Writeup for Bendy from houseplant ctf
Challenge Name :Bendy
50 Points
Description:
I see you’ve found my straw collection…(this is the last excessive for loop one i swear)
Dev: Sri
Story:
Same as the above story but this time it was dinner.BUT THIS WOAS HELL
I WAS TRYING TO GET 3 MORE CHARACTERS WHICH WERE NOT GIVEN IN THE CHALL AND MY TEAM MATES AND MY MOM :P HELPED .
The first two characters and an o in the middle which was not updated at the first. 😢
BUT THEN AFTER I CONTACTED THE ADMINS {AFTER SUBMITTING THE FLAG} THEY JUST SAID: SORRY THERE IS A ERROR IN THE FILE WE WILL FIX AND UPLOAD IT 😱 😱 😱 .
I will Split the code and explain.
FILE:
import java.util.*;
public class bendy
{
public static void main(String args[]) {
Scanner scanner = new Scanner(System.in);
System.out.print("Enter flag: ");
String userInput = scanner.next();
String input = userInput.substring("rtcp{".length(),userInput.length()-1);
if (check(input)) {
System.out.println("Access granted.");
} else {
System.out.println("Access denied!");
}
}This part of the code is the input and send the flag (removing the “rtcp{“ and “}”). Then the flag is passed to a function called check and the return value tells weather the flag is correct or wrong
public static boolean check(String input){
boolean h = false;
String flag = "r34l_g4m3rs_eXclus1v3";
String theflag = "";
int i = 0;
if(input.length() != flag.length()){
return false;
}
if(!input.substring(0,2).equals("h0")){
return false;
}
if(input.charAt(7) != 'u'){
return false;
}The len of the flag is equal to 21 and the first two characters are ‘ho’ and the 8th character (but index 7) is ‘u’,the flag variable is the key here
for(i = 0; i < flag.length()-14; i++){
theflag += (char)((int)(flag.charAt(i)) + (int)(input.charAt(i+8)));
}The input and the key chars are begin added by their ordinal value and stored as char in theflag variable, but this is done for chars in index 0 to 6 in key and chars in index 8 to 14 in the input
for(i = 10; i < flag.length()-6; i++){
theflag += (char)((int)(flag.charAt(i)) + (int)(input.charAt(i-8)));
}again the input and the key chars are begin added by their ordinal value and stored as char in theflag variable, but this is done for chars in index 10 to 15 in key and chars in index 2 to 6 in the input
for(; i < flag.length(); i++){
theflag += (char)((int)(flag.charAt(i-3)) + (int)(input.charAt(i)));
}the value of i here is 15 as it was assign by the previous for loop.
again the input and the key chars are begin added by their ordinal value and stored as char in theflag variable, but this is done for chars in index 12 to 17 in key and chars in index 15 to 20 in the input,.
String[] flags = theflag.split("");
for(i=0; i < (int)((flags.length)/2); i++){
flags[i] = Character.toString((char)((int)(flags[i].charAt(0)) + 20));
}
theflag = theflag.substring(flags.length/2);
for(int k = 0; k < ((flags.length)/2); k++){
theflag += flags[k];
}
return theflag.equals("ÄÑÓ¿ÂÒêáøz§è§ñy÷¦");
}
}first the first half of theflag variable value if again shifted by 20 and theflag variable changed into theflag={secondhalf}+{firsthalf}.
so we have to first split the into half and then solve.
Solution:
key=”r34l_g4m3rs_eXclus1v3"
flag_given=’ÄÑÓ¿ÂÒêáøz§è§ñy÷¦’l1=flag_given[9:]
l2=flag_given[:9]
l1=’’.join([chr(ord(x)-20) for x in l1])
print(‘rtcp{h0’,end=’’)
for i in range(2):
print(chr(ord(l1[7+i])-ord(key[10+i])),end=’’)# p3for i in range(3):
print(chr(ord(l2[i])-ord(key[12+i])),end=’’)# _y0
print(‘u’,end=’’)
for i in range(7):
print(chr(ord(l1[i])-ord(key[i])),end=’’)
# r3_h4v1
for i in range(6):
print(chr(ord(l2[3+i])-ord(key[12+i])),end=’’)# ng_fun
print('}')
FLAG:
rtcp{h0p3_y0ur3_h4v1ng_fun}
