TJCTF 2018: Python Reversing
Challenge details
| Event | Challenge | Category | Points | Solves |
|---|---|---|---|---|
| TJCTF 2018 | Python Reversing | Reverse Engineering | 40 | 221 solves |
Download: source.py - md5: 544000ae1981ca703e22201fdbfedf14
Description
Found this flag checking file and it is quite vulnerable
TL;DR
The script wasn’t really obfuscated. We had the output of the hashed flag and
had to recover the input.
The clear text was first randomized with the equivalent of the following code:
flag = [random.randint(1,5) * ord(x) for x in flag]
Then a xor was applied with the following key: ligma_sugma_sugondese_
Finally the result was printed in binary, letter could be 8 to 10 digits and were concatenated.
An efficient bruteforce / cryptanalysis gave us the flag.
Methology
Looking at the files
The first thing we did was opening the source code source.py - md5: 544000ae1981ca703e22201fdbfedf14.
import numpy as np
flag = 'redacted'
np.random.seed(12345)
arr = np.array([ord(c) for c in flag])
other = np.random.randint(1,5,(len(flag)))
arr = np.multiply(arr,other)
b = [x for x in arr]
lmao = [ord(x) for x in ''.join(['ligma_sugma_sugondese_'*5])]
c = [b[i]^lmao[i] for i,j in enumerate(b)]
print(''.join(bin(x)[2:].zfill(8) for x in c))
# original_output was 1001100001011110110100001100001010000011110101001100100011101111110100011111010101010000000110000011101101110000101111101010111011100101000011011010110010100001100010001010101001100001110110100110011101
By looking at the code we can see a little random, a xor and a convertion to binary. However by looking closely, the original_output size isn’t a multiple of 8, which mean there will be more bruteforce and cryptanalysis than expected.
Reversing
A code is better than a text so here is the commented reversed code
import numpy as np # Import numpy array library
flag = 'redacted' # Injection point
np.random.seed(12345) # Init random seed, no need to touch it
# String to list of ascii code: "abc" => [97,98,99]
arr = np.array([ord(c) for c in flag])
# Mask with integer in [1,5[ with the same size as flag
other = np.random.randint(1,5,(len(flag)))
# Array where ascii code is multiplied with the corresponding ranom int
arr = np.multiply(arr,other)
"""
Example here:
flag = redacted
arr = [114, 101, 100, 97, 99, 116, 101, 100]
other = [1, 1, 4, 1, 1, 1, 1, 2] # Could be anything else
# After multiply:
arr = [114, 101, 400, 97, 99, 116, 101, 200]
"""
# At this point we got our input with random multiplication up to 5 * the original value
b = [x for x in arr] # Convert from numpy array to python array
# String to list of ascii code: convert ligma... key to list of integer for the xor
lmao = [ord(x) for x in ''.join(['ligma_sugma_sugondese_'*5])]
# c = XOR(arr,lmao)
c = [b[i]^lmao[i] for i,j in enumerate(b)]
# Print output
# /!\ While testing, bin(x)[2:].zfill(8) can be up to 10 digits !
print(''.join(bin(x)[2:].zfill(8) for x in c))
# original_output was 1001100001011110110100001100001010000011110101001100100011101111110100011111010101010000000110000011101101110000101111101010111011100101000011011010110010100001100010001010101001100001110110100110011101
Bruteforcing
Due to random multiplication, our algorithm isn’t determinist, we have to choose between differents letter when there is multiple possibility. I chose to bruteforce char by char, starting with empty flag and full output, and removing expected output progresivly:
Step 1
flag = ""
original_output = "1001100001011110110100001100001010000011110101001100100011101111110100011111010101010000000110000011101101110000101111101010111011100101000011011010110010100001100010001010101001100001110110100110011101"
import string # import printable char
for l in string.printable: # for each printable char we test
for k in range(1,5): # Testing the differents multiplication from 1x to 4x
letter = (bin((ord(l)*k)^lmao[len(a)])[2:].zfill(8)) # xor and zfill
if outp.startswith(letter):
print(l+" => "+letter)
t => 100110000
z => 10011000
W => 100110000
= => 10011000
I chose t for tjctf. We remove the corresponding binary from the beginning of
the output, and append the letter to the flag
Step 2
flag = "t"
original_output = "1011110110100001100001010000011110101001100100011101111110100011111010101010000000110000011101101110000101111101010111011100101000011011010110010100001100010001010101001100001110110100110011101"
import string # import printable char
for l in string.printable: # for each printable char we test
for k in range(1,5): # Testing the differents multiplication from 1x to 4x
letter = (bin((ord(l)*k)^lmao[len(a)])[2:].zfill(8)) # xor and zfill
if outp.startswith(letter):
print(l+" => "+letter)
5 => 10111101
j => 10111101
I chose j for tjctf.
Step 6
flag = "tjctf"
original_output = "10101001100100011101111110100011111010101010000000110000011101101110000101111101010111011100101000011011010110010100001100010001010101001100001110110100110011101"
import string # import printable char
for l in string.printable: # for each printable char we test
for k in range(1,5): # Testing the differents multiplication from 1x to 4x
letter = (bin((ord(l)*k)^lmao[len(a)])[2:].zfill(8)) # xor and zfill
if outp.startswith(letter):
print(l+" => "+letter)
C => 101010011
R => 10101001
{ => 10101001
I chose { for tjctf{}.
…
Choosing between letters wasn’t too hard as we expected words such as “python”.
Last Step
flag = "tjctf{pYth0n_1s_tr1v14l"
original_output = "110011101"
import string # import printable char
for l in string.printable: # for each printable char we test
for k in range(1,5): # Testing the differents multiplication from 1x to 4x
letter = (bin((ord(l)*k)^lmao[len(a)])[2:].zfill(8)) # xor and zfill
if outp.startswith(letter):
print(l+" => "+letter)
} => 110011101
Flag !
Flag
tjctf{pYth0n_1s_tr1v14l}