Mini CTF Tests

Open the archive and see the long folder names. The last folder contains files, but without a password their contents are not available.
')
We write out the names of the folders:

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
2346ad27d7568ba9896f1b7da6b5991251debdf2
e3cbba8883fe746c6e35783c9404b4bc0c7ee9eb
bef21e9bfcf9fab0a5aebd46a735efe5434da96b
86f7e437faa5a7fce15d1ddcb9eaeaea377667b8

We drive the sequences into Google and quickly find out that this is sha1 from the words:

password
hash
1000
letters
a

Putting it all together, we assume that the password is a hash of 1000 letters 'a'. If sha1 was used for words, then we will try here - 291e9a6c66994949b57ba5e650361e98fc36b1ba. We extract the files, making sure that the password is correct.

Examining the files shows that they are all composed according to a roughly general principle: the name of the xt format + number, the contents of a couple of lines, where the first is a few letters and the second is a sequence of hexadecimal characters. It is rather uninteresting to consider hexadecimal sequences, since they contain 79 characters each (except for the file xt121785230414240585522142219912, where there are 58 of them) - this is definitely not hashes and not something encoded.

Since it is the same everywhere, and there is less in only one file, it can be assumed that all hex sequences must be combined, and the part that is smaller is simply the last part. It remains to understand the order. You could play with the names, but you won’t get anything interesting, but if you pay attention to the first lines of the files, you can find a pattern using the gaze.

Here, I will indicate some lines: he, li, n, o, ne, mg, si, ca, cu, zn, br, kr, ag ...

When they are near, it is much easier to recognize the designation of chemical elements in them. Open the periodic table and collect the hex sequence into one file (there are 53 files in total, this is the last part number with the i symbol, which corresponds to Yod, 53 elements).

The result is a PNG file with a green rectangle.

It is unlikely that the metadata is contained in the file in clear form, since we see all the bytes in the hex representation. Therefore, we will work with the image itself. You may notice (not with the eye, of course, but with tools) that more than one color is actually used. Use the fill and see the guide to the next step.

We hash sha1 all the file names and arrange them according to the order from the previous step.

696e7400b8a8c7da1c52e63550ddfdf8ae03be73
206d6100f4eb7c768890e8502db2bdeb81718301
696e2800f1c5c0df7676667ffca16856e808f9dd
297b69008e0d05b67df33c751da3c6f17a3fdb9d
6e742000bf96cea16e609731aa7397ac2b9f7b15
613d3400d2fedbf43ad7c43d678382d2ef83dde8
36303900b909f396c69c6d47ccb623cc83d5e2ea
313132007f6fdde9d3abad5545f44b2d2661b0be
3b696e0002582f22cab7aeaf730680b87780279a
74206200267e505a621cf264e303d3df63222fa7
3d343600ac031f166103b5319a273a867d5247ae
36393700d9e521b0e0d488b47fde51e5f5f9650d
37323b00bdf3caa241b2936f0355ad89e420389c
696e7400a1f9f8e62cd64c8e25d852e433bda80c
20633d009932d3b69b7a74296c7b75894bcddbc1
373639000ca31548a80fe28adf263bbe89f03069
33393400f56920f247d4d66798bb2c54e3db668c
373b6900222283ee79a5e7e3e79d55d4b159ffb1
6e742000fac60ac1f78aa90201e98b30a9c4adbc
643d3700b55bc0dda8bd748983716018b29fbd6f
38323300176db95a8aa4aaf1770346c353fd4753
32313400644e234a3899bd84e9f7d61a12bfecab
3b696e00654b4b7d8fb3b022777c6346342eba91
742065009720d2693f833788e69a6641e8de22f6
3d363800b1e40956ec8ca6a64013c8a651eff0f7
3435340008b5419f5139553c85b605009e3fb343
38393b004e5d66b6980c7cf14dc9bf0acf09e444
696e7400e648ffad4cde46b4d845f1ffad075da5
20663d00b9bdab8cb8721581f5aa8a2c2522d9de
3334330054fb4abaf144e818ec1199b7b4ffec47
34353900378490c3ba53a356327af1bbb2d2c8b0
313b69008803024e711baf3695402d3a13e0c905
6e7420006434f491ab51a923995a3daf56a65f5e
673d3800c5198ae1565cc5744d23ac492f6d2506
3231380000217a2c380bf9c9a6e122b1c01e90ea
373339003ef4f423f0d9c54ea5d8fbe4d8bf518c
3b70720073caad02c9cba60debf81f72c0ac23ad
696e7400d9ddb857a7608947aae60ed6d054c039
6628220061a3a81dcc20ce43903a18cea28b77db
2573250065285f647ed3e22a9233974ac24509a1
73257300678138427cc07ee072c987583db2fc5e
25732500d183d5303ed6bda0606eb5e4ccc1e7c8
73257300c5e9d7bfdb76b5fee122fe57bc8aa81a
25735c003675c4f732d95ae6a0d9bcc6769f94ca
6e222c0088503423d1f56148bbf2573a6e2e0518
26612c007c8d1d6b90d252fa7b2084bd8695a8f9
26622c00ec96a4edbdeb286484af38395a3fc928
26632c004a1db36cdef743283e6bc853b6995555
26642c00dd66db502138413e272deb2da78d4f57
26652c00bb1785b4e41444da4230b602f1860557
26662c00e739c24f55c0899b8eae2a948622c7d7
26672900f4b4843d0056571d293bec879cd1968f
3b7d20006750ebb44ffd784dc8afdd5b0f76816a

If you do everything with pens, then pretty quickly you will notice that 4 bytes are always zero, and to the left of it are some printed characters. We leave only them, we collect in one line.

We get the following line:

 int main(){int a=4609112;int b=4669772;int c=7693947;int d=7823214;int e=6845489;int f=3434591;int g=8218739;printf("%s%s%s%s%s%s%s\n",&a,&b,&c,&d,&e,&f,&g);} 

We run this code in C , as a result we get a flag. We verify the hash to make sure once again - yes, this is the desired flag.

Open the archive and immediately see the file names in the hex. File contents not available because password is required. Let's start twisting the names.

All names are the same length, except for a file with the extension 64F00000 (it is shorter). In general, extensions are strange, atypical. But it’s quite easy to notice that all files have different extension lengths, and it is from 1 to 7. The name with the longest extension is the shortest. It is logical to assume that you need to combine all the hex sequences according to the lengths of the file extensions.

We save the sequence of bytes separately, understanding that this is a 7z archive, since the first two bytes (0x37 0x7a - 7z).

The second archive is again password-protected, but this time we have short file names and small file contents. It’s good that the archive viewer shows file metadata, namely their checksums.

Despite the fact that crc is googling rather poorly, you could still check all the sequences and find that at the request of crc 90c1667d, there is still a prototype of “four”. Or just brute a three-byte sequence for the shortest files. Any of the methods led to the fact that the contents of the files were easily installed - these were the English numerals “one”, “two”, “three”, “four”, “five” and “six”. We have no options except to join file names in this order. We get VVNFIENSQzMy. We check as the password to the first archive - it fits.

Observer solvers, even before the password, could notice that crc32 from the archive files has a rather specific form, namely 0xC0DExxxx. There are no such matches in CTFs.

The files themselves are PNG images with text. Since at each step we considered crc32, it is worth continuing to do this. After checking the first text from the picture (for example, qnGyaQBc), it becomes clear that we are on the right track, because crc32 is 0xc0de0831. We consider crc from everything remaining and collect in one heap.

CRC from pictures:
0xc0de094e
0xc0de054e
0xc0de0d7d
0xc0de0343
0xc0de0b52
0xc0de0734
0xc0de0154

CRC from text:
0xc0de0831
0xc0de0430
0xc0de0c35
0xc0de027b
0xc0de0a33
0xc0de0654
0xc0de0058

We throw out the general part, we see that from the value of the first byte of the two runs from 0x00 to 0x0d. It looks like it's a serial number. We collect, we receive a flag. We check sha1 and additionally make sure that everything is correct.

Given a sequence of numbers. We simply take the characters with the indicated numbers from the card, numbering from scratch and skipping line breaks. It makes sense to script this action - it will be needed more than once.

Answer: awEs0me_sTart

A lot of numbers. The name of the file suggests that you need to find out the number of digits 5. We count the number of not only fives, but generally all digits from 0 to 7. We get the sequence: 135, 95, 61, 27, 58, 57, 85, 190. We put on the card, we get the answer.

Answer: b1g_sTEp

We see a picture with a polynomial. We substitute n from zero to 9, as we advise the file name, we get a sequence that, when superimposed on the card, gives an answer.

Answer: coOl2math!

Strange file name and strange content. If you google fdhvdu, then among the irrelevant results you can find an indication that this word caesar encoded by Caesar's cipher is a shift of 3 characters alphabetically. Having decoded the contents, we see Roman numbers. I think it’s clear what to do with a sequence of numbers.

Answer: dOinG_w3ll

The contents of the task literally say what needs to be done. Hash the file, we get 20 bytes, which can be interpreted as a sequence of numbers for the card.

Answer: exceLlenT_impECc4ble

We superimpose the text of the task on the text of the map, and “superimpose” it in the literal sense.

Answer: fa5t! One

In the text of the problem there are 840 zeros and ones. Since the theme is visual, we are trying to get some visual representation. If the text is divided into 5 lines of 168 characters each, you can see the sequence that leads to the answer.



Answer: go_fUrth6r

The file name tells us quite directly about dominoes. We try to connect the hex-knuckles and get two chains. One is circular and not interesting, the second can be considered as a sequence of numbers for a card. The result is either an answer or an answer in the reverse order.

Answer: heRoic_effOr7s

We are given sixteen hexadecimal numbers in which there are clearly many bit units. We translate the numbers with a calculator and again literally “impose” them. Bit zeros mark the desired characters. We read the symbols from top to bottom, from left to right.

Answer: ih8BiTs!

The file name again gives a hint. "B3s23" is the designation for the game life. We take some online simulator, enter the initial location, wait for five moves and read the number of living cells in the rows (what you need to do just that still tells the file name).

Answer: jUsT_9ood

In the text of the problem we see something like a two-dimensional Turing machine, which just needs to be done.

Answer: k1l0_Byte

The task explicitly provides the code for brainfuck, but if you run it on the emulator, the program displays a message that the task is not about brainfuck. Yes, you just need to calculate the number of characters in each line and apply to the map.

Answer: l1kEl1On!

Brainfuck again, but this time the conclusion agrees with us. The desired sequence for the card lies in the memory.

Answer: moRe_1nfO2me

And then brainfuck. We start and the program displays a message to us that there is no password. Nothing interesting in the memory either. Have to understand the code.

The code consists of three lines. The first sets some values, the second also, the third displays the state of the memory on the screen.

We remove the second line, run and get the sequence for the card.

Answer: nO_baRr13rs

The last task. Brainfuck code again. We see an indication that we need to calculate some function from some line of the map and code. We run the code that leaves a hint in memory that the function we are looking for is decode base64. We check the lines of the map for what will happen if they are decoded from base64. Suddenly, the KysrWz4rPis8PC1d string is decoded in +++ [> +> + << -]. Run the code with this add-on and see the instruction to poke all the characters in each of the lines of the map. The result will be the last password.

Answer: ofF1ci4l! SuCceSs