[SEETF'23] BabyRC4
SEETF'23: BabyRC4 This was one of the “easier” crypto challenge in SEETF, using the ARC4 (an implementation of RC4 cipher, a symmetric stream cipher).
The Challenge from Crypto.Cipher import ARC4 from os import urandom key = urandom(16) flag = b'SEE{?????????????????????????????????}'[::-1] def enc(ptxt): cipher = ARC4.new(key) return cipher.encrypt(ptxt) print(f"c0 = bytes.fromhex('{enc(flag).hex()}')") print(f"c1 = bytes.fromhex('{enc(b'a'*36).hex()}')") """ c0 = bytes.fromhex('b99665ef4329b168cc1d672dd51081b719e640286e1b0fb124403cb59ddb3cc74bda4fd85dfc') c1 = bytes.fromhex('a5c237b6102db668ce467579c702d5af4bec7e7d4c0831e3707438a6a3c818d019d555fc') """ Explanation Looking at the code, the challenge involves requiring to decrypt the flag value by reversing the encryption process. It gives two ciphertexts: c0 and c1. The objective was to decrypt the flag, represented as b'SEE{?????????????????????????????????}'[::-1].
[CDDC'23] Owner of the dog chew
CDDC'23: Owner of the dog chew This was a pretty interesting steganography challenge which required the analysis of strings and using binwalk.
The Challenge Found a piece of bone on the ground. Let's find the owner. The file given was the following image:
Looking into the image properties:
It was 655kB, which seemed a little too large for a file as small as this.
Solution The first thing I did was to look at the strings. Scrolling down to the end, I could see this:
[CDDC'23] Audio Steganography
CDDC'23: Audio Steganography This was a slightly more complex(more than usual for me) audio steganography challenge which required the use of least significant bits.
The Challenge Found a suspicious audio file. Seems like... something is hidden inside... Identify the character strings. Along with this was a file, problem.wav.
Analysis Usually, when tackling audio steganography challenges, I would use Audacity to view the spectrogram of the audio file. However, when taking a look at this (literally a) problem.wav, there didn’t seem to be anything I could get.
[CDDC'23] The Key
CDDC'23: The Key This was a JS reverse engineering challenge which required some sort of brute forcing/iterating.
The Challenge Discovered the files and character strings that Skynetwork was using! Find out what lies in it... The challenge included 3 files: encode.js, img.png, and index.html. Opening up index.html gave us this:
So we have an encoded flag
Encoded flag is 017d212b5b720b561301726e3a04060c5e3a0c5826660c5f3636780e5b14 and the source code:
/** * Convert charCode array to hex string * @param {array} target - A target text(charCode array) * @returns {string} - A hex string */ function CharCodeArrToHexString(target) { let result = ""; target.forEach(charCode => { result += ("00" + charCode.toString(0x10)).slice(-2); }); return result; } /** * Xor plain using key * @param {array} plain - A plain text(charCode array) * @param {array} key - A key text(charCode array) * @returns {array} - A encoded text(charCode array) */ function xor(plain, key) { let encoded = []; for (let i = 0; i < plain.length; i++) encoded.push(plain[i] ^ key[i % key.length]); return encoded; } /** * Generate random key * @param {int} keyLen - A length of key * @returns {string} - A key */ function generateKey(keyLen) { const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; let charsLen = chars.length; let key = ""; for (let i = 0; i < keyLen; i++) key += chars.charAt(Math.floor(Math.random() * charsLen)); return key; } /** * Convert string to charCode(int) array * @param {string} target - A string value * @returns {array} - A charCode array */ function stringToCharCodeArr(target) { let arr = []; for (let i = 0; i < target.length; i++) arr.push(target.charCodeAt(i)); return arr; } /** * Encode plain text * @param {string} plain - A plain text * @param {int} keylen - A length of key * @returns {string} - A encoded text */ function encode(plain, keyLen) { let key = generateKey(keyLen); let plainArr = stringToCharCodeArr(plain); let keyArr = stringToCharCodeArr(key); encodedArr = xor(plainArr, keyArr); return CharCodeArrToHexString(encodedArr); } window.onload = () => { const flag = /* "CDDC2023{...}" */ ""; let encodedFlag = /* encode(flag, 5) */ "017d212b5b720b561301726e3a04060c5e3a0c5826660c5f3636780e5b14"; let flagElem = document.getElementById("flag"); flagElem.innerText = "Encoded flag is " + encodedFlag; } Analysis Looking at the source code, these were the steps in encoding the flag:
[CDDC'23] Gallery
CDDC'23: Gallery This was a pretty simple web challenge which
The Challenge Humans are dumb and horrible, but cats are terribly CUTE!! - said an AI. Access Info: http://cddc2023-gallery.s3-website-ap-southeast-1.amazonaws.com/ Upon accessing the website, we are greeted by this landing page:
Clicking on the Go to next page button brings us to this page:
This is pretty odd, since it should be going to second.html before third.html, but there is a redirect straight to third.html.