Learn _ Play _

1. First Challenge was given python compiled File Used Python decompiler to get the original code. root@Vijay:~/Desktop/inctf 14/reverse# file one one: python 2.7 byte-compiled I got the printable sequence array values. eflag = [131, ... 138, ... 219, ... 198, ... 201, ... 158, ... 151, ... 154, ... 134, ... 129, ... 128, ... 177, ... 135, ... 157, ... 177, ... 157, ... 154, ... 135, ... 130, ... 130, ... 177, ... 141, ... 129, ... 129, ... 130, ... 201, ... 199] >>> eflag [131, 138, 219, 198, 201, 158, 151, 154, 134, 129, 128, 177, 135, 157, 177, 157, 154, 135, 130, 130, 177, 141, 129, 129, 130, 201, 199] >>> >>> flag = ''.join(map(chr, map(lambda x: x ^ 238, eflag))) >>> >>> print flag md5('python_is_still_cool') Next is the compiled java class file, I used jad decompiler to get the original class file root@Vijay:~/Desktop/inctf 14/reverse# file two.class two.class: compiled Java

Hi this is my first reverse engineering with GDB. Challenge was to get the flag from the display_function. First we should disassemble the executable file with objdump to see how the program control works. root@Vijay:~/Desktop/inctf 14/reverse# objdump -d four four: file format elf32-i386 Disassembly of section .init: 080482f4 <_init>: 80482f4: 53 push %ebx 80482f5: 83 ec 08 sub $0x8,%esp 80482f8: e8 b3 00 00 00 call 80483b0 <__x86.get_pc_thunk.bx> 80482fd: 81 c3 03 1d 00 00 add $0x1d03,%ebx 8048303: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax 8048309: 85 c0 test %eax,%eax 804830b: 74 05 je 8048312 <_init+0x1e> 804830d: e8 3e 00 00 00 call 8048350 <__gmon_start__@plt> 8048312: 83 c4 08 add $0x8,%esp 8048315: 5b pop %ebx 8048316: c3 ret Disassembly of section .plt: 08048320 : 8

Give an image, the flag is hidden in the Blue plane. import os,sys import Image modi_bin = Image.open("modi.png").convert('RGB') bin = '' R = open('r.txt','w') G = open('g.txt','w') B = open('b.txt','w') # By Analysing the text docs I found blue Plane First column is embedded with data flag = '' flag1 = '' for h in range(modi_bin.size[1]): # Fetches Height count = 0 binR = '' binG = '' binB = '' for w in range(modi_bin.size[0]): # Fetches Width count += 1 binR += str(modi_bin.getpixel((w,h))[0] & 1) binG += str(modi_bin.getpixel((w,h))[1] & 1) binB += str(modi_bin.getpixel((w,h))[2] & 1) if w == 0: # blue plane first bit flag += str(modi_bin.getpixel((w,h))[2] & 1) if count == 8: R.write(binR) G.write(binG) B.write(binB) binR=' ';binG=' ';binB=' ' count = 0 R.write(binR+'\n') G.

This is also a RSA challenge which is more interesting, given a RSA-704 bit. Factors are found in the wiki. I used openssl to finish, this challenge. root@Vijay:# openssl rsa -inform PEM -text -pubin -in publickey.pem -modulus Public-Key: (704 bit) Modulus: 00:e1:34:18:93:fe:6e:68:16:ce:c8:a9:70:a3:9c: 00:fa:54:7c:7d:a2:cd:ed:ab:0a:62:b9:1c:46:51: a8:3f:96:38:0b:cf:ae:e2:6f:7e:86:61:07:90:63: 89:42:1b:1e:68:d0:a1:7a:ad:c9:87:0b:98:58:e9: 56:28:6e:39:99:e9:8c:ec:98:81:53:4a:c7:72:ae: 78:f5:e8:ab:a1:e2:f8:d3:03:95:77:02:9d:87 Exponent: 65537 (0x10001) Modulus=E1341893FE6E6816CEC8A970A39C00FA547C7DA2CDEDAB0A62B91C4651A83F96380BCFAEE26F7E866107906389421B1E68D0A17AADC9870B9858E956286E3999E98CEC9881534AC772AE78F5E8ABA1E2F8D3039577029D87 writing RSA key -----BEGIN PUBLIC KEY----- MHQwDQYJKoZIhvcNAQEBBQADYwAwYAJZAOE0GJP+bmgWzsipcKOcAPpUfH2ize2r CmK5HEZRqD+WOAvPruJvfoZhB5BjiUIbHmjQoXqtyYcLmFjpVihuOZnpjOyYgVNK x3KuePXoq6Hi+NMDlXcCnYcCAwEAAQ== -----END PUBLIC KEY-

This challenge had made me mad, Some how I finally I managed to solve the challenge. This is a RSA Crypto, given a cipher and public key. This is RSA low public exponent attack, e=3. root@Vijay:# openssl rsa -pubin -in pub.pem -text -noout -modulus Public-Key: (4096 bit) Modulus: 00:d1:0b:a0:e9:cd:6d:d6:c3:89:5f:cd:f4:17:db: 21:e5:81:22:60:89:c6:c7:58:7f:c4:1b:3d:78:df: f5:2c:0f:8c:29:dc:6b:e9:fc:cf:31:68:32:e6:ff: 6f:f0:49:6e:9e:56:6e:cb:c1:31:06:4e:b8:47:5d: 6c:1b:c8:28:be:4a:f4:54:ad:62:cb:f0:d1:d2:cd: 5a:59:8a:24:1c:52:b1:6d:8e:e1:da:0c:a9:cc:56: 30:3c:d0:70:71:0e:6c:18:1f:2a:31:c6:88:7e:52: cf:14:bd:76:f6:25:80:a8:46:92:f8:81:98:a9:38: 49:0f:b2:de:19:41:b1:10:85:83:3d:ed:ca:16:67: 3f:4a:e5:4b:e6:0f:e0:da:66:24:a5:3d:b2:32:dc: a6:c5:88:7d:72:3c:77:39:c4:76:ef:30:60:19:a0: 57:f1:c6:be:37:a5:b8:20:d0:91:9a:cf:fd:18:63: d2:2c:6f:a7:30:fe:12:e8:15:35:9d:68:a4:ec:e1: c0:1e:f7:b0:ec:d9:59:91:b3:d9:71:d0:09:27:99: 5e:d6:6e:d

There are three files, one.txt, one.txt.enc and second.txt.enc. Challenge is to decrypt the second.txt.enc using the key. So we got a message + cipher, so we got a hint that operation done using XOR. So XORing (Message ^ Cipher) = Key. #!/usr/bin/env python import hashlib """ one.txt This sentence is encrypted using XOR cipher. """ plain_text = open('one.txt','r').read().strip() """ one.txt.enc LAcbGEUKHQEGDgsaHU8bGEUcFgwAEhUNHQtSHhYQFghSMyorWAwbGw0cCkE= """ cipher_text = open('one.txt.enc','r').read().decode("base64") print plain_text print '---------------------------------------------------------------------' print cipher_text print '---------------------------------------------------------------------' plain_text = [ord(i) for i in plain_text] cipher_text = [ord(i) for i in cipher_text] key = '' for i in range(len(plain_text)): c = ((plain

Question: Zgyzhsxrksvi dzh lirtrmzoob wvevolkvw uli gsv Svyivd ozmtfztv. Gsv pvb uli gsrh ovevo rh svyivd. Given Hint: The Atbash cipher is a very common, simple cipher. It was for the Hebrew alphabet, but modified here to work with the English alphabet. Basically, when encoded, an "A" becomes a "Z", "B" turns into "Y", etc. The Atbash cipher can be implemented as an Affine cipher by setting both "a" and "b" to 25. We used online  tool http://rumkin.com/tools/cipher/atbash.php  to decrypt the encoded message. This is your encoded/decoded text: Atbash   cipher was originally developed for the Hebrew language. The key for this level is hebrew.

''' Well I am a beginner. netcat 23.23.190.204 2002 Welcome Enter 20 spam words to authenticate yourself. 01/20: spam 02/20: maps 03/20: hot Authenticate failed. hot(125) is not a palprime. (Hint) Tried with different test cases and found the value for each alphabet. Since in the challenge only lower-case should be used (condition). so I written a big program ( Once again I am a beginner, to find the palprime words available in dictionary. For the words list I downloaded the dataset from infochimps.com Thank you !!! ''' #!/usr/bin/python import string import sys,math import random my_dict ={} a =1 s = 361 t = 762 - s - a n = 196 b = 405 - a -t c = 410 - a - t d =213 - a - n e = 426 - a -t f = 437 -a -t g = 306 - 1 -256 i = 442 - s h = 506 - i - s j = 525 - e -t k = 627 -i -t -e l = 738 -i -g -h -t p = 256 m = 169 o = 274 - g u = 833 - 2*n q = 1211 - u -i -t r = 918 -i -g -h -t v = 885 -a -t w = 651 -i -d -e x = 962 -e -s y = 1587 -e -s -x z = 103

The Berlekamp–Massey algorithm is an algorithm that will find the shortest linear feedback shift register for a given binary output sequence. The algorithm will also find the minimal polynomial of a linearly recurrent sequence in an arbitrary field. I have used sage for computing this program. # Berlekamp-Massey Algorithm #from __future__ import print_function s = [GF(2)(0), 0, 1, 0, 0, 0, 0, 0, 1, 1, 0] #input sequence n = len(s) C = [GF(2)(1)] B = [GF(2)(1)] temp = [] T = [] L = 0 N = 0 m = -1 print '----- n',n print '-----------------------------------------------------------------------' while N < n: temp = B d = s[N] for i in range(1,L+1): d = d + C[i]*s[N-i] print '----- d ',d if d == 1: T = C temp = [ 0 for i in range(int(N-m))] + temp if len(C) < len(temp): C = C + [0 for i in range(len(temp)-len(C))] else: temp = temp +

""" TRAIL and DIVISION METHOD with PRIME_SIEVE """ def primes_sieve(limit): a = [True] * limit # Initialize the primality list a[0] = a[1] = False for (i, isprime) in enumerate(a): if isprime: yield i for n in xrange(i*i, limit, i): # Mark factors non-prime a[n] = False def trial_division(n): """Return a list of the prime factors for a natural number.""" if n == 1: return [1] primes = primes_sieve(int(pow(n,0.5)) + 1) # Prime factor is always less than SQRT(n)+1 prime_factors = [] for p in primes: if p*p > n: break while n % p == 0: prime_factors.append(p) n //= p if n > 1: prime_factors.append(n) return prime_factors t = trial_division(600851475143) print t Fermat Theorem import math def gcd(a, b): while a != b: if a > b:

#Baby Step Giant Step DLP problem y = a**x mod n #Example 70 = 2**x mod 131 y = 70 a = 2 n = 131 s = floor(sqrt(n)) A = [] B = [] for r in range(0,s): value = y*(a^r) % n A.append(value) for t in range(1,s+1): value = a^(t*s) % n B.append(value) print A print B x1,x2 =0,0 for r in A: for t in B: if r == t: x1 = A.index(r) x2 = B.index(t) print x1,x2 break print 'the value of x is ', ((x2+1)*s - x1) % n # Answer