rev: add a few more challenges

This commit is contained in:
Oystein Kristoffer Tveit 2024-09-02 20:19:47 +02:00
parent 1ca81359ba
commit dc6284f487
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
25 changed files with 1474 additions and 0 deletions

41
rev/bloat_py/bloat.flag.py Executable file
View File

@ -0,0 +1,41 @@
import sys
a = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ"+ \
"[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~ "
def arg133(arg432):
if arg432 == a[71]+a[64]+a[79]+a[79]+a[88]+a[66]+a[71]+a[64]+a[77]+a[66]+a[68]:
return True
else:
print(a[51]+a[71]+a[64]+a[83]+a[94]+a[79]+a[64]+a[82]+a[82]+a[86]+a[78]+\
a[81]+a[67]+a[94]+a[72]+a[82]+a[94]+a[72]+a[77]+a[66]+a[78]+a[81]+\
a[81]+a[68]+a[66]+a[83])
sys.exit(0)
return False
def arg111(arg444):
return arg122(arg444.decode(), a[81]+a[64]+a[79]+a[82]+a[66]+a[64]+a[75]+\
a[75]+a[72]+a[78]+a[77])
def arg232():
return input(a[47]+a[75]+a[68]+a[64]+a[82]+a[68]+a[94]+a[68]+a[77]+a[83]+\
a[68]+a[81]+a[94]+a[66]+a[78]+a[81]+a[81]+a[68]+a[66]+a[83]+\
a[94]+a[79]+a[64]+a[82]+a[82]+a[86]+a[78]+a[81]+a[67]+a[94]+\
a[69]+a[78]+a[81]+a[94]+a[69]+a[75]+a[64]+a[70]+a[25]+a[94])
def arg132():
return open('flag.txt.enc', 'rb').read()
def arg112():
print(a[54]+a[68]+a[75]+a[66]+a[78]+a[76]+a[68]+a[94]+a[65]+a[64]+a[66]+\
a[74]+a[13]+a[13]+a[13]+a[94]+a[88]+a[78]+a[84]+a[81]+a[94]+a[69]+\
a[75]+a[64]+a[70]+a[11]+a[94]+a[84]+a[82]+a[68]+a[81]+a[25])
def arg122(arg432, arg423):
arg433 = arg423
i = 0
while len(arg433) < len(arg432):
arg433 = arg433 + arg423[i]
i = (i + 1) % len(arg423)
return "".join([chr(ord(arg422) ^ ord(arg442)) for (arg422,arg442) in zip(arg432,arg433)])
arg444 = arg132()
arg432 = arg232()
arg133(arg432)
arg112()
arg423 = arg111(arg444)
print(arg423)
sys.exit(0)

View File

@ -0,0 +1,39 @@
#!/usr/bin/env python3
import sys
def arg133(arg432):
if arg432 == "happychance":
return True
else:
print("That password is incorrect")
sys.exit(0)
return False
def arg111(arg444):
return arg122(arg444.decode(), "rapscallion")
def arg232():
return input("Please enter correct password for flag:")
def arg132():
return open('flag.txt.enc', 'rb').read()
def arg112():
print("Welcome back... your flag, user:")
def arg122(arg432, arg423):
arg433 = arg423
i = 0
while len(arg433) < len(arg432):
arg433 = arg433 + arg423[i]
i = (i + 1) % len(arg423)
return "".join([chr(ord(arg422) ^ ord(arg442)) for (arg422,arg442) in zip(arg432,arg433)])
arg444 = arg132()
arg432 = arg232()
arg133(arg432)
arg112()
arg423 = arg111(arg444)
print(arg423)
sys.exit(0)

BIN
rev/bloat_py/flag.txt.enc Normal file

Binary file not shown.

4
rev/bloat_py/output.txt Normal file
View File

@ -0,0 +1,4 @@
$ ./clean-bloat.flag.py
Please enter correct password for flag:happychance
Welcome back... your flag, user:
picoCTF{d30bfu5c4710n_f7w_5e14b257}

BIN
rev/file_run1/run Executable file

Binary file not shown.

2
rev/file_run2/output.txt Normal file
View File

@ -0,0 +1,2 @@
$ ./run 'Hello!'
The flag is: picoCTF{F1r57_4rgum3n7_f65ed63e}%

BIN
rev/file_run2/run Executable file

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,152 @@
// NOTE: Decompiled with JD-GUI
import java.util.Scanner;
public class KeygenMe {
public static void main(String[] paramArrayOfString) {
Scanner scanner = new Scanner(System.in);
System.out.println("Enter key:");
String str = scanner.nextLine();
if (str.length() != 34) {
System.out.println("Invalid key");
return;
}
if (str.charAt(33) != '}') {
System.out.println("Invalid key");
return;
}
if (str.charAt(32) != '9') {
System.out.println("Invalid key");
return;
}
if (str.charAt(31) != '8') {
System.out.println("Invalid key");
return;
}
if (str.charAt(30) != 'c') {
System.out.println("Invalid key");
return;
}
if (str.charAt(29) != 'a') {
System.out.println("Invalid key");
return;
}
if (str.charAt(28) != 'c') {
System.out.println("Invalid key");
return;
}
if (str.charAt(27) != '8') {
System.out.println("Invalid key");
return;
}
if (str.charAt(26) != '3') {
System.out.println("Invalid key");
return;
}
if (str.charAt(25) != '7') {
System.out.println("Invalid key");
return;
}
if (str.charAt(24) != '_') {
System.out.println("Invalid key");
return;
}
if (str.charAt(23) != 'd') {
System.out.println("Invalid key");
return;
}
if (str.charAt(22) != '3') {
System.out.println("Invalid key");
return;
}
if (str.charAt(21) != 'r') {
System.out.println("Invalid key");
return;
}
if (str.charAt(20) != '1') {
System.out.println("Invalid key");
return;
}
if (str.charAt(19) != 'u') {
System.out.println("Invalid key");
return;
}
if (str.charAt(18) != 'q') {
System.out.println("Invalid key");
return;
}
if (str.charAt(17) != '3') {
System.out.println("Invalid key");
return;
}
if (str.charAt(16) != 'r') {
System.out.println("Invalid key");
return;
}
if (str.charAt(15) != '_') {
System.out.println("Invalid key");
return;
}
if (str.charAt(14) != 'g') {
System.out.println("Invalid key");
return;
}
if (str.charAt(13) != 'n') {
System.out.println("Invalid key");
return;
}
if (str.charAt(12) != '1') {
System.out.println("Invalid key");
return;
}
if (str.charAt(11) != 'l') {
System.out.println("Invalid key");
return;
}
if (str.charAt(10) != '0') {
System.out.println("Invalid key");
return;
}
if (str.charAt(9) != '0') {
System.out.println("Invalid key");
return;
}
if (str.charAt(8) != '7') {
System.out.println("Invalid key");
return;
}
if (str.charAt(7) != '{') {
System.out.println("Invalid key");
return;
}
if (str.charAt(6) != 'F') {
System.out.println("Invalid key");
return;
}
if (str.charAt(5) != 'T') {
System.out.println("Invalid key");
return;
}
if (str.charAt(4) != 'C') {
System.out.println("Invalid key");
return;
}
if (str.charAt(3) != 'o') {
System.out.println("Invalid key");
return;
}
if (str.charAt(2) != 'c') {
System.out.println("Invalid key");
return;
}
if (str.charAt(1) != 'i') {
System.out.println("Invalid key");
return;
}
if (str.charAt(0) != 'p') {
System.out.println("Invalid key");
return;
}
System.out.println("Valid key");
}
}

1
rev/fresh_java/flag.txt Normal file
View File

@ -0,0 +1 @@
picoCTF{700l1ng_r3qu1r3d_738cac89}

View File

@ -0,0 +1,3 @@

* ' UYX+ CR1@
6U]WVM

View File

@ -0,0 +1,4 @@
$ python patchme.flag.py
Please enter correct password for flag: ak98-=90adfjhgj321sleuth9000
Welcome back... your flag, user:
picoCTF{p47ch1ng_l1f3_h4ck_c4a4688b}

View File

@ -0,0 +1,31 @@
### THIS FUNCTION WILL NOT HELP YOU FIND THE FLAG --LT ########################
def str_xor(secret, key):
#extend key to secret length
new_key = key
i = 0
while len(new_key) < len(secret):
new_key = new_key + key[i]
i = (i + 1) % len(key)
return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
###############################################################################
flag_enc = open('flag.txt.enc', 'rb').read()
def level_1_pw_check():
user_pw = input("Please enter correct password for flag: ")
if( user_pw == "ak98" + \
"-=90" + \
"adfjhgj321" + \
"sleuth9000"):
print("Welcome back... your flag, user:")
decryption = str_xor(flag_enc.decode(), "utilitarian")
print(decryption)
return
print("That password is incorrect")
level_1_pw_check()

BIN
rev/reverse/ret Executable file

Binary file not shown.

4
rev/reverse/solve.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash binutils
strings ./ret | grep -o "picoCTF{.*}"

View File

@ -0,0 +1,42 @@
import java.io.*;
import java.util.*;
public class SafeOpener {
public static void main(String args[]) throws IOException {
BufferedReader keyboard = new BufferedReader(new InputStreamReader(System.in));
Base64.Encoder encoder = Base64.getEncoder();
String encodedkey = "";
String key = "";
int i = 0;
boolean isOpen;
while (i < 3) {
System.out.print("Enter password for the safe: ");
key = keyboard.readLine();
encodedkey = encoder.encodeToString(key.getBytes());
System.out.println(encodedkey);
isOpen = openSafe(encodedkey);
if (!isOpen) {
System.out.println("You have " + (2 - i) + " attempt(s) left");
i++;
continue;
}
break;
}
}
public static boolean openSafe(String password) {
String encodedkey = "cGwzYXMzX2wzdF9tM18xbnQwX3RoM19zYWYz";
if (password.equals(encodedkey)) {
System.out.println("Sesame open");
return true;
}
else {
System.out.println("Password is incorrect\n");
return false;
}
}
}

0
rev/safe_opener/a.out Normal file
View File

3
rev/safe_opener/flag.txt Normal file
View File

@ -0,0 +1,3 @@
# NOTE: password in source code is base64 encoded
picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3}

Binary file not shown.

4
rev/safe_opener_2/solve.sh Executable file
View File

@ -0,0 +1,4 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash binutils
strings ./SafeOpener.class | grep -o "picoCTF{.*}"

View File

@ -0,0 +1,3 @@
# NOTE: open the file in FreeCAD
picoCTF{num3r1cal_c0ntr0l_84d2d117}

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,15 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3 python3Packages.cryptography
import base64
from cryptography.fernet import Fernet
payload = b'gAAAAABkzWGWvEp8gLI9AcIn5o-ahDUwkTvM6EwF7YYMZlE-_Gf9rcNYjxIgX4b0ltY6bcxKarib2ds6POclRwCwhsRb1LOXVt4Q3ePtMY4BmHFFZlIHLk05CjwigT7hiI9p3sH9e7Cpk1uO90xbHbuy-mfi3nkmn411aBgwxyWpJvykpkuBIG_nty6zbox3UhbB85TOis0TgM0zG4ht0-GUW4wTq2_5-wkw3kV1ZAisLJHzF-Z9oLMmwFZU0UCAcHaBTGDF5BnVLmUeCGTgzVLSNn6BmB61Yg=='
key_str = 'correctstaplecorrectstaplecorrec'
key_base64 = base64.b64encode(key_str.encode())
f = Fernet(key_base64)
plain = f.decrypt(payload)
print(plain.decode())
# exec(plain.decode())

View File

@ -0,0 +1,26 @@
import java.util.*;
class VaultDoorTraining {
public static void main(String args[]) {
VaultDoorTraining vaultDoor = new VaultDoorTraining();
Scanner scanner = new Scanner(System.in);
System.out.print("Enter vault password: ");
String userInput = scanner.next();
String input = userInput.substring("picoCTF{".length(),userInput.length()-1);
if (vaultDoor.checkPassword(input)) {
System.out.println("Access granted.");
} else {
System.out.println("Access denied!");
}
}
// The password is below. Is it safe to put the password in the source code?
// What if somebody stole our source code? Then they would know what our
// password is. Hmm... I will think of some ways to improve the security
// on the other doors.
//
// -Minion #9567
public boolean checkPassword(String password) {
return password.equals("w4rm1ng_Up_w1tH_jAv4_eec0716b713");
}
}

View File

@ -0,0 +1 @@
picoCTF{w4rm1ng_Up_w1tH_jAv4_eec0716b713}