{"componentChunkName":"component---src-templates-post-template-js","path":"/ctf-tuctf-2023-en","result":{"data":{"markdownRemark":{"id":"42304351-a29d-55c3-b842-b67e60f63071","html":"<blockquote>\n<p>This page has been machine-translated from the <a href=\"/ctf-tuctf-2023\">original page</a>.</p>\n</blockquote>\n<p>I participated in TUCTF, which was held around December 2, 2023, as part of 0nePadding.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/a3afb3401f248d7a77a7783c51f03d51/78797/image-20231206011830510.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 26.25%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAFCAYAAABFA8wzAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAdUlEQVQY052PQRbDIAgFc/+bti+VAAHFzS+SXsAu5sFC5w2Hm+GSGyQGvR3eO8YYW/SEmWs/LIX8E/Y+EJuyEmYEizxCVUW7BK8PZ6HB3bexpLVWexWuk99NMz0w50REbPC8lyxcswqJBScplvyvwvxHRFX6BR6XhBF8s6/8AAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/a3afb3401f248d7a77a7783c51f03d51/8ac56/image-20231206011830510.webp 240w,\n/static/a3afb3401f248d7a77a7783c51f03d51/d3be9/image-20231206011830510.webp 480w,\n/static/a3afb3401f248d7a77a7783c51f03d51/e46b2/image-20231206011830510.webp 960w,\n/static/a3afb3401f248d7a77a7783c51f03d51/5543b/image-20231206011830510.webp 1125w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/a3afb3401f248d7a77a7783c51f03d51/8ff5a/image-20231206011830510.png 240w,\n/static/a3afb3401f248d7a77a7783c51f03d51/e85cb/image-20231206011830510.png 480w,\n/static/a3afb3401f248d7a77a7783c51f03d51/d9199/image-20231206011830510.png 960w,\n/static/a3afb3401f248d7a77a7783c51f03d51/78797/image-20231206011830510.png 1125w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/a3afb3401f248d7a77a7783c51f03d51/d9199/image-20231206011830510.png\"\n            alt=\"image-20231206011830510\"\n            title=\"image-20231206011830510\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>I’ll briefly write up the solutions.</p>\n<!-- omit in toc -->\n<h2 id=\"table-of-contents\" style=\"position:relative;\"><a href=\"#table-of-contents\" aria-label=\"table of contents permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table of Contents</h2>\n<ul>\n<li><a href=\"#what-are-you-doing-in-my-swampforensic\">What Are You Doing In My Swamp?(Forensic)</a></li>\n<li><a href=\"#state-of-the-gitforensic\">State of the Git(Forensic)</a></li>\n<li><a href=\"#table-encryptioncrypto\">Table Encryption(Crypto)</a></li>\n<li><a href=\"#custom-ecb-ciphercrypto\">Custom ECB Cipher(Crypto)</a></li>\n<li><a href=\"#summary\">Summary</a></li>\n</ul>\n<h2 id=\"what-are-you-doing-in-my-swampforensic\" style=\"position:relative;\"><a href=\"#what-are-you-doing-in-my-swampforensic\" aria-label=\"what are you doing in my swampforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>What Are You Doing In My Swamp?(Forensic)</h2>\n<blockquote>\n<p>This challenge is like ogres, it has layers</p>\n</blockquote>\n<p>The file provided as the challenge binary had its magic number stripped, so it could not be recognized as an image file. I manually added the JPG magic number.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/a005d2507023a96d560bd53b8d1ea555/d5bfb/image-20231205212004575.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 41.25%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAAAsTAAALEwEAmpwYAAABpklEQVQoz3WRWU/bUBCF/VTSNqQglUWBCjlUSRzi2Hi3IXGagsDLdeIsGEJYXnjI//8Bp+Nheajah6MZ++qcO/NdqfiVI/NjjN1rTOwUiR5BGAkyM4UwE4xtAXffhLWjw69b6G0qLLWq4HTrBP6OirM9Hd53FcGuBmmdPmF1PkXhCtwFY9yfkc4nWAYZ9RPuhwcm3O0OhocWnG0FWkWG/vmYagO9jQbUDRm9ymuV1uIZq/4UCyfBksy3FHTrZyg8gSWH57hsBIhaA4juCMMfNhv1Lz+hlaF/SXq8KDD3U+R2hIWXYeakmHMVVMdcr1ohcjPms5Hso1sh89cm9GoLVq0Ns9YitWFUm5CK0RRZECM2LpAZMZLTmNkxw5KlJeDVbfgHDgZHAbRaB+pm541hlxj2mF3J0SEsHysXbsoMy7WZ4TtL4hgemrC/tTGoG7C3FGanv69JvVZOXHlb+SVa4Y7Mczv+YHdD4Qtar/wuL/kte7hq9hG1Qwo1+SFKhv+StM5owsGMzY/DOe77OVbhjCbN+f8D9bESYmpc82WXxwHUT/J/A/8AhKwG9w+3hxgAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/a005d2507023a96d560bd53b8d1ea555/8ac56/image-20231205212004575.webp 240w,\n/static/a005d2507023a96d560bd53b8d1ea555/d3be9/image-20231205212004575.webp 480w,\n/static/a005d2507023a96d560bd53b8d1ea555/e46b2/image-20231205212004575.webp 960w,\n/static/a005d2507023a96d560bd53b8d1ea555/f13ee/image-20231205212004575.webp 1072w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/a005d2507023a96d560bd53b8d1ea555/8ff5a/image-20231205212004575.png 240w,\n/static/a005d2507023a96d560bd53b8d1ea555/e85cb/image-20231205212004575.png 480w,\n/static/a005d2507023a96d560bd53b8d1ea555/d9199/image-20231205212004575.png 960w,\n/static/a005d2507023a96d560bd53b8d1ea555/d5bfb/image-20231205212004575.png 1072w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/a005d2507023a96d560bd53b8d1ea555/d9199/image-20231205212004575.png\"\n            alt=\"image-20231205212004575\"\n            title=\"image-20231205212004575\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>As a result, I was able to view the following image.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 391px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/b88bcb5544db43854bf5bf05e91e58bc/14e0c/image-20231206002452193.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 96.25000000000001%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAATCAYAAACQjC21AAAACXBIWXMAAAsTAAALEwEAmpwYAAAEWUlEQVQ4y22U+0+TVxjH+5/tF7PMLMZfjP60mJjdsskM6jbvRhkXEUUnYkTjlVvB3u/39m3f3mgrtJRAQUEBi5BRA4quAT4757ixuOxNTp637+l5zvd5nu/3ayiWxllfX2d1tUatVhNxVf1+9+4d1WqVcnmCSmVaxLKIFeYXFngr9tbX3+6cqdXe7CzD/PwC/33knzQtRjweJxaLYTQa8Xg89PT0kMlkiETCrKys8H+PYXbuxScfdF3HbreTSCTo7+8nlUpitVrw+bz09j4mHA7vLHlhvV5X57a2ttje3sYw93dCuREKhUgmk9hsNgr5PMFAkHgiRTgSJxrT8fpCuFwugTKtLvP5fKTTaT58+KByqIT/IJyYmGBwcBCz2SxQJnC6fUSiIaLRJ4zmzWKZSOl2gSyIze5UiDVNo6OjQyXdSbi4+Irl5deqP7KEgN9PXM/gs95F87YzOX6bcuYSc5M3mSzfJ599KC50ipXC4XCo0p1OJ5OTk//28OnTp9y6dQujQBgMRUiE+3g/10nUcQbb0DkC7haG+84y3H9W7LXw/o8+RjJWYlpCIZXlRyKRjwhLgjayzJFslpGRHHbrMMtT19l63U0p3kI20orHeh6v5TwO4y8U9RZBg3vUKtfRIi60uE42m1G9XVpawuAXjQ8EAmKqcZ6Y7eTivWy/vk29eof1qcu8zF5gafQ3Sr6fSQx9y9roGepTzdRLJynrd0lm8gwPDwkmWFXZBp8/gF/0zeNx4xNTrmRusr14jfpqP29mfidlOcyouxH/3a+wXN9Hyd3A9nQzm6VfWcx1Eo7GxOAiKkexWMTg9fpwu92EgkFBjRgxRzPVQhNby/d4P3uNlPM4h77fxYGDn9Hdtp/FaCMUT7ESa6Dgb8MlgMihdHV1KTUZ3B6vIrNUgtVmx23upKJfgOVuMpYjnDi6m8YfdtF+7HOaTu/FcmkPfyYOsxhswDtwkVQmqwYiBzs+Po5B15NYLBbFPS2h47Q+Iuk4BauPsd35msEbBznXdJAjJw8w3PMNjy/uZaPcxjO9GS04RCabUzKVYpiZmcEwNVVRqpCcktO2i+i336CUbKeSbOPYj1/w0+EvOX50D40Nu8m5TjCVvkTQdk21amBggEKhQC6XY21tDcMr4Sgl0UyTySSIrZEXyXVdw2fpJOs8jfX+d9xr3Udvx376ug+hPzlG2HoFp8siFGNXZiHByISK2C9ezrO5uak0/ODBA2EMNsbGxhQnA+5eoqZmggOnyTuaSJhaiIdM6EmdSCzKoEAnz8geSnQq4fPns+plQficZLwc0NWrV0WTC8IMAoIWcUbFu8thJxAMi0QJpWFZquSdtLbZ2Y85JDBDtbq0Y10bGxuqj5IGcmouEXVB+HQ6o75FBRKL2JeqkCXKHkpD/sQPpR6lnqUryzhWLGG2WIWLXGFg0ChM4w7GoSFudN3k4cNHtLdfprW1TSjDJvpdYO6FODs9Iyb8TK2/AOkw2DCYx6JAAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/b88bcb5544db43854bf5bf05e91e58bc/8ac56/image-20231206002452193.webp 240w,\n/static/b88bcb5544db43854bf5bf05e91e58bc/e5d0c/image-20231206002452193.webp 391w\"\n              sizes=\"(max-width: 391px) 100vw, 391px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/b88bcb5544db43854bf5bf05e91e58bc/8ff5a/image-20231206002452193.png 240w,\n/static/b88bcb5544db43854bf5bf05e91e58bc/14e0c/image-20231206002452193.png 391w\"\n            sizes=\"(max-width: 391px) 100vw, 391px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/b88bcb5544db43854bf5bf05e91e58bc/14e0c/image-20231206002452193.png\"\n            alt=\"image-20231206002452193\"\n            title=\"image-20231206002452193\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>There were no hints from there, so I was stuck for a bit, but in the end I used steghide with the password <code class=\"language-text\">layers</code> and obtained the following message.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 681px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/8ce52/image-20231205212222591.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 113.33333333333333%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAXCAYAAAALHW+jAAAACXBIWXMAAAsTAAALEwEAmpwYAAADAElEQVQ4y5VU2XLiQAz0b5gAvm+DbRLCkVRYUpV9SCXh/79Gq26PjGtrX/ZBnvGMpiW1Dq9tW4GUZSlVVUld17LdbiXNUnl4eJDVavVf4hVFQTATgEJwnmWZ5Hk+k4xn/zrHmiSJeEPfSz8MMuxUhrv0eo51t9tNq+3n/6Pc9bwwDBnacrnkarJeryUIgknmd38L3i4WC0nSVLxMP/YY4FEUcQ/38Y87rHEca6gpVxrRcwCkKuAuVxqQCw8P8QiCfaE8FsoHgKHYdZ2G3/GuqkqJnJFRPyXf0EUym6YRDxbn4QEQnMByqIpI1OhdNnkDPQMF4GbTTsny5kpYS2QXoahHqSqUZUVFeDGF6wRUbBHB0OubhMY9PJxbTZJYLW4UuGSYuRpACQEQ/whtXrPg1YwVZTEPeU1gXkYxrYdqJAZnszvjEPssHz3PHedohilkKG20QwrHGZQsOfNwoW9nY6HnTBzux5DTscX6fpDz+cxSwIWBwFNmX8HDMCCv0MEZuE1mvBIQj+Dh8XRitQcKgFDadqNloH2upZAq4ZY08Lvf7xUocSUTTlXisqzZTDP5/v6R9+t15ENBU1e0EMsoAF9eXuT764tgMGjn0MFQ8caCreVyuciXKp5OR4ZrxFunwDDWqxr9/PyU/fOzNNoZXbdlD5MWrQa2Hip8v3+Sy9tFnlUxjqM7GLKpobBrdGC8vr7SE4SOsgEl+Icxhtx1PTm5vv+S2+1GL+u6UrBgIh7A4PR2+5GDGnx8fCJw2zYcDBDrGq/IC/JUNzWtwhq6xUIo3B604A7/8KyuG2Yed3iPWmWWWZB6wBJwlzY4rX9tn7h2tGSZHoygMcYso71cAS+XK5KPdrJiBzdWMliNW44seBjfs8yQYQnFWbgxBrC2rcXGmoXN+Qc9dArbD5OpklZHWuAmz9gpCEEHQqhWfJ26wXp0HRZ932fGobxY+LJWncQNZN9fSMSxlhAcBc6QD4cDu+QEOR65P6scdX9QObk977VGqeP07A41/Pvjg+/+AFbymLWo3c/2AAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/8ac56/image-20231205212222591.webp 240w,\n/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/d3be9/image-20231205212222591.webp 480w,\n/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/9a301/image-20231205212222591.webp 681w\"\n              sizes=\"(max-width: 681px) 100vw, 681px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/8ff5a/image-20231205212222591.png 240w,\n/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/e85cb/image-20231205212222591.png 480w,\n/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/8ce52/image-20231205212222591.png 681w\"\n            sizes=\"(max-width: 681px) 100vw, 681px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/221e20ae4e5a0fb17bbc8ad32b7c03b5/8ce52/image-20231205212222591.png\"\n            alt=\"image-20231205212222591\"\n            title=\"image-20231205212222591\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>After that, applying an Atbash cipher to <code class=\"language-text\">GFXGU{LtIvh_zIv_oRpv_lmrOmh}</code> gave me the correct flag.</p>\n<h2 id=\"state-of-the-gitforensic\" style=\"position:relative;\"><a href=\"#state-of-the-gitforensic\" aria-label=\"state of the gitforensic permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>State of the Git(Forensic)</h2>\n<blockquote>\n<p>All the cool kids are embracing state of the art IAC technology, and we are rushing to catch up! We have a new system that we are testing out, but we are not sure how secure it is. Can you check it out for us?</p>\n</blockquote>\n<p>The challenge binary was an archive containing a <code class=\"language-text\">.git</code> directory and some code.</p>\n<p>When I tried pushing the provided repository to GitHub, I found that it had as many as 592 commits.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 724px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/46a68f4ca670fb12f45e2c457a311a59/a242d/image-20231205234751287.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 100%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAACXBIWXMAAAsTAAALEwEAmpwYAAACiElEQVQ4y51UyXbaQBDUObFBCKF9XwCBsE0gzrOP+YX8SY75+UpXjyY4MfiQQ0uzdNdUV/eM4wUZVnElVsL1EyxWKebL5M945kW4X4Q6D5Ja/RYSE6S1xi1Sid/XCA8tvCaHExc9NuMZ690X+FGBROYMCCUgLdcCHuPTzMcqqXA4vWJ7OKvPw/kVu/1XROcOw88XnH59R/ZjDyeremTVGmHWIs47+MKAp4dpAy/IsQwLLCNjXijzqFRm/PtiSdkjKGos0xJeJAy7zYjx8Yzd0zeMxxd0wxM2wmJ4eEYkB6wkzSBtxRowm7zdIa23KLo9smbA7vEZ/XAUUoNK4iSSVtmPqMTCrNGTlYVsxrLHILLn3Fhl/qp7JRlV4tfrISsD2KNej2g3B9GmkwJEqhvTZfpxYViyODMv1j1rMzHXT5VIlLdSxAwOB7mwKLudaNji83yFOzfQTcOgVFb824pfLNA1y5qd4BCd1SRTFsU682RbEIKR8d9gxgjoTz4KGAlgVm00XYpqHW3aWmEBpjOZXwNchsZvbgBbTbcW40k2yJWm9iOTbqAtlOH+BiClYaspQ6ZZSgvU/V6b2QJSQ1aQgJSFjK+mLOuBtlYzaSiDTEqe1xu4U5Atimon6ZDB+4K81bC8aMj7SrplO6ASpq4fKyA37Q2Z3WB30bC4aGgBU6kydSKYAlLDieHihn62bWxrKUOCsHnX+6OmbVNmhe2LwpvyoYa8++JDEg5PuHPDy3PFG+CZ28I1psGenE/r7+yNH8cO37fteNKrNxf9eFMsy3/tlo53EmPeUQHkJxa6prFZzfDD4KuA9J8YO1wIpY/yZiuPxKXKFPway4+MoJOGgabKl9m2wv/abyaQ/5+0nHJAAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/46a68f4ca670fb12f45e2c457a311a59/8ac56/image-20231205234751287.webp 240w,\n/static/46a68f4ca670fb12f45e2c457a311a59/d3be9/image-20231205234751287.webp 480w,\n/static/46a68f4ca670fb12f45e2c457a311a59/79561/image-20231205234751287.webp 724w\"\n              sizes=\"(max-width: 724px) 100vw, 724px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/46a68f4ca670fb12f45e2c457a311a59/8ff5a/image-20231205234751287.png 240w,\n/static/46a68f4ca670fb12f45e2c457a311a59/e85cb/image-20231205234751287.png 480w,\n/static/46a68f4ca670fb12f45e2c457a311a59/a242d/image-20231205234751287.png 724w\"\n            sizes=\"(max-width: 724px) 100vw, 724px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/46a68f4ca670fb12f45e2c457a311a59/a242d/image-20231205234751287.png\"\n            alt=\"image-20231205234751287\"\n            title=\"image-20231205234751287\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Most of the commit messages start with words like <code class=\"language-text\">delete</code>, <code class=\"language-text\">add</code>, <code class=\"language-text\">release</code>, or <code class=\"language-text\">fix</code>.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 375px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/774b0d8082db2456ff047b0f6d7b9b91/5ff7e/image-20231205234844701.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 184.16666666666669%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAlCAYAAABCr8kFAAAACXBIWXMAAAsTAAALEwEAmpwYAAAExklEQVRIx5VWV3vaWhD0Y66x6QIkJIpA9I4QxWCwHde4xEn+/1+ZO3tULo6Nc/Ownwpiz+7szJxzFE8XkMwaSGR0yP2pei6qdyfJHE5T+b+Ko0y+hFbfxXC2wfL8BsvtLVqDGUq1jvrgb5MepbQiKvUuqo0+2kMPHUaZz3qpfvBPny1yJD+eJDXEEln8c5LGF0Ysoanwf3sfn1YoHxglB+mchbxZg1Vrw6y21H2x2lSRN23kGBZh0PQyTj5ZTCWUgUh2GYYaDO8TGQNx9d5/Pg2GJyHfHAqVMJ72J5wplBWWTnsEo9yAZbdQaw1Q747U1aw01TeaUT0YfsKAMlqxhrvHn/j2/AttTtpdbbG7fcDXx1ecX93DdgbI6BXkiraKTxNKW3nLwfene0zma6yu73HJJG1SyrQ7qDYHqHXGKJEB9c4EdotVsxPBOlxA4m3L5GROLyHNqwyiwI+zrEjCr0Duy9G7HN/Jf/bjTcsC/NjbYntxC5MYNnsuegMX690NCpaNL7GUmvBxPBvFp1NOcMovz0/wVufouQu43hkcDkNUY5Qd1V46b7G1alTlPtGjhGGFQpVuu81qqqh1h2hzujm2GedC6bzJCZfUNz5uVWJei2j2hthhQsGyYDVgN3pIMUmWyUqkjmHVSaE2K22hWHECZfnhJyq8Teg7DV9w9buHF9zcPcHhRIfuGS6vv2HCq3t2CXe9g7e+4GKGwjus7h2G8T0M7652aLDd0WqDxeIcJcowo6bs8y+pmUqaQnyRpRTyHsN0iKGfOIRgX2ahZ6puQogiqH6X3l6Fo9mCdtaBt7zA2fk1dl8fMHZX6veQJjFeFYbB87uhqFVVZUW8Pj9iMPEwJnWWK7bfGUFnezodSa4y6QKHJMSXaR/EMGzZtuvQSWKj2kDFphnQ1kQ5WqCQVM6MFCPXw7RRLRsEvKHAl2Eo5+kMcMpvjlWbWZ8yYcsRbQ4kFAJf33JP6Y3Rny4xnW/Qn8z8YYgXakU1wGg4af3PtLnartEduYo2S9pXhbITFzJJcJPkFpMQkhuVhqKPtHyS/L3CPdqE409pvntLVWniJs+KVu/2lQO0iQcVzs823PXaVMQW/fECE5J7zvvF+goOPVEcJxZK7/+4zevTg+LibHuJ3cUNmpSgXm7SWDtstaMm6yvFUWoJlfIWw72WdcNCllzTipQbr/I+JotyKGJdohgFAUMM1afNRy0LuKyy1hqjWm+Ri3U0+xM17d54jmK55htsSKHAYD+kzX9KMfDjxy9M2PKQ+8qGLbvLLbpMaFYdVmWprVbUElb5R9osZlPU2wN0ph5GYw86JZZkIpGeuIuoxVBSrAcYfqSUAEPBQpKmc6QI3wlliuRbhtj5xuCfGPaPKYeVEmxSu2sxhxm3zxldZqnalg0+xOvQEeQAbUx8f7zDcDrHdHOBNd3ZdrpKKbJRqbMNlRLRptIIlJL7uGWpVMuLZg0CTvAJurw/TuztIYF6ZDip4PePlaJoU0BvskKj3aeGB5z2itSZYuKt4c63GE/XPKnVoyPfp/tyaLAvLy8Y0mC70xW8xYbOM+HUR+qU2+LGL8YqtAnj9wPoXoX+EW42GcNudtGi4wxHHk8QjqJNNjJYS1FGEoen3P2E/wJhH8xktM9MnwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/774b0d8082db2456ff047b0f6d7b9b91/8ac56/image-20231205234844701.webp 240w,\n/static/774b0d8082db2456ff047b0f6d7b9b91/f3a60/image-20231205234844701.webp 375w\"\n              sizes=\"(max-width: 375px) 100vw, 375px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/774b0d8082db2456ff047b0f6d7b9b91/8ff5a/image-20231205234844701.png 240w,\n/static/774b0d8082db2456ff047b0f6d7b9b91/5ff7e/image-20231205234844701.png 375w\"\n            sizes=\"(max-width: 375px) 100vw, 375px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/774b0d8082db2456ff047b0f6d7b9b91/5ff7e/image-20231205234844701.png\"\n            alt=\"image-20231205234844701\"\n            title=\"image-20231205234844701\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>On GitHub, only one branch showed up.</p>\n<p>This was entirely my own mistake, but I had only pushed the <code class=\"language-text\">main</code> branch from the local repository to GitHub, so no matter how much I inspected the code on GitHub, I could not find the flag.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 864px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/9dd122cfb0b536d5c3190890e0817a5d/9cab2/image-20231205235638066.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 18.333333333333336%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAECAYAAACOXx+WAAAACXBIWXMAAAsTAAALEwEAmpwYAAAApklEQVQY043PSQrCQBQE0CziEMnYc6fN0BEDDqBmIWTlKTyHB/A83sY7lW3cuIouHgWfouB7QUQRhASLmGEaJPBn4X/mMXx/An25o7s90VwfyFcneGppIU0DrmukLEfyJR1lkFINWuyg2x7cdmDawtsce2wPZ9h27w41hBsXuQV3mKrG6QpUGGRMDSmMGwzFGkRWIKIYSlSVH7JElMnfiHKpho/egy8VI2Yms61rjwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/9dd122cfb0b536d5c3190890e0817a5d/8ac56/image-20231205235638066.webp 240w,\n/static/9dd122cfb0b536d5c3190890e0817a5d/d3be9/image-20231205235638066.webp 480w,\n/static/9dd122cfb0b536d5c3190890e0817a5d/b4e26/image-20231205235638066.webp 864w\"\n              sizes=\"(max-width: 864px) 100vw, 864px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/9dd122cfb0b536d5c3190890e0817a5d/8ff5a/image-20231205235638066.png 240w,\n/static/9dd122cfb0b536d5c3190890e0817a5d/e85cb/image-20231205235638066.png 480w,\n/static/9dd122cfb0b536d5c3190890e0817a5d/9cab2/image-20231205235638066.png 864w\"\n            sizes=\"(max-width: 864px) 100vw, 864px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/9dd122cfb0b536d5c3190890e0817a5d/9cab2/image-20231205235638066.png\"\n            alt=\"image-20231205235638066\"\n            title=\"image-20231205235638066\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>When I checked the local branches, I found that several branches existed.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 510px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/feb6f756f46884ce8f8a99acb0f0cf40/0abdd/image-20231205235829838.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 30%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAGCAYAAADDl76dAAAACXBIWXMAAAsTAAALEwEAmpwYAAABG0lEQVQY022Q3U7CQBCFe2OAIlCCCRITBVpau3Y728qfWQJJL2ysRkOUeGF8/8c4ThdK1HBxciY7s9/OHkte30HeSKggBYUp5CgGuYSkF0E4CcJeCtEl9il7ipDPov4DXqIMRbhBPllhN3/Go6chayNYyvHxqd+wXTxhOSDETReq7UPZE5DtH8R10+deYLzUvCswcwTuW8HRqeHCSvjy12qL4naD9SCFanigOkMrNU4rro+N6FCbO7bHQCfAx7TA9+bdfKFslo1SVMLt01LNyWHG/TXPG+qrBDrW0P4Ci47glxhYG+83sf9uZUCmHiM6G5rM/kOt6YVAHq7xOstRUAbqcFaXDG5X2e3zq2DxeQDZEsiGS+i+OkIr/QAd5axwX2yBhwAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/feb6f756f46884ce8f8a99acb0f0cf40/8ac56/image-20231205235829838.webp 240w,\n/static/feb6f756f46884ce8f8a99acb0f0cf40/d3be9/image-20231205235829838.webp 480w,\n/static/feb6f756f46884ce8f8a99acb0f0cf40/b7235/image-20231205235829838.webp 510w\"\n              sizes=\"(max-width: 510px) 100vw, 510px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/feb6f756f46884ce8f8a99acb0f0cf40/8ff5a/image-20231205235829838.png 240w,\n/static/feb6f756f46884ce8f8a99acb0f0cf40/e85cb/image-20231205235829838.png 480w,\n/static/feb6f756f46884ce8f8a99acb0f0cf40/0abdd/image-20231205235829838.png 510w\"\n            sizes=\"(max-width: 510px) 100vw, 510px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/feb6f756f46884ce8f8a99acb0f0cf40/0abdd/image-20231205235829838.png\"\n            alt=\"image-20231205235829838\"\n            title=\"image-20231205235829838\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>After switching the local branch to <code class=\"language-text\">release</code> and grepping <code class=\"language-text\">git log</code>, I found exactly one suspicious commit message.</p>\n<p><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 960px; \"\n    >\n      <a\n    class=\"gatsby-resp-image-link\"\n    href=\"/static/d570944b54180ae904b3ae8fb99af302/8740f/image-20231205235959885.png\"\n    style=\"display: block\"\n    target=\"_blank\"\n    rel=\"noopener\"\n  >\n    <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 8.333333333333332%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAACCAYAAABYBvyLAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAXklEQVQI12NwV7X576Xp8N9byxGMPTXsIVjdDsh3+G8rZfTfmE/9v6mAJhLWQuGb8ENoM0Gt/wyOcmb/QdhB1hSMQWwnBQs4G0aDsDNQHEwrWsDFnOTN4WpclKz+AwCWnD5XqvU49QAAAABJRU5ErkJggg=='); background-size: cover; display: block;\"\n  ></span>\n  <picture>\n          <source\n              srcset=\"/static/d570944b54180ae904b3ae8fb99af302/8ac56/image-20231205235959885.webp 240w,\n/static/d570944b54180ae904b3ae8fb99af302/d3be9/image-20231205235959885.webp 480w,\n/static/d570944b54180ae904b3ae8fb99af302/e46b2/image-20231205235959885.webp 960w,\n/static/d570944b54180ae904b3ae8fb99af302/3fe5f/image-20231205235959885.webp 1106w\"\n              sizes=\"(max-width: 960px) 100vw, 960px\"\n              type=\"image/webp\"\n            />\n          <source\n            srcset=\"/static/d570944b54180ae904b3ae8fb99af302/8ff5a/image-20231205235959885.png 240w,\n/static/d570944b54180ae904b3ae8fb99af302/e85cb/image-20231205235959885.png 480w,\n/static/d570944b54180ae904b3ae8fb99af302/d9199/image-20231205235959885.png 960w,\n/static/d570944b54180ae904b3ae8fb99af302/8740f/image-20231205235959885.png 1106w\"\n            sizes=\"(max-width: 960px) 100vw, 960px\"\n            type=\"image/png\"\n          />\n          <img\n            class=\"gatsby-resp-image-image\"\n            src=\"/static/d570944b54180ae904b3ae8fb99af302/d9199/image-20231205235959885.png\"\n            alt=\"image-20231205235959885\"\n            title=\"image-20231205235959885\"\n            loading=\"lazy\"\n            style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n          />\n        </picture>\n  </a>\n    </span></p>\n<p>Investigating this commit revealed that a Base64-encoded flag had been embedded in <code class=\"language-text\">password</code>.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ <span class=\"token function\">git</span> --no-pager show c7ac66f\ncommit c7ac66fbd99c8850706c99b27475222f8dfe3d29\nAuthor: MrLadas <span class=\"token operator\">&lt;</span><span class=\"token number\">97653268</span>+MrLadas@users.noreply.github.com<span class=\"token operator\">></span>\nDate:   Tue Nov <span class=\"token number\">21</span> <span class=\"token number\">23</span>:28:37 <span class=\"token number\">2023</span> +0000\n\n    jqnljvtngtrtpqdkvccfpqyskwnayzgdhurvuwdkxjtcldzhjcksiaagimzdyoflpodbgzfimxumbouesdkivaolamntydqtmwwj\n\n<span class=\"token function\">diff</span> --git a/terraform.tfstate b/terraform.tfstate\nnew <span class=\"token function\">file</span> mode <span class=\"token number\">100644</span>\nindex 0000000<span class=\"token punctuation\">..</span>955de90\n--- /dev/null\n+++ b/terraform.tfstate\n@@ -0,0 +1,103 @@\n+<span class=\"token punctuation\">{</span>\n+  <span class=\"token string\">\"version\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">4</span>,\n+  <span class=\"token string\">\"terraform_version\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"1.6.4\"</span>,\n+  <span class=\"token string\">\"serial\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">3</span>,\n+  <span class=\"token string\">\"lineage\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"0d21a79d-34f7-89e7-57f4-9266570147f4\"</span>,\n+  <span class=\"token string\">\"outputs\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">{</span><span class=\"token punctuation\">}</span>,\n+  <span class=\"token string\">\"resources\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span>\n+    <span class=\"token punctuation\">{</span>\n+      <span class=\"token string\">\"mode\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"managed\"</span>,\n+      <span class=\"token string\">\"type\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"droplet\"</span>,\n+      <span class=\"token string\">\"name\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"ctfd-dev-01\"</span>,\n+      <span class=\"token string\">\"provider\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"provider[<span class=\"token entity\" title=\"\\&quot;\">\\\"</span>registry.terraform.io/digitalocean/digitalocean<span class=\"token entity\" title=\"\\&quot;\">\\\"</span>]\"</span>,\n+      <span class=\"token string\">\"instances\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span>\n+        <span class=\"token punctuation\">{</span>\n+          <span class=\"token string\">\"schema_version\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">0</span>,\n+          <span class=\"token string\">\"attributes\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">{</span>\n+            <span class=\"token string\">\"arch\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"amd64\"</span>,\n+            <span class=\"token string\">\"bwlimit\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">0</span>,\n+            <span class=\"token string\">\"clone\"</span><span class=\"token builtin class-name\">:</span> null,\n+            <span class=\"token string\">\"clone_storage\"</span><span class=\"token builtin class-name\">:</span> null,\n+            <span class=\"token string\">\"cmode\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"tty\"</span>,\n+            <span class=\"token string\">\"console\"</span><span class=\"token builtin class-name\">:</span> true,\n+            <span class=\"token string\">\"cores\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">1</span>,\n+            <span class=\"token string\">\"cpulimit\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">0</span>,\n+            <span class=\"token string\">\"cpuunits\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">1024</span>,\n+            <span class=\"token string\">\"description\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"features\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span><span class=\"token punctuation\">]</span>,\n+            <span class=\"token string\">\"force\"</span><span class=\"token builtin class-name\">:</span> false,\n+            <span class=\"token string\">\"full\"</span><span class=\"token builtin class-name\">:</span> null,\n+            <span class=\"token string\">\"hagroup\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"hastate\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"hookscript\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"hostname\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"ctfd-dev-01\"</span>,\n+            <span class=\"token string\">\"id\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"aws/ctfd-dev-01\"</span>,\n+            <span class=\"token string\">\"ignore_unpack_errors\"</span><span class=\"token builtin class-name\">:</span> false,\n+            <span class=\"token string\">\"lock\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"memory\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">512</span>,\n+            <span class=\"token string\">\"mountpoint\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span><span class=\"token punctuation\">]</span>,\n+            <span class=\"token string\">\"nameserver\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"network\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span>\n+              <span class=\"token punctuation\">{</span>\n+                <span class=\"token string\">\"bridge\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"vmbr0\"</span>,\n+                <span class=\"token string\">\"firewall\"</span><span class=\"token builtin class-name\">:</span> true,\n+                <span class=\"token string\">\"gw\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"192.168.1.1\"</span>,\n+                <span class=\"token string\">\"gw6\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+                <span class=\"token string\">\"hwaddr\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"BC:24:11:15:79:0A\"</span>,\n+                <span class=\"token string\">\"ip\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"192.168.5.250/16\"</span>,\n+                <span class=\"token string\">\"ip6\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+                <span class=\"token string\">\"mtu\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">0</span>,\n+                <span class=\"token string\">\"name\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"eth0\"</span>,\n+                <span class=\"token string\">\"rate\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">0</span>,\n+                <span class=\"token string\">\"tag\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">0</span>,\n+                <span class=\"token string\">\"trunks\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+                <span class=\"token string\">\"type\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"veth\"</span>\n+              <span class=\"token punctuation\">}</span>\n+            <span class=\"token punctuation\">]</span>,\n+            <span class=\"token string\">\"onboot\"</span><span class=\"token builtin class-name\">:</span> true,\n+            <span class=\"token string\">\"ostemplate\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"ostype\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"ubuntu\"</span>,\n+            <span class=\"token string\">\"password\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"VFVDVEZ7NzNycjRmMHJtX1M3QTczLTF5XzUzY3IzNzV9Cg==\"</span>, // ZG9wX3YxXzA3ZmJjODgwY2YwNTNhOTE5Nzk4MDdkZmFhZjhhZDVjOTg4MGFiYWUxZjhkZjJjY2VjZTk2Njk0MmFmNDE0MDgK <span class=\"token operator\">&lt;</span> Change this before going <span class=\"token operator\">!</span>\n+            <span class=\"token string\">\"pool\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"Production\"</span>,\n+            <span class=\"token string\">\"protection\"</span><span class=\"token builtin class-name\">:</span> false,\n+            <span class=\"token string\">\"restore\"</span><span class=\"token builtin class-name\">:</span> false,\n+            <span class=\"token string\">\"rootfs\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span>\n+              <span class=\"token punctuation\">{</span>\n+                <span class=\"token string\">\"acl\"</span><span class=\"token builtin class-name\">:</span> false,\n+                <span class=\"token string\">\"quota\"</span><span class=\"token builtin class-name\">:</span> false,\n+                <span class=\"token string\">\"replicate\"</span><span class=\"token builtin class-name\">:</span> false,\n+                <span class=\"token string\">\"ro\"</span><span class=\"token builtin class-name\">:</span> false,\n+                <span class=\"token string\">\"shared\"</span><span class=\"token builtin class-name\">:</span> false,\n+                <span class=\"token string\">\"size\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"8G\"</span>,\n+                <span class=\"token string\">\"storage\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"do-block-storage\"</span>,\n+                <span class=\"token string\">\"volume\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"do-block-storage:ctfd-dev-01/rootfs\"</span>\n+              <span class=\"token punctuation\">}</span>\n+            <span class=\"token punctuation\">]</span>,\n+            <span class=\"token string\">\"searchdomain\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"ssh_public_keys\"</span><span class=\"token builtin class-name\">:</span> null,\n+            <span class=\"token string\">\"start\"</span><span class=\"token builtin class-name\">:</span> true,\n+            <span class=\"token string\">\"startup\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"swap\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">512</span>,\n+            <span class=\"token string\">\"tags\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"\"</span>,\n+            <span class=\"token string\">\"template\"</span><span class=\"token builtin class-name\">:</span> false,\n+            <span class=\"token string\">\"timeouts\"</span><span class=\"token builtin class-name\">:</span> null,\n+            <span class=\"token string\">\"tty\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token number\">2</span>,\n+            <span class=\"token string\">\"unique\"</span><span class=\"token builtin class-name\">:</span> false,\n+            <span class=\"token string\">\"unprivileged\"</span><span class=\"token builtin class-name\">:</span> true,\n+            <span class=\"token string\">\"unused\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span><span class=\"token punctuation\">]</span>\n+          <span class=\"token punctuation\">}</span>,\n+          <span class=\"token string\">\"sensitive_attributes\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token punctuation\">[</span>\n+            <span class=\"token punctuation\">[</span>\n+              <span class=\"token punctuation\">{</span>\n+                <span class=\"token string\">\"type\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"get_attr\"</span>,\n+                <span class=\"token string\">\"value\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"password\"</span>\n+              <span class=\"token punctuation\">}</span>\n+            <span class=\"token punctuation\">]</span>\n+          <span class=\"token punctuation\">]</span>,\n+          <span class=\"token string\">\"private\"</span><span class=\"token builtin class-name\">:</span> <span class=\"token string\">\"sdkawewgfjfakqpwoqpretwenfwejweahwhuqhewdfhewf\"</span>\n+        <span class=\"token punctuation\">}</span>\n+      <span class=\"token punctuation\">]</span>\n+    <span class=\"token punctuation\">}</span>\n+  <span class=\"token punctuation\">]</span>,\n+  <span class=\"token string\">\"check_results\"</span><span class=\"token builtin class-name\">:</span> null\n+<span class=\"token punctuation\">}</span></code></pre></div>\n<p>Decoding it gives the flag.</p>\n<div class=\"gatsby-highlight\" data-language=\"bash\"><pre class=\"language-bash\"><code class=\"language-bash\">$ <span class=\"token builtin class-name\">echo</span> <span class=\"token assign-left variable\">VFVDVEZ7NzNycjRmMHJtX1M3QTczLTF5XzUzY3IzNzV9Cg</span><span class=\"token operator\">==</span> <span class=\"token operator\">|</span> base64 -d\nTUCTF<span class=\"token punctuation\">{</span>73rr4f0rm_S7A73-1y_53cr375<span class=\"token punctuation\">}</span></code></pre></div>\n<h2 id=\"table-encryptioncrypto\" style=\"position:relative;\"><a href=\"#table-encryptioncrypto\" aria-label=\"table encryptioncrypto permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Table Encryption(Crypto)</h2>\n<blockquote>\n<p>You can’t crack my file! I am the exclusive owner of the encryption key!</p>\n</blockquote>\n<p>The challenge binary was an encrypted binary file named <code class=\"language-text\">table_encryption.xml.enc</code>.</p>\n<p>There were no hints besides the filename, so I started by XORing it with the XML prologue, which allowed me to recover the original key.</p>","fields":{"slug":"/ctf-tuctf-2023-en","tagSlugs":["/tag/ctf-en/","/tag/rev-en/","/tag/crypto-en/","/tag/forensic-en/","/tag/english/"]},"frontmatter":{"date":"2023-12-06","description":"This is a writeup for TUCTF CTF 2023.","tags":["CTF (en)","Rev (en)","Crypto (en)","Forensic (en)","English"],"title":"TUCTF CTF 2023 Writeup","socialImage":{"publicURL":"/static/4198cdd6d79c44b9052ca79e232272eb/ctf-tuctf-2023.png"}}}},"pageContext":{"slug":"/ctf-tuctf-2023-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}