PicoCTF Writeup – Codebook

# Information:

CTF Name: PicoCTF

CTF Challenge: Codebook

Challenge Category: General Skills

Challenge Points: 100

Beginner picoMini 2022.

# Used Tools:

  • Python 3
  • Linux

# Challenge Description:

Run the Python script code.py in the same directory as codebook.txt. 

Download code.py

Download codebook.txt

Hints:

Hint 1
On the webshell, use ls to see if both files are in the directory you are in
Hint 2
The str_xor function does not need to be reverse engineered for this challenge.

# Writeup

This is a challenge to help learn how to run a python 3 script.

After reading the description I downloaded both files (code.py and codebook.txt). I used the wget command to download the files.

Once downloaded, I opened the .py file with one text editor (in this case I used vim):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import random
import sys



def str_xor(secret, key):
    #extend key to secret length
    new_key = key
    i = 0
    while len(new_key) < len(secret):
        new_key = new_key + key[i]
        i = (i + 1) % len(key)        
    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])


flag_enc = chr(0x13) + chr(0x01) + chr(0x17) + chr(0x07) + chr(0x2c) + chr(0x3a) + chr(0x2f) + chr(0x1a) + chr(0x0d) + chr(0x53) + chr(0x0c) + chr(0x47) + chr(0x0a) + chr(0x5f) + chr(0x5e) + chr(0x02) + chr(0x3e) + chr(0x5a) + chr(0x56) + chr(0x5d) + chr(0x45) + chr(0x5d) + chr(0x58) + chr(0x31) + chr(0x0d) + chr(0x58) + chr(0x0f) + chr(0x02) + chr(0x5a) + chr(0x10) + chr(0x0e) + chr(0x5d) + chr(0x13)



def print_flag():
  try:
    codebook = open('codebook.txt', 'r').read()
    
    password = codebook[4] + codebook[14] + codebook[13] + codebook[14] +\
               codebook[23]+ codebook[25] + codebook[16] + codebook[0]  +\
               codebook[25]
               
    flag = str_xor(flag_enc, password)
    print(flag)
  except FileNotFoundError:
    print('Couldn\'t find codebook.txt. Did you download that file into the same directory as this script?')



def main():
  print_flag()



if __name__ == "__main__":
  main()

This is the code in the code.py file. As you can see, what this does is, it performs a XOR between “known value” the flag_enc and a password. The password is a subset of the codebook.txt file. In fact, it is the characters in the positions, 4, 14, 13, 14, 23, 25, 16, 0 and 25.

To further discover what is the password (exactly) we can see the contents of codebook.txt by performing a simple cat, below is the out:

mregra on Cyber ~$ cat codebook.txt
azbycxdwevfugthsirjqkplomn

Below you have a mapping between :

Position 4 is: c, position 14 is h, position 13 is t … And so on.

Finally we get the following as the password:

chthonian

Now, that we better understand what the code.py script does, we are ready to get the flag! For that, we simply have to run the command:

mregra on Cyber ~$ python3 code.py

And the flag is:

Show flag
picoCTF{c0d3b00k_455157_d9aa2df2}

Thank you very much for reading!

Cheers,

MRegra


Leave a Reply

Your email address will not be published. Required fields are marked *