Pactf 2018 Write Up

Keep in mind that this page is a work in progress.

Round 1 (Lovelace)

A Picture is a Thousand Words (solution and video)

Apparently there is something hidden in this image

Hint: You’re looking for text—how might you look at the text of the image?

Solution: Download. Right click -> properties. Then scroll down until you find the description, which will hold the flag properties for windows.

For a Video Explanation click here: https://youtu.be/-VUlda7GVbg

Straight from the Emperor (solution and video)

The Emperor says ny_nx_tsq3_zumnqq_kwtr_mjwj_687dc9c7cd–what could it possibly mean? I hear that he ‘encrypts’ numbers now too, something about appending them to the alphabet…

Hint: Some say he’s an emperor, I say he’s a salad.

Solution: The solution to this is to search up for a Caesar Cipher Decoder. I recommend Cryptii. After this you have to put numbers in the key, 0 to 9. If you set the shift to 31, you will get the flag: it_is_only_uphill_from_here_1328747278

For a Video Explanation click here: https://youtu.be/qgKCWr-yQtg

Caesar Cipher? (solution)

“Cowards die many times before their deaths; the valiant only taste of death but once.” (1007, 1008) Are you valiant enough to figure this out?

5:6 1139:4 1620:3 172:4

Hint: There’s a lot of text on the Internet and in print. What if you could send messages using all of that data? But you’d have to pick something pretty famous…

Solution: I started this puzzle completely distracted by the title, Caesar Cipher, a type of encryption where each letter of the alphabet is shifted any number of times. I tried doing an alphabet shift on the quote many times, but of course, no result was shown, just a bunch of mixed up numbers.

It took a bit of time, but I looked at the hint, focusing on the part where they mention that the answer is something pretty famous. Fortunately, I was recently learning about Shakespeare, a famous playwright, in my English class and realize the quote shown above was a famous line from one of Shakespeare’s plays, Julius Caesar (I guess that's where the title came from).

If you look closely at Shakespeare's plays the text is written in lines (I learned in English class that it was actually called iambic pentameter, but this is not English class so I won’t get into it). Immediately, my eye turned toward the series of ratios. I guessed that the first number in each ratio meant the line number of the play and the second was the place of the word that we need.

Indeed! I simply searched the web for a PDF version of Shakespeare’s play of Julius Caesar and looked up the line numbers and voila! We have the flag! [Cassius] Easy 20 points for me :)

Let Me In (solution and video)

You received this account.rar file, but it is ‘protected’ under a password. Can you break in?

Hint: Something tells me the user might not be using complex passwords…

Solution: In order to open this file, download WinZip, or Winrar. To solve this problem, the solution is using a process called a bruteforce decoder. A bruteforce decoder is a decoder that tests all possible solutions or outcome. In this case, to unlock the file, I searched the most common passwords and picked the first one (123456) and got it.

After opening the file a text file is displayed containing the flag. Keep in mind the flag changes for each user to prevent hackers from cheating so you're on your own for getting this flag.

For a Video Explanation click here: https://youtu.be/6xbfxcwAZ7g

Go Git It

The code samurai (also known by his pseudonym Nicholas) was making some final optimizations on his program when… he accidentally decapitated it.

Download the samurai’s repository: go git it.tar.bz2

Hint: Perhaps ‘chopping a branch off a tree’ would be the more precise analogy.

Who said It?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The Internet Research Agency (IRA) (Агентство интернет-исследований), also known as Glavset[2] and known in Russian Internet slang as the Trolls from Olgino or kremlebots, is a Russian company, based in Saint Petersburg, engaged in online influence operations on behalf of Russian business and political interests. The agency has employed fake accounts registered on major social networks, discussion boards, online newspaper sites, and video hosting services in order to promote the Kremlin's interests in domestic and foreign policy including Ukraine and the Middle East as well as attempting to influence the 2016 United States presidential election. More than 1,000 employees reportedly worked in a single building of the agency in 2015.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpwC3NwnaBW1k5jyITNA/bv0j4ekFAlqwTv0ACgkQTNA/bv0j
4elTZBAAwPnCem0Zq75MGYR2TFeIq4Sgc1jHIoL9sc/LQQDNvTcd58nZ0VO1P0hg
IPEuybypNM00hVADSfilP+B/CpuGmvzuuNdbi2Ikc7wKjiPl8+FO0Koa3PsXZpqS
y6dozKacdqR7y53A7j1vhC5jv7ZX94xeRad5PQ6PjLAKZc6JTshNhy69RRr7Sf/P
LlfA0JFDG6evEJ+BDKUuQeDcoLqT082eSdFLtN6XhF0aMOawlEBEgnIvPV8sdR0F
w8+FJntSivAKRxgSlqkaeAqLRJbCI2EKoimxUAIerQwzJMWPk3e36mizvqoshrE6
vuxZdEUxX4OUuQumbTe4tYkNbVCsqCFDbLrOLemSfVmazAIgfxoxgH5XYhhP2adz
cV+4v9U/6U6x9ebiiVdW/K7mbrkjro9Nv71+JfJNZuAHq97lufbRUuhIPudXT45s
hlvw8Yt7qn/SNfkr5qtfYLslhRW40F7bWHrzEdtCfzkh7H0sqzaqVDEogt/BcSC1
O8ZZLyaq3Vab6FfDch/2B7rmQihmFj59c5zj0Oy69cNW1mipQrrSV3i2jHc1U1GM
RRQiQzJ6GS3FVJ7L2hcBMUYfVyRWnfpCUS8kpW4TPOtIhFYJ/0gixd82g2P2MdNa
0kyphm0fZktbunW9IeNjsvQf6SNiMOJZ5V4OEjSzPJMa5HNbj38=
=Dn7K
-----END PGP SIGNATURE-----

Hint: Keys live on keyservers.

Bad Melody (solution and video)

Our musician friend Martin recently bought a melody pack containing different melodies recorded in MIDI format. He hoped to use them in his electronic music tracks and then pretend that he was the person who actually wrote them. He spent a solid hundred dollars, but the website selling sample packs fooled him! Instead of 10 wonderful melodies, he only received one MIDI file. It sounded awful, and Martin quickly noticed why!

Can you notice why?

See for yourself: melody.mid

Hint: How would you edit MIDI?

Solution: The solution to this one is quite simple, especially with the help of the hint. All we need is to download a software that can edit MIDI files. MIDI is an audio file and usually with anything related to audio, most hackers will choose Audacity, a recommended software that is super handy. (Audacity is a must need for any CTF competition so if you haven't already, make sure you download it) You can download Audacity at http://www.audacityteam.org/download/.

Once you import the music onto the program, there should be a small dropdown menu. Once you're there click the stenography option. Looking closely the audio waves spell out a sentence, in this case it says, "write your own music" and you got your flag!

For a video explanation: https://youtu.be/qgKCWr-yQtg

Open Sourcery 2018

The solution to this problem lies within the Chromium source code. Literally. There is some string in there that mentions a flag and PACTF…

Hint: This problem builds off of a similarly named problem in PACTF 2017.

Credit Card Leak (Solution)

ShoeShop was hacked, and all of their customer records were released online—including credit card numbers. One credit card in the leak is invalid, however. What is the invalid credit card number?

Here’s the leak: cc_leak.txt.bz2

Hint: The credit card numbers in the leak are obviously all invalid, but most would pass a certain credit card validity test. All credit card numbers except one, that is.

Solution: For this one we need to create a python program. The algorithm that the problem is talking about is the Luhn algorithm. This is the program I used.

#Luhn Python checksum for credit card validation
import sys

def luhn(n):
    sum = 0
    alt = 0
    i = len(n) - 1
    num = 0
    while i >= 0:
        num = int( n[ i ] )
        if alt:
            num = num * 2

            if num > 9:

                num = ( num % 10 ) + 1  

        sum = sum + num 
 
        alt = not alt 

        i -= 1
   
    return sum%10 == 0

if __name__ == "__main__":

#     if len(sys.argv) != 2:

#        print"Usage: python lyhn.py 121232232"

#        sys.exit()  



    f = open("cc_leak.txt", 'r') 
    for line in f.read().split():
        n = str(line)
        if luhn(n):
            
            print

        else:

            print (n, "INVALID") 

After you run the program you should get the flag, "8692015931457397"

Third Eye (solution and video)

Sometimes​‌‌‌​‌‌‌​‌‌​ there‌​​​​‌‌​​​​‌ is ​‌‌‌​‌​​​‌​‌‌‌more ‌‌​‌‌​​‌​‌​‌‌​‌‌​​​‌‌‌​​‌‌​‌‌​​‌​‌​‌​‌‌‌‌‌​‌‌​‌‌​​​‌‌‌​‌​‌​‌‌‌​​‌​​‌‌​‌​‌‌​‌‌‌​​‌‌​‌​‌‌‌‌‌​‌‌​​​‌than ​​‌‌​​‌​‌​‌‌​‌‌meets ‌​​‌‌​​‌​‌​‌‌​​​the ​‌​‌‌‌​‌​​​‌‌​‌​​​​‌​‌‌‌‌‌​‌‌‌eye​‌​​​‌‌​‌​​​​‌‌​​‌​‌​‌​‌‌‌‌‌​‌‌​​‌​‌​‌‌‌‌​​‌​‌‌​​‌​‌.

Hint: Maybe if you just squint harder…

Solution: For this one, you need to inspect the page (Ctrl+Shift+I). After a while of searching, you will find the description of third eye. A lot of "random text" will be in between the words which, if you search up you will find that it is called Unicode. Unicode is unprintable, which is why you can't see it without inspecting the page. If you open a Google Docs document, and drag and drop the Unicode into the doc, you can replace one letter of the Unicode, ‌ and ​ to 0's and 1's (binary, because there are only 2 variants of the code) and put it into a binary to text converter, we get the flag "what_else_lurks_beneath_the_eye".

For a video explanation: https://youtu.be/jOMoKZTjKak

Getting to Know GDB

A friend sent me a mysterious binary. It’s supposed to print out the flag, but it’s giving me a weird poem and some hex instead.

Hint: The flag is in there somewhere, but something gives me the feeling that searching the binary for strings wont help…

Security Through Obscurity (solution and video)

We intercepted this message, but we can’t make heads or tails of it. It was rattled off so fast, too… How could anyone be that good at using a cipher?

Anyway, here’s the message. Good luck!

Tązhii, Łį́į́ʼ, Dzeeh Mąʼii, Dibé yázhí, Wóláchííʼ, Tłʼízí Tin, Dibé Mósí, Łį́į́ʼ, Dzeeh, Dibé, Tązhii, Dzeeh, Gah, Neeshchʼííʼ, Dzeeh, Béésh dootłʼizh

Hint: This definitely doesn’t look like English. What else could it be? Perhaps looking through the history books might help…

Solution: This one, if you just search up the non-English text, you can see that it is Navajo Code. You can also find a Python program that can decrypt it on GitHub, and you can just copy and paste it. https://gist.github.com/TheZ3ro/572ef81c0f20bf9c4c435b32a62a7056 After that copy and paste the message in between quotation marks in text = "" Then run the program and then you will get the flag: "chesternez"

For a video explanation: https://youtu.be/kl3PsZ6ts58

Beats by Dr. K

Dr. K just released her new EP — download her track now!

Hint: Listen to each bit…Flag:

The Lottery, Part One: Spill Your heart Out!

I was playing this lottery. Which number is going to win next time? If only you could see into the future…

Hint: Brought to you by Oracle Corporation! Spill your heart out!

The Lottery, Part two: Untwisting Fate!

This time the lottery is harder than ever! Can you manage to untwist the cockles of fate itself? Can you see into the future?

They seem to have given me a lot more information. Perhaps it’ll help?

Hint: We may regard the present state of the universe as the effect of its past and the cause of its future. An intellect which at a certain moment would know all forces that set nature in motion, and all positions of all items of which nature is composed, if this intellect were also vast enough to submit these data to analysis, it would embrace in a single formula the movements of the greatest bodies of the universe and those of the tiniest atom; for such an intellect nothing would be uncertain and the future just like the past would be present before its eyes. — Pierre Simon Laplace, A Philosophical Essay on Probabilities

Siblings

One 4096-bit RSA key is impossible to break, so 20 must be even better! By chaining each encryption together, surely it’s impossible for you to figure out what the message is?

Everything you’ll need (except the private keys, you’re on your own for that!)

Hint: Numbers don’t have siblings, right? What could that mean?

Round 2 (Hopper)

Doppelgänger(solution)

My friend Miles texted me today with this phrase “МОРЕ РОЕТ АТОМ”. I first thought that he went insane and has schizophasia. Apparently, it makes sense! Even though it doesn’t. So, what do you think is digging?

Hint: Consider the case and UTF-8 values of the characters…Flag:

Solution: First open Google Translate. Then click on the option "Detect language" and copy and paste the sentence "MOPE POET ATOM". Then click on the translation and you get "Sea digs atom" so the flag is sea. The flag is sea because the problem asks "what do you think is digging?".

Redacted (solution)

ANDOVER, MA— Phillips Academy Capture the Flag releases an institution-wide memorandum on the security of PDF documents. For privacy, parts of the memo are redacted.

View the memo: SECURE REDACTED MEMORANDUM.

Hint: Redaction, huh?

Solution: For this one, my first thought was: what if I could just copy and paste what was under the blacked out text. And it worked. Highlight the text that is covered in black and paste it to a separate place and you will find the flag, "b3_car3ful_0r_y0ur_l3ak_m1ght_l3ak".

Am I Pwned? (solution)

I was talking on IRC with a guy who tricked me into giving him a hash of my password and then said he could hack me! He said I might be “pwned”! I know the hashing algorithm is MD5; that’s still secure, right?

… Oh, you want to know whether my password is secure or not?

It doesn’t have any uppercase letters or numbers or punctuation, but isn’t six characters still a lot? what he meant by that one. Would you be able to hack my password? Here’s the hash:

eca065fba51916821eb7274c786c67d9

Hint: The hacker told me that “MD5 is kinda rekt”. That sounds bad, right? I mean, how long would it take to brute force it…

Solution: As you can see from the hint "MD5 is kinda rekt" we can infer that the solution to this problem is something related to MD5 hash. This one you can use a simple MD5 hash decoder, which you can find online. The one I used was http://md5decrypt.net/en/, which got the flag, really fast. Just press "Decrypt" and you get the flag: "lmaoez"

It's In, If (solution)

My older brother sent me this photo, but I don’t know what to make of it.

Hint: What might big brother know?

Solution: You will find the flag in the metadata of the photo, but this time you can not directly find it in the windows properties. You can use a website like this one to find it. Insert the file and look at the XMP location and find the flag in the stitching software, which is big_brother_is_looking_at_your_photos

Letter to a Machine (solution)

You intercepted a letter.rar—but to read it, you have to prove that you are not a human. The password is NOT BAD + FACE.

Hint: I’m sure it’s just coincidence that BAD and FACE can be spelled with just the letters ABCDEF

Solution: From the hint, we can infer that the solution has something to do with Hex as ABCDEF are all part of HEX. After A little(LOT) searching I found this thing called a Bitwise function. It uses the NOT function, so we can use a calculator like this one, and press the NOT Operator at the bottom. Then Calculate and You should get -BAE. Then You can get HEX calculator and add -BAE with FACE You get EF20 which is the passcode to the text file. After you open the text file you get the flag, lIZORZaOkWrIuNB. A way to open the .rar file is WinZip. I found this calculator by this person who also makes write ups.

The Signal and the Noise (solution)

There’s a message in here somewhere! You’ll have to find it yourself.

Find the needle in the haystack!

Hint: There must be something that distinguishes the signal from the noise. How could you mark something in a plain text file? All you have are Unicode characters...

Solution: To solve this problem we need to create a python program that looks for the Unicode inside all of the text the problem gives us. First we copy and paste all the text with control A or on mac command A, and copy and paste it into a document. Then create your python program. My program looks like this.

For each for loop, it splits the file data into different parts. The first for loop splits the file into sentences then words and then letters. We want to split them into letters so we can find the individual Unicode easier to find the words for the flag. if you run the program you will get the flag, theflagisinplainsight.

A helpful source/writeup is this one.

Partial Encryption

You are a military commander. Some poor intern has tried encrypting their messages to you. They gave you this string: 4iyNz2zmshrlEbaoivr. Well now you’re going to have to spend all afternoon on this…

Hint: They also scribbled the string its?vIg at the bottom, and the ? just means I’m not sure what they wrote. Remember to include the underscore!

Truly Blue? (solution and video)

I love lots of things about my school, Phillips Academy Andover. But most of all, I love its school color: a soothing shade of blue. I couldn’t just tell you the hex code for the color; that wouldn’t be enough! I think a 128 x 128 PNG file is probably a better method of conveying its utter beauty. That’s not suspicious, right? Gaze upon its beauty! True blue!

Hint: Did you know there are 16,777,216 possible RGB colors, and only one of them is Andover blue? I wonder if you could even tell the difference between all of them…

Solution: Before I got the flag, I tried using an hex color decoder to see if that was the flag, but it didn't work. I also tried using a decoder that found out the RGB colors as the hint says so. I gave it a shot, but I didn't succeed. Luckily one of my teammates found this decoder, which helped me get the flag. This problem is easy with the right tools, like http://stylesuxx.github.io/steganography/. With this tool you have to go to the "Decode" tab first. Then you can just import the file in, and press "Decode" button. There will be a lot of random text, in some other language, and other unreadable characters. The screenshot below shows what it should look like. At the end of the readable text, it will give you the flag, "last bitsmatter" (colored in blue).

If you want to see a video version, Click here: https://youtu.be/M95EPBAx1SQ

Zip Zap Zop

My friend gave me this file, but I have no idea what to do with it?

Hint: I tried to make this file really, really small.

Solution:

Reversal 3 2 1

I received this file from my bananagrams partners! I think they’re just trying to distract me from the game. I need to finish this one quick, so I can get back to my game! Any help?

Hint: Who doesn’t like a good game of bananagrams?

Streaming Attack

A popular twitch.tv streamer who goes by BabblingBrook_PACTF streams her adventures trying to visit a waterfall in every country that has one. She doesn’t like attention, so she encrypts her messages to us so that people don’t know where she’s heading next. I managed to get a copy of the encryption program, and I also managed to get an encrypted version of the message TheCodeSamurai subscribed for 3 months! Thank you, TheCodeSamurai! sent to me by subscribing. Here’s the message (in hexadecimal):

C1D7B5D06DD88D0F894E592B0A5FDB93C4F151C04BC2540D8626E5B0017D604E33ABC51334662B8ED8CCADE9B039AE4FB5F363EA9EDD32D551C32A892B058CDE8B0B

Now, I want to decrypt the following message. Any way of helping me out?

F4E0A7F276D99A3A894F40060245A48AC4E056FC58F4451C9063E2B22C323D3137B0D8382F7C6ECB

Here’s the encryption program; you’ll need it.

Hint: BabblingBrook_PACTF is a nice person, but I don’t think she’s super good at cryptography. Any way you could exploit that fact?

Victor

Привет, меня зовут Рейно, иначе известный как Виктор. Пожалуйста, расшифруйте это секретное сообщение - у меня нет времени для этого. Я предоставляю вам ключ.

Note: the flag contains Cyrillic characters.

необходимая информация

Hint: Google Translate is your friend—but you might want to familiarize yourself with Russian Nihilism, too.

Wakanda problem is this?(solution)

You’ve arrived at Wakanda’s border. Only the flag will allow you to enter. This is all you have.

Hint: Use the bytes in the second image.

Solution: For this problem I will be using an apple machine as I am more comfortable with the terminal on it. So first we create a new folder to put the photo the problem gives us. We save the photo onto the file and go to the terminal. Then we can do ls to check if its there and use the command xxd photoname > newfilename(can be anything).xxd. Then we can open it with vi to use its find function to look for the initials PK. it must be capital or you won't get the right result. if the bytes near are 0304 then you have found the right PK. so if we count a byte which is 2 numbers starting from 0 we get 3 bytes Then then to the left you can see the hex numbers and put them into a hex to decimal converter. You get 30144 and and 3 bytes and we get 30147. then we can do the command dd skip=30147 bs=1 if=originalphotoname of=whateveruwant. Then we do ls to check if the new file we created is there. if so we repeat the xxd process and use vi to look for the flag. using vi's find option and searching for flag, we get the flag wankada4eva.

Library of Babel

Is this what passes through fiber optic cables? Must be…

Hint: It is much faster to extract frames from the video and write a script!

Solution: First we download a video to jpg converter like this one which i found by searching up video to jpg converter. Then we create a python program to scan all the qr codes to get the text. In one of the qr code scans is will show this:

=== YOUR ANSWER IS HERE ===
"eqvzb" w-3, s-5, v-25, p-248
22syz7u9dogitfxlezobhobeuno6pnec20n6bqfg22cqihe41hbbi8aut4t618oj4wee4to32mdfmmsykl76r002hfbsurum4rr6tprxi4yinrzlqee17y5sfw11k5ybxsie6icu2x6fx
vbq2wskzjtmng31ejzfikwj9ql0nxutriwr6p6vqzpdl1thkgt0o4is7znam9xub632v5mi39t8oae98kv5faatt11zitxmuka8qdrhbyw02i89fx9desufb6giwvgsvgrd18925zrgrq
ai31l92i6qplb9embayx8gmhqczl4gi9mb112plzs78w38hhbqmximi718hte6tw6b2m42xfwh3nnby2jemn0sz80hevqccfpyqd674swckdyaaptdp482x25uanhh5q8r0xqtokgwb8l
bn41vl4mhhfvoeippvnl1t3ojshstgwumk48q8l3m937sou6b1838u7pie8da6gh8d8q5e09vazbdpsbtwyu35we0vu1r9cxfsaeisivqa01nrols0xculnijghh4goztt2ymrt2h54hf
bg8o5w03ai9ghobywjxxd8erazpyjisdnrehi3xvh6yz6gnynrsgbzek9uv2poyrdld0quk3cxj1cf8z2a4jbzucqcivwvkoh9uaecnlgqpzwy6bmraynt9rl7mbpob449swf3nf3010o
0uvweo0ty0jqshf4xzvxtmuhq5uutoyijqrra4lehasyeokf0wrdhcysxj8xyt8uc6uywmya3i8ipx9g2dha1lax1l3vzorv99qkqugxixa17pi1xua3o7z5qehlvctz6cdgef2zwleaa
eyvlqn0m3hdczmgw26irn6bi0oy03k0it3hmekyxrrbmr73kokpitl1lpndke593dw5kdmp0ahjpcd191asr9ametpiks1a1rwnool8raisalbvwu0k04mjywmdwmcpn7m5nsrw505tgf
v9k2708uc6syeur2f9zgqp9z35c6eu55bh4leal9ow95dpy77dtu6wu9cybq58bhdkthl0m85ekoeh8xvckpa7l6uz5vgyl0nbt3ole1hc4l4wtplgddtkulbds7egyp8nk2tf26t6kg7
lunqwxm83b8m6mynhjdfxgnns8l3j2v2nku5z1auibmmc2x83013aqvor4teasklqkywhxdjjxrz2jbwwkqu6jed9gn83mxsg5ppzz9w0kschteeukmoic28wqq1pldsjlzmfptu3aod1
7o7gbeteenilm4pplg6yr0m0he7odgmq9pb17v9bekfllcbu8djj5e3e0uklethkcrmqr7q35avf1xpsvy5fod6ub2ra1awtoqbo26u2ydmkbotp4wuuwx3201so0gfhjs37bss341078
0rqbke58loyad0xlldz4eunjezj769hm9jn1f6ne1lmrokw4l36v6w2tyf8z5f2mp2vqbhtkspnfeukopw3q3mnpk4gxsekj3wv2gl85yhu37og2qhu027fz1c4xq3jvc2q8szqi2b3rw
dykfq50ii8nct0rh8apgpdin6w674khok0551tr6v1wrevoje3v823263in5atvkwn9gbcfjr3yy64ncyuo5q48rghc73uiak27e3od8ipzs2k2ojxl6a1exvdcyv3y2fu3j0wmnqbdxc
wrvysyz43a1lhzm6t4mzkeciqg4j81w3q9i7vch81nc6c663r20iwek4cd3dk2qyizivbk3yfcrcsyy17p30jmwp2u1ogjpbw6ckjrzd5z8qab61vjq98hwhiua5qb8kvkp1datpqoxxh
286k3mu6uhauv95nhajs5sf3j3f7xyvgz0d2omk4ro1umbqzjs5i4lyhns35sqm1u6sycfkeu2po70dgsoy5abl7csfvwjovz05pp338pnkx7dfvz952utwpiyxx261rolsm1eqc8mvmh
w3e2o6adxdwdnjn1vxorfgm65rx20ztnc80nwmfcgbql87bz805xvb4lfq3lsnguvw4a13jqroa6xjhvnnb514qp9jgeytmduc95t5eqbuu3yqtps6bhn0nhsr2qmbtrjf609yx2n5a8k
8hns6gox0tjq26wtn9arjsrige2is9e6v56fa62x3nynnnsbri6gbf3e2pituvua6i9z6kc4brf9f671e2zoa6t9f1ix1akwl5jp51tcadyswwot7g7125hct72h5hnctytcen6gc0qcs
gl31xpb5bs5qw59v9wzu7eba6sr3trwstiioj7og6y2h69x3vy502ei1gnjchmfhl65jd02mhdinzzv55rl2w8u1uxoiofzt89lbqre1pq8kwyo28cg6296llkfpmlaak16httutriqn9
bitfrh2p1vr6htuzjxiif4ss5m601kris67x04ni7g5eb6dpdiqmwb6yx0mtaj8pccww27bom5lwnxpuow6kg7e7wag7w0pfp50349pm9qdr550a9wc0dbfr2v3ezmrvbdwjvu7tu59i8
odas8i29rmimjj7h3ga5ox0d50n1vwaq06c5o5pm2emokprk3xi7x25af8nayygnwvynl3863vxo6w0qke1yywr2fk42xcecymirqzfxhl967hbw89v44pschg8bw0cod5fx0s7cmi3vi
hlelu0b0pmselqozqz2g23285gec4zqfq86b7ut3aqr8ofi1m1f2u193fxixirtco0hhstcla8rkhgcl04mpjfefyti9ka86scfpb74stomed4maim6b329d91x1oonkkbqm9kjd6xl57
v1zhesz3or8nofup3esvux980b3zwstulip20ug3hrh18pc3sgfnnjt65x697t1n22jef31s9rulfk9ad6qmd12ytyybxkikq98frkg434q4quvzvte9z6376hgt880zh0ly4gtopdc8j
g3c7w534oezei8ytlj8qfliccuv1h2profbor9rbn78tp3jw5ww4xzc2rq8hg14wkss2tlr6xve62u256ohwfv8xd6i9wwn3jztv7cit60m2ui0d2xnj7k5btza5upm81efq4ymwewuzv
ru6qsavg1w50n0joic98sejzdo3kieunrzxm9wku7i4011z21mgfydsc4h4vfhjf73tnv3obko3irds88mwyu5yr77qy1urkvnoet03nv6oso9s7gyn0fz0t9600niaa46cf9wmp7yaj8
4r8s1tp35im
=== YOUR ANSWER IS HERE ===

. Then search up library of babel and you will find this link. Then click Browse, and enter the hex which is inbetween the "Your answer is here" exept for "eqvzb" w-3, s-5, v-25, p-248". Enter wall 3 (w-3), shelf 5, volume 25 and got to page 248 and you will find the flag,

"averyunobviouskey"

AI

Our artificial intelligence engineer made a groundbreaking discovery, but left the company unexpectedly… all we have is the obfuscated source.txt

Hint: What language thinks 3 + ‘3’ == “33”?

Hash Master (solution and video)

Miles forgot his login for OPENWI:RE, so he asked Darcy to send a password reset. Instead, she gave him the hash of his password—and the custom hashing algorithm. Miles doesn’t have great password security, so you could probably brute force it… but maybe there’s a way to do this more efficiently?

Here is the hash of Miles’ password: 293366475

Here is the hashing algorithm:

def hash_it(string):
    q = 0
    z = 127
    for i in [int(byte) for byte in bytearray(string, "utf-8")]:
        q += i
        z *= i
    return (((q << 3)+1)*z) % (2**32 - 1)

Hint : Okay, OPENWI:RE isn’t part of this problem. But you should still subscribe! If you’re interested in what else the PACTF team has been working on individually, check out Miles’ personal site and Igor’s IcyBounce. Alex has been doing some cool things too.

Oh, by the way, Miles’ shift keys don’t work—and he’s not a big fan of numbers.

Solution: For this problem, we will be creating a brute force Python program. If you have not learned this language, I highly recommend that you do, as it can be very helpful when solving certain CTF problems. I like to use Python idle, and with it I created this program. You can find it at https://github.com/Videogamer7/Pactf_2018/blob/master/CTF.py. First, I created an array of all the letters we need, all lowercase, as the shift key is broken. Then we can copy and paste a hashing algorithm into the code. After, we can define a variable (which can be anything) which will be set to zero. Then we make a for loop for each letter of the password. Since we don't know, we will have to start with one letter all the way to 6 which is the amount of letters the flag is. We define another variable and have it equal our array name and our for loop variable. Then write an if statement to see if the variable you defined to hash_it(l6) (l6 is the variable name I gave to the array plus the for loop variable) equals the hash, and if so, print out what the letters are. The flag is 6 letters, all a's with 1 b, so aaaaab, aaaaba, aaabaa, aabaaa, abaaaa, baaaaa.

For a video version click here: https://youtu.be/xWTa1fhhMH4

Skywriting

If you’ve been having a tough time with these problems, frustration can cloud your judgment. To fix that, try jamming out to some music to help you find the silver lining. Here, I’ll even give you some to try:

External Google Drive Link

Hint: The bit of music you hear in that link up above is from a guy who goes by insaneintherainmusic on the Internet. He does cool jazzy covers of video game music, and he kindly let us use his cover of Gusty Garden Galaxy for this problem. Go check out more of his stuff if you like the little taste you get here!

Last updated