Houseplant CTF

Info

Team Name : ZH3R0

Rank :

Points :

Player Name :Whit3_D3vi1

EXPERIENCE:

This is one of the best of best CTF’s ever played my team members also felt the same as it had a perfect ctf challenges alined from easy to hard.

Except the first challenge all others are reversing engineering the codes.

As I had already participated Crytohack CTF solving the challenges was a bit easy .

Wait… i was kidding they were’nt easy.

Challenge Name : Beginner 5

25 Points

Description:

beep boop

— .- -. -. — .. — .- -… . . . — . … .. — .- .- -. -.. .. — .- -… — — — — . — . …

Remember to wrap the flag in the flag format rtcp{something}

Story:

This was a easy one which i solved in my phone in early morning 😜
It’s a simple morse code.

. — …. -. — . — — — ..- .-.. -.. -. — — — ..- . …- . -. -.-. — — -. …- . .-. — — …. .. …

Solution:

Replace the # with _

FLAG:

rtcp{MANY_BEEPS_AND_BOOPS}

Challenge Name : SQUEEZY

50 Points

Description:

Ok this time, you aren’t getting anywhere near anything.

Dev: William

pass3.py

Story:

This was the first rev chall i tired and it was a basic reversing so i could do it fast. It’s a basic chall in which the input flag is checked and compared to a string ,so i reversed engineered the code with the comparing flag. AND got the FLAG.

FILE:

import base64
def checkpass():
 userinput = input(“Enter the password: “)
 key = “meownyameownyameownyameownyameownya”
 a = woah(key,userinput)
 b = str.encode(a)
 result = base64.b64encode(b, altchars=None)
 if result == b’HxEMBxUAURg6I0QILT4UVRolMQFRHzokRBcmAygNXhkqWBw=’:
     return True
 else:
     return False
def main():
 access = checkpass()
 if access == True:
    print(“Unlocked. The flag is the password.”)print(“pwease let me do my nya~ next time!!”)
    exit()
 else:
     print(“Incorrect password!”)
     print(“sowwy but now you gunnu have to listen to me spweak in cat giwrl speak uwu~”)
     catmain()
def catmain():
 access = catcheckpass()
 if access == True:
     print(“s-senpai… i unwocked it fowr you.. uwu~”)
     print(“t-the fwlag is… the password.. nya!”)
     exit()
 else:
     print(“sowwy but that wasnt quite rwight nya~… pwease twy again”)
     catmain()
def catcheckpass():
 userinput = input(“pwease enter youwr password… uwu~ nya!!: “)
 key = “meownyameownyameownyameownyameownya”
 a = woah(key,userinput)
 b = str.encode(a)
 result = base64.b64encode(b, altchars=None)
 if result == b’HxEMBxUAURg6I0QILT4UVRolMQFRHzokRBcmAygNXhkqWBw=’:
     return True
 else:
     return False
def woah(s1,s2):
     return ‘’.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))
access = False
main()

Solution:

import base64
b=b’HxEMBxUAURg6I0QILT4UVRolMQFRHzokRBcmAygNXhkqWBw=’
a=base64.b64decode(b,altchars=None).decode()
key = “meownyameownyameownyameownyameownya”
def woah(s1,s2):
   return ‘’.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))
print(woah(key,a))

FLAG:

rtcp{y0u_L3fT_y0uR_x0r_K3y_bEh1nD!}

Challenge Name :Fragile

50 Points

Description:

Can you help me move my stuff? This one’s fragile!

Dev: Sri

fragile.java

Story:

I have never learnt Java so when ever i analysis those codes by relating the syntax to c and cpp as their are similar and if a statement is different I GOOGLE it.
Similar to most of the reversing challenges this chall also had a input checker and compared to a final string.

PS: GOOGLE is your best friend.

FILE:

import java.util.*;
public class fragile
{
 public static void main(String args[]) {
 Scanner scanner = new Scanner(System.in);
 System.out.print(“Enter flag: “);
 String userInput = scanner.next();
 String input = userInput.substring(“rtcp{“.length(),userInput.length()-1);
 if (check(input)) {
 System.out.println(“Access granted.”);
 } else {
 System.out.println(“Access denied!”);
 }
 }
 public static boolean check(String input){
 boolean h = false;
 String flag = “h1_th3r3_1ts_m3”;
 String theflag = “”;
 if(input.length() != flag.length()){
 return false;
 }
 for(int i = 0; i < flag.length(); i++){
 theflag += (char)((int)(flag.charAt(i)) + (int)(input.charAt(i)));
 }
 return theflag.equals(“ÐdØә§å’ÍaèÒÁ¡— “);
 }
}

Solution:

flag_given=’ÐdØә§å’ÍaèÒÁ¡—’
key=’h1_th3r3_1ts_m3'

final_flag=’’

for i in range(len(key)):
    final_flag+=chr(ord(flag_given[i])-ord(key[i]))
 
print(‘rtcp{‘+final_flag+’}’)

FLAG:

rtcp{h3y_1ts_n0t_b4d}

Challenge Name :Breakable

50 Points

Description:

Okay…this one’s better, but still be careful!

Dev: Sri

breakable.java

Story:

First read the code and then had lunch. With the food in stomach my brain worked twice the speed towards the wrong as I mistook a statement.
but yes slow and steady wins the race. :)
Analysing the for loop statements and the indexing was most important.

FILE:

import java.util.*;
public class breakable
{
 public static void main(String args[]) {
 Scanner scanner = new Scanner(System.in);
 System.out.print(“Enter flag: “);
 String userInput = scanner.next();
 String input = userInput.substring(“rtcp{“.length(),userInput.length()-1);
 if (check(input)) {
 System.out.println(“Access granted.”);
 } else {
 System.out.println(“Access denied!”);
 }
 }
 
 public static boolean check(String input){
 boolean h = false;
 String flag = “k33p_1t_in_pl41n”;
 String theflag = “”;
 int i = 0;
 if(input.length() != flag.length()){
 return false;
 }
 for(i = 0; i < flag.length()-2; i++){
 theflag += (char)((int)(flag.charAt(i)) + (int)(input.charAt(i+2)));
 }
 for(i = 2; i < flag.length(); i++){
 theflag += (char)((int)(flag.charAt(i)) + (int)(input.charAt(i-2)));
 }
 String[] flags = theflag.split(“”);
 for(; i < (int)((flags.length)/2); i++){
 flags[i] = Character.toString((char)((int)(flags[i].charAt(0)) + 20));
 }
 return theflag.equals(“Ғdݾ¤¤¾ÙàåГcÝƐ¥ÌÈáÏܦaã”);
 }
}

Solution:

flag=’Ғdݾ¤¤¾ÙàåГcÝƐ¥ÌÈáÏܦaã’
key=’k33p_1t_in_pl41n’
l1=flag[14:]
l2=flag[:14]
res1=’’
for i in range(14):
 res1+=chr(ord(l1[i])-ord(key[i+2]))
res2=’’
for i in range(14):
 res2+=chr(ord(l2[i])-ord(key[i]))
print(‘rtcp{‘+res1+res2[-2:]+’}’)

FLAG:

rtcp{0mg_1m_s0_pr0ud_}

Challenge Name :thedanzman

50 Points

Description:

Fine. I made it even harder. It is now no longer “ez”, “pz”, “lemon” or “squeezy”.
You will never get the flag this time.

Dev: William

Hint! This should be no problem if you look at the previous ones.

pass4.py

Story:

Yes again slow and steady wins race because most of the went in analysing,
which should happen and that only happened so, 😜got the flag after Lunch.

The real tricky part of this challenge was that after the flag is Xored and then converted to base64 they have converted it into string so :
After encoding the string will be in bytes ie. b’BASE64==’
after converting to str it : “b’BASE64=’ ”
so we have to remove the first two and late characters 👅.

FILE:

import base64
import codecs
def checkpass():
   userinput = input(“Enter the password: “)
   key = “nyameowpurrpurrnyanyapurrpurrnyanya”
   key = codecs.encode(key, “rot_13”)
   a = nope(key,userinput)
   b = str.encode(a)
   c = base64.b64encode(b, altchars=None)
   c = str(c)
   d = codecs.encode(c, ‘rot_13’)
   result = wow(d)
   if result == “‘=ZkXipjPiLIXRpIYTpQHpjSQkxIIFbQCK1FR3DuJZxtPAtkR’o”:
       return True
   else:
       return False
def main():
 access = checkpass()
 if access == True:
   print(“Unlocked. The flag is the password.”)
   print(“pwease let me do my nya~ next time!!”)
   exit()
 else:
   print(“Incorrect password!”)
   print(“sowwy but now you gunnu have to listen to me spweak in cat giwrl speak uwu~”)
   catmain()
def catmain():
 access = catcheckpass()
 if access == True:
   print(“s-senpai… i unwocked it fowr you.. uwu~”)
   print(“t-the fwlag is… the password.. nya!”)
   exit()
 else:
   print(“sowwy but that wasnt quite rwight nya~… pwease twy again”)
   catmain()
def catcheckpass():
 userinput = input(“pwease enter youwr password… uwu~ nya!!: “)
 key = “nyameowpurrpurrnyanyapurrpurrnyanya”
 key = codecs.encode(key, “rot_13”)
 a = nope(key,userinput)
 b = str.encode(a)
 c = base64.b64encode(b, altchars=None)
 c = str(c)
 d = codecs.encode(c, ‘rot_13’)
 result = wow(d)
 if result == “‘=ZkXipjPiLIXRpIYTpQHpjSQkxIIFbQCK1FR3DuJZxtPAtkR’o”:
   return True
 else:
   return False
def nope(s1,s2):
   return ‘’.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))
def wow(x):
   return x[::-1]
access = False
main()

Solution:

import codecs
import base64
res=”’=ZkXipjPiLIXRpIYTpQHpjSQkxIIFbQCK1FR3DuJZxtPAtkR’o”
res=res[::-1]
res=codecs.decode(res,’rot_13')
res=res[2:len(res)-1]
res=base64.b64decode(res,altchars=None)
print(res)
res=res.decode()
key = “nyameowpurrpurrnyanyapurrpurrnyanya”
key = codecs.encode(key,’rot_13')
def nope(s1,s2):
 return ‘’.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2))
res=nope(res,key)
print(res)

FLAG:

rtcp{n0w_tH4T_w45_m0r3_cH4lL3NgiNG}