CTF
Search…
Matesctf - 2019 - Round 3
Wait for others write up...soon

Forensic 01

By looking at pattern of numbers in log file, we found the function :
1
a = [16 ,4 ,23 ,8 ,22 ,6 ,23 ,9 ,225 ,47 ,14 ,8 ,28 ,15 ,18 ,10 ,225 ,45 ,23 ,11 ,30 ,22 ,225 ,45 ,14 ,32 ,28 ,15 ,18 ,10 ,225 ,45 ,23 ,11 ,33 ,23 ,225 ,48]
2
b = [(e+ord('a')-4) % 256 for e in a]
3
print ''.join(map(chr,b))
Copied!
Output :
1
matesctf>�keylog>�th{s>�k}ylog>�th~t>�
Copied!
With a little bit guessing :
flag
1
matesctf{keylog_th1s_k3ylog_th4t}
Copied!

Forensic 02

1
[email protected]_THE_PLANET:/home/tuanlinh/Desktop/all_stuff# minimodem -r -f d0bstep.wav 300 > out.gif
2
### CARRIER 300 @ 1250.0 Hz ###
3
4
### NOCARRIER ndata=2233 confidence=2.333 ampl=0.992 bps=300.00 (rate perfect) ###
Copied!
Flag :
out.gif
flag
1
matesctf{0ld_sch00l_w1r3t4pp1n9}
Copied!

Pwn 03

You just need to choose first 4 numbers, and spam with 3-4 tabs
The generated numbers array will be the same
And you will get flag with a little bit luck
Double confirmed
solver.py
1
from pwn import *
2
3
while True:
4
r = remote('125.235.240.168', 20191)
5
r.recvuntil('Your choice: ')
6
r.send("2\n")
7
if "WIN" in r.recvuntil('Your choice: '):
8
r.send("2\n")
9
if "WIN" in r.recvuntil('Your choice: '):
10
r.send("3\n")
11
if "WIN" in r.recvuntil('Your choice: '):
12
r.send("1\n")
13
if "WIN" in r.recvuntil('Your choice:'):
14
r.interactive()
Copied!
flag
1
MatesCTF{YE5_Y0U_34RN3D_TRU3_FLAG}
Copied!

Crypto 01

Lazy ass write up
1
err=40
2
p2p3=25718339416197155016347059200722990565554067870853545610226371966653516052382546957914320289812433453859436193345068829987610976923180252683267226804850952829
3
p1p4=25718339416197155016347059200722990565554067870853545610226371966653516052380672185338246396962573998431009659213305660299083786739031942533878562393814187971
4
p1_approx=isqrt(p1p4/1000000)
5
p4_approx=1000000*p1_approx+2**err
6
F.<x>=PolynomialRing(Zmod(p1p4),implementation='NTL')
7
f=x-p4_approx
8
d=f.small_roots(X=2**err,beta=0.5)
9
d=d[0]
10
p4=p4_approx-d
11
p1=int(p1p4)/int(p4)
12
p2_approx=isqrt(p2p3/100)
13
p3_approx=100*p2_approx+2**err
14
F.<x>=PolynomialRing(Zmod(p2p3),implementation='NTL')
15
f=x-p3_approx
16
d=f.small_roots(X=2**err,beta=0.5)
17
d=d[0]
18
p3=p3_approx-d
19
p2=int(p2p3)/int(p3)
20
print('p1',p1)
21
print('p2',p2)
22
print('p3',p3)
23
print('p4',p4)
Copied!
1
from sympy import integer_nthroot
2
3
4
def execute(key):
5
a, exact = integer_nthroot(key, 2)
6
while 1:
7
b2 = a*a - key
8
if b2 >= 0:
9
b, exact = integer_nthroot(b2,2)
10
if b*b == b2:
11
break
12
a += 1
13
p = a+b
14
q = a-b
15
return True, p, q
16
print execute(661432982326720220312000264055749897099634058126069682916663983164095399891922239185277584515989571021804685855667350963576552884237075033389449261228025690631313796676189863627781905258968287175185368245091537181600636083142076805504788733126704459028930388517968658736636444935785049391422022025814770038260219959)
17
Copied!
1
import gmpy2
2
p1=5071325213018502032453535422233044521528479117204265797128632927817941444209
3
p2=507132521301850203245353542223304452152847911720426579712863292781794144420937
4
p3=50713252130185020324535354222330445215284791172042657971286329278179414442093717
5
p4=5071325213018502032453535422233044521528479117204265797128632927817941444209372019
6
7
c=65730544585056113196855222491649915283458030302678764492256366948316495562844164405260875181381605385931592293174537287502809335112362051614031281550069787125630668940406746065617547709904187617743835592204030473969255847562554773875593313128402311178757607880009338508747805647372484237195480768305231875020498766
8
e=65730544585056113196855222491649915283458030302678764492256366948316495562844164405260875181381605385931592293174537287502809335112362051614031281550069787125630668940406746065617547709904187617743835592204030473969255847562554773875593313128402311178757607880009338508747805647372484237195480768305231875020498766
9
phip=(p1-1)*(p2-1)*(p3-1)*(p4-1)
10
p=p1*p2*p3*p4
11
e=65537
12
d=gmpy2.invert(e,phip)
13
print hex(pow(c,d,p))[2:].decode('hex')
14
15
Copied!
flag
1
matesctf{rsa_is_fun_cryptography}
Copied!

Web 01 + 02 + 03

God (ノ ゜Д゜)ノ ︵ ┻━┻
1
https://movrment.blogspot.com/2019/02/matesctf-s3r3-web-123.html?fbclid=IwAR1TjOTcacohYjhT3iHC-OTcV28dAFwRvrHqHmJV-W4y1v-tpSmRqullCrk
Copied!
Last modified 2yr ago