REVERSING
- formatting
this is a ELF 64-bit executable
[d1vy@manjaro ~]$ file formatting
formatting: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=bd9f51c1f1535b269a0707054009063f984f6738, for GNU/Linux 3.2.0, not stripped
[d1vy@manjaro ~]$ ./formatting
haha its not that easy}The ‘strings’ command doesn’t reveal anything important. ‘ltrace’ though, gives us something to look forward to.
[d1vy@manjaro ~]$ ltrace ./formatting
sprintf("d1d_You_Just_ltrace_296faa2990ac"..., "%s%02x%02x%02x%02x%02x%02x%02x%0"..., "d1d_You_Just_ltrace_", 0x29, 0x6f, 0xaa, 0x29, 0x90, 0xac, 0xbc, 0x36) = 37
puts("haha its not that easy}"haha its not that easy}
) = 24
+++ exited (status 0) +++This is solved then via GDB. I set the breakpoint at the sprintf function and executing the next instruction stored the flag in the stack.
Flag- DUCTF{d1d_You_Just_ltrace_296faa2990ac}
CRYPTOGRAPHY
- rot-i
The flag format is ‘DUCTF{…}’, so ‘IAJBO{ndldie_al_aqk_jjrnsxee}’ seems to be the encoded flag. The chars ‘I’, ‘A’, ‘J’ need to under rot-21, rot-20 and so on in a decreasing order to get decoded. So we write a python script to do it .
def rot_encode(n):
from string import ascii_lowercase as lc, ascii_uppercase as uc
lookup = str.maketrans(lc + uc, lc[n:] + lc[:n] + uc[n:] + uc[:n])
return lambda s: s.translate(lookup)
s = 'IAJBO{ndldie_al_aqk_jjrnsxee}'
k=21for i in s:
print(rot_encode(k)(i))
k=k-1
Flag- DUCTF{crypto_is_fun_kjqlptzy}
2. baby-RSA
One needs to know the rsa algorithm to solve this. We find the factors of ’n’ from http://factordb.com/ . So with ‘p’ and ‘q’ found, a little python is needed. I wrote a python script using Crypto.Util lib.
from Crypto.Util.number import *n = int(input("ENTER n : "))
e = int(input("ENTER e : "))
c = int(input("ENTER c : "))print("Find out p and q from factordb")p = int(input("ENTER P : "))
q = int(input("ENTER q : "))phi = (p-1)*(q-1)d = inverse(e,phi)m=pow(c,d,n)print("The message is :")
print(m)
print("-"*69)
print("The message after long_to_bytes is :")
print(long_to_bytes(m))
Flag- DUCTF{e4sy_RSA_ch4ll_t0_g3t_st4rt3d}
FORENSICS
- On the spectrum
uploaded the .wav file here https://morsecode.world/international/decoder/audio-decoder-adaptive.html and analysis reveals the flag
Flag- DUCTF{m4by3_n0t_s0_h1dd3n}
MISC
- 16 Home Run — just base 64 the encoded message
RFVDVEZ7MTZfaDBtM19ydW41X20zNG41X3J1bm4xbjZfcDQ1N182NF9iNDUzNX0Flag- DUCTF{16_h0m3_run5_m34n5_runn1n6_p457_64_b4535}
2. Addition
Playing around a bit tells us that it can do almost any python operation.
In python, __file__ denotes the path of the file currently being run. So we input open(__file__,’r’).read() to see the source code and the flag appears.
Flag- DUCTF{3v4L_1s_D4ng3r0u5}
