W4504 Capture the Flag IV

	Coming Soon
	This page will serve as a writeup for the problems from cybersecurity CTF 4

Cryptography[edit]

Base64[edit]

[25 Points] Vm0wd2QyUXlWa2hWV0doVVYwZG9jRlZ0TVc5V1JsbDNXa1JTVjFac2JETlhhMUpUVjBaS2RHVkVRbHBOTTBKSVZtcEdTMk15U2tWVWJHaG9UV3N3ZUZadGNFSmxSbVJJVm10a1dHSkdjRTlaYlRGdlZWWmtWMXBJY0d4U2JHdzBWa2MxVDFsV1NuUlZia0pYWVRGd2FGcFdXbUZqTVd0NllVWlNUbFpVVmtwV2JHUXdWakZrU0ZOcmJGSmhlbXhYV1d4b2IxWXhjRlpYYkhCc1VtMVNNRnBGV2s5VWJFcEhWMnBhVjJGcmEzaFdha3BIVWpGT2RWVnNXbWxTTW1oWFZtMTBWMU14VWtkVmJrNVlZbFZhV0ZsclpGTmxWbGw1WlVWT1YwMXJWak5aTUZwVFZqRmFWMk5HVG1GU1JWcEVWbGQ0UTFaVk1VVk5SREE5

Based on the challenge name and the given encoded message, we can assume that this message is encoded using base 64. We can decode this message from base 64 using an online tool. When we decode the given message we get another string that looks like base 64. We can decode this new encoded message as well. We will repeat this process several times until we decode this message:

YWhzQ1RGe0JAczNfNjR9

The result of decoding this is ahsCTF{B@s3_64}.

Decimal to Ascii[edit]

[50 Points] Convert this to ascii. 971041156784701231005199105109641089511648959711599105105125
Hint: You need to figure out where to put spaces in the string

This challenge seems to expect us to convert this decimal number into Ascii. The Ascii protocol gives each character a corresponding number that can be expressed in decimal. However, the decimal number we are given is too big to represent any individual character, so we can guess that this decimal number is multiple decimal representations of Ascii characters combined. The hint also tells us this. We don't need to manually separate the different Ascii codes, however. Online decimal to Ascii converters often have a feature to guess where the spaces are supposed to be, and they are reasonably accurate. When we put the given decimal number into a decimal to Ascii converter, we get ahsCTF{d3cim@l_t0_ascii}.

Forensics[edit]

JPG or not JPG[edit]

[75 Points]

The challenge also provides a file called download.jpg.

When we attempt to open download.jpg, it is unable to be displayed. This implies that the file is broken in some way. We can open this file up in a hex editor such as HxD to analyze the raw hex. When we look at the end of the file, we see some plaintext. The plaintext reads ahsCTF{123ddd_7sf3bq4f}.

Outer Space[edit]

[75 Points] Zero width space...

The challenge also provides a file called skinny_spaces.txt.

When we open up this file in a text editor, it seems to be blank. However, we can select some text, so the text file seems to only be composed of spaces:

 ​​    ​ ​​ ​    ​​​  ​​ ​    ​​ ​ ​ ​   ​   ​​  ​​​​ ​​ ​​​​ ​   ​​  ​​ ​​​  ​   ​​     ​ ​​​​​ ​​​ ​​​  ​​   ​ ​​  ​   ​​​ ​   ​​ ​    ​​​​​ ​

Let's open this file up in a program that has a find and replace feature, such as Visual Studio Code. We can select a single character by holding shift and clicking the right or left arrow keys. This allows us to find similar characters to the one selected. Notice that some of the spaces have no width (hence the name zero width space). After some analysis, it seems that there are two different types of spaces in this file, seemingly randomly placed. Since there are only two spaces, the flag is likely encoded using binary. Let's use our text editor's find and replace feature to replace the first type of space with a 0, and the second with a 1:

011000010110100001110011010000110101010001000110011110110111101000110011011100100011000001011111011101110011000101100100011101000110100001111101

Now let's plug this binary string into an online binary to ascii converter. Note that if you switched the spaces up (so 0s are 1s and vice versa) you will need to swap the bits. We get this result: ahsCTF{z3r0_w1dth}.

Reverse Engineering[edit]

Function Junction[edit]

[100 Points] I hope you like algebra...
Hint: Remember to format your flag with ahsCTF{flag_goes_here}

The challenge also provides a file called Main.java.

Let's take a look at Main.java:

import java.util.Scanner;

public class Main {
	public static void main(String[] args) {
		Scanner scanner = new Scanner(System.in);
		
		System.out.print("Input an integer: ");
		int input = scanner.nextInt();
		
		input = b(input);
		input = a(input);
		input = e(input);
		input = d(input);
		input = c(input);
		
		System.out.println(input);
		
		if(input == 16) System.out.println("Your input to the power of 7 is the flag!");
		else System.out.println("Incorrect input. Try again.");
	}
	
	public static int a(int num) {
		return num * 3;
	}
	
	public static int b(int num) {
		return num - 7;
	}
	
	public static int c(int num) {
		return num * num;
	}
	
	public static int d(int num) {
		return num + 1;
	}
	
	public static int e(int num) {
		return num % 57;
	}
}

This program seems to collect a numerical input, modify it with some functions, then check if the modified input equals 16. If the modified input is 16, then the original input to the power of 7 is the flag.

Let's run this program backward manually in order to find out what input may lead to a modified input of 16. Since c() is the last function called, we'll start by checking what input to that function would return 16. Function c() returns the input squared, so we want to solve: x^2 = 16. We find that x = 4. Now let's move back a function and see what input function d() needs to return 4. x + 1 = 4, so x = 3. Now to e(): x % 57 = 3, x = 3. Now to a(): 3x = 3, x = 1. Now to b(): x - 7 = 1, x = 8. This algebra proves that when we input 8, we get 16, and the program prints that "Your input to the power of 7 is the flag!". We can verify this by running the program and inputting 8. Let's compute 8^7 to get the flag: 2097152. Formatted, we get ahsCTF{2097152}.