PicoCTF Writeup – Codebook
# Information:
CTF Name: PicoCTF
CTF Challenge: Codebook
Challenge Category: General Skills
Challenge Points: 100
Beginner picoMini 2022.
# Used Tools:
- Python 3
- Linux
# Challenge Description:
Run the Python script code.py in the same directory as codebook.txt.
Hints:
# Writeup
This is a challenge to help learn how to run a python 3 script.
After reading the description I downloaded both files (code.py and codebook.txt). I used the wget command to download the files.
Once downloaded, I opened the .py file with one text editor (in this case I used vim):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import random
import sys
def str_xor(secret, key):
#extend key to secret length
new_key = key
i = 0
while len(new_key) < len(secret):
new_key = new_key + key[i]
i = (i + 1) % len(key)
return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
flag_enc = chr(0x13) + chr(0x01) + chr(0x17) + chr(0x07) + chr(0x2c) + chr(0x3a) + chr(0x2f) + chr(0x1a) + chr(0x0d) + chr(0x53) + chr(0x0c) + chr(0x47) + chr(0x0a) + chr(0x5f) + chr(0x5e) + chr(0x02) + chr(0x3e) + chr(0x5a) + chr(0x56) + chr(0x5d) + chr(0x45) + chr(0x5d) + chr(0x58) + chr(0x31) + chr(0x0d) + chr(0x58) + chr(0x0f) + chr(0x02) + chr(0x5a) + chr(0x10) + chr(0x0e) + chr(0x5d) + chr(0x13)
def print_flag():
try:
codebook = open('codebook.txt', 'r').read()
password = codebook[4] + codebook[14] + codebook[13] + codebook[14] +\
codebook[23]+ codebook[25] + codebook[16] + codebook[0] +\
codebook[25]
flag = str_xor(flag_enc, password)
print(flag)
except FileNotFoundError:
print('Couldn\'t find codebook.txt. Did you download that file into the same directory as this script?')
def main():
print_flag()
if __name__ == "__main__":
main()
This is the code in the code.py file. As you can see, what this does is, it performs a XOR between “known value” the flag_enc and a password. The password is a subset of the codebook.txt file. In fact, it is the characters in the positions, 4, 14, 13, 14, 23, 25, 16, 0 and 25.
To further discover what is the password (exactly) we can see the contents of codebook.txt by performing a simple cat, below is the out:
mregra on Cyber ~$ cat codebook.txt
azbycxdwevfugthsirjqkplomn
Below you have a mapping between :
Position 4 is: c, position 14 is h, position 13 is t … And so on.
Finally we get the following as the password:
chthonian
Now, that we better understand what the code.py script does, we are ready to get the flag! For that, we simply have to run the command:
mregra on Cyber ~$ python3 code.py
And the flag is:
Thank you very much for reading!
Cheers,
MRegra