rev: add a few more challenges

2024-09-02 20:19:47 +02:00 · 2024-09-02 20:19:47 +02:00 · dc6284f487
parent 1ca81359ba
commit dc6284f487
25 changed files with 1474 additions and 0 deletions
--- a/rev/bloat_py/bloat.flag.py
+++ b/rev/bloat_py/bloat.flag.py
@ -0,0 +1,41 @@
 import sys
 a = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ"+ \
            "[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ "
 def arg133(arg432):
  if arg432 == a[71]+a[64]+a[79]+a[79]+a[88]+a[66]+a[71]+a[64]+a[77]+a[66]+a[68]:
    return True
  else:
    print(a[51]+a[71]+a[64]+a[83]+a[94]+a[79]+a[64]+a[82]+a[82]+a[86]+a[78]+\
 a[81]+a[67]+a[94]+a[72]+a[82]+a[94]+a[72]+a[77]+a[66]+a[78]+a[81]+\
 a[81]+a[68]+a[66]+a[83])
    sys.exit(0)
    return False
 def arg111(arg444):
  return arg122(arg444.decode(), a[81]+a[64]+a[79]+a[82]+a[66]+a[64]+a[75]+\
 a[75]+a[72]+a[78]+a[77])
 def arg232():
  return input(a[47]+a[75]+a[68]+a[64]+a[82]+a[68]+a[94]+a[68]+a[77]+a[83]+\
 a[68]+a[81]+a[94]+a[66]+a[78]+a[81]+a[81]+a[68]+a[66]+a[83]+\
 a[94]+a[79]+a[64]+a[82]+a[82]+a[86]+a[78]+a[81]+a[67]+a[94]+\
 a[69]+a[78]+a[81]+a[94]+a[69]+a[75]+a[64]+a[70]+a[25]+a[94])
 def arg132():
  return open('flag.txt.enc', 'rb').read()
 def arg112():
  print(a[54]+a[68]+a[75]+a[66]+a[78]+a[76]+a[68]+a[94]+a[65]+a[64]+a[66]+\
 a[74]+a[13]+a[13]+a[13]+a[94]+a[88]+a[78]+a[84]+a[81]+a[94]+a[69]+\
 a[75]+a[64]+a[70]+a[11]+a[94]+a[84]+a[82]+a[68]+a[81]+a[25])
 def arg122(arg432, arg423):
    arg433 = arg423
    i = 0
    while len(arg433) < len(arg432):
        arg433 = arg433 + arg423[i]
        i = (i + 1) % len(arg423)        
    return "".join([chr(ord(arg422) ^ ord(arg442)) for (arg422,arg442) in zip(arg432,arg433)])
 arg444 = arg132()
 arg432 = arg232()
 arg133(arg432)
 arg112()
 arg423 = arg111(arg444)
 print(arg423)
 sys.exit(0)
--- a/rev/bloat_py/clean-bloat.flag.py
+++ b/rev/bloat_py/clean-bloat.flag.py
@ -0,0 +1,39 @@
 #!/usr/bin/env python3
 import sys
 def arg133(arg432):
  if arg432 == "happychance":
    return True
  else:
    print("That password is incorrect")
    sys.exit(0)
    return False
 def arg111(arg444):
  return arg122(arg444.decode(), "rapscallion")
 def arg232():
  return input("Please enter correct password for flag:")
 def arg132():
  return open('flag.txt.enc', 'rb').read()
 def arg112():
  print("Welcome back... your flag, user:")
 def arg122(arg432, arg423):
    arg433 = arg423
    i = 0
    while len(arg433) < len(arg432):
        arg433 = arg433 + arg423[i]
        i = (i + 1) % len(arg423)
    return "".join([chr(ord(arg422) ^ ord(arg442)) for (arg422,arg442) in zip(arg432,arg433)])
 arg444 = arg132()
 arg432 = arg232()
 arg133(arg432)
 arg112()
 arg423 = arg111(arg444)
 print(arg423)
 sys.exit(0)
--- a/rev/bloat_py/flag.txt.enc
+++ b/rev/bloat_py/flag.txt.enc
--- a/rev/bloat_py/output.txt
+++ b/rev/bloat_py/output.txt
@ -0,0 +1,4 @@
 $ ./clean-bloat.flag.py
 Please enter correct password for flag:happychance
 Welcome back... your flag, user:
 picoCTF{d30bfu5c4710n_f7w_5e14b257}
--- a/rev/file_run1/run
+++ b/rev/file_run1/run
--- a/rev/file_run2/output.txt
+++ b/rev/file_run2/output.txt
@ -0,0 +1,2 @@
 $ ./run 'Hello!'
 The flag is: picoCTF{F1r57_4rgum3n7_f65ed63e}%
--- a/rev/file_run2/run
+++ b/rev/file_run2/run
--- a/rev/fresh_java/KeygenMe.class
+++ b/rev/fresh_java/KeygenMe.class
--- a/rev/fresh_java/decompiled.java
+++ b/rev/fresh_java/decompiled.java
@ -0,0 +1,152 @@
 // NOTE: Decompiled with JD-GUI
 import java.util.Scanner;
 public class KeygenMe {
  public static void main(String[] paramArrayOfString) {
    Scanner scanner = new Scanner(System.in);
    System.out.println("Enter key:");
    String str = scanner.nextLine();
    if (str.length() != 34) {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(33) != '}') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(32) != '9') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(31) != '8') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(30) != 'c') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(29) != 'a') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(28) != 'c') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(27) != '8') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(26) != '3') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(25) != '7') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(24) != '_') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(23) != 'd') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(22) != '3') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(21) != 'r') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(20) != '1') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(19) != 'u') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(18) != 'q') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(17) != '3') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(16) != 'r') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(15) != '_') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(14) != 'g') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(13) != 'n') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(12) != '1') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(11) != 'l') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(10) != '0') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(9) != '0') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(8) != '7') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(7) != '{') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(6) != 'F') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(5) != 'T') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(4) != 'C') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(3) != 'o') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(2) != 'c') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(1) != 'i') {
      System.out.println("Invalid key");
      return;
    }
    if (str.charAt(0) != 'p') {
      System.out.println("Invalid key");
      return;
    }
    System.out.println("Valid key");
  }
 }
--- a/rev/fresh_java/flag.txt
+++ b/rev/fresh_java/flag.txt
@ -0,0 +1 @@
 picoCTF{700l1ng_r3qu1r3d_738cac89}
--- a/rev/patchme_py/flag.txt.enc
+++ b/rev/patchme_py/flag.txt.enc
@ -0,0 +1,3 @@
 * '	UYX+
CR1@
 6U]WVM
--- a/rev/patchme_py/output.txt
+++ b/rev/patchme_py/output.txt
@ -0,0 +1,4 @@
 $ python patchme.flag.py
 Please enter correct password for flag: ak98-=90adfjhgj321sleuth9000
 Welcome back... your flag, user:
 picoCTF{p47ch1ng_l1f3_h4ck_c4a4688b}
--- a/rev/patchme_py/patchme.flag.py
+++ b/rev/patchme_py/patchme.flag.py
@ -0,0 +1,31 @@
 ### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ########################
 def str_xor(secret, key):
    #extend key to secret length
    new_key = key
    i = 0
    while len(new_key) < len(secret):
        new_key = new_key + key[i]
        i = (i + 1) % len(key)        
    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
 ###############################################################################
 flag_enc = open('flag.txt.enc', 'rb').read()
 def level_1_pw_check():
    user_pw = input("Please enter correct password for flag: ")
    if( user_pw == "ak98" + \
                   "-=90" + \
                   "adfjhgj321" + \
                   "sleuth9000"):
        print("Welcome back... your flag, user:")
        decryption = str_xor(flag_enc.decode(), "utilitarian")
        print(decryption)
        return
    print("That password is incorrect")
 level_1_pw_check()
--- a/rev/reverse/ret
+++ b/rev/reverse/ret
--- a/rev/reverse/solve.sh
+++ b/rev/reverse/solve.sh
@ -0,0 +1,4 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash -p bash binutils
 strings ./ret | grep -o "picoCTF{.*}"
--- a/rev/safe_opener/SafeOpener.java
+++ b/rev/safe_opener/SafeOpener.java
@ -0,0 +1,42 @@
 import java.io.*;
 import java.util.*;
 public class SafeOpener {
    public static void main(String args[]) throws IOException {
        BufferedReader keyboard = new BufferedReader(new InputStreamReader(System.in));
        Base64.Encoder encoder = Base64.getEncoder();
        String encodedkey = "";
        String key = "";
        int i = 0;
        boolean isOpen;
        while (i < 3) {
            System.out.print("Enter password for the safe: ");
            key = keyboard.readLine();
            encodedkey = encoder.encodeToString(key.getBytes());
            System.out.println(encodedkey);
            isOpen = openSafe(encodedkey);
            if (!isOpen) {
                System.out.println("You have  " + (2 - i) + " attempt(s) left");
                i++;
                continue;
            }
            break;
        }
    }
    public static boolean openSafe(String password) {
        String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";
        if (password.equals(encodedkey)) {
            System.out.println("Sesame open");
            return true;
        }
        else {
            System.out.println("Password is incorrect\n");
            return false;
        }
    }
 }
--- a/rev/safe_opener/a.out
+++ b/rev/safe_opener/a.out
--- a/rev/safe_opener/flag.txt
+++ b/rev/safe_opener/flag.txt
@ -0,0 +1,3 @@
 # NOTE: password in source code is base64 encoded
 picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3}
--- a/rev/safe_opener_2/SafeOpener.class
+++ b/rev/safe_opener_2/SafeOpener.class
--- a/rev/safe_opener_2/solve.sh
+++ b/rev/safe_opener_2/solve.sh
@ -0,0 +1,4 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i bash -p bash binutils
 strings ./SafeOpener.class | grep -o "picoCTF{.*}"
--- a/rev/speeds_and_feeds/flag.txt
+++ b/rev/speeds_and_feeds/flag.txt
@ -0,0 +1,3 @@
 # NOTE: open the file in FreeCAD
 picoCTF{num3r1cal_c0ntr0l_84d2d117}
--- a/rev/speeds_and_feeds/output.nc
+++ b/rev/speeds_and_feeds/output.nc
--- a/rev/unpackme_py/unpackme.flag.py
+++ b/rev/unpackme_py/unpackme.flag.py
@ -0,0 +1,15 @@
 #!/usr/bin/env nix-shell
 #!nix-shell -i python3 -p python3 python3Packages.cryptography
 import base64
 from cryptography.fernet import Fernet
 payload = b'gAAAAABkzWGWvEp8gLI9AcIn5o-ahDUwkTvM6EwF7YYMZlE-_Gf9rcNYjxIgX4b0ltY6bcxKarib2ds6POclRwCwhsRb1LOXVt4Q3ePtMY4BmHFFZlIHLk05CjwigT7hiI9p3sH9e7Cpk1uO90xbHbuy-mfi3nkmn411aBgwxyWpJvykpkuBIG_nty6zbox3UhbB85TOis0TgM0zG4ht0-GUW4wTq2_5-wkw3kV1ZAisLJHzF-Z9oLMmwFZU0UCAcHaBTGDF5BnVLmUeCGTgzVLSNn6BmB61Yg=='
 key_str = 'correctstaplecorrectstaplecorrec'
 key_base64 = base64.b64encode(key_str.encode())
 f = Fernet(key_base64)
 plain = f.decrypt(payload)
 print(plain.decode())
 # exec(plain.decode())
--- a/rev/vault_door_training/VaultDoorTraining.java
+++ b/rev/vault_door_training/VaultDoorTraining.java
@ -0,0 +1,26 @@
 import java.util.*;
 class VaultDoorTraining {
    public static void main(String args[]) {
        VaultDoorTraining vaultDoor = new VaultDoorTraining();
        Scanner scanner = new Scanner(System.in); 
        System.out.print("Enter vault password: ");
        String userInput = scanner.next();
 	String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
 	if (vaultDoor.checkPassword(input)) {
 	    System.out.println("Access granted.");
 	} else {
 	    System.out.println("Access denied!");
 	}
   }
    // The password is below. Is it safe to put the password in the source code?
    // What if somebody stole our source code? Then they would know what our
    // password is. Hmm... I will think of some ways to improve the security
    // on the other doors.
    //
    // -Minion #9567
    public boolean checkPassword(String password) {
        return password.equals("w4rm1ng_Up_w1tH_jAv4_eec0716b713");
    }
 }
--- a/rev/vault_door_training/flag.txt
+++ b/rev/vault_door_training/flag.txt
@ -0,0 +1 @@
 picoCTF{w4rm1ng_Up_w1tH_jAv4_eec0716b713}
		`@ -0,0 +1,2 @@`
							`$ ./run 'Hello!'`
							`The flag is: picoCTF{F1r57_4rgum3n7_f65ed63e}%`
		`@ -0,0 +1,3 @@`
							`# NOTE: password in source code is base64 encoded`

							`picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3}`
		`@ -0,0 +1,3 @@`
							`# NOTE: open the file in FreeCAD`

							`picoCTF{num3r1cal_c0ntr0l_84d2d117}`