Tag: Python

HSCTF2020 Writeups

Posted on by sandrabino

Dis – Python Bytecode Challenge

The challenge was a python bytecode challenge where the approach I chose was to maually replicate the bytecode from the documentation of the dis module in python which took up a while. Im not sure if there’s a less time consuming approach but once that was done the reversing part was automated using Z3.

bytestring=b'\xae\xc0\xa1\xab\xef\x15\xd8\xca\x18\xc6\xab\x17\x93\xa8\x11\xd7\x18\x15\xd7\x17\xbd\x9a\xc0\xe9\x93\x11\xa7\x04\xa1\x1c\x1c\xed'
from z3 import *


def a(s):
    o = [0] * 32
    for i in range(32):
        o[i] = ((s[i]+s[i])-60)
    return o
def b(s,t):
    for x,y in zip(s,t):
        yield(x+y)-50
def c(s):
    return [x+5 for x in s]

def e(s):
    s = [ i for i in s ]
    o = [ (o^5)-30 for o in b(a(s),c(s)) ]
    return o

def main():
    sol=Solver()
    o=b'\xae\xc0\xa1\xab\xef\x15\xd8\xca\x18\xc6\xab\x17\x93\xa8\x11\xd7\x18\x15\xd7\x17\xbd\x9a\xc0\xe9\x93\x11\xa7\x04\xa1\x1c\x1c\xed'
    l=list(o)
    s = [ BitVec('s[%s]' % i, 8) for i in range(32) ]
    s = e(s)
    for i in range(len(l)):
        sol.add(s[i]==l[i])
    print(sol.check())
    print(sol.model())
main()

And the flag we get is :flag{5tr4ng3_d1s45s3mbly_1c0a88}

Emojis – Misc

This challenge was made using emojigram language which is an esolang made using Emojis. All that we need to do is repicate the code in python and generate the flag from it by reversing the code.

The replicated code looked like this.
But since there are conditional jumps and all that we are given is the output when the flag is given, we have no choice but to guess whether the jumps are taken or not inorder to obttain the desired input.
And to achieve the same we played around with a few of the instructions and put together the possibilities to get the Flag.


flag=[120, 66, 94, 114, 95, 69, 110, 125, 73, 78, 99, 52, 118]
flag[9]=flag[9]+flag[1]
flag[7]=flag[7]+flag[11]
flag[2]=47
flag[4]=flag[4]+flag[11]
flag[0]=flag[0]+flag[2]
flag[8]=flag[8]-8
flag[6]=flag[6]+flag[8]
flag[6]=flag[6]-flag[8]
flag[6]=flag[6]-flag[8]
flag[10]=flag[10]+8
flag[11]=flag[11]-1
flag[4]=flag[4]-flag[9]
flag[3]=flag[3]-2
flag[2]=flag[2]-4
flag[0]=flag[0]-flag[11]
flag[1]=flag[1]-flag[3]
flag[1]=flag[1]+flag[3]
flag[1]=flag[1]+flag[3]
flag[1]=flag[1]-flag[7]
flag[3]=flag[12]
flag[2]=flag[2]+8
flag[9]=flag[9]-flag[6]
flag[2]=flag[2]+flag[4]
#flag[1]==flag[5]
#False
flag[2]=flag[5]
#flag[1]==flag[12]
#False
#flag[11]=flag[11]+flag[0]
flag[12]=118

Solved!

Flag: flag{tr3v0r-pAck3p}

APLab:English

Another java Reversing Challenge. We are given a java file which is to be reversed.

Solution:

s="1dd3|y_3tttb5g\`q]^dhn3j"
def unxor(string):
    ret=''
    xorstr=[4,1,3,1,2,1,3,0,1,4,3,1,2,0,1,4,1,2,3,2,1,0,3]
    for i in range(len(string)):
        ret+=chr(ord(string[i])^xorstr[i])
    return ret




def untranspose(string):
    ret=[None]\*23
    transpose=[11,18,15,19,8,17,5,2,12,6,21,0,22,7,13,14,4,16,20,1,3,10,9]
    for i in range(len(transpose)):
        ret[transpose[i]]=string[i]
    return ''.join(ret)


for i in range(3):
    s=unxor(s)
    print(s)
    s=untranspose(s)
    print(s)

The Output looks like this:

5eg2~x\3upwc7gau\\gjo3i
cj3o\\pg~i35uaug\xe2gw7
gk0n^]sgm04watc]zf0fw4
40gf]sma^4wgtc0z]knf0w
01dg_rna_0tf}tb4{_hlg0t
flag{n0t_t00_b4d_r1ght}

And we finally Obtain the flag!