Reverse

Me= Ur_frnd

For this task, we got a file “share_plz.pyc”.

By using pycdc, we can get the code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35


import md5
md5s = [
    0x6886E0D29007CA152880B30D73CA2ADCL,
    0xE298FEFB7E2F17E7EC4BDB1F491B871CL,
    0x56EAD72536C569C0B4B275F0D6C394B5L,
    0x90263563551288D60CE0DFB9A73D37B3L,
    0xC5AC17D81BFD20D8EC4EC09E7D5D5AE3L,
    0x38D11D05E9168320B911BE4375CE2159L,
    0xE668EA8A6E7D0687D2DB728FFBD3C8C2L,
    0x3D7978850E30E9CEEF58DD50ECD1E199L,
    0x620FE38F78A29A3BC51E11A35AAA2C2EL,
    0xC951EF807C0B0D740B067DE83347D4A4L,
    0xEBA6551EE6E5E76B4C6A98D46B446564L]
print 'Tell me something you know ...'
flag = raw_input("I'd prefer the flag: ")
if 'CTF' in flag:
    if len(flag) > 69:
        print "That's not the flag."
        exit()
    if len(flag) % 4 != 0:
        print "That's not the flag."
        exit()
    for i in range(0, len(flag), 4):
        s = flag[i:i + 4]
        if int('0x' + md5.new(s).hexdigest(), 16) != md5s[i / 4]:
            print "That's not the flag."
            exit()
            continue
    if md5.new(str(len(flag))).hexdigest() == 'f7177163c833dff4b38fc8d2872f1ec6':
        print 'Nice. Now submit the flag and get those points.'
    else:
        print "That's not the flag."
else:
    print 'Thanks for sharing. <3'
note = 'Comment this and any line(s), if exist, following this note.'

From the code, it is clear that the length of the flag is 44 because the md5 of 44 in hex is f7177163c833dff4b38fc8d2872f1ec6.
In the for loop, it divides the flag into eleven fragments, and see if md5 of each fragment in hex is the same as the elements in the list md5s.

By decrypting the values in the list md5s with md5, we can get the flag BITSCTF{unc0mpyl3_kn0w5_wh47_1_wr073_s0_s4d}.

Steganography

Random

We got an image manandthesea.jpg.

Local Picture

With binwalk, we can see that there is a compressed image random.png in manandthesea.jpg.

1
2
3
4
5
6
7
8
9


~ binwalk manandthesea.jpg

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             JPEG image data, EXIF standard
12            0xC             TIFF image data, little-endian offset of first image directory: 8
270           0x10E           Unix path: /www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http
98468         0x180A4         Zip archive data, encrypted at least v2.0 to extract, compressed size: 14183, uncompressed size: 17108, name: random.png
112815        0x1B8AF         End of Zip archive

And by executing foremost manandthesea.jpg, we can recover a zip file called 00000192.zip from manandthesea.jpg.

However, there’s a password protecting it from being unzipping.

1
2
3


~ fcrackzip -b -c 'aA1!' -u -l 1-6 00000192.zip

PASSWORD FOUND!!!!: pw == RH4

With fcrackzip, we get the password RH4.

When we unzip the zip archive, we get random.png, which is an image showing the flag.

Local Picture

BITSCTF 2019

Contents

Reverse

Me= Ur_frnd

Steganography

Random