[SECT2019] — Writeup
Writeup for SECT CTF 2019 by Nicholas.
I’m going to explain my writeup for some challenges that I have done in this year SECT CTF 2019.
Crypto: Trivial RSA — 359 point
On this challenge, we were given a file called challenge.txt that contains some information about how they encrypt the message.
So from the challenge, we were given e, n1, n2, a ≅(p1-p2) % (q1-q2), and b ≅(q1-q2)%(p1–p2). I try to use factordb for n1 and n2, but we couldn’t find it factor. So obviously, we need to use the given information equation, juggling some algebra (it is the challenge description), and found the factor.
After examining the given equations, we could conclude that if (p1-p2) is smaller than (q1-q2), it means that a = (p1-p2), and if (q1-q2) is smaller than (p1-p2), it means that b = (q1-q2). So right now, we already have three equations with 4 unknown variable, and in order to solve the linear equations, we need at least four equations.
In order to solve this challenge, we need to do a little bit brute-force to get the fourth equation. We don’t know which one is smaller, (p1-p2) or (q1-q2), so let just make an assumption first.
Let assume that (p1-p2) is smaller. That means b ≅(q1-q2)%(p1–p2) is equal to b+ k(p1-p2) = (q1-q2). We don’t know the value of k, so we need to bruteforce the k. That means we have the fourth linear equation, and we could use sage to solve our linear systems and find the solution. If the returned solution is integer, that means we have the correct k and we got the factor of n1 and n2 :D.
Here is my script on solving this challenge.
Here is the result:
Flag: SECT{ju99lin_w1d_d3m_alg3br0s}
Forensics: mycat — 169 point
On this challenge, we were given a file called mycat which is a pdf file. Checking it using the pdf-parser, we found that there is an embedded file inside the pdf.
We could use binwalk to extract the embedded file
After that, examining every file on the extracted result, we found a file that is a PDF File. Using the pdftotext command, we found the flag!
Flag: SECT{3mb3dd3d_f1l3s_c0uld_b3_tr1cky}
Forensics: diagram — 197 point
On this challenge, we were given a RTF file. Try to open it on MS Word, turn out it is a line chart with every points is the ASCII Value of the flag. But it is hard to determine the point value because the axis is shown every 20.
My approach is I make a similar chart with the same size, so that I could replicate the correct point. After I got all the points, just convert it to char and you will get the flag.
Flag: SECT{4ndr0ids_sh0uld_b3_n1ce}
Pwn: baby0x02 — 305 point
On this challenge, we were given a service that could do Read and Write function. I don’t know if the challenge is broken or not, but I just need to try read the flag file and the service will return the flag. Here is the screenshot of my approach:
Flag: SECT{7H3_anDr01ds_haV3_beC0m3_pr0C_s3lF_AwArE}
Words from Author
The SECT CTF problems is very good. I hope that SECT CTF will continue this quality for the next year CTF.