SECCON2013 関西大会 writeup

次の問題に対してコメントしています。

  • javascript quiz
    • (例) x == 1000のxに入る3byteを答えよ
      • 1E3 == 1000
    • '1' + '1' == 11
  • simple substitution cipher
    • telnetで接続すると換字された3行が表示され、10秒以内にaが何に換字されているのかを10回連続答える
    • 間違えた時に換字前の文章が表示されるのがミソ
    • 換字テーブルは大文字小文字共通: a=>b == A=>B
'simple substitution cipher' challenge for SECCON 2013.
by KeigoYAMAZAKI, 2013.11.06-

*** challenge 1 (of 10)
Xjktxag kmj kbkyf ateqjx bh tarbewxjggjn qpkjg btkwtk hxbe dahfykj.
Pjg. Odw64 yffbvg kmdg. Gjj wxjzdbtg utjgkdba.
Kmj htarkdbayf dakjxhyrj ajjng Wjxf5.005 bx qjkkjx.

[a]-> ? Wrong answer. 'y' is right.

plain text:
Returns the total number of uncompressed bytes output from inflate.
Yes. Zip64 allows this. See previous question.
The functional interface needs Perl5.005 or better.
    • 突破時のログ
'simple substitution cipher' challenge for SECCON 2013.
by KeigoYAMAZAKI, 2013.11.06-

*** challenge 1 (of 10)
Xqb kooumuaj qkyb ko xquf idkpbmx kv xqb lbz.
Xqb oudfx tajnb uv xqb addah ($oujb) uf xqb vayb ko a oujb xk kibv.
Xqb okjjkluvc ykwnjbf idktuwb taduknf onvmxukvf avw wbouvuxukvf.

[a]-> ? a
Good job!

*** challenge 2 (of 10)
Wfyn ksvhauzwjwysz yn ajyzwjyzuk jn ejgw sp wfu eskrjwsgn kynwgybhwysz.
Wfu ksvhauzw xyrr zsw bu wgjznpugguk hzrunn yw fjn buuz hekjwuk.
Wfjzmn ws Osn Y. Bshajzn psg nhccunwyzc wfyn askhru ws bu xgywwuz.

[a]-> ? j
Good job!

*** challenge 3 (of 10)
Owik Omeyn Bwsxgvyne Jngpgxgo (pejy 0a88XX).
Dgpt owiy mib wiowiy xgccyips mny sujjgnpyb.
Pty yipne cmpxtys wq mp oymsp giy gq pty vmouys wi pty mnnme cmpxtys.

[a]-> ? m
Good job!

*** challenge 4 (of 10)
Pzkqpbm g uttjzgb kt nbinsgkz hczkczp kcz sqppzbk tuwzsk cgm stbkzbk.
Fzpj stpz inmkpnuqkntb gm tv 5.6.0.
Vtp tkczp nmmqzm, stbkgsk kcz ygnbkgnbzp.

[a]-> ? g
Good job!

*** challenge 5 (of 10)
Ji sclrlm cuitwzt mwtkmis thw ikeowm ud witmjws.
Ruts ud thjs guckewitltjui js gkxrjcltwg dmue Xug::Eli.
Cugw 0. Iumelr muktwm lgnwmtjswewit. Ji Euojrw JX: Euojrjta lywit cli lct ls l m
uktwm dum JX gltlymles iut mwrltwg tu euojrw iugws.

[a]-> ? l
Good job!

*** challenge 6 (of 10)
Ywqb 8. Rwuzyb Nwri Krweaibq. Xwi urbq.
Iahbr a ekri wt tkebxavbr axq aqqr inbv iw inb kx-vbvwzo azynkfb.
Bxamekxd inkr aiizkmuib pzwfkqbr ywvpaikmkekio gkin inkr mbnafkwuz.

[a]-> ? a
Good job!

*** challenge 7 (of 10)
Tqs c vduqj sdnqahs vaf lammqlsdam cssqnyst.
Cjjfqtt Fqtaxhsdam Yfasalax (sryq 0u0806).
Cxx qffaf fqyafsdmp dt jamq gdsz qulqysdamt (jdq'dmp).

[a]-> ? c
Good job!

*** challenge 8 (of 10)
Iz Mgya ir omyhup kw toprr knp WR wz y gyfnimp, ymv fwmvikiwmr yep twwv (p.t. yk
 upyrk wmp wapm awek ymv wmp fuwrpv awek lpep zwomv), Mgya liuu aewbivp y OEU cw
o fym orp kw rohgik knp zimtpeaeimk iz cwo dmwl (zwe roep) knp WR eommimt wm knp
 gyfnimp. Hc vwimt knir cwo fwmkeihokp kw knp awwu wz wapeykimt rcrkpgr dmwlm kw
 Mgya ymv knor ik liuu hp gwep yffoeykp zwe pbpecwmp.
Knyk gpymr knp omifwvp nymvuimt ir mwk ybyiuyhup.
Ykkpgakimt kw imnpeik zewg cwoerpuz tpmpeykpr y lyemimt.

[a]-> ? y
Good job!

*** challenge 9 (of 10)
Fyed aziouzd fyz azwjeazizcf goa b teuzc iorjkz gaoi fyz ospzvf.
Fyed azgzad fo b azjdbskz kesabah og vorz vocfbeczr ec b dectkz gekz.
Fyz azwjzdf qbd djvvzddgjkkh azvzeuzr, jcrzadfoor oa bvvzlfzr.

[a]-> ? b
Good job!

*** challenge 10 (of 10)
Ybhbef::Manms xf b onqnhxm xqydc ybhfxqo/manmsxqo enmabqxfe.
Txfcnq kph mpqqnmcxpqf pq CMY yphc 8080.
Chdn xk hnfypqfn mpjn xqjxmbcnj b fdmmnffkdt hnudnfc.

[a]-> ? b
Good job!

Congratulations! The flag is '*************************'
    • 収集
curl "http://10.0.2.6:65438" >> se.txt
    • ゴミ取り
$flag = 0;

while(<STDIN>){
    print if $flag == 1;
    chomp;
    if($_ =~ /^plain text:/){
        $flag=1;
    }
    if($_ eq ""){
        $flag = 0;
    }
}
    • 'a'検索
my @db;
my $flag = 0;

open DBFILE, "< se2.txt";
@db = <DBFILE>;
close DBFILE;

# print @db;


while(<STDIN>){
    chomp;
$test = "Vuc gskigtg aiwc qe sn ckvhs eicbl 65535 mrvca.";
    $test = $_;
@testword = split/ /, $test;
foreach my $dbstr (@db){u
    $flag = 0;
    @dbword =  split/ /, $dbstr;
    next unless( @testword+0 == @dbword+0);
    # print "stage1: ",  $dbstr, "\n";

    for($i = 0; $i<@testword-1; $i++){
        # print $testword[$i], " ", $dbword[$i], "\n";
        # print length($testword[$i]), " ", length($dbword[$i]), "\n";
        unless(length($testword[$i]) == length($dbword[$i])){
            $flag = -1;
            last;
        }
    }
    next unless $flag == 0;
    # print "stage2: ", $dbstr, "\n";

    for(my $i=0; $i<length($dbstr); $i++){
        my $ch = substr($dbstr, $i, 1);
        if($ch eq "a" || $ch eq "A"){
            print "stage3: ", substr($test, $i, 1), "\n";
        }
    }
}


}
    • challenge
      • 783KB (諸々含めて17250行) 収集
      • ゴミ取りして298KB
      • あとは提示される3行をコピペして、出てくる文字を打ち込むだけの簡単なお仕事
  • R@kutenCTF
    • {2..7}個の不要なメルマガのチェックを{10,8,6,4,2,1}秒以内に外すお仕事
    • KMmacroにお世話になりました