`viWgu1?gb~t=UfNIZh1X@G@b%?)^Atd@-=4uQDoMUeg%vt`($I