Nuit du Hack Quals 2015 - Bpythonastic - Forensic Challenge

Reading time ~1 minute

CTFing at Easter time was super challenging. Endless family commitments, using my iPhone to browse challenges while at the dinner table and thinking through how to attack them when I can finally get to a PC. Fortunately NDH seemed to go for long enough for me to at least try a few of the challenges, which I did!

I’ve decided to document Bpythonastic for the reason that it was worth 300 points and not everyone got it, surprising because it was a trivial challenge.

The challenge, like many at NDH2k15 was just a link to a file. Which when you download it is a 81Mb file that extracts a 1.4GB raw file:

root@mankrik:~/ndh/bpy# ls -lah  
total 1.5G  
drwxr-xr-x 2 root root 4.0K Apr 5 12:37 .  
drwxr-xr-x 15 root root 4.0K Apr 5 10:38 ..  
-rw-r--r-- 1 root root 81M Apr 3 03:10 Bpythonastic.tar.gz  
-rw-r--r-- 1 root root 1.4G Mar 20 03:32 chall.raw  

file reports it as a ELF file. It might be a memory dump I suppose.

root@mankrik:~/ndh/bpy# file chall.raw   
chall.raw: ELF 64-bit LSB core file x86-64, version 1 (SYSV)  

Let’s just use strings and look for a flag.

root@mankrik:~/ndh/bpy# strings chall.raw | grep -c flag  

Ok 2893 instances of the word flag, thats a few but we’re looking for something related to Python I guess from the name of the challenge so I’ll widen the context of the grep to show a little before and after and review them quickly.

Before long I spot this python code in the strings.

 >>> from chall import *  
 >>> flag=Challenge()  
 >>> flag=base64.b64encode(pickle.dumps(flag))  
 >>> print flag  

When I decode the base64 string I see this:


Ok so that looks right, the flag is hashed though and we need the raw value. So we need to find what is generating this hash.

We look a little further in the strings output and find this:"Yggdrasil"  
 import chall  

Which I conclude is probably the code that generates the above code, so the flag is probably “Yougotit”. I submitted it and it was correct.

So 300 points for using strings and grep. Nice.

niteCTF - CBC-Jail

A unique combination of Python jailbreak and crypto flaw that had me learning a lot about AES-CBC mode. Super fun for me to get this solu...… Continue reading

niteCTF - Rabin to the Rescue

Published on December 12, 2021

HTB CyberSanta 2021 - Crypto Writeups

Published on December 04, 2021