AuPhishYellow

https://docs.google.com/presentation/d/1Gnudh_q_84jrmaEd363YfL_qdPLysaj5IzBCKDZpGEw/edit?usp=sharing

Here is the original program they give you: https://ctf.acm.illinois.edu/archive/refun

This challenge seemed much harder than it really was once I figured out how to actually approach this. The refun program basically takes a key file (just a text file), does some magic to it, and spits out a value to you and says you’re wrong (unless you’re right, then congrats!). One thing you’ll notice if you start playing with different keys, is that all of the outputs are valid base64 encodings, but not straight up encodings of the key you give. If you run “strings” on the refun program, you’ll notice near the bottom is a base64 value “lylifb58djw9RIDxjK9jLOuJet==“. The nice folks at Illinois were kind enough to tell us what our goal is!

If you play with the key some more, you’ll notice that changing one value in the key will only change one or two values in the output of refun. What this means is that the closer we get to the answer, the closer the key we have is to the actual key. So, I wrote a script that does exactly that:

http://pastebin.com/Riuqc033

What’s going on is that the function ‘getDist’ checks each byte of the program output against the bytes of the answer, and from that will try to optimize the key byte per byte. So the output is not perfect, but it’s close. Since base64 kind of adds up the ascii from characters, the smaller the difference in the base64 encoding the smaller the difference in the original text. The program should get stuck at this “keyybasfv4Shufflet&“. Now, if you play with this a little you can get closer. What I did is changed the second the ‘b’ to ‘B’ (not sure why the program didn’t do this since it’s better), the ‘f’ to ‘e’, and the ‘v’ to ‘6′. If you keep on playing with the values and such, the closest I think you’ll is this: “key:Base64Shuffled” (there was some weird stuff going on between editing the file with python and through nano, not sure what was up there). Anyways, I’ll the reader decide what the flag is from here.

Here is the script they give you: http://pastebin.com/3HmfYfXM

And here is the image they give you:

This was one of my favorite challenges. If you read through the script, there’s two things going on with the picture. Either, the R, G, or B value is greater than 250 and it’s replaced with the randomly selected R, G, or B value which is fixed (defined near the top), or the value is less than 250 and it’s assigned to a unique random value (which is why the picture looks so funky). The first order of business for this challenge is to figure out what fixed random values for R, G, and B they got. The way I approached this is to check each (x, y) position and see if there is some R, G, or B that fits the get_color(x, y, r) function. If we put all the counts of values of R, G, and B we find into an array, there should be one value for each which is much higher than the rest.

You can find the script I wrote for this purpose here: http://pastebin.com/5KScb9Kd

(It takes a little while to run, don’t worry if it’s slow).

If you run that, you should get R = 179, G = 83, and B = 156, which have counts much much higher than the rest. Great! All we have to do now is go through every pixel and see which ones fit the first criteria of replacing the color value with get_color(x, y, r) and which don’t. Now, if the original picture was really a QR code, any pixel that gets a color replaced with get_color(x, y, r) will have it happen to all the colors since white has an (r,g,b) of (255,255,255) and black has an (r,g,b) of (0,0,0). Thus, using that logic I just replaced all the pixels that had each color value match the criteria with (255,255,255), and the ones that don’t with (0,0,0).

That script that I wrote can be found here: http://pastebin.com/mu6pr0ay

The output of that script is “dec.png”, which looks like this:

Wow! It’s a QR code! From here I just straight up scanned it with a phone and got the flag, but I’m sure you could clean it up with gimp and scan it through a website.

This challenge is mostly a math problem with a bit of scripting skills required. It can be proven mathematically (unfortunately my proof was on a white board) that the best cobination of plots will have to include the best land per dollar plot. Thus, it is rather simple to use that plot and find the best second plot with it. The script I have written here does exactly in a slightly less direct way, but it finishes within a few seconds.

---------------------------------------------------------------------------------------------------------------------------------------------- f = open("state.txt", 'r') data = f.read()

rows = data.split('\n')

for i in range(len(rows)): rows[i] = rows[i].split(' \" ') largest = ["fill", 0] current = 1

while True: for j in range(len(rows)): temp = (int(rows[current][2])*int(rows[current][3]) + int(rows[j][2])*int(rows[j][3]))/(int(rows[current][1])+int(rows[j][1])) if temp > largest[1] and current != j: largest[0] = rows[current][0] + "; " + rows[j][0] largest[1] = temp tempcurrent = j print largest current = tempcurrent print largest ----------------------------------------------------------------------------------------------------------------------------------------------