parent
37b9445373
commit
64e346ac66
3 changed files with 808 additions and 0 deletions
@ -0,0 +1,808 @@ |
||||
+++ |
||||
author = "Maik de Kruif" |
||||
title = "Istanbul - Bazaar" |
||||
subtitle = "Beginners Quest 5 - Google CTF" |
||||
date = 2021-09-24T19:40:00+01:00 |
||||
description = "A writeup for challenge 5 of the beginners quests of the Google CTF." |
||||
cover = "img/writeups/google-ctf/2021/beginners-quest/5/cover.png" |
||||
tags = [ |
||||
"Google CTF", |
||||
"Beginners Quest", |
||||
"ctf", |
||||
"hacking", |
||||
"writeup", |
||||
] |
||||
categories = [ |
||||
"ctf", |
||||
"writeups", |
||||
"hacking", |
||||
] |
||||
+++ |
||||
|
||||
## Story line |
||||
|
||||
Gökhan is pointing at a parked vehicle. He tells you that you will have to try and reach it and that if you stay where you are, that you will get captured sooner or later. The guards know the neighborhood like their own backpocket. At first you doubt the plan, it seems like a very risky option. Gökhan then finally tells you he's not going to stay there, and his last offer is for you to go with him. |
||||
|
||||
### Stay |
||||
|
||||
Gökhan exits the crate, and makes a quick sprint for the car. The tough guys spot him, and they approach. As he enters the car he tries to start it, and the car makes an ominous sound, as the bad guys are closing in. He looks back through the rear window, and sees that the bad guys are about to jump on the back of the car, and they are pulling out guns. He tries to start the car furiously one more time and... IT WORKS! Gökhan disappears off in the distance. You overhear the tough guys when they are talking about a person, “Mesut”, that got classified information. You quickly send a message to the boss to look up the person. After a short wait you receive a response that he is currently on his private yacht in Croatia. Looks like it is time for some travel again. |
||||
|
||||
### Come with Gökhan |
||||
|
||||
As you and Gökhan are leaving the crates to enter a car, you spot the tough guys coming after you, and they are pulling out weapons. Gökhan starts the car and the two of you take off. After a decent distance outside of the city, he gives you an invitation to a private conference that will take place in Buenos Aires. |
||||
|
||||
### Attachment |
||||
|
||||
[attachment.zip](/files/writeups/google-ctf/2021/beginners-quest/5/attachment.zip) |
||||
|
||||
{{< code language="py" title="RoboCaller1337.py" isCollapsed="true" >}} |
||||
|
||||
```py |
||||
import random |
||||
|
||||
# Gots to get that formatting right when send it to our call center |
||||
def formatNumber(n): |
||||
n = str(n) |
||||
return f'{n[:3]}-{n[3:6]}-{n[6:]}' |
||||
|
||||
# This generates random phone numbers because it's easy to find a lot of people! |
||||
# Our number generator is not great so we had to hack it a bit to make sure we can |
||||
# reach folks in Philly (area code 215) |
||||
def generateRandomNumbers(): |
||||
arr = [] |
||||
for i in range(624): |
||||
arr.append(formatNumber(random.getrandbits(32) + (1<<31))) |
||||
return arr |
||||
|
||||
def encodeSecret(s): |
||||
key = [random.getrandbits(8) for i in range(len(s))] |
||||
return bytes([a^b for a,b in zip(key,list(s.encode()))]) |
||||
|
||||
|
||||
def menu(): |
||||
print("""\n\nWelcome to the RoboCaller!! What would you like to do? |
||||
1: generate a new list of numbers |
||||
2: encrypt a super secret (in beta) |
||||
3: decrypt a super secret (coming soon!!) |
||||
4: exit""") |
||||
choice = '' |
||||
while choice not in ['1','2','3']: |
||||
choice = input('>') |
||||
if choice == '1': |
||||
open('robo_numbers_list.txt','w').write('\n'.join(generateRandomNumbers())) |
||||
print("...done! list saved under 'robo_numbers_list.txt'") |
||||
elif choice == '2': |
||||
secret = input('give me your secret and I\'ll save it as "secret.enc"') |
||||
open('secret.enc','wb').write(encodeSecret(secret)) |
||||
elif choice == '3': |
||||
print("stay tuned for this awesome feature\n\n") |
||||
elif choice == '4': |
||||
print("Thank you for using RoboCaller1337!") |
||||
return |
||||
|
||||
def main(): |
||||
while True: |
||||
menu() |
||||
|
||||
if __name__ == "__main__": |
||||
main() |
||||
``` |
||||
|
||||
{{< /code >}} |
||||
|
||||
{{< code language="txt" title="robo_numbers_list.txt" isCollapsed="true" >}} |
||||
|
||||
```txt |
||||
263-170-6234 |
||||
467-553-7030 |
||||
220-146-1293 |
||||
630-328-6023 |
||||
413-553-0465 |
||||
528-403-6609 |
||||
454-641-6157 |
||||
396-906-1900 |
||||
445-477-6643 |
||||
578-095-2052 |
||||
216-516-7520 |
||||
314-161-3710 |
||||
628-223-8174 |
||||
512-530-6992 |
||||
464-456-5861 |
||||
631-453-4232 |
||||
377-004-3494 |
||||
328-898-2557 |
||||
231-249-9423 |
||||
420-346-3494 |
||||
605-091-2725 |
||||
595-329-3910 |
||||
576-809-4557 |
||||
425-030-9549 |
||||
389-181-5710 |
||||
621-627-6043 |
||||
423-199-4297 |
||||
579-089-8585 |
||||
589-493-0846 |
||||
375-597-0939 |
||||
541-648-2941 |
||||
453-069-7058 |
||||
543-829-0828 |
||||
417-111-8475 |
||||
348-244-2759 |
||||
290-882-6713 |
||||
522-462-5631 |
||||
296-565-4379 |
||||
586-916-6837 |
||||
603-365-6384 |
||||
476-088-1715 |
||||
526-794-4364 |
||||
570-480-9107 |
||||
427-082-3513 |
||||
418-582-5172 |
||||
294-148-5624 |
||||
591-766-9391 |
||||
581-588-1423 |
||||
554-956-1539 |
||||
339-448-0163 |
||||
633-317-6710 |
||||
529-345-6802 |
||||
510-151-9942 |
||||
589-325-3637 |
||||
291-288-6435 |
||||
536-342-5711 |
||||
431-379-8656 |
||||
306-181-2272 |
||||
287-750-2264 |
||||
435-289-4194 |
||||
609-844-8168 |
||||
254-346-9938 |
||||
477-230-3596 |
||||
224-779-5283 |
||||
351-591-9900 |
||||
472-433-7441 |
||||
259-370-4161 |
||||
390-390-2128 |
||||
271-570-0282 |
||||
532-522-3403 |
||||
231-987-9206 |
||||
273-558-2616 |
||||
232-775-4473 |
||||
286-546-5820 |
||||
567-085-6134 |
||||
303-874-3098 |
||||
517-707-7333 |
||||
439-636-1845 |
||||
641-978-4477 |
||||
221-606-7704 |
||||
356-456-0141 |
||||
621-732-2415 |
||||
569-522-9393 |
||||
404-995-4514 |
||||
573-986-7745 |
||||
407-677-1104 |
||||
225-688-0071 |
||||
219-031-4274 |
||||
355-266-3258 |
||||
624-119-4589 |
||||
313-157-7824 |
||||
518-033-0420 |
||||
462-462-1679 |
||||
435-580-6776 |
||||
232-015-6685 |
||||
585-746-5975 |
||||
359-937-2568 |
||||
426-271-0216 |
||||
618-678-9397 |
||||
318-533-9973 |
||||
560-054-9472 |
||||
251-899-2041 |
||||
295-475-7765 |
||||
590-304-8246 |
||||
535-896-4676 |
||||
538-266-6918 |
||||
282-578-1932 |
||||
621-085-1982 |
||||
471-750-3026 |
||||
605-061-1357 |
||||
491-478-9362 |
||||
531-518-2579 |
||||
542-766-2906 |
||||
391-955-0814 |
||||
271-424-2279 |
||||
429-855-1832 |
||||
598-055-6110 |
||||
429-626-4468 |
||||
559-114-4811 |
||||
582-184-7627 |
||||
499-756-4897 |
||||
412-170-2198 |
||||
551-289-1076 |
||||
397-901-9532 |
||||
367-175-9646 |
||||
418-401-3012 |
||||
223-706-1395 |
||||
556-314-7884 |
||||
427-512-9355 |
||||
441-717-0237 |
||||
586-758-7240 |
||||
639-239-7961 |
||||
563-296-1195 |
||||
532-034-4947 |
||||
493-797-3707 |
||||
240-611-7275 |
||||
286-614-0798 |
||||
421-788-3182 |
||||
292-386-6585 |
||||
216-386-1373 |
||||
594-193-2268 |
||||
337-029-6841 |
||||
444-662-2067 |
||||
375-664-3202 |
||||
293-053-1463 |
||||
284-235-3914 |
||||
453-792-3489 |
||||
266-783-6052 |
||||
336-422-4671 |
||||
460-035-3225 |
||||
470-633-3867 |
||||
234-048-5223 |
||||
479-812-5684 |
||||
606-457-0299 |
||||
604-025-5219 |
||||
584-232-4973 |
||||
534-831-8849 |
||||
488-941-7239 |
||||
569-682-8387 |
||||
250-288-5751 |
||||
548-842-8852 |
||||
537-471-2881 |
||||
473-732-5683 |
||||
600-901-1360 |
||||
244-545-5850 |
||||
611-587-7286 |
||||
493-004-5626 |
||||
541-097-0083 |
||||
318-276-8582 |
||||
245-121-2701 |
||||
253-657-5692 |
||||
587-739-7213 |
||||
346-259-4605 |
||||
358-583-6937 |
||||
636-360-3508 |
||||
335-700-9223 |
||||
443-401-2276 |
||||
580-846-2364 |
||||
414-725-9375 |
||||
528-421-5892 |
||||
606-581-0093 |
||||
549-745-9361 |
||||
286-689-9360 |
||||
218-754-0615 |
||||
321-168-4565 |
||||
392-771-7530 |
||||
292-211-8722 |
||||
338-038-3332 |
||||
583-603-7610 |
||||
472-413-9015 |
||||
510-699-6253 |
||||
327-105-5061 |
||||
347-747-7710 |
||||
532-690-4353 |
||||
307-141-9393 |
||||
614-124-9061 |
||||
431-024-6717 |
||||
574-101-4075 |
||||
632-578-6542 |
||||
277-867-6340 |
||||
324-715-7328 |
||||
374-913-2900 |
||||
221-589-8179 |
||||
229-100-8677 |
||||
306-006-3850 |
||||
572-818-6626 |
||||
477-129-5073 |
||||
568-463-6658 |
||||
536-661-1868 |
||||
307-094-0858 |
||||
248-972-7972 |
||||
507-465-6313 |
||||
592-140-8643 |
||||
635-756-2115 |
||||
231-603-0653 |
||||
310-669-1732 |
||||
577-741-6941 |
||||
327-413-3011 |
||||
484-314-6788 |
||||
398-283-4866 |
||||
333-140-1452 |
||||
372-012-4273 |
||||
265-303-9517 |
||||
389-626-2935 |
||||
227-237-4448 |
||||
302-214-1402 |
||||
257-043-3569 |
||||
339-178-6072 |
||||
467-085-9034 |
||||
370-830-3049 |
||||
527-417-1646 |
||||
360-260-6692 |
||||
418-021-9682 |
||||
224-191-9935 |
||||
475-252-8920 |
||||
258-028-1912 |
||||
485-558-4912 |
||||
475-641-7490 |
||||
312-575-1076 |
||||
221-080-0996 |
||||
565-758-4057 |
||||
606-410-6813 |
||||
380-364-3878 |
||||
454-647-2580 |
||||
558-276-5241 |
||||
454-930-4133 |
||||
425-279-0788 |
||||
634-055-1448 |
||||
387-308-6704 |
||||
297-447-2024 |
||||
325-867-9896 |
||||
366-669-5395 |
||||
370-728-9888 |
||||
515-812-6899 |
||||
290-897-7319 |
||||
608-784-7731 |
||||
306-673-3231 |
||||
248-002-8127 |
||||
556-900-1349 |
||||
558-045-6325 |
||||
330-120-0416 |
||||
503-768-1631 |
||||
315-471-5872 |
||||
287-925-3595 |
||||
597-434-5185 |
||||
500-420-1998 |
||||
276-255-9286 |
||||
260-165-4499 |
||||
634-488-7067 |
||||
550-656-9222 |
||||
364-996-1908 |
||||
393-231-0222 |
||||
314-836-5961 |
||||
278-146-7285 |
||||
258-469-2984 |
||||
458-789-6127 |
||||
376-740-8946 |
||||
244-618-6086 |
||||
587-168-0361 |
||||
275-523-6075 |
||||
605-784-9728 |
||||
377-514-5609 |
||||
263-776-1318 |
||||
609-187-9670 |
||||
243-602-9787 |
||||
253-775-4101 |
||||
408-681-2234 |
||||
406-675-5201 |
||||
496-579-4417 |
||||
566-496-2682 |
||||
503-553-5948 |
||||
439-293-2040 |
||||
383-486-6162 |
||||
323-283-9234 |
||||
305-479-8863 |
||||
478-975-6735 |
||||
354-724-0291 |
||||
330-167-6218 |
||||
237-014-6927 |
||||
332-972-5118 |
||||
336-818-8016 |
||||
232-442-6385 |
||||
381-560-9510 |
||||
491-498-2317 |
||||
491-354-6757 |
||||
492-988-1457 |
||||
504-965-5273 |
||||
623-178-2982 |
||||
634-591-5132 |
||||
331-525-1342 |
||||
404-793-5431 |
||||
319-217-4107 |
||||
426-481-1776 |
||||
586-057-4203 |
||||
545-939-6860 |
||||
222-490-9288 |
||||
265-820-2560 |
||||
214-953-0167 |
||||
643-906-2918 |
||||
240-098-8109 |
||||
234-229-5525 |
||||
520-069-2571 |
||||
333-323-9940 |
||||
574-581-5631 |
||||
620-982-0443 |
||||
376-752-7970 |
||||
491-787-0757 |
||||
613-684-5525 |
||||
440-860-3533 |
||||
256-223-7638 |
||||
637-243-1657 |
||||
216-758-4109 |
||||
603-205-8094 |
||||
641-246-9999 |
||||
444-144-1846 |
||||
355-714-3959 |
||||
638-675-0199 |
||||
377-418-0369 |
||||
586-516-3786 |
||||
466-160-7684 |
||||
585-714-3750 |
||||
249-234-7101 |
||||
515-494-7889 |
||||
595-840-9246 |
||||
566-590-0137 |
||||
358-175-7059 |
||||
597-287-7017 |
||||
287-942-8287 |
||||
442-059-3333 |
||||
575-505-6136 |
||||
582-311-6644 |
||||
619-262-5832 |
||||
641-788-3280 |
||||
500-425-4419 |
||||
218-860-8515 |
||||
584-013-1982 |
||||
635-304-8233 |
||||
413-023-9360 |
||||
479-795-4224 |
||||
617-013-8823 |
||||
417-989-2352 |
||||
599-480-4023 |
||||
240-440-2193 |
||||
299-079-3077 |
||||
486-349-6987 |
||||
520-519-6531 |
||||
606-723-6888 |
||||
604-485-3290 |
||||
397-591-6728 |
||||
222-732-4786 |
||||
579-723-9610 |
||||
536-385-6396 |
||||
328-207-1008 |
||||
312-228-8345 |
||||
644-212-3015 |
||||
470-159-3454 |
||||
224-910-8039 |
||||
390-956-1685 |
||||
335-913-5456 |
||||
347-509-5657 |
||||
627-631-4607 |
||||
299-531-9650 |
||||
460-460-4197 |
||||
295-431-0008 |
||||
318-347-7116 |
||||
361-830-5578 |
||||
296-014-3473 |
||||
592-647-0418 |
||||
255-674-6356 |
||||
274-042-5312 |
||||
325-171-2177 |
||||
477-736-2939 |
||||
431-571-1160 |
||||
305-047-9411 |
||||
630-334-9642 |
||||
381-695-7832 |
||||
298-958-0065 |
||||
625-500-4706 |
||||
529-536-9523 |
||||
383-823-4781 |
||||
414-338-6319 |
||||
264-259-0104 |
||||
478-344-9117 |
||||
377-027-4085 |
||||
511-706-8104 |
||||
613-897-8628 |
||||
473-831-4406 |
||||
356-775-0560 |
||||
332-288-4564 |
||||
352-970-1774 |
||||
292-376-4341 |
||||
319-525-3358 |
||||
312-514-8535 |
||||
320-070-0911 |
||||
290-445-6791 |
||||
498-406-2432 |
||||
571-079-8429 |
||||
276-991-8864 |
||||
481-943-3126 |
||||
300-932-1931 |
||||
546-824-1119 |
||||
246-372-8126 |
||||
457-455-4498 |
||||
288-703-2121 |
||||
564-818-7304 |
||||
385-921-6819 |
||||
629-576-4994 |
||||
445-109-7495 |
||||
234-199-7440 |
||||
632-582-4939 |
||||
502-998-8220 |
||||
447-225-4830 |
||||
498-776-9758 |
||||
512-819-2534 |
||||
593-249-1838 |
||||
346-730-7389 |
||||
387-061-3438 |
||||
612-634-6490 |
||||
304-590-7107 |
||||
336-236-8058 |
||||
280-109-9842 |
||||
532-456-4518 |
||||
494-312-1472 |
||||
576-075-3393 |
||||
502-770-3549 |
||||
314-251-4866 |
||||
395-081-9884 |
||||
362-320-4067 |
||||
550-221-6228 |
||||
578-292-6373 |
||||
560-076-7938 |
||||
376-384-4159 |
||||
408-610-4527 |
||||
407-474-3128 |
||||
504-027-5065 |
||||
401-434-6766 |
||||
511-795-6354 |
||||
244-790-9831 |
||||
370-882-6561 |
||||
464-032-5501 |
||||
335-056-6491 |
||||
535-523-9560 |
||||
563-151-5751 |
||||
310-650-9154 |
||||
293-427-5198 |
||||
227-854-7364 |
||||
298-835-7781 |
||||
273-952-9012 |
||||
372-909-4330 |
||||
598-402-8660 |
||||
243-015-8194 |
||||
383-775-3972 |
||||
580-873-1801 |
||||
603-389-4616 |
||||
435-894-4631 |
||||
221-659-0436 |
||||
421-068-3372 |
||||
576-550-9159 |
||||
600-740-4753 |
||||
304-667-9863 |
||||
398-463-0613 |
||||
228-119-7649 |
||||
632-929-1125 |
||||
418-318-7960 |
||||
481-314-3005 |
||||
220-193-6628 |
||||
376-247-2252 |
||||
230-189-8583 |
||||
443-754-1310 |
||||
307-629-5088 |
||||
443-234-5273 |
||||
604-417-4882 |
||||
371-452-6491 |
||||
244-192-9948 |
||||
436-547-5170 |
||||
255-052-6193 |
||||
589-472-9545 |
||||
422-443-9210 |
||||
471-193-0096 |
||||
326-900-8982 |
||||
534-113-4669 |
||||
370-370-7079 |
||||
236-477-6842 |
||||
582-225-8431 |
||||
330-375-2592 |
||||
258-253-0724 |
||||
352-635-3974 |
||||
277-093-0733 |
||||
276-827-6629 |
||||
399-408-4024 |
||||
299-332-2510 |
||||
369-955-9431 |
||||
270-411-8250 |
||||
505-556-4268 |
||||
509-193-1267 |
||||
390-556-9212 |
||||
545-455-8494 |
||||
621-160-7841 |
||||
400-314-8126 |
||||
301-366-4666 |
||||
566-601-5258 |
||||
497-181-3783 |
||||
475-458-5134 |
||||
231-329-9853 |
||||
643-929-0930 |
||||
467-709-3820 |
||||
476-757-4475 |
||||
220-068-1085 |
||||
306-235-7886 |
||||
600-225-3007 |
||||
463-008-1308 |
||||
542-224-9895 |
||||
490-906-7623 |
||||
439-771-8632 |
||||
528-612-0493 |
||||
527-246-8898 |
||||
358-761-7567 |
||||
555-591-5964 |
||||
340-723-1623 |
||||
616-706-2286 |
||||
479-042-1523 |
||||
567-628-3190 |
||||
237-335-5616 |
||||
342-661-9978 |
||||
511-003-2993 |
||||
365-015-3536 |
||||
579-912-9244 |
||||
277-699-2447 |
||||
572-716-1892 |
||||
432-103-7130 |
||||
500-710-9000 |
||||
244-105-1867 |
||||
395-361-9492 |
||||
531-841-0316 |
||||
576-664-6128 |
||||
363-937-1524 |
||||
570-451-8880 |
||||
407-256-2659 |
||||
550-243-2375 |
||||
629-676-6662 |
||||
238-241-4419 |
||||
595-426-7736 |
||||
605-009-1897 |
||||
268-368-8879 |
||||
276-606-9527 |
||||
351-839-4116 |
||||
479-653-9492 |
||||
549-268-4096 |
||||
223-918-1181 |
||||
311-654-3871 |
||||
464-091-8325 |
||||
507-686-1330 |
||||
326-205-4956 |
||||
438-871-2036 |
||||
611-564-1201 |
||||
324-442-1210 |
||||
547-150-7680 |
||||
237-378-9286 |
||||
365-038-6522 |
||||
262-981-4774 |
||||
414-149-0176 |
||||
220-121-1826 |
||||
423-447-3437 |
||||
487-112-2749 |
||||
224-428-8478 |
||||
251-934-9033 |
||||
274-700-5893 |
||||
469-421-0585 |
||||
344-241-4166 |
||||
401-960-8975 |
||||
261-506-6354 |
||||
589-256-3123 |
||||
305-932-3116 |
||||
418-063-9114 |
||||
600-969-4231 |
||||
363-050-1450 |
||||
627-535-7555 |
||||
487-543-9495 |
||||
461-161-1043 |
||||
512-384-1050 |
||||
234-199-2812 |
||||
541-513-3632 |
||||
630-049-9049 |
||||
585-881-3200 |
||||
460-978-5106 |
||||
635-887-0620 |
||||
298-611-3587 |
||||
272-932-0243 |
||||
554-772-3962 |
||||
618-711-7118 |
||||
426-926-4284 |
||||
596-851-6696 |
||||
306-766-1867 |
||||
445-639-1594 |
||||
467-786-0153 |
||||
515-688-5843 |
||||
291-664-2547 |
||||
295-859-0241 |
||||
605-833-5133 |
||||
476-067-3223 |
||||
356-715-8717 |
||||
625-145-6351 |
||||
439-027-8936 |
||||
446-996-9104 |
||||
``` |
||||
|
||||
{{< /code >}} |
||||
|
||||
## Recon |
||||
|
||||
The attachment contains tree files: `RoboCaller1337.py`, `secret.enc` and `robo_numbers_list.txt`. |
||||
|
||||
Looking at the python script, we can assume the other two files are generated with it. It contains a function `generateRandomNumbers()`, which generates 624 random phone numbers. It also has a function `encodeSecret()`, which encodes a key with a random number. |
||||
|
||||
`robo_numbers_list.txt` looks like a big list with 624 phone numbers. |
||||
|
||||
`secret.enc` appears to contain just raw bytes. |
||||
|
||||
## Solving |
||||
|
||||
When starting on this challenge I was actually clueless how to solve this. I though the key was random. But then I remembered why you don't use the default random methods. They're not actually random, but rather pseudorandom. |
||||
|
||||
Pseudorandom numbers are generated using an algorithm that generates a sequence of numbers whose properties approximate the properties of sequences of random numbers. This sequence is determined by an initial value, called a seed. Although this seed could be actually random, once you know it, you can calculate all the values it would output. |
||||
|
||||
From reading [the python documentation of `random.py`](https://github.com/python/cpython/blob/main/Lib/random.py), we can see it uses the Mersenne Twister algorithm with a period of 2^19937-1. Also known as MT19937. |
||||
|
||||
When searching for an algorithm to predict its results, I came across [this library](https://github.com/kmyk/mersenne-twister-predictor). It seems that if you know the preceding 624 numbers, you can predict the next numbers. |
||||
|
||||
So, let's install the package first: |
||||
|
||||
```sh |
||||
pip install mersenne-twister-predictor |
||||
``` |
||||
|
||||
Then, we need a script to read the numbers and enter them in the predictor. Let's start out by creating an instance of the predictor: |
||||
|
||||
```py |
||||
from mt19937predictor import MT19937Predictor |
||||
|
||||
predictor = MT19937Predictor() |
||||
``` |
||||
|
||||
Then we need the numbers to enter. To get them, I reversed the algorithm in the `RoboCaller1337.py` file: |
||||
|
||||
```py |
||||
with open("robo_numbers_list.txt", "r") as file: |
||||
for line in file: |
||||
number = int(line.replace("-", "")) - (1<<31) |
||||
predictor.setrandbits(number, 32) |
||||
``` |
||||
|
||||
Now that the numbers are added, we can read the `secret.enc` file, and try to decode it. Again, I reversed the algorithm in the original file. |
||||
|
||||
```py |
||||
with open("secret.enc", "rb") as file: |
||||
secret = list(file.read()) |
||||
|
||||
flag= "" |
||||
key = [predictor.getrandbits(8) for _ in range(len(secret))] |
||||
for a,b in zip(key, secret): |
||||
flag += chr(a^b) |
||||
|
||||
print(flag) |
||||
``` |
||||
|
||||
{{< code language="py" title="Full code" isCollapsed="true" >}} |
||||
|
||||
```py |
||||
from mt19937predictor import MT19937Predictor |
||||
|
||||
predictor = MT19937Predictor() |
||||
|
||||
with open("robo_numbers_list.txt", "r") as file: |
||||
for line in file: |
||||
number = int(line.replace("-", "")) - (1<<31) |
||||
predictor.setrandbits(number, 32) |
||||
|
||||
with open("secret.enc", "rb") as file: |
||||
secret = list(file.read()) |
||||
|
||||
flag= "" |
||||
key = [predictor.getrandbits(8) for _ in range(len(secret))] |
||||
for a,b in zip(key, secret): |
||||
flag += chr(a^b) |
||||
|
||||
print(flag) |
||||
``` |
||||
|
||||
{{< /code >}} |
||||
|
||||
## Solution |
||||
|
||||
After executing this code, we get the flag! It's `CTF{n3v3r_3ver_ev3r_use_r4nd0m}`. |
Binary file not shown.
After Width: | Height: | Size: 65 KiB |
Loading…
Reference in new issue